Ignore:
Timestamp:
Jan 15, 2010, 8:21:06 AM (16 years ago)
Author:
Herwig Bauernfeind
Message:

Update Samba 3.3 to 3.3.10 (docs)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/samba-3.3.x/docs/htmldocs/manpages/smb.conf.5.html

    r309 r368  
    1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf &#8212; The configuration file for the Samba suite</p></div><div class="refsect1" lang="en"><a name="id2522916"></a><h2>SYNOPSIS</h2><p>
     1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb.conf</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smb.conf"><a name="smb.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smb.conf &#8212; The configuration file for the Samba suite</p></div><div class="refsect1" title="SYNOPSIS"><a name="id2528887"></a><h2>SYNOPSIS</h2><p>
    22        The <code class="filename">smb.conf</code> file is a configuration  file for the Samba suite. <code class="filename">smb.conf</code> contains  runtime configuration information for the Samba programs. The
    33         <code class="filename">smb.conf</code> file is designed to be configured and administered by the
    44         <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a> program. The
    55        complete description of the file format and possible parameters held within are here for reference purposes.
    6         </p></div><div class="refsect1" lang="en"><a name="FILEFORMATSECT"></a><h2>FILE FORMAT</h2><p>
     6        </p></div><div class="refsect1" title="FILE FORMAT"><a name="FILEFORMATSECT"></a><h2>FILE FORMAT</h2><p>
    77        The file consists of sections and parameters. A section begins with the name of the section in square brackets
    88        and continues until the next section begins. Sections contain parameters of the form:
     
    1919        retained verbatim.
    2020        </p><p>
    21         Any line beginning with a semicolon (&#8220;<span class="quote">;</span>&#8221;) or a hash (&#8220;<span class="quote">#</span>&#8221;)
     21        Any line beginning with a semicolon (<span class="quote">&#8220;<span class="quote">;</span>&#8221;</span>) or a hash (<span class="quote">&#8220;<span class="quote">#</span>&#8221;</span>)
    2222        character is ignored, as are lines containing only whitespace.
    2323        </p><p>
    24         Any line ending in a &#8220;<span class="quote"><code class="literal">\</code></span>&#8221; is continued on the next line in the customary UNIX fashion.
     24        Any line ending in a <span class="quote">&#8220;<span class="quote"><code class="literal">\</code></span>&#8221;</span> is continued on the next line in the customary UNIX fashion.
    2525        </p><p>
    2626        The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean,
    2727        which may be given as yes/no, 1/0 or true/false. Case is not significant in boolean values, but is preserved
    2828        in string values. Some items such as create masks are numeric.
    29         </p></div><div class="refsect1" lang="en"><a name="id2483409"></a><h2>SECTION DESCRIPTIONS</h2><p>
     29        </p></div><div class="refsect1" title="SECTION DESCRIPTIONS"><a name="id2489374"></a><h2>SECTION DESCRIPTIONS</h2><p>
    3030        Each section in the configuration file (except for the [global] section) describes a shared resource (known as
    31         a &#8220;<span class="quote">share</span>&#8221;). The section name is the name of the shared resource and the parameters within the
     31        a <span class="quote">&#8220;<span class="quote">share</span>&#8221;</span>). The section name is the name of the shared resource and the parameters within the
    3232        section define the shares attributes.
    3333        </p><p>
     
    7070        <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a>
    7171</pre><p>
    72         </p></div><div class="refsect1" lang="en"><a name="id2481485"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" lang="en"><a name="id2481491"></a><h3>The [global] section</h3><p>
     72        </p></div><div class="refsect1" title="SPECIAL SECTIONS"><a name="id2487452"></a><h2>SPECIAL SECTIONS</h2><div class="refsect2" title="The [global] section"><a name="id2487457"></a><h3>The [global] section</h3><p>
    7373                Parameters in this section apply to the server as a whole, or are defaults for sections that do not
    7474                specifically define certain items. See the notes under PARAMETERS for more information.
    75                 </p></div><div class="refsect2" lang="en"><a name="HOMESECT"></a><h3>The [homes] section</h3><p>
     75                </p></div><div class="refsect2" title="The [homes] section"><a name="HOMESECT"></a><h3>The [homes] section</h3><p>
    7676                If a section called [homes] is included in the configuration file, services connecting clients
    7777                to their home directories can be created on the fly by the server.
     
    8383                </p><p>
    8484                Some modifications are then made to the newly created share:
    85                 </p><div class="itemizedlist"><ul type="disc"><li><p>
     85                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
    8686                        The share name is changed from homes to the located username.
    87                         </p></li><li><p>
     87                        </p></li><li class="listitem"><p>
    8888                        If no path was given, the path is set to the user's home directory.
    8989                        </p></li></ul></div><p>
     
    9898                of fuss.
    9999                </p><p>
    100                 A similar process occurs if the requested section name is &#8220;<span class="quote">homes</span>&#8221;, except that the share
     100                A similar process occurs if the requested section name is <span class="quote">&#8220;<span class="quote">homes</span>&#8221;</span>, except that the share
    101101                name is not changed to that of the requesting user. This method of using the [homes] section works well if
    102102                different users share a client PC.
     
    116116                flag, not the [homes] browseable flag. This is useful as it means setting <span class="emphasis"><em>browseable = no</em></span> in
    117117                the [homes] section will hide the [homes] share but make any auto home directories visible.
    118                 </p></div><div class="refsect2" lang="en"><a name="PRINTERSSECT"></a><h3>The [printers] section</h3><p>
     118                </p></div><div class="refsect2" title="The [printers] section"><a name="PRINTERSSECT"></a><h3>The [printers] section</h3><p>
    119119                This section works like [homes], but for printers.
    120120                </p><p>
     
    129129                </p><p>
    130130                A few modifications are then made to the newly created share:
    131                 </p><div class="itemizedlist"><ul type="disc"><li><p>The share name is set to the located printer name</p></li><li><p>If no printer name was given, the printer name is set to the located printer name</p></li><li><p>If the share does not permit guest access and no username was given, the username is set
     131                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The share name is set to the located printer name</p></li><li class="listitem"><p>If no printer name was given, the printer name is set to the located printer name</p></li><li class="listitem"><p>If the share does not permit guest access and no username was given, the username is set
    132132                                to the located printer name.</p></li></ul></div><p>
    133133                The [printers] service MUST be printable - if you specify otherwise, the server will refuse
     
    157157                An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines,
    158158                components (if there are more than one) are separated by vertical bar symbols (<code class="literal">|</code>).
    159                 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
     159                </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    160160                On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use
    161161                <code class="literal">printcap name = lpstat</code> to automatically obtain a list of printers. See the
    162162                <code class="literal">printcap name</code> option for more details.
    163                 </p></div></div></div><div class="refsect1" lang="en"><a name="id2481804"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete
     163                </p></div></div></div><div class="refsect1" title="USERSHARES"><a name="id2487774"></a><h2>USERSHARES</h2><p>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete
    164164        their own share definitions has been added. This capability is called <span class="emphasis"><em>usershares</em></span> and
    165165        is controlled by a set of parameters in the [global] section of the smb.conf.
     
    185185        to the global
    186186        section of your <code class="filename">smb.conf</code>. Members of the group foo may then manipulate the user defined shares
    187         using the following commands.</p><div class="variablelist"><dl><dt><span class="term">net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]</span></dt><dd><p>To create or modify (overwrite) a user defined share.</p></dd><dt><span class="term">net usershare delete sharename</span></dt><dd><p>To delete a user defined share.</p></dd><dt><span class="term">net usershare list wildcard-sharename</span></dt><dd><p>To list user defined shares.</p></dd><dt><span class="term">net usershare info wildcard-sharename</span></dt><dd><p>To print information about user defined shares.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2482031"></a><h2>PARAMETERS</h2><p>Parameters define the specific attributes of sections.</p><p>
     187        using the following commands.</p><div class="variablelist"><dl><dt><span class="term">net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]</span></dt><dd><p>To create or modify (overwrite) a user defined share.</p></dd><dt><span class="term">net usershare delete sharename</span></dt><dd><p>To delete a user defined share.</p></dd><dt><span class="term">net usershare list wildcard-sharename</span></dt><dd><p>To list user defined shares.</p></dd><dt><span class="term">net usershare info wildcard-sharename</span></dt><dd><p>To print information about user defined shares.</p></dd></dl></div></div><div class="refsect1" title="PARAMETERS"><a name="id2488001"></a><h2>PARAMETERS</h2><p>Parameters define the specific attributes of sections.</p><p>
    188188        Some parameters are specific to the [global] section (e.g., <span class="emphasis"><em>security</em></span>).  Some parameters
    189189        are usable in all sections (e.g., <span class="emphasis"><em>create mask</em></span>). All others are permissible only in normal
     
    197197        find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred
    198198        synonym.
    199         </p></div><div class="refsect1" lang="en"><a name="id2532544"></a><h2>VARIABLE SUBSTITUTIONS</h2><p>
     199        </p></div><div class="refsect1" title="VARIABLE SUBSTITUTIONS"><a name="id2538515"></a><h2>VARIABLE SUBSTITUTIONS</h2><p>
    200200        Many of the strings that are settable in the config file can take substitutions. For example the option
    201         &#8220;<span class="quote">path = /tmp/%u</span>&#8221; is interpreted as &#8220;<span class="quote">path = /tmp/john</span>&#8221; if the user connected with the
     201        <span class="quote">&#8220;<span class="quote">path = /tmp/%u</span>&#8221;</span> is interpreted as <span class="quote">&#8220;<span class="quote">path = /tmp/john</span>&#8221;</span> if the user connected with the
    202202        username john.
    203203        </p><p>
     
    211211                        functionality to function as it did with Samba 2.x.
    212212                        </p></dd><dt><span class="term">%L</span></dt><dd><p>the NetBIOS name of the server. This allows you to change your config based on what
    213                         the client calls you. Your server can have a &#8220;<span class="quote">dual personality</span>&#8221;.
     213                        the client calls you. Your server can have a <span class="quote">&#8220;<span class="quote">dual personality</span>&#8221;</span>.
    214214                </p></dd><dt><span class="term">%M</span></dt><dd><p>the Internet name of the client machine.
    215215                </p></dd><dt><span class="term">%R</span></dt><dd><p>the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS,
     
    239239        There are some quite creative things that can be done with these substitutions and other
    240240        <code class="filename">smb.conf</code> options.
    241         </p></div><div class="refsect1" lang="en"><a name="NAMEMANGLINGSECT"></a><h2>NAME MANGLING</h2><p>
     241        </p></div><div class="refsect1" title="NAME MANGLING"><a name="NAMEMANGLINGSECT"></a><h2>NAME MANGLING</h2><p>
    242242        Samba supports <code class="literal">name mangling</code> so that DOS and Windows clients can use files that don't
    243243        conform to the 8.3 format. It can also be set to adjust the case of 8.3 format filenames.
     
    277277        then the "default case" option will be applied and will modify all filenames sent from the client
    278278        when accessing this share.
    279         </p></div><div class="refsect1" lang="en"><a name="VALIDATIONSECT"></a><h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2><p>
     279        </p></div><div class="refsect1" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"><a name="VALIDATIONSECT"></a><h2>NOTE ABOUT USERNAME/PASSWORD VALIDATION</h2><p>
    280280        There are a number of ways in which a user can connect to a service. The server uses the following steps
    281281        in determining if it will allow a connection to a specified service. If all the steps fail, the connection
    282282        request is rejected.  However, if one of the steps succeeds, the following steps are not checked.
    283283        </p><p>
    284         If the service is marked &#8220;<span class="quote">guest only = yes</span>&#8221; and the server is running with share-level
    285         security (&#8220;<span class="quote">security = share</span>&#8221;, steps 1 to 5 are skipped.
    286         </p><div class="orderedlist"><ol type="1"><li><p>
     284        If the service is marked <span class="quote">&#8220;<span class="quote">guest only = yes</span>&#8221;</span> and the server is running with share-level
     285        security (<span class="quote">&#8220;<span class="quote">security = share</span>&#8221;</span>, steps 1 to 5 are skipped.
     286        </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
    287287                If the client has passed a username/password pair and that username/password pair is validated by the UNIX
    288288                system's password programs, the connection is made as that username. This includes the
    289289                <code class="literal">\\server\service</code>%<em class="replaceable"><code>username</code></em> method of passing a username.
    290                 </p></li><li><p>
     290                </p></li><li class="listitem"><p>
    291291                If the client has previously registered a username with the system and now supplies a correct password for that
    292292                username, the connection is allowed.
    293                 </p></li><li><p>
     293                </p></li><li class="listitem"><p>
    294294                The client's NetBIOS name and any previously used usernames are checked against the supplied password. If
    295295                they match, the connection is allowed as the corresponding user.
    296                 </p></li><li><p>
     296                </p></li><li class="listitem"><p>
    297297                If the client has previously validated a username/password pair with the server and the client has passed
    298298                the validation token, that username is used.
    299                 </p></li><li><p>
     299                </p></li><li class="listitem"><p>
    300300                If a <code class="literal">user = </code> field is given in the <code class="filename">smb.conf</code> file for the
    301301                service and the client has supplied a password, and that password matches (according to the UNIX system's
     
    303303                the username in the <code class="literal">user =</code> line. If one of the usernames in the <code class="literal">user =</code> list
    304304                begins with a <code class="literal">@</code>, that name expands to a list of names in the group of the same name.
    305                 </p></li><li><p>
     305                </p></li><li class="listitem"><p>
    306306                If the service is a guest service, a connection is made as the username given in the <code class="literal">guest account
    307307                =</code> for the service, irrespective of the supplied password.
    308                 </p></li></ol></div></div><div class="refsect1" lang="en"><a name="id2533244"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
     308                </p></li></ol></div></div><div class="refsect1" title="REGISTRY-BASED CONFIGURATION"><a name="id2539216"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
    309309                Starting with Samba version 3.2.0, the capability to
    310310                store Samba configuration in the registry is available.
     
    312312                 <span class="emphasis"><em><code class="literal">HKLM\Software\Samba\smbconf</code></em></span>.
    313313                There are two levels of registry configuration:
    314         </p><div class="orderedlist"><ol type="1"><li><p>Share definitions stored in registry are used.
     314        </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Share definitions stored in registry are used.
    315315                This is triggered by setting the global
    316316                parameter <em class="parameter"><code>registry shares</code></em>
    317                 to &#8220;<span class="quote">yes</span>&#8221; in <span class="emphasis"><em>smb.conf</em></span>.
     317                to <span class="quote">&#8220;<span class="quote">yes</span>&#8221;</span> in <span class="emphasis"><em>smb.conf</em></span>.
    318318                </p><p>The registry shares are loaded not at startup but
    319319                on demand at runtime by <span class="emphasis"><em>smbd</em></span>.
    320320                Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
    321321                priority over shares of the same name defined in
    322                 registry.</p></li><li><p>Global <span class="emphasis"><em>smb.conf</em></span>
     322                registry.</p></li><li class="listitem"><p>Global <span class="emphasis"><em>smb.conf</em></span>
    323323                options stored in registry are used. This can be activated
    324324                in two different ways:</p><p>Firstly, a registry only configuration is triggered
     
    361361                accessing the database file, circumventing the
    362362                server.
    363         </p></div><div class="refsect1" lang="en"><a name="id2533420"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section" lang="en"><div class="titlepage"></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533430"></a>
     363        </p></div><div class="refsect1" title="EXPLANATION OF EACH PARAMETER"><a name="id2539391"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section"><div class="titlepage"></div><div class="section" title="abort shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539402"></a>
    364364
    365365abort shutdown script (G)
    366 </h3></div></div></div><a class="indexterm" name="id2533432"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
     366</h3></div></div></div><a class="indexterm" name="id2539403"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
    367367        should stop a shutdown procedure issued by the <a class="link" href="smb.conf.5.html#SHUTDOWNSCRIPT" target="_top">shutdown script</a>.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
    368368        right, this command will be run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">""</code>
     
    370370</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">/sbin/shutdown -c</code>
    371371</em></span>
    372 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533510"></a>
     372</p></dd></dl></div></div><div class="section" title="acl check permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539481"></a>
    373373
    374374acl check permissions (S)
    375 </h3></div></div></div><a class="indexterm" name="id2533511"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
     375</h3></div></div></div><a class="indexterm" name="id2539482"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
    376376    from a Windows client. If a Windows client doesn't have permissions to delete a file then they
    377377    expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by
     
    393393    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code>
    394394</em></span>
    395 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2481367"></a>
     395</p></dd></dl></div></div><div class="section" title="acl compatibility (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2487333"></a>
    396396
    397397acl compatibility (G)
    398 </h3></div></div></div><a class="indexterm" name="id2481368"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
     398</h3></div></div></div><a class="indexterm" name="id2487334"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
    399399        be compatible with. Possible values are <span class="emphasis"><em>winnt</em></span> for Windows NT 4,
    400400        <span class="emphasis"><em>win2k</em></span> for Windows 2000 and above and <span class="emphasis"><em>auto</em></span>.
     
    405405</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>acl compatibility</code></em> = <code class="literal">win2k</code>
    406406</em></span>
    407 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2481444"></a>
     407</p></dd></dl></div></div><div class="section" title="acl group control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2487409"></a>
    408408
    409409acl group control (S)
    410 </h3></div></div></div><a class="indexterm" name="id2481445"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     410</h3></div></div></div><a class="indexterm" name="id2487410"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    411411        In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
    412412        and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
     
    435435        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl group control</code></em> = <code class="literal">no</code>
    436436</em></span>
    437 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533901"></a>
     437</p></dd></dl></div></div><div class="section" title="acl map full control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539872"></a>
    438438
    439439acl map full control (S)
    440 </h3></div></div></div><a class="indexterm" name="id2533902"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     440</h3></div></div></div><a class="indexterm" name="id2539873"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    441441        This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum
    442442        allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX
     
    446446        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl map full control</code></em> = <code class="literal">True</code>
    447447</em></span>
    448 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533952"></a>
     448</p></dd></dl></div></div><div class="section" title="add group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539923"></a>
    449449
    450450add group script (G)
    451 </h3></div></div></div><a class="indexterm" name="id2533953"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     451</h3></div></div></div><a class="indexterm" name="id2539924"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    452452        This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a new group is requested. It
    453453        will expand any <em class="parameter"><code>%g</code></em> to the group name passed. This script is only useful
     
    459459</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add group script</code></em> = <code class="literal">/usr/sbin/groupadd %g</code>
    460460</em></span>
    461 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534027"></a>
     461</p></dd></dl></div></div><div class="section" title="add machine script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2539998"></a>
    462462
    463463add machine script (G)
    464 </h3></div></div></div><a class="indexterm" name="id2534028"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     464</h3></div></div></div><a class="indexterm" name="id2539999"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    465465        This is the full pathname to a script that will  be run by
    466466         <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a machine is
     
    473473</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = <code class="literal">/usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u</code>
    474474</em></span>
    475 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534106"></a>
     475</p></dd></dl></div></div><div class="section" title="add port command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540077"></a>
    476476
    477477add port command (G)
    478 </h3></div></div></div><a class="indexterm" name="id2534107"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
     478</h3></div></div></div><a class="indexterm" name="id2540078"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
    479479        remotely using the Windows "Add Standard TCP/IP Port Wizard".
    480480        This option defines an external program to be executed when
    481481        smbd receives a request to add a new Port to the system.
    482         The script is passed two parameters:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>port name</code></em></p></li><li><p><em class="parameter"><code>device URI</code></em></p></li></ul></div><p>The deviceURI is in the for of socket://&lt;hostname&gt;[:&lt;portnumber&gt;]
     482        The script is passed two parameters:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>port name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>device URI</code></em></p></li></ul></div><p>The deviceURI is in the for of socket://&lt;hostname&gt;[:&lt;portnumber&gt;]
    483483        or lpd://&lt;hostname&gt;/&lt;queuename&gt;.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal"></code>
    484484</em></span>
    485485</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal">/etc/samba/scripts/addport.sh</code>
    486486</em></span>
    487 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534189"></a>
     487</p></dd></dl></div></div><div class="section" title="addprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540161"></a>
    488488
    489489addprinter command (G)
    490 </h3></div></div></div><a class="indexterm" name="id2534190"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
     490</h3></div></div></div><a class="indexterm" name="id2540162"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
    491491    support for Windows NT/2000 clients in Samba 2.2, The MS Add
    492492    Printer Wizard (APW) icon is now also available in the
     
    502502    shared by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.</p><p>The <em class="parameter"><code>addprinter command</code></em> is
    503503    automatically invoked with the following parameter (in
    504     order):</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>printer name</code></em></p></li><li><p><em class="parameter"><code>share name</code></em></p></li><li><p><em class="parameter"><code>port name</code></em></p></li><li><p><em class="parameter"><code>driver name</code></em></p></li><li><p><em class="parameter"><code>location</code></em></p></li><li><p><em class="parameter"><code>Windows 9x driver location</code></em></p></li></ul></div><p>All parameters are filled in from the PRINTER_INFO_2 structure sent
     504    order):</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>printer name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>share name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>port name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>driver name</code></em></p></li><li class="listitem"><p><em class="parameter"><code>location</code></em></p></li><li class="listitem"><p><em class="parameter"><code>Windows 9x driver location</code></em></p></li></ul></div><p>All parameters are filled in from the PRINTER_INFO_2 structure sent
    505505    by the Windows NT/2000 client with one exception.  The "Windows 9x
    506506    driver location" parameter is included for backwards compatibility
     
    519519</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>addprinter command</code></em> = <code class="literal">/usr/bin/addprinter</code>
    520520</em></span>
    521 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534377"></a>
     521</p></dd></dl></div></div><div class="section" title="add share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540350"></a>
    522522
    523523add share command (G)
    524 </h3></div></div></div><a class="indexterm" name="id2534378"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     524</h3></div></div></div><a class="indexterm" name="id2540351"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    525525        Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
    526526        Manager.  The <em class="parameter"><code>add share command</code></em> is used to define an external program
     
    538538        When executed, <code class="literal">smbd</code> will automatically invoke the
    539539        <em class="parameter"><code>add share command</code></em> with five parameters.
    540         </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location of the global <code class="filename">smb.conf</code> file.
    541                         </p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of the new share.
    542                         </p></li><li><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
     540        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location of the global <code class="filename">smb.conf</code> file.
     541                        </p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of the new share.
     542                        </p></li><li class="listitem"><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
    543543                        directory on disk.
    544                         </p></li><li><p><em class="parameter"><code>comment</code></em> - comment string to associate with the new
     544                        </p></li><li class="listitem"><p><em class="parameter"><code>comment</code></em> - comment string to associate with the new
    545545                        share.
    546                         </p></li><li><p><em class="parameter"><code>max
     546                        </p></li><li class="listitem"><p><em class="parameter"><code>max
    547547                        connections</code></em>
    548548                        Number of maximum simultaneous connections to this
     
    554554</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add share command</code></em> = <code class="literal">/usr/local/bin/addshare</code>
    555555</em></span>
    556 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534563"></a>
     556</p></dd></dl></div></div><div class="section" title="add user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540535"></a>
    557557
    558558add user script (G)
    559 </h3></div></div></div><a class="indexterm" name="id2534564"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     559</h3></div></div></div><a class="indexterm" name="id2540536"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    560560        This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by
    561561        <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
     
    592592</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = <code class="literal">/usr/local/samba/bin/add_user %u</code>
    593593</em></span>
    594 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534774"></a>
     594</p></dd></dl></div></div><div class="section" title="add user to group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540746"></a>
    595595
    596596add user to group script (G)
    597 </h3></div></div></div><a class="indexterm" name="id2534775"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     597</h3></div></div></div><a class="indexterm" name="id2540747"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    598598        Full path to the script that will be called when a user is added to a group using the Windows NT domain administration
    599599        tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
     
    607607</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user to group script</code></em> = <code class="literal">/usr/sbin/adduser %u %g</code>
    608608</em></span>
    609 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534861"></a>
     609</p></dd></dl></div></div><div class="section" title="administrative share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540833"></a>
    610610
    611611administrative share (S)
    612 </h3></div></div></div><a class="indexterm" name="id2534862"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
     612</h3></div></div></div><a class="indexterm" name="id2540834"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
    613613      a share, then the share will be an administrative share. The Administrative
    614614      Shares are the default network shares created by all Windows NT-based
     
    617617      information about this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>administrative share</code></em> = <code class="literal">no</code>
    618618</em></span>
    619 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534920"></a>
     619</p></dd></dl></div></div><div class="section" title="admin users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540891"></a>
    620620
    621621admin users (S)
    622 </h3></div></div></div><a class="indexterm" name="id2534921"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
     622</h3></div></div></div><a class="indexterm" name="id2540892"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
    623623    administrative privileges on the share. This means that they
    624624    will do all file operations as the super-user (root).</p><p>You should use this option very carefully, as any user in
     
    629629</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = <code class="literal">jason</code>
    630630</em></span>
    631 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2534992"></a>
     631</p></dd></dl></div></div><div class="section" title="afs share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2540963"></a>
    632632
    633633afs share (S)
    634 </h3></div></div></div><a class="indexterm" name="id2534993"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
     634</h3></div></div></div><a class="indexterm" name="id2540964"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
    635635        for this share. If enabled, it assumes that the directory exported via
    636636        the <em class="parameter"><code>path</code></em> parameter is a local AFS import. The
     
    639639        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>afs share</code></em> = <code class="literal">no</code>
    640640</em></span>
    641 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535039"></a>
     641</p></dd></dl></div></div><div class="section" title="afs username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541011"></a>
    642642
    643643afs username map (G)
    644 </h3></div></div></div><a class="indexterm" name="id2535040"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
     644</h3></div></div></div><a class="indexterm" name="id2541012"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
    645645        want to hand-craft the usernames you are creating tokens for.
    646646        For example this is necessary if you have users from several domain
     
    652652</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>afs username map</code></em> = <code class="literal">%u@afs.samba.org</code>
    653653</em></span>
    654 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535102"></a>
     654</p></dd></dl></div></div><div class="section" title="aio read size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541073"></a>
    655655
    656656aio read size (S)
    657 </h3></div></div></div><a class="indexterm" name="id2535103"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
     657</h3></div></div></div><a class="indexterm" name="id2541074"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
    658658    integer parameter is set to non-zero value,
    659659    Samba will read from file asynchronously when size of request is bigger
     
    666666    request size</code>
    667667</em></span>
    668 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535188"></a>
     668</p></dd></dl></div></div><div class="section" title="aio write behind (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541160"></a>
     669
     670aio write behind (S)
     671</h3></div></div></div><a class="indexterm" name="id2541161"></a><a name="AIOWRITEBEHIND"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support,
     672        Samba will not wait until write requests are finished before returning
     673        the result to the client for files listed in this parameter.
     674        Instead, Samba will immediately return that the write
     675        request has been finished successfully, no matter if the
     676        operation will succeed or not. This might speed up clients without
     677        aio support, but is really dangerous, because data could be lost
     678        and files could be damaged.
     679        </p><p>
     680        The syntax is identical to the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
     681        parameter.
     682        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal"></code>
     683</em></span>
     684</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal">/*.tmp/</code>
     685</em></span>
     686</p></dd></dl></div></div><div class="section" title="aio write size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541231"></a>
    669687
    670688aio write size (S)
    671 </h3></div></div></div><a class="indexterm" name="id2535189"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
     689</h3></div></div></div><a class="indexterm" name="id2541232"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
    672690    integer parameter is set to non-zero value,
    673691    Samba will write to file asynchronously when size of request is bigger
     
    680698    request size</code>
    681699</em></span>
    682 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535274"></a>
     700</p></dd></dl></div></div><div class="section" title="algorithmic rid base (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541317"></a>
    683701
    684702algorithmic rid base (G)
    685 </h3></div></div></div><a class="indexterm" name="id2535275"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its
     703</h3></div></div></div><a class="indexterm" name="id2541318"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its
    686704    algorithmic mapping from uids/gid to the RIDs needed to construct
    687705    NT Security Identifiers.
     
    698716</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>algorithmic rid base</code></em> = <code class="literal">100000</code>
    699717</em></span>
    700 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535345"></a>
     718</p></dd></dl></div></div><div class="section" title="allocation roundup size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541387"></a>
    701719
    702720allocation roundup size (S)
    703 </h3></div></div></div><a class="indexterm" name="id2535346"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
     721</h3></div></div></div><a class="indexterm" name="id2541388"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
    704722    allocation size reported to Windows clients.  The default
    705723    size of 1Mb generally results in improved Windows client
     
    713731# (to disable roundups)</code>
    714732</em></span>
    715 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535409"></a>
     733</p></dd></dl></div></div><div class="section" title="allow trusted domains (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541452"></a>
    716734
    717735allow trusted domains (G)
    718 </h3></div></div></div><a class="indexterm" name="id2535410"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     736</h3></div></div></div><a class="indexterm" name="id2541453"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    719737    This option only takes effect when the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> option is set to
    720738    <code class="constant">server</code>, <code class="constant">domain</code> or <code class="constant">ads</code>. 
     
