- Timestamp:
- May 27, 2009, 9:08:03 AM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/docs/htmldocs/manpages/smb.conf.5.html
r226 r231 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 3.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf — The configuration file for the Samba suite</p></div><div class="refsect1" lang="en"><a name="id2516071"></a><h2>SYNOPSIS</h2><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf — The configuration file for the Samba suite</p></div><div class="refsect1" lang="en"><a name="id2522915"></a><h2>SYNOPSIS</h2><p> 2 2 The <code class="filename">smb.conf</code> file is a configuration file for the Samba suite. <code class="filename">smb.conf</code> contains runtime configuration information for the Samba programs. The 3 3 <code class="filename">smb.conf</code> file is designed to be configured and administered by the … … 27 27 which may be given as yes/no, 1/0 or true/false. Case is not significant in boolean values, but is preserved 28 28 in string values. Some items such as create masks are numeric. 29 </p></div><div class="refsect1" lang="en"><a name="id24 79232"></a><h2>SECTION DESCRIPTIONS</h2><p>29 </p></div><div class="refsect1" lang="en"><a name="id2483408"></a><h2>SECTION DESCRIPTIONS</h2><p> 30 30 Each section in the configuration file (except for the [global] section) describes a shared resource (known as 31 31 a “<span class="quote">share</span>”). The section name is the name of the shared resource and the parameters within the … … 56 56 </p><pre class="programlisting"> 57 57 <em class="parameter"><code>[foo]</code></em> 58 <a class="link" href="smb.conf.5.html#PATH" >path = /home/bar</a>59 <a class="link" href="smb.conf.5.html#READONLY" >read only = no</a>58 <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /home/bar</a> 59 <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only = no</a> 60 60 </pre><p> 61 61 </p><p> … … 65 65 </p><pre class="programlisting"> 66 66 <em class="parameter"><code>[aprinter]</code></em> 67 <a class="link" href="smb.conf.5.html#PATH" >path = /usr/spool/public</a>68 <a class="link" href="smb.conf.5.html#READONLY" >read only = yes</a>69 <a class="link" href="smb.conf.5.html#PRINTABLE" >printable = yes</a>70 <a class="link" href="smb.conf.5.html#GUESTOK" >guest ok = yes</a>67 <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /usr/spool/public</a> 68 <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only = yes</a> 69 <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable = yes</a> 70 <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> 71 71 </pre><p> 72 </p></div><div class="refsect1" lang="en"><a name="id24 78271"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" lang="en"><a name="id2478277"></a><h3>The [global] section</h3><p>72 </p></div><div class="refsect1" lang="en"><a name="id2481484"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" lang="en"><a name="id2481490"></a><h3>The [global] section</h3><p> 73 73 Parameters in this section apply to the server as a whole, or are defaults for sections that do not 74 74 specifically define certain items. See the notes under PARAMETERS for more information. … … 106 106 </p><pre class="programlisting"> 107 107 <em class="parameter"><code>[homes]</code></em> 108 <a class="link" href="smb.conf.5.html#READONLY" >read only = no</a>108 <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only = no</a> 109 109 </pre><p> 110 110 </p><p> … … 138 138 </p><pre class="programlisting"> 139 139 <em class="parameter"><code>[printers]</code></em> 140 <a class="link" href="smb.conf.5.html#PATH" >path = /usr/spool/public</a>141 <a class="link" href="smb.conf.5.html#GUESTOK" >guest ok = yes</a>142 <a class="link" href="smb.conf.5.html#PRINTABLE" >printable = yes</a>140 <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /usr/spool/public</a> 141 <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> 142 <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable = yes</a> 143 143 </pre><p> 144 144 </p><p> … … 161 161 <code class="literal">printcap name = lpstat</code> to automatically obtain a list of printers. See the 162 162 <code class="literal">printcap name</code> option for more details. 163 </p></div></div></div><div class="refsect1" lang="en"><a name="id24 78601"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete163 </p></div></div></div><div class="refsect1" lang="en"><a name="id2481804"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete 164 164 their own share definitions has been added. This capability is called <span class="emphasis"><em>usershares</em></span> and 165 165 is controlled by a set of parameters in the [global] section of the smb.conf. … … 179 179 180 180 </p><pre class="programlisting"> 181 <a class="link" href="smb.conf.5.html#USERSHAREPATH" >usershare path = /usr/local/samba/lib/usershares</a>182 <a class="link" href="smb.conf.5.html#USERSHAREMAXSHARES" >usershare max shares = 10</a> # (or the desired number of shares)181 <a class="link" href="smb.conf.5.html#USERSHAREPATH" target="_top">usershare path = /usr/local/samba/lib/usershares</a> 182 <a class="link" href="smb.conf.5.html#USERSHAREMAXSHARES" target="_top">usershare max shares = 10</a> # (or the desired number of shares) 183 183 </pre><p> 184 184 185 185 to the global 186 186 section of your <code class="filename">smb.conf</code>. Members of the group foo may then manipulate the user defined shares 187 using the following commands.</p><div class="variablelist"><dl><dt><span class="term">net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]</span></dt><dd><p>To create or modify (overwrite) a user defined share.</p></dd><dt><span class="term">net usershare delete sharename</span></dt><dd><p>To delete a user defined share.</p></dd><dt><span class="term">net usershare list wildcard-sharename</span></dt><dd><p>To list user defined shares.</p></dd><dt><span class="term">net usershare info wildcard-sharename</span></dt><dd><p>To print information about user defined shares.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2 525493"></a><h2>PARAMETERS</h2><p>Parameters define the specific attributes of sections.</p><p>187 using the following commands.</p><div class="variablelist"><dl><dt><span class="term">net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]</span></dt><dd><p>To create or modify (overwrite) a user defined share.</p></dd><dt><span class="term">net usershare delete sharename</span></dt><dd><p>To delete a user defined share.</p></dd><dt><span class="term">net usershare list wildcard-sharename</span></dt><dd><p>To list user defined shares.</p></dd><dt><span class="term">net usershare info wildcard-sharename</span></dt><dd><p>To print information about user defined shares.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2482031"></a><h2>PARAMETERS</h2><p>Parameters define the specific attributes of sections.</p><p> 188 188 Some parameters are specific to the [global] section (e.g., <span class="emphasis"><em>security</em></span>). Some parameters 189 189 are usable in all sections (e.g., <span class="emphasis"><em>create mask</em></span>). All others are permissible only in normal … … 197 197 find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred 198 198 synonym. 199 </p></div><div class="refsect1" lang="en"><a name="id25 25542"></a><h2>VARIABLE SUBSTITUTIONS</h2><p>199 </p></div><div class="refsect1" lang="en"><a name="id2532544"></a><h2>VARIABLE SUBSTITUTIONS</h2><p> 200 200 Many of the strings that are settable in the config file can take substitutions. For example the option 201 201 “<span class="quote">path = /tmp/%u</span>” is interpreted as “<span class="quote">path = /tmp/john</span>” if the user connected with the … … 259 259 controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem). 260 260 Default <span class="emphasis"><em>lower</em></span>. IMPORTANT NOTE: This option will be used to modify the case of 261 <span class="emphasis"><em>all</em></span> incoming client filenames, not just new filenames if the options <a class="link" href="smb.conf.5.html#CASESENSITIVE" >case sensitive = yes</a>, <a class="link" href="smb.conf.5.html#PRESERVECASE">preserve case = No</a>,262 <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" >short preserve case = No</a> are set. This change is needed as part of the261 <span class="emphasis"><em>all</em></span> incoming client filenames, not just new filenames if the options <a class="link" href="smb.conf.5.html#CASESENSITIVE" target="_top">case sensitive = yes</a>, <a class="link" href="smb.conf.5.html#PRESERVECASE" target="_top">preserve case = No</a>, 262 <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" target="_top">short preserve case = No</a> are set. This change is needed as part of the 263 263 optimisations for directories containing large numbers of files. 264 264 </p></dd><dt><span class="term">preserve case = yes/no</span></dt><dd><p> … … 306 306 If the service is a guest service, a connection is made as the username given in the <code class="literal">guest account 307 307 =</code> for the service, irrespective of the supplied password. 308 </p></li></ol></div></div><div class="refsect1" lang="en"><a name="id25 26284"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>308 </p></li></ol></div></div><div class="refsect1" lang="en"><a name="id2533244"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p> 309 309 Starting with Samba version 3.2.0, the capability to 310 310 store Samba configuration in the registry is available. … … 324 324 in two different ways:</p><p>Firstly, a registry only configuration is triggered 325 325 by setting 326 <a class="link" href="smb.conf.5.html#CONFIGBACKEND" >config backend = registry</a>326 <a class="link" href="smb.conf.5.html#CONFIGBACKEND" target="_top">config backend = registry</a> 327 327 in the [global] section of <span class="emphasis"><em>smb.conf</em></span>. 328 328 This resets everything that has been read from config files … … 332 332 configuration.</p><p>Secondly, a mixed configuration can be activated 333 333 by a special new meaning of the parameter 334 <a class="link" href="smb.conf.5.html#INCLUDE" >include = registry</a>334 <a class="link" href="smb.conf.5.html#INCLUDE" target="_top">include = registry</a> 335 335 in the [global] section of <span class="emphasis"><em>smb.conf</em></span>. 336 336 This reads the global options from registry with the same … … 361 361 accessing the database file, circumventing the 362 362 server. 363 </p></div><div class="refsect1" lang="en"><a name="id25 26478"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section" lang="en"><div class="titlepage"></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2526490"></a>363 </p></div><div class="refsect1" lang="en"><a name="id2533419"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section" lang="en"><div class="titlepage"></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533430"></a> 364 364 365 365 abort shutdown script (G) 366 </h3></div></div></div><a class="indexterm" name="id25 26491"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that367 should stop a shutdown procedure issued by the <a class="link" href="smb.conf.5.html#SHUTDOWNSCRIPT" >shutdown script</a>.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,366 </h3></div></div></div><a class="indexterm" name="id2533431"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that 367 should stop a shutdown procedure issued by the <a class="link" href="smb.conf.5.html#SHUTDOWNSCRIPT" target="_top">shutdown script</a>.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>, 368 368 right, this command will be run as user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">""</code> 369 369 </em></span> 370 370 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">/sbin/shutdown -c</code> 371 371 </em></span> 372 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 26579"></a>372 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533509"></a> 373 373 374 374 acl check permissions (S) 375 </h3></div></div></div><a class="indexterm" name="id25 26580"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"375 </h3></div></div></div><a class="indexterm" name="id2533510"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete" 376 376 from a Windows client. If a Windows client doesn't have permissions to delete a file then they 377 377 expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by … … 393 393 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code> 394 394 </em></span> 395 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id24 78126"></a>396 397 acl compatibility ( S)398 </h3></div></div></div><a class="indexterm" name="id24 78127"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should395 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2481367"></a> 396 397 acl compatibility (G) 398 </h3></div></div></div><a class="indexterm" name="id2481368"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should 399 399 be compatible with. Possible values are <span class="emphasis"><em>winnt</em></span> for Windows NT 4, 400 400 <span class="emphasis"><em>win2k</em></span> for Windows 2000 and above and <span class="emphasis"><em>auto</em></span>. … … 405 405 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>acl compatibility</code></em> = <code class="literal">win2k</code> 406 406 </em></span> 407 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id24 78204"></a>407 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2481444"></a> 408 408 409 409 acl group control (S) 410 </h3></div></div></div><a class="indexterm" name="id24 78205"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>410 </h3></div></div></div><a class="indexterm" name="id2481445"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p> 411 411 In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions 412 412 and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the … … 424 424 control the permissions on a file or directory they have group ownership on. 425 425 </p><p> 426 This parameter is best used with the <a class="link" href="smb.conf.5.html#INHERITOWNER" >inherit owner</a> option and also426 This parameter is best used with the <a class="link" href="smb.conf.5.html#INHERITOWNER" target="_top">inherit owner</a> option and also 427 427 on on a share containing directories with the UNIX <span class="emphasis"><em>setgid bit</em></span> set 428 428 on them, which causes new files and directories created within it to inherit the group … … 435 435 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl group control</code></em> = <code class="literal">no</code> 436 436 </em></span> 437 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 26981"></a>437 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533900"></a> 438 438 439 439 acl map full control (S) 440 </h3></div></div></div><a class="indexterm" name="id25 26982"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>440 </h3></div></div></div><a class="indexterm" name="id2533901"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p> 441 441 This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum 442 442 allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX … … 446 446 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl map full control</code></em> = <code class="literal">True</code> 447 447 </em></span> 448 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 27038"></a>448 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533951"></a> 449 449 450 450 add group script (G) 451 </h3></div></div></div><a class="indexterm" name="id25 27039"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>451 </h3></div></div></div><a class="indexterm" name="id2533952"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 452 452 This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a new group is requested. It 453 453 will expand any <em class="parameter"><code>%g</code></em> to the group name passed. This script is only useful … … 459 459 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add group script</code></em> = <code class="literal">/usr/sbin/groupadd %g</code> 460 460 </em></span> 461 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 27119"></a>461 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534026"></a> 462 462 463 463 add machine script (G) 464 </h3></div></div></div><a class="indexterm" name="id25 27120"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>464 </h3></div></div></div><a class="indexterm" name="id2534027"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 465 465 This is the full pathname to a script that will be run by 466 466 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a machine is 467 467 added to Samba's domain and a Unix account matching the machine's name appended with a "$" does not 468 468 already exist. 469 </p><p>This option is very similar to the <a class="link" href="smb.conf.5.html#ADDUSERSCRIPT" >add user script</a>, and likewise uses the %u469 </p><p>This option is very similar to the <a class="link" href="smb.conf.5.html#ADDUSERSCRIPT" target="_top">add user script</a>, and likewise uses the %u 470 470 substitution for the account name. Do not use the %m 471 471 substitution. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = <code class="literal"></code> … … 473 473 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = <code class="literal">/usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u</code> 474 474 </em></span> 475 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 27207"></a>475 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534105"></a> 476 476 477 477 add port command (G) 478 </h3></div></div></div><a class="indexterm" name="id25 27208"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports478 </h3></div></div></div><a class="indexterm" name="id2534106"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports 479 479 remotely using the Windows "Add Standard TCP/IP Port Wizard". 480 480 This option defines an external program to be executed when … … 485 485 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal">/etc/samba/scripts/addport.sh</code> 486 486 </em></span> 487 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 27296"></a>487 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534188"></a> 488 488 489 489 addprinter command (G) 490 </h3></div></div></div><a class="indexterm" name="id25 27297"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing490 </h3></div></div></div><a class="indexterm" name="id2534189"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing 491 491 support for Windows NT/2000 clients in Samba 2.2, The MS Add 492 492 Printer Wizard (APW) icon is now also available in the … … 519 519 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>addprinter command</code></em> = <code class="literal">/usr/bin/addprinter</code> 520 520 </em></span> 521 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 27501"></a>521 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534376"></a> 522 522 523 523 add share command (G) 524 </h3></div></div></div><a class="indexterm" name="id25 27502"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>524 </h3></div></div></div><a class="indexterm" name="id2534378"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 525 525 Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server 526 526 Manager. The <em class="parameter"><code>add share command</code></em> is used to define an external program 527 or script which will add a new service definition to <code class="filename">smb.conf</code>. In order 528 to successfully execute the <em class="parameter"><code>add share command</code></em>, <code class="literal">smbd</code> requires that the administrator be connected using a root account (i.e. uid == 0). 529 </p><p> 530 If the connected account has <code class="literal">SeDiskOperatorPrivilege</code>, scripts defined in 531 <em class="parameter"><code>change share</code></em> parameter are executed as root. 532 </p><p> 527 or script which will add a new service definition to 528 <code class="filename">smb.conf</code>. 529 </p><p> 530 In order to successfully execute the 531 <em class="parameter"><code>add share command</code></em>, 532 <code class="literal">smbd</code> requires that the administrator 533 connects using a root account (i.e. uid == 0) or has the 534 <code class="literal">SeDiskOperatorPrivilege</code>. 535 Scripts defined in the <em class="parameter"><code>add share command</code></em> 536 parameter are executed as root. 537 </p><p> 533 538 When executed, <code class="literal">smbd</code> will automatically invoke the 534 539 <em class="parameter"><code>add share command</code></em> with five parameters. … … 544 549 share. 545 550 </p></li></ul></div><p> 546 This parameter is only used for add file shares. To add printer shares, see the <a class="link" href="smb.conf.5.html#ADDPRINTERCOMMAND">addprinter command</a>.551 This parameter is only used to add file shares. To add printer shares, see the <a class="link" href="smb.conf.5.html#ADDPRINTERCOMMAND" target="_top">addprinter command</a>. 547 552 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add share command</code></em> = <code class="literal"></code> 548 553 </em></span> 549 554 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add share command</code></em> = <code class="literal">/usr/local/bin/addshare</code> 550 555 </em></span> 551 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 27706"></a>556 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534562"></a> 552 557 553 558 add user script (G) 554 </h3></div></div></div><a class="indexterm" name="id25 27707"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>559 </h3></div></div></div><a class="indexterm" name="id2534563"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 555 560 This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by 556 561 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> … … 564 569 </p><p> 565 570 In order to use this option, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> must <span class="emphasis"><em>NOT</em></span> be set to 566 <a class="link" href="smb.conf.5.html#SECURITY" >security = share</a> and <a class="link" href="smb.conf.5.html#ADDUSERSCRIPT">add user script</a>571 <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = share</a> and <a class="link" href="smb.conf.5.html#ADDUSERSCRIPT" target="_top">add user script</a> 567 572 must be set to a full pathname for a script that will create a UNIX user given one argument of 568 573 <em class="parameter"><code>%u</code></em>, which expands into the UNIX user name to create. 569 574 </p><p> 570 575 When the Windows user attempts to access the Samba server, at login (session setup in 571 the SMB protocol) time, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> contacts the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" >password server</a>576 the SMB protocol) time, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> contacts the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> 572 577 and attempts to authenticate the given user with the given password. If the authentication 573 578 succeeds then <code class="literal">smbd</code> attempts to find a UNIX user in the UNIX 574 579 password database to map the Windows user into. If this lookup fails, and 575 <a class="link" href="smb.conf.5.html#ADDUSERSCRIPT" >add user script</a> is set then <code class="literal">smbd</code> will580 <a class="link" href="smb.conf.5.html#ADDUSERSCRIPT" target="_top">add user script</a> is set then <code class="literal">smbd</code> will 576 581 call the specified script <span class="emphasis"><em>AS ROOT</em></span>, expanding any 577 582 <em class="parameter"><code>%u</code></em> argument to be the user name to create. … … 581 586 match existing Windows NT accounts. 582 587 </p><p> 583 See also <a class="link" href="smb.conf.5.html#SECURITY" >security</a>, <a class="link" href="smb.conf.5.html#PASSWORDSERVER">password server</a>,584 <a class="link" href="smb.conf.5.html#DELETEUSERSCRIPT" >delete user script</a>.588 See also <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a>, <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a>, 589 <a class="link" href="smb.conf.5.html#DELETEUSERSCRIPT" target="_top">delete user script</a>. 585 590 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = <code class="literal"></code> 586 591 </em></span> 587 592 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = <code class="literal">/usr/local/samba/bin/add_user %u</code> 588 593 </em></span> 589 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 27950"></a>594 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534773"></a> 590 595 591 596 add user to group script (G) 592 </h3></div></div></div><a class="indexterm" name="id25 27951"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>597 </h3></div></div></div><a class="indexterm" name="id2534774"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 593 598 Full path to the script that will be called when a user is added to a group using the Windows NT domain administration 594 599 tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> … … 602 607 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user to group script</code></em> = <code class="literal">/usr/sbin/adduser %u %g</code> 603 608 </em></span> 604 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28044"></a>609 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534860"></a> 605 610 606 611 administrative share (S) 607 </h3></div></div></div><a class="indexterm" name="id25 28045"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for612 </h3></div></div></div><a class="indexterm" name="id2534861"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for 608 613 a share, then the share will be an administrative share. The Administrative 609 614 Shares are the default network shares created by all Windows NT-based 610 615 operating systems. These are shares like C$, D$ or ADMIN$. The type of these 611 shares is STYPE_DISKTREE_HIDDEN.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" >security</a> for more616 shares is STYPE_DISKTREE_HIDDEN.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more 612 617 information about this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>administrative share</code></em> = <code class="literal">no</code> 613 618 </em></span> 614 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28111"></a>619 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534919"></a> 615 620 616 621 admin users (S) 617 </h3></div></div></div><a class="indexterm" name="id25 28112"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted622 </h3></div></div></div><a class="indexterm" name="id2534920"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted 618 623 administrative privileges on the share. This means that they 619 624 will do all file operations as the super-user (root).</p><p>You should use this option very carefully, as any user in 620 625 this list will be able to do anything they like on the share, 621 irrespective of file permissions.</p><p>This parameter will not work with the <a class="link" href="smb.conf.5.html#SECURITY" >security = share</a> in626 irrespective of file permissions.</p><p>This parameter will not work with the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = share</a> in 622 627 Samba 3.0. This is by design.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = <code class="literal"></code> 623 628 </em></span> 624 629 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = <code class="literal">jason</code> 625 630 </em></span> 626 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28190"></a>631 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534991"></a> 627 632 628 633 afs share (S) 629 </h3></div></div></div><a class="indexterm" name="id25 28192"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled634 </h3></div></div></div><a class="indexterm" name="id2534992"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled 630 635 for this share. If enabled, it assumes that the directory exported via 631 636 the <em class="parameter"><code>path</code></em> parameter is a local AFS import. The … … 634 639 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>afs share</code></em> = <code class="literal">no</code> 635 640 </em></span> 636 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28241"></a>641 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535038"></a> 637 642 638 643 afs username map (G) 639 </h3></div></div></div><a class="indexterm" name="id25 28242"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might644 </h3></div></div></div><a class="indexterm" name="id2535039"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might 640 645 want to hand-craft the usernames you are creating tokens for. 641 646 For example this is necessary if you have users from several domain … … 647 652 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>afs username map</code></em> = <code class="literal">%u@afs.samba.org</code> 648 653 </em></span> 649 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28309"></a>654 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535101"></a> 650 655 651 656 aio read size (S) 652 </h3></div></div></div><a class="indexterm" name="id25 28310"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this657 </h3></div></div></div><a class="indexterm" name="id2535102"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this 653 658 integer parameter is set to non-zero value, 654 659 Samba will read from file asynchronously when size of request is bigger 655 660 than this value. Note that it happens only for non-chained and non-chaining 656 661 reads and when not using write cache.</p><p>Current implementation of asynchronous I/O in Samba 3.0 does support 657 only up to 10 outstanding asynchronous requests, read and write combined.</p><p>Related command: <a class="link" href="smb.conf.5.html#WRITECACHESIZE" >write cache size</a></p><p>Related command: <a class="link" href="smb.conf.5.html#AIOWRITESIZE">aio write size</a></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>aio read size</code></em> = <code class="literal">0</code>662 only up to 10 outstanding asynchronous requests, read and write combined.</p><p>Related command: <a class="link" href="smb.conf.5.html#WRITECACHESIZE" target="_top">write cache size</a></p><p>Related command: <a class="link" href="smb.conf.5.html#AIOWRITESIZE" target="_top">aio write size</a></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>aio read size</code></em> = <code class="literal">0</code> 658 663 </em></span> 659 664 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>aio read size</code></em> = <code class="literal">16384 … … 661 666 request size</code> 662 667 </em></span> 663 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28408"></a>668 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535187"></a> 664 669 665 670 aio write size (S) 666 </h3></div></div></div><a class="indexterm" name="id25 28410"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this671 </h3></div></div></div><a class="indexterm" name="id2535188"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this 667 672 integer parameter is set to non-zero value, 668 673 Samba will write to file asynchronously when size of request is bigger 669 674 than this value. Note that it happens only for non-chained and non-chaining 670 675 reads and when not using write cache.</p><p>Current implementation of asynchronous I/O in Samba 3.0 does support 671 only up to 10 outstanding asynchronous requests, read and write combined.</p><p>Related command: <a class="link" href="smb.conf.5.html#WRITECACHESIZE" >write cache size</a></p><p>Related command: <a class="link" href="smb.conf.5.html#AIOREADSIZE">aio read size</a></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>aio write size</code></em> = <code class="literal">0</code>676 only up to 10 outstanding asynchronous requests, read and write combined.</p><p>Related command: <a class="link" href="smb.conf.5.html#WRITECACHESIZE" target="_top">write cache size</a></p><p>Related command: <a class="link" href="smb.conf.5.html#AIOREADSIZE" target="_top">aio read size</a></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>aio write size</code></em> = <code class="literal">0</code> 672 677 </em></span> 673 678 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>aio write size</code></em> = <code class="literal">16384 … … 675 680 request size</code> 676 681 </em></span> 677 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28506"></a>682 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535273"></a> 678 683 679 684 algorithmic rid base (G) 680 </h3></div></div></div><a class="indexterm" name="id25 28507"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its685 </h3></div></div></div><a class="indexterm" name="id2535274"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its 681 686 algorithmic mapping from uids/gid to the RIDs needed to construct 682 687 NT Security Identifiers. … … 693 698 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>algorithmic rid base</code></em> = <code class="literal">100000</code> 694 699 </em></span> 695 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28583"></a>700 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535344"></a> 696 701 697 702 allocation roundup size (S) 698 </h3></div></div></div><a class="indexterm" name="id25 28584"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the703 </h3></div></div></div><a class="indexterm" name="id2535345"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the 699 704 allocation size reported to Windows clients. The default 700 705 size of 1Mb generally results in improved Windows client … … 708 713 # (to disable roundups)</code> 709 714 </em></span> 710 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28654"></a>715 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535408"></a> 711 716 712 717 allow trusted domains (G) 713 </h3></div></div></div><a class="indexterm" name="id25 28655"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>714 This option only takes effect when the <a class="link" href="smb.conf.5.html#SECURITY" >security</a> option is set to718 </h3></div></div></div><a class="indexterm" name="id2535410"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p> 719 This option only takes effect when the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> option is set to 715 720 <code class="constant">server</code>, <code class="constant">domain</code> or <code class="constant">ads</code>. 716 721 If it is set to no, then attempts to connect to a resource from … … 726 731 can make implementing a security boundary difficult.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow trusted domains</code></em> = <code class="literal">yes</code> 727 732 </em></span> 728 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28732"></a>733 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535481"></a> 729 734 730 735 announce as (G) 731 </h3></div></div></div><a class="indexterm" name="id25 28733"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse736 </h3></div></div></div><a class="indexterm" name="id2535482"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse 732 737 list. By default this is set to Windows NT. The valid options 733 738 are : "NT Server" (which can also be written as "NT"), … … 741 746 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce as</code></em> = <code class="literal">Win95</code> 742 747 </em></span> 743 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28807"></a>748 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535550"></a> 744 749 745 750 announce version (G) 746 </h3></div></div></div><a class="indexterm" name="id25 28808"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers751 </h3></div></div></div><a class="indexterm" name="id2535551"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers 747 752 that nmbd will use when announcing itself as a server. The default 748 753 is 4.9. Do not change this parameter unless you have a specific … … 751 756 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">2.0</code> 752 757 </em></span> 753 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28869"></a>758 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535606"></a> 754 759 755 760 auth methods (G) 756 </h3></div></div></div><a class="indexterm" name="id25 28870"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>761 </h3></div></div></div><a class="indexterm" name="id2535608"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p> 757 762 This option allows the administrator to chose what authentication methods <code class="literal">smbd</code> 758 will use when authenticating a user. This option defaults to sensible values based on <a class="link" href="smb.conf.5.html#SECURITY" >security</a>.763 will use when authenticating a user. This option defaults to sensible values based on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a>. 759 764 This should be considered a developer option and used only in rare circumstances. In the majority (if not all) 760 765 of production servers, the default setting should be adequate. … … 775 780 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>auth methods</code></em> = <code class="literal">guest sam winbind</code> 776 781 </em></span> 777 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 28985"></a>782 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535712"></a> 778 783 779 784 available (S) 780 </h3></div></div></div><a class="indexterm" name="id25 28986"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If785 </h3></div></div></div><a class="indexterm" name="id2535713"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If 781 786 <em class="parameter"><code>available = no</code></em>, then <span class="emphasis"><em>ALL</em></span> 782 787 attempts to connect to the service will fail. Such failures are 783 788 logged.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>available</code></em> = <code class="literal">yes</code> 784 789 </em></span> 785 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29037"></a>790 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535760"></a> 786 791 787 792 bind interfaces only (G) 788 </h3></div></div></div><a class="indexterm" name="id25 29038"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin793 </h3></div></div></div><a class="indexterm" name="id2535761"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin 789 794 to limit what interfaces on a machine will serve SMB requests. It 790 795 affects file service <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p> 791 796 For name service it causes <code class="literal">nmbd</code> to bind to ports 137 and 138 on the 792 interfaces listed in the <a class="link" href="smb.conf.5.html#INTERFACES" >interfaces</a> parameter. <code class="literal">nmbd</code>797 interfaces listed in the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a> parameter. <code class="literal">nmbd</code> 793 798 also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of 794 799 reading broadcast messages. If this option is not set then <code class="literal">nmbd</code> will 795 service name requests on all of these sockets. If <a class="link" href="smb.conf.5.html#BINDINTERFACESONLY" >bind interfaces only</a> is set then800 service name requests on all of these sockets. If <a class="link" href="smb.conf.5.html#BINDINTERFACESONLY" target="_top">bind interfaces only</a> is set then 796 801 <code class="literal">nmbd</code> will check the source address of any packets coming in on the 797 802 broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the 798 <a class="link" href="smb.conf.5.html#INTERFACES" >interfaces</a> parameter list. As unicast packets are received on the other sockets it803 <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a> parameter list. As unicast packets are received on the other sockets it 799 804 allows <code class="literal">nmbd</code> to refuse to serve names to machines that send packets that 800 arrive through any interfaces not listed in the <a class="link" href="smb.conf.5.html#INTERFACES" >interfaces</a> list. IP Source address805 arrive through any interfaces not listed in the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a> list. IP Source address 801 806 spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for 802 807 <code class="literal">nmbd</code>. 803 808 </p><p> 804 For file service it causes <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to bind only to the interface list given in the <a class="link" href="smb.conf.5.html#INTERFACES" >interfaces</a> parameter. This restricts the networks that <code class="literal">smbd</code> will809 For file service it causes <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to bind only to the interface list given in the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a> parameter. This restricts the networks that <code class="literal">smbd</code> will 805 810 serve, to packets coming in on those interfaces. Note that you should not use this parameter for machines that 806 811 are serving PPP or other intermittent or non-broadcast network interfaces as it will not cope with 807 812 non-permanent interfaces. 808 813 </p><p> 809 If <a class="link" href="smb.conf.5.html#BINDINTERFACESONLY" >bind interfaces only</a> is set and the network address810 <span class="emphasis"><em>127.0.0.1</em></span> is not added to the <a class="link" href="smb.conf.5.html#INTERFACES" >interfaces</a> parameter list814 If <a class="link" href="smb.conf.5.html#BINDINTERFACESONLY" target="_top">bind interfaces only</a> is set and the network address 815 <span class="emphasis"><em>127.0.0.1</em></span> is not added to the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a> parameter list 811 816 <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> and 812 817 <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a> may not work as … … 815 820 To change a users SMB password, the <code class="literal">smbpasswd</code> by default connects to the 816 821 <span class="emphasis"><em>localhost - 127.0.0.1</em></span> address as an SMB client to issue the password change request. If 817 <a class="link" href="smb.conf.5.html#BINDINTERFACESONLY" >bind interfaces only</a> is set then unless the network address818 <span class="emphasis"><em>127.0.0.1</em></span> is added to the <a class="link" href="smb.conf.5.html#INTERFACES" >interfaces</a> parameter list then <code class="literal"> smbpasswd</code> will fail to connect in it's default mode. <code class="literal">smbpasswd</code> can be forced to use the primary IP interface of the local host by using822 <a class="link" href="smb.conf.5.html#BINDINTERFACESONLY" target="_top">bind interfaces only</a> is set then unless the network address 823 <span class="emphasis"><em>127.0.0.1</em></span> is added to the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a> parameter list then <code class="literal"> smbpasswd</code> will fail to connect in it's default mode. <code class="literal">smbpasswd</code> can be forced to use the primary IP interface of the local host by using 819 824 its <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> <em class="parameter"><code>-r <em class="replaceable"><code>remote machine</code></em></code></em> parameter, with <em class="replaceable"><code>remote 820 825 machine</code></em> set to the IP name of the primary interface of the local host. … … 827 832 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>bind interfaces only</code></em> = <code class="literal">no</code> 828 833 </em></span> 829 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29415"></a>834 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536087"></a> 830 835 831 836 blocking locks (S) 832 </h3></div></div></div><a class="indexterm" name="id25 29416"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior837 </h3></div></div></div><a class="indexterm" name="id2536088"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior 833 838 of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when given a request by a client 834 839 to obtain a byte range lock on a region of an open file, and the … … 841 846 cannot be obtained.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>blocking locks</code></em> = <code class="literal">yes</code> 842 847 </em></span> 843 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29483"></a>848 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536151"></a> 844 849 845 850 block size (S) 846 </h3></div></div></div><a class="indexterm" name="id25 29484"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free851 </h3></div></div></div><a class="indexterm" name="id2536152"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free 847 852 sizes. By default, this reports a disk block size of 1024 bytes. 848 853 </p><p>Changing this parameter may have some effect on the … … 858 863 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>block size</code></em> = <code class="literal">4096</code> 859 864 </em></span> 860 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29566"></a>865 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536229"></a> 861 866 862 867 <a name="BROWSABLE"></a>browsable 863 </h3></div></div></div><a class="indexterm" name="id25 29567"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2529597"></a>868 </h3></div></div></div><a class="indexterm" name="id2536230"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536256"></a> 864 869 865 870 browseable (S) 866 </h3></div></div></div><a class="indexterm" name="id25 29598"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in871 </h3></div></div></div><a class="indexterm" name="id2536257"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in 867 872 the list of available shares in a net view and in the browse list.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browseable</code></em> = <code class="literal">yes</code> 868 873 </em></span> 869 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29639"></a>874 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536295"></a> 870 875 871 876 browse list (G) 872 </h3></div></div></div><a class="indexterm" name="id25 29640"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to877 </h3></div></div></div><a class="indexterm" name="id2536296"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to 873 878 a client doing a <code class="literal">NetServerEnum</code> call. Normally 874 879 set to <code class="constant">yes</code>. You should never need to change 875 880 this.