    731749    can make implementing a security boundary difficult.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow trusted domains</code></em> = <code class="literal">yes</code>
    732750</em></span>
    733 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535482"></a>
     751</p></dd></dl></div></div><div class="section" title="announce as (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541524"></a>
    734752
    735753announce as (G)
    736 </h3></div></div></div><a class="indexterm" name="id2535483"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
     754</h3></div></div></div><a class="indexterm" name="id2541525"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
    737755    list. By default this is set to Windows NT. The valid options
    738756    are : "NT Server" (which can also be written as "NT"),
     
    746764</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce as</code></em> = <code class="literal">Win95</code>
    747765</em></span>
    748 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535551"></a>
     766</p></dd></dl></div></div><div class="section" title="announce version (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541593"></a>
    749767
    750768announce version (G)
    751 </h3></div></div></div><a class="indexterm" name="id2535552"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
     769</h3></div></div></div><a class="indexterm" name="id2541594"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
    752770    that nmbd will use when announcing itself as a server. The default
    753771    is 4.9.  Do not change this parameter unless you have a specific
     
    756774</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">2.0</code>
    757775</em></span>
    758 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535607"></a>
     776</p></dd></dl></div></div><div class="section" title="auth methods (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541650"></a>
    759777
    760778auth methods (G)
    761 </h3></div></div></div><a class="indexterm" name="id2535608"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     779</h3></div></div></div><a class="indexterm" name="id2541651"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    762780    This option allows the administrator to chose what authentication methods <code class="literal">smbd</code>
    763781    will use when authenticating a user. This option defaults to sensible values based on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a>. 
     
    780798</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>auth methods</code></em> = <code class="literal">guest sam winbind</code>
    781799</em></span>
    782 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535713"></a>
     800</p></dd></dl></div></div><div class="section" title="available (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541755"></a>
    783801
    784802available (S)
    785 </h3></div></div></div><a class="indexterm" name="id2535714"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
     803</h3></div></div></div><a class="indexterm" name="id2541756"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
    786804        <em class="parameter"><code>available = no</code></em>, then <span class="emphasis"><em>ALL</em></span>
    787805        attempts to connect to the service will fail. Such failures are
    788806        logged.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>available</code></em> = <code class="literal">yes</code>
    789807</em></span>
    790 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535761"></a>
     808</p></dd></dl></div></div><div class="section" title="bind interfaces only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2541803"></a>
    791809
    792810bind interfaces only (G)
    793 </h3></div></div></div><a class="indexterm" name="id2535762"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
     811</h3></div></div></div><a class="indexterm" name="id2541804"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
    794812        to limit what interfaces on a machine will serve SMB requests. It
    795813        affects file service <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p>
     
    832850        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>bind interfaces only</code></em> = <code class="literal">no</code>
    833851</em></span>
    834 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536088"></a>
     852</p></dd></dl></div></div><div class="section" title="blocking locks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542130"></a>
    835853
    836854blocking locks (S)
    837 </h3></div></div></div><a class="indexterm" name="id2536089"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
     855</h3></div></div></div><a class="indexterm" name="id2542131"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
    838856        of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when given a request by a client
    839857        to obtain a byte range lock on a region of an open file, and the
     
    846864        cannot be obtained.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>blocking locks</code></em> = <code class="literal">yes</code>
    847865</em></span>
    848 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536152"></a>
     866</p></dd></dl></div></div><div class="section" title="block size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542194"></a>
    849867
    850868block size (S)
    851 </h3></div></div></div><a class="indexterm" name="id2536153"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
     869</h3></div></div></div><a class="indexterm" name="id2542195"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
    852870    sizes. By default, this reports a disk block size of 1024 bytes.
    853871    </p><p>Changing this parameter may have some effect on the
     
    863881</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>block size</code></em> = <code class="literal">4096</code>
    864882</em></span>
    865 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536230"></a>
     883</p></dd></dl></div></div><div class="section" title="browsable"><div class="titlepage"><div><div><h3 class="title"><a name="id2542279"></a>
    866884
    867885<a name="BROWSABLE"></a>browsable
    868 </h3></div></div></div><a class="indexterm" name="id2536231"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536257"></a>
     886</h3></div></div></div><a class="indexterm" name="id2542280"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" title="browseable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542306"></a>
    869887
    870888browseable (S)
    871 </h3></div></div></div><a class="indexterm" name="id2536258"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
     889</h3></div></div></div><a class="indexterm" name="id2542307"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
    872890        the list of available shares in a net view and in the browse list.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browseable</code></em> = <code class="literal">yes</code>
    873891</em></span>
    874 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536296"></a>
     892</p></dd></dl></div></div><div class="section" title="browse list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542345"></a>
    875893
    876894browse list (G)
    877 </h3></div></div></div><a class="indexterm" name="id2536297"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
     895</h3></div></div></div><a class="indexterm" name="id2542346"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
    878896        a client doing a <code class="literal">NetServerEnum</code> call. Normally
    879897        set to <code class="constant">yes</code>. You should never need to change
    880898        this.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browse list</code></em> = <code class="literal">yes</code>
    881899</em></span>
    882 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536350"></a>
     900</p></dd></dl></div></div><div class="section" title="casesignames"><div class="titlepage"><div><div><h3 class="title"><a name="id2542399"></a>
    883901
    884902<a name="CASESIGNAMES"></a>casesignames
    885 </h3></div></div></div><a class="indexterm" name="id2536351"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536377"></a>
     903</h3></div></div></div><a class="indexterm" name="id2542400"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" title="case sensitive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542426"></a>
    886904
    887905case sensitive (S)
    888 </h3></div></div></div><a class="indexterm" name="id2536378"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>
    889 </em></span>
    890 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536424"></a>
     906</h3></div></div></div><a class="indexterm" name="id2542427"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>
     907</em></span>
     908</p></dd></dl></div></div><div class="section" title="change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542473"></a>
    891909
    892910change notify (S)
    893 </h3></div></div></div><a class="indexterm" name="id2536425"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
     911</h3></div></div></div><a class="indexterm" name="id2542474"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
    894912        to a client's file change notify requests.
    895913        </p><p>You should never need to change this parameter</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>change notify</code></em> = <code class="literal">yes</code>
    896914</em></span>
    897 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536466"></a>
     915</p></dd></dl></div></div><div class="section" title="change share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542515"></a>
    898916
    899917change share command (G)
    900 </h3></div></div></div><a class="indexterm" name="id2536468"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     918</h3></div></div></div><a class="indexterm" name="id2542516"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    901919        Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
    902920Manager.  The <em class="parameter"><code>change share command</code></em> is used to define an external
     
    913931        When executed, <code class="literal">smbd</code> will automatically invoke the
    914932        <em class="parameter"><code>change share command</code></em> with five parameters.
    915         </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location
     933        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location
    916934                        of the global <code class="filename">smb.conf</code> file.
    917                         </p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of the new
     935                        </p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of the new
    918936                        share.
    919                         </p></li><li><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
     937                        </p></li><li class="listitem"><p><em class="parameter"><code>pathName</code></em> - path to an **existing**
    920938                        directory on disk.
    921                         </p></li><li><p><em class="parameter"><code>comment</code></em> - comment string to associate
     939                        </p></li><li class="listitem"><p><em class="parameter"><code>comment</code></em> - comment string to associate
    922940                        with the new share.
    923                         </p></li><li><p><em class="parameter"><code>max
     941                        </p></li><li class="listitem"><p><em class="parameter"><code>max
    924942                        connections</code></em>
    925943                        Number of maximum simultaneous connections to this
     
    933951</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>change share command</code></em> = <code class="literal">/usr/local/bin/changeshare</code>
    934952</em></span>
    935 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536645"></a>
     953</p></dd></dl></div></div><div class="section" title="check password script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542694"></a>
    936954
    937955check password script (G)
    938 </h3></div></div></div><a class="indexterm" name="id2536646"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password
     956</h3></div></div></div><a class="indexterm" name="id2542695"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password
    939957    complexity. The password is sent to the program's standard input.</p><p>The program must return 0 on a good password, or any other value
    940958    if the password is bad.
     
    945963</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>check password script</code></em> = <code class="literal">/usr/local/sbin/crackcheck</code>
    946964</em></span>
    947 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536718"></a>
     965</p></dd></dl></div></div><div class="section" title="client lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542767"></a>
    948966
    949967client lanman auth (G)
    950 </h3></div></div></div><a class="indexterm" name="id2536719"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
     968</h3></div></div></div><a class="indexterm" name="id2542768"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
    951969    tools will attempt to authenticate itself to servers using the
    952970    weaker LANMAN password hash. If disabled, only server which support NT
     
    959977    attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code>
    960978</em></span>
    961 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536794"></a>
     979</p></dd></dl></div></div><div class="section" title="client ldap sasl wrapping (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542843"></a>
    962980
    963981client ldap sasl wrapping (G)
    964 </h3></div></div></div><a class="indexterm" name="id2536795"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
     982</h3></div></div></div><a class="indexterm" name="id2542844"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
    965983        The <a class="link" href="smb.conf.5.html#CLIENTLDAPSASLWRAPPING" target="_top">client ldap sasl wrapping</a> defines whether
    966984        ldap traffic will be signed or signed and encrypted (sealed).
     
    9901008        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ldap sasl wrapping</code></em> = <code class="literal">plain</code>
    9911009</em></span>
    992 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536910"></a>
     1010</p></dd></dl></div></div><div class="section" title="client ntlmv2 auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2542959"></a>
    9931011
    9941012client ntlmv2 auth (G)
    995 </h3></div></div></div><a class="indexterm" name="id2536911"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
     1013</h3></div></div></div><a class="indexterm" name="id2542960"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
    9961014    authenticate itself to servers using the NTLMv2 encrypted password
    9971015    response.</p><p>If enabled, only an NTLMv2 and LMv2 response (both much more
     
    10051023        responses, and not the weaker LM or NTLM.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ntlmv2 auth</code></em> = <code class="literal">no</code>
    10061024</em></span>
    1007 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2536997"></a>
     1025</p></dd></dl></div></div><div class="section" title="client plaintext auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543046"></a>
    10081026
    10091027client plaintext auth (G)
    1010 </h3></div></div></div><a class="indexterm" name="id2536998"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
     1028</h3></div></div></div><a class="indexterm" name="id2543047"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
    10111029                password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code>
    10121030</em></span>
    1013 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537037"></a>
     1031</p></dd></dl></div></div><div class="section" title="client schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543086"></a>
    10141032
    10151033client schannel (G)
    1016 </h3></div></div></div><a class="indexterm" name="id2537038"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1034</h3></div></div></div><a class="indexterm" name="id2543087"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    10171035    This controls whether the client offers or even demands the use of the netlogon schannel.
    10181036    <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = no</a> does not offer the schannel,
     
    10241042</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = <code class="literal">yes</code>
    10251043</em></span>
    1026 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537121"></a>
     1044</p></dd></dl></div></div><div class="section" title="client signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543170"></a>
    10271045
    10281046client signing (G)
    1029 </h3></div></div></div><a class="indexterm" name="id2537122"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
     1047</h3></div></div></div><a class="indexterm" name="id2543171"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
    10301048    are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
    10311049    and <span class="emphasis"><em>disabled</em></span>.
     
    10351053</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code>
    10361054</em></span>
    1037 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537175"></a>
     1055</p></dd></dl></div></div><div class="section" title="client use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543224"></a>
    10381056
    10391057client use spnego (G)
    1040 </h3></div></div></div><a class="indexterm" name="id2537176"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
     1058</h3></div></div></div><a class="indexterm" name="id2543225"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
    10411059    to use Simple and Protected NEGOciation (as specified by rfc2478) with
    10421060    supporting servers (including WindowsXP, Windows2000 and Samba
     
    10441062    mechanism.  This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code>
    10451063</em></span>
    1046 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537217"></a>
     1064</p></dd></dl></div></div><div class="section" title="cluster addresses (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543266"></a>
    10471065
    10481066cluster addresses (G)
    1049 </h3></div></div></div><a class="indexterm" name="id2537218"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
     1067</h3></div></div></div><a class="indexterm" name="id2543267"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
    10501068        nmbd will register with a WINS server. These addresses are not
    10511069        necessarily present on all nodes simultaneously, but they will
     
    10561074</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code>
    10571075</em></span>
    1058 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537273"></a>
     1076</p></dd></dl></div></div><div class="section" title="clustering (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543322"></a>
    10591077
    10601078clustering (G)
    1061 </h3></div></div></div><a class="indexterm" name="id2537274"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
     1079</h3></div></div></div><a class="indexterm" name="id2543323"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
    10621080        ctdb for accessing its tdb files and use ctdb as a backend
    10631081        for its messaging backend.
     
    10661084        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>clustering</code></em> = <code class="literal">no</code>
    10671085</em></span>
    1068 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537322"></a>
     1086</p></dd></dl></div></div><div class="section" title="comment (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543371"></a>
    10691087
    10701088comment (S)
    1071 </h3></div></div></div><a class="indexterm" name="id2537323"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
     1089</h3></div></div></div><a class="indexterm" name="id2543372"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
    10721090        when a client does a queries the server, either via the network
    10731091        neighborhood or via <code class="literal">net view</code> to list what shares
     
    10781096</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">Fred's Files</code>
    10791097</em></span>
    1080 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537396"></a>
     1098</p></dd></dl></div></div><div class="section" title="config backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543445"></a>
    10811099
    10821100config backend (G)
    1083 </h3></div></div></div><a class="indexterm" name="id2537397"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1101</h3></div></div></div><a class="indexterm" name="id2543446"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    10841102                This controls the backend for storing the configuration.
    10851103                Possible values are <span class="emphasis"><em>file</em></span> (the default)
     
    10991117</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config backend</code></em> = <code class="literal">registry</code>
    11001118</em></span>
    1101 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537486"></a>
     1119</p></dd></dl></div></div><div class="section" title="config file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543534"></a>
    11021120
    11031121config file (G)
    1104 </h3></div></div></div><a class="indexterm" name="id2537487"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
     1122</h3></div></div></div><a class="indexterm" name="id2543535"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
    11051123        to use, instead of the default (usually <code class="filename">smb.conf</code>).
    11061124        There is a chicken and egg problem here as this option is set
     
    11121130        clients).</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config file</code></em> = <code class="literal">/usr/local/samba/lib/smb.conf.%m</code>
    11131131</em></span>
    1114 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537552"></a>
     1132</p></dd></dl></div></div><div class="section" title="copy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543600"></a>
    11151133
    11161134copy (S)
    1117 </h3></div></div></div><a class="indexterm" name="id2537553"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
     1135</h3></div></div></div><a class="indexterm" name="id2543601"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
    11181136        entries. The specified service is simply duplicated under the
    11191137        current service's name. Any parameters specified in the current
     
    11251143</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>copy</code></em> = <code class="literal">otherservice</code>
    11261144</em></span>
    1127 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537614"></a>
     1145</p></dd></dl></div></div><div class="section" title="create mode"><div class="titlepage"><div><div><h3 class="title"><a name="id2543662"></a>
    11281146
    11291147<a name="CREATEMODE"></a>create mode
    1130 </h3></div></div></div><a class="indexterm" name="id2537615"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537641"></a>
     1148</h3></div></div></div><a class="indexterm" name="id2543663"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" title="create mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543689"></a>
    11311149
    11321150create mask (S)
    1133 </h3></div></div></div><a class="indexterm" name="id2537642"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1151</h3></div></div></div><a class="indexterm" name="id2543690"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
    11341152        When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to
    11351153        UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may
     
    11521170</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0775</code>
    11531171</em></span>
    1154 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537761"></a>
     1172</p></dd></dl></div></div><div class="section" title="csc policy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543810"></a>
    11551173
    11561174csc policy (S)
    1157 </h3></div></div></div><a class="indexterm" name="id2537762"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1175</h3></div></div></div><a class="indexterm" name="id2543811"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    11581176        This stands for <span class="emphasis"><em>client-side caching policy</em></span>, and specifies how clients capable of offline
    11591177        caching will cache the files in the share. The valid values are: manual, documents, programs, disable.
     
    11671185</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>csc policy</code></em> = <code class="literal">programs</code>
    11681186</em></span>
    1169 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537837"></a>
     1187</p></dd></dl></div></div><div class="section" title="ctdbd socket (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543886"></a>
    11701188
    11711189ctdbd socket (G)
    1172 </h3></div></div></div><a class="indexterm" name="id2537838"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,
     1190</h3></div></div></div><a class="indexterm" name="id2543887"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,
    11731191        you need to tell Samba where ctdbd listens on its unix domain
    11741192        socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which
     
    11781196</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ctdbd socket</code></em> = <code class="literal">/tmp/ctdb.socket</code>
    11791197</em></span>
    1180 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537897"></a>
     1198</p></dd></dl></div></div><div class="section" title="cups connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2543946"></a>
    11811199
    11821200cups connection timeout (G)
    1183 </h3></div></div></div><a class="indexterm" name="id2537898"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1201</h3></div></div></div><a class="indexterm" name="id2543947"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    11841202    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>.
    11851203    </p><p>
     
    11911209</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups connection timeout</code></em> = <code class="literal">60</code>
    11921210</em></span>
    1193 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537968"></a>
     1211</p></dd></dl></div></div><div class="section" title="cups options (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544018"></a>
    11941212
    11951213cups options (S)
    1196 </h3></div></div></div><a class="indexterm" name="id2537970"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1214</h3></div></div></div><a class="indexterm" name="id2544019"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    11971215    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is
    11981216    set to <code class="constant">cups</code>.  Its value is a free form string of options
     
    12161234</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups options</code></em> = <code class="literal">"raw media=a4"</code>
    12171235</em></span>
    1218 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538067"></a>
     1236</p></dd></dl></div></div><div class="section" title="cups server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544116"></a>
    12191237
    12201238cups server (G)
    1221 </h3></div></div></div><a class="indexterm" name="id2538068"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1239</h3></div></div></div><a class="indexterm" name="id2544117"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12221240    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>.
    12231241    </p><p>
     
    12331251</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups server</code></em> = <code class="literal">mycupsserver:1631</code>
    12341252</em></span>
    1235 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538164"></a>
     1253</p></dd></dl></div></div><div class="section" title="deadtime (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544214"></a>
    12361254
    12371255deadtime (G)
    1238 </h3></div></div></div><a class="indexterm" name="id2538166"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
     1256</h3></div></div></div><a class="indexterm" name="id2544215"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
    12391257    represents the number of minutes of inactivity before a connection
    12401258    is considered dead, and it is disconnected. The deadtime only takes
     
    12481266</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deadtime</code></em> = <code class="literal">15</code>
    12491267</em></span>
    1250 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538241"></a>
     1268</p></dd></dl></div></div><div class="section" title="debug class (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544290"></a>
    12511269
    12521270debug class (G)
    1253 </h3></div></div></div><a class="indexterm" name="id2538242"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1271</h3></div></div></div><a class="indexterm" name="id2544292"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12541272    With this boolean parameter enabled, the debug class (DBGC_CLASS)
    12551273    will be displayed in the debug header.
     
    12591277    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug class</code></em> = <code class="literal">no</code>
    12601278</em></span>
    1261 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538293"></a>
     1279</p></dd></dl></div></div><div class="section" title="debug hires timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544342"></a>
    12621280
    12631281debug hires timestamp (G)
    1264 </h3></div></div></div><a class="indexterm" name="id2538294"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1282</h3></div></div></div><a class="indexterm" name="id2544343"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12651283    Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this
    12661284    boolean parameter adds microsecond resolution to the timestamp  message header when turned on.
     
    12691287    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = <code class="literal">no</code>
    12701288</em></span>
    1271 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538348"></a>
     1289</p></dd></dl></div></div><div class="section" title="debug pid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544397"></a>
    12721290
    12731291debug pid (G)
    1274 </h3></div></div></div><a class="indexterm" name="id2538349"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1292</h3></div></div></div><a class="indexterm" name="id2544398"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12751293    When using only one log file for more then one forked <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>-process there may be hard to follow which process outputs which
    12761294    message. This boolean parameter is adds the process-id to the timestamp message headers in the
     
    12801298    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = <code class="literal">no</code>
    12811299</em></span>
    1282 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538410"></a>
     1300</p></dd></dl></div></div><div class="section" title="debug prefix timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544459"></a>
    12831301
    12841302debug prefix timestamp (G)
    1285 </h3></div></div></div><a class="indexterm" name="id2538411"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1303</h3></div></div></div><a class="indexterm" name="id2544460"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12861304    With this option enabled, the timestamp message header is prefixed to the debug message without the
    12871305    filename and function information that is included with the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a>
     
    12911309    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = <code class="literal">no</code>
    12921310</em></span>
    1293 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538473"></a>
     1311</p></dd></dl></div></div><div class="section" title="timestamp logs"><div class="titlepage"><div><div><h3 class="title"><a name="id2544522"></a>
    12941312
    12951313<a name="TIMESTAMPLOGS"></a>timestamp logs
    1296 </h3></div></div></div><a class="indexterm" name="id2538474"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538500"></a>
     1314</h3></div></div></div><a class="indexterm" name="id2544523"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" title="debug timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544549"></a>
    12971315
    12981316debug timestamp (G)
    1299 </h3></div></div></div><a class="indexterm" name="id2538501"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1317</h3></div></div></div><a class="indexterm" name="id2544550"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13001318    Samba debug log messages are timestamped by default. If you are running at a high
    13011319    <a class="link" href="smb.conf.5.html#DEBUGLEVEL" target="_top">debug level</a> these timestamps can be distracting. This
     
    13031321        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code>
    13041322</em></span>
    1305 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538548"></a>
     1323</p></dd></dl></div></div><div class="section" title="debug uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544597"></a>
    13061324
    13071325debug uid (G)
    1308 </h3></div></div></div><a class="indexterm" name="id2538549"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1326</h3></div></div></div><a class="indexterm" name="id2544598"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13091327    Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the
    13101328    current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
     
    13131331    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = <code class="literal">no</code>
    13141332</em></span>
    1315 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538602"></a>
     1333</p></dd></dl></div></div><div class="section" title="default case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544651"></a>
    13161334
    13171335default case (S)
    1318 </h3></div></div></div><a class="indexterm" name="id2538603"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
     1336</h3></div></div></div><a class="indexterm" name="id2544652"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
    13191337        Also note the <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" target="_top">short preserve case</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = <code class="literal">lower</code>
    13201338</em></span>
    1321 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538656"></a>
     1339</p></dd></dl></div></div><div class="section" title="default devmode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544705"></a>
    13221340
    13231341default devmode (S)
    1324 </h3></div></div></div><a class="indexterm" name="id2538657"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
     1342</h3></div></div></div><a class="indexterm" name="id2544706"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
    13251343    When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
    13261344    server has a Device Mode which defines things such as paper size and
     
    13451363</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = <code class="literal">yes</code>
    13461364</em></span>
    1347 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538744"></a>
     1365</p></dd></dl></div></div><div class="section" title="default"><div class="titlepage"><div><div><h3 class="title"><a name="id2544801"></a>
    13481366
    13491367<a name="DEFAULT"></a>default
    1350 </h3></div></div></div><a class="indexterm" name="id2538745"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538771"></a>
     1368</h3></div></div></div><a class="indexterm" name="id2544802"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" title="default service (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544828"></a>
    13511369
    13521370default service (G)
    1353 </h3></div></div></div><a class="indexterm" name="id2538772"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
     1371</h3></div></div></div><a class="indexterm" name="id2544829"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
    13541372        which will be connected to if the service actually requested cannot
    13551373        be found. Note that the square brackets are <span class="emphasis"><em>NOT</em></span>
     
    13651383</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>default service</code></em> = <code class="literal">pub</code>
    13661384</em></span>
    1367 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538873"></a>
     1385</p></dd></dl></div></div><div class="section" title="defer sharing violations (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544930"></a>
    13681386
    13691387defer sharing violations (G)
    1370 </h3></div></div></div><a class="indexterm" name="id2538874"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1388</h3></div></div></div><a class="indexterm" name="id2544931"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13711389        Windows allows specifying how a file will be shared with
    13721390        other processes when it is opened. Sharing violations occur when
     
    13811399        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>defer sharing violations</code></em> = <code class="literal">True</code>
    13821400</em></span>
    1383 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538928"></a>
     1401</p></dd></dl></div></div><div class="section" title="delete group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2544985"></a>
    13841402
    13851403delete group script (G)
    1386 </h3></div></div></div><a class="indexterm" name="id2538929"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
     1404</h3></div></div></div><a class="indexterm" name="id2544986"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
    13871405        be run <span class="emphasis"><em>AS ROOT</em></span> <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a group is requested to be deleted.
    13881406        It will expand any <em class="parameter"><code>%g</code></em> to the group name passed. 
     
    13901408        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete group script</code></em> = <code class="literal"></code>
    13911409</em></span>
    1392 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538984"></a>
     1410</p></dd></dl></div></div><div class="section" title="deleteprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545041"></a>
    13931411
    13941412deleteprinter command (G)
    1395 </h3></div></div></div><a class="indexterm" name="id2538985"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
     1413</h3></div></div></div><a class="indexterm" name="id2545042"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
    13961414    support for Windows NT/2000 clients in Samba 2.2, it is now
    13971415    possible to delete a printer at run time by issuing the
     
    14111429</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deleteprinter command</code></em> = <code class="literal">/usr/bin/removeprinter</code>
    14121430</em></span>
    1413 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539111"></a>
     1431</p></dd></dl></div></div><div class="section" title="delete readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545168"></a>
    14141432
    14151433delete readonly (S)
    1416 </h3></div></div></div><a class="indexterm" name="id2539112"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted. 
     1434</h3></div></div></div><a class="indexterm" name="id2545169"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted. 
    14171435        This is not normal DOS semantics, but is allowed by UNIX.</p><p>This option may be useful for running applications such
    14181436        as rcs, where UNIX file ownership prevents changing file
    14191437        permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code>
    14201438</em></span>
    1421 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539156"></a>
     1439</p></dd></dl></div></div><div class="section" title="delete share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545214"></a>
    14221440
    14231441delete share command (G)
    1424 </h3></div></div></div><a class="indexterm" name="id2539157"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1442</h3></div></div></div><a class="indexterm" name="id2545215"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14251443        Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
    14261444        Manager.  The <em class="parameter"><code>delete share command</code></em> is used to define an external
     
    14371455        When executed, <code class="literal">smbd</code> will automatically invoke the
    14381456        <em class="parameter"><code>delete share command</code></em> with two parameters.
    1439         </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>configFile</code></em> - the location
     1457        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>configFile</code></em> - the location
    14401458                        of the global <code class="filename">smb.conf</code> file.
    1441                         </p></li><li><p><em class="parameter"><code>shareName</code></em> - the name of
     1459                        </p></li><li class="listitem"><p><em class="parameter"><code>shareName</code></em> - the name of
    14421460                        the existing service.
    14431461                        </p></li></ul></div><p>
     
    14481466</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = <code class="literal">/usr/local/bin/delshare</code>
    14491467</em></span>
    1450 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539308"></a>
     1468</p></dd></dl></div></div><div class="section" title="delete user from group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545365"></a>
    14511469
    14521470delete user from group script (G)
    1453 </h3></div></div></div><a class="indexterm" name="id2539309"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
     1471</h3></div></div></div><a class="indexterm" name="id2545366"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
    14541472        a user is removed from a group using the Windows NT domain administration
    14551473        tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> <span class="emphasis"><em>AS ROOT</em></span>.
     
    14601478</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user from group script</code></em> = <code class="literal">/usr/sbin/deluser %u %g</code>
    14611479</em></span>
    1462 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539388"></a>
     1480</p></dd></dl></div></div><div class="section" title="delete user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545445"></a>
    14631481
    14641482delete user script (G)
    1465 </h3></div></div></div><a class="indexterm" name="id2539389"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
     1483</h3></div></div></div><a class="indexterm" name="id2545446"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
    14661484        be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when managing users
    14671485        with remote RPC (NT) tools.
     