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browse list</code></em> = <code class="literal">yes</code> 876 881 </em></span> 877 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29700"></a>882 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536349"></a> 878 883 879 884 <a name="CASESIGNAMES"></a>casesignames 880 </h3></div></div></div><a class="indexterm" name="id25 29701"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2529731"></a>885 </h3></div></div></div><a class="indexterm" name="id2536350"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536376"></a> 881 886 882 887 case sensitive (S) 883 </h3></div></div></div><a class="indexterm" name="id25 29732"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>884 </em></span> 885 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29785"></a>888 </h3></div></div></div><a class="indexterm" name="id2536377"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code> 889 </em></span> 890 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536423"></a> 886 891 887 892 change notify (S) 888 </h3></div></div></div><a class="indexterm" name="id25 29786"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply893 </h3></div></div></div><a class="indexterm" name="id2536424"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply 889 894 to a client's file change notify requests. 890 895 </p><p>You should never need to change this parameter</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>change notify</code></em> = <code class="literal">yes</code> 891 896 </em></span> 892 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 29831"></a>897 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536466"></a> 893 898 894 899 change share command (G) 895 </h3></div></div></div><a class="indexterm" name="id25 29832"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>900 </h3></div></div></div><a class="indexterm" name="id2536467"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 896 901 Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server 897 902 Manager. The <em class="parameter"><code>change share command</code></em> is used to define an external 898 program or script which will modify an existing service definition in <code class="filename">smb.conf</code>. In order to successfully execute the <em class="parameter"><code>change 899 share command</code></em>, <code class="literal">smbd</code> requires that the administrator be 900 connected using a root account (i.e. uid == 0). 901 </p><p> 902 If the connected account has <code class="literal">SeDiskOperatorPrivilege</code>, scripts defined in 903 <em class="parameter"><code>change share</code></em> parameter are executed as root. 903 program or script which will modify an existing service definition in <code class="filename">smb.conf</code>. 904 </p><p> 905 In order to successfully execute the 906 <em class="parameter"><code>change share command</code></em>, 907 <code class="literal">smbd</code> requires that the administrator 908 connects using a root account (i.e. uid == 0) or has the 909 <code class="literal">SeDiskOperatorPrivilege</code>. 910 Scripts defined in the <em class="parameter"><code>change share command</code></em> 911 parameter are executed as root. 904 912 </p><p> 905 913 When executed, <code class="literal">smbd</code> will automatically invoke the … … 918 926 share. 919 927 </p></li></ul></div><p> 920 This parameter is only used modify existing file shares definitions. To modify 921 printer shares, use the "Printers..." folder as seen when browsing the Samba host. 928 This parameter is only used to modify existing file share definitions. 929 To modify printer shares, use the "Printers..." folder as seen 930 when browsing the Samba host. 922 931 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>change share command</code></em> = <code class="literal"></code> 923 932 </em></span> 924 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>change share command</code></em> = <code class="literal">/usr/local/bin/ addshare</code>925 </em></span> 926 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0027"></a>933 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>change share command</code></em> = <code class="literal">/usr/local/bin/changeshare</code> 934 </em></span> 935 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536644"></a> 927 936 928 937 check password script (G) 929 </h3></div></div></div><a class="indexterm" name="id253 0028"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password938 </h3></div></div></div><a class="indexterm" name="id2536645"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password 930 939 complexity. The password is sent to the program's standard input.</p><p>The program must return 0 on a good password, or any other value 931 940 if the password is bad. … … 936 945 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>check password script</code></em> = <code class="literal">check password script = /usr/local/sbin/crackcheck</code> 937 946 </em></span> 938 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0107"></a>947 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536718"></a> 939 948 940 949 client lanman auth (G) 941 </h3></div></div></div><a class="indexterm" name="id253 0108"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client950 </h3></div></div></div><a class="indexterm" name="id2536719"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client 942 951 tools will attempt to authenticate itself to servers using the 943 952 weaker LANMAN password hash. If disabled, only server which support NT … … 950 959 attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code> 951 960 </em></span> 952 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0189"></a>961 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536794"></a> 953 962 954 963 client ldap sasl wrapping (G) 955 </h3></div></div></div><a class="indexterm" name="id253 0190"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>956 The <a class="link" href="smb.conf.5.html#CLIENTLDAPSASLWRAPPING" >client ldap sasl wrapping</a> defines whether964 </h3></div></div></div><a class="indexterm" name="id2536795"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p> 965 The <a class="link" href="smb.conf.5.html#CLIENTLDAPSASLWRAPPING" target="_top">client ldap sasl wrapping</a> defines whether 957 966 ldap traffic will be signed or signed and encrypted (sealed). 958 967 Possible values are <span class="emphasis"><em>plain</em></span>, <span class="emphasis"><em>sign</em></span> … … 981 990 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ldap sasl wrapping</code></em> = <code class="literal">plain</code> 982 991 </em></span> 983 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0319"></a>992 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536910"></a> 984 993 985 994 client ntlmv2 auth (G) 986 </h3></div></div></div><a class="indexterm" name="id253 0320"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to995 </h3></div></div></div><a class="indexterm" name="id2536911"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to 987 996 authenticate itself to servers using the NTLMv2 encrypted password 988 997 response.</p><p>If enabled, only an NTLMv2 and LMv2 response (both much more … … 996 1005 responses, and not the weaker LM or NTLM.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ntlmv2 auth</code></em> = <code class="literal">no</code> 997 1006 </em></span> 998 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0413"></a>1007 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536997"></a> 999 1008 1000 1009 client plaintext auth (G) 1001 </h3></div></div></div><a class="indexterm" name="id253 0414"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext1010 </h3></div></div></div><a class="indexterm" name="id2536998"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext 1002 1011 password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code> 1003 1012 </em></span> 1004 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0456"></a>1013 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537037"></a> 1005 1014 1006 1015 client schannel (G) 1007 </h3></div></div></div><a class="indexterm" name="id253 0457"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>1016 </h3></div></div></div><a class="indexterm" name="id2537038"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 1008 1017 This controls whether the client offers or even demands the use of the netlogon schannel. 1009 <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" >client schannel = no</a> does not offer the schannel,1010 <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" >client schannel = auto</a> offers the schannel but does not1011 enforce it, and <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" >client schannel = yes</a> denies access1018 <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = no</a> does not offer the schannel, 1019 <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = auto</a> offers the schannel but does not 1020 enforce it, and <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = yes</a> denies access 1012 1021 if the server is not able to speak netlogon schannel. 1013 1022 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = <code class="literal">auto</code> … … 1015 1024 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = <code class="literal">yes</code> 1016 1025 </em></span> 1017 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0554"></a>1026 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537121"></a> 1018 1027 1019 1028 client signing (G) 1020 </h3></div></div></div><a class="indexterm" name="id253 0555"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client offers or requires1029 </h3></div></div></div><a class="indexterm" name="id2537122"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client offers or requires 1021 1030 the server it talks to to use SMB signing. Possible values 1022 1031 are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span> … … 1027 1036 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code> 1028 1037 </em></span> 1029 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0615"></a>1038 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537176"></a> 1030 1039 1031 1040 client use spnego (G) 1032 </h3></div></div></div><a class="indexterm" name="id253 0616"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try1041 </h3></div></div></div><a class="indexterm" name="id2537177"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try 1033 1042 to use Simple and Protected NEGOciation (as specified by rfc2478) with 1034 1043 supporting servers (including WindowsXP, Windows2000 and Samba … … 1036 1045 mechanism. This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code> 1037 1046 </em></span> 1038 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0661"></a>1047 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537218"></a> 1039 1048 1040 1049 cluster addresses (G) 1041 </h3></div></div></div><a class="indexterm" name="id253 0662"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses1050 </h3></div></div></div><a class="indexterm" name="id2537219"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses 1042 1051 nmbd will register with a WINS server. These addresses are not 1043 1052 necessarily present on all nodes simultaneously, but they will … … 1048 1057 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code> 1049 1058 </em></span> 1050 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0723"></a>1059 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537274"></a> 1051 1060 1052 1061 clustering (G) 1053 </h3></div></div></div><a class="indexterm" name="id253 0724"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact1062 </h3></div></div></div><a class="indexterm" name="id2537275"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact 1054 1063 ctdb for accessing its tdb files and use ctdb as a backend 1055 1064 for its messaging backend. … … 1058 1067 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>clustering</code></em> = <code class="literal">no</code> 1059 1068 </em></span> 1060 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0777"></a>1069 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537322"></a> 1061 1070 1062 1071 comment (S) 1063 </h3></div></div></div><a class="indexterm" name="id253 0778"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share1072 </h3></div></div></div><a class="indexterm" name="id2537324"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share 1064 1073 when a client does a queries the server, either via the network 1065 1074 neighborhood or via <code class="literal">net view</code> to list what shares 1066 1075 are available.</p><p>If you want to set the string that is displayed next to the 1067 machine name then see the <a class="link" href="smb.conf.5.html#SERVERSTRING" >server string</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">1076 machine name then see the <a class="link" href="smb.conf.5.html#SERVERSTRING" target="_top">server string</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal"> 1068 1077 # No comment</code> 1069 1078 </em></span> 1070 1079 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">Fred's Files</code> 1071 1080 </em></span> 1072 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0860"></a>1081 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537397"></a> 1073 1082 1074 1083 config backend (G) 1075 </h3></div></div></div><a class="indexterm" name="id253 0861"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>1084 </h3></div></div></div><a class="indexterm" name="id2537398"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p> 1076 1085 This controls the backend for storing the configuration. 1077 1086 Possible values are <span class="emphasis"><em>file</em></span> (the default) 1078 1087 and <span class="emphasis"><em>registry</em></span>. 1079 When <a class="link" href="smb.conf.5.html#CONFIGBACKEND" >config backend = registry</a>1088 When <a class="link" href="smb.conf.5.html#CONFIGBACKEND" target="_top">config backend = registry</a> 1080 1089 is encountered while loading <span class="emphasis"><em>smb.conf</em></span>, 1081 1090 the configuration read so far is dropped and the global … … 1091 1100 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config backend</code></em> = <code class="literal">registry</code> 1092 1101 </em></span> 1093 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 0960"></a>1102 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537486"></a> 1094 1103 1095 1104 config file (G) 1096 </h3></div></div></div><a class="indexterm" name="id253 0961"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file1105 </h3></div></div></div><a class="indexterm" name="id2537487"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file 1097 1106 to use, instead of the default (usually <code class="filename">smb.conf</code>). 1098 1107 There is a chicken and egg problem here as this option is set … … 1104 1113 clients).</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config file</code></em> = <code class="literal">/usr/local/samba/lib/smb.conf.%m</code> 1105 1114 </em></span> 1106 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1030"></a>1115 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537552"></a> 1107 1116 1108 1117 copy (S) 1109 </h3></div></div></div><a class="indexterm" name="id253 1031"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service1118 </h3></div></div></div><a class="indexterm" name="id2537553"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service 1110 1119 entries. The specified service is simply duplicated under the 1111 1120 current service's name. Any parameters specified in the current … … 1117 1126 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>copy</code></em> = <code class="literal">otherservice</code> 1118 1127 </em></span> 1119 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1097"></a>1128 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537614"></a> 1120 1129 1121 1130 <a name="CREATEMODE"></a>create mode 1122 </h3></div></div></div><a class="indexterm" name="id253 1098"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2531129"></a>1131 </h3></div></div></div><a class="indexterm" name="id2537615"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537641"></a> 1123 1132 1124 1133 create mask (S) 1125 </h3></div></div></div><a class="indexterm" name="id253 1130"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>1134 </h3></div></div></div><a class="indexterm" name="id2537642"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p> 1126 1135 When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to 1127 1136 UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may … … 1133 1142 </p><p> 1134 1143 Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the 1135 <a class="link" href="smb.conf.5.html#FORCECREATEMODE" >force create mode</a> parameter which is set to 000 by default.1136 </p><p> 1137 This parameter does not affect directory masks. See the parameter <a class="link" href="smb.conf.5.html#DIRECTORYMASK" >directory mask</a>1144 <a class="link" href="smb.conf.5.html#FORCECREATEMODE" target="_top">force create mode</a> parameter which is set to 000 by default. 1145 </p><p> 1146 This parameter does not affect directory masks. See the parameter <a class="link" href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a> 1138 1147 for details. 1139 1148 </p><p> 1140 1149 Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the 1141 administrator wishes to enforce a mask on access control lists also, they need to set the <a class="link" href="smb.conf.5.html#SECURITYMASK" >security mask</a>.1150 administrator wishes to enforce a mask on access control lists also, they need to set the <a class="link" href="smb.conf.5.html#SECURITYMASK" target="_top">security mask</a>. 1142 1151 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0744</code> 1143 1152 </em></span> 1144 1153 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0775</code> 1145 1154 </em></span> 1146 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1266"></a>1155 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537762"></a> 1147 1156 1148 1157 csc policy (S) 1149 </h3></div></div></div><a class="indexterm" name="id253 1268"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>1158 </h3></div></div></div><a class="indexterm" name="id2537763"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p> 1150 1159 This stands for <span class="emphasis"><em>client-side caching policy</em></span>, and specifies how clients capable of offline 1151 1160 caching will cache the files in the share. The valid values are: manual, documents, programs, disable. … … 1154 1163 </p><p> 1155 1164 For example, shares containing roaming profiles can have offline caching disabled using 1156 <a class="link" href="smb.conf.5.html#CSCPOLICY" >csc policy = disable</a>.1165 <a class="link" href="smb.conf.5.html#CSCPOLICY" target="_top">csc policy = disable</a>. 1157 1166 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>csc policy</code></em> = <code class="literal">manual</code> 1158 1167 </em></span> 1159 1168 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>csc policy</code></em> = <code class="literal">programs</code> 1160 1169 </em></span> 1161 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1352"></a>1170 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537837"></a> 1162 1171 1163 1172 ctdbd socket (G) 1164 </h3></div></div></div><a class="indexterm" name="id253 1353"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,1173 </h3></div></div></div><a class="indexterm" name="id2537838"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>, 1165 1174 you need to tell Samba where ctdbd listens on its unix domain 1166 1175 socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which … … 1170 1179 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ctdbd socket</code></em> = <code class="literal">/tmp/ctdb.socket</code> 1171 1180 </em></span> 1172 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1418"></a>1181 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537897"></a> 1173 1182 1174 1183 cups options (S) 1175 </h3></div></div></div><a class="indexterm" name="id253 1419"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>1176 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" >printing</a> is1184 </h3></div></div></div><a class="indexterm" name="id2537898"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1185 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is 1177 1186 set to <code class="constant">cups</code>. Its value is a free form string of options 1178 1187 passed directly to the cups library. … … 1195 1204 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups options</code></em> = <code class="literal">"raw media=a4"</code> 1196 1205 </em></span> 1197 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1535"></a>1206 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537995"></a> 1198 1207 1199 1208 cups server (G) 1200 </h3></div></div></div><a class="indexterm" name="id253 1536"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>1201 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" >printing</a> is set to <code class="constant">cups</code>.1209 </h3></div></div></div><a class="indexterm" name="id2537996"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p> 1210 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>. 1202 1211 </p><p> 1203 1212 If set, this option overrides the ServerName option in the CUPS <code class="filename">client.conf</code>. This is … … 1212 1221 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups server</code></em> = <code class="literal">mycupsserver:1631</code> 1213 1222 </em></span> 1214 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1643"></a>1223 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538093"></a> 1215 1224 1216 1225 deadtime (G) 1217 </h3></div></div></div><a class="indexterm" name="id253 1644"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)1226 </h3></div></div></div><a class="indexterm" name="id2538094"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer) 1218 1227 represents the number of minutes of inactivity before a connection 1219 1228 is considered dead, and it is disconnected. The deadtime only takes … … 1227 1236 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deadtime</code></em> = <code class="literal">15</code> 1228 1237 </em></span> 1229 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1725"></a>1238 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538170"></a> 1230 1239 1231 1240 debug class (G) 1232 </h3></div></div></div><a class="indexterm" name="id253 1726"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>1241 </h3></div></div></div><a class="indexterm" name="id2538171"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1233 1242 With this boolean parameter enabled, the debug class (DBGC_CLASS) 1234 1243 will be displayed in the debug header. 1235 1244 </p><p> 1236 1245 For more information about currently available debug classes, see 1237 section about <a class="link" href="smb.conf.5.html#LOGLEVEL" >log level</a>.1246 section about <a class="link" href="smb.conf.5.html#LOGLEVEL" target="_top">log level</a>. 1238 1247 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug class</code></em> = <code class="literal">no</code> 1239 1248 </em></span> 1240 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1784"></a>1249 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538222"></a> 1241 1250 1242 1251 debug hires timestamp (G) 1243 </h3></div></div></div><a class="indexterm" name="id253 1785"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>1252 </h3></div></div></div><a class="indexterm" name="id2538223"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 1244 1253 Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this 1245 1254 boolean parameter adds microsecond resolution to the timestamp message header when turned on. 1246 1255 </p><p> 1247 Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" >debug timestamp</a> must be on for this to have an effect.1256 Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect. 1248 1257 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = <code class="literal">no</code> 1249 1258 </em></span> 1250 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1845"></a>1259 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538276"></a> 1251 1260 1252 1261 debug pid (G) 1253 </h3></div></div></div><a class="indexterm" name="id253 1846"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>1262 </h3></div></div></div><a class="indexterm" name="id2538277"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p> 1254 1263 When using only one log file for more then one forked <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>-process there may be hard to follow which process outputs which 1255 1264 message. This boolean parameter is adds the process-id to the timestamp message headers in the 1256 1265 logfile when turned on. 1257 1266 </p><p> 1258 Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" >debug timestamp</a> must be on for this to have an effect.1267 Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect. 1259 1268 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = <code class="literal">no</code> 1260 1269 </em></span> 1261 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1914"></a>1270 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538338"></a> 1262 1271 1263 1272 debug prefix timestamp (G) 1264 </h3></div></div></div><a class="indexterm" name="id253 1915"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>1273 </h3></div></div></div><a class="indexterm" name="id2538339"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 1265 1274 With this option enabled, the timestamp message header is prefixed to the debug message without the 1266 filename and function information that is included with the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" >debug timestamp</a>1275 filename and function information that is included with the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> 1267 1276 parameter. This gives timestamps to the messages without adding an additional line. 1268 1277 </p><p> 1269 Note that this parameter overrides the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" >debug timestamp</a> parameter.1278 Note that this parameter overrides the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> parameter. 1270 1279 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = <code class="literal">no</code> 1271 1280 </em></span> 1272 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 1987"></a>1281 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538402"></a> 1273 1282 1274 1283 <a name="TIMESTAMPLOGS"></a>timestamp logs 1275 </h3></div></div></div><a class="indexterm" name="id253 1988"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2532019"></a>1284 </h3></div></div></div><a class="indexterm" name="id2538403"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538429"></a> 1276 1285 1277 1286 debug timestamp (G) 1278 </h3></div></div></div><a class="indexterm" name="id253 2020"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>1287 </h3></div></div></div><a class="indexterm" name="id2538430"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 1279 1288 Samba debug log messages are timestamped by default. If you are running at a high 1280 <a class="link" href="smb.conf.5.html#DEBUGLEVEL" >debug level</a> these timestamps can be distracting. This1289 <a class="link" href="smb.conf.5.html#DEBUGLEVEL" target="_top">debug level</a> these timestamps can be distracting. This 1281 1290 boolean parameter allows timestamping to be turned off. 1282 1291 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code> 1283 1292 </em></span> 1284 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2075"></a>1293 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538477"></a> 1285 1294 1286 1295 debug uid (G) 1287 </h3></div></div></div><a class="indexterm" name="id253 2076"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>1296 </h3></div></div></div><a class="indexterm" name="id2538478"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p> 1288 1297 Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the 1289 1298 current euid, egid, uid and gid to the timestamp message headers in the log file if turned on. 1290 1299 </p><p> 1291 Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" >debug timestamp</a> must be on for this to have an effect.1300 Note that the parameter <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> must be on for this to have an effect. 1292 1301 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = <code class="literal">no</code> 1293 1302 </em></span> 1294 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2134"></a>1303 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538531"></a> 1295 1304 1296 1305 default case (S) 1297 </h3></div></div></div><a class="indexterm" name="id253 2136"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING">name mangling</a>.1298 Also note the <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" >short preserve case</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = <code class="literal">lower</code>1299 </em></span> 1300 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2199"></a>1306 </h3></div></div></div><a class="indexterm" name="id2538532"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. 1307 Also note the <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" target="_top">short preserve case</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = <code class="literal">lower</code> 1308 </em></span> 1309 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538585"></a> 1301 1310 1302 1311 default devmode (S) 1303 </h3></div></div></div><a class="indexterm" name="id253 2200"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE">printable</a> services.1312 </h3></div></div></div><a class="indexterm" name="id2538586"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services. 1304 1313 When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba 1305 1314 server has a Device Mode which defines things such as paper size and … … 1324 1333 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = <code class="literal">yes</code> 1325 1334 </em></span> 1326 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2296"></a>1335 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538673"></a> 1327 1336 1328 1337 <a name="DEFAULT"></a>default 1329 </h3></div></div></div><a class="indexterm" name="id253 2297"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2532328"></a>1338 </h3></div></div></div><a class="indexterm" name="id2538674"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538700"></a> 1330 1339 1331 1340 default service (G) 1332 </h3></div></div></div><a class="indexterm" name="id253 2329"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service1341 </h3></div></div></div><a class="indexterm" name="id2538701"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service 1333 1342 which will be connected to if the service actually requested cannot 1334 1343 be found. Note that the square brackets are <span class="emphasis"><em>NOT</em></span> … … 1336 1345 parameter is not given, attempting to connect to a nonexistent 1337 1346 service results in an error.</p><p> 1338 Typically the default service would be a <a class="link" href="smb.conf.5.html#GUESTOK" >guest ok</a>, <a class="link" href="smb.conf.5.html#READ-ONLY">read-only</a> service.</p><p>Also note that the apparent service name will be changed to equal1347 Typically the default service would be a <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a>, <a class="link" href="smb.conf.5.html#READ-ONLY" target="_top">read-only</a> service.</p><p>Also note that the apparent service name will be changed to equal 1339 1348 that of the requested service, this is very useful as it allows you to use macros like <em class="parameter"><code>%S</code></em> to make a wildcard service. 1340 1349 </p><p>Note also that any "_" characters in the name of the service … … 1344 1353 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>default service</code></em> = <code class="literal">pub</code> 1345 1354 </em></span> 1346 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2442"></a>1355 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538801"></a> 1347 1356 1348 1357 defer sharing violations (G) 1349 </h3></div></div></div><a class="indexterm" name="id253 2443"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>1358 </h3></div></div></div><a class="indexterm" name="id2538802"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1350 1359 Windows allows specifying how a file will be shared with 1351 1360 other processes when it is opened. Sharing violations occur when … … 1360 1369 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>defer sharing violations</code></em> = <code class="literal">True</code> 1361 1370 </em></span> 1362 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2501"></a>1371 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538856"></a> 1363 1372 1364 1373 delete group script (G) 1365 </h3></div></div></div><a class="indexterm" name="id253 2502"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will1374 </h3></div></div></div><a class="indexterm" name="id2538857"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will 1366 1375 be run <span class="emphasis"><em>AS ROOT</em></span> <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a group is requested to be deleted. 1367 1376 It will expand any <em class="parameter"><code>%g</code></em> to the group name passed. … … 1369 1378 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete group script</code></em> = <code class="literal"></code> 1370 1379 </em></span> 1371 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2562"></a>1380 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538912"></a> 1372 1381 1373 1382 deleteprinter command (G) 1374 </h3></div></div></div><a class="indexterm" name="id253 2563"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer1383 </h3></div></div></div><a class="indexterm" name="id2538913"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer 1375 1384 support for Windows NT/2000 clients in Samba 2.2, it is now 1376 1385 possible to delete a printer at run time by issuing the 1377 1386 DeletePrinter() RPC call.</p><p>For a Samba host this means that the printer must be 1378 1387 physically deleted from the underlying printing system. The 1379 <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" >deleteprinter command</a> defines a script to be run which1388 <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" target="_top">deleteprinter command</a> defines a script to be run which 1380 1389 will perform the necessary operations for removing the printer 1381 1390 from the print system and from <code class="filename">smb.conf</code>. 1382 </p><p>The <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" >deleteprinter command</a> is1383 automatically called with only one parameter: <a class="link" href="smb.conf.5.html#PRINTERNAME" >printer name</a>.1384 </p><p>Once the <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" >deleteprinter command</a> has1391 </p><p>The <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" target="_top">deleteprinter command</a> is 1392 automatically called with only one parameter: <a class="link" href="smb.conf.5.html#PRINTERNAME" target="_top">printer name</a>. 1393 </p><p>Once the <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" target="_top">deleteprinter command</a> has 1385 1394 been executed, <code class="literal">smbd</code> will reparse the <code class="filename"> 1386 1395 smb.conf</code> to check that the associated printer no longer exists. … … 1390 1399 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deleteprinter command</code></em> = <code class="literal">/usr/bin/removeprinter</code> 1391 1400 </em></span> 1392 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2713"></a>1401 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539040"></a> 1393 1402 1394 1403 delete readonly (S) 1395 </h3></div></div></div><a class="indexterm" name="id253 2714"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted.1404 </h3></div></div></div><a class="indexterm" name="id2539041"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted. 1396 1405 This is not normal DOS semantics, but is allowed by UNIX.</p><p>This option may be useful for running applications such 1397 1406 as rcs, where UNIX file ownership prevents changing file 1398 1407 permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code> 1399 1408 </em></span> 1400 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2762"></a>1409 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539085"></a> 1401 1410 1402 1411 delete share command (G) 1403 </h3></div></div></div><a class="indexterm" name="id253 2764"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>1412 </h3></div></div></div><a class="indexterm" name="id2539086"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 1404 1413 Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server 1405 1414 Manager. The <em class="parameter"><code>delete share command</code></em> is used to define an external 1406 1415 program or script which will remove an existing service definition from 1407 <code class="filename">smb.conf</code>. In order to successfully execute the 1408 <em class="parameter"><code>delete share command</code></em>, <code class="literal">smbd</code> 1409 requires that the administrator be connected using a root account (i.e. uid == 0). 1410 </p><p> 1411 If the connected account has <code class="literal">SeDiskOperatorPrivilege</code>, scripts defined in 1412 <em class="parameter"><code>change share</code></em> parameter are executed as root. 1413 </p><p> 1416 <code class="filename">smb.conf</code>. 1417 </p><p>In order to successfully execute the 1418 <em class="parameter"><code>delete share command</code></em>, 1419 <code class="literal">smbd</code> requires that the administrator 1420 connects using a root account (i.e. uid == 0) or has the 1421 <code class="literal">SeDiskOperatorPrivilege</code>. 1422 Scripts defined in the <em class="parameter"><code>delete share command</code></em> 1423 parameter are executed as root. 1424 </p><p> 1414 1425 When executed, <code class="literal">smbd</code> will automatically invoke the 1415 1426 <em class="parameter"><code>delete share command</code></em> with two parameters. … … 1420 1431 </p></li></ul></div><p> 1421 1432 This parameter is only used to remove file shares. To delete printer shares, 1422 see the <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" >deleteprinter command</a>.1433 see the <a class="link" href="smb.conf.5.html#DELETEPRINTERCOMMAND" target="_top">deleteprinter command</a>. 1423 1434 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = <code class="literal"></code> 1424 1435 </em></span> 1425 1436 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = <code class="literal">/usr/local/bin/delshare</code> 1426 1437 </em></span> 1427 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 2934"></a>1438 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539237"></a> 1428 1439 1429 1440 delete user from group script (G) 1430 </h3></div></div></div><a class="indexterm" name="id253 2935"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when1441 </h3></div></div></div><a class="indexterm" name="id2539238"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when 1431 1442 a user is removed from a group using the Windows NT domain administration 1432 1443 tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> <span class="emphasis"><em>AS ROOT</em></span>. … … 1437 1448 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user from group script</code></em> = <code class="literal">/usr/sbin/deluser %u %g</code> 1438 1449 </em></span> 1439 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3019"></a>1450 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539316"></a> 1440 1451 1441 1452 delete user script (G) 1442 </h3></div></div></div><a class="indexterm" name="id253 3020"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will1453 </h3></div></div></div><a class="indexterm" name="id2539317"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will 1443 1454 be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when managing users 1444 1455 with remote RPC (NT) tools. … … 1449 1460 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user script</code></em> = <code class="literal">/usr/local/samba/bin/del_user %u</code> 1450 1461 </em></span> 1451 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3101"></a>1462 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539393"></a> 1452 1463 1453 1464 delete veto files (S) 1454 </h3></div></div></div><a class="indexterm" name="id253 3102"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to1465 </h3></div></div></div><a class="indexterm" name="id2539394"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to 1455 1466 delete a directory that contains one or more vetoed directories 1456 (see the <a class="link" href="smb.conf.5.html#VETOFILES" >veto files</a>1467 (see the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a> 1457 1468 option). If this option is set to <code class="constant">no</code> (the default) then if a vetoed 1458 1469 directory contains any non-vetoed files or directories then the … … 1462 1473 serving systems such as NetAtalk which create meta-files within 1463 1474 directories you might normally veto DOS/Windows users from seeing 1464 (e.g. <code class="filename">.AppleDouble</code>)</p><p>Setting <a class="link" href="smb.conf.5.html#DELETEVETOFILES" >delete veto files = yes</a> allows these1475 (e.g. <code class="filename">.AppleDouble</code>)</p><p>Setting <a class="link" href="smb.conf.5.html#DELETEVETOFILES" target="_top">delete veto files = yes</a> allows these 1465 1476 directories to be transparently deleted when the parent directory 1466 1477 is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = <code class="literal">no</code> 1467 1478 </em></span> 1468 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3199"></a>1479 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539478"></a> 1469 1480 1470 1481 dfree cache time (S) 1471 </h3></div></div></div><a class="indexterm" name="id253 3200"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>1482 </h3></div></div></div><a class="indexterm" name="id2539479"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p> 1472 1483 The <em class="parameter"><code>dfree cache time</code></em> should only be used on systems where a problem 1473 1484 occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur … … 1477 1488 This is a new parameter introduced in Samba version 3.0.21. It specifies in seconds the time that smbd will 1478 1489 cache the output of a disk free query. If set to zero (the default) no caching is done. This allows a heavily 1479 loaded server to prevent rapid spawning of <a class="link" href="smb.conf.5.html#DFREECOMMAND" >dfree command</a> scripts increasing the load.1490 loaded server to prevent rapid spawning of <a class="link" href="smb.conf.5.html#DFREECOMMAND" target="_top">dfree command</a> scripts increasing the load. 1480 1491 </p><p> 1481 1492 By default this parameter is zero, meaning no caching will be done. 1482 1493 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code> 1483 1494 </em></span> 1484 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3281"></a>1495 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539551"></a> 1485 1496 1486 1497 dfree command (S) 1487 </h3></div></div></div><a class="indexterm" name="id253 3282"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>1498 </h3></div></div></div><a class="indexterm" name="id2539552"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 1488 1499 The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a 1489 1500 problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may … … 1496 1507 </p><p> 1497 1508 In Samba version 3.0.21 this parameter has been changed to be a per-share parameter, and in addition the 1498 parameter <a class="link" href="smb.conf.5.html#DFREECACHETIME" >dfree cache time</a> was added to allow the output of this script to be cached1509 parameter <a class="link" href="smb.conf.5.html#DFREECACHETIME" target="_top">dfree cache time</a> was added to allow the output of this script to be cached 1499 1510 for systems under heavy load. 1500 1511 </p><p> … … 1523 1534 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree command</code></em> = <code class="literal">/usr/local/samba/bin/dfree</code> 1524 1535 </em></span> 1525 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3414"></a>1536 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539672"></a> 1526 1537 1527 1538 <a name="DIRECTORYMODE"></a>directory mode 1528 </h3></div></div></div><a class="indexterm" name="id253 3415"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533446"></a>1539 </h3></div></div></div><a class="indexterm" name="id2539674"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539699"></a> 1529 1540 1530 1541 directory mask (S) 1531 </h3></div></div></div><a class="indexterm" name="id253 3447"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are1542 </h3></div></div></div><a class="indexterm" name="id2539700"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are 1532 1543 used when converting DOS modes to UNIX modes when creating UNIX 1533 1544 directories.</p><p>When a directory is created, the necessary permissions are … … 1540 1551 and 'other' write bits from the UNIX mode, allowing only the 1541 1552 user who owns the directory to modify it.</p><p>Following this Samba will bit-wise 'OR' the UNIX mode 1542 created from this parameter with the value of the <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" >force directory mode</a> parameter.1553 created from this parameter with the value of the <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" target="_top">force directory mode</a> parameter. 1543 1554 This parameter is set to 000 by default (i.e. no extra mode bits are added).</p><p>Note that this parameter does not apply to permissions 1544 1555 set by Windows NT/2000 ACL editors. If the administrator wishes to enforce 1545 a mask on access control lists also, they need to set the <a class="link" href="smb.conf.5.html#DIRECTORYSECURITYMASK" >directory security mask</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0755</code>1556 a mask on access control lists also, they need to set the <a class="link" href="smb.conf.5.html#DIRECTORYSECURITYMASK" target="_top">directory security mask</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0755</code> 1546 1557 </em></span> 1547 1558 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0775</code> 1548 1559 </em></span> 1549 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3564"></a>1560 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539805"></a> 1550 1561 1551 1562 directory security mask (S) 1552 </h3></div></div></div><a class="indexterm" name="id253 3565"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits1563 </h3></div></div></div><a class="indexterm" name="id2539806"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits 1553 1564 will be set when a Windows NT client is manipulating the UNIX 1554 1565 permission on a directory using the native NT security dialog 1555 1566 box.</p><p> 1556 1567 This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting 1557 any bits not in this mask. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#FORCEDIRECTORYSECURITYMODE" >force directory security mode</a>, which works similar like this one but uses logical OR instead of AND.1568 any bits not in this mask. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#FORCEDIRECTORYSECURITYMODE" target="_top">force directory security mode</a>, which works similar like this one but uses logical OR instead of AND. 1558 1569 Essentially, zero bits in this mask are a set of bits that will always be set to zero. 1559 1570 </p><p> … … 1570 1581 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code> 1571 1582 </em></span> 1572 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3674"></a>1583 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539905"></a> 1573 1584 1574 1585 disable netbios (G) 1575 </h3></div></div></div><a class="indexterm" name="id253 3675"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support1586 </h3></div></div></div><a class="indexterm" name="id2539906"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support 1576 1587 in Samba. Netbios is the only available form of browsing in 1577 1588 all windows versions except for 2000 and XP. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to … … 1579 1590 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code> 1580 1591 </em></span> 1581 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id253 3723"></a>1592 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539951"></a> 1582 1593 1583 1594 disable spoolss (G) 1584 </h3></div></div></div><a class="indexterm" name="id253 3724"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support1595 </h3></div></div></div><a class="indexterm" name="id2539952"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support 1585 1596 for the SPOOLSS set of MS-RPC's and will yield identical behavior 1586 1597 as Samba 2.0.x. Windows NT/2000 clients will downgrade to using … … 1594 1605 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable spoolss</code></em> = <code class="literal">no</code> 1595 1606 </em></span> 1596 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 33779"></a>1607 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540002"></a> 1597 1608 1598 1609 display charset (G) 1599 </h3></div></div></div><a class="indexterm" name="id25 33780"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>1610 </h3></div></div></div><a class="indexterm" name="id2540003"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p> 1600 1611 Specifies the charset that samba will use to print messages to stdout and stderr. 1601 1612 The default value is "LOCALE", which means automatically set, depending on the 1602 1613 current locale. The value should generally be the same as the value of the parameter 1603 <a class="link" href="smb.conf.5.html#UNIXCHARSET" >unix charset</a>.1614 <a class="link" href="smb.conf.5.html#UNIXCHARSET" target="_top">unix charset</a>. 1604 1615 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = <code class="literal">"LOCALE" or "ASCII" (depending on the system)</code> 1605 1616 </em></span> 1606 1617 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = <code class="literal">UTF8</code> 1607 1618 </em></span> 1608 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 33855"></a>1619 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540069"></a> 1609 1620 1610 1621 dmapi support (S) 1611 </h3></div></div></div><a class="indexterm" name="id25 33856"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to1622 </h3></div></div></div><a class="indexterm" name="id2540070"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to 1612 1623 determine whether a file is offline or not. This would typically 1613 1624 be used in conjunction with a hierarchical storage system that … … 1624 1635 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dmapi support</code></em> = <code class="literal">no</code> 1625 1636 </em></span> 1626 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 33918"></a>1637 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540128"></a> 1627 1638 1628 1639 dns proxy (G) 1629 </h3></div></div></div><a class="indexterm" name="id25 33919"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and1640 </h3></div></div></div><a class="indexterm" name="id2540129"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and 1630 1641 finding that a NetBIOS name has not been registered, should treat the 1631 1642 NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server … … 1636 1647 action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code> 1637 1648 </em></span> 1638 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 33986"></a>1649 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540191"></a> 1639 1650 1640 1651 domain logons (G) 1641 </h3></div></div></div><a class="indexterm" name="id25 33988"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>1652 </h3></div></div></div><a class="indexterm" name="id2540192"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1642 1653 If set to <code class="constant">yes</code>, the Samba server will 1643 1654 provide the netlogon service for Windows 9X network logons for the 1644 <a class="link" href="smb.conf.5.html#WORKGROUP" >workgroup</a> it is in.1655 <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> it is in. 1645 1656 This will also cause the Samba server to act as a domain 1646 1657 controller for NT4 style domain services. For more details on … … 1649 1660 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain logons</code></em> = <code class="literal">no</code> 1650 1661 </em></span> 1651 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34048"></a>1662 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540244"></a> 1652 1663 1653 1664 domain master (G) 1654 </h3></div></div></div><a class="indexterm" name="id25 34049"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>1665 </h3></div></div></div><a class="indexterm" name="id2540246"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p> 1655 1666 Tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to enable 1656 1667 WAN-wide browse list collation. Setting this option causes <code class="literal">nmbd</code> to claim a 1657 1668 special domain specific NetBIOS name that identifies it as a domain master browser for its given 1658 <a class="link" href="smb.conf.5.html#WORKGROUP" >workgroup</a>. Local master browsers in the same <a class="link" href="smb.conf.5.html#WORKGROUP">workgroup</a> on1669 <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a>. Local master browsers in the same <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> on 1659 1670 broadcast-isolated subnets will give this <code class="literal">nmbd</code> their local browse lists, 1660 1671 and then ask <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> for a … … 1663 1674 broadcast-isolated subnet. 1664 1675 </p><p> 1665 Note that Windows NT Primary Domain Controllers expect to be able to claim this <a class="link" href="smb.conf.5.html#WORKGROUP" >workgroup</a> specific special NetBIOS name that identifies them as domain master browsers for that1666 <a class="link" href="smb.conf.5.html#WORKGROUP" >workgroup</a> by default (i.e. there is no way to prevent a Windows NT PDC from attempting1676 Note that Windows NT Primary Domain Controllers expect to be able to claim this <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> specific special NetBIOS name that identifies them as domain master browsers for that 1677 <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> by default (i.e. there is no way to prevent a Windows NT PDC from attempting 1667 1678 to do this). This means that if this parameter is set and <code class="literal">nmbd</code> claims the 1668 special name for a <a class="link" href="smb.conf.5.html#WORKGROUP" >workgroup</a> before a Windows NT PDC is able to do so then cross1679 special name for a <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> before a Windows NT PDC is able to do so then cross 1669 1680 subnet browsing will behave strangely and may fail. 1670 1681 </p><p> 1671 If <a class="link" href="smb.conf.5.html#DOMAINLOGONS" >domain logons = yes</a>, then the default behavior is to enable the1672 <a class="link" href="smb.conf.5.html#DOMAINMASTER" >domain master</a> parameter. If <a class="link" href="smb.conf.5.html#DOMAINLOGONS">domain logons</a> is not enabled (the1673 default setting), then neither will <a class="link" href="smb.conf.5.html#DOMAINMASTER" >domain master</a> be enabled by default.1674 </p><p> 1675 When <a class="link" href="smb.conf.5.html#DOMAINLOGONS" >domain logons = Yes</a> the default setting for this parameter is1676 Yes, with the result that Samba will be a PDC. If <a class="link" href="smb.conf.5.html#DOMAINMASTER" >domain master = No</a>,1682 If <a class="link" href="smb.conf.5.html#DOMAINLOGONS" target="_top">domain logons = yes</a>, then the default behavior is to enable the 1683 <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master</a> parameter. If <a class="link" href="smb.conf.5.html#DOMAINLOGONS" target="_top">domain logons</a> is not enabled (the 1684 default setting), then neither will <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master</a> be enabled by default. 1685 </p><p> 1686 When <a class="link" href="smb.conf.5.html#DOMAINLOGONS" target="_top">domain logons = Yes</a> the default setting for this parameter is 1687 Yes, with the result that Samba will be a PDC. If <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = No</a>, 1677 1688 Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC. 1678 1689 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = <code class="literal">auto</code> 1679 1690 </em></span> 1680 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34278"></a>1691 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540436"></a> 1681 1692 1682 1693 dont descend (S) 1683 </h3></div></div></div><a class="indexterm" name="id25 34279"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems1694 </h3></div></div></div><a class="indexterm" name="id2540437"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems 1684 1695 (e.g., the <code class="filename">/proc</code> tree under Linux) that are either not 1685 1696 of interest to clients or are infinitely deep (recursive). This … … 1692 1703 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dont descend</code></em> = <code class="literal">/proc,/dev</code> 1693 1704 </em></span> 1694 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34363"></a>1705 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540514"></a> 1695 1706 1696 1707 dos charset (G) 1697 </h3></div></div></div><a class="indexterm" name="id25 34364"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has1708 </h3></div></div></div><a class="indexterm" name="id2540515"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has 1698 1709 the same charset as they do. This option specifies which 1699 1710 charset Samba should talk to DOS clients. 1700 1711 </p><p>The default depends on which charsets you have installed. 1701 1712 Samba tries to use charset 850 but falls back to ASCII in 1702 case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34407"></a>1713 case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540555"></a> 1703 1714 1704 1715 dos filemode (S) 1705 </h3></div></div></div><a class="indexterm" name="id25 34408"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide1716 </h3></div></div></div><a class="indexterm" name="id2540556"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide 1706 1717 UNIX-like behavior where only the owner of a file/directory is 1707 1718 able to change the permissions on it. However, this behavior … … 1714 1725 file/directory may also be changed.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filemode</code></em> = <code class="literal">no</code> 1715 1726 </em></span> 1716 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34458"></a>1727 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540602"></a> 1717 1728 1718 1729 dos filetime resolution (S) 1719 </h3></div></div></div><a class="indexterm" name="id25 34459"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest1730 </h3></div></div></div><a class="indexterm" name="id2540603"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest 1720 1731 granularity on time resolution is two seconds. Setting this parameter 1721 1732 for a share causes Samba to round the reported time down to the … … 1732 1743 happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code> 1733 1744 </em></span> 1734 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34526"></a>1745 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540665"></a> 1735 1746 1736 1747 dos filetimes (S) 1737 </h3></div></div></div><a class="indexterm" name="id25 34527"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a1748 </h3></div></div></div><a class="indexterm" name="id2540666"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a 1738 1749 file they can change the timestamp on it. Under POSIX semantics, 1739 1750 only the owner of the file or root may change the timestamp. By … … 1749 1760 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetimes</code></em> = <code class="literal">yes</code> 1750 1761 </em></span> 1751 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34597"></a>1762 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540731"></a> 1752 1763 1753 1764 ea support (S) 1754 </h3></div></div></div><a class="indexterm" name="id25 34598"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended1765 </h3></div></div></div><a class="indexterm" name="id2540732"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended 1755 1766 attributes on a share. In order to enable this parameter the underlying filesystem exported by 1756 1767 the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the … … 1759 1770 extended attributes must be compiled into the Linux kernel.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ea support</code></em> = <code class="literal">no</code> 1760 1771 </em></span> 1761 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34654"></a>1772 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540784"></a> 1762 1773 1763 1774 enable asu support (G) 1764 </h3></div></div></div><a class="indexterm" name="id25 34655"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product1775 </h3></div></div></div><a class="indexterm" name="id2540785"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product 1765 1776 require some special accomodations such as creating a builting [ADMIN$] 1766 1777 share that only supports IPC connections. The has been the default … … 1770 1781 an [ADMIN$] file share in smb.conf.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable asu support</code></em> = <code class="literal">no</code> 1771 1782 </em></span> 1772 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34703"></a>1783 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540829"></a> 1773 1784 1774 1785 enable privileges (G) 1775 </h3></div></div></div><a class="indexterm" name="id25 34704"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>1786 </h3></div></div></div><a class="indexterm" name="id2540830"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p> 1776 1787 This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either 1777 1788 <code class="literal">net rpc rights</code> or one of the Windows user and group manager tools. This parameter is … … 1786 1797 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code> 1787 1798 </em></span> 1788 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34769"></a>1799 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540889"></a> 1789 1800 1790 1801 encrypt passwords (G) 1791 </h3></div></div></div><a class="indexterm" name="id25 34770"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords1802 </h3></div></div></div><a class="indexterm" name="id2540890"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords 1792 1803 will be negotiated with the client. Note that Windows NT 4.0 SP3 and 1793 1804 above and also Windows 98 will by default expect encrypted passwords … … 1808 1819 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> must either 1809 1820 have access to a local <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> file (see the <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> program for information on how to set up 1810 and maintain this file), or set the <a class="link" href="smb.conf.5.html#SECURITY" >security = [server|domain|ads]</a> parameter which1821 and maintain this file), or set the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = [server|domain|ads]</a> parameter which 1811 1822 causes <code class="literal">smbd</code> to authenticate against another 1812 1823 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = <code class="literal">yes</code> 1813 1824 </em></span> 1814 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34881"></a>1825 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540994"></a> 1815 1826 1816 1827 enhanced browsing (G) 1817 </h3></div></div></div><a class="indexterm" name="id25 34882"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to1828 </h3></div></div></div><a class="indexterm" name="id2540995"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to 1818 1829 cross-subnet browse propagation that have been added in Samba 1819 1830 but which are not standard in Microsoft implementations. … … 1828 1839 cross-subnet browse propagation much more reliable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enhanced browsing</code></em> = <code class="literal">yes</code> 1829 1840 </em></span> 1830 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 34952"></a>1841 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541055"></a> 1831 1842 1832 1843 enumports command (G) 1833 </h3></div></div></div><a class="indexterm" name="id25 34953"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign1844 </h3></div></div></div><a class="indexterm" name="id2541056"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign 1834 1845 to UNIX hosts. Under Windows NT/2000 print servers, a port 1835 1846 is associated with a port monitor and generally takes the form of … … 1848 1859 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enumports command</code></em> = <code class="literal">/usr/bin/listports</code> 1849 1860 </em></span> 1850 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35042"></a>1861 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541136"></a> 1851 1862 1852 1863 eventlog list (G) 1853 </h3></div></div></div><a class="indexterm" name="id25 35043"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will1864 </h3></div></div></div><a class="indexterm" name="id2541137"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will 1854 1865 report to the Microsoft EventViewer utility. The listed 1855 1866 eventlogs will be associated with tdb file on disk in the … … 1864 1875 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>eventlog list</code></em> = <code class="literal">Security Application Syslog Apache</code> 1865 1876 </em></span> 1866 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35121"></a>1877 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541209"></a> 1867 1878 1868 1879 fake directory create times (S) 1869 </h3></div></div></div><a class="indexterm" name="id25 35122"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create1880 </h3></div></div></div><a class="indexterm" name="id2541210"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create 1870 1881 time for all files and directories. This is not the same as the 1871 1882 ctime - status change time - that Unix keeps, so Samba by default … … 1889 1900 will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code> 1890 1901 </em></span> 1891 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35201"></a>1902 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541285"></a> 1892 1903 1893 1904 fake oplocks (S) 1894 </h3></div></div></div><a class="indexterm" name="id25 35202"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission1905 </h3></div></div></div><a class="indexterm" name="id2541286"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission 1895 1906 from a server to locally cache file operations. If a server grants 1896 1907 an oplock (opportunistic lock) then the client is free to assume … … 1899 1910 file open/close operations. This can give enormous performance benefits. 1900 1911 </p><p>When you set <code class="literal">fake oplocks = yes</code>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will 1901 always grant oplock requests no matter how many clients are using the file.</p><p>It is generally much better to use the real <a class="link" href="smb.conf.5.html#OPLOCKS" >oplocks</a> support rather1912 always grant oplock requests no matter how many clients are using the file.</p><p>It is generally much better to use the real <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a> support rather 1902 1913 than this parameter.</p><p>If you enable this option on all read-only shares or 1903 1914 shares that you know will only be accessed from one client at a … … 1908 1919 this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code> 1909 1920 </em></span> 1910 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35293"></a>1921 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541369"></a> 1911 1922 1912 1923 follow symlinks (S) 1913 </h3></div></div></div><a class="indexterm" name="id25 35294"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>1924 </h3></div></div></div><a class="indexterm" name="id2541370"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1914 1925 This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> from following symbolic links in a particular share. Setting this 1915 1926 parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being … … 1921 1932 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code> 1922 1933 </em></span> 1923 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35368"></a>1934 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541439"></a> 1924 1935 1925 1936 force create mode (S) 1926 </h3></div></div></div><a class="indexterm" name="id25 35369"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit1937 </h3></div></div></div><a class="indexterm" name="id2541440"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit 1927 1938 permissions that will <span class="emphasis"><em>always</em></span> be set on a 1928 1939 file created by Samba. This is done by bitwise 'OR'ing these bits onto … … 1936 1947 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force create mode</code></em> = <code class="literal">0755</code> 1937 1948 </em></span> 1938 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35448"></a>1949 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541512"></a> 1939 1950 1940 1951 force directory mode (S) 1941 </h3></div></div></div><a class="indexterm" name="id25 35449"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit1952 </h3></div></div></div><a class="indexterm" name="id2541513"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit 1942 1953 permissions that will <span class="emphasis"><em>always</em></span> be set on a directory 1943 1954 created by Samba. This is done by bitwise 'OR'ing these bits onto the … … 1952 1963 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory mode</code></em> = <code class="literal">0755</code> 1953 1964 </em></span> 1954 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35530"></a>1965 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541587"></a> 1955 1966 1956 1967 force directory security mode (S) 1957 </h3></div></div></div><a class="indexterm" name="id25 35531"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>1968 </h3></div></div></div><a class="indexterm" name="id2541588"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> 1958 1969 This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating 1959 1970 the UNIX permission on a directory using the native NT security dialog box. 1960 1971 </p><p> 1961 1972 This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this 1962 mask that the user may have modified to be on. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#DIRECTORYSECURITYMASK" >directory security mask</a>, which works in a similar manner to this one, but uses a logical AND instead1973 mask that the user may have modified to be on. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#DIRECTORYSECURITYMASK" target="_top">directory security mask</a>, which works in a similar manner to this one, but uses a logical AND instead 1963 1974 of an OR. 1964 1975 </p><p> … … 1976 1987 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory security mode</code></em> = <code class="literal">700</code> 1977 1988 </em></span> 1978 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35634"></a>1989 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541683"></a> 1979 1990 1980 1991 <a name="GROUP"></a>group 1981 </h3></div></div></div><a class="indexterm" name="id25 35635"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535666"></a>1992 </h3></div></div></div><a class="indexterm" name="id2541684"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541710"></a> 1982 1993 1983 1994 force group (S) 1984 </h3></div></div></div><a class="indexterm" name="id25 35667"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be1995 </h3></div></div></div><a class="indexterm" name="id2541711"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be 1985 1996 assigned as the default primary group for all users connecting 1986 1997 to this service. This is useful for sharing files by ensuring … … 2000 2011 primary group assigned to sys when accessing this Samba share. All 2001 2012 other users will retain their ordinary primary group.</p><p> 2002 If the <a class="link" href="smb.conf.5.html#FORCEUSER" >force user</a> parameter is also set the group specified in2013 If the <a class="link" href="smb.conf.5.html#FORCEUSER" target="_top">force user</a> parameter is also set the group specified in 2003 2014 <em class="parameter"><code>force group</code></em> will override the primary group 2004 2015 set in <em class="parameter"><code>force user</code></em>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> = <code class="literal"></code> … … 2006 2017 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> = <code class="literal">agroup</code> 2007 2018 </em></span> 2008 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35781"></a>2019 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541815"></a> 2009 2020 2010 2021 force printername (S) 2011 </h3></div></div></div><a class="indexterm" name="id25 35782"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),2022 </h3></div></div></div><a class="indexterm" name="id2541816"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later), 2012 2023 each printer in <code class="filename">smb.conf</code> has two 2013 2024 associated names which can be used by the client. The first … … 2032 2043 folder.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force printername</code></em> = <code class="literal">no</code> 2033 2044 </em></span> 2034 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35872"></a>2045 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541900"></a> 2035 2046 2036 2047 force security mode (S) 2037 </h3></div></div></div><a class="indexterm" name="id25 35874"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>2048 </h3></div></div></div><a class="indexterm" name="id2541901"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> 2038 2049 This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating 2039 2050 the UNIX permission on a file using the native NT security dialog box. 2040 2051 </p><p> 2041 2052 This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this 2042 mask that the user may have modified to be on. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#SECURITYMASK" >security mask</a>, which works similar like this one but uses logical AND instead of OR.2053 mask that the user may have modified to be on. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#SECURITYMASK" target="_top">security mask</a>, which works similar like this one but uses logical AND instead of OR. 2043 2054 </p><p> 2044 2055 Essentially, one bits in this mask may be treated as a set of bits that, when modifying security on a file, … … 2055 2066 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force security mode</code></em> = <code class="literal">700</code> 2056 2067 </em></span> 2057 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 35974"></a>2068 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542000"></a> 2058 2069 2059 2070 force unknown acl user (S) 2060 </h3></div></div></div><a class="indexterm" name="id25 35975"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>2071 </h3></div></div></div><a class="indexterm" name="id2542002"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p> 2061 2072 If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or 2062 2073 representation of a user or group id) as the owner or group owner of the file will be silently … … 2072 2083 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force unknown acl user</code></em> = <code class="literal">no</code> 2073 2084 </em></span> 2074 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36036"></a>2085 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542063"></a> 2075 2086 2076 2087 force user (S) 2077 </h3></div></div></div><a class="indexterm" name="id25 36037"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be2088 </h3></div></div></div><a class="indexterm" name="id2542064"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be 2078 2089 assigned as the default user for all users connecting to this service. 2079 2090 This is useful for sharing files. You should also use it carefully … … 2089 2100 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force user</code></em> = <code class="literal">auser</code> 2090 2101 </em></span> 2091 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36112"></a>2102 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542139"></a> 2092 2103 2093 2104 fstype (S) 2094 </h3></div></div></div><a class="indexterm" name="id25 36113"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>2105 </h3></div></div></div><a class="indexterm" name="id2542140"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p> 2095 2106 This parameter allows the administrator to configure the string that specifies the type of filesystem a share 2096 2107 is using that is reported by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> … … 2102 2113 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>fstype</code></em> = <code class="literal">Samba</code> 2103 2114 </em></span> 2104 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36194"></a>2115 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542221"></a> 2105 2116 2106 2117 get quota command (G) 2107 </h3></div></div></div><a class="indexterm" name="id25 36195"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used2118 </h3></div></div></div><a class="indexterm" name="id2542222"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used 2108 2119 whenever there is no operating system API available from the OS that 2109 2120 samba can use.</p><p>This option is only available you have compiled Samba with the … … 2118 2129 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code> 2119 2130 </em></span> 2120 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36380"></a>2131 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542408"></a> 2121 2132 2122 2133 getwd cache (G) 2123 </h3></div></div></div><a class="indexterm" name="id25 36381"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a2134 </h3></div></div></div><a class="indexterm" name="id2542409"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a 2124 2135 caching algorithm will be used to reduce the time taken for getwd() 2125 2136 calls. This can have a significant impact on performance, especially 2126 when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" >wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code>2127 </em></span> 2128 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36440"></a>2137 when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code> 2138 </em></span> 2139 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542468"></a> 2129 2140 2130 2141 guest account (G) 2131 </h3></div></div></div><a class="indexterm" name="id25 36441"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access2132 to services which are specified as <a class="link" href="smb.conf.5.html#GUESTOK" >guest ok</a> (see below). Whatever privileges this2142 </h3></div></div></div><a class="indexterm" name="id2542470"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access 2143 to services which are specified as <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> (see below). Whatever privileges this 2133 2144 user has will be available to any client connecting to the guest service. 2134 2145 This user must exist in the password file, but does not require … … 2147 2158 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code> 2148 2159 </em></span> 2149 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36548"></a>2160 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542576"></a> 2150 2161 2151 2162 <a name="PUBLIC"></a>public 2152 </h3></div></div></div><a class="indexterm" name="id25 36549"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536579"></a>2163 </h3></div></div></div><a class="indexterm" name="id2542577"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542607"></a> 2153 2164 2154 2165 guest ok (S) 2155 </h3></div></div></div><a class="indexterm" name="id25 36580"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for2166 </h3></div></div></div><a class="indexterm" name="id2542608"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for 2156 2167 a service, then no password is required to connect to the service. 2157 Privileges will be those of the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a>.</p><p>This paramater nullifies the benifits of setting2158 <a class="link" href="smb.conf.5.html#RESTRICTANONYMOUS" >restrict anonymous = 2</a>2159 </p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" >security</a> for more information about this option.2168 Privileges will be those of the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p><p>This paramater nullifies the benifits of setting 2169 <a class="link" href="smb.conf.5.html#RESTRICTANONYMOUS" target="_top">restrict anonymous = 2</a> 2170 </p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option. 2160 2171 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = <code class="literal">no</code> 2161 2172 </em></span> 2162 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36668"></a>2173 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542696"></a> 2163 2174 2164 2175 <a name="ONLYGUEST"></a>only guest 2165 </h3></div></div></div><a class="indexterm" name="id25 36669"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536700"></a>2176 </h3></div></div></div><a class="indexterm" name="id2542697"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542728"></a> 2166 2177 2167 2178 guest only (S) 2168 </h3></div></div></div><a class="indexterm" name="id25 36701"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for2179 </h3></div></div></div><a class="indexterm" name="id2542730"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for 2169 2180 a service, then only guest connections to the service are permitted. 2170 This parameter will have no effect if <a class="link" href="smb.conf.5.html#GUESTOK" >guest ok</a> is not set for the service.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY">security</a> for more information about this option.2181 This parameter will have no effect if <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> is not set for the service.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option. 2171 2182 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = <code class="literal">no</code> 2172 2183 </em></span> 2173 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36772"></a>2184 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542801"></a> 2174 2185 2175 2186 hide dot files (S) 2176 </h3></div></div></div><a class="indexterm" name="id25 36773"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether2187 </h3></div></div></div><a class="indexterm" name="id2542802"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether 2177 2188 files starting with a dot appear as hidden files.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide dot files</code></em> = <code class="literal">yes</code> 2178 2189 </em></span> 2179 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36815"></a>2190 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542844"></a> 2180 2191 2181 2192 hide files (S) 2182 </h3></div></div></div><a class="indexterm" name="id25 36816"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not2193 </h3></div></div></div><a class="indexterm" name="id2542845"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not 2183 2194 visible but are accessible. The DOS 'hidden' attribute is applied 2184 2195 to any files or directories that match.</p><p>Each entry in the list must be separated by a '/', … … 2202 2213 # no file are hidden</code> 2203 2214 </em></span> 2204 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36903"></a>2215 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542932"></a> 2205 2216 2206 2217 hide special files (S) 2207 </h3></div></div></div><a class="indexterm" name="id25 36904"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>2218 </h3></div></div></div><a class="indexterm" name="id2542933"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 2208 2219 This parameter prevents clients from seeing special files such as sockets, devices and 2209 2220 fifo's in directory listings. 2210 2221 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code> 2211 2222 </em></span> 2212 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36946"></a>2223 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542975"></a> 2213 2224 2214 2225 hide unreadable (S) 2215 </h3></div></div></div><a class="indexterm" name="id25 36947"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the2226 </h3></div></div></div><a class="indexterm" name="id2542976"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the 2216 2227 existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code> 2217 2228 </em></span> 2218 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 36989"></a>2229 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543017"></a> 2219 2230 2220 2231 hide unwriteable files (S) 2221 </h3></div></div></div><a class="indexterm" name="id25 36990"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>2232 </h3></div></div></div><a class="indexterm" name="id2543018"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 2222 2233 This parameter prevents clients from seeing the existance of files that cannot be written to. 2223 2234 Defaults to off. Note that unwriteable directories are shown as usual. 2224 2235 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code> 2225 2236 </em></span> 2226 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37033"></a>2237 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543062"></a> 2227 2238 2228 2239 homedir map (G) 2229 </h3></div></div></div><a class="indexterm" name="id25 37034"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>2230 If <a class="link" href="smb.conf.5.html#NISHOMEDIR" >nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting as a Win95/98 <em class="parameter"><code>logon server</code></em>2240 </h3></div></div></div><a class="indexterm" name="id2543063"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p> 2241 If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting as a Win95/98 <em class="parameter"><code>logon server</code></em> 2231 2242 then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. 2232 2243 At present, only the Sun auto.home map format is understood. The form of the map is: … … 2242 2253 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal">amd.homedir</code> 2243 2254 </em></span> 2244 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37145"></a>2255 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543175"></a> 2245 2256 2246 2257 host msdfs (G) 2247 </h3></div></div></div><a class="indexterm" name="id25 37146"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>2258 </h3></div></div></div><a class="indexterm" name="id2543176"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p> 2248 2259 If set to <code class="constant">yes</code>, Samba will act as a Dfs server, and allow Dfs-aware clients to browse 2249 2260 Dfs trees hosted on the server. 2250 2261 </p><p> 2251 See also the <a class="link" href="smb.conf.5.html#MSDFSROOT" >msdfs root</a> share level parameter. For more information on2262 See also the <a class="link" href="smb.conf.5.html#MSDFSROOT" target="_top">msdfs root</a> share level parameter. For more information on 2252 2263 setting up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO. 2253 2264 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = <code class="literal">yes</code> 2254 2265 </em></span> 2255 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37209"></a>2266 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543239"></a> 2256 2267 2257 2268 hostname lookups (G) 2258 </h3></div></div></div><a class="indexterm" name="id25 37210"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)2269 </h3></div></div></div><a class="indexterm" name="id2543240"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive) 2259 2270 hostname lookups or use the ip addresses instead. An example place 2260 2271 where hostname lookups are currently used is when checking … … 2264 2275 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = <code class="literal">yes</code> 2265 2276 </em></span> 2266 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37283"></a>2277 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543312"></a> 2267 2278 2268 2279 <a name="ALLOWHOSTS"></a>allow hosts 2269 </h3></div></div></div><a class="indexterm" name="id25 37284"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537314"></a>2280 </h3></div></div></div><a class="indexterm" name="id2543314"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543345"></a> 2270 2281 2271 2282 hosts allow (S) 2272 </h3></div></div></div><a class="indexterm" name="id25 37316"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited2283 </h3></div></div></div><a class="indexterm" name="id2543346"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited 2273 2284 set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will 2274 2285 apply to all services, regardless of whether the individual … … 2280 2291 page may not be present on your system, so a brief description will 2281 2292 be given here also.</p><p>Note that the localhost address 127.0.0.1 will always 2282 be allowed access unless specifically denied by a <a class="link" href="smb.conf.5.html#HOSTSDENY" >hosts deny</a> option.</p><p>You can also specify hosts by network/netmask pairs and2293 be allowed access unless specifically denied by a <a class="link" href="smb.conf.5.html#HOSTSDENY" target="_top">hosts deny</a> option.</p><p>You can also specify hosts by network/netmask pairs and 2283 2294 by netgroup names if your system supports netgroups. The 2284 2295 <span class="emphasis"><em>EXCEPT</em></span> keyword can also be used to limit a … … 2290 2301 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code> 2291 2302 </em></span> 2292 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37516"></a>2303 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543547"></a> 2293 2304 2294 2305 <a name="DENYHOSTS"></a>deny hosts 2295 </h3></div></div></div><a class="indexterm" name="id25 37517"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537548"></a>2306 </h3></div></div></div><a class="indexterm" name="id2543548"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543578"></a> 2296 2307 2297 2308 hosts deny (S) 2298 </h3></div></div></div><a class="indexterm" name="id25 37549"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>2309 </h3></div></div></div><a class="indexterm" name="id2543579"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em> 2299 2310 - hosts listed here are <span class="emphasis"><em>NOT</em></span> permitted access to 2300 2311 services unless the specific services have their own lists to override … … 2303 2314 In the event that it is necessary to deny all by default, use the keyword 2304 2315 ALL (or the netmask <code class="literal">0.0.0.0/0</code>) and then explicitly specify 2305 to the <a class="link" href="smb.conf.5.html#HOSTSALLOW" >hosts allow = hosts allow</a> parameter those hosts2316 to the <a class="link" href="smb.conf.5.html#HOSTSALLOW" target="_top">hosts allow = hosts allow</a> parameter those hosts 2306 2317 that should be permitted access. 