    14721490</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user script</code></em> = <code class="literal">/usr/local/samba/bin/del_user %u</code>
    14731491</em></span>
    1474 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539464"></a>
     1492</p></dd></dl></div></div><div class="section" title="delete veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545522"></a>
    14751493
    14761494delete veto files (S)
    1477 </h3></div></div></div><a class="indexterm" name="id2539465"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
     1495</h3></div></div></div><a class="indexterm" name="id2545523"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
    14781496        delete a directory that contains one or more vetoed directories
    14791497        (see the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
     
    14891507        is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = <code class="literal">no</code>
    14901508</em></span>
    1491 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539550"></a>
     1509</p></dd></dl></div></div><div class="section" title="dfree cache time (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545607"></a>
    14921510
    14931511dfree cache time (S)
    1494 </h3></div></div></div><a class="indexterm" name="id2539551"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1512</h3></div></div></div><a class="indexterm" name="id2545608"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14951513        The <em class="parameter"><code>dfree cache time</code></em> should only be used on systems where a problem
    14961514        occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur
     
    15051523        </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code>
    15061524</em></span>
    1507 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539622"></a>
     1525</p></dd></dl></div></div><div class="section" title="dfree command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545680"></a>
    15081526
    15091527dfree command (S)
    1510 </h3></div></div></div><a class="indexterm" name="id2539623"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1528</h3></div></div></div><a class="indexterm" name="id2545681"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    15111529        The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a
    15121530        problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may
     
    15461564        </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree command</code></em> = <code class="literal">/usr/local/samba/bin/dfree</code>
    15471565</em></span>
    1548 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539744"></a>
     1566</p></dd></dl></div></div><div class="section" title="directory mode"><div class="titlepage"><div><div><h3 class="title"><a name="id2545801"></a>
    15491567
    15501568<a name="DIRECTORYMODE"></a>directory mode
    1551 </h3></div></div></div><a class="indexterm" name="id2539745"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539771"></a>
     1569</h3></div></div></div><a class="indexterm" name="id2545802"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" title="directory mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545828"></a>
    15521570
    15531571directory mask (S)
    1554 </h3></div></div></div><a class="indexterm" name="id2539772"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
     1572</h3></div></div></div><a class="indexterm" name="id2545829"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
    15551573    used when converting DOS modes to UNIX modes when creating UNIX
    15561574    directories.</p><p>When a directory is created, the necessary permissions are
     
    15701588</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0775</code>
    15711589</em></span>
    1572 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539876"></a>
     1590</p></dd></dl></div></div><div class="section" title="directory security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2545933"></a>
    15731591
    15741592directory security mask (S)
    1575 </h3></div></div></div><a class="indexterm" name="id2539877"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
     1593</h3></div></div></div><a class="indexterm" name="id2545934"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
    15761594    will be set when a Windows NT client is manipulating the UNIX
    15771595    permission on a directory using the native NT security dialog
     
    15931611</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code>
    15941612</em></span>
    1595 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2539976"></a>
     1613</p></dd></dl></div></div><div class="section" title="disable netbios (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546034"></a>
    15961614
    15971615disable netbios (G)
    1598 </h3></div></div></div><a class="indexterm" name="id2539977"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
     1616</h3></div></div></div><a class="indexterm" name="id2546035"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
    15991617    in Samba. Netbios is the only available form of browsing in
    1600     all windows versions except for 2000 and XP. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
     1618    all windows versions except for 2000 and XP. </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
    16011619    see your samba server when netbios support is disabled.
    16021620        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code>
    16031621</em></span>
    1604 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540022"></a>
     1622</p></dd></dl></div></div><div class="section" title="disable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546080"></a>
    16051623
    16061624disable spoolss (G)
    1607 </h3></div></div></div><a class="indexterm" name="id2540023"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
     1625</h3></div></div></div><a class="indexterm" name="id2546081"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
    16081626    for the SPOOLSS set of MS-RPC's and will yield identical behavior
    16091627    as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
     
    16171635</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable spoolss</code></em> = <code class="literal">no</code>
    16181636</em></span>
    1619 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540074"></a>
     1637</p></dd></dl></div></div><div class="section" title="display charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546131"></a>
    16201638
    16211639display charset (G)
    1622 </h3></div></div></div><a class="indexterm" name="id2540075"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1640</h3></div></div></div><a class="indexterm" name="id2546132"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
    16231641        Specifies the charset that samba will use to print messages to stdout and stderr.
    16241642        The default value is "LOCALE", which means automatically set, depending on the
     
    16291647</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = <code class="literal">UTF8</code>
    16301648</em></span>
    1631 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540140"></a>
     1649</p></dd></dl></div></div><div class="section" title="dmapi support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546197"></a>
    16321650
    16331651dmapi support (S)
    1634 </h3></div></div></div><a class="indexterm" name="id2540141"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to
     1652</h3></div></div></div><a class="indexterm" name="id2546198"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to
    16351653        determine whether a file is offline or not. This would typically
    16361654        be used in conjunction with a hierarchical storage system that
     
    16471665        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dmapi support</code></em> = <code class="literal">no</code>
    16481666</em></span>
    1649 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540199"></a>
     1667</p></dd></dl></div></div><div class="section" title="dns proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546256"></a>
    16501668
    16511669dns proxy (G)
    1652 </h3></div></div></div><a class="indexterm" name="id2540200"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
     1670</h3></div></div></div><a class="indexterm" name="id2546257"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
    16531671        finding that a NetBIOS name has not been registered, should treat the
    16541672        NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server
     
    16591677        action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code>
    16601678</em></span>
    1661 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540262"></a>
     1679</p></dd></dl></div></div><div class="section" title="domain logons (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546320"></a>
    16621680
    16631681domain logons (G)
    1664 </h3></div></div></div><a class="indexterm" name="id2540263"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1682</h3></div></div></div><a class="indexterm" name="id2546321"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    16651683        If set to <code class="constant">yes</code>, the Samba server will
    16661684        provide the netlogon service for Windows 9X network logons for the
     
    16721690        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain logons</code></em> = <code class="literal">no</code>
    16731691</em></span>
    1674 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540316"></a>
     1692</p></dd></dl></div></div><div class="section" title="domain master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546373"></a>
    16751693
    16761694domain master (G)
    1677 </h3></div></div></div><a class="indexterm" name="id2540317"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1695</h3></div></div></div><a class="indexterm" name="id2546374"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    16781696        Tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to enable
    16791697        WAN-wide browse list collation. Setting this option causes <code class="literal">nmbd</code> to claim a
     
    17011719        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = <code class="literal">auto</code>
    17021720</em></span>
    1703 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540507"></a>
     1721</p></dd></dl></div></div><div class="section" title="dont descend (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546564"></a>
    17041722
    17051723dont descend (S)
    1706 </h3></div></div></div><a class="indexterm" name="id2540508"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
     1724</h3></div></div></div><a class="indexterm" name="id2546565"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
    17071725        (e.g., the <code class="filename">/proc</code> tree under Linux) that are either not
    17081726        of interest to clients or are infinitely deep (recursive). This
     
    17151733</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dont descend</code></em> = <code class="literal">/proc,/dev</code>
    17161734</em></span>
    1717 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540585"></a>
     1735</p></dd></dl></div></div><div class="section" title="dos charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546642"></a>
    17181736
    17191737dos charset (G)
    1720 </h3></div></div></div><a class="indexterm" name="id2540586"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
     1738</h3></div></div></div><a class="indexterm" name="id2546643"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
    17211739        the same charset as they do. This option specifies which
    17221740        charset Samba should talk to DOS clients.
    17231741        </p><p>The default depends on which charsets you have installed.
    17241742        Samba tries to use charset 850 but falls back to ASCII in
    1725         case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540626"></a>
     1743        case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="dos filemode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546684"></a>
    17261744
    17271745dos filemode (S)
    1728 </h3></div></div></div><a class="indexterm" name="id2540627"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
     1746</h3></div></div></div><a class="indexterm" name="id2546685"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
    17291747        UNIX-like behavior where only the owner of a file/directory is
    17301748        able to change the permissions on it.  However, this behavior
     
    17371755        file/directory may also be changed.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filemode</code></em> = <code class="literal">no</code>
    17381756</em></span>
    1739 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540683"></a>
     1757</p></dd></dl></div></div><div class="section" title="dos filetime resolution (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546730"></a>
    17401758
    17411759dos filetime resolution (S)
    1742 </h3></div></div></div><a class="indexterm" name="id2540684"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
     1760</h3></div></div></div><a class="indexterm" name="id2546731"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
    17431761        granularity on time resolution is two seconds. Setting this parameter
    17441762        for a share causes Samba to round the reported time down to the
     
    17551773        happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code>
    17561774</em></span>
    1757 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540746"></a>
     1775</p></dd></dl></div></div><div class="section" title="dos filetimes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546794"></a>
    17581776
    17591777dos filetimes (S)
    1760 </h3></div></div></div><a class="indexterm" name="id2540747"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
     1778</h3></div></div></div><a class="indexterm" name="id2546795"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
    17611779        file they can change the timestamp on it. Under POSIX semantics,
    17621780        only the owner of the file or root may change the timestamp. By
     
    17721790        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetimes</code></em> = <code class="literal">yes</code>
    17731791</em></span>
    1774 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540812"></a>
     1792</p></dd></dl></div></div><div class="section" title="ea support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546859"></a>
    17751793
    17761794ea support (S)
    1777 </h3></div></div></div><a class="indexterm" name="id2540813"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
     1795</h3></div></div></div><a class="indexterm" name="id2546860"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
    17781796    attributes on a share. In order to enable this parameter the underlying filesystem exported by
    17791797    the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the
     
    17821800                extended attributes must be compiled into the Linux kernel.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ea support</code></em> = <code class="literal">no</code>
    17831801</em></span>
    1784 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540865"></a>
     1802</p></dd></dl></div></div><div class="section" title="enable asu support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546913"></a>
    17851803
    17861804enable asu support (G)
    1787 </h3></div></div></div><a class="indexterm" name="id2540866"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
     1805</h3></div></div></div><a class="indexterm" name="id2546914"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
    17881806    require some special accomodations such as creating a builtin [ADMIN$]
    17891807    share that only supports IPC connections.  The has been the default
     
    17931811    an [ADMIN$] file share in smb.conf.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable asu support</code></em> = <code class="literal">no</code>
    17941812</em></span>
    1795 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540910"></a>
     1813</p></dd></dl></div></div><div class="section" title="enable core files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2546957"></a>
     1814
     1815enable core files (G)
     1816</h3></div></div></div><a class="indexterm" name="id2546958"></a><a name="ENABLECOREFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether core dumps should be written
     1817        on internal exits. Normally set to <code class="constant">yes</code>.
     1818        You should never need to change this.
     1819        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">yes</code>
     1820</em></span>
     1821</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">no</code>
     1822</em></span>
     1823</p></dd></dl></div></div><div class="section" title="enable privileges (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547016"></a>
    17961824
    17971825enable privileges (G)
    1798 </h3></div></div></div><a class="indexterm" name="id2540911"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1826</h3></div></div></div><a class="indexterm" name="id2547017"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    17991827        This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
    18001828         <code class="literal">net rpc rights</code> or one of the Windows user and group manager tools.  This parameter is
     
    18091837        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code>
    18101838</em></span>
    1811 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2540970"></a>
     1839</p></dd></dl></div></div><div class="section" title="encrypt passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547076"></a>
    18121840
    18131841encrypt passwords (G)
    1814 </h3></div></div></div><a class="indexterm" name="id2540971"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
     1842</h3></div></div></div><a class="indexterm" name="id2547077"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
    18151843    will be negotiated with the client. Note that Windows NT 4.0 SP3 and
    18161844    above and also Windows 98 will by default expect encrypted passwords
     
    18351863        server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = <code class="literal">yes</code>
    18361864</em></span>
    1837 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541075"></a>
     1865</p></dd></dl></div></div><div class="section" title="enhanced browsing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547180"></a>
    18381866
    18391867enhanced browsing (G)
    1840 </h3></div></div></div><a class="indexterm" name="id2541076"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
     1868</h3></div></div></div><a class="indexterm" name="id2547182"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
    18411869        cross-subnet browse propagation that have been added in Samba
    18421870        but which are not standard in Microsoft implementations. 
     
    18511879        cross-subnet browse propagation much more reliable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enhanced browsing</code></em> = <code class="literal">yes</code>
    18521880</em></span>
    1853 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541136"></a>
     1881</p></dd></dl></div></div><div class="section" title="enumports command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547242"></a>
    18541882
    18551883enumports command (G)
    1856 </h3></div></div></div><a class="indexterm" name="id2541137"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
     1884</h3></div></div></div><a class="indexterm" name="id2547243"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
    18571885    to UNIX hosts.  Under Windows NT/2000 print servers, a port
    18581886    is associated with a port monitor and generally takes the form of
     
    18711899</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enumports command</code></em> = <code class="literal">/usr/bin/listports</code>
    18721900</em></span>
    1873 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541217"></a>
     1901</p></dd></dl></div></div><div class="section" title="eventlog list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547323"></a>
    18741902
    18751903eventlog list (G)
    1876 </h3></div></div></div><a class="indexterm" name="id2541218"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will
     1904</h3></div></div></div><a class="indexterm" name="id2547324"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will
    18771905    report to the Microsoft EventViewer utility.  The listed
    18781906    eventlogs will be associated with tdb file on disk in the
     
    18871915</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>eventlog list</code></em> = <code class="literal">Security Application Syslog Apache</code>
    18881916</em></span>
    1889 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541290"></a>
     1917</p></dd></dl></div></div><div class="section" title="fake directory create times (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547396"></a>
    18901918
    18911919fake directory create times (S)
    1892 </h3></div></div></div><a class="indexterm" name="id2541291"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
     1920</h3></div></div></div><a class="indexterm" name="id2547397"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
    18931921        time for all files and directories. This is not the same as the
    18941922        ctime - status change time - that Unix keeps, so Samba by default
     
    19121940        will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code>
    19131941</em></span>
    1914 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541357"></a>
     1942</p></dd></dl></div></div><div class="section" title="fake oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547463"></a>
    19151943
    19161944fake oplocks (S)
    1917 </h3></div></div></div><a class="indexterm" name="id2541358"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
     1945</h3></div></div></div><a class="indexterm" name="id2547464"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
    19181946        from a server to locally cache file operations. If a server grants
    19191947        an oplock (opportunistic lock) then the client is free to assume
     
    19311959        this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code>
    19321960</em></span>
    1933 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541441"></a>
     1961</p></dd></dl></div></div><div class="section" title="follow symlinks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547554"></a>
    19341962
    19351963follow symlinks (S)
    1936 </h3></div></div></div><a class="indexterm" name="id2541442"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1964</h3></div></div></div><a class="indexterm" name="id2547555"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    19371965        This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>       from following symbolic links in a particular share. Setting this
    19381966        parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being
     
    19441972        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code>
    19451973</em></span>
    1946 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541511"></a>
     1974</p></dd></dl></div></div><div class="section" title="force create mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547624"></a>
    19471975
    19481976force create mode (S)
    1949 </h3></div></div></div><a class="indexterm" name="id2541512"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
     1977</h3></div></div></div><a class="indexterm" name="id2547625"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
    19501978    permissions that will <span class="emphasis"><em>always</em></span> be set on a
    19511979    file created by Samba. This is done by bitwise 'OR'ing these bits onto
     
    19591987</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force create mode</code></em> = <code class="literal">0755</code>
    19601988</em></span>
    1961 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541585"></a>
     1989</p></dd></dl></div></div><div class="section" title="force directory mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547698"></a>
    19621990
    19631991force directory mode (S)
    1964 </h3></div></div></div><a class="indexterm" name="id2541586"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
     1992</h3></div></div></div><a class="indexterm" name="id2547699"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
    19651993    permissions that will <span class="emphasis"><em>always</em></span> be set on a directory
    19661994    created by Samba. This is done by bitwise 'OR'ing these bits onto the
     
    19752003</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory mode</code></em> = <code class="literal">0755</code>
    19762004</em></span>
    1977 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541659"></a>
     2005</p></dd></dl></div></div><div class="section" title="force directory security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547778"></a>
    19782006
    19792007force directory security mode (S)
    1980 </h3></div></div></div><a class="indexterm" name="id2541660"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2008</h3></div></div></div><a class="indexterm" name="id2547779"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    19812009        This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
    19822010        the UNIX permission on a directory using the native NT security dialog box.
     
    19912019        If not set explicitly this parameter is 0000, which allows a user to modify all the user/group/world
    19922020        permissions on a directory without restrictions.
    1993         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
     2021        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    19942022        Users who can access the Samba server through other means can easily bypass this restriction, so it is
    19952023        primarily useful for standalone "appliance" systems.  Administrators of most normal systems will
     
    19992027</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory security mode</code></em> = <code class="literal">700</code>
    20002028</em></span>
    2001 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541756"></a>
     2029</p></dd></dl></div></div><div class="section" title="group"><div class="titlepage"><div><div><h3 class="title"><a name="id2547874"></a>
    20022030
    20032031<a name="GROUP"></a>group
    2004 </h3></div></div></div><a class="indexterm" name="id2541757"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541783"></a>
     2032</h3></div></div></div><a class="indexterm" name="id2547875"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" title="force group (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2547903"></a>
    20052033
    20062034force group (S)
    2007 </h3></div></div></div><a class="indexterm" name="id2541784"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
     2035</h3></div></div></div><a class="indexterm" name="id2547904"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
    20082036    assigned as the default primary group for all users connecting
    20092037    to this service. This is useful for sharing files by ensuring
     
    20292057</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> = <code class="literal">agroup</code>
    20302058</em></span>
    2031 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541888"></a>
     2059</p></dd></dl></div></div><div class="section" title="force printername (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548027"></a>
    20322060
    20332061force printername (S)
    2034 </h3></div></div></div><a class="indexterm" name="id2541889"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),
     2062</h3></div></div></div><a class="indexterm" name="id2548028"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),
    20352063    each printer in <code class="filename">smb.conf</code> has two
    20362064    associated names which can be used by the client.  The first
     
    20552083    folder.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force printername</code></em> = <code class="literal">no</code>
    20562084</em></span>
    2057 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2541979"></a>
     2085</p></dd></dl></div></div><div class="section" title="force security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548119"></a>
    20582086
    20592087force security mode (S)
    2060 </h3></div></div></div><a class="indexterm" name="id2541980"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2088</h3></div></div></div><a class="indexterm" name="id2548120"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    20612089        This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
    20622090    the UNIX permission on a file using the native NT security dialog box.
     
    20782106</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force security mode</code></em> = <code class="literal">700</code>
    20792107</em></span>
    2080 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542081"></a>
     2108</p></dd></dl></div></div><div class="section" title="force unknown acl user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548221"></a>
    20812109
    20822110force unknown acl user (S)
    2083 </h3></div></div></div><a class="indexterm" name="id2542082"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2111</h3></div></div></div><a class="indexterm" name="id2548222"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    20842112    If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or
    20852113    representation of a user or group id) as the owner or group owner of the file will be silently
     
    20952123    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force unknown acl user</code></em> = <code class="literal">no</code>
    20962124</em></span>
    2097 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542144"></a>
     2125</p></dd></dl></div></div><div class="section" title="force user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548284"></a>
    20982126
    20992127force user (S)
    2100 </h3></div></div></div><a class="indexterm" name="id2542145"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
     2128</h3></div></div></div><a class="indexterm" name="id2548285"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
    21012129    assigned as the default user for all users connecting to this service.
    21022130    This is useful for sharing files. You should also use it carefully
     
    21122140</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force user</code></em> = <code class="literal">auser</code>
    21132141</em></span>
    2114 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542220"></a>
     2142</p></dd></dl></div></div><div class="section" title="fstype (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548360"></a>
    21152143
    21162144fstype (S)
    2117 </h3></div></div></div><a class="indexterm" name="id2542221"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2145</h3></div></div></div><a class="indexterm" name="id2548361"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    21182146        This parameter allows the administrator to configure the string that specifies the type of filesystem a share
    21192147        is using that is reported by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
     
    21252153</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>fstype</code></em> = <code class="literal">Samba</code>
    21262154</em></span>
    2127 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542302"></a>
     2155</p></dd></dl></div></div><div class="section" title="get quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548442"></a>
    21282156
    21292157get quota command (G)
    2130 </h3></div></div></div><a class="indexterm" name="id2542303"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used
     2158</h3></div></div></div><a class="indexterm" name="id2548443"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used
    21312159        whenever there is no operating system API available from the OS that
    21322160        samba can use.</p><p>This option is only available you have compiled Samba with the
     
    21362164        queries the quota information for the specified
    21372165        user/group for the partition that
    2138         the specified directory is on.</p><p>Such a script should take 3 arguments:</p><div class="itemizedlist"><ul type="disc"><li><p>directory</p></li><li><p>type of query</p></li><li><p>uid of user or gid of group</p></li></ul></div><p>The type of query can be one of :</p><div class="itemizedlist"><ul type="disc"><li><p>1 - user quotas</p></li><li><p>2 - user default quotas (uid = -1)</p></li><li><p>3 - group quotas</p></li><li><p>4 - group default quotas (gid = -1)</p></li></ul></div><p>This script should print one line as output with spaces between the arguments. The arguments are:
    2139               </p><div class="itemizedlist"><ul type="disc"><li><p>Arg 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</p></li><li><p>Arg 2 - number of currently used blocks</p></li><li><p>Arg 3 - the softlimit number of blocks</p></li><li><p>Arg 4 - the hardlimit number of blocks</p></li><li><p>Arg 5 - currently used number of inodes</p></li><li><p>Arg 6 - the softlimit number of inodes</p></li><li><p>Arg 7 - the hardlimit number of inodes</p></li><li><p>Arg 8(optional) - the number of bytes in a block(default is 1024)</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal"></code>
     2166        the specified directory is on.</p><p>Such a script should take 3 arguments:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>directory</p></li><li class="listitem"><p>type of query</p></li><li class="listitem"><p>uid of user or gid of group</p></li></ul></div><p>The type of query can be one of :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1 - user quotas</p></li><li class="listitem"><p>2 - user default quotas (uid = -1)</p></li><li class="listitem"><p>3 - group quotas</p></li><li class="listitem"><p>4 - group default quotas (gid = -1)</p></li></ul></div><p>This script should print one line as output with spaces between the arguments. The arguments are:
     2167              </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Arg 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</p></li><li class="listitem"><p>Arg 2 - number of currently used blocks</p></li><li class="listitem"><p>Arg 3 - the softlimit number of blocks</p></li><li class="listitem"><p>Arg 4 - the hardlimit number of blocks</p></li><li class="listitem"><p>Arg 5 - currently used number of inodes</p></li><li class="listitem"><p>Arg 6 - the softlimit number of inodes</p></li><li class="listitem"><p>Arg 7 - the hardlimit number of inodes</p></li><li class="listitem"><p>Arg 8(optional) - the number of bytes in a block(default is 1024)</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal"></code>
    21402168</em></span>
    21412169</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code>
    21422170</em></span>
    2143 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542489"></a>
     2171</p></dd></dl></div></div><div class="section" title="getwd cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548628"></a>
    21442172
    21452173getwd cache (G)
    2146 </h3></div></div></div><a class="indexterm" name="id2542490"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
     2174</h3></div></div></div><a class="indexterm" name="id2548630"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
    21472175    caching algorithm will be used to reduce the time taken for getwd()
    21482176    calls. This can have a significant impact on performance, especially
    21492177    when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code>
    21502178</em></span>
    2151 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542549"></a>
     2179</p></dd></dl></div></div><div class="section" title="guest account (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548689"></a>
    21522180
    21532181guest account (G)
    2154 </h3></div></div></div><a class="indexterm" name="id2542550"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
     2182</h3></div></div></div><a class="indexterm" name="id2548690"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
    21552183    to services which are specified as <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> (see below). Whatever privileges this
    21562184    user has will be available to any client connecting to the guest service.
     
    21702198</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code>
    21712199</em></span>
    2172 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542657"></a>
     2200</p></dd></dl></div></div><div class="section" title="public"><div class="titlepage"><div><div><h3 class="title"><a name="id2548797"></a>
    21732201
    21742202<a name="PUBLIC"></a>public
    2175 </h3></div></div></div><a class="indexterm" name="id2542658"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542688"></a>
     2203</h3></div></div></div><a class="indexterm" name="id2548798"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" title="guest ok (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548828"></a>
    21762204
    21772205guest ok (S)
    2178 </h3></div></div></div><a class="indexterm" name="id2542689"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
     2206</h3></div></div></div><a class="indexterm" name="id2548829"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
    21792207    a service, then no password is required to connect to the service.
    21802208    Privileges will be those of the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p><p>This paramater nullifies the benifits of setting
     
    21832211        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = <code class="literal">no</code>
    21842212</em></span>
    2185 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542776"></a>
     2213</p></dd></dl></div></div><div class="section" title="only guest"><div class="titlepage"><div><div><h3 class="title"><a name="id2548916"></a>
    21862214
    21872215<a name="ONLYGUEST"></a>only guest
    2188 </h3></div></div></div><a class="indexterm" name="id2542778"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542809"></a>
     2216</h3></div></div></div><a class="indexterm" name="id2548917"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" title="guest only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2548949"></a>
    21892217
    21902218guest only (S)
    2191 </h3></div></div></div><a class="indexterm" name="id2542810"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
     2219</h3></div></div></div><a class="indexterm" name="id2548950"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
    21922220    a service, then only guest connections to the service are permitted.
    21932221    This parameter will have no effect if <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> is not set for the service.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option.
    21942222        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = <code class="literal">no</code>
    21952223</em></span>
    2196 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542882"></a>
     2224</p></dd></dl></div></div><div class="section" title="hide dot files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549021"></a>
    21972225
    21982226hide dot files (S)
    2199 </h3></div></div></div><a class="indexterm" name="id2542883"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
     2227</h3></div></div></div><a class="indexterm" name="id2549022"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
    22002228        files starting with a dot appear as hidden files.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide dot files</code></em> = <code class="literal">yes</code>
    22012229</em></span>
    2202 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2542924"></a>
     2230</p></dd></dl></div></div><div class="section" title="hide files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549064"></a>
    22032231
    22042232hide files (S)
    2205 </h3></div></div></div><a class="indexterm" name="id2542926"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
     2233</h3></div></div></div><a class="indexterm" name="id2549065"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
    22062234        visible but are accessible.  The DOS 'hidden' attribute is applied
    22072235        to any files or directories that match.</p><p>Each entry in the list must be separated by a '/',
     
    22252253# no file are hidden</code>
    22262254</em></span>
    2227 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543013"></a>
     2255</p></dd></dl></div></div><div class="section" title="hide special files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549152"></a>
    22282256
    22292257hide special files (S)
    2230 </h3></div></div></div><a class="indexterm" name="id2543014"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2258</h3></div></div></div><a class="indexterm" name="id2549153"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    22312259        This parameter prevents clients from seeing special files such as sockets, devices and
    22322260        fifo's in directory listings.
    22332261        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code>
    22342262</em></span>
    2235 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543056"></a>
     2263</p></dd></dl></div></div><div class="section" title="hide unreadable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549195"></a>
    22362264
    22372265hide unreadable (S)
    2238 </h3></div></div></div><a class="indexterm" name="id2543057"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
     2266</h3></div></div></div><a class="indexterm" name="id2549196"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
    22392267                existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code>
    22402268</em></span>
    2241 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543098"></a>
     2269</p></dd></dl></div></div><div class="section" title="hide unwriteable files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549238"></a>
    22422270
    22432271hide unwriteable files (S)
    2244 </h3></div></div></div><a class="indexterm" name="id2543099"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2272</h3></div></div></div><a class="indexterm" name="id2549239"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    22452273    This parameter prevents clients from seeing the existance of files that cannot be written to.
    22462274    Defaults to off. Note that unwriteable directories are shown as usual.
    22472275    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code>
    22482276</em></span>
    2249 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543143"></a>
     2277</p></dd></dl></div></div><div class="section" title="homedir map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549282"></a>
    22502278
    22512279homedir map (G)
    2252 </h3></div></div></div><a class="indexterm" name="id2543144"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2280</h3></div></div></div><a class="indexterm" name="id2549284"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    22532281        If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting         as a Win95/98 <em class="parameter"><code>logon server</code></em>
    22542282        then this parameter specifies the NIS (or YP) map from which the server for the user's  home directory should be extracted. 
     
    22592287        and the program will extract the servername from before the first ':'.  There should probably be a better parsing system
    22602288        that copes with different map formats and also Amd (another automounter) maps.
    2261         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
     2289        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    22622290        A working NIS client is required on the system for this option to work.
    22632291        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal"></code>
     
    22652293</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal">amd.homedir</code>
    22662294</em></span>
    2267 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543256"></a>
     2295</p></dd></dl></div></div><div class="section" title="host msdfs (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549395"></a>
    22682296
    22692297host msdfs (G)
    2270 </h3></div></div></div><a class="indexterm" name="id2543257"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2298</h3></div></div></div><a class="indexterm" name="id2549396"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    22712299        If set to <code class="constant">yes</code>, Samba will act as a Dfs server, and allow Dfs-aware clients to browse
    22722300        Dfs trees hosted on the server.
     
    22762304        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = <code class="literal">yes</code>
    22772305</em></span>
    2278 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543320"></a>
     2306</p></dd></dl></div></div><div class="section" title="hostname lookups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549459"></a>
    22792307
    22802308hostname lookups (G)
    2281 </h3></div></div></div><a class="indexterm" name="id2543321"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
     2309</h3></div></div></div><a class="indexterm" name="id2549460"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
    22822310    hostname lookups or use the ip addresses instead. An example place
    22832311    where hostname lookups are currently used is when checking
     
    22872315</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = <code class="literal">yes</code>
    22882316</em></span>
    2289 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543393"></a>
     2317</p></dd></dl></div></div><div class="section" title="allow hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id2549533"></a>
    22902318
    22912319<a name="ALLOWHOSTS"></a>allow hosts
    2292 </h3></div></div></div><a class="indexterm" name="id2543394"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543426"></a>
     2320</h3></div></div></div><a class="indexterm" name="id2549534"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" title="hosts allow (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549565"></a>
    22932321
    22942322hosts allow (S)
    2295 </h3></div></div></div><a class="indexterm" name="id2543427"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
     2323</h3></div></div></div><a class="indexterm" name="id2549566"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
    22962324    set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will
    22972325    apply to all services, regardless of whether the individual
     
    23072335    <span class="emphasis"><em>EXCEPT</em></span> keyword can also be used to limit a
    23082336    wildcard list. The following examples may provide some help:</p><p>Example 1: allow all IPs in 150.203.*.*; except one</p><p><code class="literal">hosts allow = 150.203. EXCEPT 150.203.6.66</code></p><p>Example 2: allow hosts that match the given network/netmask</p><p><code class="literal">hosts allow = 150.203.15.0/255.255.255.0</code></p><p>Example 3: allow a couple of hosts</p><p><code class="literal">hosts allow = lapland, arvidsjaur</code></p><p>Example 4: allow only hosts in NIS netgroup "foonet", but
    2309     deny access from one particular host</p><p><code class="literal">hosts allow = @foonet</code></p><p><code class="literal">hosts deny = pirate</code></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that access still requires suitable user-level passwords.</p></div><p>See <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> for a way of testing your host access
     2337    deny access from one particular host</p><p><code class="literal">hosts allow = @foonet</code></p><p><code class="literal">hosts deny = pirate</code></p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Note that access still requires suitable user-level passwords.</p></div><p>See <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> for a way of testing your host access
    23102338    to see if it does what you expect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">
    23112339# none (i.e., all hosts permitted access)</code>
     
    23132341</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code>
    23142342</em></span>
    2315 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543628"></a>
     2343</p></dd></dl></div></div><div class="section" title="deny hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id2549767"></a>
    23162344
    23172345<a name="DENYHOSTS"></a>deny hosts
    2318 </h3></div></div></div><a class="indexterm" name="id2543629"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543659"></a>
     2346</h3></div></div></div><a class="indexterm" name="id2549768"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" title="hosts deny (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549799"></a>
    23192347
    23202348hosts deny (S)
    2321 </h3></div></div></div><a class="indexterm" name="id2543660"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
     2349</h3></div></div></div><a class="indexterm" name="id2549800"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
    23222350    - hosts listed here are <span class="emphasis"><em>NOT</em></span> permitted access to
    23232351    services unless the specific services have their own lists to override
     
    23332361</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = <code class="literal">150.203.4. badhost.mynet.edu.au</code>
    23342362</em></span>
    2335 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543761"></a>
     2363</p></dd></dl></div></div><div class="section" title="idmap alloc backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2549901"></a>
    23362364
    23372365idmap alloc backend (G)
    2338 </h3></div></div></div><a class="indexterm" name="id2543762"></a><a name="IDMAPALLOCBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2366</h3></div></div></div><a class="indexterm" name="id2549902"></a><a name="IDMAPALLOCBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    23392367        The idmap alloc backend provides a plugin interface for Winbind to use
    23402368        when allocating Unix uids/gids for Windows SIDs. This option refers
     
    23532381        </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap alloc backend</code></em> = <code class="literal">tdb</code>
    23542382</em></span>
    2355 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543867"></a>
     2383</p></dd></dl></div></div><div class="section" title="idmap alloc config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550006"></a>
    23562384
    23572385idmap alloc config (G)
    2358 </h3></div></div></div><a class="indexterm" name="id2543868"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2386</h3></div></div></div><a class="indexterm" name="id2550007"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
    23592387        The idmap alloc config prefix provides a means of managing settings
    23602388        for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a>
    23612389        parameter.  Refer to the man page for each idmap plugin regarding
    23622390        specific configuration details.
    2363         </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2543911"></a>
     2391        </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="idmap backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550051"></a>
    23642392
    23652393idmap backend (G)
    2366 </h3></div></div></div><a class="indexterm" name="id2543912"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2394</h3></div></div></div><a class="indexterm" name="id2550052"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    23672395        The idmap backend provides a plugin interface for Winbind to use
    23682396        varying backends to store SID/uid/gid mapping tables.
     