2307 2318 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = <code class="literal"> … … 2310 2321 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = <code class="literal">150.203.4. badhost.mynet.edu.au</code> 2311 2322 </em></span> 2312 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37650"></a>2323 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543680"></a> 2313 2324 2314 2325 idmap alloc backend (G) 2315 </h3></div></div></div><a class="indexterm" name="id25 37651"></a><a name="IDMAPALLOCBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>2326 </h3></div></div></div><a class="indexterm" name="id2543681"></a><a name="IDMAPALLOCBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p> 2316 2327 The idmap alloc backend provides a plugin interface for Winbind to use 2317 2328 when allocating Unix uids/gids for Windows SIDs. This option is 2318 to be used in conjunction with the <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" >idmap domains</a>2329 to be used in conjunction with the <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" target="_top">idmap domains</a> 2319 2330 parameter and refers to the name of the idmap module which will provide 2320 2331 the id allocation functionality. Please refer to the man page … … 2322 2333 the allocation feature. The most common plugins are the tdb (<a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>) 2323 2334 and ldap (<a class="citerefentry" href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>) libraries. 2324 </p><p>Also refer to the <a class="link" href="smb.conf.5.html#IDMAPALLOCCONFIG" >idmap alloc config</a> option.2335 </p><p>Also refer to the <a class="link" href="smb.conf.5.html#IDMAPALLOCCONFIG" target="_top">idmap alloc config</a> option. 2325 2336 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap alloc backend</code></em> = <code class="literal">tdb</code> 2326 2337 </em></span> 2327 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37747"></a>2338 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543779"></a> 2328 2339 2329 2340 idmap alloc config (G) 2330 </h3></div></div></div><a class="indexterm" name="id25 37748"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>2341 </h3></div></div></div><a class="indexterm" name="id2543780"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p> 2331 2342 The idmap alloc config prefix provides a means of managing settings 2332 for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" >idmap alloc backend</a>2343 for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a> 2333 2344 parameter. Refer to the man page for each idmap plugin regarding 2334 2345 specific configuration details. 2335 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37792"></a>2346 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543823"></a> 2336 2347 2337 2348 idmap backend (G) 2338 </h3></div></div></div><a class="indexterm" name="id25 37793"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>2349 </h3></div></div></div><a class="indexterm" name="id2543824"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p> 2339 2350 The idmap backend provides a plugin interface for Winbind to use 2340 2351 varying backends to store SID/uid/gid mapping tables. This 2341 2352 option is mutually exclusive with the newer and more flexible 2342 <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" >idmap domains</a> parameter. The main difference2353 <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" target="_top">idmap domains</a> parameter. The main difference 2343 2354 between the "idmap backend" and the "idmap domains" 2344 2355 is that the former only allows one backend for all domains while the … … 2349 2360 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code> 2350 2361 </em></span> 2351 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37886"></a>2362 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543918"></a> 2352 2363 2353 2364 idmap cache time (G) 2354 </h3></div></div></div><a class="indexterm" name="id25 37888"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's2365 </h3></div></div></div><a class="indexterm" name="id2543919"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's 2355 2366 idmap interface will cache positive SID/uid/gid query results. 2356 2367 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">900</code> 2357 2368 </em></span> 2358 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 37930"></a>2369 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543962"></a> 2359 2370 2360 2371 idmap config (G) 2361 </h3></div></div></div><a class="indexterm" name="id25 37931"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>2372 </h3></div></div></div><a class="indexterm" name="id2543963"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p> 2362 2373 The idmap config prefix provides a means of managing each domain 2363 defined by the <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" >idmap domains</a> option using Samba's2374 defined by the <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" target="_top">idmap domains</a> option using Samba's 2364 2375 parametric option support. The idmap config prefix should be 2365 2376 followed by the name of the domain, a colon, and a setting specific to … … 2375 2386 </p></dd><dt><span class="term">readonly = [yes|no]</span></dt><dd><p> 2376 2387 Mark the domain as readonly which means that no attempts to 2377 allocate a uid or gid (by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" >idmap alloc backend</a>) for any user or group in that domain2388 allocate a uid or gid (by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a>) for any user or group in that domain 2378 2389 will be attempted. 2379 2390 </p></dd></dl></div><p> … … 2392 2403 idmap config TRUSTEDDOMAINS:default = yes 2393 2404 idmap config TRUSTEDDOMAINS:range = 1000 - 9999 2394 </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38066"></a>2405 </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544099"></a> 2395 2406 2396 2407 idmap domains (G) 2397 </h3></div></div></div><a class="indexterm" name="id25 38067"></a><a name="IDMAPDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>2408 </h3></div></div></div><a class="indexterm" name="id2544100"></a><a name="IDMAPDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p> 2398 2409 The idmap domains option defines a list of Windows domains which will each 2399 2410 have a separately configured backend for managing Winbind's SID/uid/gid 2400 tables. This parameter is mutually exclusive with the older <a class="link" href="smb.conf.5.html#IDMAPBACKEND" >idmap backend</a> option.2411 tables. This parameter is mutually exclusive with the older <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a> option. 2401 2412 </p><p> 2402 2413 Values consist of the short domain name for Winbind's primary or collection … … 2404 2415 domain backend for any domain not explicitly listed. 2405 2416 </p><p> 2406 Refer to the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" >idmap config</a> for details about2417 Refer to the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> for details about 2407 2418 managing the SID/uid/gid backend for each domain. 2408 2419 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap domains</code></em> = <code class="literal">default AD CORP</code> 2409 2420 </em></span> 2410 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38151"></a>2421 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544183"></a> 2411 2422 2412 2423 <a name="WINBINDGID"></a>winbind gid 2413 </h3></div></div></div><a class="indexterm" name="id25 38152"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538182"></a>2424 </h3></div></div></div><a class="indexterm" name="id2544184"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544216"></a> 2414 2425 2415 2426 idmap gid (G) 2416 </h3></div></div></div><a class="indexterm" name="id25 38183"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids2427 </h3></div></div></div><a class="indexterm" name="id2544217"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids 2417 2428 that are allocated for the purpose of mapping UNX groups to NT group 2418 2429 SIDs. This range of group ids should have no 2419 2430 existing local or NIS groups within it as strange conflicts can 2420 occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" >idmap backend</a>, <a class="link" href="smb.conf.5.html#IDMAPDOMAINS">idmap domains</a>, and <a class="link" href="smb.conf.5.html#IDMAPCONFIG">idmap config</a> options.2431 occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a>, <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" target="_top">idmap domains</a>, and <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> options. 2421 2432 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal"></code> 2422 2433 </em></span> 2423 2434 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code> 2424 2435 </em></span> 2425 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38280"></a>2436 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544314"></a> 2426 2437 2427 2438 idmap negative cache time (G) 2428 </h3></div></div></div><a class="indexterm" name="id25 38281"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's2439 </h3></div></div></div><a class="indexterm" name="id2544315"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's 2429 2440 idmap interface will cache negative SID/uid/gid query results. 2430 2441 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code> 2431 2442 </em></span> 2432 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38324"></a>2443 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544358"></a> 2433 2444 2434 2445 <a name="WINBINDUID"></a>winbind uid 2435 </h3></div></div></div><a class="indexterm" name="id25 38325"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538355"></a>2446 </h3></div></div></div><a class="indexterm" name="id2544360"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544390"></a> 2436 2447 2437 2448 idmap uid (G) 2438 </h3></div></div></div><a class="indexterm" name="id25 38356"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>2449 </h3></div></div></div><a class="indexterm" name="id2544392"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p> 2439 2450 The idmap uid parameter specifies the range of user ids that are 2440 2451 allocated for use in mapping UNIX users to NT user SIDs. This 2441 2452 range of ids should have no existing local 2442 or NIS users within it as strange conflicts can occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" >idmap backend</a>, <a class="link" href="smb.conf.5.html#IDMAPDOMAINS">idmap domains</a>, and <a class="link" href="smb.conf.5.html#IDMAPCONFIG">idmap config</a> options.2453 or NIS users within it as strange conflicts can occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a>, <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" target="_top">idmap domains</a>, and <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> options. 2443 2454 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal"></code> 2444 2455 </em></span> 2445 2456 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal">10000-20000</code> 2446 2457 </em></span> 2447 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38453"></a>2458 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544488"></a> 2448 2459 2449 2460 include (G) 2450 </h3></div></div></div><a class="indexterm" name="id25 38454"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>2461 </h3></div></div></div><a class="indexterm" name="id2544489"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p> 2451 2462 This allows you to include one config file inside another. The file is included literally, as though typed 2452 2463 in place. … … 2466 2477 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>include</code></em> = <code class="literal">/usr/local/samba/lib/admin_smb.conf</code> 2467 2478 </em></span> 2468 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38554"></a>2479 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544589"></a> 2469 2480 2470 2481 inherit acls (S) 2471 </h3></div></div></div><a class="indexterm" name="id25 38555"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls2482 </h3></div></div></div><a class="indexterm" name="id2544590"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls 2472 2483 exist on parent directories, they are always honored when creating a 2473 2484 new file or subdirectory in these parent directories. The default … … 2477 2488 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit acls</code></em> = <code class="literal">no</code> 2478 2489 </em></span> 2479 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38601"></a>2490 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544636"></a> 2480 2491 2481 2492 inherit owner (S) 2482 </h3></div></div></div><a class="indexterm" name="id25 38602"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories2493 </h3></div></div></div><a class="indexterm" name="id2544637"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories 2483 2494 is normally governed by effective uid of the connected user. 2484 2495 This option allows the Samba administrator to specify that … … 2489 2500 roaming profile directory are actually owner by the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit owner</code></em> = <code class="literal">no</code> 2490 2501 </em></span> 2491 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38654"></a>2502 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544689"></a> 2492 2503 2493 2504 inherit permissions (S) 2494 </h3></div></div></div><a class="indexterm" name="id25 38655"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>2495 The permissions on new files and directories are normally governed by <a class="link" href="smb.conf.5.html#CREATEMASK" >create mask</a>,2496 <a class="link" href="smb.conf.5.html#DIRECTORYMASK" >directory mask</a>, <a class="link" href="smb.conf.5.html#FORCECREATEMODE">force create mode</a> and <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE">force directory mode</a> but the boolean inherit permissions parameter overrides this.2505 </h3></div></div></div><a class="indexterm" name="id2544690"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 2506 The permissions on new files and directories are normally governed by <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>, 2507 <a class="link" href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a>, <a class="link" href="smb.conf.5.html#FORCECREATEMODE" target="_top">force create mode</a> and <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" target="_top">force directory mode</a> but the boolean inherit permissions parameter overrides this. 2497 2508 </p><p>New directories inherit the mode of the parent directory, 2498 2509 including bits such as setgid.</p><p> 2499 2510 New files inherit their read/write bits from the parent directory. Their execute bits continue to be 2500 determined by <a class="link" href="smb.conf.5.html#MAPARCHIVE" >map archive</a>, <a class="link" href="smb.conf.5.html#MAPHIDDEN">map hidden</a> and <a class="link" href="smb.conf.5.html#MAPSYSTEM">map system</a> as usual.2511 determined by <a class="link" href="smb.conf.5.html#MAPARCHIVE" target="_top">map archive</a>, <a class="link" href="smb.conf.5.html#MAPHIDDEN" target="_top">map hidden</a> and <a class="link" href="smb.conf.5.html#MAPSYSTEM" target="_top">map system</a> as usual. 2501 2512 </p><p>Note that the setuid bit is <span class="emphasis"><em>never</em></span> set via 2502 2513 inheritance (the code explicitly prohibits this).</p><p>This can be particularly useful on large systems with … … 2504 2515 share to be used flexibly by each user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit permissions</code></em> = <code class="literal">no</code> 2505 2516 </em></span> 2506 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38801"></a>2517 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544838"></a> 2507 2518 2508 2519 interfaces (G) 2509 </h3></div></div></div><a class="indexterm" name="id25 38802"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default2520 </h3></div></div></div><a class="indexterm" name="id2544839"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default 2510 2521 network interfaces list that Samba will use for browsing, name 2511 2522 registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query … … 2531 2542 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>interfaces</code></em> = <code class="literal">eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</code> 2532 2543 </em></span> 2533 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 38918"></a>2544 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544955"></a> 2534 2545 2535 2546 invalid users (S) 2536 </h3></div></div></div><a class="indexterm" name="id25 38919"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed2547 </h3></div></div></div><a class="indexterm" name="id2544956"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed 2537 2548 to login to this service. This is really a <span class="emphasis"><em>paranoid</em></span> 2538 2549 check to absolutely ensure an improper setting does not breach … … 2554 2565 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>invalid users</code></em> = <code class="literal">root fred admin @wheel</code> 2555 2566 </em></span> 2556 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39031"></a>2567 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545069"></a> 2557 2568 2558 2569 iprint server (G) 2559 </h3></div></div></div><a class="indexterm" name="id25 39032"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>2560 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" >printing</a> is set to <code class="constant">iprint</code>.2570 </h3></div></div></div><a class="indexterm" name="id2545070"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p> 2571 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">iprint</code>. 2561 2572 </p><p> 2562 2573 If set, this option overrides the ServerName option in the CUPS <code class="filename">client.conf</code>. This is … … 2566 2577 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code> 2567 2578 </em></span> 2568 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39118"></a>2579 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545155"></a> 2569 2580 2570 2581 keepalive (G) 2571 </h3></div></div></div><a class="indexterm" name="id25 39119"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents2582 </h3></div></div></div><a class="indexterm" name="id2545156"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents 2572 2583 the number of seconds between <em class="parameter"><code>keepalive</code></em> 2573 2584 packets. If this parameter is zero, no keepalive packets will be 2574 2585 sent. Keepalive packets, if sent, allow the server to tell whether 2575 2586 a client is still present and responding.</p><p>Keepalives should, in general, not be needed if the socket 2576 has the SO_KEEPALIVE attribute set on it by default. (see <a class="link" href="smb.conf.5.html#SOCKETOPTIONS" >socket options</a>).2587 has the SO_KEEPALIVE attribute set on it by default. (see <a class="link" href="smb.conf.5.html#SOCKETOPTIONS" target="_top">socket options</a>). 2577 2588 Basically you should only use this option if you strike difficulties.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = <code class="literal">300</code> 2578 2589 </em></span> 2579 2590 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = <code class="literal">600</code> 2580 2591 </em></span> 2581 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39205"></a>2592 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545243"></a> 2582 2593 2583 2594 kernel change notify (S) 2584 </h3></div></div></div><a class="indexterm" name="id25 39206"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the2595 </h3></div></div></div><a class="indexterm" name="id2545244"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the 2585 2596 kernel for change notifications in directories so that 2586 2597 SMB clients can refresh whenever the data on the server changes. … … 2589 2600 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = <code class="literal">yes</code> 2590 2601 </em></span> 2591 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39254"></a>2602 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545293"></a> 2592 2603 2593 2604 kernel oplocks (G) 2594 </h3></div></div></div><a class="indexterm" name="id25 39256"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS">oplocks</a>2605 </h3></div></div></div><a class="indexterm" name="id2545294"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a> 2595 2606 (currently only IRIX and the Linux 2.4 kernel), this parameter 2596 2607 allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks … … 2602 2613 You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code> 2603 2614 </em></span> 2604 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39342"></a>2615 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545381"></a> 2605 2616 2606 2617 lanman auth (G) 2607 </h3></div></div></div><a class="indexterm" name="id25 39343"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to2618 </h3></div></div></div><a class="indexterm" name="id2545382"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to 2608 2619 authenticate users or permit password changes 2609 2620 using the LANMAN password hash. If disabled, only clients which support NT … … 2622 2633 special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code> 2623 2634 </em></span> 2624 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39435"></a>2635 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545474"></a> 2625 2636 2626 2637 large readwrite (G) 2627 </h3></div></div></div><a class="indexterm" name="id25 39436"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not2638 </h3></div></div></div><a class="indexterm" name="id2545475"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not 2628 2639 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> supports the new 64k 2629 2640 streaming read and write varient SMB requests introduced with … … 2634 2645 tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code> 2635 2646 </em></span> 2636 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39491"></a>2647 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545530"></a> 2637 2648 2638 2649 ldap admin dn (G) 2639 </h3></div></div></div><a class="indexterm" name="id25 39492"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>2640 The <a class="link" href="smb.conf.5.html#LDAPADMINDN" >ldap admin dn</a> defines the Distinguished Name (DN) name used by Samba to contact2641 the ldap server when retreiving user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" >ldap admin dn</a> is used2650 </h3></div></div></div><a class="indexterm" name="id2545531"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p> 2651 The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished Name (DN) name used by Samba to contact 2652 the ldap server when retreiving user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used 2642 2653 in conjunction with the admin dn password stored in the <code class="filename">private/secrets.tdb</code> 2643 2654 file. See the <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> 2644 2655 man page for more information on how to accomplish this. 2645 2656 </p><p> 2646 The <a class="link" href="smb.conf.5.html#LDAPADMINDN" >ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX">ldap suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN">ldap admin dn</a>.2647 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39600"></a>2657 The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a>. 2658 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545639"></a> 2648 2659 2649 2660 ldap connection timeout (G) 2650 </h3></div></div></div><a class="indexterm" name="id25 39601"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>2661 </h3></div></div></div><a class="indexterm" name="id2545640"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 2651 2662 This parameter tells the LDAP library calls which timeout in seconds 2652 2663 they should honor during initial connection establishments to LDAP servers. … … 2655 2666 timeouts are over. This feature must be supported by your LDAP library. 2656 2667 </p><p> 2657 This parameter is different from <a class="link" href="smb.conf.5.html#LDAPTIMEOUT" >ldap timeout</a>2668 This parameter is different from <a class="link" href="smb.conf.5.html#LDAPTIMEOUT" target="_top">ldap timeout</a> 2658 2669 which affects operations on LDAP servers using an existing connection 2659 2670 and not establishing an initial connection. 2660 2671 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap connection timeout</code></em> = <code class="literal">2</code> 2661 2672 </em></span> 2662 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39665"></a>2673 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545704"></a> 2663 2674 2664 2675 ldap debug level (G) 2665 </h3></div></div></div><a class="indexterm" name="id25 39666"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>2676 </h3></div></div></div><a class="indexterm" name="id2545706"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 2666 2677 This parameter controls the debug level of the LDAP library 2667 2678 calls. In the case of OpenLDAP, it is the same … … 2680 2691 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug level</code></em> = <code class="literal">1</code> 2681 2692 </em></span> 2682 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39752"></a>2693 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545792"></a> 2683 2694 2684 2695 ldap debug threshold (G) 2685 </h3></div></div></div><a class="indexterm" name="id25 39753"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>2696 </h3></div></div></div><a class="indexterm" name="id2545794"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p> 2686 2697 This parameter controls the Samba debug level at which 2687 2698 the ldap library debug output is … … 2692 2703 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code> 2693 2704 </em></span> 2694 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39819"></a>2705 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545860"></a> 2695 2706 2696 2707 ldap delete dn (G) 2697 </h3></div></div></div><a class="indexterm" name="id25 39820"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete2708 </h3></div></div></div><a class="indexterm" name="id2545861"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete 2698 2709 operation in the ldapsam deletes the complete entry or only the attributes 2699 2710 specific to Samba. 2700 2711 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code> 2701 2712 </em></span> 2702 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39863"></a>2713 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545904"></a> 2703 2714 2704 2715 ldap group suffix (G) 2705 </h3></div></div></div><a class="indexterm" name="id25 39864"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is2716 </h3></div></div></div><a class="indexterm" name="id2545905"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is 2706 2717 used for groups when these are added to the LDAP directory. 2707 If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> will be used instead. The suffix string is pre-pended to the2708 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal"></code>2718 If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the 2719 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal"></code> 2709 2720 </em></span> 2710 2721 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal">ou=Groups</code> 2711 2722 </em></span> 2712 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 39946"></a>2723 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545988"></a> 2713 2724 2714 2725 ldap idmap suffix (G) 2715 </h3></div></div></div><a class="indexterm" name="id25 39947"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>2726 </h3></div></div></div><a class="indexterm" name="id2545989"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 2716 2727 This parameters specifies the suffix that is used when storing idmap mappings. If this parameter 2717 is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> will be used instead. The suffix2718 string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> string so use a partial DN.2728 is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix 2729 string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN. 2719 2730 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal"></code> 2720 2731 </em></span> 2721 2732 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal">ou=Idmap</code> 2722 2733 </em></span> 2723 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0029"></a>2734 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546070"></a> 2724 2735 2725 2736 ldap machine suffix (G) 2726 </h3></div></div></div><a class="indexterm" name="id254 0030"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>2737 </h3></div></div></div><a class="indexterm" name="id2546071"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 2727 2738 It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of 2728 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> will be used instead. The suffix string is pre-pended to the2729 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> string so use a partial DN.2739 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the 2740 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN. 2730 2741 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = <code class="literal"></code> 2731 2742 </em></span> 2732 2743 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = <code class="literal">ou=Computers</code> 2733 2744 </em></span> 2734 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0111"></a>2745 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546153"></a> 2735 2746 2736 2747 ldap passwd sync (G) 2737 </h3></div></div></div><a class="indexterm" name="id254 0112"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>2748 </h3></div></div></div><a class="indexterm" name="id2546154"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p> 2738 2749 This option is used to define whether or not Samba should sync the LDAP password with the NT 2739 2750 and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password 2740 2751 change via SAMBA. 2741 2752 </p><p> 2742 The <a class="link" href="smb.conf.5.html#LDAPPASSWDSYNC" >ldap passwd sync</a> can be set to one of three values:2753 The <a class="link" href="smb.conf.5.html#LDAPPASSWDSYNC" target="_top">ldap passwd sync</a> can be set to one of three values: 2743 2754 </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Yes</code></em> = Try 2744 2755 to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>No</code></em> = Update NT and … … 2746 2757 the LDAP password and let the LDAP server do the rest.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap passwd sync</code></em> = <code class="literal">no</code> 2747 2758 </em></span> 2748 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0211"></a>2759 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546254"></a> 2749 2760 2750 2761 ldap replication sleep (G) 2751 </h3></div></div></div><a class="indexterm" name="id254 0212"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>2762 </h3></div></div></div><a class="indexterm" name="id2546255"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p> 2752 2763 When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server. 2753 2764 This server then replicates our changes back to the 'local' server, however the replication might take some seconds, … … 2762 2773 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code> 2763 2774 </em></span> 2764 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0275"></a>2775 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546317"></a> 2765 2776 2766 2777 ldapsam:editposix (G) 2767 </h3></div></div></div><a class="indexterm" name="id254 0276"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>2778 </h3></div></div></div><a class="indexterm" name="id2546318"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 2768 2779 Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller 2769 2780 eliminating the need to set up custom scripts to add and manage the posix users and groups. This option … … 2778 2789 the smb.conf ldap options must be properly configured. 2779 2790 2780 The typical ldap setup used with the <a class="link" href="smb.conf.5.html#LDAPSAM:TRUSTED" >ldapsam:trusted = yes</a> option2781 is usually sufficient to use <a class="link" href="smb.conf.5.html#LDAPSAM:EDITPOSIX" >ldapsam:editposix = yes</a> as well.2791 The typical ldap setup used with the <a class="link" href="smb.conf.5.html#LDAPSAM:TRUSTED" target="_top">ldapsam:trusted = yes</a> option 2792 is usually sufficient to use <a class="link" href="smb.conf.5.html#LDAPSAM:EDITPOSIX" target="_top">ldapsam:editposix = yes</a> as well. 2782 2793 </p><p> 2783 2794 An example configuration can be the following: … … 2843 2854 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = <code class="literal">no</code> 2844 2855 </em></span> 2845 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0412"></a>2856 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546454"></a> 2846 2857 2847 2858 ldapsam:trusted (G) 2848 </h3></div></div></div><a class="indexterm" name="id254 0413"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>2859 </h3></div></div></div><a class="indexterm" name="id2546455"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p> 2849 2860 By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to 2850 2861 access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group … … 2854 2865 are used to deal with user and group attributes lack such optimization. 2855 2866 </p><p> 2856 To make Samba scale well in large environments, the <a class="link" href="smb.conf.5.html#LDAPSAM:TRUSTED" >ldapsam:trusted = yes</a>2867 To make Samba scale well in large environments, the <a class="link" href="smb.conf.5.html#LDAPSAM:TRUSTED" target="_top">ldapsam:trusted = yes</a> 2857 2868 option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the 2858 2869 standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are 2859 2870 stored together with the POSIX data in the same LDAP object. If these assumptions are met, 2860 <a class="link" href="smb.conf.5.html#LDAPSAM:TRUSTED" >ldapsam:trusted = yes</a> can be activated and Samba can bypass the2871 <a class="link" href="smb.conf.5.html#LDAPSAM:TRUSTED" target="_top">ldapsam:trusted = yes</a> can be activated and Samba can bypass the 2861 2872 NSS system to query user group memberships. Optimized LDAP queries can greatly speed up domain logon and 2862 2873 administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries … … 2864 2875 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:trusted</code></em> = <code class="literal">no</code> 2865 2876 </em></span> 2866 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0500"></a>2877 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546543"></a> 2867 2878 2868 2879 ldap ssl (G) 2869 </h3></div></div></div><a class="indexterm" name="id254 0502"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should2880 </h3></div></div></div><a class="indexterm" name="id2546544"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should 2870 2881 use SSL when connecting to the ldap server 2871 2882 This is <span class="emphasis"><em>NOT</em></span> related to 2872 Samba's previous SSL support which was enabled by specifying the 2873 <code class="literal">--with-ssl</code> option to the <code class="filename">configure</code> 2874 script.</p><p>The <a class="link" href="smb.conf.5.html#LDAPSSL">ldap ssl</a> can be set to one of three values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never 2875 use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>Start_tls</code></em> = Use 2876 the LDAPv3 StartTLS extended operation (RFC2830) for 2877 communicating with the directory server.</p></li><li><p><em class="parameter"><code>On</code></em> = Use SSL 2878 on the ldaps port when contacting the <em class="parameter"><code>ldap server</code></em>. Only available when the 2879 backwards-compatiblity <code class="literal">--with-ldapsam</code> option is specified 2880 to configure. See <a class="link" href="smb.conf.5.html#PASSDBBACKEND">passdb backend</a></p>. 2881 </li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start_tls</code> 2882 </em></span> 2883 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540640"></a> 2883 Samba's previous SSL support which was enabled by specifying the 2884 <code class="literal">--with-ssl</code> option to the 2885 <code class="filename">configure</code> 2886 script.</p><p>LDAP connections should be secured where possible. This may be 2887 done setting either this parameter to 2888 <em class="parameter"><code>Start_tls</code></em> 2889 or by specifying <em class="parameter"><code>ldaps://</code></em> in 2890 the URL argument of <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a>.</p><p>The <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a> can be set to one of 2891 two values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never 2892 use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>Start_tls</code></em> = Use 2893 the LDAPv3 StartTLS extended operation (RFC2830) for 2894 communicating with the directory server.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">no</code> 2895 </em></span> 2896 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546675"></a> 2884 2897 2885 2898 ldap suffix (G) 2886 </h3></div></div></div><a class="indexterm" name="id254 0641"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>2887 The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" >ldap user suffix</a>,2888 <a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" >ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX">ldap machine suffix</a>, and the2889 <a class="link" href="smb.conf.5.html#LDAPIDMAPSUFFIX" >ldap idmap suffix</a>. Each of these should be given only a DN relative to the2890 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a>.2899 </h3></div></div></div><a class="indexterm" name="id2546676"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p> 2900 The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>, 2901 <a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the 2902 <a class="link" href="smb.conf.5.html#LDAPIDMAPSUFFIX" target="_top">ldap idmap suffix</a>. Each of these should be given only a DN relative to the 2903 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a>. 2891 2904 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal"></code> 2892 2905 </em></span> 2893 2906 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code> 2894 2907 </em></span> 2895 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0762"></a>2908 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546798"></a> 2896 2909 2897 2910 ldap timeout (G) 2898 </h3></div></div></div><a class="indexterm" name="id2540763"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 2899 When Samba connects to an ldap server that server may be down or unreachable. To prevent Samba from hanging whilst 2900 waiting for the connection this parameter specifies in seconds how long Samba should wait before failing the 2901 connect. The default is to only wait fifteen seconds for the ldap server to respond to the connect request. 2911 </h3></div></div></div><a class="indexterm" name="id2546799"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 2912 This parameter defines the number of seconds that Samba should use as timeout for LDAP operations. 2902 2913 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code> 2903 2914 </em></span> 2904 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0809"></a>2915 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546840"></a> 2905 2916 2906 2917 ldap user suffix (G) 2907 </h3></div></div></div><a class="indexterm" name="id254 0810"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>2918 </h3></div></div></div><a class="indexterm" name="id2546841"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 2908 2919 This parameter specifies where users are added to the tree. If this parameter is unset, 2909 the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> will be used instead. The suffix2910 string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" >ldap suffix</a> string so use a partial DN.2920 the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix 2921 string is pre-pended to the <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> string so use a partial DN. 2911 2922 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal"></code> 2912 2923 </em></span> 2913 2924 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal">ou=people</code> 2914 2925 </em></span> 2915 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0890"></a>2926 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546922"></a> 2916 2927 2917 2928 level2 oplocks (S) 2918 </h3></div></div></div><a class="indexterm" name="id254 0891"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports2929 </h3></div></div></div><a class="indexterm" name="id2546923"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports 2919 2930 level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients 2920 2931 that have an oplock on a file to downgrade from a read-write oplock … … 2930 2941 delete any read-ahead caches.</p><p>It is recommended that this parameter be turned on to 2931 2942 speed access to shared executables.</p><p>For more discussions on level2 oplocks see the CIFS spec.</p><p> 2932 Currently, if <a class="link" href="smb.conf.5.html#KERNELOPLOCKS" >kernel oplocks</a> are supported then2943 Currently, if <a class="link" href="smb.conf.5.html#KERNELOPLOCKS" target="_top">kernel oplocks</a> are supported then 2933 2944 level2 oplocks are not granted (even if this parameter is set to 2934 <code class="constant">yes</code>). Note also, the <a class="link" href="smb.conf.5.html#OPLOCKS" >oplocks</a>2945 <code class="constant">yes</code>). Note also, the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a> 2935 2946 parameter must be set to <code class="constant">yes</code> on this share in order for 2936 2947 this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code> 2937 2948 </em></span> 2938 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 0998"></a>2949 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547029"></a> 2939 2950 2940 2951 lm announce (G) 2941 </h3></div></div></div><a class="indexterm" name="id254 0999"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce2952 </h3></div></div></div><a class="indexterm" name="id2547030"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce 2942 2953 broadcasts that are needed by OS/2 clients in order for them to see 2943 2954 the Samba server in their browse list. This parameter can have three … … 2947 2958 broadcasts. If set to <code class="constant">yes</code> Samba will produce 2948 2959 Lanman announce broadcasts at a frequency set by the parameter 2949 <a class="link" href="smb.conf.5.html#LMINTERVAL" >lm interval</a>. If set to <code class="constant">auto</code>2960 <a class="link" href="smb.conf.5.html#LMINTERVAL" target="_top">lm interval</a>. If set to <code class="constant">auto</code> 2950 2961 Samba will not send Lanman announce broadcasts by default but will 2951 2962 listen for them. If it hears such a broadcast on the wire it will 2952 2963 then start sending them at a frequency set by the parameter 2953 <a class="link" href="smb.conf.5.html#LMINTERVAL" >lm interval</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">auto</code>2964 <a class="link" href="smb.conf.5.html#LMINTERVAL" target="_top">lm interval</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">auto</code> 2954 2965 </em></span> 2955 2966 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">yes</code> 2956 2967 </em></span> 2957 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1120"></a>2968 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547151"></a> 2958 2969 2959 2970 lm interval (G) 2960 </h3></div></div></div><a class="indexterm" name="id254 1121"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce2971 </h3></div></div></div><a class="indexterm" name="id2547152"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce 2961 2972 broadcasts needed by OS/2 clients (see the 2962 <a class="link" href="smb.conf.5.html#LMANNOUNCE" >lm announce</a> parameter) then this2973 <a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> parameter) then this 2963 2974 parameter defines the frequency in seconds with which they will be 2964 2975 made. If this is set to zero then no Lanman announcements will be 2965 made despite the setting of the <a class="link" href="smb.conf.5.html#LMANNOUNCE" >lm announce</a>2976 made despite the setting of the <a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> 2966 2977 parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">60</code> 2967 2978 </em></span> 2968 2979 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code> 2969 2980 </em></span> 2970 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1204"></a>2981 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547235"></a> 2971 2982 2972 2983 load printers (G) 2973 </h3></div></div></div><a class="indexterm" name="id254 1205"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all2984 </h3></div></div></div><a class="indexterm" name="id2547236"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all 2974 2985 printers in the printcap will be loaded for browsing by default. 2975 See the <a class="link" href="smb.conf.5.html#PRINTERS" >printers</a> section for2986 See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for 2976 2987 more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code> 2977 2988 </em></span> 2978 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1260"></a>2989 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547291"></a> 2979 2990 2980 2991 local master (G) 2981 </h3></div></div></div><a class="indexterm" name="id254 1261"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser2992 </h3></div></div></div><a class="indexterm" name="id2547292"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser 2982 2993 on a subnet. If set to <code class="constant">no</code> then <code class="literal"> 2983 2994 nmbd</code> will not attempt to become a local master browser … … 2989 3000 master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code> 2990 3001 </em></span> 2991 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1360"></a>3002 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547391"></a> 2992 3003 2993 3004 <a name="LOCKDIR"></a>lock dir 2994 </h3></div></div></div><a class="indexterm" name="id254 1362"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541392"></a>3005 </h3></div></div></div><a class="indexterm" name="id2547392"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547423"></a> 2995 3006 2996 3007 lock directory (G) 2997 </h3></div></div></div><a class="indexterm" name="id254 1394"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock3008 </h3></div></div></div><a class="indexterm" name="id2547424"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock 2998 3009 files will be placed. The lock files are used to implement the 2999 <a class="link" href="smb.conf.5.html#MAXCONNECTIONS" >max connections</a> option.3010 <a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option. 3000 3011 </p><p> 3001 3012 Note: This option can not be set inside registry … … 3005 3016 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = <code class="literal">/var/run/samba/locks</code> 3006 3017 </em></span> 3007 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1471"></a>3018 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547502"></a> 3008 3019 3009 3020 locking (S) 3010 </h3></div></div></div><a class="indexterm" name="id254 1472"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be3021 </h3></div></div></div><a class="indexterm" name="id2547503"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be 3011 3022 performed by the server in response to lock requests from the 3012 3023 client.</p><p>If <code class="literal">locking = no</code>, all lock and unlock … … 3018 3029 is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a 3019 3030 specific service, as lack of locking may result in data corruption. 3020 You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1547"></a>3031 You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547577"></a> 3021 3032 3022 3033 lock spin count (G) 3023 </h3></div></div></div><a class="indexterm" name="id254 1548"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.3034 </h3></div></div></div><a class="indexterm" name="id2547578"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24. 3024 3035 The functionality it contolled is now controlled by the parameter 3025 <a class="link" href="smb.conf.5.html#LOCKSPINTIME" >lock spin time</a>.3036 <a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>. 3026 3037 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code> 3027 3038 </em></span> 3028 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1603"></a>3039 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547633"></a> 3029 3040 3030 3041 lock spin time (G) 3031 </h3></div></div></div><a class="indexterm" name="id254 1604"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should3042 </h3></div></div></div><a class="indexterm" name="id2547634"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should 3032 3043 keep waiting to see if a failed lock request can 3033 3044 be granted. This parameter has changed in default 3034 3045 value from Samba 3.0.23 from 10 to 200. The associated 3035 <a class="link" href="smb.conf.5.html#LOCKSPINCOUNT" >lock spin count</a> parameter is3046 <a class="link" href="smb.conf.5.html#LOCKSPINCOUNT" target="_top">lock spin count</a> parameter is 3036 3047 no longer used in Samba 3.0.24. You should not need 3037 3048 to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code> 3038 3049 </em></span> 3039 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1662"></a>3050 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547691"></a> 3040 3051 3041 3052 log file (G) 3042 </h3></div></div></div><a class="indexterm" name="id254 1663"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>3053 </h3></div></div></div><a class="indexterm" name="id2547692"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3043 3054 This option allows you to override the name of the Samba log file (also known as the debug file). 3044 3055 </p><p> … … 3046 3057 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code> 3047 3058 </em></span> 3048 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1714"></a>3059 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547744"></a> 3049 3060 3050 3061 <a name="DEBUGLEVEL"></a>debuglevel 3051 </h3></div></div></div><a class="indexterm" name="id254 1715"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541745"></a>3062 </h3></div></div></div><a class="indexterm" name="id2547745"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547775"></a> 3052 3063 3053 3064 log level (G) 3054 </h3></div></div></div><a class="indexterm" name="id254 1746"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>3065 </h3></div></div></div><a class="indexterm" name="id2547776"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 3055 3066 The value of the parameter (a astring) allows the debug level (logging level) to be specified in the 3056 3067 <code class="filename">smb.conf</code> file. … … 3063 3074 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code> 3064 3075 </em></span> 3065 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 1977"></a>3076 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548008"></a> 3066 3077 3067 3078 logon drive (G) 3068 </h3></div></div></div><a class="indexterm" name="id254 1978"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>3079 </h3></div></div></div><a class="indexterm" name="id2548009"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3069 3080 This parameter specifies the local path to which the home directory will be 3070 connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" >logon home</a>) and is only used by NT3081 connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT 3071 3082 Workstations. 3072 3083 </p><p> … … 3076 3087 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon drive</code></em> = <code class="literal">h:</code> 3077 3088 </em></span> 3078 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 2052"></a>3089 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548083"></a> 3079 3090 3080 3091 logon home (G) 3081 </h3></div></div></div><a class="indexterm" name="id254 2053"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>3092 </h3></div></div></div><a class="indexterm" name="id2548084"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p> 3082 3093 This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. 3083 3094 It allows you to do … … 3098 3109 <code class="literal">net use /home</code> but use the whole string when dealing with profiles. 3099 3110 </p><p> 3100 Note that in prior versions of Samba, the <a class="link" href="smb.conf.5.html#LOGONPATH" >logon path</a> was returned rather than3111 Note that in prior versions of Samba, the <a class="link" href="smb.conf.5.html#LOGONPATH" target="_top">logon path</a> was returned rather than 3101 3112 <em class="parameter"><code>logon home</code></em>. This broke <code class="literal">net use /home</code> 3102 3113 but allowed profiles outside the home directory. The current implementation is correct, and can be used for 3103 3114 profiles if you use the above trick. 3104 3115 </p><p> 3105 Disable this feature by setting <a class="link" href="smb.conf.5.html#LOGONHOME" >logon home = ""</a> - using the empty string.3116 Disable this feature by setting <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home = ""</a> - using the empty string. 3106 3117 </p><p> 3107 3118 This option is only useful if Samba is set up as a logon server. … … 3110 3121 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code> 3111 3122 </em></span> 3112 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 2216"></a>3123 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548247"></a> 3113 3124 3114 3125 logon path (G) 3115 </h3></div></div></div><a class="indexterm" name="id254 2217"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>3126 </h3></div></div></div><a class="indexterm" name="id2548248"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p> 3116 3127 This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are 3117 3128 stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming 3118 3129 profiles. To find out how to handle roaming profiles for Win 9X system, see the 3119 <a class="link" href="smb.conf.5.html#LOGONHOME" >logon home</a> parameter.3130 <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a> parameter. 3120 3131 </p><p> 3121 3132 This option takes the standard substitutions, allowing you to have separate logon scripts for each user or … … 3146 3157 </p></div><p>Note that this option is only useful if Samba is set up as a domain controller.</p><p> 3147 3158 Disable the use of roaming profiles by setting the value of this parameter to the empty string. For 3148 example, <a class="link" href="smb.conf.5.html#LOGONPATH" >logon path = ""</a>. Take note that even if the default setting3159 example, <a class="link" href="smb.conf.5.html#LOGONPATH" target="_top">logon path = ""</a>. Take note that even if the default setting 3149 3160 in the smb.conf file is the empty string, any value specified in the user account settings in the passdb 3150 3161 backend will over-ride the effect of setting this parameter to null. Disabling of all roaming profile use … … 3157 3168 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>logon path</code></em> = <code class="literal">\\%N\%U\profile</code> 3158 3169 </em></span> 3159 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 2385"></a>3170 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548421"></a> 3160 3171 3161 3172 logon script (G) 3162 </h3></div></div></div><a class="indexterm" name="id254 2386"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>3173 </h3></div></div></div><a class="indexterm" name="id2548422"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3163 3174 This parameter specifies the batch file (<code class="filename">.bat</code>) or NT command file 3164 3175 (<code class="filename">.cmd</code>) to be downloaded and run on a machine when a user successfully logs in. The file … … 3166 3177 </p><p> 3167 3178 The script must be a relative path to the <em class="parameter"><code>[netlogon]</code></em> service. If the [netlogon] 3168 service specifies a <a class="link" href="smb.conf.5.html#PATH" >path</a> of <code class="filename">/usr/local/samba/netlogon</code>, and <a class="link" href="smb.conf.5.html#LOGONSCRIPT">logon script = STARTUP.BAT</a>, then the file that will be downloaded is:3179 service specifies a <a class="link" href="smb.conf.5.html#PATH" target="_top">path</a> of <code class="filename">/usr/local/samba/netlogon</code>, and <a class="link" href="smb.conf.5.html#LOGONSCRIPT" target="_top">logon script = STARTUP.BAT</a>, then the file that will be downloaded is: 3169 3180 </p><pre class="programlisting"> 3170 3181 /usr/local/samba/netlogon/STARTUP.BAT … … 3191 3202 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon script</code></em> = <code class="literal">scripts\%U.bat</code> 3192 3203 </em></span> 3193 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 2554"></a>3204 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548590"></a> 3194 3205 3195 3206 lppause command (S) 3196 </h3></div></div></div><a class="indexterm" name="id254 2556"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3207 </h3></div></div></div><a class="indexterm" name="id2548591"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3197 3208 executed on the server host in order to stop printing or spooling 3198 3209 a specific print job.</p><p>This command should be a program or script which takes … … 3209 3220 in the lppause command as the PATH may not be available to the server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal"> 3210 3221 # Currently no default value is given to 3211 this string, unless the value of the <a class="link" href="smb.conf.5.html#PRINTING" >printing</a>3222 this string, unless the value of the <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> 3212 3223 parameter is <code class="constant">SYSV</code>, in which case the default is : 3213 3224 <code class="literal">lp -i %p-%j -H hold</code> or if the value of the … … 3218 3229 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p0</code> 3219 3230 </em></span> 3220 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 2702"></a>3231 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548738"></a> 3221 3232 3222 3233 lpq cache time (G) 3223 </h3></div></div></div><a class="indexterm" name="id254 2703"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached3234 </h3></div></div></div><a class="indexterm" name="id2548739"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached 3224 3235 for to prevent the <code class="literal">lpq</code> command being called too 3225 3236 often. A separate cache is kept for each variation of the <code class="literal"> … … 3234 3245 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = <code class="literal">10</code> 3235 3246 </em></span> 3236 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 2822"></a>3247 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548857"></a> 3237 3248 3238 3249 lpq command (S) 3239 </h3></div></div></div><a class="indexterm" name="id254 2823"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3250 </h3></div></div></div><a class="indexterm" name="id2548858"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3240 3251 executed on the server host in order to obtain <code class="literal">lpq 3241 3252 </code>-style printer status information.</p><p>This command should be a program or script which … … 3259 3270 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq command</code></em> = <code class="literal">/usr/bin/lpq -P%p</code> 3260 3271 </em></span> 3261 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 2948"></a>3272 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548983"></a> 3262 3273 3263 3274 lpresume command (S) 3264 </h3></div></div></div><a class="indexterm" name="id254 2949"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3275 </h3></div></div></div><a class="indexterm" name="id2548984"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3265 3276 executed on the server host in order to restart or continue 3266 3277 printing or spooling a specific print job.</p><p>This command should be a program or script which takes 3267 3278 a printer name and job number to resume the print job. See 3268 also the <a class="link" href="smb.conf.5.html#LPPAUSECOMMAND" >lppause command</a> parameter.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name3279 also the <a class="link" href="smb.conf.5.html#LPPAUSECOMMAND" target="_top">lppause command</a> parameter.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name 3269 3280 is put in its place. A <em class="parameter"><code>%j</code></em> is replaced with 3270 3281 the job number (an integer).</p><p>Note that it is good practice to include the absolute path 3271 3282 in the <em class="parameter"><code>lpresume command</code></em> as the PATH may not 3272 be available to the server.</p><p>See also the <a class="link" href="smb.conf.5.html#PRINTING" >printing</a> parameter.</p><p>Default: Currently no default value is given3283 be available to the server.</p><p>See also the <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> parameter.</p><p>Default: Currently no default value is given 3273 3284 to this string, unless the value of the <em class="parameter"><code>printing</code></em> 3274 3285 parameter is <code class="constant">SYSV</code>, in which case the default is:</p><p><code class="literal">lp -i %p-%j -H resume</code></p><p>or if the value of the <em class="parameter"><code>printing</code></em> parameter 3275 3286 is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code> 3276 3287 </em></span> 3277 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3100"></a>3288 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549136"></a> 3278 3289 3279 3290 lprm command (S) 3280 </h3></div></div></div><a class="indexterm" name="id254 3101"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3291 </h3></div></div></div><a class="indexterm" name="id2549138"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3281 3292 executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes 3282 3293 a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name … … 3295 3306 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code> 3296 3307 </em></span> 3297 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3187"></a>3308 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549224"></a> 3298 3309 3299 3310 machine password timeout (G) 3300 </h3></div></div></div><a class="indexterm" name="id254 3188"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>3301 If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" >security = domain</a> parameter) then periodically a running smbd process will try and change3311 </h3></div></div></div><a class="indexterm" name="id2549225"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3312 If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change 3302 3313 the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb 3303 3314 </code>. This parameter specifies how often this password will be changed, in seconds. The default is one … … 3305 3316 </p><p> 3306 3317 See also <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, 3307 and the <a class="link" href="smb.conf.5.html#SECURITY" >security = domain</a> parameter.3318 and the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter. 3308 3319 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code> 3309 3320 </em></span> 3310 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3275"></a>3321 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549312"></a> 3311 3322 3312 3323 magic output (S) 3313 </h3></div></div></div><a class="indexterm" name="id254 3276"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>3324 </h3></div></div></div><a class="indexterm" name="id2549313"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3314 3325 This parameter specifies the name of a file which will contain output created by a magic script (see the 3315 <a class="link" href="smb.conf.5.html#MAGICSCRIPT" >magic script</a> parameter below).3326 <a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below). 3316 3327 </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script 3317 3328 </code></em> in the same directory the output file content is undefined. … … 3320 3331 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code> 3321 3332 </em></span> 3322 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3359"></a>3333 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549396"></a> 3323 3334 3324 3335 magic script (S) 3325 </h3></div></div></div><a class="indexterm" name="id254 3360"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,3336 </h3></div></div></div><a class="indexterm" name="id2549397"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which, 3326 3337 if opened, will be executed by the server when the file is closed. 3327 3338 This allows a UNIX script to be sent to the Samba host and … … 3329 3340 completion assuming that the user has the appropriate level 3330 3341 of privilege and the file permissions allow the deletion.</p><p>If the script generates output, output will be sent to 3331 the file specified by the <a class="link" href="smb.conf.5.html#MAGICOUTPUT" >magic output</a>3342 the file specified by the <a class="link" href="smb.conf.5.html#MAGICOUTPUT" target="_top">magic output</a> 3332 3343 parameter (see above).</p><p>Note that some shells are unable to interpret scripts 3333 3344 containing CR/LF instead of CR as … … 3339 3350 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code> 3340 3351 </em></span> 3341 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3464"></a>3352 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549501"></a> 3342 3353 3343 3354 mangled names (S) 3344 </h3></div></div></div><a class="indexterm" name="id254 3465"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX3355 </h3></div></div></div><a class="indexterm" name="id2549502"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX 3345 3356 should be mapped to DOS-compatible names ("mangled") and made visible, 3346 or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" >name mangling</a> for3357 or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for 3347 3358 details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters 3348 3359 before the rightmost dot of the filename are preserved, forced … … 3354 3365 only if it contains any upper case characters or is longer than three 3355 3366 characters.</p><p>Note that the character to use may be specified using 3356 the <a class="link" href="smb.conf.5.html#MANGLINGCHAR" >mangling char</a>3367 the <a class="link" href="smb.conf.5.html#MANGLINGCHAR" target="_top">mangling char</a> 3357 3368 option, if you don't like '~'.</p></li><li><p>Files whose UNIX name begins with a dot will be 3358 3369 presented as DOS hidden files. The mangled name will be created as … … 3367 3378 do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code> 3368 3379 </em></span> 3369 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3601"></a>3380 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549638"></a> 3370 3381 3371 3382 mangle prefix (G) 3372 </h3></div></div></div><a class="indexterm" name="id254 3602"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix3383 </h3></div></div></div><a class="indexterm" name="id2549639"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix 3373 3384 characters from the original name used when generating 3374 3385 the mangled names. A larger value will give a weaker … … 3380 3391 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code> 3381 3392 </em></span> 3382 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3667"></a>3393 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549705"></a> 3383 3394 3384 3395 mangling char (S) 3385 </h3></div></div></div><a class="indexterm" name="id254 3668"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as3386 the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" >name mangling</a>. The3396 </h3></div></div></div><a class="indexterm" name="id2549706"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as 3397 the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The 3387 3398 default is a '~' but this may interfere with some software. Use this option to set 3388 3399 it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">~</code> … … 3390 3401 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code> 3391 3402 </em></span> 3392 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3745"></a>3403 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549782"></a> 3393 3404 3394 3405 mangling method (G) 3395 </h3></div></div></div><a class="indexterm" name="id254 3746"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating3406 </h3></div></div></div><a class="indexterm" name="id2549783"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating 3396 3407 the mangled names. Can take two different values, "hash" and 3397 3408 "hash2". "hash" is the algorithm that was used … … 3404 3415 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code> 3405 3416 </em></span> 3406 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3812"></a>3417 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549850"></a> 3407 3418 3408 3419 map acl inherit (S) 3409 </h3></div></div></div><a class="indexterm" name="id254 3813"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'3420 </h3></div></div></div><a class="indexterm" name="id2549851"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected' 3410 3421 access control entry flags stored in Windows ACLs into an extended attribute 3411 3422 called user.SAMBA_PAI. This parameter only takes effect if Samba is being run … … 3415 3426 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map acl inherit</code></em> = <code class="literal">no</code> 3416 3427 </em></span> 3417 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3869"></a>3428 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549913"></a> 3418 3429 3419 3430 map archive (S) 3420 </h3></div></div></div><a class="indexterm" name="id254 3870"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>3431 </h3></div></div></div><a class="indexterm" name="id2549914"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3421 3432 This controls whether the DOS archive attribute 3422 3433 should be mapped to the UNIX owner execute bit. The DOS archive bit … … 3426 3437 be quite annoying for shared source code, documents, etc... 3427 3438 </p><p> 3428 Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" >create mask</a> parameter to be set such that owner3439 Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> parameter to be set such that owner 3429 3440 execute bit is not masked out (i.e. it must include 100). See the parameter 3430 <a class="link" href="smb.conf.5.html#CREATEMASK" >create mask</a> for details.3441 <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details. 3431 3442 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code> 3432 3443 </em></span> 3433 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id254 3944"></a>3444 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549989"></a> 3434 3445 3435 3446 map hidden (S) 3436 </h3></div></div></div><a class="indexterm" name="id254 3945"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>3447 </h3></div></div></div><a class="indexterm" name="id2549990"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p> 3437 3448 This controls whether DOS style hidden files should be mapped to the UNIX world execute bit. 3438 3449 </p><p> 3439 Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" >create mask</a> to be set such that the world execute3440 bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" >create mask</a>3450 Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the world execute 3451 bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> 3441 3452 for details. 3442 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44002"></a>3453 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550046"></a> 3443 3454 3444 3455 map read only (S) 3445 </h3></div></div></div><a class="indexterm" name="id25 44003"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>3456 </h3></div></div></div><a class="indexterm" name="id2550047"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 3446 3457 This controls how the DOS read only attribute should be mapped from a UNIX filesystem. 3447 3458 </p><p> 3448 3459 This parameter can take three different values, which tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> how to display the read only attribute on files, where either 3449 <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" >store dos attributes</a> is set to <code class="constant">No</code>, or no extended attribute is3450 present. If <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" >store dos attributes</a> is set to <code class="constant">yes</code> then this3460 <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> is set to <code class="constant">No</code>, or no extended attribute is 3461 present. If <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> is set to <code class="constant">yes</code> then this 3451 3462 parameter is <span class="emphasis"><em>ignored</em></span>. This is a new parameter introduced in Samba version 3.0.21. 3452 3463 </p><p>The three settings are :</p><div class="itemizedlist"><ul type="disc"><li><p> … … 3465 3476 </p></li><li><p> 3466 3477 <code class="constant">No</code> - The read only DOS attribute is unaffected by permissions, and can only be set by 3467 the <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" >store dos attributes</a> method. This may be useful for exporting mounted CDs.3478 the <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> method. This may be useful for exporting mounted CDs. 3468 3479 </p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = <code class="literal">yes</code> 3469 3480 </em></span> 3470 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44166"></a>3481 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550203"></a> 3471 3482 3472 3483 map system (S) 3473 </h3></div></div></div><a class="indexterm" name="id25 44168"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>3484 </h3></div></div></div><a class="indexterm" name="id2550204"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p> 3474 3485 This controls whether DOS style system files should be mapped to the UNIX group execute bit. 3475 3486 </p><p> 3476 Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" >create mask</a> to be set such that the group3487 Note that this requires the <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> to be set such that the group 3477 3488 execute bit is not masked out (i.e. it must include 010). See the parameter 3478 <a class="link" href="smb.conf.5.html#CREATEMASK" >create mask</a> for details.3489 <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> for details. 3479 3490 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code> 3480 3491 </em></span> 3481 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44236"></a>3492 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550272"></a> 3482 3493 3483 3494 map to guest (G) 3484 </h3></div></div></div><a class="indexterm" name="id25 44237"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY">SECURITY =3495 </h3></div></div></div><a class="indexterm" name="id2550273"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY = 3485 3496 security</a> modes other than <em class="parameter"><code>security = share</code></em> 3486 3497 and <em class="parameter"><code>security = server</code></em> … … 3492 3503 logins with an invalid password are rejected, unless the username 3493 3504 does not exist, in which case it is treated as a guest login and 3494 mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a>.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins3505 mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins 3495 3506 with an invalid password are treated as a guest login and mapped 3496 into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a>. Note that3507 into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. Note that 3497 3508 this can cause problems as it means that any user incorrectly typing 3498 3509 their password will be silently logged on as "guest" - and … … 3524 3535 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code> 3525 3536 </em></span> 3526 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44475"></a>3537 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550512"></a> 3527 3538 3528 3539 max connections (S) 3529 </h3></div></div></div><a class="indexterm" name="id25 44476"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.3540 </h3></div></div></div><a class="indexterm" name="id2550513"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited. 3530 3541 If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections 3531 3542 will be refused if this number of connections to the service are already open. A value 3532 3543 of zero mean an unlimited number of connections may be made.</p><p>Record lock files are used to implement this feature. The lock files will be stored in 3533 the directory specified by the <a class="link" href="smb.conf.5.html#LOCKDIRECTORY" >lock directory</a> option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">0</code>3544 the directory specified by the <a class="link" href="smb.conf.5.html#LOCKDIRECTORY" target="_top">lock directory</a> option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">0</code> 3534 3545 </em></span> 3535 3546 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">10</code> 3536 3547 </em></span> 3537 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44561"></a>3548 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550598"></a> 3538 3549 3539 3550 max disk size (G) 3540 </h3></div></div></div><a class="indexterm" name="id25 44562"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit3551 </h3></div></div></div><a class="indexterm" name="id2550599"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit 3541 3552 on the apparent size of disks. If you set this option to 100 3542 3553 then all shares will appear to be not larger than 100 MB in … … 3552 3563 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max disk size</code></em> = <code class="literal">1000</code> 3553 3564 </em></span> 3554 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44653"></a>3565 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550690"></a> 3555 3566 3556 3567 max log size (G) 3557 </h3></div></div></div><a class="indexterm" name="id25 44654"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>3568 </h3></div></div></div><a class="indexterm" name="id2550691"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3558 3569 This option (an integer in kilobytes) specifies the max size the log file should grow to. 3559 3570 Samba periodically checks the size and if it is exceeded it will rename the file, adding … … 3564 3575 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code> 3565 3576 </em></span> 3566 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44724"></a>3577 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550761"></a> 3567 3578 3568 3579 max mux (G) 3569 </h3></div></div></div><a class="indexterm" name="id25 44725"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of3580 </h3></div></div></div><a class="indexterm" name="id2550762"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of 3570 3581 outstanding simultaneous SMB operations that Samba tells the client 3571 3582 it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code> 3572 3583 </em></span> 3573 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44768"></a>3584 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550804"></a> 3574 3585 3575 3586 max open files (G) 3576 </h3></div></div></div><a class="indexterm" name="id25 44769"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of3587 </h3></div></div></div><a class="indexterm" name="id2550805"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of 3577 3588 open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file 3578 3589 serving process may have open for a client at any one time. The … … 3582 3593 this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">10000</code> 3583 3594 </em></span> 3584 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44828"></a>3595 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550864"></a> 3585 3596 3586 3597 max print jobs (S) 3587 </h3></div></div></div><a class="indexterm" name="id25 44829"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of3598 </h3></div></div></div><a class="indexterm" name="id2550866"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of 3588 3599 jobs allowable in a Samba printer queue at any given moment. 3589 3600 If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client. … … 3592 3603 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code> 3593 3604 </em></span> 3594 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 44898"></a>3605 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550934"></a> 3595 3606 3596 3607 <a name="PROTOCOL"></a>protocol 3597 </h3></div></div></div><a class="indexterm" name="id25 44899"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544930"></a>3608 </h3></div></div></div><a class="indexterm" name="id2550935"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550967"></a> 3598 3609 3599 3610 max protocol (G) 3600 </h3></div></div></div><a class="indexterm" name="id25 44931"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest3611 </h3></div></div></div><a class="indexterm" name="id2550968"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest 3601 3612 protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">CORE</code>: Earliest version. No 3602 3613 concept of user names.</p></li><li><p><code class="constant">COREPLUS</code>: Slight improvements on … … 3610 3621 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code> 3611 3622 </em></span> 3612 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45054"></a>3623 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551092"></a> 3613 3624 3614 3625 max reported print jobs (S) 3615 </h3></div></div></div><a class="indexterm" name="id25 45055"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>3626 </h3></div></div></div><a class="indexterm" name="id2551093"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p> 3616 3627 This parameter limits the maximum number of jobs displayed in a port monitor for 3617 3628 Samba printer queue at any given moment. If this number is exceeded, the excess … … 3622 3633 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code> 3623 3634 </em></span> 3624 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45118"></a>3635 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551156"></a> 3625 3636 3626 3637 max smbd processes (G) 3627 </h3></div></div></div><a class="indexterm" name="id25 45119"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended3638 </h3></div></div></div><a class="indexterm" name="id2551157"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended 3628 3639 as a stopgap to prevent degrading service to clients in the event that the server has insufficient 3629 3640 resources to handle more than this number of connections. Remember that under normal operating … … 3633 3644 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max smbd processes</code></em> = <code class="literal">1000</code> 3634 3645 </em></span> 3635 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45200"></a>3646 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551237"></a> 3636 3647 3637 3648 max stat cache size (G) 3638 </h3></div></div></div><a class="indexterm" name="id25 45201"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any3649 </h3></div></div></div><a class="indexterm" name="id2551238"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any 3639 3650 <em class="parameter"><code>stat cache</code></em> being used 3640 3651 to speed up case insensitive name mappings. It represents … … 3647 3658 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code> 3648 3659 </em></span> 3649 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45269"></a>3660 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551307"></a> 3650 3661 3651 3662 max ttl (G) 3652 </h3></div></div></div><a class="indexterm" name="id25 45270"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'3663 </h3></div></div></div><a class="indexterm" name="id2551308"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live' 3653 3664 of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is 3654 3665 requesting a name using either a broadcast packet or from a WINS server. You should 3655 3666 never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code> 3656 3667 </em></span> 3657 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45328"></a>3668 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551366"></a> 3658 3669 3659 3670 max wins ttl (G) 3660 </h3></div></div></div><a class="indexterm" name="id25 45329"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server3661 (<a class="link" href="smb.conf.5.html#WINSSUPPORT" >wins support = yes</a>) what the maximum3671 </h3></div></div></div><a class="indexterm" name="id2551367"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server 3672 (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum 3662 3673 'time to live' of NetBIOS names that <code class="literal">nmbd</code> 3663 3674 will grant will be (in seconds). You should never need to change this 3664 3675 parameter. The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code> 3665 3676 </em></span> 3666 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45400"></a>3677 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551438"></a> 3667 3678 3668 3679 max xmit (G) 3669 </h3></div></div></div><a class="indexterm" name="id25 45401"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size3680 </h3></div></div></div><a class="indexterm" name="id2551439"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size 3670 3681 that will be negotiated by Samba. The default is 16644, which 3671 3682 matches the behavior of Windows 2000. A value below 2048 is likely to cause problems. … … 3675 3686 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max xmit</code></em> = <code class="literal">8192</code> 3676 3687 </em></span> 3677 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45462"></a>3688 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551501"></a> 3678 3689 3679 3690 message command (G) 3680 </h3></div></div></div><a class="indexterm" name="id25 45464"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the3691 </h3></div></div></div><a class="indexterm" name="id2551502"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the 3681 3692 server receives a WinPopup style message.</p><p>This would normally be a command that would 3682 3693 deliver the message somehow. How this is to be done is … … 3717 3728 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &</code> 3718 3729 </em></span> 3719 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45672"></a>3730 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551711"></a> 3720 3731 3721 3732 min print space (S) 3722 </h3></div></div></div><a class="indexterm" name="id25 45674"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk3733 </h3></div></div></div><a class="indexterm" name="id2551712"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk 3723 3734 space that must be available before a user will be able to spool 3724 3735 a print job. It is specified in kilobytes. The default is 0, which … … 3727 3738 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code> 3728 3739 </em></span> 3729 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45735"></a>3740 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551773"></a> 3730 3741 3731 3742 min protocol (G) 3732 </h3></div></div></div><a class="indexterm" name="id25 45736"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the3743 </h3></div></div></div><a class="indexterm" name="id2551774"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the 3733 3744 lowest SMB protocol dialect than Samba will support. Please refer 3734 to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" >max protocol</a>3745 to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a> 3735 3746 parameter for a list of valid protocol names and a brief description 3736 3747 of each. You may also wish to refer to the C source code in 3737 3748 <code class="filename">source/smbd/negprot.c</code> for a listing of known protocol 3738 3749 dialects supported by clients.</p><p>If you are viewing this parameter as a security measure, you should 3739 also refer to the <a class="link" href="smb.conf.5.html#LANMANAUTH" >lanman auth</a> parameter. Otherwise, you should never need3750 also refer to the <a class="link" href="smb.conf.5.html#LANMANAUTH" target="_top">lanman auth</a> parameter. Otherwise, you should never need 3740 3751 to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">CORE</code> 3741 3752 </em></span> 3742 3753 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code> 3743 3754 </em></span> 3744 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45833"></a>3755 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551871"></a> 3745 3756 3746 3757 min receivefile size (G) 3747 </h3></div></div></div><a class="indexterm" name="id25 45834"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming3758 </h3></div></div></div><a class="indexterm" name="id2551872"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming 3748 3759 SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will 3749 3760 be passed to any underlying kernel recvfile or splice system call (if there is no such … … 3754 3765 nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code> 3755 3766 </em></span> 3756 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45902"></a>3767 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551953"></a> 3757 3768 3758 3769 min wins ttl (G) 3759 </h3></div></div></div><a class="indexterm" name="id25 45903"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>3760 when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" >wins support = yes</a>) what the minimum 'time to live'3770 </h3></div></div></div><a class="indexterm" name="id2551954"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> 3771 when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live' 3761 3772 of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in 3762 3773 seconds). You should never need to change this parameter. The default 3763 3774 is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code> 3764 3775 </em></span> 3765 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 45972"></a>3776 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552023"></a> 3766 3777 3767 3778 msdfs proxy (S) 3768 </h3></div></div></div><a class="indexterm" name="id25 45973"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a3779 </h3></div></div></div><a class="indexterm" name="id2552024"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a 3769 3780 stand-in for another CIFS share whose location is specified by 3770 3781 the value of the parameter. When clients attempt to connect to 3771 3782 this share, they are redirected to the proxied share using 3772 3783 the SMB-Dfs protocol.</p><p>Only Dfs roots can act as proxy shares. Take a look at the 3773 <a class="link" href="smb.conf.5.html#MSDFSROOT" >msdfs root</a> and <a class="link" href="smb.conf.5.html#HOSTMSDFS">host msdfs</a>3784 <a class="link" href="smb.conf.5.html#MSDFSROOT" target="_top">msdfs root</a> and <a class="link" href="smb.conf.5.html#HOSTMSDFS" target="_top">host msdfs</a> 3774 3785 options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code> 3775 3786 </em></span> 3776 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46051"></a>3787 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552101"></a> 3777 3788 3778 3789 msdfs root (S) 3779 </h3></div></div></div><a class="indexterm" name="id25 46052"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the3790 </h3></div></div></div><a class="indexterm" name="id2552102"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the 3780 3791 share as a Dfs root and allows clients to browse the 3781 3792 distributed file system tree rooted at the share directory. … … 3785 3796 Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code> 3786 3797 </em></span> 3787 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46106"></a>3798 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552156"></a> 3788 3799 3789 3800 name cache timeout (G) 3790 </h3></div></div></div><a class="indexterm" name="id25 46107"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before3801 </h3></div></div></div><a class="indexterm" name="id2552157"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before 3791 3802 entries in samba's hostname resolve cache time out. If 3792 3803 the timeout is set to 0. the caching is disabled. … … 3795 3806 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code> 3796 3807 </em></span> 3797 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46167"></a>3808 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552217"></a> 3798 3809 3799 3810 name resolve order (G) 3800 </h3></div></div></div><a class="indexterm" name="id25 46168"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba3811 </h3></div></div></div><a class="indexterm" name="id2552218"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba 3801 3812 suite to determine what naming services to use and in what order 3802 3813 to resolve host names to IP addresses. Its main purpose to is to … … 3816 3827 _ldap._tcp.domain. 