    23852413        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code>
    23862414</em></span>
    2387 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544083"></a>
     2415</p></dd></dl></div></div><div class="section" title="idmap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550222"></a>
    23882416
    23892417idmap cache time (G)
    2390 </h3></div></div></div><a class="indexterm" name="id2544084"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
     2418</h3></div></div></div><a class="indexterm" name="id2550224"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
    23912419        idmap interface will cache positive SID/uid/gid query results.
    23922420        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">604800 (one week)</code>
    23932421</em></span>
    2394 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544127"></a>
     2422</p></dd></dl></div></div><div class="section" title="idmap config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550266"></a>
    23952423
    23962424idmap config (G)
    2397 </h3></div></div></div><a class="indexterm" name="id2544128"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2425</h3></div></div></div><a class="indexterm" name="id2550267"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
    23982426        The idmap config prefix provides a means of managing each trusted
    23992427        domain separately. The idmap config prefix should be followed by the
     
    24272455        idmap config CORP : backend  = ad
    24282456        idmap config CORP : range = 1000-999999
    2429         </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544260"></a>
     2457        </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="winbind gid"><div class="titlepage"><div><div><h3 class="title"><a name="id2550400"></a>
    24302458
    24312459<a name="WINBINDGID"></a>winbind gid
    2432 </h3></div></div></div><a class="indexterm" name="id2544261"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544292"></a>
     2460</h3></div></div></div><a class="indexterm" name="id2550401"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" title="idmap gid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550431"></a>
    24332461
    24342462idmap gid (G)
    2435 </h3></div></div></div><a class="indexterm" name="id2544293"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
     2463</h3></div></div></div><a class="indexterm" name="id2550432"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
    24362464        that are allocated for the purpose of mapping UNX groups to NT group
    24372465        SIDs. This range of group ids should have no
     
    24432471</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code>
    24442472</em></span>
    2445 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544378"></a>
     2473</p></dd></dl></div></div><div class="section" title="idmap negative cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550518"></a>
    24462474
    24472475idmap negative cache time (G)
    2448 </h3></div></div></div><a class="indexterm" name="id2544379"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
     2476</h3></div></div></div><a class="indexterm" name="id2550519"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
    24492477        idmap interface will cache negative SID/uid/gid query results.
    24502478        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code>
    24512479</em></span>
    2452 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544422"></a>
     2480</p></dd></dl></div></div><div class="section" title="winbind uid"><div class="titlepage"><div><div><h3 class="title"><a name="id2550562"></a>
    24532481
    24542482<a name="WINBINDUID"></a>winbind uid
    2455 </h3></div></div></div><a class="indexterm" name="id2544423"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544453"></a>
     2483</h3></div></div></div><a class="indexterm" name="id2550563"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" title="idmap uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550593"></a>
    24562484
    24572485idmap uid (G)
    2458 </h3></div></div></div><a class="indexterm" name="id2544454"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2486</h3></div></div></div><a class="indexterm" name="id2550594"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
    24592487        The idmap uid parameter specifies the range of user ids that are
    24602488        allocated for use in mapping UNIX users to NT user SIDs. This
     
    24662494</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal">10000-20000</code>
    24672495</em></span>
    2468 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544539"></a>
     2496</p></dd></dl></div></div><div class="section" title="include (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550679"></a>
    24692497
    24702498include (G)
    2471 </h3></div></div></div><a class="indexterm" name="id2544540"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2499</h3></div></div></div><a class="indexterm" name="id2550680"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    24722500        This allows you to include one config file inside another.  The file is included literally, as though typed
    24732501        in place.
     
    24872515</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>include</code></em> = <code class="literal">/usr/local/samba/lib/admin_smb.conf</code>
    24882516</em></span>
    2489 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544640"></a>
     2517</p></dd></dl></div></div><div class="section" title="inherit acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550780"></a>
    24902518
    24912519inherit acls (S)
    2492 </h3></div></div></div><a class="indexterm" name="id2544641"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls
     2520</h3></div></div></div><a class="indexterm" name="id2550781"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls
    24932521    exist on parent directories, they are always honored when creating a
    24942522    new file or subdirectory in these parent directories. The default
     
    24982526</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit acls</code></em> = <code class="literal">no</code>
    24992527</em></span>
    2500 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544687"></a>
     2528</p></dd></dl></div></div><div class="section" title="inherit owner (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550827"></a>
    25012529
    25022530inherit owner (S)
    2503 </h3></div></div></div><a class="indexterm" name="id2544688"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
     2531</h3></div></div></div><a class="indexterm" name="id2550828"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
    25042532        is normally governed by effective uid of the connected user.
    25052533        This option allows the Samba administrator to specify that
     
    25102538        roaming profile directory are actually owner by the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit owner</code></em> = <code class="literal">no</code>
    25112539</em></span>
    2512 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544740"></a>
     2540</p></dd></dl></div></div><div class="section" title="inherit permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2550880"></a>
    25132541
    25142542inherit permissions (S)
    2515 </h3></div></div></div><a class="indexterm" name="id2544742"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2543</h3></div></div></div><a class="indexterm" name="id2550881"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    25162544        The permissions on new files and directories are normally governed by <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>,
    25172545        <a class="link" href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a>, <a class="link" href="smb.conf.5.html#FORCECREATEMODE" target="_top">force create mode</a> and <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" target="_top">force directory mode</a> but the boolean inherit permissions parameter overrides this.
     
    25252553    share to be used flexibly by each user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit permissions</code></em> = <code class="literal">no</code>
    25262554</em></span>
    2527 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544890"></a>
     2555</p></dd></dl></div></div><div class="section" title="init logon delayed hosts (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551029"></a>
    25282556
    25292557init logon delayed hosts (G)
    2530 </h3></div></div></div><a class="indexterm" name="id2544891"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2558</h3></div></div></div><a class="indexterm" name="id2551030"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    25312559        This parameter takes a list of host names, addresses or networks for
    25322560        which the initial samlogon reply should be delayed (so other DCs get
     
    25392567</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>init logon delayed hosts</code></em> = <code class="literal">150.203.5. myhost.mynet.de</code>
    25402568</em></span>
    2541 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2544967"></a>
     2569</p></dd></dl></div></div><div class="section" title="init logon delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551107"></a>
    25422570
    25432571init logon delay (G)
    2544 </h3></div></div></div><a class="indexterm" name="id2544968"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2572</h3></div></div></div><a class="indexterm" name="id2551108"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    25452573        This parameter specifies a delay in milliseconds for the hosts configured
    25462574        for delayed initial samlogon with
     
    25482576        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>init logon delay</code></em> = <code class="literal">100</code>
    25492577</em></span>
    2550 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545022"></a>
     2578</p></dd></dl></div></div><div class="section" title="interfaces (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551162"></a>
    25512579
    25522580interfaces (G)
    2553 </h3></div></div></div><a class="indexterm" name="id2545023"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
     2581</h3></div></div></div><a class="indexterm" name="id2551163"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
    25542582        network interfaces list that Samba will use for browsing, name
    25552583        registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query
    25562584        the kernel for the list of all active interfaces and use any
    25572585        interfaces except 127.0.0.1 that are broadcast capable.</p><p>The option takes a list of interface strings. Each string
    2558         can be in any of the following forms:</p><div class="itemizedlist"><ul type="disc"><li><p>a network interface name (such as eth0).
     2586        can be in any of the following forms:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>a network interface name (such as eth0).
    25592587                This may include shell-like wildcards so eth* will match
    2560                 any interface starting with the substring "eth"</p></li><li><p>an IP address. In this case the netmask is
     2588                any interface starting with the substring "eth"</p></li><li class="listitem"><p>an IP address. In this case the netmask is
    25612589                determined from the list of interfaces obtained from the
    2562                 kernel</p></li><li><p>an IP/mask pair. </p></li><li><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such
     2590                kernel</p></li><li class="listitem"><p>an IP/mask pair. </p></li><li class="listitem"><p>a broadcast/mask pair.</p></li></ul></div><p>The "mask" parameters can either be a bit length (such
    25632591        as 24 for a C class network) or a full netmask in dotted
    25642592        decimal form.</p><p>The "IP" parameters above can either be a full dotted
     
    25752603</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>interfaces</code></em> = <code class="literal">eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</code>
    25762604</em></span>
    2577 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545139"></a>
     2605</p></dd></dl></div></div><div class="section" title="invalid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551279"></a>
    25782606
    25792607invalid users (S)
    2580 </h3></div></div></div><a class="indexterm" name="id2545140"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
     2608</h3></div></div></div><a class="indexterm" name="id2551280"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
    25812609    to login to this service. This is really a <span class="emphasis"><em>paranoid</em></span>
    25822610    check to absolutely ensure an improper setting does not breach
     
    25982626</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>invalid users</code></em> = <code class="literal">root fred admin @wheel</code>
    25992627</em></span>
    2600 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545254"></a>
     2628</p></dd></dl></div></div><div class="section" title="iprint server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551393"></a>
    26012629
    26022630iprint server (G)
    2603 </h3></div></div></div><a class="indexterm" name="id2545255"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2631</h3></div></div></div><a class="indexterm" name="id2551394"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    26042632    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">iprint</code>.
    26052633    </p><p>
     
    26102638</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code>
    26112639</em></span>
    2612 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545340"></a>
     2640</p></dd></dl></div></div><div class="section" title="keepalive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551480"></a>
    26132641
    26142642keepalive (G)
    2615 </h3></div></div></div><a class="indexterm" name="id2545341"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
     2643</h3></div></div></div><a class="indexterm" name="id2551481"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
    26162644    the number of seconds between <em class="parameter"><code>keepalive</code></em>
    26172645    packets. If this parameter is zero, no keepalive packets will be
     
    26232651</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = <code class="literal">600</code>
    26242652</em></span>
    2625 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545427"></a>
     2653</p></dd></dl></div></div><div class="section" title="kernel change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551567"></a>
    26262654
    26272655kernel change notify (S)
    2628 </h3></div></div></div><a class="indexterm" name="id2545428"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
     2656</h3></div></div></div><a class="indexterm" name="id2551568"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
    26292657        kernel for change notifications in directories so that
    26302658        SMB clients can refresh whenever the data on the server changes.
     
    26332661        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = <code class="literal">yes</code>
    26342662</em></span>
    2635 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545477"></a>
     2663</p></dd></dl></div></div><div class="section" title="kernel oplocks (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551617"></a>
    26362664
    26372665kernel oplocks (G)
    2638 </h3></div></div></div><a class="indexterm" name="id2545478"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
     2666</h3></div></div></div><a class="indexterm" name="id2551618"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
    26392667        (currently only IRIX and the Linux 2.4 kernel), this parameter
    26402668        allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks
     
    26462674        You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code>
    26472675</em></span>
    2648 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545566"></a>
     2676</p></dd></dl></div></div><div class="section" title="lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551706"></a>
    26492677
    26502678lanman auth (G)
    2651 </h3></div></div></div><a class="indexterm" name="id2545567"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
     2679</h3></div></div></div><a class="indexterm" name="id2551707"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
    26522680    authenticate users or permit password changes
    26532681    using the LANMAN password hash. If disabled, only clients which support NT
     
    26662694    special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code>
    26672695</em></span>
    2668 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545658"></a>
     2696</p></dd></dl></div></div><div class="section" title="large readwrite (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551798"></a>
    26692697
    26702698large readwrite (G)
    2671 </h3></div></div></div><a class="indexterm" name="id2545659"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
     2699</h3></div></div></div><a class="indexterm" name="id2551799"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
    26722700    <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> supports the new 64k
    26732701    streaming read and write varient SMB requests introduced with
     
    26782706        tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code>
    26792707</em></span>
    2680 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545715"></a>
     2708</p></dd></dl></div></div><div class="section" title="ldap admin dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551855"></a>
    26812709
    26822710ldap admin dn (G)
    2683 </h3></div></div></div><a class="indexterm" name="id2545716"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2711</h3></div></div></div><a class="indexterm" name="id2551856"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
    26842712        The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished  Name (DN) name used by Samba to contact
    26852713        the ldap server when retreiving  user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used
     
    26892717        </p><p>
    26902718        The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap  suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a>.
    2691         </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545824"></a>
     2719        </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="ldap connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2551964"></a>
    26922720
    26932721ldap connection timeout (G)
    2694 </h3></div></div></div><a class="indexterm" name="id2545825"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2722</h3></div></div></div><a class="indexterm" name="id2551965"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    26952723        This parameter tells the LDAP library calls which timeout in seconds
    26962724        they should honor during initial connection establishments to LDAP servers.
     
    27042732        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap connection timeout</code></em> = <code class="literal">2</code>
    27052733</em></span>
    2706 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545889"></a>
     2734</p></dd></dl></div></div><div class="section" title="ldap debug level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552029"></a>
    27072735
    27082736ldap debug level (G)
    2709 </h3></div></div></div><a class="indexterm" name="id2545890"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2737</h3></div></div></div><a class="indexterm" name="id2552030"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27102738                This parameter controls the debug level of the LDAP library
    27112739                calls. In the case of OpenLDAP, it is the same
     
    27242752</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug level</code></em> = <code class="literal">1</code>
    27252753</em></span>
    2726 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545977"></a>
     2754</p></dd></dl></div></div><div class="section" title="ldap debug threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552117"></a>
    27272755
    27282756ldap debug threshold (G)
    2729 </h3></div></div></div><a class="indexterm" name="id2545978"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2757</h3></div></div></div><a class="indexterm" name="id2552118"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27302758                This parameter controls the Samba debug level at which
    27312759                the ldap library debug output is
     
    27362764</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code>
    27372765</em></span>
    2738 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546045"></a>
     2766</p></dd></dl></div></div><div class="section" title="ldap delete dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552184"></a>
    27392767
    27402768ldap delete dn (G)
    2741 </h3></div></div></div><a class="indexterm" name="id2546046"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
     2769</h3></div></div></div><a class="indexterm" name="id2552186"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
    27422770        operation in the ldapsam deletes the complete entry or only the attributes
    27432771        specific to Samba.
    27442772        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code>
    27452773</em></span>
    2746 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546089"></a>
     2774</p></dd></dl></div></div><div class="section" title="ldap group suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552228"></a>
    27472775
    27482776ldap group suffix (G)
    2749 </h3></div></div></div><a class="indexterm" name="id2546090"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
     2777</h3></div></div></div><a class="indexterm" name="id2552230"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
    27502778        used for groups when these are added to the LDAP directory.
    27512779        If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix string is pre-pended to the
     
    27542782</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal">ou=Groups</code>
    27552783</em></span>
    2756 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546172"></a>
     2784</p></dd></dl></div></div><div class="section" title="ldap idmap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552312"></a>
    27572785
    27582786ldap idmap suffix (G)
    2759 </h3></div></div></div><a class="indexterm" name="id2546173"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2787</h3></div></div></div><a class="indexterm" name="id2552313"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27602788        This parameters specifies the suffix that is used when storing idmap mappings. If this parameter
    27612789        is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix
     
    27652793</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal">ou=Idmap</code>
    27662794</em></span>
    2767 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546255"></a>
     2795</p></dd></dl></div></div><div class="section" title="ldap machine suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552395"></a>
    27682796
    27692797ldap machine suffix (G)
    2770 </h3></div></div></div><a class="indexterm" name="id2546256"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2798</h3></div></div></div><a class="indexterm" name="id2552396"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27712799        It specifies where machines should be added to the ldap tree.  If this parameter is unset, the value of
    27722800        <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix string is pre-pended to the
     
    27762804</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = <code class="literal">ou=Computers</code>
    27772805</em></span>
    2778 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546337"></a>
     2806</p></dd></dl></div></div><div class="section" title="ldap page size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552477"></a>
     2807
     2808ldap page size (G)
     2809</h3></div></div></div><a class="indexterm" name="id2552478"></a><a name="LDAPPAGESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2810        This parameter specifies the number of entries per page.
     2811        </p><p>If the LDAP server supports paged results, clients can
     2812        request subsets of search results (pages) instead of the entire list.
     2813        This parameter specifies the size of these pages.
     2814        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">1024</code>
     2815</em></span>
     2816</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">512</code>
     2817</em></span>
     2818</p></dd></dl></div></div><div class="section" title="ldap passwd sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552543"></a>
    27792819
    27802820ldap passwd sync (G)
    2781 </h3></div></div></div><a class="indexterm" name="id2546338"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2821</h3></div></div></div><a class="indexterm" name="id2552544"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27822822        This option is used to define whether or not Samba should sync the LDAP password with the NT
    27832823        and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password
     
    27852825        </p><p>
    27862826        The <a class="link" href="smb.conf.5.html#LDAPPASSWDSYNC" target="_top">ldap passwd sync</a> can be set to one of three values:
    2787         </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Yes</code></em>  =  Try
    2788                         to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>No</code></em> = Update NT and
    2789                         LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>Only</code></em> = Only update
     2827        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>Yes</code></em>  =  Try
     2828                        to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li class="listitem"><p><em class="parameter"><code>No</code></em> = Update NT and
     2829                        LM passwords and update the pwdLastSet time.</p></li><li class="listitem"><p><em class="parameter"><code>Only</code></em> = Only update
    27902830                        the LDAP password and let the LDAP server do the rest.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap passwd sync</code></em> = <code class="literal">no</code>
    27912831</em></span>
    2792 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546438"></a>
     2832</p></dd></dl></div></div><div class="section" title="ldap replication sleep (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552645"></a>
    27932833
    27942834ldap replication sleep (G)
    2795 </h3></div></div></div><a class="indexterm" name="id2546440"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2835</h3></div></div></div><a class="indexterm" name="id2552646"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27962836        When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server.
    27972837        This server then replicates our changes back to the 'local' server, however the replication might take some seconds,
     
    28062846        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code>
    28072847</em></span>
    2808 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546502"></a>
     2848</p></dd></dl></div></div><div class="section" title="ldapsam:editposix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552708"></a>
    28092849
    28102850ldapsam:editposix (G)
    2811 </h3></div></div></div><a class="indexterm" name="id2546503"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2851</h3></div></div></div><a class="indexterm" name="id2552709"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    28122852        Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
    28132853        eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
     
    28872927        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = <code class="literal">no</code>
    28882928</em></span>
    2889 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546636"></a>
     2929</p></dd></dl></div></div><div class="section" title="ldapsam:trusted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552841"></a>
    28902930
    28912931ldapsam:trusted (G)
    2892 </h3></div></div></div><a class="indexterm" name="id2546637"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2932</h3></div></div></div><a class="indexterm" name="id2552842"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
    28932933        By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
    28942934        access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group
     
    29082948        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:trusted</code></em> = <code class="literal">no</code>
    29092949</em></span>
    2910 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546725"></a>
     2950</p></dd></dl></div></div><div class="section" title="ldap ssl ads (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2552930"></a>
    29112951
    29122952ldap ssl ads (G)
    2913 </h3></div></div></div><a class="indexterm" name="id2546726"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
     2953</h3></div></div></div><a class="indexterm" name="id2552931"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
    29142954        use SSL when connecting to the ldap server using
    29152955        <span class="emphasis"><em>ads</em></span> methods.
     
    29212961        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl ads</code></em> = <code class="literal">no</code>
    29222962</em></span>
    2923 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2546810"></a>
     2963</p></dd></dl></div></div><div class="section" title="ldap ssl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553016"></a>
    29242964
    29252965ldap ssl (G)
    2926 </h3></div></div></div><a class="indexterm" name="id2546812"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
     2966</h3></div></div></div><a class="indexterm" name="id2553017"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
    29272967        use SSL when connecting to the ldap server
    29282968        This is <span class="emphasis"><em>NOT</em></span> related to
     
    29352975        <span class="emphasis"><em>or</em></span> by specifying <em class="parameter"><code>ldaps://</code></em> in
    29362976        the URL argument of <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a>.</p><p>The <a class="link" href="smb.conf.5.html#LDAPSSL" target="_top">ldap ssl</a> can be set to one of
    2937         two values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never
    2938                         use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>start tls</code></em> = Use
     2977        two values:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>Off</code></em> = Never
     2978                        use SSL when querying the directory.</p></li><li class="listitem"><p><em class="parameter"><code>start tls</code></em> = Use
    29392979                        the LDAPv3 StartTLS extended operation (RFC2830) for
    29402980                        communicating with the directory server.</p></li></ul></div><p>
     
    29492989        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
    29502990</em></span>
    2951 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547004"></a>
     2991</p></dd></dl></div></div><div class="section" title="ldap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553209"></a>
    29522992
    29532993ldap suffix (G)
    2954 </h3></div></div></div><a class="indexterm" name="id2547005"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
     2994</h3></div></div></div><a class="indexterm" name="id2553210"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
    29552995        The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>,
    29562996         <a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the
     
    29613001</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code>
    29623002</em></span>
    2963 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547126"></a>
     3003</p></dd></dl></div></div><div class="section" title="ldap timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553331"></a>
    29643004
    29653005ldap timeout (G)
    2966 </h3></div></div></div><a class="indexterm" name="id2547127"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3006</h3></div></div></div><a class="indexterm" name="id2553332"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    29673007        This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
    29683008        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code>
    29693009</em></span>
    2970 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547168"></a>
     3010</p></dd></dl></div></div><div class="section" title="ldap user suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553374"></a>
    29713011
    29723012ldap user suffix (G)
    2973 </h3></div></div></div><a class="indexterm" name="id2547170"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3013</h3></div></div></div><a class="indexterm" name="id2553375"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    29743014        This parameter specifies where users are added to the tree. If this parameter is unset,
    29753015        the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix
     
    29793019</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal">ou=people</code>
    29803020</em></span>
    2981 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547250"></a>
     3021</p></dd></dl></div></div><div class="section" title="level2 oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553455"></a>
    29823022
    29833023level2 oplocks (S)
    2984 </h3></div></div></div><a class="indexterm" name="id2547251"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
     3024</h3></div></div></div><a class="indexterm" name="id2553456"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
    29853025        level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients
    29863026        that have an oplock on a file to downgrade from a read-write oplock
     
    30023042        this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code>
    30033043</em></span>
    3004 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547357"></a>
     3044</p></dd></dl></div></div><div class="section" title="lm announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553562"></a>
    30053045
    30063046lm announce (G)
    3007 </h3></div></div></div><a class="indexterm" name="id2547358"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
     3047</h3></div></div></div><a class="indexterm" name="id2553563"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
    30083048        broadcasts that are needed by OS/2 clients in order for them to see
    30093049        the Samba server in their browse list. This parameter can have three
     
    30213061</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">yes</code>
    30223062</em></span>
    3023 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547479"></a>
     3063</p></dd></dl></div></div><div class="section" title="lm interval (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553684"></a>
    30243064
    30253065lm interval (G)
    3026 </h3></div></div></div><a class="indexterm" name="id2547480"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
     3066</h3></div></div></div><a class="indexterm" name="id2553685"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
    30273067        broadcasts needed by OS/2 clients (see the
    30283068                <a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> parameter) then this
     
    30343074</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code>
    30353075</em></span>
    3036 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547564"></a>
     3076</p></dd></dl></div></div><div class="section" title="load printers (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553769"></a>
    30373077
    30383078load printers (G)
    3039 </h3></div></div></div><a class="indexterm" name="id2547565"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
     3079</h3></div></div></div><a class="indexterm" name="id2553770"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
    30403080    printers in the printcap will be loaded for browsing by default.
    30413081    See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for
    30423082    more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code>
    30433083</em></span>
    3044 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547620"></a>
     3084</p></dd></dl></div></div><div class="section" title="local master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553825"></a>
    30453085
    30463086local master (G)
    3047 </h3></div></div></div><a class="indexterm" name="id2547621"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
     3087</h3></div></div></div><a class="indexterm" name="id2553826"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
    30483088        on a subnet. If set to <code class="constant">no</code> then <code class="literal">
    30493089        nmbd</code> will not attempt to become a local master browser
     
    30553095master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code>
    30563096</em></span>
    3057 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547720"></a>
     3097</p></dd></dl></div></div><div class="section" title="lock dir"><div class="titlepage"><div><div><h3 class="title"><a name="id2553925"></a>
    30583098
    30593099<a name="LOCKDIR"></a>lock dir
    3060 </h3></div></div></div><a class="indexterm" name="id2547721"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547752"></a>
     3100</h3></div></div></div><a class="indexterm" name="id2553926"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" title="lock directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2553957"></a>
    30613101
    30623102lock directory (G)
    3063 </h3></div></div></div><a class="indexterm" name="id2547753"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
     3103</h3></div></div></div><a class="indexterm" name="id2553958"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
    30643104        files will be placed.  The lock files are used to implement the
    30653105        <a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option.
     
    30713111</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = <code class="literal">/var/run/samba/locks</code>
    30723112</em></span>
    3073 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547830"></a>
     3113</p></dd></dl></div></div><div class="section" title="locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554035"></a>
    30743114
    30753115locking (S)
    3076 </h3></div></div></div><a class="indexterm" name="id2547831"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
     3116</h3></div></div></div><a class="indexterm" name="id2554036"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
    30773117        performed by the server in response to lock requests from the
    30783118        client.</p><p>If <code class="literal">locking = no</code>, all lock and unlock
     
    30843124        is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a
    30853125        specific service, as lack of locking may result in data corruption.
    3086         You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547906"></a>
     3126        You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="lock spin count (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554111"></a>
    30873127
    30883128lock spin count (G)
    3089 </h3></div></div></div><a class="indexterm" name="id2547907"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
     3129</h3></div></div></div><a class="indexterm" name="id2554112"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
    30903130        The functionality it contolled is now controlled by the parameter
    30913131        <a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>.
    30923132        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code>
    30933133</em></span>
    3094 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547961"></a>
     3134</p></dd></dl></div></div><div class="section" title="lock spin time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554166"></a>
    30953135
    30963136lock spin time (G)
    3097 </h3></div></div></div><a class="indexterm" name="id2547962"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
     3137</h3></div></div></div><a class="indexterm" name="id2554168"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in microseconds that smbd should
    30983138        keep waiting to see if a failed lock request can
    30993139        be granted. This parameter has changed in default
     
    31033143        to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code>
    31043144</em></span>
    3105 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548019"></a>
     3145</p></dd></dl></div></div><div class="section" title="log file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554225"></a>
    31063146
    31073147log file (G)
    3108 </h3></div></div></div><a class="indexterm" name="id2548020"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3148</h3></div></div></div><a class="indexterm" name="id2554226"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    31093149    This option allows you to override the name of the Samba log file (also known as the debug file).
    31103150    </p><p>
     
    31123152    </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code>
    31133153</em></span>
    3114 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548072"></a>
     3154</p></dd></dl></div></div><div class="section" title="debuglevel"><div class="titlepage"><div><div><h3 class="title"><a name="id2554277"></a>
    31153155
    31163156<a name="DEBUGLEVEL"></a>debuglevel
    3117 </h3></div></div></div><a class="indexterm" name="id2548073"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548103"></a>
     3157</h3></div></div></div><a class="indexterm" name="id2554278"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" title="log level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554308"></a>
    31183158
    31193159log level (G)
    3120 </h3></div></div></div><a class="indexterm" name="id2548104"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3160</h3></div></div></div><a class="indexterm" name="id2554309"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    31213161    The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
    31223162    <code class="filename">smb.conf</code> file.
     
    31253165    debug classes. This is to give greater flexibility in the configuration
    31263166    of the system. The following debug classes are currently implemented:
    3127     </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>all</code></em></p></li><li><p><em class="parameter"><code>tdb</code></em></p></li><li><p><em class="parameter"><code>printdrivers</code></em></p></li><li><p><em class="parameter"><code>lanman</code></em></p></li><li><p><em class="parameter"><code>smb</code></em></p></li><li><p><em class="parameter"><code>rpc_parse</code></em></p></li><li><p><em class="parameter"><code>rpc_srv</code></em></p></li><li><p><em class="parameter"><code>rpc_cli</code></em></p></li><li><p><em class="parameter"><code>passdb</code></em></p></li><li><p><em class="parameter"><code>sam</code></em></p></li><li><p><em class="parameter"><code>auth</code></em></p></li><li><p><em class="parameter"><code>winbind</code></em></p></li><li><p><em class="parameter"><code>vfs</code></em></p></li><li><p><em class="parameter"><code>idmap</code></em></p></li><li><p><em class="parameter"><code>quota</code></em></p></li><li><p><em class="parameter"><code>acls</code></em></p></li><li><p><em class="parameter"><code>locking</code></em></p></li><li><p><em class="parameter"><code>msdfs</code></em></p></li><li><p><em class="parameter"><code>dmapi</code></em></p></li><li><p><em class="parameter"><code>registry</code></em></p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">0</code>
     3167    </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>all</code></em></p></li><li class="listitem"><p><em class="parameter"><code>tdb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>printdrivers</code></em></p></li><li class="listitem"><p><em class="parameter"><code>lanman</code></em></p></li><li class="listitem"><p><em class="parameter"><code>smb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_parse</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_srv</code></em></p></li><li class="listitem"><p><em class="parameter"><code>rpc_cli</code></em></p></li><li class="listitem"><p><em class="parameter"><code>passdb</code></em></p></li><li class="listitem"><p><em class="parameter"><code>sam</code></em></p></li><li class="listitem"><p><em class="parameter"><code>auth</code></em></p></li><li class="listitem"><p><em class="parameter"><code>winbind</code></em></p></li><li class="listitem"><p><em class="parameter"><code>vfs</code></em></p></li><li class="listitem"><p><em class="parameter"><code>idmap</code></em></p></li><li class="listitem"><p><em class="parameter"><code>quota</code></em></p></li><li class="listitem"><p><em class="parameter"><code>acls</code></em></p></li><li class="listitem"><p><em class="parameter"><code>locking</code></em></p></li><li class="listitem"><p><em class="parameter"><code>msdfs</code></em></p></li><li class="listitem"><p><em class="parameter"><code>dmapi</code></em></p></li><li class="listitem"><p><em class="parameter"><code>registry</code></em></p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">0</code>
    31283168</em></span>
    31293169</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code>
    31303170</em></span>
    3131 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548336"></a>
     3171</p></dd></dl></div></div><div class="section" title="logon drive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554542"></a>
    31323172
    31333173logon drive (G)
    3134 </h3></div></div></div><a class="indexterm" name="id2548338"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3174</h3></div></div></div><a class="indexterm" name="id2554543"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    31353175        This parameter specifies the local path to which the home directory will be
    31363176        connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT
     
    31423182</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon drive</code></em> = <code class="literal">h:</code>
    31433183</em></span>
    3144 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548412"></a>
     3184</p></dd></dl></div></div><div class="section" title="logon home (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554617"></a>
    31453185
    31463186logon home (G)
    3147 </h3></div></div></div><a class="indexterm" name="id2548413"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3187</h3></div></div></div><a class="indexterm" name="id2554618"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    31483188        This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. 
    31493189        It allows you to do
     
    31763216</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code>
    31773217</em></span>
    3178 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548576"></a>
     3218</p></dd></dl></div></div><div class="section" title="logon path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554781"></a>
    31793219
    31803220logon path (G)
    3181 </h3></div></div></div><a class="indexterm" name="id2548577"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3221</h3></div></div></div><a class="indexterm" name="id2554782"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
    31823222        This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are
    31833223        stored.  Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
     
    32013241        </p><p>
    32023242        This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.
    3203         </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
    3204         Do not quote the value. Setting this as &#8220;<span class="quote">\\%N\profile\%U</span>&#8221;
     3243        </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
     3244        Do not quote the value. Setting this as <span class="quote">&#8220;<span class="quote">\\%N\profile\%U</span>&#8221;</span>
    32053245        will break profile handling. Where the tdbsam or ldapsam passdb backend
    32063246        is used, at the time the user account is created the value configured
     
    32233263        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>logon path</code></em> = <code class="literal">\\%N\%U\profile</code>
    32243264</em></span>
    3225 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548745"></a>
     3265</p></dd></dl></div></div><div class="section" title="logon script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2554950"></a>
    32263266
    32273267logon script (G)
    3228 </h3></div></div></div><a class="indexterm" name="id2548746"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3268</h3></div></div></div><a class="indexterm" name="id2554951"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    32293269        This parameter specifies the batch file (<code class="filename">.bat</code>) or NT command file
    32303270        (<code class="filename">.cmd</code>) to be downloaded and run on a machine when a user successfully logs in.  The file
     
    32573297</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon script</code></em> = <code class="literal">scripts\%U.bat</code>
    32583298</em></span>
    3259 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548914"></a>
     3299</p></dd></dl></div></div><div class="section" title="lppause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555120"></a>
    32603300
    32613301lppause command (S)
    3262 </h3></div></div></div><a class="indexterm" name="id2548916"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3302</h3></div></div></div><a class="indexterm" name="id2555121"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    32633303    executed on the server host in order to stop printing or spooling
    32643304    a specific print job.</p><p>This command should be a program or script which takes
     
    32843324</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p0</code>
    32853325</em></span>
    3286 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549062"></a>
     3326</p></dd></dl></div></div><div class="section" title="lpq cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555268"></a>
    32873327
    32883328lpq cache time (G)
    3289 </h3></div></div></div><a class="indexterm" name="id2549064"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
     3329</h3></div></div></div><a class="indexterm" name="id2555269"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
    32903330        for to prevent the <code class="literal">lpq</code> command being called too
    32913331        often. A separate cache is kept for each variation of the <code class="literal">
     
    33003340</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = <code class="literal">10</code>
    33013341</em></span>
    3302 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549181"></a>
     3342</p></dd></dl></div></div><div class="section" title="lpq command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555386"></a>
    33033343
    33043344lpq command (S)
    3305 </h3></div></div></div><a class="indexterm" name="id2549182"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3345</h3></div></div></div><a class="indexterm" name="id2555387"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    33063346    executed on the server host in order to obtain <code class="literal">lpq
    33073347    </code>-style printer status information.</p><p>This command should be a program or script which
     
    33253365</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq command</code></em> = <code class="literal">/usr/bin/lpq -P%p</code>
    33263366</em></span>
    3327 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549308"></a>
     3367</p></dd></dl></div></div><div class="section" title="lpresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555513"></a>
    33283368
    33293369lpresume command (S)
    3330 </h3></div></div></div><a class="indexterm" name="id2549309"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3370</h3></div></div></div><a class="indexterm" name="id2555514"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    33313371    executed on the server host in order to restart or continue
    33323372    printing or spooling a specific print job.</p><p>This command should be a program or script which takes
     
    33413381    is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code>
    33423382</em></span>
    3343 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549461"></a>
     3383</p></dd></dl></div></div><div class="section" title="lprm command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555666"></a>
    33443384
    33453385lprm command (S)
    3346 </h3></div></div></div><a class="indexterm" name="id2549462"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3386</h3></div></div></div><a class="indexterm" name="id2555667"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    33473387    executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes
    33483388    a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
     
    33613401        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code>
    33623402</em></span>
    3363 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549548"></a>
     3403</p></dd></dl></div></div><div class="section" title="machine password timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555753"></a>
    33643404
    33653405machine password timeout (G)
    3366 </h3></div></div></div><a class="indexterm" name="id2549549"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3406</h3></div></div></div><a class="indexterm" name="id2555754"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    33673407        If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change
    33683408        the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
     
    33743414        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code>
    33753415</em></span>
    3376 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549636"></a>
     3416</p></dd></dl></div></div><div class="section" title="magic output (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555841"></a>
    33773417
    33783418magic output (S)
    3379 </h3></div></div></div><a class="indexterm" name="id2549637"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3419</h3></div></div></div><a class="indexterm" name="id2555842"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    33803420        This parameter specifies the name of a file which will contain output created by a magic script (see the
    33813421        <a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below).
    3382         </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
     3422        </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
    33833423        </code></em> in the same directory the output file content is undefined.
    33843424        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">&lt;magic script name&gt;.out</code>
     
    33863426</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code>
    33873427</em></span>
    3388 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549720"></a>
     3428</p></dd></dl></div></div><div class="section" title="magic script (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2555925"></a>
    33893429
    33903430magic script (S)
    3391 </h3></div></div></div><a class="indexterm" name="id2549721"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
     3431</h3></div></div></div><a class="indexterm" name="id2555926"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
    33923432        if opened, will be executed by the server when the file is closed.
    33933433        This allows a UNIX script to be sent to the Samba host and
     
    34053445</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code>
    34063446</em></span>
    3407 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549825"></a>
     3447</p></dd></dl></div></div><div class="section" title="mangled names (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556030"></a>
    34083448
    34093449mangled names (S)
    3410 </h3></div></div></div><a class="indexterm" name="id2549826"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
     3450</h3></div></div></div><a class="indexterm" name="id2556031"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
    34113451        should be mapped to DOS-compatible names ("mangled") and made visible,
    34123452        or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for
    3413         details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters
     3453        details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The first (up to) five alphanumeric characters
    34143454                        before the rightmost dot of the filename are preserved, forced
    34153455                        to upper case, and appear as the first (up to) five characters
    3416                         of the mangled name.</p></li><li><p>A tilde "~" is appended to the first part of the mangled
     3456                        of the mangled name.</p></li><li class="listitem"><p>A tilde "~" is appended to the first part of the mangled
    34173457                        name, followed by a two-character unique sequence, based on the
    34183458                        original root name (i.e., the original filename minus its final
     
    34213461                        characters.</p><p>Note that the character to use may be specified using
    34223462                                the <a class="link" href="smb.conf.5.html#MANGLINGCHAR" target="_top">mangling char</a>
    3423                         option, if you don't like '~'.</p></li><li><p>Files whose UNIX name begins with a dot will be
     3463                        option, if you don't like '~'.</p></li><li class="listitem"><p>Files whose UNIX name begins with a dot will be
    34243464                        presented as DOS hidden files. The mangled name will be created as
    34253465                        for other filenames, but with the leading dot removed and "___" as
     
    34333473        do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code>
    34343474</em></span>
    3435 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2549962"></a>
     3475</p></dd></dl></div></div><div class="section" title="mangle prefix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556167"></a>
    34363476
    34373477mangle prefix (G)
    3438 </h3></div></div></div><a class="indexterm" name="id2549963"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
     3478</h3></div></div></div><a class="indexterm" name="id2556168"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
    34393479        characters from the original name used when generating
    34403480        the mangled names. A larger value will give a weaker
     
    34463486</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code>
    34473487</em></span>
    3448 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550029"></a>
     3488</p></dd></dl></div></div><div class="section" title="mangling char (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556234"></a>
    34493489
    34503490mangling char (S)
    3451 </h3></div></div></div><a class="indexterm" name="id2550030"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
     3491</h3></div></div></div><a class="indexterm" name="id2556235"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
    34523492        the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The
    34533493        default is a '~' but this may interfere with some software. Use this option to set
     
    34563496</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code>
    34573497</em></span>
    3458 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550106"></a>
     3498</p></dd></dl></div></div><div class="section" title="mangling method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556312"></a>
    34593499
    34603500mangling method (G)
    3461 </h3></div></div></div><a class="indexterm" name="id2550108"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
     3501</h3></div></div></div><a class="indexterm" name="id2556313"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
    34623502        the mangled names. Can take two different values, "hash" and
    34633503        "hash2". "hash" is the algorithm that was used
     
    34703510</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code>
    34713511</em></span>
    3472 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550174"></a>
     3512</p></dd></dl></div></div><div class="section" title="map acl inherit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556379"></a>
    34733513
    34743514map acl inherit (S)
    3475 </h3></div></div></div><a class="indexterm" name="id2550175"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
     3515</h3></div></div></div><a class="indexterm" name="id2556380"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
    34763516    access control entry flags stored in Windows ACLs into an extended attribute
    34773517    called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
     
    34813521    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map acl inherit</code></em> = <code class="literal">no</code>
    34823522</em></span>
    3483 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550231"></a>
     3523</p></dd></dl></div></div><div class="section" title="map archive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556436"></a>
    34843524
    34853525map archive (S)
    3486 </h3></div></div></div><a class="indexterm" name="id2550232"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3526</h3></div></div></div><a class="indexterm" name="id2556437"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    34873527        This controls whether the DOS archive attribute
    34883528        should be mapped to the UNIX owner execute bit.  The DOS archive bit
     
    34973537        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code>
    34983538</em></span>
    3499 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550306"></a>
     3539</p></dd></dl></div></div><div class="section" title="map hidden (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556511"></a>
    35003540
    35013541map hidden (S)
    3502 </h3></div></div></div><a class="indexterm" name="id2550307"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3542</h3></div></div></div><a class="indexterm" name="id2556512"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
    35033543        This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
    35043544        </p><p>
     
    35063546        bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>
    35073547        for details.
    3508         </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550364"></a>
     3548        </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="map read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556569"></a>
    35093549
    35103550map read only (S)
    3511 </h3></div></div></div><a class="indexterm" name="id2550365"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3551</h3></div></div></div><a class="indexterm" name="id2556570"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    35123552        This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
    35133553        </p><p>
     
    35163556        present. If <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> is set to <code class="constant">yes</code> then this
    35173557        parameter is <span class="emphasis"><em>ignored</em></span>. This is a new parameter introduced in Samba version 3.0.21.
    3518         </p><p>The three settings are :</p><div class="itemizedlist"><ul type="disc"><li><p>
     3558        </p><p>The three settings are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
    35193559                <code class="constant">Yes</code> - The read only DOS attribute is mapped to the inverse of the user
    35203560                or owner write bit in the unix permission mode set. If the owner write bit is not set, the
     
    35243564                If the read only DOS attribute is unset, Samba simply sets the write bit of the
    35253565                owner to one.
    3526                 </p></li><li><p>
     3566                </p></li><li class="listitem"><p>
    35273567                <code class="constant">Permissions</code> - The read only DOS attribute is mapped to the effective permissions of
    35283568                the connecting user, as evaluated by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> by reading the unix permissions and POSIX ACL (if present).
    35293569                If the connecting user does not have permission to modify the file, the read only attribute
    35303570                is reported as being set on the file.
    3531                 </p></li><li><p>
     3571                </p></li><li class="listitem"><p>
    35323572                <code class="constant">No</code> - The read only DOS attribute is unaffected by permissions, and can only be set by
    35333573                the <a class="link" href="smb.conf.5.html#STOREDOSATTRIBUTES" target="_top">store dos attributes</a> method. This may be useful for exporting mounted CDs.
    35343574                </p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = <code class="literal">yes</code>
    35353575</em></span>
    3536 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550520"></a>
     3576</p></dd></dl></div></div><div class="section" title="map system (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556725"></a>
    35373577
    35383578map system (S)
    3539 </h3></div></div></div><a class="indexterm" name="id2550521"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3579</h3></div></div></div><a class="indexterm" name="id2556726"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
    35403580        This controls whether DOS style system files should be mapped to the UNIX group execute bit.
    35413581        </p><p>
     
    35453585        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code>
    35463586</em></span>
    3547 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550589"></a>
     3587</p></dd></dl></div></div><div class="section" title="map to guest (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2556795"></a>
    35483588
    35493589map to guest (G)
    3550 </h3></div></div></div><a class="indexterm" name="id2550590"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
     3590</h3></div></div></div><a class="indexterm" name="id2556796"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
    35513591    security</a> modes other than <em class="parameter"><code>security = share</code></em>
    35523592    and <em class="parameter"><code>security = server</code></em>
    35533593    - i.e. <code class="constant">user</code>, and <code class="constant">domain</code>.</p><p>This parameter can take four different values, which tell
    35543594    <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> what to do with user
    3555     login requests that don't match a valid UNIX user in some way.</p><p>The four settings are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">Never</code> - Means user login
     3595    login requests that don't match a valid UNIX user in some way.</p><p>The four settings are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">Never</code> - Means user login
    35563596            requests with an invalid password are rejected. This is the
    3557             default.</p></li><li><p><code class="constant">Bad User</code> - Means user
     3597            default.</p></li><li class="listitem"><p><code class="constant">Bad User</code> - Means user
    35583598            logins with an invalid password are rejected, unless the username
    35593599            does not exist, in which case it is treated as a guest login and
    3560             mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins
     3600            mapped into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p></li><li class="listitem"><p><code class="constant">Bad Password</code> - Means user logins
    35613601            with an invalid password are treated as a guest login and mapped
    35623602            into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. Note that
     
    35673607            that they got their password wrong. Helpdesk services will
    35683608            <span class="emphasis"><em>hate</em></span> you if you set the <em class="parameter"><code>map to
    3569             guest</code></em> parameter this way :-).</p></li><li><p><code class="constant">Bad Uid</code> - Is only applicable when Samba is configured
     3609            guest</code></em> parameter this way :-).</p></li><li class="listitem"><p><code class="constant">Bad Uid</code> - Is only applicable when Samba is configured
    35703610            in some type of domain mode security (security = {domain|ads}) and means that
    35713611            user logins which are successfully authenticated but which have no valid Unix
     
    35903630</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code>
    35913631</em></span>
    3592 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550829"></a>
     3632</p></dd></dl></div></div><div class="section" title="max connections (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557035"></a>
    35933633
    35943634max connections (S)
    3595 </h3></div></div></div><a class="indexterm" name="id2550830"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
     3635</h3></div></div></div><a class="indexterm" name="id2557036"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
    35963636    If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections
    35973637    will be refused if this number of connections to the service are already open. A value
     
    36013641</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">10</code>
    36023642</em></span>
    3603 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550915"></a>
     3643</p></dd></dl></div></div><div class="section" title="max disk size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557121"></a>
    36043644
    36053645max disk size (G)
    3606 </h3></div></div></div><a class="indexterm" name="id2550916"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
     3646</h3></div></div></div><a class="indexterm" name="id2557122"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
    36073647    on the apparent size of disks. If you set this option to 100
    36083648    then all shares will appear to be not larger than 100 MB in
     
    36183658</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max disk size</code></em> = <code class="literal">1000</code>
    36193659</em></span>
    3620 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533629"></a>
     3660</p></dd></dl></div></div><div class="section" title="max log size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557213"></a>
    36213661
    36223662max log size (G)
    3623 </h3></div></div></div><a class="indexterm" name="id2533630"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3663</h3></div></div></div><a class="indexterm" name="id2557214"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    36243664    This option (an integer in kilobytes) specifies the max size the log file should grow to.
    36253665    Samba periodically checks the size and if it is exceeded it will rename the file, adding
     
    36303670</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code>
    36313671</em></span>
    3632 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533700"></a>
     3672</p></dd></dl></div></div><div class="section" title="max mux (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557284"></a>
    36333673
    36343674max mux (G)
    3635 </h3></div></div></div><a class="indexterm" name="id2533701"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
     3675</h3></div></div></div><a class="indexterm" name="id2557285"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
    36363676    outstanding simultaneous SMB operations that Samba tells the client
    36373677        it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code>
    36383678</em></span>
    3639 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533743"></a>
     3679</p></dd></dl></div></div><div class="section" title="max open files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557327"></a>
    36403680
    36413681max open files (G)
    3642 </h3></div></div></div><a class="indexterm" name="id2533744"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
     3682</h3></div></div></div><a class="indexterm" name="id2557328"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
    36433683    open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file
    36443684    serving process may have open for a client at any one time. The
     
    36483688    this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">10000</code>
    36493689</em></span>
    3650 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2533803"></a>
     3690</p></dd></dl></div></div><div class="section" title="max print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557387"></a>
    36513691
    36523692max print jobs (S)
    3653 </h3></div></div></div><a class="indexterm" name="id2533804"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
     3693</h3></div></div></div><a class="indexterm" name="id2557388"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
    36543694    jobs allowable in a Samba printer queue at any given moment.
    36553695    If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client.
     
    36583698</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code>
    36593699</em></span>
    3660 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551524"></a>
     3700</p></dd></dl></div></div><div class="section" title="protocol"><div class="titlepage"><div><div><h3 class="title"><a name="id2557457"></a>
    36613701
    36623702<a name="PROTOCOL"></a>protocol
    3663 </h3></div></div></div><a class="indexterm" name="id2551526"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551557"></a>
     3703</h3></div></div></div><a class="indexterm" name="id2557458"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" title="max protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557490"></a>
    36643704
    36653705max protocol (G)
    3666 </h3></div></div></div><a class="indexterm" name="id2551558"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
    3667     protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">CORE</code>: Earliest version. No
    3668             concept of user names.</p></li><li><p><code class="constant">COREPLUS</code>: Slight improvements on
    3669             CORE for efficiency.</p></li><li><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
     3706</h3></div></div></div><a class="indexterm" name="id2557491"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
     3707    protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">CORE</code>: Earliest version. No
     3708            concept of user names.</p></li><li class="listitem"><p><code class="constant">COREPLUS</code>: Slight improvements on
     3709            CORE for efficiency.</p></li><li class="listitem"><p><code class="constant">LANMAN1</code>: First <span class="emphasis"><em>
    36703710            modern</em></span> version of the protocol. Long filename
    3671             support.</p></li><li><p><code class="constant">LANMAN2</code>: Updates to Lanman1 protocol.</p></li><li><p><code class="constant">NT1</code>: Current up to date version of the protocol.
     3711            support.</p></li><li class="listitem"><p><code class="constant">LANMAN2</code>: Updates to Lanman1 protocol.</p></li><li class="listitem"><p><code class="constant">NT1</code>: Current up to date version of the protocol.
    36723712            Used by Windows NT. Known as CIFS.</p></li></ul></div><p>Normally this option should not be set as the automatic
    36733713    negotiation phase in the SMB protocol takes care of choosing
     
    36763716</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code>
    36773717</em></span>
    3678 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551682"></a>
     3718</p></dd></dl></div></div><div class="section" title="max reported print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557615"></a>
    36793719
    36803720max reported print jobs (S)
    3681 </h3></div></div></div><a class="indexterm" name="id2551684"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3721</h3></div></div></div><a class="indexterm" name="id2557616"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    36823722    This parameter limits the maximum number of jobs displayed in a port monitor for
    36833723    Samba printer queue at any given moment. If this number is exceeded, the excess
     
    36883728</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code>
    36893729</em></span>
    3690 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551746"></a>
     3730</p></dd></dl></div></div><div class="section" title="max smbd processes (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557679"></a>
    36913731
    36923732max smbd processes (G)
    3693 </h3></div></div></div><a class="indexterm" name="id2551748"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
     3733</h3></div></div></div><a class="indexterm" name="id2557680"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
    36943734    as a stopgap to prevent degrading service to clients in the event that the server has insufficient
    36953735    resources to handle more than this number of connections.  Remember that under normal operating
     
    36993739</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max smbd processes</code></em> = <code class="literal">1000</code>
    37003740</em></span>
    3701 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551828"></a>
     3741</p></dd></dl></div></div><div class="section" title="max stat cache size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557760"></a>
    37023742
    37033743max stat cache size (G)
    3704 </h3></div></div></div><a class="indexterm" name="id2551829"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
     3744</h3></div></div></div><a class="indexterm" name="id2557762"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
    37053745          <em class="parameter"><code>stat cache</code></em> being used
    37063746          to speed up case insensitive name mappings. It represents
     
    37133753</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code>
    37143754</em></span>
    3715 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551897"></a>
     3755</p></dd></dl></div></div><div class="section" title="max ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557830"></a>
    37163756
    37173757max ttl (G)
    3718 </h3></div></div></div><a class="indexterm" name="id2551898"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
     3758</h3></div></div></div><a class="indexterm" name="id2557831"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
    37193759    of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is
    37203760    requesting a name using either a broadcast packet or from a WINS server. You should
    37213761        never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code>
    37223762</em></span>
    3723 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551956"></a>
     3763</p></dd></dl></div></div><div class="section" title="max wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557889"></a>
    37243764
    37253765max wins ttl (G)
    3726 </h3></div></div></div><a class="indexterm" name="id2551957"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
     3766</h3></div></div></div><a class="indexterm" name="id2557890"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
    37273767        (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum
    37283768    'time to live' of NetBIOS names that <code class="literal">nmbd</code>
     
    37303770        parameter.  The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code>
    37313771</em></span>
    3732 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552028"></a>
     3772</p></dd></dl></div></div><div class="section" title="max xmit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2557960"></a>
    37333773
    37343774max xmit (G)
    3735 </h3></div></div></div><a class="indexterm" name="id2552029"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
     3775</h3></div></div></div><a class="indexterm" name="id2557961"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
    37363776    that will be negotiated by Samba. The default is 16644, which
    37373777    matches the behavior of Windows 2000.  A value below 2048 is likely to cause problems.
     
    37413781</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max xmit</code></em> = <code class="literal">8192</code>
    37423782</em></span>
    3743 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552091"></a>
     3783</p></dd></dl></div></div><div class="section" title="message command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558023"></a>
    37443784
    37453785message command (G)
    3746 </h3></div></div></div><a class="indexterm" name="id2552092"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
     3786</h3></div></div></div><a class="indexterm" name="id2558024"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
    37473787        server receives a WinPopup style message.</p><p>This would normally be a command that would
    37483788        deliver the message somehow. How this is to be done is
     
    37603800        %u</code></em> won't work (<em class="parameter"><code>%U</code></em> may be better
    37613801        in this case).</p><p>Apart from the standard substitutions, some additional
    3762         ones apply. In particular:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%s</code></em> = the filename containing
    3763                                 the message.</p></li><li><p><em class="parameter"><code>%t</code></em> = the destination that
    3764                                 the message was sent to (probably the server name).</p></li><li><p><em class="parameter"><code>%f</code></em> = who the message
     3802        ones apply. In particular:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>%s</code></em> = the filename containing
     3803                                the message.</p></li><li class="listitem"><p><em class="parameter"><code>%t</code></em> = the destination that
     3804                                the message was sent to (probably the server name).</p></li><li class="listitem"><p><em class="parameter"><code>%f</code></em> = who the message
    37653805                                is from.</p></li></ul></div><p>You could make this command send mail, or whatever else
    37663806        takes your fancy. Please let us know of any really interesting
     
    37833823</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &amp;</code>
    37843824</em></span>
    3785 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552301"></a>
     3825</p></dd></dl></div></div><div class="section" title="min print space (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558233"></a>
    37863826
    37873827min print space (S)
    3788 </h3></div></div></div><a class="indexterm" name="id2552302"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
     3828</h3></div></div></div><a class="indexterm" name="id2558234"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
    37893829    space that must be available before a user will be able to spool
    37903830    a print job. It is specified in kilobytes. The default is 0, which
     
    37933833</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code>
    37943834</em></span>
    3795 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552363"></a>
     3835</p></dd></dl></div></div><div class="section" title="min protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558295"></a>
    37963836
    37973837min protocol (G)
    3798 </h3></div></div></div><a class="indexterm" name="id2552364"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
     3838</h3></div></div></div><a class="indexterm" name="id2558296"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
    37993839    lowest SMB protocol dialect than Samba will support.  Please refer
    38003840    to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a>
     
    38083848</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code>
    38093849</em></span>
    3810 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552462"></a>
     3850</p></dd></dl></div></div><div class="section" title="min receivefile size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558394"></a>
    38113851
    38123852min receivefile size (G)
    3813 </h3></div></div></div><a class="indexterm" name="id2552463"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
     3853</h3></div></div></div><a class="indexterm" name="id2558395"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
    38143854SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
    38153855be passed to any underlying kernel recvfile or splice system call (if there is no such
     
    38203860nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code>
    38213861</em></span>
    3822 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552543"></a>
     3862</p></dd></dl></div></div><div class="section" title="min wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558463"></a>
    38233863
    38243864min wins ttl (G)
    3825 </h3></div></div></div><a class="indexterm" name="id2552544"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
     3865</h3></div></div></div><a class="indexterm" name="id2558464"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
    38263866    when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live'
    38273867    of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in
     
    38293869    is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code>
    38303870</em></span>
    3831 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552614"></a>
     3871</p></dd></dl></div></div><div class="section" title="msdfs proxy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558534"></a>
    38323872
    38333873msdfs proxy (S)
    3834 </h3></div></div></div><a class="indexterm" name="id2552615"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
     3874</h3></div></div></div><a class="indexterm" name="id2558535"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
    38353875        stand-in for another CIFS share whose location is specified by
    38363876        the value of the parameter. When clients attempt to connect to
     
    38403880        options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code>
    38413881</em></span>
    3842 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552692"></a>
     3882</p></dd></dl></div></div><div class="section" title="msdfs root (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558612"></a>
    38433883
    38443884msdfs root (S)
    3845 </h3></div></div></div><a class="indexterm" name="id2552693"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
     3885</h3></div></div></div><a class="indexterm" name="id2558613"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
    38463886        share as a Dfs root and allows clients to browse the
    38473887        distributed file system tree rooted at the share directory.
     
    38513891        Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code>
    38523892</em></span>
    3853 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552747"></a>
     3893</p></dd></dl></div></div><div class="section" title="name cache timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558667"></a>
    38543894
    38553895name cache timeout (G)
    3856 </h3></div></div></div><a class="indexterm" name="id2552748"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
     3896</h3></div></div></div><a class="indexterm" name="id2558668"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
    38573897    entries in samba's hostname resolve cache time out. If
    38583898    the timeout is set to 0. the caching is disabled.
     