3817 3828 </p></li><li><p><code class="constant">wins</code> : Query a name with 3818 the IP address listed in the <a class="link" href="smb.conf.5.html#WINSSERVER" >WINSSERVER</a> parameter. If no WINS server has3829 the IP address listed in the <a class="link" href="smb.conf.5.html#WINSSERVER" target="_top">WINSSERVER</a> parameter. If no WINS server has 3819 3830 been specified this method will be ignored.</p></li><li><p><code class="constant">bcast</code> : Do a broadcast on 3820 each of the known local interfaces listed in the <a class="link" href="smb.conf.5.html#INTERFACES" >interfaces</a>3831 each of the known local interfaces listed in the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a> 3821 3832 parameter. This is the least reliable of the name resolution 3822 3833 methods as it depends on the target host being on a locally … … 3829 3840 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts bcast host</code> 3830 3841 </em></span> 3831 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46368"></a>3842 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552420"></a> 3832 3843 3833 3844 netbios aliases (G) 3834 </h3></div></div></div><a class="indexterm" name="id25 46369"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will3845 </h3></div></div></div><a class="indexterm" name="id2552421"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will 3835 3846 advertise as additional names by which the Samba server is known. This allows one machine 3836 3847 to appear in browse lists under multiple names. If a machine is acting as a browse server … … 3842 3853 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios aliases</code></em> = <code class="literal">TEST TEST1 TEST2</code> 3843 3854 </em></span> 3844 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46434"></a>3855 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552493"></a> 3845 3856 3846 3857 netbios name (G) 3847 </h3></div></div></div><a class="indexterm" name="id25 46435"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>3858 </h3></div></div></div><a class="indexterm" name="id2552494"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p> 3848 3859 This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component 3849 3860 of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of … … 3858 3869 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code> 3859 3870 </em></span> 3860 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46516"></a>3871 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552574"></a> 3861 3872 3862 3873 netbios scope (G) 3863 </h3></div></div></div><a class="indexterm" name="id25 46517"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will3874 </h3></div></div></div><a class="indexterm" name="id2552575"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will 3864 3875 operate under. This should not be set unless every machine 3865 3876 on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code> 3866 3877 </em></span> 3867 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46558"></a>3878 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552617"></a> 3868 3879 3869 3880 nis homedir (G) 3870 </h3></div></div></div><a class="indexterm" name="id25 46560"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For3881 </h3></div></div></div><a class="indexterm" name="id2552618"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For 3871 3882 UNIX systems that use an automounter, the user's home directory 3872 3883 will often be mounted on a workstation on demand from a remote … … 3882 3893 server. When Samba is returning the home share to the client, it 3883 3894 will consult the NIS map specified in 3884 <a class="link" href="smb.conf.5.html#HOMEDIRMAP" >homedir map</a> and return the server3895 <a class="link" href="smb.conf.5.html#HOMEDIRMAP" target="_top">homedir map</a> and return the server 3885 3896 listed there.</p><p>Note that for this option to work there must be a working 3886 3897 NIS system and the Samba server with this option must also 3887 3898 be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code> 3888 3899 </em></span> 3889 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46638"></a>3900 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552697"></a> 3890 3901 3891 3902 nt acl support (S) 3892 </h3></div></div></div><a class="indexterm" name="id25 46640"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map3903 </h3></div></div></div><a class="indexterm" name="id2552698"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map 3893 3904 UNIX permissions into Windows NT access control lists. The UNIX 3894 3905 permissions considered are the the traditional UNIX owner and … … 3897 3908 releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code> 3898 3909 </em></span> 3899 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46693"></a>3910 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552752"></a> 3900 3911 3901 3912 ntlm auth (G) 3902 </h3></div></div></div><a class="indexterm" name="id25 46694"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to3913 </h3></div></div></div><a class="indexterm" name="id2552753"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to 3903 3914 authenticate users using the NTLM encrypted password response. 3904 3915 If disabled, either the lanman password hash or an NTLMv2 response … … 3908 3919 special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code> 3909 3920 </em></span> 3910 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46757"></a>3921 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552816"></a> 3911 3922 3912 3923 nt pipe support (G) 3913 </h3></div></div></div><a class="indexterm" name="id25 46758"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether3924 </h3></div></div></div><a class="indexterm" name="id2552817"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether 3914 3925 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT 3915 3926 clients to connect to the NT SMB specific <code class="constant">IPC$</code> … … 3917 3928 alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code> 3918 3929 </em></span> 3919 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46814"></a>3930 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552872"></a> 3920 3931 3921 3932 nt status support (G) 3922 </h3></div></div></div><a class="indexterm" name="id25 46815"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status3933 </h3></div></div></div><a class="indexterm" name="id2552873"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status 3923 3934 support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. 3924 3935 If this option is set to <code class="constant">no</code> then Samba offers … … 3926 3937 reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code> 3927 3938 </em></span> 3928 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46875"></a>3939 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552933"></a> 3929 3940 3930 3941 null passwords (G) 3931 </h3></div></div></div><a class="indexterm" name="id25 46876"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>3932 </em></span> 3933 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46928"></a>3942 </h3></div></div></div><a class="indexterm" name="id2552934"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code> 3943 </em></span> 3944 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552987"></a> 3934 3945 3935 3946 obey pam restrictions (G) 3936 </h3></div></div></div><a class="indexterm" name="id25 46929"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support3947 </h3></div></div></div><a class="indexterm" name="id2552988"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support 3937 3948 (i.e. --with-pam), this parameter will control whether or not Samba 3938 3949 should obey PAM's account and session management directives. The 3939 3950 default behavior is to use PAM for clear text authentication only 3940 3951 and to ignore any account or session management. Note that Samba 3941 always ignores PAM for authentication in the case of <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" >encrypt passwords = yes</a>. The reason3952 always ignores PAM for authentication in the case of <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = yes</a>. The reason 3942 3953 is that PAM modules cannot support the challenge/response 3943 3954 authentication mechanism needed in the presence of SMB password encryption. 3944 3955 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code> 3945 3956 </em></span> 3946 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 46992"></a>3957 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553058"></a> 3947 3958 3948 3959 only user (S) 3949 </h3></div></div></div><a class="indexterm" name="id25 46993"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether3960 </h3></div></div></div><a class="indexterm" name="id2553059"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether 3950 3961 connections with usernames not in the <em class="parameter"><code>user</code></em> 3951 3962 list will be allowed. By default this option is disabled so that a … … 3953 3964 this parameter will force the server to only use the login 3954 3965 names from the <em class="parameter"><code>user</code></em> list and is only really 3955 useful in <a class="link" href="smb.conf.5.html#SECURITY" >security = share</a> level security.</p><p>Note that this also means Samba won't try to deduce3966 useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = share</a> level security.</p><p>Note that this also means Samba won't try to deduce 3956 3967 usernames from the service name. This can be annoying for 3957 3968 the [homes] section. To get around this you could use <code class="literal">user = … … 3960 3971 name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code> 3961 3972 </em></span> 3962 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47081"></a>3973 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553147"></a> 3963 3974 3964 3975 oplock break wait time (G) 3965 </h3></div></div></div><a class="indexterm" name="id25 47082"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>3976 </h3></div></div></div><a class="indexterm" name="id2553148"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p> 3966 3977 This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too 3967 3978 quickly when that client issues an SMB that can cause an oplock break request, then the network client can … … 3972 3983 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code> 3973 3984 </em></span> 3974 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47136"></a>3985 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553200"></a> 3975 3986 3976 3987 oplock contention limit (S) 3977 </h3></div></div></div><a class="indexterm" name="id25 47137"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>3988 </h3></div></div></div><a class="indexterm" name="id2553202"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3978 3989 This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the 3979 3990 granting of oplocks under multiple client contention for the same file. … … 3987 3998 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code> 3988 3999 </em></span> 3989 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47217"></a>4000 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553283"></a> 3990 4001 3991 4002 oplocks (S) 3992 </h3></div></div></div><a class="indexterm" name="id25 47218"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>4003 </h3></div></div></div><a class="indexterm" name="id2553284"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p> 3993 4004 This boolean option tells <code class="literal">smbd</code> whether to 3994 4005 issue oplocks (opportunistic locks) to file open requests on this … … 4002 4013 </p><p> 4003 4014 Oplocks may be selectively turned off on certain files with a share. See 4004 the <a class="link" href="smb.conf.5.html#VETOOPLOCKFILES" >veto oplock files</a> parameter. On some systems4015 the <a class="link" href="smb.conf.5.html#VETOOPLOCKFILES" target="_top">veto oplock files</a> parameter. On some systems 4005 4016 oplocks are recognized by the underlying operating system. This 4006 4017 allows data synchronization between all access to oplocked files, 4007 4018 whether it be via Samba or NFS or a local UNIX process. See the 4008 <a class="link" href="smb.conf.5.html#KERNELOPLOCKS" >kernel oplocks</a> parameter for details.4019 <a class="link" href="smb.conf.5.html#KERNELOPLOCKS" target="_top">kernel oplocks</a> parameter for details. 4009 4020 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code> 4010 4021 </em></span> 4011 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47317"></a>4022 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553383"></a> 4012 4023 4013 4024 os2 driver map (G) 4014 </h3></div></div></div><a class="indexterm" name="id25 47318"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute4025 </h3></div></div></div><a class="indexterm" name="id2553384"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute 4015 4026 path to a file containing a mapping of Windows NT printer driver 4016 4027 names to OS/2 printer driver names. The format is:</p><p><nt driver name> = <os2 driver name>.<device name></p><p>For example, a valid entry using the HP LaserJet 5 … … 4022 4033 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code> 4023 4034 </em></span> 4024 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47384"></a>4035 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553450"></a> 4025 4036 4026 4037 os level (G) 4027 </h3></div></div></div><a class="indexterm" name="id25 47385"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>4038 </h3></div></div></div><a class="indexterm" name="id2553451"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 4028 4039 This integer value controls what level Samba advertises itself as for browse elections. The value of this 4029 parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" >workgroup</a> in the local broadcast area.4040 parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area. 4030 4041 </p><p><span class="emphasis"><em> 4031 4042 Note:</em></span> By default, Samba will win a local master browsing election over all Microsoft operating … … 4041 4052 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code> 4042 4053 </em></span> 4043 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47492"></a>4054 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553549"></a> 4044 4055 4045 4056 pam password change (G) 4046 </h3></div></div></div><a class="indexterm" name="id25 47493"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,4057 </h3></div></div></div><a class="indexterm" name="id2553550"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2, 4047 4058 this parameter, it is possible to use PAM's password change control 4048 4059 flag for Samba. If enabled, then PAM will be used for password 4049 4060 changes when requested by an SMB client instead of the program listed in 4050 <a class="link" href="smb.conf.5.html#PASSWDPROGRAM" >passwd program</a>.4061 <a class="link" href="smb.conf.5.html#PASSWDPROGRAM" target="_top">passwd program</a>. 4051 4062 It should be possible to enable this without changing your 4052 <a class="link" href="smb.conf.5.html#PASSWDCHAT" >passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code>4053 </em></span> 4054 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47564"></a>4063 <a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code> 4064 </em></span> 4065 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553622"></a> 4055 4066 4056 4067 panic action (G) 4057 </h3></div></div></div><a class="indexterm" name="id25 47565"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a4068 </h3></div></div></div><a class="indexterm" name="id2553623"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a 4058 4069 system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> crashes. This is usually used to 4059 4070 draw attention to the fact that a problem occurred. … … 4062 4073 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code> 4063 4074 </em></span> 4064 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47640"></a>4075 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553698"></a> 4065 4076 4066 4077 paranoid server security (G) 4067 </h3></div></div></div><a class="indexterm" name="id25 47641"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest4078 </h3></div></div></div><a class="indexterm" name="id2553699"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest 4068 4079 users with a bad passowrd. When this option is enabled, samba will not 4069 4080 use a broken NT 4.x server as password server, but instead complain … … 4073 4084 bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code> 4074 4085 </em></span> 4075 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47691"></a>4086 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553749"></a> 4076 4087 4077 4088 passdb backend (G) 4078 </h3></div></div></div><a class="indexterm" name="id25 47692"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend4089 </h3></div></div></div><a class="indexterm" name="id2553750"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend 4079 4090 will be used for storing user and possibly group information. This allows 4080 4091 you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location' … … 4085 4096 </p></li><li><p><code class="literal">tdbsam</code> - The TDB based password storage 4086 4097 backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb 4087 in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" >private dir</a> directory.</p></li><li><p><code class="literal">ldapsam</code> - The LDAP based passdb4098 in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" target="_top">private dir</a> directory.</p></li><li><p><code class="literal">ldapsam</code> - The LDAP based passdb 4088 4099 backend. Takes an LDAP URL as an optional argument (defaults to 4089 4100 <code class="literal">ldap://localhost</code>)</p><p>LDAP connections should be secured where possible. This may be done using either 4090 Start-TLS (see <a class="link" href="smb.conf.5.html#LDAPSSL" >ldap ssl</a>) or by4101 Start-TLS (see <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a>) or by 4091 4102 specifying <em class="parameter"><code>ldaps://</code></em> in 4092 4103 the URL argument. </p><p>Multiple servers may also be specified in double-quotes. … … 4109 4120 </pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">smbpasswd</code> 4110 4121 </em></span> 4111 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47846"></a>4122 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553906"></a> 4112 4123 4113 4124 passdb expand explicit (G) 4114 </h3></div></div></div><a class="indexterm" name="id25 47848"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>4125 </h3></div></div></div><a class="indexterm" name="id2553907"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p> 4115 4126 This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We 4116 4127 used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable … … 4118 4129 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code> 4119 4130 </em></span> 4120 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47893"></a>4131 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553953"></a> 4121 4132 4122 4133 passwd chat debug (G) 4123 </h3></div></div></div><a class="indexterm" name="id25 47894"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script4134 </h3></div></div></div><a class="indexterm" name="id2553954"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script 4124 4135 parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the 4125 4136 strings passed to and received from the passwd chat are printed 4126 4137 in the <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a 4127 <a class="link" href="smb.conf.5.html#DEBUGLEVEL" >debug level</a>4138 <a class="link" href="smb.conf.5.html#DEBUGLEVEL" target="_top">debug level</a> 4128 4139 of 100. This is a dangerous option as it will allow plaintext passwords 4129 4140 to be seen in the <code class="literal">smbd</code> log. It is available to help … … 4131 4142 when calling the <em class="parameter"><code>passwd program</code></em> and should 4132 4143 be turned off after this has been done. This option has no effect if the 4133 <a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" >pam password change</a>4144 <a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" target="_top">pam password change</a> 4134 4145 parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code> 4135 4146 </em></span> 4136 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 47996"></a>4147 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554056"></a> 4137 4148 4138 4149 passwd chat timeout (G) 4139 </h3></div></div></div><a class="indexterm" name="id25 47997"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial4150 </h3></div></div></div><a class="indexterm" name="id2554057"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial 4140 4151 answer from a passwd chat script being run. Once the initial answer is received 4141 4152 the subsequent answers must be received in one tenth of this time. The default it 4142 4153 two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code> 4143 4154 </em></span> 4144 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 48041"></a>4155 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554101"></a> 4145 4156 4146 4157 passwd chat (G) 4147 </h3></div></div></div><a class="indexterm" name="id25 48042"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>4158 </h3></div></div></div><a class="indexterm" name="id2554102"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span> 4148 4159 conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing 4149 4160 program to change the user's password. The string describes a 4150 4161 sequence of response-receive pairs that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the 4151 <a class="link" href="smb.conf.5.html#PASSWDPROGRAM" >passwd program</a> and what to expect back. If the expected output is not4162 <a class="link" href="smb.conf.5.html#PASSWDPROGRAM" target="_top">passwd program</a> and what to expect back. If the expected output is not 4152 4163 received then the password is not changed.</p><p>This chat sequence is often quite site specific, depending 4153 4164 on what local methods are used for password control (such as NIS 4154 etc).</p><p>Note that this parameter only is used if the <a class="link" href="smb.conf.5.html#UNIXPASSWORDSYNC" >unix password sync</a> parameter is set to <code class="constant">yes</code>. This sequence is4165 etc).</p><p>Note that this parameter only is used if the <a class="link" href="smb.conf.5.html#UNIXPASSWORDSYNC" target="_top">unix password sync</a> parameter is set to <code class="constant">yes</code>. This sequence is 4155 4166 then called <span class="emphasis"><em>AS ROOT</em></span> when the SMB password in the 4156 4167 smbpasswd file is being changed, without access to the old password 4157 4168 cleartext. This means that root must be able to reset the user's password without 4158 4169 knowing the text of the previous password. In the presence of 4159 NIS/YP, this means that the <a class="link" href="smb.conf.5.html#PASSWDPROGRAM" >passwd program</a> must4170 NIS/YP, this means that the <a class="link" href="smb.conf.5.html#PASSWDPROGRAM" target="_top">passwd program</a> must 4160 4171 be executed on the NIS master. 4161 4172 </p><p>The string can contain the macro <em class="parameter"><code>%n</code></em> which is substituted 4162 4173 for the new password. The old passsword (<em class="parameter"><code>%o</code></em>) is only available when 4163 <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" >encrypt passwords</a> has been disabled.4174 <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords</a> has been disabled. 4164 4175 The chat sequence can also contain the standard macros 4165 4176 \n, \r, \t and \s to give line-feed, carriage-return, tab … … 4169 4180 string.</p><p>If the send string in any part of the chat sequence is a full 4170 4181 stop ".", then no string is sent. Similarly, if the 4171 expect string is a full stop then no string is expected.</p><p>If the <a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" >pam password change</a> parameter is set to <code class="constant">yes</code>, the4182 expect string is a full stop then no string is expected.</p><p>If the <a class="link" href="smb.conf.5.html#PAMPASSWORDCHANGE" target="_top">pam password change</a> parameter is set to <code class="constant">yes</code>, the 4172 4183 chat pairs may be matched in any order, and success is determined by the PAM result, not any particular 4173 4184 output. The \n macro is ignored for PAM conversions. … … 4176 4187 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd chat</code></em> = <code class="literal">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</code> 4177 4188 </em></span> 4178 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 48246"></a>4189 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554307"></a> 4179 4190 4180 4191 passwd program (G) 4181 </h3></div></div></div><a class="indexterm" name="id25 48247"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set4192 </h3></div></div></div><a class="indexterm" name="id2554308"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set 4182 4193 UNIX user passwords. Any occurrences of <em class="parameter"><code>%u</code></em> 4183 4194 will be replaced with the user name. The user name is checked for … … 4200 4211 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd program</code></em> = <code class="literal">/bin/passwd %u</code> 4201 4212 </em></span> 4202 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 48381"></a>4213 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554442"></a> 4203 4214 4204 4215 password level (G) 4205 </h3></div></div></div><a class="indexterm" name="id25 48382"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty4216 </h3></div></div></div><a class="indexterm" name="id2554443"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty 4206 4217 with mixed-case passwords. One offending client is Windows for 4207 4218 Workgroups, which for some reason forces passwords to upper … … 4221 4232 made - the password as is and the password in all-lower case.</p><p>This parameter is used only when using plain-text passwords. It is 4222 4233 not at all used when encrypted passwords as in use (that is the default 4223 since samba-3.0.0). Use this only when <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" >encrypt passwords = No</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">0</code>4234 since samba-3.0.0). Use this only when <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = No</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">0</code> 4224 4235 </em></span> 4225 4236 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">4</code> 4226 4237 </em></span> 4227 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 48518"></a>4238 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554579"></a> 4228 4239 4229 4240 password server (G) 4230 </h3></div></div></div><a class="indexterm" name="id25 48519"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server4241 </h3></div></div></div><a class="indexterm" name="id2554580"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server 4231 4242 or Active Directory domain controller with this option, 4232 4243 and using <code class="literal">security = [ads|domain|server]</code> … … 4240 4251 have no effect on password servers for Windows NT 4.0 domains or netbios 4241 4252 connections.</p><p>If parameter is a name, it is looked up using the 4242 parameter <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" >name resolve order</a> and so may resolved4253 parameter <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order</a> and so may resolved 4243 4254 by any method and order described in that parameter.</p><p>The password server must be a machine capable of using 4244 4255 the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in … … 4288 4299 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code> 4289 4300 </em></span> 4290 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 48816"></a>4301 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554878"></a> 4291 4302 4292 4303 <a name="DIRECTORY"></a>directory 4293 </h3></div></div></div><a class="indexterm" name="id25 48817"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548848"></a>4304 </h3></div></div></div><a class="indexterm" name="id2554879"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554909"></a> 4294 4305 4295 4306 path (S) 4296 </h3></div></div></div><a class="indexterm" name="id25 48849"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which4307 </h3></div></div></div><a class="indexterm" name="id2554910"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which 4297 4308 the user of the service is to be given access. In the case of 4298 4309 printable services, this is where print data will spool prior to … … 4306 4317 will be replaced by the NetBIOS name of the machine they are 4307 4318 connecting from. These replacements are very useful for setting 4308 up pseudo home directories for users.</p><p>Note that this path will be based on <a class="link" href="smb.conf.5.html#ROOTDIR" >root dir</a>4319 up pseudo home directories for users.</p><p>Note that this path will be based on <a class="link" href="smb.conf.5.html#ROOTDIR" target="_top">root dir</a> 4309 4320 if one was specified.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal"></code> 4310 4321 </em></span> 4311 4322 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code> 4312 4323 </em></span> 4313 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 48952"></a>4324 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555013"></a> 4314 4325 4315 4326 pid directory (G) 4316 </h3></div></div></div><a class="indexterm" name="id25 48953"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>4327 </h3></div></div></div><a class="indexterm" name="id2555014"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p> 4317 4328 This option specifies the directory where pid files will be placed. 4318 4329 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code> … … 4320 4331 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code> 4321 4332 </em></span> 4322 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49011"></a>4333 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555073"></a> 4323 4334 4324 4335 posix locking (S) 4325 </h3></div></div></div><a class="indexterm" name="id25 49012"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>4336 </h3></div></div></div><a class="indexterm" name="id2555074"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p> 4326 4337 The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> 4327 4338 daemon maintains an database of file locks obtained by SMB clients. The default behavior is … … 4331 4342 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code> 4332 4343 </em></span> 4333 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49067"></a>4344 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555128"></a> 4334 4345 4335 4346 postexec (S) 4336 </h3></div></div></div><a class="indexterm" name="id25 49068"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run4347 </h3></div></div></div><a class="indexterm" name="id2555130"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run 4337 4348 whenever the service is disconnected. It takes the usual 4338 4349 substitutions. The command may be run as the root on some … … 4342 4353 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</code> 4343 4354 </em></span> 4344 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49140"></a>4355 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555201"></a> 4345 4356 4346 4357 preexec close (S) 4347 </h3></div></div></div><a class="indexterm" name="id25 49141"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>4348 This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" >preexec</a>4358 </h3></div></div></div><a class="indexterm" name="id2555202"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p> 4359 This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a> 4349 4360 should close the service being connected to. 4350 4361 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code> 4351 4362 </em></span> 4352 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49194"></a>4363 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555256"></a> 4353 4364 4354 4365 <a name="EXEC"></a>exec 4355 </h3></div></div></div><a class="indexterm" name="id25 49195"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549225"></a>4366 </h3></div></div></div><a class="indexterm" name="id2555257"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555288"></a> 4356 4367 4357 4368 preexec (S) 4358 </h3></div></div></div><a class="indexterm" name="id25 49226"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever4369 </h3></div></div></div><a class="indexterm" name="id2555289"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever 4359 4370 the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome 4360 4371 message every time they log in. Maybe a message of the day? Here … … 4363 4374 /usr/local/samba/bin/smbclient -M %m -I %I' & </code> 4364 4375 </p><p>Of course, this could get annoying after a while :-)</p><p> 4365 See also <a class="link" href="smb.conf.5.html#PREEXECCLOSE" >preexec close</a> and <a class="link" href="smb.conf.5.html#POSTEXEC">postexec</a>.4376 See also <a class="link" href="smb.conf.5.html#PREEXECCLOSE" target="_top">preexec close</a> and <a class="link" href="smb.conf.5.html#POSTEXEC" target="_top">postexec</a>. 4366 4377 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal"></code> 4367 4378 </em></span> 4368 4379 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" >> /tmp/log</code> 4369 4380 </em></span> 4370 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49333"></a>4381 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555396"></a> 4371 4382 4372 4383 <a name="PREFEREDMASTER"></a>prefered master 4373 </h3></div></div></div><a class="indexterm" name="id25 49334"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549366"></a>4384 </h3></div></div></div><a class="indexterm" name="id2555397"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555428"></a> 4374 4385 4375 4386 preferred master (G) 4376 </h3></div></div></div><a class="indexterm" name="id25 49367"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>4387 </h3></div></div></div><a class="indexterm" name="id2555430"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p> 4377 4388 This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser for its workgroup. 4378 4389 </p><p> 4379 4390 If this is set to <code class="constant">yes</code>, on startup, <code class="literal">nmbd</code> will force 4380 4391 an election, and it will have a slight advantage in winning the election. It is recommended that this 4381 parameter is used in conjunction with <a class="link" href="smb.conf.5.html#DOMAINMASTER" >domain master = yes</a>, so that4392 parameter is used in conjunction with <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = yes</a>, so that 4382 4393 <code class="literal">nmbd</code> can guarantee becoming a domain master. 4383 4394 </p><p> … … 4388 4399 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code> 4389 4400 </em></span> 4390 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49459"></a>4401 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555522"></a> 4391 4402 4392 4403 preload modules (G) 4393 </h3></div></div></div><a class="indexterm" name="id25 49460"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should4404 </h3></div></div></div><a class="indexterm" name="id2555523"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should 4394 4405 be loaded into smbd before a client connects. This improves 4395 4406 the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code> … … 4397 4408 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code> 4398 4409 </em></span> 4399 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49520"></a>4410 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555583"></a> 4400 4411 4401 4412 <a name="AUTOSERVICES"></a>auto services 4402 </h3></div></div></div><a class="indexterm" name="id25 49521"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549553"></a>4413 </h3></div></div></div><a class="indexterm" name="id2555584"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555616"></a> 4403 4414 4404 4415 preload (G) 4405 </h3></div></div></div><a class="indexterm" name="id25 49554"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be4416 </h3></div></div></div><a class="indexterm" name="id2555617"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be 4406 4417 automatically added to the browse lists. This is most useful 4407 4418 for homes and printers services that would otherwise not be 4408 4419 visible.</p><p> 4409 4420 Note that if you just want all printers in your 4410 printcap file loaded then the <a class="link" href="smb.conf.5.html#LOADPRINTERS" >load printers</a>4421 printcap file loaded then the <a class="link" href="smb.conf.5.html#LOADPRINTERS" target="_top">load printers</a> 4411 4422 option is easier. 4412 4423 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal"></code> … … 4414 4425 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code> 4415 4426 </em></span> 4416 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49631"></a>4427 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555694"></a> 4417 4428 4418 4429 preserve case (S) 4419 </h3></div></div></div><a class="indexterm" name="id25 49632"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>4430 </h3></div></div></div><a class="indexterm" name="id2555695"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p> 4420 4431 This controls if new filenames are created with the case that the client passes, or if 4421 they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" >default case</a>.4432 they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>. 4422 4433 </p><p> 4423 4434 See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion. 4424 4435 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code> 4425 4436 </em></span> 4426 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49697"></a>4437 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555760"></a> 4427 4438 4428 4439 <a name="PRINTOK"></a>print ok 4429 </h3></div></div></div><a class="indexterm" name="id25 49698"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549728"></a>4440 </h3></div></div></div><a class="indexterm" name="id2555761"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555791"></a> 4430 4441 4431 4442 printable (S) 4432 </h3></div></div></div><a class="indexterm" name="id25 49729"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then4443 </h3></div></div></div><a class="indexterm" name="id2555792"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then 4433 4444 clients may open, write to and submit spool files on the directory 4434 4445 specified for the service. </p><p>Note that a printable service will ALWAYS allow writing 4435 4446 to the service path (user privileges permitting) via the spooling 4436 of print data. The <a class="link" href="smb.conf.5.html#READONLY" >read only</a> parameter controls only non-printing access to4447 of print data. The <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> parameter controls only non-printing access to 4437 4448 the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code> 4438 4449 </em></span> 4439 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49791"></a>4450 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555854"></a> 4440 4451 4441 4452 printcap cache time (G) 4442 </h3></div></div></div><a class="indexterm" name="id25 49792"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing4453 </h3></div></div></div><a class="indexterm" name="id2555855"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing 4443 4454 subsystem is again asked for the known printers. If the value 4444 4455 is greater than 60 the initial waiting time is set to 60 seconds … … 4450 4461 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code> 4451 4462 </em></span> 4452 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 49859"></a>4463 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555923"></a> 4453 4464 4454 4465 <a name="PRINTCAP"></a>printcap 4455 </h3></div></div></div><a class="indexterm" name="id25 49860"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549892"></a>4466 </h3></div></div></div><a class="indexterm" name="id2555924"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555956"></a> 4456 4467 4457 4468 printcap name (G) 4458 </h3></div></div></div><a class="indexterm" name="id25 49893"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>4469 </h3></div></div></div><a class="indexterm" name="id2555957"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p> 4459 4470 This parameter may be used to override the compiled-in default printcap name used by the server (usually 4460 4471 <code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this. 4461 4472 </p><p> 4462 4473 To use the CUPS printing interface set <code class="literal">printcap name = cups </code>. This should 4463 be supplemented by an addtional setting <a class="link" href="smb.conf.5.html#PRINTING" >printing = cups</a> in the [global]4474 be supplemented by an addtional setting <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing = cups</a> in the [global] 4464 4475 section. <code class="literal">printcap name = cups</code> will use the "dummy" printcap 4465 4476 created by CUPS, as specified in your CUPS configuration file. … … 4491 4502 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code> 4492 4503 </em></span> 4493 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0076"></a>4504 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556140"></a> 4494 4505 4495 4506 print command (S) 4496 </h3></div></div></div><a class="indexterm" name="id255 0077"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to4507 </h3></div></div></div><a class="indexterm" name="id2556142"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to 4497 4508 a service, this command will be used via a <code class="literal">system()</code> 4498 4509 call to process the spool file. Typically the command specified will … … 4517 4528 be created but not processed and (most importantly) not removed.</p><p>Note that printing may fail on some UNIXes from the 4518 4529 <code class="constant">nobody</code> account. If this happens then create 4519 an alternative guest account that can print and set the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a>4530 an alternative guest account that can print and set the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a> 4520 4531 in the [global] section.</p><p>You can form quite complex print commands by realizing 4521 4532 that they are just passed to a shell. For example the following … … 4524 4535 /tmp/print.log; lpr -P %p %s; rm %s</code></p><p>You may have to vary this command considerably depending 4525 4536 on how you normally print files on your system. The default for 4526 the parameter varies depending on the setting of the <a class="link" href="smb.conf.5.html#PRINTING" >printing</a>4537 the parameter varies depending on the setting of the <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> 4527 4538 parameter.</p><p>Default: For <code class="literal">printing = BSD, AIX, QNX, LPRNG 4528 4539 or PLP :</code></p><p><code class="literal">print command = lpr -r -P%p %s</code></p><p>For <code class="literal">printing = SYSV or HPUX :</code></p><p><code class="literal">print command = lp -c -d%p %s; rm %s</code></p><p>For <code class="literal">printing = SOFTQ :</code></p><p><code class="literal">print command = lp -d%p -s %s; rm %s</code></p><p>For printing = CUPS : If SAMBA is compiled against 4529 libcups, then <a class="link" href="smb.conf.5.html#PRINTCAP" >printcap = cups</a>4540 libcups, then <a class="link" href="smb.conf.5.html#PRINTCAP" target="_top">printcap = cups</a> 4530 4541 uses the CUPS API to 4531 4542 submit jobs, etc. Otherwise it maps to the System V … … 4536 4547 set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code> 4537 4548 </em></span> 4538 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0346"></a>4549 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556410"></a> 4539 4550 4540 4551 printer admin (S) 4541 </h3></div></div></div><a class="indexterm" name="id255 0347"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>4552 </h3></div></div></div><a class="indexterm" name="id2556411"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p> 4542 4553 This lists users who can do anything to printers 4543 4554 via the remote administration interfaces offered … … 4555 4566 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code> 4556 4567 </em></span> 4557 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0416"></a>4568 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556479"></a> 4558 4569 4559 4570 <a name="PRINTER"></a>printer 4560 </h3></div></div></div><a class="indexterm" name="id255 0417"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550447"></a>4571 </h3></div></div></div><a class="indexterm" name="id2556480"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556511"></a> 4561 4572 4562 4573 printer name (S) 4563 </h3></div></div></div><a class="indexterm" name="id255 0448"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>4574 </h3></div></div></div><a class="indexterm" name="id2556512"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p> 4564 4575 This parameter specifies the name of the printer to which print jobs spooled through a printable service 4565 4576 will be sent. … … 4568 4579 does not have its own printer name specified. 