    38613901</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code>
    38623902</em></span>
    3863 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552808"></a>
     3903</p></dd></dl></div></div><div class="section" title="name resolve order (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558728"></a>
    38643904
    38653905name resolve order (G)
    3866 </h3></div></div></div><a class="indexterm" name="id2552809"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
     3906</h3></div></div></div><a class="indexterm" name="id2558729"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
    38673907    suite to determine what naming services to use and in what order
    38683908    to resolve host names to IP addresses. Its main purpose to is to
     
    38703910    separated string of name resolution options.</p><p>The options are: "lmhosts", "host",
    38713911    "wins" and "bcast". They cause names to be
    3872     resolved as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>
     3912    resolved as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
    38733913                <code class="constant">lmhosts</code> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has
    38743914            no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then
    38753915            any name type matches for lookup.
    3876                 </p></li><li><p>
     3916                </p></li><li class="listitem"><p>
    38773917                <code class="constant">host</code> : Do a standard host name to IP address resolution, using the system
    38783918                <code class="filename">/etc/hosts </code>, NIS, or DNS lookups. This method of name resolution is
     
    38813921                useful for active directory domains and results in a DNS query for the SRV RR entry matching
    38823922                _ldap._tcp.domain.
    3883         </p></li><li><p><code class="constant">wins</code> : Query a name with
     3923        </p></li><li class="listitem"><p><code class="constant">wins</code> : Query a name with
    38843924            the IP address listed in the <a class="link" href="smb.conf.5.html#WINSSERVER" target="_top">WINSSERVER</a> parameter.  If no WINS server has
    3885             been specified this method will be ignored.</p></li><li><p><code class="constant">bcast</code> : Do a broadcast on
     3925            been specified this method will be ignored.</p></li><li class="listitem"><p><code class="constant">bcast</code> : Do a broadcast on
    38863926            each of the known local interfaces listed in the <a class="link" href="smb.conf.5.html#INTERFACES" target="_top">interfaces</a>
    38873927            parameter. This is the least reliable of the name resolution
     
    38953935</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts bcast host</code>
    38963936</em></span>
    3897 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553010"></a>
     3937</p></dd></dl></div></div><div class="section" title="netbios aliases (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558930"></a>
    38983938
    38993939netbios aliases (G)
    3900 </h3></div></div></div><a class="indexterm" name="id2553011"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
     3940</h3></div></div></div><a class="indexterm" name="id2558931"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
    39013941        advertise as additional names by which the Samba server is known. This allows one machine
    39023942        to appear in browse lists under multiple names. If a machine is acting as a browse server
     
    39083948</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios aliases</code></em> = <code class="literal">TEST TEST1 TEST2</code>
    39093949</em></span>
    3910 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553076"></a>
     3950</p></dd></dl></div></div><div class="section" title="netbios name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2558996"></a>
    39113951
    39123952netbios name (G)
    3913 </h3></div></div></div><a class="indexterm" name="id2553077"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3953</h3></div></div></div><a class="indexterm" name="id2558998"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    39143954                This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
    39153955                of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
     
    39243964</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code>
    39253965</em></span>
    3926 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553158"></a>
     3966</p></dd></dl></div></div><div class="section" title="netbios scope (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559078"></a>
    39273967
    39283968netbios scope (G)
    3929 </h3></div></div></div><a class="indexterm" name="id2553159"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
     3969</h3></div></div></div><a class="indexterm" name="id2559079"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
    39303970        operate under. This should not be set unless every machine
    39313971        on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code>
    39323972</em></span>
    3933 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553200"></a>
     3973</p></dd></dl></div></div><div class="section" title="nis homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559120"></a>
    39343974
    39353975nis homedir (G)
    3936 </h3></div></div></div><a class="indexterm" name="id2553201"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
     3976</h3></div></div></div><a class="indexterm" name="id2559121"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
    39373977        UNIX systems that use an automounter, the user's home directory
    39383978        will often be mounted on a workstation on demand from a remote
     
    39533993        be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code>
    39543994</em></span>
    3955 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553280"></a>
     3995</p></dd></dl></div></div><div class="section" title="nt acl support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559200"></a>
    39563996
    39573997nt acl support (S)
    3958 </h3></div></div></div><a class="indexterm" name="id2553281"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
     3998</h3></div></div></div><a class="indexterm" name="id2559201"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
    39593999    UNIX permissions into Windows NT access control lists.  The UNIX
    39604000    permissions considered are the the traditional UNIX owner and
     
    39634003    releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code>
    39644004</em></span>
    3965 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553335"></a>
     4005</p></dd></dl></div></div><div class="section" title="ntlm auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559255"></a>
    39664006
    39674007ntlm auth (G)
    3968 </h3></div></div></div><a class="indexterm" name="id2553336"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
     4008</h3></div></div></div><a class="indexterm" name="id2559256"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
    39694009    authenticate users using the NTLM encrypted password response.
    39704010    If disabled, either the lanman password hash or an NTLMv2 response
     
    39744014        special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code>
    39754015</em></span>
    3976 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553399"></a>
     4016</p></dd></dl></div></div><div class="section" title="nt pipe support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559319"></a>
    39774017
    39784018nt pipe support (G)
    3979 </h3></div></div></div><a class="indexterm" name="id2553400"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
     4019</h3></div></div></div><a class="indexterm" name="id2559320"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
    39804020    <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT
    39814021    clients to connect to the NT SMB specific <code class="constant">IPC$</code>
     
    39834023        alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code>
    39844024</em></span>
    3985 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553455"></a>
     4025</p></dd></dl></div></div><div class="section" title="nt status support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559375"></a>
    39864026
    39874027nt status support (G)
    3988 </h3></div></div></div><a class="indexterm" name="id2553456"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
     4028</h3></div></div></div><a class="indexterm" name="id2559376"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
    39894029    support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
    39904030    If this option is set to <code class="constant">no</code> then Samba offers
     
    39924032    reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code>
    39934033</em></span>
    3994 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553517"></a>
     4034</p></dd></dl></div></div><div class="section" title="null passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559437"></a>
    39954035
    39964036null passwords (G)
    3997 </h3></div></div></div><a class="indexterm" name="id2553518"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
    3998 </em></span>
    3999 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553570"></a>
     4037</h3></div></div></div><a class="indexterm" name="id2559438"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
     4038</em></span>
     4039</p></dd></dl></div></div><div class="section" title="obey pam restrictions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559490"></a>
    40004040
    40014041obey pam restrictions (G)
    4002 </h3></div></div></div><a class="indexterm" name="id2553571"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
     4042</h3></div></div></div><a class="indexterm" name="id2559491"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
    40034043    (i.e. --with-pam), this parameter will control whether or not Samba
    40044044    should obey PAM's account and session management directives.  The
     
    40104050</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code>
    40114051</em></span>
    4012 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553641"></a>
     4052</p></dd></dl></div></div><div class="section" title="only user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559555"></a>
    40134053
    40144054only user (S)
    4015 </h3></div></div></div><a class="indexterm" name="id2553642"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
     4055</h3></div></div></div><a class="indexterm" name="id2559556"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
    40164056    connections with usernames not in the <em class="parameter"><code>user</code></em>
    40174057    list will be allowed. By default this option is disabled so that a
     
    40264066    name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code>
    40274067</em></span>
    4028 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553730"></a>
     4068</p></dd></dl></div></div><div class="section" title="oplock break wait time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559644"></a>
    40294069
    40304070oplock break wait time (G)
    4031 </h3></div></div></div><a class="indexterm" name="id2553731"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4071</h3></div></div></div><a class="indexterm" name="id2559645"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    40324072        This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too
    40334073        quickly when that client issues an SMB that can cause an oplock break request, then the network client can
    40344074        fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount
    40354075        of time Samba will wait before sending an oplock break request to such (broken) clients.
    4036         </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
     4076        </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
    40374077        DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
    40384078        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code>
    40394079</em></span>
    4040 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553785"></a>
     4080</p></dd></dl></div></div><div class="section" title="oplock contention limit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559698"></a>
    40414081
    40424082oplock contention limit (S)
    4043 </h3></div></div></div><a class="indexterm" name="id2553786"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4083</h3></div></div></div><a class="indexterm" name="id2559700"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    40444084        This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the
    40454085        granting of oplocks under multiple client contention for the same file.
     
    40494089        limit. This causes <code class="literal">smbd</code> to behave in a similar
    40504090        way to Windows NT.
    4051         </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
     4091        </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
    40524092        DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
    40534093        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code>
    40544094</em></span>
    4055 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553867"></a>
     4095</p></dd></dl></div></div><div class="section" title="oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559781"></a>
    40564096
    40574097oplocks (S)
    4058 </h3></div></div></div><a class="indexterm" name="id2553868"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4098</h3></div></div></div><a class="indexterm" name="id2559782"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    40594099        This boolean option tells <code class="literal">smbd</code> whether to
    40604100        issue oplocks (opportunistic locks) to file open requests on this
     
    40754115        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code>
    40764116</em></span>
    4077 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553966"></a>
     4117</p></dd></dl></div></div><div class="section" title="os2 driver map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559879"></a>
    40784118
    40794119os2 driver map (G)
    4080 </h3></div></div></div><a class="indexterm" name="id2553967"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
     4120</h3></div></div></div><a class="indexterm" name="id2559880"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
    40814121    path to a file containing a mapping of Windows NT printer driver
    40824122    names to OS/2 printer driver names.  The format is:</p><p>&lt;nt driver name&gt; = &lt;os2 driver name&gt;.&lt;device name&gt;</p><p>For example, a valid entry using the HP LaserJet 5
     
    40884128    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code>
    40894129</em></span>
    4090 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554033"></a>
     4130</p></dd></dl></div></div><div class="section" title="os level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2559947"></a>
    40914131
    40924132os level (G)
    4093 </h3></div></div></div><a class="indexterm" name="id2554034"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4133</h3></div></div></div><a class="indexterm" name="id2559948"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    40944134        This integer value controls what level Samba advertises itself as for browse elections. The value of this
    40954135        parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area.
     
    41074147</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code>
    41084148</em></span>
    4109 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554133"></a>
     4149</p></dd></dl></div></div><div class="section" title="pam password change (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560046"></a>
    41104150
    41114151pam password change (G)
    4112 </h3></div></div></div><a class="indexterm" name="id2554134"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
     4152</h3></div></div></div><a class="indexterm" name="id2560047"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
    41134153    this parameter, it is possible to use PAM's password change control
    41144154    flag for Samba.  If enabled, then PAM will be used for password
     
    41184158    <a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code>
    41194159</em></span>
    4120 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554205"></a>
     4160</p></dd></dl></div></div><div class="section" title="panic action (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560119"></a>
    41214161
    41224162panic action (G)
    4123 </h3></div></div></div><a class="indexterm" name="id2554206"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
     4163</h3></div></div></div><a class="indexterm" name="id2560120"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
    41244164        system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>      crashes. This is usually used to
    41254165        draw attention to the fact that a problem occurred.
     
    41284168</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code>
    41294169</em></span>
    4130 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554281"></a>
     4170</p></dd></dl></div></div><div class="section" title="paranoid server security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560195"></a>
    41314171
    41324172paranoid server security (G)
    4133 </h3></div></div></div><a class="indexterm" name="id2554282"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
     4173</h3></div></div></div><a class="indexterm" name="id2560196"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
    41344174    users with a bad passowrd. When this option is enabled, samba will not
    41354175    use a broken NT 4.x server as password server, but instead complain
     
    41394179    bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code>
    41404180</em></span>
    4141 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554332"></a>
     4181</p></dd></dl></div></div><div class="section" title="passdb backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560246"></a>
    41424182
    41434183passdb backend (G)
    4144 </h3></div></div></div><a class="indexterm" name="id2554334"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
     4184</h3></div></div></div><a class="indexterm" name="id2560247"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
    41454185    will be used for storing user and possibly group information.  This allows
    41464186    you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location'
    41474187    string that has meaning only to that particular backed.  These are separated
    41484188    by a : character.</p><p>Available backends can include:
    4149         </p><div class="itemizedlist"><ul type="disc"><li><p><code class="literal">smbpasswd</code> - The default smbpasswd
     4189        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">smbpasswd</code> - The default smbpasswd
    41504190                backend. Takes a path to the smbpasswd file as an optional argument.
    4151                 </p></li><li><p><code class="literal">tdbsam</code> - The TDB based password storage
     4191                </p></li><li class="listitem"><p><code class="literal">tdbsam</code> - The TDB based password storage
    41524192                backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb
    4153                 in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" target="_top">private dir</a> directory.</p></li><li><p><code class="literal">ldapsam</code> - The LDAP based passdb
     4193                in the <a class="link" href="smb.conf.5.html#PRIVATEDIR" target="_top">private dir</a> directory.</p></li><li class="listitem"><p><code class="literal">ldapsam</code> - The LDAP based passdb
    41544194                backend.  Takes an LDAP URL as an optional argument (defaults to
    41554195                <code class="literal">ldap://localhost</code>)</p><p>LDAP connections should be secured where possible.  This may be done using either
     
    41754215</pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">smbpasswd</code>
    41764216</em></span>
    4177 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554490"></a>
     4217</p></dd></dl></div></div><div class="section" title="passdb expand explicit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560404"></a>
    41784218
    41794219passdb expand explicit (G)
    4180 </h3></div></div></div><a class="indexterm" name="id2554491"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4220</h3></div></div></div><a class="indexterm" name="id2560405"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    41814221        This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
    41824222        used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
     
    41844224    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code>
    41854225</em></span>
    4186 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554537"></a>
     4226</p></dd></dl></div></div><div class="section" title="passwd chat debug (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560450"></a>
    41874227
    41884228passwd chat debug (G)
    4189 </h3></div></div></div><a class="indexterm" name="id2554538"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
     4229</h3></div></div></div><a class="indexterm" name="id2560451"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
    41904230    parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the
    41914231    strings passed to and received from the passwd chat are printed
     
    42004240        parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code>
    42014241</em></span>
    4202 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554640"></a>
     4242</p></dd></dl></div></div><div class="section" title="passwd chat timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560554"></a>
    42034243
    42044244passwd chat timeout (G)
    4205 </h3></div></div></div><a class="indexterm" name="id2554641"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
     4245</h3></div></div></div><a class="indexterm" name="id2560555"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
    42064246    answer from a passwd chat script being run. Once the initial answer is received
    42074247    the subsequent answers must be received in one tenth of this time. The default it
    42084248    two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code>
    42094249</em></span>
    4210 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554685"></a>
     4250</p></dd></dl></div></div><div class="section" title="passwd chat (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560599"></a>
    42114251
    42124252passwd chat (G)
    4213 </h3></div></div></div><a class="indexterm" name="id2554686"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
     4253</h3></div></div></div><a class="indexterm" name="id2560600"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
    42144254    conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing
    42154255    program to change the user's password. The string describes a
     
    42424282</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd chat</code></em> = <code class="literal">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</code>
    42434283</em></span>
    4244 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2554891"></a>
     4284</p></dd></dl></div></div><div class="section" title="passwd program (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560804"></a>
    42454285
    42464286passwd program (G)
    4247 </h3></div></div></div><a class="indexterm" name="id2554892"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
     4287</h3></div></div></div><a class="indexterm" name="id2560805"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
    42484288    UNIX user passwords.  Any occurrences of <em class="parameter"><code>%u</code></em>
    42494289    will be replaced with the user name. The user name is checked for
     
    42664306</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd program</code></em> = <code class="literal">/bin/passwd %u</code>
    42674307</em></span>
    4268 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555026"></a>
     4308</p></dd></dl></div></div><div class="section" title="password level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2560940"></a>
    42694309
    42704310password level (G)
    4271 </h3></div></div></div><a class="indexterm" name="id2555027"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
     4311</h3></div></div></div><a class="indexterm" name="id2560941"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
    42724312    with mixed-case passwords.  One offending client is Windows for
    42734313    Workgroups, which for some reason forces passwords to upper
     
    42914331</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">4</code>
    42924332</em></span>
    4293 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555163"></a>
     4333</p></dd></dl></div></div><div class="section" title="password server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561076"></a>
    42944334
    42954335password server (G)
    4296 </h3></div></div></div><a class="indexterm" name="id2555164"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
     4336</h3></div></div></div><a class="indexterm" name="id2561078"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
    42974337    or Active Directory domain controller with this option,
    42984338    and using <code class="literal">security = [ads|domain|server]</code>
     
    43094349    by any method and order described in that parameter.</p><p>The password server must be a machine capable of using
    43104350    the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
    4311     user level security mode.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Using a password server  means your UNIX box (running
     4351    user level security mode.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Using a password server  means your UNIX box (running
    43124352    Samba) is only as secure as your  password server. <span class="emphasis"><em>DO NOT
    43134353    CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</em></span>.
     
    43384378    set to <code class="constant">server</code>, then there are different
    43394379    restrictions that <code class="literal">security = domain</code> doesn't
    4340     suffer from:</p><div class="itemizedlist"><ul type="disc"><li><p>You may list several password servers in
     4380    suffer from:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may list several password servers in
    43414381            the <em class="parameter"><code>password server</code></em> parameter, however if an
    43424382            <code class="literal">smbd</code> makes a connection to a password server,
     
    43444384            to be authenticated from this <code class="literal">smbd</code>.  This is a
    43454385            restriction of the SMB/CIFS protocol when in <code class="literal">security = server
    4346             </code> mode and cannot be fixed in Samba.</p></li><li><p>If you are using a Windows NT server as your
     4386            </code> mode and cannot be fixed in Samba.</p></li><li class="listitem"><p>If you are using a Windows NT server as your
    43474387            password server then you will have to ensure that your users
    43484388            are able to login from the Samba server, as when in <code class="literal">
     
    43544394</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code>
    43554395</em></span>
    4356 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555461"></a>
     4396</p></dd></dl></div></div><div class="section" title="directory"><div class="titlepage"><div><div><h3 class="title"><a name="id2561375"></a>
    43574397
    43584398<a name="DIRECTORY"></a>directory
    4359 </h3></div></div></div><a class="indexterm" name="id2555462"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555492"></a>
     4399</h3></div></div></div><a class="indexterm" name="id2561376"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" title="path (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561406"></a>
    43604400
    43614401path (S)
    4362 </h3></div></div></div><a class="indexterm" name="id2555493"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
     4402</h3></div></div></div><a class="indexterm" name="id2561407"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
    43634403        the user of the service is to be given access. In the case of
    43644404        printable services, this is where print data will spool prior to
     
    43774417</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code>
    43784418</em></span>
    4379 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555597"></a>
     4419</p></dd></dl></div></div><div class="section" title="pid directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561510"></a>
    43804420
    43814421pid directory (G)
    4382 </h3></div></div></div><a class="indexterm" name="id2555598"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4422</h3></div></div></div><a class="indexterm" name="id2561511"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    43834423        This option specifies the directory where pid files will be placed. 
    43844424        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code>
     
    43864426</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code>
    43874427</em></span>
    4388 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555657"></a>
     4428</p></dd></dl></div></div><div class="section" title="posix locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561569"></a>
    43894429
    43904430posix locking (S)
    4391 </h3></div></div></div><a class="indexterm" name="id2555658"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4431</h3></div></div></div><a class="indexterm" name="id2561570"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
    43924432        The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
    43934433        daemon maintains an database of file locks obtained by SMB clients. The default behavior is
     
    43974437        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code>
    43984438</em></span>
    4399 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555712"></a>
     4439</p></dd></dl></div></div><div class="section" title="postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561625"></a>
    44004440
    44014441postexec (S)
    4402 </h3></div></div></div><a class="indexterm" name="id2555713"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
     4442</h3></div></div></div><a class="indexterm" name="id2561626"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
    44034443        whenever the service is disconnected. It takes the usual
    44044444        substitutions. The command may be run as the root on some
     
    44084448</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" &gt;&gt; /tmp/log</code>
    44094449</em></span>
    4410 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555785"></a>
     4450</p></dd></dl></div></div><div class="section" title="preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561698"></a>
    44114451
    44124452preexec close (S)
    4413 </h3></div></div></div><a class="indexterm" name="id2555786"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4453</h3></div></div></div><a class="indexterm" name="id2561699"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    44144454        This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a>
    44154455        should close the service being connected to.
    44164456        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code>
    44174457</em></span>
    4418 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555840"></a>
     4458</p></dd></dl></div></div><div class="section" title="exec"><div class="titlepage"><div><div><h3 class="title"><a name="id2561753"></a>
    44194459
    44204460<a name="EXEC"></a>exec
    4421 </h3></div></div></div><a class="indexterm" name="id2555841"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555871"></a>
     4461</h3></div></div></div><a class="indexterm" name="id2561754"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" title="preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561785"></a>
    44224462
    44234463preexec (S)
    4424 </h3></div></div></div><a class="indexterm" name="id2555872"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
     4464</h3></div></div></div><a class="indexterm" name="id2561786"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
    44254465        the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome
    44264466        message every time they log in. Maybe a message of the day? Here
     
    44344474</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" &gt;&gt; /tmp/log</code>
    44354475</em></span>
    4436 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555979"></a>
     4476</p></dd></dl></div></div><div class="section" title="prefered master"><div class="titlepage"><div><div><h3 class="title"><a name="id2561893"></a>
    44374477
    44384478<a name="PREFEREDMASTER"></a>prefered master
    4439 </h3></div></div></div><a class="indexterm" name="id2555980"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556013"></a>
     4479</h3></div></div></div><a class="indexterm" name="id2561894"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" title="preferred master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2561926"></a>
    44404480
    44414481preferred master (G)
    4442 </h3></div></div></div><a class="indexterm" name="id2556014"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4482</h3></div></div></div><a class="indexterm" name="id2561927"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    44434483        This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser  for its workgroup.
    44444484        </p><p>
     
    44544494        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code>
    44554495</em></span>
    4456 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556106"></a>
     4496</p></dd></dl></div></div><div class="section" title="preload modules (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562019"></a>
    44574497
    44584498preload modules (G)
    4459 </h3></div></div></div><a class="indexterm" name="id2556107"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
     4499</h3></div></div></div><a class="indexterm" name="id2562020"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
    44604500        be loaded into smbd before a client connects. This improves
    44614501        the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code>
     
    44634503</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code>
    44644504</em></span>
    4465 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556167"></a>
     4505</p></dd></dl></div></div><div class="section" title="auto services"><div class="titlepage"><div><div><h3 class="title"><a name="id2562080"></a>
    44664506
    44674507<a name="AUTOSERVICES"></a>auto services
    4468 </h3></div></div></div><a class="indexterm" name="id2556168"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556200"></a>
     4508</h3></div></div></div><a class="indexterm" name="id2562081"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" title="preload (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562113"></a>
    44694509
    44704510preload (G)
    4471 </h3></div></div></div><a class="indexterm" name="id2556201"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
     4511</h3></div></div></div><a class="indexterm" name="id2562114"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
    44724512        automatically added to the browse lists. This is most useful
    44734513        for homes and printers services that would otherwise not be
     
    44804520</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code>
    44814521</em></span>
    4482 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556278"></a>
     4522</p></dd></dl></div></div><div class="section" title="preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562191"></a>
    44834523
    44844524preserve case (S)
    4485 </h3></div></div></div><a class="indexterm" name="id2556279"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4525</h3></div></div></div><a class="indexterm" name="id2562192"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    44864526        This controls if new filenames are created with the case that the client passes, or if
    44874527        they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
     
    44904530        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code>
    44914531</em></span>
    4492 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556344"></a>
     4532</p></dd></dl></div></div><div class="section" title="print ok"><div class="titlepage"><div><div><h3 class="title"><a name="id2562258"></a>
    44934533
    44944534<a name="PRINTOK"></a>print ok
    4495 </h3></div></div></div><a class="indexterm" name="id2556345"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556375"></a>
     4535</h3></div></div></div><a class="indexterm" name="id2562259"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" title="printable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562289"></a>
    44964536
    44974537printable (S)
    4498 </h3></div></div></div><a class="indexterm" name="id2556376"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
     4538</h3></div></div></div><a class="indexterm" name="id2562290"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
    44994539    clients may open, write to and submit spool files on the directory
    45004540    specified for the service. </p><p>Note that a printable service will ALWAYS allow writing
     
    45034543    the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code>
    45044544</em></span>
    4505 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556438"></a>
     4545</p></dd></dl></div></div><div class="section" title="printcap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562352"></a>
    45064546
    45074547printcap cache time (G)
    4508 </h3></div></div></div><a class="indexterm" name="id2556440"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
     4548</h3></div></div></div><a class="indexterm" name="id2562353"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
    45094549    subsystem is again asked for the known printers.  If the value
    45104550    is greater than 60 the initial waiting time is set to 60 seconds
     
    45164556</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code>
    45174557</em></span>
    4518 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556507"></a>
     4558</p></dd></dl></div></div><div class="section" title="printcap"><div class="titlepage"><div><div><h3 class="title"><a name="id2562421"></a>
    45194559
    45204560<a name="PRINTCAP"></a>printcap
    4521 </h3></div></div></div><a class="indexterm" name="id2556508"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556540"></a>
     4561</h3></div></div></div><a class="indexterm" name="id2562422"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" title="printcap name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562454"></a>
    45224562
    45234563printcap name (G)
    4524 </h3></div></div></div><a class="indexterm" name="id2556541"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4564</h3></div></div></div><a class="indexterm" name="id2562455"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    45254565        This parameter may be used to override the compiled-in default printcap name used by the server (usually
    45264566        <code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this.
     
    45504590    where the '|' separates aliases of a printer. The fact that the second alias has a space in
    45514591        it gives a hint to Samba that it's a comment.
    4552         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
     4592        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    45534593        Under AIX the default printcap name is <code class="filename">/etc/qconfig</code>. Samba will
    45544594        assume the file is in AIX <code class="filename">qconfig</code> format if the string <code class="filename">qconfig</code> appears in the printcap filename.
     
    45574597</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code>
    45584598</em></span>
    4559 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556725"></a>
     4599</p></dd></dl></div></div><div class="section" title="print command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562638"></a>
    45604600
    45614601print command (S)
    4562 </h3></div></div></div><a class="indexterm" name="id2556726"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
     4602</h3></div></div></div><a class="indexterm" name="id2562639"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
    45634603    a service, this command will be used via a <code class="literal">system()</code>
    45644604    call to process the spool file. Typically the command specified will
     
    46024642        set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code>
    46034643</em></span>
    4604 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2556994"></a>
     4644</p></dd></dl></div></div><div class="section" title="printer admin (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2562908"></a>
    46054645
    46064646printer admin (S)
    4607 </h3></div></div></div><a class="indexterm" name="id2556996"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4647</h3></div></div></div><a class="indexterm" name="id2562909"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
    46084648        This lists users who can do anything to printers
    46094649        via the remote administration interfaces offered
     
    46214661</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code>
    46224662</em></span>
    4623 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557064"></a>
     4663</p></dd></dl></div></div><div class="section" title="printer"><div class="titlepage"><div><div><h3 class="title"><a name="id2562977"></a>
    46244664
    46254665<a name="PRINTER"></a>printer
    4626 </h3></div></div></div><a class="indexterm" name="id2557065"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557095"></a>
     4666</h3></div></div></div><a class="indexterm" name="id2562978"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" title="printer name (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563008"></a>
    46274667
    46284668printer name (S)
    4629 </h3></div></div></div><a class="indexterm" name="id2557096"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4669</h3></div></div></div><a class="indexterm" name="id2563010"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    46304670        This parameter specifies the name of the printer to which print jobs spooled through a printable service
    46314671        will be sent.
     
    46404680</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code>
    46414681</em></span>
    4642 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557183"></a>
     4682</p></dd></dl></div></div><div class="section" title="printing (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563096"></a>
    46434683
    46444684printing (S)
    4645 </h3></div></div></div><a class="indexterm" name="id2557184"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status  information is
     4685</h3></div></div></div><a class="indexterm" name="id2563097"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status  information is
    46464686    interpreted on your system. It also affects the  default values for
    46474687    the <em class="parameter"><code>print command</code></em>,  <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and  <em class="parameter"><code>lprm command</code></em> if specified in the
     
    46604700<code class="literal">testparm -v.</code></code>
    46614701</em></span>
    4662 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557336"></a>
     4702</p></dd></dl></div></div><div class="section" title="printjob username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563250"></a>
    46634703
    46644704printjob username (S)
    4665 </h3></div></div></div><a class="indexterm" name="id2557337"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
     4705</h3></div></div></div><a class="indexterm" name="id2563251"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
    46664706    passed to the printing system. Usually, the username is sent,
    46674707    but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code>
     
    46694709</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code>
    46704710</em></span>
    4671 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557398"></a>
     4711</p></dd></dl></div></div><div class="section" title="private dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563311"></a>
    46724712
    46734713private dir (G)
    4674 </h3></div></div></div><a class="indexterm" name="id2557399"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
     4714</h3></div></div></div><a class="indexterm" name="id2563312"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
    46754715    smbd will use for storing such files as <code class="filename">smbpasswd</code>
    46764716    and <code class="filename">secrets.tdb</code>.
    46774717</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code>
    46784718</em></span>
    4679 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557452"></a>
     4719</p></dd></dl></div></div><div class="section" title="profile acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563365"></a>
    46804720
    46814721profile acls (S)
    4682 </h3></div></div></div><a class="indexterm" name="id2557453"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4722</h3></div></div></div><a class="indexterm" name="id2563366"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    46834723        This boolean parameter was added to fix the problems that people have been
    46844724        having with storing user profiles on Samba shares from Windows 2000 or
     
    47084748        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code>
    47094749</em></span>
    4710 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557536"></a>
     4750</p></dd></dl></div></div><div class="section" title="queuepause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563438"></a>
    47114751
    47124752queuepause command (S)
    4713 </h3></div></div></div><a class="indexterm" name="id2557537"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     4753</h3></div></div></div><a class="indexterm" name="id2563439"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    47144754    executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes
    47154755    a printer name as its only parameter and stops the printer queue,
     
    47224762        server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code>
    47234763</em></span>
    4724 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557612"></a>
     4764</p></dd></dl></div></div><div class="section" title="queueresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563515"></a>
    47254765
    47264766queueresume command (S)
    4727 </h3></div></div></div><a class="indexterm" name="id2557613"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     4767</h3></div></div></div><a class="indexterm" name="id2563516"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    47284768    executed on the server host in order to resume the printer queue. It
    47294769    is the command to undo the behavior that is caused by the
     
    47404780</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code>
    47414781</em></span>
    4742 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557714"></a>
     4782</p></dd></dl></div></div><div class="section" title="read list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563618"></a>
    47434783
    47444784read list (S)
    4745 </h3></div></div></div><a class="indexterm" name="id2557716"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4785</h3></div></div></div><a class="indexterm" name="id2563619"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
    47464786        This is a list of users that are given read-only access to a service. If the connecting user is in this list
    47474787        then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set
     
    47534793</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code>
    47544794</em></span>
    4755 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557815"></a>
     4795</p></dd></dl></div></div><div class="section" title="read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563717"></a>
    47564796
    47574797read only (S)
    4758 </h3></div></div></div><a class="indexterm" name="id2557816"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
     4798</h3></div></div></div><a class="indexterm" name="id2563718"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
    47594799    of a service may not create or modify files in the service's
    47604800    directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>)
     
    47624802    (user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code>
    47634803</em></span>
    4764 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557892"></a>
     4804</p></dd></dl></div></div><div class="section" title="read raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563793"></a>
    47654805
    47664806read raw (G)
    4767 </h3></div></div></div><a class="indexterm" name="id2557893"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
     4807</h3></div></div></div><a class="indexterm" name="id2563794"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
    47684808    will support the raw read SMB requests when transferring data
    47694809    to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in
     
    47744814        tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code>
    47754815</em></span>
    4776 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557952"></a>
     4816</p></dd></dl></div></div><div class="section" title="realm (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563854"></a>
    47774817
    47784818realm (G)
    4779 </h3></div></div></div><a class="indexterm" name="id2557953"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
     4819</h3></div></div></div><a class="indexterm" name="id2563855"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
    47804820        used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It
    47814821        is usually set to the DNS name of the kerberos server.
     