4569 4580 </p><p> 4570 The default value of the <a class="link" href="smb.conf.5.html#PRINTERNAME" >printer name</a> may be <code class="literal">lp</code> on many4581 The default value of the <a class="link" href="smb.conf.5.html#PRINTERNAME" target="_top">printer name</a> may be <code class="literal">lp</code> on many 4571 4582 systems. 4572 4583 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">none</code> … … 4574 4585 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code> 4575 4586 </em></span> 4576 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0535"></a>4587 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556599"></a> 4577 4588 4578 4589 printing (S) 4579 </h3></div></div></div><a class="indexterm" name="id255 0536"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is4590 </h3></div></div></div><a class="indexterm" name="id2556600"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is 4580 4591 interpreted on your system. It also affects the default values for 4581 4592 the <em class="parameter"><code>print command</code></em>, <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and <em class="parameter"><code>lprm command</code></em> if specified in the … … 4591 4602 the value for the <em class="parameter"><code>printing</code></em> option since it will 4592 4603 reset the printing commands to default values.</p><p>See also the discussion in the <a class="link" href="#PRINTERSSECT" title="The [printers] section"> 4593 [printers]</a> section.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550670"></a> 4604 [printers]</a> section.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printing</code></em> = <code class="literal">Depends on the operating system, see 4605 <code class="literal">testparm -v.</code></code> 4606 </em></span> 4607 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556752"></a> 4594 4608 4595 4609 printjob username (S) 4596 </h3></div></div></div><a class="indexterm" name="id255 0671"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be4610 </h3></div></div></div><a class="indexterm" name="id2556753"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be 4597 4611 passed to the printing system. Usually, the username is sent, 4598 4612 but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code> … … 4600 4614 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code> 4601 4615 </em></span> 4602 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0731"></a>4616 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556814"></a> 4603 4617 4604 4618 private dir (G) 4605 </h3></div></div></div><a class="indexterm" name="id255 0732"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory4619 </h3></div></div></div><a class="indexterm" name="id2556815"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory 4606 4620 smbd will use for storing such files as <code class="filename">smbpasswd</code> 4607 4621 and <code class="filename">secrets.tdb</code>. 4608 4622 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code> 4609 4623 </em></span> 4610 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0785"></a>4624 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556868"></a> 4611 4625 4612 4626 profile acls (S) 4613 </h3></div></div></div><a class="indexterm" name="id255 0786"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>4627 </h3></div></div></div><a class="indexterm" name="id2556869"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p> 4614 4628 This boolean parameter was added to fix the problems that people have been 4615 4629 having with storing user profiles on Samba shares from Windows 2000 or … … 4639 4653 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code> 4640 4654 </em></span> 4641 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0858"></a>4655 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556951"></a> 4642 4656 4643 4657 queuepause command (S) 4644 </h3></div></div></div><a class="indexterm" name="id255 0859"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be4658 </h3></div></div></div><a class="indexterm" name="id2556952"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 4645 4659 executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes 4646 4660 a printer name as its only parameter and stops the printer queue, … … 4653 4667 server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code> 4654 4668 </em></span> 4655 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 0934"></a>4669 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557028"></a> 4656 4670 4657 4671 queueresume command (S) 4658 </h3></div></div></div><a class="indexterm" name="id255 0935"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be4672 </h3></div></div></div><a class="indexterm" name="id2557029"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 4659 4673 executed on the server host in order to resume the printer queue. It 4660 4674 is the command to undo the behavior that is caused by the 4661 previous parameter (<a class="link" href="smb.conf.5.html#QUEUEPAUSECOMMAND" >queuepause command</a>).</p><p>This command should be a program or script which takes4675 previous parameter (<a class="link" href="smb.conf.5.html#QUEUEPAUSECOMMAND" target="_top">queuepause command</a>).</p><p>This command should be a program or script which takes 4662 4676 a printer name as its only parameter and resumes the printer queue, 4663 4677 such that queued jobs are resubmitted to the printer.</p><p>This command is not supported by Windows for Workgroups, … … 4671 4685 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code> 4672 4686 </em></span> 4673 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1036"></a>4687 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557131"></a> 4674 4688 4675 4689 read list (S) 4676 </h3></div></div></div><a class="indexterm" name="id255 1038"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>4690 </h3></div></div></div><a class="indexterm" name="id2557132"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p> 4677 4691 This is a list of users that are given read-only access to a service. If the connecting user is in this list 4678 then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" >read only</a> option is set4679 to. The list can include group names using the syntax described in the <a class="link" href="smb.conf.5.html#INVALIDUSERS" >invalid users</a>4692 then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set 4693 to. The list can include group names using the syntax described in the <a class="link" href="smb.conf.5.html#INVALIDUSERS" target="_top">invalid users</a> 4680 4694 parameter. 4681 </p><p>This parameter will not work with the <a class="link" href="smb.conf.5.html#SECURITY" >security = share</a> in4695 </p><p>This parameter will not work with the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = share</a> in 4682 4696 Samba 3.0. This is by design.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal"></code> 4683 4697 </em></span> 4684 4698 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code> 4685 4699 </em></span> 4686 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1136"></a>4700 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557231"></a> 4687 4701 4688 4702 read only (S) 4689 </h3></div></div></div><a class="indexterm" name="id255 1137"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users4703 </h3></div></div></div><a class="indexterm" name="id2557232"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users 4690 4704 of a service may not create or modify files in the service's 4691 4705 directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>) … … 4693 4707 (user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code> 4694 4708 </em></span> 4695 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1213"></a>4709 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557308"></a> 4696 4710 4697 4711 read raw (G) 4698 </h3></div></div></div><a class="indexterm" name="id255 1214"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server4712 </h3></div></div></div><a class="indexterm" name="id2557309"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server 4699 4713 will support the raw read SMB requests when transferring data 4700 4714 to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in … … 4705 4719 tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code> 4706 4720 </em></span> 4707 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1273"></a>4721 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557368"></a> 4708 4722 4709 4723 realm (G) 4710 </h3></div></div></div><a class="indexterm" name="id255 1274"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is4724 </h3></div></div></div><a class="indexterm" name="id2557369"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is 4711 4725 used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It 4712 4726 is usually set to the DNS name of the kerberos server. … … 4715 4729 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code> 4716 4730 </em></span> 4717 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1338"></a>4731 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557433"></a> 4718 4732 4719 4733 registry shares (G) 4720 </h3></div></div></div><a class="indexterm" name="id255 1339"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>4734 </h3></div></div></div><a class="indexterm" name="id2557434"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p> 4721 4735 This turns on or off support for share definitions read from 4722 4736 registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take … … 4733 4747 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>registry shares</code></em> = <code class="literal">yes</code> 4734 4748 </em></span> 4735 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1424"></a>4749 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557519"></a> 4736 4750 4737 4751 remote announce (G) 4738 </h3></div></div></div><a class="indexterm" name="id255 1425"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>4752 </h3></div></div></div><a class="indexterm" name="id2557520"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p> 4739 4753 This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>to periodically announce itself 4740 4754 to arbitrary IP addresses with an arbitrary workgroup name. … … 4750 4764 the above line would cause <code class="literal">nmbd</code> to announce itself 4751 4765 to the two given IP addresses using the given workgroup names. If you leave out the 4752 workgroup name then the one given in the <a class="link" href="smb.conf.5.html#WORKGROUP" >workgroup</a> parameter4766 workgroup name then the one given in the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> parameter 4753 4767 is used instead. 4754 4768 </p><p> … … 4760 4774 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code> 4761 4775 </em></span> 4762 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1529"></a>4776 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557624"></a> 4763 4777 4764 4778 remote browse sync (G) 4765 </h3></div></div></div><a class="indexterm" name="id255 1530"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>4779 </h3></div></div></div><a class="indexterm" name="id2557625"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p> 4766 4780 This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request 4767 4781 synchronization of browse lists with the master browser of a Samba … … 4790 4804 is in fact the browse master on its segment. 4791 4805 </p><p> 4792 The <a class="link" href="smb.conf.5.html#REMOTEBROWSESYNC" >remote browse sync</a> may be used on networks4806 The <a class="link" href="smb.conf.5.html#REMOTEBROWSESYNC" target="_top">remote browse sync</a> may be used on networks 4793 4807 where there is no WINS server, and may be used on disjoint networks where 4794 4808 each network has its own WINS server. 4795 4809 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code> 4796 4810 </em></span> 4797 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1642"></a>4811 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557737"></a> 4798 4812 4799 4813 rename user script (G) 4800 </h3></div></div></div><a class="indexterm" name="id255 1643"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>4814 </h3></div></div></div><a class="indexterm" name="id2557738"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 4801 4815 This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below. 4802 4816 </p><p> … … 4816 4830 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>rename user script</code></em> = <code class="literal">no</code> 4817 4831 </em></span> 4818 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1731"></a>4832 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557827"></a> 4819 4833 4820 4834 reset on zero vc (G) 4821 </h3></div></div></div><a class="indexterm" name="id255 1732"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>4835 </h3></div></div></div><a class="indexterm" name="id2557828"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p> 4822 4836 This boolean option controls whether an incoming session setup 4823 4837 should kill other connections coming from the same IP. This matches … … 4838 4852 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>reset on zero vc</code></em> = <code class="literal">no</code> 4839 4853 </em></span> 4840 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1784"></a>4854 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557880"></a> 4841 4855 4842 4856 restrict anonymous (G) 4843 </h3></div></div></div><a class="indexterm" name="id255 1785"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and4857 </h3></div></div></div><a class="indexterm" name="id2557881"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and 4844 4858 group list information is returned for an anonymous connection. 4845 4859 and mirrors the effects of the … … 4861 4875 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 4862 4876 The security advantage of using restrict anonymous = 2 is removed 4863 by setting <a class="link" href="smb.conf.5.html#GUESTOK" >guest ok = yes</a> on any share.4877 by setting <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> on any share. 4864 4878 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code> 4865 4879 </em></span> 4866 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 1876"></a>4880 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557964"></a> 4867 4881 4868 4882 <a name="ROOT"></a>root 4869 </h3></div></div></div><a class="indexterm" name="id255 1877"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551909"></a>4883 </h3></div></div></div><a class="indexterm" name="id2557965"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557997"></a> 4870 4884 4871 4885 <a name="ROOTDIR"></a>root dir 4872 </h3></div></div></div><a class="indexterm" name="id255 1910"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551940"></a>4886 </h3></div></div></div><a class="indexterm" name="id2557998"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558029"></a> 4873 4887 4874 4888 root directory (G) 4875 </h3></div></div></div><a class="indexterm" name="id255 1942"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.4889 </h3></div></div></div><a class="indexterm" name="id2558030"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e. 4876 4890 Change its root directory) to this directory on startup. This is 4877 4891 not strictly necessary for secure operation. Even without it the … … 4880 4894 parts of the filesystem, or attempts to use ".." in file names 4881 4895 to access other directories (depending on the setting of the 4882 <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" >wide smbconfoptions</a> parameter).4896 <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter). 4883 4897 </p><p>Adding a <em class="parameter"><code>root directory</code></em> entry other 4884 4898 than "/" adds an extra level of security, but at a price. It … … 4896 4910 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code> 4897 4911 </em></span> 4898 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 2064"></a>4912 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558153"></a> 4899 4913 4900 4914 root postexec (S) 4901 </h3></div></div></div><a class="indexterm" name="id255 2066"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>4915 </h3></div></div></div><a class="indexterm" name="id2558154"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p> 4902 4916 This is the same as the <em class="parameter"><code>postexec</code></em> 4903 4917 parameter except that the command is run as root. This is useful for … … 4905 4919 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code> 4906 4920 </em></span> 4907 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 2113"></a>4921 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558202"></a> 4908 4922 4909 4923 root preexec close (S) 4910 </h3></div></div></div><a class="indexterm" name="id255 2114"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close4924 </h3></div></div></div><a class="indexterm" name="id2558203"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close 4911 4925 </code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code> 4912 4926 </em></span> 4913 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 2162"></a>4927 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558250"></a> 4914 4928 4915 4929 root preexec (S) 4916 </h3></div></div></div><a class="indexterm" name="id255 2163"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>4930 </h3></div></div></div><a class="indexterm" name="id2558251"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p> 4917 4931 This is the same as the <em class="parameter"><code>preexec</code></em> 4918 4932 parameter except that the command is run as root. This is useful for … … 4920 4934 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code> 4921 4935 </em></span> 4922 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 2210"></a>4936 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558298"></a> 4923 4937 4924 4938 security mask (S) 4925 </h3></div></div></div><a class="indexterm" name="id255 2211"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>4939 </h3></div></div></div><a class="indexterm" name="id2558299"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p> 4926 4940 This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the 4927 4941 UNIX permission on a file using the native NT security dialog box. 4928 4942 </p><p> 4929 4943 This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting 4930 any bits not in this mask. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#FORCESECURITYMODE" >force security mode</a>, which works in a manner similar to this one but uses a logical OR instead of an AND.4944 any bits not in this mask. Make sure not to mix up this parameter with <a class="link" href="smb.conf.5.html#FORCESECURITYMODE" target="_top">force security mode</a>, which works in a manner similar to this one but uses a logical OR instead of an AND. 4931 4945 </p><p> 4932 4946 Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the … … 4942 4956 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security mask</code></em> = <code class="literal">0770</code> 4943 4957 </em></span> 4944 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 2316"></a>4958 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558405"></a> 4945 4959 4946 4960 security (G) 4947 </h3></div></div></div><a class="indexterm" name="id255 2317"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to4961 </h3></div></div></div><a class="indexterm" name="id2558406"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to 4948 4962 Samba and is one of the most important settings in the <code class="filename"> 4949 4963 smb.conf</code> file.</p><p>The option sets the "security mode bit" in replies to … … 4969 4983 is commonly used for a shared printer server. It is more difficult 4970 4984 to setup guest shares with <code class="literal">security = user</code>, see 4971 the <a class="link" href="smb.conf.5.html#MAPTOGUEST" >map to guest</a>parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em>4985 the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a>parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em> 4972 4986 hybrid mode</em></span> where it is offers both user and share 4973 level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" >NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they4987 level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they 4974 4988 need not log onto the server with a valid username and password before 4975 4989 attempting to connect to a shared resource (although modern clients … … 4984 4998 techniques to determine the correct UNIX user to use on behalf 4985 4999 of the client.</p><p>A list of possible UNIX usernames to match with the given 4986 client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" >guest only</a> parameter is set, then all the other4987 stages are missed and only the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a> username is checked.5000 client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> parameter is set, then all the other 5001 stages are missed and only the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a> username is checked. 4988 5002 </p></li><li><p>Is a username is sent with the share connection 4989 request, then this username (after mapping - see <a class="link" href="smb.conf.5.html#USERNAMEMAP" >username map</a>),5003 request, then this username (after mapping - see <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a>), 4990 5004 is added as a potential username. 4991 5005 </p></li><li><p>If the client did a previous <span class="emphasis"><em>logon … … 4996 5010 </p></li><li><p>The NetBIOS name of the client is added to 4997 5011 the list as a potential username. 4998 </p></li><li><p>Any users on the <a class="link" href="smb.conf.5.html#USER" >user</a> list are added as potential usernames.5012 </p></li><li><p>Any users on the <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> list are added as potential usernames. 4999 5013 </p></li></ul></div><p>If the <em class="parameter"><code>guest only</code></em> parameter is 5000 5014 not set, then this list is then tried with the supplied password. … … 5008 5022 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba 3.0. 5009 5023 With user-level security a client must first "log-on" with a 5010 valid username and password (which can be mapped using the <a class="link" href="smb.conf.5.html#USERNAMEMAP" >username map</a>5011 parameter). Encrypted passwords (see the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" >encrypted passwords</a> parameter) can also5012 be used in this security mode. Parameters such as <a class="link" href="smb.conf.5.html#USER" >user</a> and <a class="link" href="smb.conf.5.html#GUESTONLY">guest only</a> if set are then applied and5024 valid username and password (which can be mapped using the <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> 5025 parameter). Encrypted passwords (see the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter) can also 5026 be used in this security mode. Parameters such as <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> and <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> if set are then applied and 5013 5027 may change the UNIX user to use on this connection, but only after 5014 5028 the user has been successfully authenticated.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being … … 5016 5030 the server has successfully authenticated the client. This is why 5017 5031 guest shares don't work in user level security without allowing 5018 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a>.5019 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" >map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a class="citerefentry" href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this5020 machine into a Windows NT Domain. It expects the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" >encrypted passwords</a>5032 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. 5033 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a class="citerefentry" href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this 5034 machine into a Windows NT Domain. It expects the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> 5021 5035 parameter to be set to <code class="constant">yes</code>. In this 5022 5036 mode Samba will try to validate the username/password by passing … … 5032 5046 the server has successfully authenticated the client. This is why 5033 5047 guest shares don't work in user level security without allowing 5034 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a>.5035 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" >map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">5036 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" >password server</a> parameter and5037 the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" >encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p>5048 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. 5049 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"> 5050 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> parameter and 5051 the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p> 5038 5052 In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an 5039 5053 NT box. If this fails it will revert to <code class="literal">security = user</code>. It expects the 5040 <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" >encrypted passwords</a> parameter to be set to <code class="constant">yes</code>, unless the remote5054 <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter to be set to <code class="constant">yes</code>, unless the remote 5041 5055 server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot 5042 5056 revert back to checking the UNIX password file, it must have a valid <code class="filename">smbpasswd</code> file to check users against. See the chapter about the User Database in … … 5058 5072 the server has successfully authenticated the client. This is why 5059 5073 guest shares don't work in user level security without allowing 5060 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" >guest account</a>.5061 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" >map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">5062 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" >password server</a> parameter and the5063 <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" >encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSADS"></a><span class="emphasis"><em>SECURITY = ADS</em></span></p><p>In this mode, Samba will act as a domain member in an ADS realm. To operate5074 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. 5075 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"> 5076 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> parameter and the 5077 <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSADS"></a><span class="emphasis"><em>SECURITY = ADS</em></span></p><p>In this mode, Samba will act as a domain member in an ADS realm. To operate 5064 5078 in this mode, the machine running Samba will need to have Kerberos installed 5065 5079 and configured and Samba will need to be joined to the ADS realm using the … … 5069 5083 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code> 5070 5084 </em></span> 5071 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3195"></a>5085 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559289"></a> 5072 5086 5073 5087 server schannel (G) 5074 </h3></div></div></div><a class="indexterm" name="id255 3196"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>5088 </h3></div></div></div><a class="indexterm" name="id2559290"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 5075 5089 This controls whether the server offers or even demands the use of the netlogon schannel. 5076 <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" >server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel.5090 <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel. 5077 5091 This is only the case for Windows NT4 before SP4. 5078 5092 </p><p> … … 5083 5097 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code> 5084 5098 </em></span> 5085 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3311"></a>5099 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559405"></a> 5086 5100 5087 5101 server signing (G) 5088 </h3></div></div></div><a class="indexterm" name="id255 3312"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the server offers or requires5102 </h3></div></div></div><a class="indexterm" name="id2559406"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the server offers or requires 5089 5103 the client it talks to to use SMB signing. Possible values 5090 5104 are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span> … … 5094 5108 to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code> 5095 5109 </em></span> 5096 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3372"></a>5110 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559466"></a> 5097 5111 5098 5112 server string (G) 5099 </h3></div></div></div><a class="indexterm" name="id255 3373"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print5113 </h3></div></div></div><a class="indexterm" name="id2559467"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print 5100 5114 manager and next to the IPC connection in <code class="literal">net view</code>. It 5101 5115 can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next … … 5106 5120 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server string</code></em> = <code class="literal">University of GNUs Samba Server</code> 5107 5121 </em></span> 5108 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3464"></a>5122 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559558"></a> 5109 5123 5110 5124 set directory (S) 5111 </h3></div></div></div><a class="indexterm" name="id255 3465"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>5125 </h3></div></div></div><a class="indexterm" name="id2559559"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p> 5112 5126 If <code class="literal">set directory = no</code>, then users of the 5113 5127 service may not use the setdir command to change directory. … … 5118 5132 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code> 5119 5133 </em></span> 5120 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3524"></a>5134 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559618"></a> 5121 5135 5122 5136 set primary group script (G) 5123 </h3></div></div></div><a class="indexterm" name="id255 3525"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a5137 </h3></div></div></div><a class="indexterm" name="id2559619"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a 5124 5138 primary group in addition to the auxiliary groups. This script 5125 5139 sets the primary group in the unix userdatase when an … … 5133 5147 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code> 5134 5148 </em></span> 5135 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3606"></a>5149 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559700"></a> 5136 5150 5137 5151 set quota command (G) 5138 </h3></div></div></div><a class="indexterm" name="id255 3607"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used5152 </h3></div></div></div><a class="indexterm" name="id2559701"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used 5139 5153 whenever there is no operating system API available from the OS that 5140 5154 samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or … … 5146 5160 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code> 5147 5161 </em></span> 5148 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3769"></a>5162 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559863"></a> 5149 5163 5150 5164 share modes (S) 5151 </h3></div></div></div><a class="indexterm" name="id255 3770"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of5165 </h3></div></div></div><a class="indexterm" name="id2559864"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of 5152 5166 the <em class="parameter"><code>share modes</code></em> during a file open. These 5153 5167 modes are used by clients to gain exclusive read or write access … … 5162 5176 off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code> 5163 5177 </em></span> 5164 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id255 3863"></a>5178 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559956"></a> 5165 5179 5166 5180 short preserve case (S) 5167 </h3></div></div></div><a class="indexterm" name="id255 3864"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>5181 </h3></div></div></div><a class="indexterm" name="id2559957"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p> 5168 5182 This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of 5169 suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" >default case</a>.5170 This option can be use with <a class="link" href="smb.conf.5.html#PRESERVECASE" >preserve case = yes</a> to permit long filenames5183 suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>. 5184 This option can be use with <a class="link" href="smb.conf.5.html#PRESERVECASE" target="_top">preserve case = yes</a> to permit long filenames 5171 5185 to retain their case, while short names are lowered. 5172 5186 </p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code> 5173 5187 </em></span> 5174 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 53942"></a>5188 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560036"></a> 5175 5189 5176 5190 show add printer wizard (G) 5177 </h3></div></div></div><a class="indexterm" name="id25 53943"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support5191 </h3></div></div></div><a class="indexterm" name="id2560037"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support 5178 5192 for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 5179 5193 appear on Samba hosts in the share listing. Normally this folder will … … 5193 5207 administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code> 5194 5208 </em></span> 5195 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54026"></a>5209 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560120"></a> 5196 5210 5197 5211 shutdown script (G) 5198 </h3></div></div></div><a class="indexterm" name="id25 54027"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by5212 </h3></div></div></div><a class="indexterm" name="id2560121"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by 5199 5213 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should 5200 5214 start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>, … … 5221 5235 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>shutdown script</code></em> = <code class="literal">/usr/local/samba/sbin/shutdown %m %t %r %f</code> 5222 5236 </em></span> 5223 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54179"></a>5237 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560273"></a> 5224 5238 5225 5239 smb encrypt (S) 5226 </h3></div></div></div><a class="indexterm" name="id25 54180"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an5240 </h3></div></div></div><a class="indexterm" name="id2560274"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an 5227 5241 extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions. 5228 5242 SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt … … 5247 5261 and signing all the data. 5248 5262 </p><p>If SMB encryption is selected, Windows style SMB signing (see 5249 the <a class="link" href="smb.conf.5.html#SERVERSIGNING" >server signing</a> option) is no longer necessary,5263 the <a class="link" href="smb.conf.5.html#SERVERSIGNING" target="_top">server signing</a> option) is no longer necessary, 5250 5264 as the GSSAPI flags use select both signing and sealing of the data. 5251 5265 </p><p>When set to auto, SMB encryption is offered, but not enforced. … … 5253 5267 to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code> 5254 5268 </em></span> 5255 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54286"></a>5269 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560379"></a> 5256 5270 5257 5271 smb passwd file (G) 5258 </h3></div></div></div><a class="indexterm" name="id25 54287"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By5272 </h3></div></div></div><a class="indexterm" name="id2560380"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By 5259 5273 default the path to the smbpasswd file is compiled into Samba.</p><p> 5260 5274 An example of use is: … … 5264 5278 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code> 5265 5279 </em></span> 5266 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54339"></a>5280 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560433"></a> 5267 5281 5268 5282 smb ports (G) 5269 </h3></div></div></div><a class="indexterm" name="id25 54340"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>5270 </em></span> 5271 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54381"></a>5283 </h3></div></div></div><a class="indexterm" name="id2560434"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code> 5284 </em></span> 5285 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560475"></a> 5272 5286 5273 5287 socket address (G) 5274 </h3></div></div></div><a class="indexterm" name="id2554382"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what 5275 address Samba will listen for connections on. This is used to 5276 support multiple virtual interfaces on the one server, each 5277 with a different configuration.</p><p>By default Samba will accept connections on any 5288 </h3></div></div></div><a class="indexterm" name="id2560476"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what 5289 address Samba will listen for connections on. This is used to 5290 support multiple virtual interfaces on the one server, each 5291 with a different configuration.</p><p>Setting this option should never be necessary on usual Samba 5292 servers running only one nmbd.</p><p>By default Samba will accept connections on any 5278 5293 address.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal"></code> 5279 5294 </em></span> 5280 5295 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal">192.168.2.20</code> 5281 5296 </em></span> 5282 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54446"></a>5297 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560545"></a> 5283 5298 5284 5299 socket options (G) 5285 </h3></div></div></div><a class="indexterm" name="id25 54447"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options5300 </h3></div></div></div><a class="indexterm" name="id2560546"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options 5286 5301 to be used when talking with the client.</p><p>Socket options are controls on the networking layer 5287 5302 of the operating systems which allow the connection to be … … 5311 5326 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code> 5312 5327 </em></span> 5313 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54657"></a>5328 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560755"></a> 5314 5329 5315 5330 stat cache (G) 5316 </h3></div></div></div><a class="indexterm" name="id25 54658"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to5331 </h3></div></div></div><a class="indexterm" name="id2560756"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to 5317 5332 speed up case insensitive name mappings. You should never need 5318 5333 to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code> 5319 5334 </em></span> 5320 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54708"></a>5335 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560807"></a> 5321 5336 5322 5337 store dos attributes (S) 5323 </h3></div></div></div><a class="indexterm" name="id25 54709"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>5338 </h3></div></div></div><a class="indexterm" name="id2560808"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p> 5324 5339 If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or 5325 5340 READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such 5326 as occurs with <a class="link" href="smb.conf.5.html#MAPHIDDEN" >map hidden</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY">map readonly</a>). When set, DOS5341 as occurs with <a class="link" href="smb.conf.5.html#MAPHIDDEN" target="_top">map hidden</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY" target="_top">map readonly</a>). When set, DOS 5327 5342 attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or 5328 directory. For no other mapping to occur as a fall-back, the parameters <a class="link" href="smb.conf.5.html#MAPHIDDEN" >map hidden</a>,5329 <a class="link" href="smb.conf.5.html#MAPSYSTEM" >map system</a>, <a class="link" href="smb.conf.5.html#MAPARCHIVE">map archive</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY">map readonly</a> must be set to off. This parameter writes the DOS attributes as a string into the extended5343 directory. For no other mapping to occur as a fall-back, the parameters <a class="link" href="smb.conf.5.html#MAPHIDDEN" target="_top">map hidden</a>, 5344 <a class="link" href="smb.conf.5.html#MAPSYSTEM" target="_top">map system</a>, <a class="link" href="smb.conf.5.html#MAPARCHIVE" target="_top">map archive</a> and <a class="link" href="smb.conf.5.html#MAPREADONLY" target="_top">map readonly</a> must be set to off. This parameter writes the DOS attributes as a string into the extended 5330 5345 attribute named "user.DOSATTRIB". This extended attribute is explicitly hidden from smbd clients requesting an 5331 5346 EA list. On Linux the filesystem must have been mounted with the mount option user_xattr in order for … … 5333 5348 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code> 5334 5349 </em></span> 5335 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54829"></a>5350 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560928"></a> 5336 5351 5337 5352 strict allocate (S) 5338 </h3></div></div></div><a class="indexterm" name="id25 54830"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of5353 </h3></div></div></div><a class="indexterm" name="id2560930"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of 5339 5354 disk space allocation in the server. When this is set to <code class="constant">yes</code> 5340 5355 the server will change from UNIX behaviour of not committing real … … 5348 5363 of users.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code> 5349 5364 </em></span> 5350 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54900"></a>5365 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560999"></a> 5351 5366 5352 5367 strict locking (S) 5353 </h3></div></div></div><a class="indexterm" name="id25 54901"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>5368 </h3></div></div></div><a class="indexterm" name="id2561000"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p> 5354 5369 This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>, 5355 5370 the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on … … 5367 5382 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code> 5368 5383 </em></span> 5369 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 54979"></a>5384 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561078"></a> 5370 5385 5371 5386 strict sync (S) 5372 </h3></div></div></div><a class="indexterm" name="id25 54980"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer5387 </h3></div></div></div><a class="indexterm" name="id2561079"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer 5373 5388 shell) seem to confuse flushing buffer contents to disk with doing 5374 5389 a sync to disk. Under UNIX, a sync call forces the process to be … … 5384 5399 reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code> 5385 5400 </em></span> 5386 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55044"></a>5401 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561143"></a> 5387 5402 5388 5403 svcctl list (G) 5389 </h3></div></div></div><a class="indexterm" name="id25 55045"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd5404 </h3></div></div></div><a class="indexterm" name="id2561144"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd 5390 5405 will use for starting and stopping Unix services via the Win32 5391 5406 ServiceControl API. This allows Windows administrators to … … 5400 5415 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>svcctl list</code></em> = <code class="literal">cups postfix portmap httpd</code> 5401 5416 </em></span> 5402 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55129"></a>5417 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561228"></a> 5403 5418 5404 5419 sync always (S) 5405 </h3></div></div></div><a class="indexterm" name="id25 55130"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls5420 </h3></div></div></div><a class="indexterm" name="id2561230"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls 5406 5421 whether writes will always be written to stable storage before 5407 5422 the write call returns. If this is <code class="constant">no</code> then the server will be … … 5414 5429 any affect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code> 5415 5430 </em></span> 5416 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55200"></a>5431 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561299"></a> 5417 5432 5418 5433 syslog only (G) 5419 </h3></div></div></div><a class="indexterm" name="id25 55201"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>5434 </h3></div></div></div><a class="indexterm" name="id2561300"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 5420 5435 If this parameter is set then Samba debug messages are logged into the system 5421 5436 syslog only, and not to the debug log files. There still will be some … … 5423 5438 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code> 5424 5439 </em></span> 5425 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55247"></a>5440 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561347"></a> 5426 5441 5427 5442 syslog (G) 5428 </h3></div></div></div><a class="indexterm" name="id25 55248"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>5443 </h3></div></div></div><a class="indexterm" name="id2561348"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p> 5429 5444 This parameter maps how Samba debug messages are logged onto the system syslog logging levels. 