    47844824</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code>
    47854825</em></span>
    4786 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558017"></a>
     4826</p></dd></dl></div></div><div class="section" title="registry shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2563918"></a>
    47874827
    47884828registry shares (G)
    4789 </h3></div></div></div><a class="indexterm" name="id2558018"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4829</h3></div></div></div><a class="indexterm" name="id2563920"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    47904830        This turns on or off support for share definitions read from
    47914831        registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
     
    48024842</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>registry shares</code></em> = <code class="literal">yes</code>
    48034843</em></span>
    4804 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558103"></a>
     4844</p></dd></dl></div></div><div class="section" title="remote announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564005"></a>
    48054845
    48064846remote announce (G)
    4807 </h3></div></div></div><a class="indexterm" name="id2558104"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4847</h3></div></div></div><a class="indexterm" name="id2564006"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    48084848        This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically announce itself
    48094849        to arbitrary IP addresses with an arbitrary workgroup name.
     
    48294869        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code>
    48304870</em></span>
    4831 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558208"></a>
     4871</p></dd></dl></div></div><div class="section" title="remote browse sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564111"></a>
    48324872
    48334873remote browse sync (G)
    4834 </h3></div></div></div><a class="indexterm" name="id2558210"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4874</h3></div></div></div><a class="indexterm" name="id2564112"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    48354875        This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request
    48364876        synchronization of browse lists with the master browser of a Samba
     
    48644904        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code>
    48654905</em></span>
    4866 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558321"></a>
     4906</p></dd></dl></div></div><div class="section" title="rename user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564224"></a>
    48674907
    48684908rename user script (G)
    4869 </h3></div></div></div><a class="indexterm" name="id2558322"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4909</h3></div></div></div><a class="indexterm" name="id2564225"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    48704910        This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below.
    48714911        </p><p>
     
    48744914        <code class="literal">%unew</code>, will be substituted with the old and new usernames, respectively.  The script should
    48754915        return 0 upon successful completion, and nonzero otherwise.
    4876         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
     4916        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    48774917        The script has all responsibility to rename all the necessary data that is accessible in this posix method.
    48784918        This can mean different requirements for different backends.  The tdbsam and smbpasswd backends will take care
     
    48854925        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>rename user script</code></em> = <code class="literal">no</code>
    48864926</em></span>
    4887 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558411"></a>
     4927</p></dd></dl></div></div><div class="section" title="reset on zero vc (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564328"></a>
    48884928
    48894929reset on zero vc (G)
    4890 </h3></div></div></div><a class="indexterm" name="id2558412"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4930</h3></div></div></div><a class="indexterm" name="id2564329"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    48914931        This boolean option controls whether an incoming session setup
    48924932        should kill other connections coming from the same IP. This matches
     
    49074947        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>reset on zero vc</code></em> = <code class="literal">no</code>
    49084948</em></span>
    4909 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558464"></a>
     4949</p></dd></dl></div></div><div class="section" title="restrict anonymous (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564380"></a>
    49104950
    49114951restrict anonymous (G)
    4912 </h3></div></div></div><a class="indexterm" name="id2558465"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
     4952</h3></div></div></div><a class="indexterm" name="id2564382"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
    49134953    group list information is returned for an anonymous connection.
    49144954    and mirrors the effects of the
     
    49284968    as user and group list information can be obtained using other
    49294969        means.
    4930         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
     4970        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    49314971    The security advantage of using restrict anonymous = 2 is removed
    49324972    by setting <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok = yes</a> on any share.
    49334973        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code>
    49344974</em></span>
    4935 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558548"></a>
     4975</p></dd></dl></div></div><div class="section" title="root"><div class="titlepage"><div><div><h3 class="title"><a name="id2564465"></a>
    49364976
    49374977<a name="ROOT"></a>root
    4938 </h3></div></div></div><a class="indexterm" name="id2558549"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558581"></a>
     4978</h3></div></div></div><a class="indexterm" name="id2564466"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root dir"><div class="titlepage"><div><div><h3 class="title"><a name="id2564498"></a>
    49394979
    49404980<a name="ROOTDIR"></a>root dir
    4941 </h3></div></div></div><a class="indexterm" name="id2558582"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558613"></a>
     4981</h3></div></div></div><a class="indexterm" name="id2564499"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564529"></a>
    49424982
    49434983root directory (G)
    4944 </h3></div></div></div><a class="indexterm" name="id2558614"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
     4984</h3></div></div></div><a class="indexterm" name="id2564530"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
    49454985    Change its root directory) to this directory on startup. This is
    49464986    not strictly necessary for secure operation. Even without it the
     
    49655005</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code>
    49665006</em></span>
    4967 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558737"></a>
     5007</p></dd></dl></div></div><div class="section" title="root postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564653"></a>
    49685008
    49695009root postexec (S)
    4970 </h3></div></div></div><a class="indexterm" name="id2558738"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5010</h3></div></div></div><a class="indexterm" name="id2564654"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    49715011        This is the same as the <em class="parameter"><code>postexec</code></em>
    49725012        parameter except that the command is run as root. This is useful for
     
    49745014        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code>
    49755015</em></span>
    4976 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558786"></a>
     5016</p></dd></dl></div></div><div class="section" title="root preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564702"></a>
    49775017
    49785018root preexec close (S)
    4979 </h3></div></div></div><a class="indexterm" name="id2558787"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
     5019</h3></div></div></div><a class="indexterm" name="id2564703"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
    49805020        </code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code>
    49815021</em></span>
    4982 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558834"></a>
     5022</p></dd></dl></div></div><div class="section" title="root preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564750"></a>
    49835023
    49845024root preexec (S)
    4985 </h3></div></div></div><a class="indexterm" name="id2558835"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5025</h3></div></div></div><a class="indexterm" name="id2564751"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    49865026        This is the same as the <em class="parameter"><code>preexec</code></em>
    49875027        parameter except that the command is run as root. This is useful for
     
    49895029        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code>
    49905030</em></span>
    4991 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558882"></a>
     5031</p></dd></dl></div></div><div class="section" title="security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564799"></a>
    49925032
    49935033security mask (S)
    4994 </h3></div></div></div><a class="indexterm" name="id2558883"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5034</h3></div></div></div><a class="indexterm" name="id2564800"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
    49955035        This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
    49965036        UNIX permission on a file using the native NT security dialog box.
     
    50115051</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security mask</code></em> = <code class="literal">0770</code>
    50125052</em></span>
    5013 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558989"></a>
     5053</p></dd></dl></div></div><div class="section" title="security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2564905"></a>
    50145054
    50155055security (G)
    5016 </h3></div></div></div><a class="indexterm" name="id2558990"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
     5056</h3></div></div></div><a class="indexterm" name="id2564906"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
    50175057    Samba and is one of the most important settings in the <code class="filename">
    50185058    smb.conf</code> file.</p><p>The option sets the "security mode bit" in replies to
     
    50535093    techniques to determine the correct UNIX user to use on behalf
    50545094    of the client.</p><p>A list of possible UNIX usernames to match with the given
    5055     client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> parameter is set, then all the other
     5095    client password is constructed using the following methods :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>If the <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> parameter is set, then all the other
    50565096            stages are missed and only the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a> username is checked.
    5057             </p></li><li><p>Is a username is sent with the share connection
     5097            </p></li><li class="listitem"><p>Is a username is sent with the share connection
    50585098            request, then this username (after mapping - see <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a>),
    50595099            is added as a potential username.
    5060             </p></li><li><p>If the client did a previous <span class="emphasis"><em>logon
     5100            </p></li><li class="listitem"><p>If the client did a previous <span class="emphasis"><em>logon
    50615101            </em></span> request (the SessionSetup SMB call) then the
    50625102            username sent in this SMB will be added as a potential username.
    5063             </p></li><li><p>The name of the service the client requested is
     5103            </p></li><li class="listitem"><p>The name of the service the client requested is
    50645104            added as a potential username.
    5065             </p></li><li><p>The NetBIOS name of the client is added to
     5105            </p></li><li class="listitem"><p>The NetBIOS name of the client is added to
    50665106            the list as a potential username.
    5067             </p></li><li><p>Any users on the <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> list are added as potential usernames.
     5107            </p></li><li class="listitem"><p>Any users on the <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> list are added as potential usernames.
    50685108            </p></li></ul></div><p>If the <em class="parameter"><code>guest only</code></em> parameter is
    50695109    not set, then this list is then tried with the supplied password.
     
    51115151        revert back to checking the UNIX password file, it must have a valid <code class="filename">smbpasswd</code> file to check users against. See the chapter about the User Database in
    51125152        the Samba HOWTO Collection for details on how to set this up.
    5113 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This mode of operation has
     5153</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This mode of operation has
    51145154    significant pitfalls since it is more vulnerable to
    51155155    man-in-the-middle attacks and server impersonation.  In particular,
     
    51195159    there is no way to reestablish it, and futher authentications to the
    51205160    Samba server may fail (from a single client, till it disconnects).
    5121         </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
     5161        </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
    51225162    view, <code class="literal">security = server</code> is the
    51235163    same as <code class="literal">security = user</code>.  It
     
    51385178</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code>
    51395179</em></span>
    5140 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559873"></a>
     5180</p></dd></dl></div></div><div class="section" title="server schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565784"></a>
    51415181
    51425182server schannel (G)
    5143 </h3></div></div></div><a class="indexterm" name="id2559874"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5183</h3></div></div></div><a class="indexterm" name="id2565785"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    51445184        This controls whether the server offers or even demands the use of the netlogon schannel.
    51455185        <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel.
     
    51525192</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code>
    51535193</em></span>
    5154 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559989"></a>
     5194</p></dd></dl></div></div><div class="section" title="server signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565900"></a>
    51555195
    51565196server signing (G)
    5157 </h3></div></div></div><a class="indexterm" name="id2559990"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
     5197</h3></div></div></div><a class="indexterm" name="id2565901"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
    51585198    are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
    51595199    and <span class="emphasis"><em>disabled</em></span>.
     
    51625202        to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code>
    51635203</em></span>
    5164 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560050"></a>
     5204</p></dd></dl></div></div><div class="section" title="server string (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2565961"></a>
    51655205
    51665206server string (G)
    5167 </h3></div></div></div><a class="indexterm" name="id2560051"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
     5207</h3></div></div></div><a class="indexterm" name="id2565962"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
    51685208        manager and next to the IPC connection in <code class="literal">net view</code>. It
    51695209        can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next
     
    51745214</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server string</code></em> = <code class="literal">University of GNUs Samba Server</code>
    51755215</em></span>
    5176 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560142"></a>
     5216</p></dd></dl></div></div><div class="section" title="set directory (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566052"></a>
    51775217
    51785218set directory (S)
    5179 </h3></div></div></div><a class="indexterm" name="id2560143"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5219</h3></div></div></div><a class="indexterm" name="id2566053"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    51805220        If <code class="literal">set directory = no</code>, then        users of the
    51815221        service may not use the setdir command to change directory.
     
    51865226        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code>
    51875227</em></span>
    5188 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560202"></a>
     5228</p></dd></dl></div></div><div class="section" title="set primary group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566112"></a>
    51895229
    51905230set primary group script (G)
    5191 </h3></div></div></div><a class="indexterm" name="id2560203"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
     5231</h3></div></div></div><a class="indexterm" name="id2566113"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
    51925232        primary group in addition to the auxiliary groups.  This script
    51935233        sets the primary group in the unix userdatase when an
     
    52015241</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code>
    52025242</em></span>
    5203 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560284"></a>
     5243</p></dd></dl></div></div><div class="section" title="set quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566194"></a>
    52045244
    52055245set quota command (G)
    5206 </h3></div></div></div><a class="indexterm" name="id2560285"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
     5246</h3></div></div></div><a class="indexterm" name="id2566195"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
    52075247        whenever there is no operating system API available from the OS that
    52085248        samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or
    52095249        on linux when <code class="literal">./configure --with-quotas</code> was used and a working quota api
    52105250        was found in the system. Most packages are configured with these options already.</p><p>This parameter should specify the path to a script that
    5211         can set quota for the specified arguments.</p><p>The specified script should take the following arguments:</p><div class="itemizedlist"><ul type="disc"><li><p>1 - quota type
    5212                         </p><div class="itemizedlist"><ul type="circle"><li><p>1 - user quotas</p></li><li><p>2 - user default quotas (uid = -1)</p></li><li><p>3 - group quotas</p></li><li><p>4 - group default quotas (gid = -1)</p></li></ul></div></li><li><p>2 - id (uid for user, gid for group, -1 if N/A)</p></li><li><p>3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</p></li><li><p>4 - block softlimit</p></li><li><p>5 - block hardlimit</p></li><li><p>6 - inode softlimit</p></li><li><p>7 - inode hardlimit</p></li><li><p>8(optional) - block size, defaults to 1024</p></li></ul></div><p>The script should output at least one line of data on success. And nothing on failure.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal"></code>
     5251        can set quota for the specified arguments.</p><p>The specified script should take the following arguments:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1 - quota type
     5252                        </p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>1 - user quotas</p></li><li class="listitem"><p>2 - user default quotas (uid = -1)</p></li><li class="listitem"><p>3 - group quotas</p></li><li class="listitem"><p>4 - group default quotas (gid = -1)</p></li></ul></div></li><li class="listitem"><p>2 - id (uid for user, gid for group, -1 if N/A)</p></li><li class="listitem"><p>3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</p></li><li class="listitem"><p>4 - block softlimit</p></li><li class="listitem"><p>5 - block hardlimit</p></li><li class="listitem"><p>6 - inode softlimit</p></li><li class="listitem"><p>7 - inode hardlimit</p></li><li class="listitem"><p>8(optional) - block size, defaults to 1024</p></li></ul></div><p>The script should output at least one line of data on success. And nothing on failure.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal"></code>
    52135253</em></span>
    52145254</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code>
    52155255</em></span>
    5216 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560447"></a>
     5256</p></dd></dl></div></div><div class="section" title="share modes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566357"></a>
    52175257
    52185258share modes (S)
    5219 </h3></div></div></div><a class="indexterm" name="id2560448"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
     5259</h3></div></div></div><a class="indexterm" name="id2566358"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
    52205260        the <em class="parameter"><code>share modes</code></em> during a file open. These
    52215261        modes are used by clients to gain exclusive read or write access
     
    52295269        off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code>
    52305270</em></span>
    5231 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560523"></a>
     5271</p></dd></dl></div></div><div class="section" title="short preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566434"></a>
    52325272
    52335273short preserve case (S)
    5234 </h3></div></div></div><a class="indexterm" name="id2560524"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5274</h3></div></div></div><a class="indexterm" name="id2566435"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    52355275        This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
    52365276        suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
     
    52395279        </p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code>
    52405280</em></span>
    5241 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560603"></a>
     5281</p></dd></dl></div></div><div class="section" title="show add printer wizard (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566514"></a>
    52425282
    52435283show add printer wizard (G)
    5244 </h3></div></div></div><a class="indexterm" name="id2560604"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
     5284</h3></div></div></div><a class="indexterm" name="id2566515"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
    52455285    for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
    52465286    appear on Samba hosts in the share listing.  Normally this folder will
     
    52575297    parameter will always cause the OpenPrinterEx() on the server
    52585298        to fail.  Thus the APW icon will never be displayed.
    5259 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
     5299</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not prevent the same user from having
    52605300                administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code>
    52615301</em></span>
    5262 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560687"></a>
     5302</p></dd></dl></div></div><div class="section" title="shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566597"></a>
    52635303
    52645304shutdown script (G)
    5265 </h3></div></div></div><a class="indexterm" name="id2560688"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
     5305</h3></div></div></div><a class="indexterm" name="id2566598"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
    52665306         <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should
    52675307        start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
    5268         right, this command will be run as root.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>%z</code></em> will be substituted with the
    5269                         shutdown message sent to the server.</p></li><li><p><em class="parameter"><code>%t</code></em> will be substituted with the
     5308        right, this command will be run as root.</p><p>The %z %t %r %f variables are expanded as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>%z</code></em> will be substituted with the
     5309                        shutdown message sent to the server.</p></li><li class="listitem"><p><em class="parameter"><code>%t</code></em> will be substituted with the
    52705310                        number of seconds to wait before effectively starting the
    5271                         shutdown procedure.</p></li><li><p><em class="parameter"><code>%r</code></em> will be substituted with the
     5311                        shutdown procedure.</p></li><li class="listitem"><p><em class="parameter"><code>%r</code></em> will be substituted with the
    52725312                        switch <span class="emphasis"><em>-r</em></span>. It means reboot after shutdown
    5273                         for NT.</p></li><li><p><em class="parameter"><code>%f</code></em> will be substituted with the
     5313                        for NT.</p></li><li class="listitem"><p><em class="parameter"><code>%f</code></em> will be substituted with the
    52745314                        switch <span class="emphasis"><em>-f</em></span>. It means force the shutdown
    52755315                        even if applications do not respond for NT.</p></li></ul></div><p>Shutdown script example:
     
    52895329</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>shutdown script</code></em> = <code class="literal">/usr/local/samba/sbin/shutdown %m %t %r %f</code>
    52905330</em></span>
    5291 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560841"></a>
     5331</p></dd></dl></div></div><div class="section" title="smb encrypt (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566751"></a>
    52925332
    52935333smb encrypt (S)
    5294 </h3></div></div></div><a class="indexterm" name="id2560842"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
     5334</h3></div></div></div><a class="indexterm" name="id2566752"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
    52955335    extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
    52965336    SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
     
    53205360    to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code>
    53215361</em></span>
    5322 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560947"></a>
     5362</p></dd></dl></div></div><div class="section" title="smb passwd file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566858"></a>
    53235363
    53245364smb passwd file (G)
    5325 </h3></div></div></div><a class="indexterm" name="id2560948"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
     5365</h3></div></div></div><a class="indexterm" name="id2566859"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
    53265366    default the path to the smbpasswd file  is compiled into Samba.</p><p>
    53275367    An example of use is:
     
    53315371    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code>
    53325372</em></span>
    5333 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561000"></a>
     5373</p></dd></dl></div></div><div class="section" title="smb ports (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566911"></a>
    53345374
    53355375smb ports (G)
    5336 </h3></div></div></div><a class="indexterm" name="id2561002"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
    5337 </em></span>
    5338 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561042"></a>
     5376</h3></div></div></div><a class="indexterm" name="id2566912"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
     5377</em></span>
     5378</p></dd></dl></div></div><div class="section" title="socket address (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2566953"></a>
    53395379
    53405380socket address (G)
    5341 </h3></div></div></div><a class="indexterm" name="id2561043"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
     5381</h3></div></div></div><a class="indexterm" name="id2566954"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
    53425382        address Samba will listen for connections on. This is used to
    53435383        support multiple virtual interfaces on the one server, each
     
    53485388</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal">192.168.2.20</code>
    53495389</em></span>
    5350 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561112"></a>
     5390</p></dd></dl></div></div><div class="section" title="socket options (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567023"></a>
    53515391
    53525392socket options (G)
    5353 </h3></div></div></div><a class="indexterm" name="id2561114"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
     5393</h3></div></div></div><a class="indexterm" name="id2567024"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
    53545394    to be used when talking with the client.</p><p>Socket options are controls on the networking layer
    53555395    of the operating systems which allow the connection to be
     
    53675407    samba-technical@samba.org</a>.</p><p>Any of the supported socket options may be combined
    53685408    in any way you like, as long as your OS allows it.</p><p>This is the list of socket options currently settable
    5369     using this option:</p><div class="itemizedlist"><ul type="disc"><li><p>SO_KEEPALIVE</p></li><li><p>SO_REUSEADDR</p></li><li><p>SO_BROADCAST</p></li><li><p>TCP_NODELAY</p></li><li><p>IPTOS_LOWDELAY</p></li><li><p>IPTOS_THROUGHPUT</p></li><li><p>SO_SNDBUF *</p></li><li><p>SO_RCVBUF *</p></li><li><p>SO_SNDLOWAT *</p></li><li><p>SO_RCVLOWAT *</p></li></ul></div><p>Those marked with a <span class="emphasis"><em>'*'</em></span> take an integer
     5409    using this option:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>SO_KEEPALIVE</p></li><li class="listitem"><p>SO_REUSEADDR</p></li><li class="listitem"><p>SO_BROADCAST</p></li><li class="listitem"><p>TCP_NODELAY</p></li><li class="listitem"><p>IPTOS_LOWDELAY</p></li><li class="listitem"><p>IPTOS_THROUGHPUT</p></li><li class="listitem"><p>SO_SNDBUF *</p></li><li class="listitem"><p>SO_RCVBUF *</p></li><li class="listitem"><p>SO_SNDLOWAT *</p></li><li class="listitem"><p>SO_RCVLOWAT *</p></li></ul></div><p>Those marked with a <span class="emphasis"><em>'*'</em></span> take an integer
    53705410    argument. The others can optionally take a 1 or 0 argument to enable
    53715411    or disable the option, by default they will be enabled if you
     
    53795419</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code>
    53805420</em></span>
    5381 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561323"></a>
     5421</p></dd></dl></div></div><div class="section" title="stat cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567234"></a>
    53825422
    53835423stat cache (G)
    5384 </h3></div></div></div><a class="indexterm" name="id2561324"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
     5424</h3></div></div></div><a class="indexterm" name="id2567235"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
    53855425        speed up case insensitive name mappings. You should never need
    53865426        to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code>
    53875427</em></span>
    5388 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561374"></a>
     5428</p></dd></dl></div></div><div class="section" title="store dos attributes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567285"></a>
    53895429
    53905430store dos attributes (S)
    5391 </h3></div></div></div><a class="indexterm" name="id2561375"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5431</h3></div></div></div><a class="indexterm" name="id2567286"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    53925432        If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
    53935433        READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
     
    54015441        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code>
    54025442</em></span>
    5403 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561496"></a>
     5443</p></dd></dl></div></div><div class="section" title="strict allocate (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567407"></a>
    54045444
    54055445strict allocate (S)
    5406 </h3></div></div></div><a class="indexterm" name="id2561497"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
     5446</h3></div></div></div><a class="indexterm" name="id2567408"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
    54075447    disk space allocation in the server. When this is set to <code class="constant">yes</code>
    54085448    the server will change from UNIX behaviour of not committing real
     
    54165456    of users.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code>
    54175457</em></span>
    5418 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561566"></a>
     5458</p></dd></dl></div></div><div class="section" title="strict locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567477"></a>
    54195459
    54205460strict locking (S)
    5421 </h3></div></div></div><a class="indexterm" name="id2561567"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5461</h3></div></div></div><a class="indexterm" name="id2567478"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
    54225462        This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>,
    54235463        the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on
     
    54355475        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code>
    54365476</em></span>
    5437 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561646"></a>
     5477</p></dd></dl></div></div><div class="section" title="strict sync (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567556"></a>
    54385478
    54395479strict sync (S)
    5440 </h3></div></div></div><a class="indexterm" name="id2561647"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
     5480</h3></div></div></div><a class="indexterm" name="id2567557"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
    54415481    shell) seem to confuse flushing buffer contents to disk with doing
    54425482    a sync to disk. Under UNIX, a sync call forces the process to be
     
    54525492    reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code>
    54535493</em></span>
    5454 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561711"></a>
     5494</p></dd></dl></div></div><div class="section" title="svcctl list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567621"></a>
    54555495
    54565496svcctl list (G)
    5457 </h3></div></div></div><a class="indexterm" name="id2561712"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
     5497</h3></div></div></div><a class="indexterm" name="id2567622"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
    54585498    will use for starting and stopping Unix services via the Win32
    54595499    ServiceControl API.  This allows Windows administrators to
     
    54685508</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>svcctl list</code></em> = <code class="literal">cups postfix portmap httpd</code>
    54695509</em></span>
    5470 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561801"></a>
     5510</p></dd></dl></div></div><div class="section" title="sync always (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567707"></a>
    54715511
    54725512sync always (S)
    5473 </h3></div></div></div><a class="indexterm" name="id2561802"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
     5513</h3></div></div></div><a class="indexterm" name="id2567708"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
    54745514    whether writes will always be written to stable storage before
    54755515    the write call returns. If this is <code class="constant">no</code> then the server will be
     
    54825522    any affect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code>
    54835523</em></span>
    5484 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561871"></a>
     5524</p></dd></dl></div></div><div class="section" title="syslog only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567777"></a>
    54855525
    54865526syslog only (G)
    5487 </h3></div></div></div><a class="indexterm" name="id2561872"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5527</h3></div></div></div><a class="indexterm" name="id2567778"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    54885528    If this parameter is set then Samba debug messages are logged into the system
    54895529    syslog only, and not to the debug log files. There still will be some
     
    54915531    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code>
    54925532</em></span>
    5493 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561919"></a>
     5533</p></dd></dl></div></div><div class="section" title="syslog (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567825"></a>
    54945534
    54955535syslog (G)
    5496 </h3></div></div></div><a class="indexterm" name="id2561920"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5536</h3></div></div></div><a class="indexterm" name="id2567826"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
    54975537    This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
    54985538    Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto
     
    55055545    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code>
    55065546</em></span>
    5507 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2561989"></a>
     5547</p></dd></dl></div></div><div class="section" title="template homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567895"></a>
    55085548
    55095549template homedir (G)
    5510 </h3></div></div></div><a class="indexterm" name="id2561990"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
     5550</h3></div></div></div><a class="indexterm" name="id2567896"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
    55115551        user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon  uses this
    55125552        parameter to fill in the home directory for that user. If the
     
    55165556        is substituted with the user's Windows  NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code>
    55175557</em></span>
    5518 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562055"></a>
     5558</p></dd></dl></div></div><div class="section" title="template shell (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2567961"></a>
    55195559
    55205560template shell (G)
    5521 </h3></div></div></div><a class="indexterm" name="id2562056"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
     5561</h3></div></div></div><a class="indexterm" name="id2567962"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
    55225562        user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
    5523         parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562094"></a>
     5563        parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="time offset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568000"></a>
    55245564
    55255565time offset (G)
    5526 </h3></div></div></div><a class="indexterm" name="id2562095"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
     5566</h3></div></div></div><a class="indexterm" name="id2568001"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
    55275567        to the normal GMT to local time conversion. This is useful if
    55285568        you are serving a lot of PCs that have incorrect daylight
     
    55315571</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code>
    55325572</em></span>
    5533 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562154"></a>
     5573</p></dd></dl></div></div><div class="section" title="time server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568060"></a>
    55345574
    55355575time server (G)
    5536 </h3></div></div></div><a class="indexterm" name="id2562155"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
     5576</h3></div></div></div><a class="indexterm" name="id2568061"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
    55375577clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code>
    55385578</em></span>
    5539 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562204"></a>
     5579</p></dd></dl></div></div><div class="section" title="unix charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568110"></a>
    55405580
    55415581unix charset (G)
    5542 </h3></div></div></div><a class="indexterm" name="id2562206"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
     5582</h3></div></div></div><a class="indexterm" name="id2568112"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
    55435583                Samba runs on uses. Samba needs to know this in order to be able to
    55445584                convert text to the charsets other SMB clients use.
     