5430 5445 Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto … … 5437 5452 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code> 5438 5453 </em></span> 5439 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55317"></a>5454 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561417"></a> 5440 5455 5441 5456 template homedir (G) 5442 </h3></div></div></div><a class="indexterm" name="id25 55318"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT5457 </h3></div></div></div><a class="indexterm" name="id2561418"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT 5443 5458 user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this 5444 5459 parameter to fill in the home directory for that user. If the … … 5448 5463 is substituted with the user's Windows NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code> 5449 5464 </em></span> 5450 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55383"></a>5465 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561483"></a> 5451 5466 5452 5467 template shell (G) 5453 </h3></div></div></div><a class="indexterm" name="id25 55384"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT5468 </h3></div></div></div><a class="indexterm" name="id2561484"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT 5454 5469 user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this 5455 parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55422"></a>5470 parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561522"></a> 5456 5471 5457 5472 time offset (G) 5458 </h3></div></div></div><a class="indexterm" name="id25 55423"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add5473 </h3></div></div></div><a class="indexterm" name="id2561523"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add 5459 5474 to the normal GMT to local time conversion. This is useful if 5460 5475 you are serving a lot of PCs that have incorrect daylight … … 5463 5478 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code> 5464 5479 </em></span> 5465 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55482"></a>5480 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561582"></a> 5466 5481 5467 5482 time server (G) 5468 </h3></div></div></div><a class="indexterm" name="id25 55483"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows5483 </h3></div></div></div><a class="indexterm" name="id2561583"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows 5469 5484 clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code> 5470 5485 </em></span> 5471 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55532"></a>5486 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561632"></a> 5472 5487 5473 5488 unix charset (G) 5474 </h3></div></div></div><a class="indexterm" name="id25 55533"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine5489 </h3></div></div></div><a class="indexterm" name="id2561633"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine 5475 5490 Samba runs on uses. Samba needs to know this in order to be able to 5476 5491 convert text to the charsets other SMB clients use. … … 5481 5496 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code> 5482 5497 </em></span> 5483 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55598"></a>5498 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561698"></a> 5484 5499 5485 5500 unix extensions (G) 5486 </h3></div></div></div><a class="indexterm" name="id25 55599"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba5501 </h3></div></div></div><a class="indexterm" name="id2561699"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba 5487 5502 implments the CIFS UNIX extensions, as defined by HP. 5488 5503 These extensions enable Samba to better serve UNIX CIFS clients … … 5491 5506 no current use to Windows clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code> 5492 5507 </em></span> 5493 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55645"></a>5508 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561746"></a> 5494 5509 5495 5510 unix password sync (G) 5496 </h3></div></div></div><a class="indexterm" name="id25 55646"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba5511 </h3></div></div></div><a class="indexterm" name="id2561747"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba 5497 5512 attempts to synchronize the UNIX password with the SMB password 5498 5513 when the encrypted SMB password in the smbpasswd file is changed. … … 5503 5518 access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code> 5504 5519 </em></span> 5505 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55706"></a>5520 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561807"></a> 5506 5521 5507 5522 update encrypted (G) 5508 </h3></div></div></div><a class="indexterm" name="id25 55708"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>5523 </h3></div></div></div><a class="indexterm" name="id2561808"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p> 5509 5524 This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) 5510 5525 password in the smbpasswd file to be updated automatically as they log on. This option allows a site to … … 5516 5531 in the smbpasswd file this parameter should be set to <code class="constant">no</code>. 5517 5532 </p><p> 5518 In order for this parameter to be operative the <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" >encrypt passwords</a> parameter must5519 be set to <code class="constant">no</code>. The default value of <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" >encrypt passwords = Yes</a>. Note: This must be set to <code class="constant">no</code> for this <a class="link" href="smb.conf.5.html#UPDATEENCRYPTED">update encrypted</a> to work.5533 In order for this parameter to be operative the <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords</a> parameter must 5534 be set to <code class="constant">no</code>. The default value of <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = Yes</a>. Note: This must be set to <code class="constant">no</code> for this <a class="link" href="smb.conf.5.html#UPDATEENCRYPTED" target="_top">update encrypted</a> to work. 5520 5535 </p><p> 5521 5536 Note that even when this parameter is set a user authenticating to <code class="literal">smbd</code> … … 5524 5539 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>update encrypted</code></em> = <code class="literal">no</code> 5525 5540 </em></span> 5526 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55825"></a>5541 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561925"></a> 5527 5542 5528 5543 use client driver (S) 5529 </h3></div></div></div><a class="indexterm" name="id25 55826"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/20005544 </h3></div></div></div><a class="indexterm" name="id2561926"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000 5530 5545 clients. It has no effect on Windows 95/98/ME clients. When 5531 5546 serving a printer to Windows NT/2000 clients without first installing … … 5552 5567 server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code> 5553 5568 </em></span> 5554 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55917"></a>5569 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562018"></a> 5555 5570 5556 5571 use kerberos keytab (G) 5557 </h3></div></div></div><a class="indexterm" name="id25 55918"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p>5572 </h3></div></div></div><a class="indexterm" name="id2562019"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p> 5558 5573 Specifies whether Samba should attempt to maintain service principals in the systems 5559 5574 keytab file for <code class="constant">host/FQDN</code> and <code class="constant">cifs/FQDN</code>. … … 5567 5582 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use kerberos keytab</code></em> = <code class="literal">False</code> 5568 5583 </em></span> 5569 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 55985"></a>5584 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562086"></a> 5570 5585 5571 5586 use mmap (G) 5572 </h3></div></div></div><a class="indexterm" name="id25 55986"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can5587 </h3></div></div></div><a class="indexterm" name="id2562087"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can 5573 5588 depend on mmap working correctly on the running system. Samba requires a coherent 5574 5589 mmap/read-write system memory cache. Currently only HPUX does not have such a … … 5579 5594 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code> 5580 5595 </em></span> 5581 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56038"></a>5596 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562138"></a> 5582 5597 5583 5598 username level (G) 5584 </h3></div></div></div><a class="indexterm" name="id25 56039"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at5599 </h3></div></div></div><a class="indexterm" name="id2562139"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at 5585 5600 the real UNIX username, as many DOS clients send an all-uppercase 5586 5601 username. By default Samba tries all lowercase, followed by the … … 5597 5612 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username level</code></em> = <code class="literal">5</code> 5598 5613 </em></span> 5599 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56119"></a>5614 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562220"></a> 5600 5615 5601 5616 username map script (G) 5602 </h3></div></div></div><a class="indexterm" name="id25 56120"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the5603 <a class="link" href="smb.conf.5.html#USERNAMEMAP" >username map</a> parameter. This parameter5617 </h3></div></div></div><a class="indexterm" name="id2562221"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the 5618 <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> parameter. This parameter 5604 5619 specifies and external program or script that must accept a single 5605 5620 command line option (the username transmitted in the authentication … … 5611 5626 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map script</code></em> = <code class="literal">/etc/samba/scripts/mapusers.sh</code> 5612 5627 </em></span> 5613 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56195"></a>5628 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562297"></a> 5614 5629 5615 5630 username map (G) 5616 </h3></div></div></div><a class="indexterm" name="id25 56196"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>5631 </h3></div></div></div><a class="indexterm" name="id2562298"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p> 5617 5632 This option allows you to specify a file containing a mapping of usernames from the clients to the server. 5618 5633 This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows … … 5670 5685 <code class="constant">fred</code> is remapped to <code class="constant">mary</code> then you will actually be connecting to 5671 5686 \\server\mary and will need to supply a password suitable for <code class="constant">mary</code> not 5672 <code class="constant">fred</code>. The only exception to this is the username passed to the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" >password server</a> (if you have one). The password server will receive whatever username the client5687 <code class="constant">fred</code>. The only exception to this is the username passed to the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> (if you have one). The password server will receive whatever username the client 5673 5688 supplies without modification. 5674 5689 </p><p> … … 5698 5713 # no username map</code> 5699 5714 </em></span> 5700 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56476"></a>5715 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562576"></a> 5701 5716 5702 5717 <a name="USER"></a>user 5703 </h3></div></div></div><a class="indexterm" name="id25 56477"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556508"></a>5718 </h3></div></div></div><a class="indexterm" name="id2562578"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562608"></a> 5704 5719 5705 5720 <a name="USERS"></a>users 5706 </h3></div></div></div><a class="indexterm" name="id25 56509"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556539"></a>5721 </h3></div></div></div><a class="indexterm" name="id2562610"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562640"></a> 5707 5722 5708 5723 username (S) 5709 </h3></div></div></div><a class="indexterm" name="id25 56540"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited5724 </h3></div></div></div><a class="indexterm" name="id2562641"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited 5710 5725 list, in which case the supplied password will be tested against 5711 5726 each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when … … 5726 5741 telnet session. The daemon runs as the user that they log in as, 5727 5742 so they cannot do anything that user cannot do.</p><p>To restrict a service to a particular set of users you 5728 can use the <a class="link" href="smb.conf.5.html#VALIDUSERS" >valid users</a> parameter.</p><p>If any of the usernames begin with a '@' then the name5743 can use the <a class="link" href="smb.conf.5.html#VALIDUSERS" target="_top">valid users</a> parameter.</p><p>If any of the usernames begin with a '@' then the name 5729 5744 will be looked up first in the NIS netgroups list (if Samba 5730 5745 is compiled with netgroup support), followed by a lookup in … … 5745 5760 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code> 5746 5761 </em></span> 5747 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56709"></a>5762 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562810"></a> 5748 5763 5749 5764 usershare allow guests (G) 5750 </h3></div></div></div><a class="indexterm" name="id25 56710"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed5765 </h3></div></div></div><a class="indexterm" name="id2562812"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed 5751 5766 to be accessed by non-authenticated users or not. It is the equivalent 5752 5767 of allowing people who can create a share the option of setting … … 5755 5770 is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code> 5756 5771 </em></span> 5757 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56762"></a>5772 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562863"></a> 5758 5773 5759 5774 usershare max shares (G) 5760 </h3></div></div></div><a class="indexterm" name="id25 56763"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares5775 </h3></div></div></div><a class="indexterm" name="id2562864"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares 5761 5776 that are allowed to be created by users belonging to the group owning the 5762 5777 usershare directory. If set to zero (the default) user defined shares are ignored. 5763 5778 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code> 5764 5779 </em></span> 5765 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56808"></a>5780 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562908"></a> 5766 5781 5767 5782 usershare owner only (G) 5768 </h3></div></div></div><a class="indexterm" name="id25 56809"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by5783 </h3></div></div></div><a class="indexterm" name="id2562909"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by 5769 5784 a user defined shares must be owned by the user creating the 5770 5785 user defined share or not. If set to True (the default) then … … 5776 5791 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code> 5777 5792 </em></span> 5778 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56857"></a>5793 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562958"></a> 5779 5794 5780 5795 usershare path (G) 5781 </h3></div></div></div><a class="indexterm" name="id25 56858"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the5796 </h3></div></div></div><a class="indexterm" name="id2562959"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the 5782 5797 filesystem used to store the user defined share definition files. 5783 5798 This directory must be owned by root, and have no access for … … 5800 5815 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code> 5801 5816 </em></span> 5802 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 56928"></a>5817 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563029"></a> 5803 5818 5804 5819 usershare prefix allow list (G) 5805 </h3></div></div></div><a class="indexterm" name="id25 56929"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames5820 </h3></div></div></div><a class="indexterm" name="id2563030"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames 5806 5821 the root of which are allowed to be exported by user defined share definitions. 5807 5822 If the pathname exported doesn't start with one of the strings in this … … 5818 5833 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code> 5819 5834 </em></span> 5820 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57001"></a>5835 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563102"></a> 5821 5836 5822 5837 usershare prefix deny list (G) 5823 </h3></div></div></div><a class="indexterm" name="id25 57002"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames5838 </h3></div></div></div><a class="indexterm" name="id2563103"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames 5824 5839 the root of which are NOT allowed to be exported by user defined share definitions. 5825 5840 If the pathname exported starts with one of the strings in this … … 5837 5852 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code> 5838 5853 </em></span> 5839 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57076"></a>5854 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563176"></a> 5840 5855 5841 5856 usershare template share (G) 5842 </h3></div></div></div><a class="indexterm" name="id25 57077"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters5857 </h3></div></div></div><a class="indexterm" name="id2563177"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters 5843 5858 such as path, guest ok etc. This parameter allows usershares to 5844 5859 "cloned" from an existing share. If "usershare template share" … … 5855 5870 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code> 5856 5871 </em></span> 5857 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57148"></a>5872 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563249"></a> 5858 5873 5859 5874 use sendfile (S) 5860 </h3></div></div></div><a class="indexterm" name="id25 57149"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>5875 </h3></div></div></div><a class="indexterm" name="id2563250"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code> 5861 5876 system call is supported by the underlying operating system, then some SMB read calls 5862 5877 (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that … … 5867 5882 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use sendfile</code></em> = <code class="literal">false</code> 5868 5883 </em></span> 5869 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57205"></a>5884 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563307"></a> 5870 5885 5871 5886 use spnego (G) 5872 </h3></div></div></div><a class="indexterm" name="id25 57206"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try5887 </h3></div></div></div><a class="indexterm" name="id2563308"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try 5873 5888 to use Simple and Protected NEGOciation (as specified by rfc2478) with 5874 5889 WindowsXP and Windows2000 clients to agree upon an authentication mechanism. … … 5878 5893 disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code> 5879 5894 </em></span> 5880 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57255"></a>5895 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563356"></a> 5881 5896 5882 5897 utmp directory (G) 5883 </h3></div></div></div><a class="indexterm" name="id25 57256"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has5898 </h3></div></div></div><a class="indexterm" name="id2563357"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has 5884 5899 been configured and compiled with the option <code class="literal"> 5885 5900 --with-utmp</code>. It specifies a directory pathname that is … … 5893 5908 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>utmp directory</code></em> = <code class="literal">/var/run/utmp</code> 5894 5909 </em></span> 5895 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57333"></a>5910 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563434"></a> 5896 5911 5897 5912 utmp (G) 5898 </h3></div></div></div><a class="indexterm" name="id25 57334"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>5913 </h3></div></div></div><a class="indexterm" name="id2563435"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 5899 5914 This boolean parameter is only available if Samba has been configured and compiled 5900 5915 with the option <code class="literal">--with-utmp</code>. If set to … … 5908 5923 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code> 5909 5924 </em></span> 5910 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57396"></a>5925 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563497"></a> 5911 5926 5912 5927 valid users (S) 5913 </h3></div></div></div><a class="indexterm" name="id25 57397"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>5928 </h3></div></div></div><a class="indexterm" name="id2563498"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p> 5914 5929 This is a list of users that should be allowed to login to this service. Names starting with 5915 5930 '@', '+' and '&' are interpreted using the same rules as described in the … … 5927 5942 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>valid users</code></em> = <code class="literal">greg, @pcusers</code> 5928 5943 </em></span> 5929 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57487"></a>5944 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563588"></a> 5930 5945 5931 5946 -valid (S) 5932 </h3></div></div></div><a class="indexterm" name="id25 57488"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is5947 </h3></div></div></div><a class="indexterm" name="id2563589"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is 5933 5948 valid and thus can be used. When this parameter is set to false, 5934 5949 the share will be in no way visible nor accessible. … … 5939 5954 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code> 5940 5955 </em></span> 5941 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57536"></a>5956 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563638"></a> 5942 5957 5943 5958 veto files (S) 5944 </h3></div></div></div><a class="indexterm" name="id25 57537"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>5959 </h3></div></div></div><a class="indexterm" name="id2563639"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 5945 5960 This is a list of files and directories that are neither visible nor accessible. Each entry in 5946 5961 the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' … … 5950 5965 unix directory separator '/'. 5951 5966 </p><p> 5952 Note that the <a class="link" href="smb.conf.5.html#CASESENSITIVE" >case sensitive</a> option is applicable in vetoing files.5967 Note that the <a class="link" href="smb.conf.5.html#CASESENSITIVE" target="_top">case sensitive</a> option is applicable in vetoing files. 5953 5968 </p><p> 5954 5969 One feature of the veto files parameter that it is important to be aware of is Samba's behaviour when 5955 5970 trying to delete a directory. If a directory that is to be deleted contains nothing but veto files this 5956 deletion will <span class="emphasis"><em>fail</em></span> unless you also set the <a class="link" href="smb.conf.5.html#DELETEVETOFILES" >delete veto files</a>5971 deletion will <span class="emphasis"><em>fail</em></span> unless you also set the <a class="link" href="smb.conf.5.html#DELETEVETOFILES" target="_top">delete veto files</a> 5957 5972 parameter to <em class="parameter"><code>yes</code></em>. 5958 5973 </p><p> … … 5973 5988 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto files</code></em> = <code class="literal">No files or directories are vetoed.</code> 5974 5989 </em></span> 5975 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57655"></a>5990 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563757"></a> 5976 5991 5977 5992 veto oplock files (S) 5978 </h3></div></div></div><a class="indexterm" name="id25 57656"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>5979 This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" >oplocks</a>5993 </h3></div></div></div><a class="indexterm" name="id2563758"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 5994 This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a> 5980 5995 parameter is turned on for a share. It allows the Samba administrator 5981 5996 to selectively turn off the granting of oplocks on selected files that 5982 5997 match a wildcarded list, similar to the wildcarded list used in the 5983 <a class="link" href="smb.conf.5.html#VETOFILES" >veto files</a> parameter.5998 <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a> parameter. 5984 5999 </p><p> 5985 6000 You might want to do this on files that you know will be heavily contended … … 5997 6012 # No files are vetoed for oplock grants</code> 5998 6013 </em></span> 5999 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57748"></a>6014 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563850"></a> 6000 6015 6001 6016 <a name="VFSOBJECT"></a>vfs object 6002 </h3></div></div></div><a class="indexterm" name="id25 57749"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557780"></a>6017 </h3></div></div></div><a class="indexterm" name="id2563851"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563882"></a> 6003 6018 6004 6019 vfs objects (S) 6005 </h3></div></div></div><a class="indexterm" name="id25 57781"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which6020 </h3></div></div></div><a class="indexterm" name="id2563883"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which 6006 6021 are used for Samba VFS I/O operations. By default, normal 6007 6022 disk I/O operations are used but these can be overloaded … … 6010 6025 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code> 6011 6026 </em></span> 6012 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57840"></a>6027 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563942"></a> 6013 6028 6014 6029 volume (S) 6015 </h3></div></div></div><a class="indexterm" name="id25 57841"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label6030 </h3></div></div></div><a class="indexterm" name="id2563943"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label 6016 6031 returned for a share. Useful for CDROMs with installation programs 6017 6032 that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal"> 6018 6033 # the name of the share</code> 6019 6034 </em></span> 6020 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57884"></a>6035 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563985"></a> 6021 6036 6022 6037 wide links (S) 6023 </h3></div></div></div><a class="indexterm" name="id25 57885"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links6038 </h3></div></div></div><a class="indexterm" name="id2563986"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links 6024 6039 in the UNIX file system may be followed by the server. Links 6025 6040 that point to areas within the directory tree exported by the … … 6029 6044 that Samba has to do in order to perform the link checks.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wide links</code></em> = <code class="literal">yes</code> 6030 6045 </em></span> 6031 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 57936"></a>6046 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564038"></a> 6032 6047 6033 6048 winbind cache time (G) 6034 </h3></div></div></div><a class="indexterm" name="id25 57937"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of6049 </h3></div></div></div><a class="indexterm" name="id2564039"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of 6035 6050 seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache 6036 6051 user and group information before querying a Windows NT server 6037 6052 again.</p><p> 6038 6053 This does not apply to authentication requests, these are always 6039 evaluated in real time unless the <a class="link" href="smb.conf.5.html#WINBINDOFFLINELOGON" >winbind offline logon</a> option has been enabled.6054 evaluated in real time unless the <a class="link" href="smb.conf.5.html#WINBINDOFFLINELOGON" target="_top">winbind offline logon</a> option has been enabled. 6040 6055 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code> 6041 6056 </em></span> 6042 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58007"></a>6057 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564109"></a> 6043 6058 6044 6059 winbind enum groups (G) 6045 </h3></div></div></div><a class="indexterm" name="id25 58008"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress6060 </h3></div></div></div><a class="indexterm" name="id2564110"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress 6046 6061 the enumeration of groups through the <code class="literal">setgrent()</code>, 6047 6062 <code class="literal">getgrent()</code> and … … 6051 6066 call will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code> 6052 6067 </em></span> 6053 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58098"></a>6068 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564200"></a> 6054 6069 6055 6070 winbind enum users (G) 6056 </h3></div></div></div><a class="indexterm" name="id25 58099"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be6071 </h3></div></div></div><a class="indexterm" name="id2564201"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be 6057 6072 necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>, 6058 6073 <code class="literal">getpwent()</code> and … … 6066 6081 usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code> 6067 6082 </em></span> 6068 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58191"></a>6083 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564293"></a> 6069 6084 6070 6085 winbind expand groups (G) 6071 </h3></div></div></div><a class="indexterm" name="id25 58192"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd6086 </h3></div></div></div><a class="indexterm" name="id2564294"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd 6072 6087 will traverse when flattening nested group memberships 6073 6088 of Windows domain groups. This is different from the 6074 <a class="link" href="smb.conf.5.html#WINBINDNESTEDGROUPS" >winbind nested groups</a> option6089 <a class="link" href="smb.conf.5.html#WINBINDNESTEDGROUPS" target="_top">winbind nested groups</a> option 6075 6090 which implements the Windows NT4 model of local group 6076 6091 nesting. The "winbind expand groups" … … 6081 6096 incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code> 6082 6097 </em></span> 6083 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58260"></a>6098 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564362"></a> 6084 6099 6085 6100 winbind nested groups (G) 6086 </h3></div></div></div><a class="indexterm" name="id25 58261"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested6101 </h3></div></div></div><a class="indexterm" name="id2564363"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested 6087 6102 groups. Nested groups are also called local groups or 6088 6103 aliases. They work like their counterparts in Windows: Nested … … 6092 6107 groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code> 6093 6108 </em></span> 6094 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58309"></a>6109 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564412"></a> 6095 6110 6096 6111 winbind normalize names (G) 6097 </h3></div></div></div><a class="indexterm" name="id25 58310"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace6112 </h3></div></div></div><a class="indexterm" name="id2564413"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace 6098 6113 whitespace in user and group names with an underscore (_) character. 6099 6114 For example, whether the name "Space Kadet" should be … … 6107 6122 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code> 6108 6123 </em></span> 6109 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58376"></a>6124 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564478"></a> 6110 6125 6111 6126 winbind nss info (G) 6112 </h3></div></div></div><a class="indexterm" name="id25 58377"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name6127 </h3></div></div></div><a class="indexterm" name="id2564479"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name 6113 6128 Service Information to construct a user's home directory and login shell. 6114 6129 Currently the following settings are available: … … 6132 6147 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">template sfu</code> 6133 6148 </em></span> 6134 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58495"></a>6149 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564598"></a> 6135 6150 6136 6151 winbind offline logon (G) 6137 </h3></div></div></div><a class="indexterm" name="id25 58496"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should6152 </h3></div></div></div><a class="indexterm" name="id2564599"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should 6138 6153 allow to login with the <em class="parameter"><code>pam_winbind</code></em> 6139 6154 module using Cached Credentials. If enabled, winbindd will store user credentials … … 6143 6158 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code> 6144 6159 </em></span> 6145 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58564"></a>6160 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564667"></a> 6146 6161 6147 6162 winbind refresh tickets (G) 6148 </h3></div></div></div><a class="indexterm" name="id25 58565"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets6163 </h3></div></div></div><a class="indexterm" name="id2564668"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets 6149 6164 retrieved using the <em class="parameter"><code>pam_winbind</code></em> module. 6150 6165 … … 6153 6168 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code> 6154 6169 </em></span> 6155 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58631"></a>6170 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564733"></a> 6156 6171 6157 6172 winbind rpc only (G) 6158 </h3></div></div></div><a class="indexterm" name="id25 58632"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>6173 </h3></div></div></div><a class="indexterm" name="id2564734"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 6159 6174 Setting this parameter to <code class="literal">yes</code> forces 6160 6175 winbindd to use RPC instead of LDAP to retrieve information from Domain … … 6162 6177 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code> 6163 6178 </em></span> 6164 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58680"></a>6179 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564782"></a> 6165 6180 6166 6181 winbind separator (G) 6167 </h3></div></div></div><a class="indexterm" name="id25 58681"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character6182 </h3></div></div></div><a class="indexterm" name="id2564783"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character 6168 6183 used when listing a username of the form of <em class="replaceable"><code>DOMAIN 6169 6184 </code></em>\<em class="replaceable"><code>user</code></em>. This parameter … … 6176 6191 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code> 6177 6192 </em></span> 6178 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58767"></a>6193 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564869"></a> 6179 6194 6180 6195 winbind trusted domains only (G) 6181 </h3></div></div></div><a class="indexterm" name="id25 58768"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>6196 </h3></div></div></div><a class="indexterm" name="id2564870"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 6182 6197 This parameter is designed to allow Samba servers that are members 6183 6198 of a Samba controlled domain to use UNIX accounts distributed via NIS, … … 6187 6202 </p><p> 6188 6203 This parameter is now deprecated in favor of the newer idmap_nss backend. 6189 Refer to the <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" >idmap domains</a> smb.conf option and6204 Refer to the <a class="link" href="smb.conf.5.html#IDMAPDOMAINS" target="_top">idmap domains</a> smb.conf option and 6190 6205 the <a class="citerefentry" href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a> man page for more information. 6191 6206 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code> 6192 6207 </em></span> 6193 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58846"></a>6208 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564948"></a> 6194 6209 6195 6210 winbind use default domain (G) 6196 </h3></div></div></div><a class="indexterm" name="id25 58847"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the6211 </h3></div></div></div><a class="indexterm" name="id2564949"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the 6197 6212 <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users 6198 6213 without domain component in their username. Users without a domain … … 6204 6219 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code> 6205 6220 </em></span> 6206 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 58919"></a>6221 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565021"></a> 6207 6222 6208 6223 wins hook (G) 6209 </h3></div></div></div><a class="indexterm" name="id25 58920"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this6224 </h3></div></div></div><a class="indexterm" name="id2565022"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this 6210 6225 allows you to call an external program for all changes to the 6211 6226 WINS database. The primary use for this option is to allow the … … 6228 6243 empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update 6229 6244 program <code class="literal">nsupdate</code> is provided in the examples 6230 directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59025"></a>6245 directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565127"></a> 6231 6246 6232 6247 wins proxy (G) 6233 </h3></div></div></div><a class="indexterm" name="id25 59026"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name6248 </h3></div></div></div><a class="indexterm" name="id2565128"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name 6234 6249 queries on behalf of other hosts. You may need to set this 6235 6250 to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code> 6236 6251 </em></span> 6237 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59080"></a>6252 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565182"></a> 6238 6253 6239 6254 wins server (G) 6240 </h3></div></div></div><a class="indexterm" name="id25 59081"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP6255 </h3></div></div></div><a class="indexterm" name="id2565183"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP 6241 6256 address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on 6242 6257 your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a … … 6257 6272 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code> 6258 6273 </em></span> 6259 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59190"></a>6274 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565292"></a> 6260 6275 6261 6276 wins support (G) 6262 </h3></div></div></div><a class="indexterm" name="id25 59191"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should6277 </h3></div></div></div><a class="indexterm" name="id2565294"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should 6263 6278 not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and 6264 6279 you wish a particular <code class="literal">nmbd</code> to be your WINS server. … … 6266 6281 on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code> 6267 6282 </em></span> 6268 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59260"></a>6283 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565362"></a> 6269 6284 6270 6285 workgroup (G) 6271 </h3></div></div></div><a class="indexterm" name="id25 59261"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will6286 </h3></div></div></div><a class="indexterm" name="id2565363"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will 6272 6287 appear to be in when queried by clients. Note that this parameter 6273 6288 also controls the Domain name used with 6274 the <a class="link" href="smb.conf.5.html#SECURITY" >security = domain</a>6289 the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> 6275 6290 setting.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">WORKGROUP</code> 6276 6291 </em></span> 6277 6292 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code> 6278 6293 </em></span> 6279 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59332"></a>6294 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565434"></a> 6280 6295 6281 6296 <a name="WRITABLE"></a>writable 6282 </h3></div></div></div><a class="indexterm" name="id25 59333"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559363"></a>6297 </h3></div></div></div><a class="indexterm" name="id2565435"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565466"></a> 6283 6298 6284 6299 writeable (S) 6285 </h3></div></div></div><a class="indexterm" name="id25 59364"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>6286 </em></span> 6287 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59414"></a>6300 </h3></div></div></div><a class="indexterm" name="id2565467"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code> 6301 </em></span> 6302 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565517"></a> 6288 6303 6289 6304 write cache size (S) 6290 </h3></div></div></div><a class="indexterm" name="id25 59415"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,6305 </h3></div></div></div><a class="indexterm" name="id2565518"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value, 6291 6306 Samba will create an in-memory cache for each oplocked file 6292 6307 (it does <span class="emphasis"><em>not</em></span> do this for … … 6306 6321 # for a 256k cache size per file</code> 6307 6322 </em></span> 6308 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59497"></a>6323 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565600"></a> 6309 6324 6310 6325 write list (S) 6311 </h3></div></div></div><a class="indexterm" name="id25 59498"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>6326 </h3></div></div></div><a class="indexterm" name="id2565601"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p> 6312 6327 This is a list of users that are given read-write access to a service. If the 6313 6328 connecting user is in this list then they will be given write access, no matter 6314 what the <a class="link" href="smb.conf.5.html#READONLY" >read only</a> option is set to. The list can6329 what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set to. The list can 6315 6330 include group names using the @group syntax. 6316 6331 </p><p> … … 6319 6334 </p><p> 6320 6335 By design, this parameter will not work with the 6321 <a class="link" href="smb.conf.5.html#SECURITY" >security = share</a> in Samba 3.0.6336 <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = share</a> in Samba 3.0. 6322 6337 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal"></code> 6323 6338 </em></span> 6324 6339 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code> 6325 6340 </em></span> 6326 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59591"></a>6341 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565694"></a> 6327 6342 6328 6343 write raw (G) 6329 </h3></div></div></div><a class="indexterm" name="id25 59592"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server6344 </h3></div></div></div><a class="indexterm" name="id2565695"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server 6330 6345 will support raw write SMB's when transferring data from clients. 6331 6346 You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code> 6332 6347 </em></span> 6333 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25 59634"></a>6348 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565738"></a> 6334 6349 6335 6350 wtmp directory (G) 6336 </h3></div></div></div><a class="indexterm" name="id25 59635"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>6351 </h3></div></div></div><a class="indexterm" name="id2565739"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p> 6337 6352 This parameter is only available if Samba has been configured and compiled with the option <code class="literal"> 6338 6353 --with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on … … 6346 6361 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = <code class="literal">/var/log/wtmp</code> 6347 6362 </em></span> 6348 </p></dd></dl></div></div></div></div><div class="refsect1" lang="en"><a name="id25 59718"></a><h2>WARNINGS</h2><p>6363 </p></dd></dl></div></div></div></div><div class="refsect1" lang="en"><a name="id2565821"></a><h2>WARNINGS</h2><p> 6349 6364 Although the configuration file permits service names to contain spaces, your client software may not. 6350 6365 Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility. … … 6359 6374 care when designing these sections. In particular, ensure that the permissions on spool directories are 6360 6375 correct. 6361 </p></div><div class="refsect1" lang="en"><a name="id25 59768"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2559779"></a><h2>SEE ALSO</h2><p>6362 <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id25 59858"></a><h2>AUTHOR</h2><p>6376 </p></div><div class="refsect1" lang="en"><a name="id2565871"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2565882"></a><h2>SEE ALSO</h2><p> 6377 <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2565962"></a><h2>AUTHOR</h2><p> 6363 6378 The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed 6364 6379 by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
Note:
See TracChangeset
for help on using the changeset viewer.