    55495589</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code>
    55505590</em></span>
    5551 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562270"></a>
     5591</p></dd></dl></div></div><div class="section" title="unix extensions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568176"></a>
    55525592
    55535593unix extensions (G)
    5554 </h3></div></div></div><a class="indexterm" name="id2562272"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
     5594</h3></div></div></div><a class="indexterm" name="id2568178"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
    55555595    implements the CIFS UNIX extensions, as defined by HP.
    55565596    These extensions enable Samba to better serve UNIX CIFS clients
     
    55595599    no current use to Windows clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code>
    55605600</em></span>
    5561 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562318"></a>
     5601</p></dd></dl></div></div><div class="section" title="unix password sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568224"></a>
    55625602
    55635603unix password sync (G)
    5564 </h3></div></div></div><a class="indexterm" name="id2562319"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
     5604</h3></div></div></div><a class="indexterm" name="id2568225"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
    55655605    attempts to synchronize the UNIX password with the SMB password
    55665606    when the encrypted SMB password in the smbpasswd file is changed.
     
    55715611        access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code>
    55725612</em></span>
    5573 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562379"></a>
     5613</p></dd></dl></div></div><div class="section" title="update encrypted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568285"></a>
    55745614
    55755615update encrypted (G)
    5576 </h3></div></div></div><a class="indexterm" name="id2562380"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5616</h3></div></div></div><a class="indexterm" name="id2568286"></a><a name="UPDATEENCRYPTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
    55775617        This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
    55785618        password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
     
    55925632        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>update encrypted</code></em> = <code class="literal">no</code>
    55935633</em></span>
    5594 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562498"></a>
     5634</p></dd></dl></div></div><div class="section" title="use client driver (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568404"></a>
    55955635
    55965636use client driver (S)
    5597 </h3></div></div></div><a class="indexterm" name="id2562499"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
     5637</h3></div></div></div><a class="indexterm" name="id2568405"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
    55985638    clients.  It has no effect on Windows 95/98/ME clients.  When
    55995639    serving a printer to Windows NT/2000 clients without first installing
     
    56205660        server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code>
    56215661</em></span>
    5622 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562578"></a>
     5662</p></dd></dl></div></div><div class="section" title="use kerberos keytab (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568484"></a>
    56235663
    56245664use kerberos keytab (G)
    5625 </h3></div></div></div><a class="indexterm" name="id2562580"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5665</h3></div></div></div><a class="indexterm" name="id2568486"></a><a name="USEKERBEROSKEYTAB"></a><div class="variablelist"><dl><dt></dt><dd><p>
    56265666        Specifies whether Samba should attempt to maintain service principals in the systems
    56275667        keytab file for <code class="constant">host/FQDN</code> and <code class="constant">cifs/FQDN</code>.
     
    56355675        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use kerberos keytab</code></em> = <code class="literal">False</code>
    56365676</em></span>
    5637 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562647"></a>
     5677</p></dd></dl></div></div><div class="section" title="use mmap (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568553"></a>
    56385678
    56395679use mmap (G)
    5640 </h3></div></div></div><a class="indexterm" name="id2562648"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
     5680</h3></div></div></div><a class="indexterm" name="id2568554"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
    56415681    depend on mmap working correctly on the running system. Samba requires a coherent
    56425682    mmap/read-write system memory cache. Currently only HPUX does not have such a
     
    56475687    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code>
    56485688</em></span>
    5649 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562699"></a>
     5689</p></dd></dl></div></div><div class="section" title="username level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568605"></a>
    56505690
    56515691username level (G)
    5652 </h3></div></div></div><a class="indexterm" name="id2562700"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
     5692</h3></div></div></div><a class="indexterm" name="id2568606"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
    56535693    the real UNIX username, as many DOS clients send an all-uppercase
    56545694    username. By default Samba tries all lowercase, followed by the
     
    56655705</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username level</code></em> = <code class="literal">5</code>
    56665706</em></span>
    5667 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562781"></a>
     5707</p></dd></dl></div></div><div class="section" title="username map script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568687"></a>
    56685708
    56695709username map script (G)
    5670 </h3></div></div></div><a class="indexterm" name="id2562782"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
     5710</h3></div></div></div><a class="indexterm" name="id2568688"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
    56715711        <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> parameter.  This parameter
    56725712        specifies and external program or script that must accept a single
     
    56795719</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map script</code></em> = <code class="literal">/etc/samba/scripts/mapusers.sh</code>
    56805720</em></span>
    5681 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2562858"></a>
     5721</p></dd></dl></div></div><div class="section" title="username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2568764"></a>
    56825722
    56835723username map (G)
    5684 </h3></div></div></div><a class="indexterm" name="id2562859"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5724</h3></div></div></div><a class="indexterm" name="id2568765"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    56855725        This option allows you to specify a file containing a mapping of usernames from the clients to the server.
    56865726        This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
     
    57665806# no username map</code>
    57675807</em></span>
    5768 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563137"></a>
     5808</p></dd></dl></div></div><div class="section" title="user"><div class="titlepage"><div><div><h3 class="title"><a name="id2569043"></a>
    57695809
    57705810<a name="USER"></a>user
    5771 </h3></div></div></div><a class="indexterm" name="id2563138"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563169"></a>
     5811</h3></div></div></div><a class="indexterm" name="id2569044"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="users"><div class="titlepage"><div><div><h3 class="title"><a name="id2569075"></a>
    57725812
    57735813<a name="USERS"></a>users
    5774 </h3></div></div></div><a class="indexterm" name="id2563170"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563201"></a>
     5814</h3></div></div></div><a class="indexterm" name="id2569076"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569107"></a>
    57755815
    57765816username (S)
    5777 </h3></div></div></div><a class="indexterm" name="id2563202"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
     5817</h3></div></div></div><a class="indexterm" name="id2569108"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
    57785818    list, in which case the supplied password will be tested against
    57795819    each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when
     
    58135853</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code>
    58145854</em></span>
    5815 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563371"></a>
     5855</p></dd></dl></div></div><div class="section" title="usershare allow guests (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569277"></a>
    58165856
    58175857usershare allow guests (G)
    5818 </h3></div></div></div><a class="indexterm" name="id2563372"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
     5858</h3></div></div></div><a class="indexterm" name="id2569278"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
    58195859        to be accessed by non-authenticated users or not. It is the equivalent
    58205860        of allowing people who can create a share the option of setting
     
    58235863        is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code>
    58245864</em></span>
    5825 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563424"></a>
     5865</p></dd></dl></div></div><div class="section" title="usershare max shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569330"></a>
    58265866
    58275867usershare max shares (G)
    5828 </h3></div></div></div><a class="indexterm" name="id2563425"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
     5868</h3></div></div></div><a class="indexterm" name="id2569331"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
    58295869        that are allowed to be created by users belonging to the group owning the
    58305870        usershare directory. If set to zero (the default) user defined shares are ignored.
    58315871        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code>
    58325872</em></span>
    5833 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563469"></a>
     5873</p></dd></dl></div></div><div class="section" title="usershare owner only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569375"></a>
    58345874
    58355875usershare owner only (G)
    5836 </h3></div></div></div><a class="indexterm" name="id2563470"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
     5876</h3></div></div></div><a class="indexterm" name="id2569376"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
    58375877        a user defined shares must be owned by the user creating the
    58385878        user defined share or not. If set to True (the default) then
     
    58445884        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code>
    58455885</em></span>
    5846 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563527"></a>
     5886</p></dd></dl></div></div><div class="section" title="usershare path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569425"></a>
    58475887
    58485888usershare path (G)
    5849 </h3></div></div></div><a class="indexterm" name="id2563528"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
     5889</h3></div></div></div><a class="indexterm" name="id2569426"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
    58505890        filesystem used to store the user defined share definition files.
    58515891        This directory must be owned by root, and have no access for
     
    58685908        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code>
    58695909</em></span>
    5870 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563598"></a>
     5910</p></dd></dl></div></div><div class="section" title="usershare prefix allow list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569496"></a>
    58715911
    58725912usershare prefix allow list (G)
    5873 </h3></div></div></div><a class="indexterm" name="id2563599"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
     5913</h3></div></div></div><a class="indexterm" name="id2569497"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
    58745914        the root of which are allowed to be exported by user defined share definitions.
    58755915        If the pathname to be exported doesn't start with one of the strings in this
     
    58865926</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code>
    58875927</em></span>
    5888 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563670"></a>
     5928</p></dd></dl></div></div><div class="section" title="usershare prefix deny list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569569"></a>
    58895929
    58905930usershare prefix deny list (G)
    5891 </h3></div></div></div><a class="indexterm" name="id2563671"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
     5931</h3></div></div></div><a class="indexterm" name="id2569570"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
    58925932        the root of which are NOT allowed to be exported by user defined share definitions.
    58935933        If the pathname exported starts with one of the strings in this
     
    59055945</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code>
    59065946</em></span>
    5907 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563745"></a>
     5947</p></dd></dl></div></div><div class="section" title="usershare template share (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569643"></a>
    59085948
    59095949usershare template share (G)
    5910 </h3></div></div></div><a class="indexterm" name="id2563746"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
     5950</h3></div></div></div><a class="indexterm" name="id2569644"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
    59115951        such as path, guest ok, etc. This parameter allows usershares to
    59125952        "cloned" from an existing share. If "usershare template share"
     
    59235963</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code>
    59245964</em></span>
    5925 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563818"></a>
     5965</p></dd></dl></div></div><div class="section" title="use sendfile (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569716"></a>
    59265966
    59275967use sendfile (S)
    5928 </h3></div></div></div><a class="indexterm" name="id2563819"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
     5968</h3></div></div></div><a class="indexterm" name="id2569717"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
    59295969    system call is supported by the underlying operating system, then some SMB read calls
    59305970    (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
     
    59355975    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use sendfile</code></em> = <code class="literal">false</code>
    59365976</em></span>
    5937 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563875"></a>
     5977</p></dd></dl></div></div><div class="section" title="use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569774"></a>
    59385978
    59395979use spnego (G)
    5940 </h3></div></div></div><a class="indexterm" name="id2563876"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
     5980</h3></div></div></div><a class="indexterm" name="id2569775"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
    59415981    to use Simple and Protected NEGOciation (as specified by rfc2478) with
    59425982    WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
     
    59465986        disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code>
    59475987</em></span>
    5948 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2563925"></a>
     5988</p></dd></dl></div></div><div class="section" title="utmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569823"></a>
    59495989
    59505990utmp directory (G)
    5951 </h3></div></div></div><a class="indexterm" name="id2563926"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
     5991</h3></div></div></div><a class="indexterm" name="id2569824"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
    59525992        been configured and compiled with the option <code class="literal">
    59535993        --with-utmp</code>. It specifies a directory pathname that is
     
    59616001</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>utmp directory</code></em> = <code class="literal">/var/run/utmp</code>
    59626002</em></span>
    5963 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564003"></a>
     6003</p></dd></dl></div></div><div class="section" title="utmp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569901"></a>
    59646004
    59656005utmp (G)
    5966 </h3></div></div></div><a class="indexterm" name="id2564004"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6006</h3></div></div></div><a class="indexterm" name="id2569902"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    59676007        This boolean parameter is only available if Samba has been configured and compiled 
    59686008        with the option <code class="literal">--with-utmp</code>. If set to
     
    59766016        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code>
    59776017</em></span>
    5978 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564066"></a>
     6018</p></dd></dl></div></div><div class="section" title="valid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2569964"></a>
    59796019
    59806020valid users (S)
    5981 </h3></div></div></div><a class="indexterm" name="id2564067"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6021</h3></div></div></div><a class="indexterm" name="id2569965"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    59826022    This is a list of users that should be allowed to login to this service. Names starting with
    59836023    '@', '+' and  '&amp;' are interpreted using the same rules as described in the
     
    59956035</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>valid users</code></em> = <code class="literal">greg, @pcusers</code>
    59966036</em></span>
    5997 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564157"></a>
     6037</p></dd></dl></div></div><div class="section" title="-valid (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570055"></a>
    59986038
    59996039-valid (S)
    6000 </h3></div></div></div><a class="indexterm" name="id2564158"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
     6040</h3></div></div></div><a class="indexterm" name="id2570056"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
    60016041        valid and thus can be used. When this parameter is set to false,
    60026042        the share will be in no way visible nor accessible.
     
    60076047        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code>
    60086048</em></span>
    6009 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564207"></a>
     6049</p></dd></dl></div></div><div class="section" title="veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570105"></a>
    60106050
    60116051veto files (S)
    6012 </h3></div></div></div><a class="indexterm" name="id2564208"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6052</h3></div></div></div><a class="indexterm" name="id2570106"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    60136053        This is a list of files and directories that are neither visible nor accessible.  Each entry in
    60146054        the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
     
    60416081        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto files</code></em> = <code class="literal">No files or directories are vetoed.</code>
    60426082</em></span>
    6043 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564325"></a>
     6083</p></dd></dl></div></div><div class="section" title="veto oplock files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570224"></a>
    60446084
    60456085veto oplock files (S)
    6046 </h3></div></div></div><a class="indexterm" name="id2564326"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6086</h3></div></div></div><a class="indexterm" name="id2570225"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    60476087        This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
    60486088        parameter is turned on for a share. It allows the Samba administrator
     
    60656105# No files are vetoed for oplock grants</code>
    60666106</em></span>
    6067 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564418"></a>
     6107</p></dd></dl></div></div><div class="section" title="vfs object"><div class="titlepage"><div><div><h3 class="title"><a name="id2570317"></a>
    60686108
    60696109<a name="VFSOBJECT"></a>vfs object
    6070 </h3></div></div></div><a class="indexterm" name="id2564420"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564450"></a>
     6110</h3></div></div></div><a class="indexterm" name="id2570318"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" title="vfs objects (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570349"></a>
    60716111
    60726112vfs objects (S)
    6073 </h3></div></div></div><a class="indexterm" name="id2564452"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
     6113</h3></div></div></div><a class="indexterm" name="id2570350"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
    60746114        are used for Samba VFS I/O operations.  By default, normal
    60756115        disk I/O operations are used but these can be overloaded
     
    60786118</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code>
    60796119</em></span>
    6080 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564510"></a>
     6120</p></dd></dl></div></div><div class="section" title="volume (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570409"></a>
    60816121
    60826122volume (S)
    6083 </h3></div></div></div><a class="indexterm" name="id2564512"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
     6123</h3></div></div></div><a class="indexterm" name="id2570410"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
    60846124        returned for a share. Useful for CDROMs with installation programs
    60856125        that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal">
    60866126# the name of the share</code>
    60876127</em></span>
    6088 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564554"></a>
     6128</p></dd></dl></div></div><div class="section" title="wide links (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570452"></a>
    60896129
    60906130wide links (S)
    6091 </h3></div></div></div><a class="indexterm" name="id2564555"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
     6131</h3></div></div></div><a class="indexterm" name="id2570454"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
    60926132        in the UNIX file system may be followed by the server. Links
    60936133        that point to areas within the directory tree exported by the
     
    60976137        that Samba has to  do in order to perform the link checks.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wide links</code></em> = <code class="literal">yes</code>
    60986138</em></span>
    6099 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564606"></a>
     6139</p></dd></dl></div></div><div class="section" title="winbind cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570505"></a>
    61006140
    61016141winbind cache time (G)
    6102 </h3></div></div></div><a class="indexterm" name="id2564607"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
     6142</h3></div></div></div><a class="indexterm" name="id2570506"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
    61036143        seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache
    61046144        user and group information before querying a Windows NT server
     
    61086148        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code>
    61096149</em></span>
    6110 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564678"></a>
     6150</p></dd></dl></div></div><div class="section" title="winbind enum groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570576"></a>
    61116151
    61126152winbind enum groups (G)
    6113 </h3></div></div></div><a class="indexterm" name="id2564679"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
     6153</h3></div></div></div><a class="indexterm" name="id2570577"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
    61146154        the enumeration of groups through the <code class="literal">setgrent()</code>,
    61156155        <code class="literal">getgrent()</code> and
     
    61176157        the <em class="parameter"><code>winbind enum groups</code></em> parameter is
    61186158        <code class="constant">no</code>, calls to the <code class="literal">getgrent()</code> system
    6119         call will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly.  </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
    6120 </em></span>
    6121 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564768"></a>
     6159        call will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly.  </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
     6160</em></span>
     6161</p></dd></dl></div></div><div class="section" title="winbind enum users (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570667"></a>
    61226162
    61236163winbind enum users (G)
    6124 </h3></div></div></div><a class="indexterm" name="id2564770"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
     6164</h3></div></div></div><a class="indexterm" name="id2570668"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
    61256165        necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>,
    61266166         <code class="literal">getpwent()</code> and
     
    61286168        the <em class="parameter"><code>winbind enum users</code></em> parameter is
    61296169         <code class="constant">no</code>, calls to the <code class="literal">getpwent</code> system call
    6130         will not return any data. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off user
     6170        will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off user
    61316171        enumeration may cause some programs to behave oddly.  For
    61326172        example, the finger program relies on having access to the
     
    61346174        usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code>
    61356175</em></span>
    6136 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564862"></a>
     6176</p></dd></dl></div></div><div class="section" title="winbind expand groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570760"></a>
    61376177
    61386178winbind expand groups (G)
    6139 </h3></div></div></div><a class="indexterm" name="id2564863"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
     6179</h3></div></div></div><a class="indexterm" name="id2570761"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
    61406180              will traverse when flattening nested group memberships
    61416181              of Windows domain groups.  This is different from the
     
    61496189         incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code>
    61506190</em></span>
    6151 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564931"></a>
     6191</p></dd></dl></div></div><div class="section" title="winbind nested groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570829"></a>
    61526192
    61536193winbind nested groups (G)
    6154 </h3></div></div></div><a class="indexterm" name="id2564932"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
     6194</h3></div></div></div><a class="indexterm" name="id2570830"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
    61556195                 groups. Nested groups are also called local groups or
    61566196                 aliases. They work like their counterparts in Windows: Nested
     
    61606200                 groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code>
    61616201</em></span>
    6162 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564981"></a>
     6202</p></dd></dl></div></div><div class="section" title="winbind normalize names (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570888"></a>
    61636203
    61646204winbind normalize names (G)
    6165 </h3></div></div></div><a class="indexterm" name="id2564982"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
     6205</h3></div></div></div><a class="indexterm" name="id2570889"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
    61666206          whitespace in user and group names with an underscore (_) character.
    61676207          For example, whether the name "Space Kadet" should be
     
    61836223</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code>
    61846224</em></span>
    6185 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565059"></a>
     6225</p></dd></dl></div></div><div class="section" title="winbind nss info (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2570965"></a>
    61866226
    61876227winbind nss info (G)
    6188 </h3></div></div></div><a class="indexterm" name="id2565060"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
     6228</h3></div></div></div><a class="indexterm" name="id2570966"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
    61896229        Service Information to construct a user's home directory and login shell.
    61906230        Currently the following settings are available:
    61916231
    6192         </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>template</code></em>
     6232        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="parameter"><code>template</code></em>
    61936233                        - The default, using the parameters of <em class="parameter"><code>template
    61946234                        shell</code></em> and <em class="parameter"><code>template homedir</code></em>)
    6195                         </p></li><li><p><em class="parameter"><code>&lt;sfu | rfc2307 &gt;</code></em>
     6235                        </p></li><li class="listitem"><p><em class="parameter"><code>&lt;sfu | rfc2307 &gt;</code></em>
    61966236                        - When Samba is running in security = ads and your Active Directory
    61976237                        Domain Controller does support the Microsoft "Services for Unix" (SFU)
     
    62086248</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">template sfu</code>
    62096249</em></span>
    6210 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565178"></a>
     6250</p></dd></dl></div></div><div class="section" title="winbind offline logon (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571085"></a>
    62116251
    62126252winbind offline logon (G)
    6213 </h3></div></div></div><a class="indexterm" name="id2565180"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
     6253</h3></div></div></div><a class="indexterm" name="id2571086"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
    62146254        allow to login with the <em class="parameter"><code>pam_winbind</code></em>
    62156255        module using Cached Credentials. If enabled, winbindd will store user credentials
     
    62196259</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code>
    62206260</em></span>
    6221 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565248"></a>
     6261</p></dd></dl></div></div><div class="section" title="winbind reconnect delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571154"></a>
    62226262
    62236263winbind reconnect delay (G)
    6224 </h3></div></div></div><a class="indexterm" name="id2565249"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
     6264</h3></div></div></div><a class="indexterm" name="id2571155"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
    62256265        seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will wait between
    62266266        attempts to contact a Domain controller for a domain that is
    62276267        determined to be down or not contactable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind reconnect delay</code></em> = <code class="literal">30</code>
    62286268</em></span>
    6229 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565300"></a>
     6269</p></dd></dl></div></div><div class="section" title="winbind refresh tickets (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571207"></a>
    62306270
    62316271winbind refresh tickets (G)
    6232 </h3></div></div></div><a class="indexterm" name="id2565302"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
     6272</h3></div></div></div><a class="indexterm" name="id2571208"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
    62336273        retrieved using the <em class="parameter"><code>pam_winbind</code></em> module.
    62346274
     
    62376277</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code>
    62386278</em></span>
    6239 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565368"></a>
     6279</p></dd></dl></div></div><div class="section" title="winbind rpc only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571274"></a>
    62406280
    62416281winbind rpc only (G)
    6242 </h3></div></div></div><a class="indexterm" name="id2565369"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6282</h3></div></div></div><a class="indexterm" name="id2571275"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    62436283        Setting this parameter to <code class="literal">yes</code> forces
    62446284        winbindd to use RPC instead of LDAP to retrieve information from Domain
     
    62466286        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code>
    62476287</em></span>
    6248 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565416"></a>
     6288</p></dd></dl></div></div><div class="section" title="winbind separator (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571323"></a>
    62496289
    62506290winbind separator (G)
    6251 </h3></div></div></div><a class="indexterm" name="id2565417"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
     6291</h3></div></div></div><a class="indexterm" name="id2571324"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
    62526292        used when listing a username of the form of <em class="replaceable"><code>DOMAIN
    62536293        </code></em>\<em class="replaceable"><code>user</code></em>.  This parameter
     
    62606300</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code>
    62616301</em></span>
    6262 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565503"></a>
     6302</p></dd></dl></div></div><div class="section" title="winbind trusted domains only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571410"></a>
    62636303
    62646304winbind trusted domains only (G)
    6265 </h3></div></div></div><a class="indexterm" name="id2565504"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6305</h3></div></div></div><a class="indexterm" name="id2571411"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    62666306        This parameter is designed to allow Samba servers that are members
    62676307        of a Samba controlled domain to use UNIX accounts distributed via NIS,
     
    62746314        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code>
    62756315</em></span>
    6276 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565570"></a>
     6316</p></dd></dl></div></div><div class="section" title="winbind use default domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571477"></a>
    62776317
    62786318winbind use default domain (G)
    6279 </h3></div></div></div><a class="indexterm" name="id2565572"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
     6319</h3></div></div></div><a class="indexterm" name="id2571478"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
    62806320         <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users 
    62816321        without domain component in their username. Users without a domain
     
    62876327</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code>
    62886328</em></span>
    6289 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565643"></a>
     6329</p></dd></dl></div></div><div class="section" title="wins hook (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571550"></a>
    62906330
    62916331wins hook (G)
    6292 </h3></div></div></div><a class="indexterm" name="id2565644"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
     6332</h3></div></div></div><a class="indexterm" name="id2571551"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
    62936333        allows you to call an external program for all changes to the
    62946334        WINS database. The primary use for this option is to allow the
    62956335        dynamic update of external name resolution databases such as
    62966336        dynamic DNS.</p><p>The wins hook parameter specifies the name of a script
    6297         or executable that will be called as follows:</p><p><code class="literal">wins_hook operation name nametype ttl IP_list</code></p><div class="itemizedlist"><ul type="disc"><li><p>The first argument is the operation and is
     6337        or executable that will be called as follows:</p><p><code class="literal">wins_hook operation name nametype ttl IP_list</code></p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>The first argument is the operation and is
    62986338                        one  of "add", "delete", or
    62996339                        "refresh". In most cases the operation
     
    63026342                        "refresh" may sometimes be called when
    63036343                        the  name has not previously been added, in that
    6304                         case it should be treated  as an add.</p></li><li><p>The second argument is the NetBIOS name. If the
     6344                        case it should be treated  as an add.</p></li><li class="listitem"><p>The second argument is the NetBIOS name. If the
    63056345                        name is not a legal name then the wins hook is not called.
    63066346                        Legal names contain only  letters, digits, hyphens, underscores
    6307                         and periods.</p></li><li><p>The third argument is the NetBIOS name
    6308                         type as a 2 digit hexadecimal number. </p></li><li><p>The fourth argument is the TTL (time to live)
    6309                         for the name in seconds.</p></li><li><p>The fifth and subsequent arguments are the IP
     6347                        and periods.</p></li><li class="listitem"><p>The third argument is the NetBIOS name
     6348                        type as a 2 digit hexadecimal number. </p></li><li class="listitem"><p>The fourth argument is the TTL (time to live)
     6349                        for the name in seconds.</p></li><li class="listitem"><p>The fifth and subsequent arguments are the IP
    63106350                        addresses currently registered for that name. If this list is
    63116351                        empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update
    63126352        program <code class="literal">nsupdate</code> is provided in the examples
    6313         directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565750"></a>
     6353        directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="wins proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571656"></a>
    63146354
    63156355wins proxy (G)
    6316 </h3></div></div></div><a class="indexterm" name="id2565751"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
     6356</h3></div></div></div><a class="indexterm" name="id2571657"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
    63176357        queries on behalf of  other hosts. You may need to set this
    63186358        to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code>
    63196359</em></span>
    6320 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565804"></a>
     6360</p></dd></dl></div></div><div class="section" title="wins server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571711"></a>
    63216361
    63226362wins server (G)
    6323 </h3></div></div></div><a class="indexterm" name="id2565806"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
     6363</h3></div></div></div><a class="indexterm" name="id2571712"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
    63246364        address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on
    63256365        your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a
     
    63286368        (working) server will be queried for a name. The tag should be
    63296369        separated from the ip address by a colon.
    6330         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You need to set up Samba to point
     6370        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You need to set up Samba to point
    63316371        to a WINS server if you have multiple subnets and wish cross-subnet
    63326372        browsing to work correctly.</p></div><p>See the chapter in the Samba3-HOWTO on Network Browsing.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal"></code>
     
    63406380</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code>
    63416381</em></span>
    6342 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565915"></a>
     6382</p></dd></dl></div></div><div class="section" title="wins support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571821"></a>
    63436383
    63446384wins support (G)
    6345 </h3></div></div></div><a class="indexterm" name="id2565916"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
     6385</h3></div></div></div><a class="indexterm" name="id2571822"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
    63466386        not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and
    63476387        you wish a particular <code class="literal">nmbd</code> to be your WINS server.
     
    63496389        on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code>
    63506390</em></span>
    6351 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565984"></a>
     6391</p></dd></dl></div></div><div class="section" title="workgroup (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571891"></a>
    63526392
    63536393workgroup (G)
    6354 </h3></div></div></div><a class="indexterm" name="id2565985"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
     6394</h3></div></div></div><a class="indexterm" name="id2571892"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
    63556395        appear to be in when queried by clients. Note that this parameter
    63566396        also controls the Domain name used with
     
    63606400</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code>
    63616401</em></span>
    6362 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566057"></a>
     6402</p></dd></dl></div></div><div class="section" title="writable"><div class="titlepage"><div><div><h3 class="title"><a name="id2571963"></a>
    63636403
    63646404<a name="WRITABLE"></a>writable
    6365 </h3></div></div></div><a class="indexterm" name="id2566058"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566088"></a>
     6405</h3></div></div></div><a class="indexterm" name="id2571964"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" title="writeable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2571995"></a>
    63666406
    63676407writeable (S)
    6368 </h3></div></div></div><a class="indexterm" name="id2566089"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
    6369 </em></span>
    6370 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566139"></a>
     6408</h3></div></div></div><a class="indexterm" name="id2571996"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
     6409</em></span>
     6410</p></dd></dl></div></div><div class="section" title="write cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572046"></a>
    63716411
    63726412write cache size (S)
    6373 </h3></div></div></div><a class="indexterm" name="id2566140"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
     6413</h3></div></div></div><a class="indexterm" name="id2572047"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
    63746414    Samba will create an in-memory cache for each oplocked file
    63756415    (it does <span class="emphasis"><em>not</em></span> do this for
     
    63896429#  for a 256k cache size per file</code>
    63906430</em></span>
    6391 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566223"></a>
     6431</p></dd></dl></div></div><div class="section" title="write list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572129"></a>
    63926432
    63936433write list (S)
    6394 </h3></div></div></div><a class="indexterm" name="id2566224"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6434</h3></div></div></div><a class="indexterm" name="id2572130"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
    63956435    This is a list of users that are given read-write access to a service. If the
    63966436    connecting user is in this list then they will be given write access, no matter
     
    64076447</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code>
    64086448</em></span>
    6409 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566316"></a>
     6449</p></dd></dl></div></div><div class="section" title="write raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572223"></a>
    64106450
    64116451write raw (G)
    6412 </h3></div></div></div><a class="indexterm" name="id2566317"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
     6452</h3></div></div></div><a class="indexterm" name="id2572224"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
    64136453    will support raw write SMB's when transferring data from clients.
    64146454    You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code>
    64156455</em></span>
    6416 </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566360"></a>
     6456</p></dd></dl></div></div><div class="section" title="wtmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id2572266"></a>
    64176457
    64186458wtmp directory (G)
    6419 </h3></div></div></div><a class="indexterm" name="id2566361"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6459</h3></div></div></div><a class="indexterm" name="id2572268"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    64206460        This parameter is only available if Samba has been configured and compiled with the option <code class="literal">
    64216461        --with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on
     
    64296469</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = <code class="literal">/var/log/wtmp</code>
    64306470</em></span>
    6431 </p></dd></dl></div></div></div></div><div class="refsect1" lang="en"><a name="id2566444"></a><h2>WARNINGS</h2><p>
     6471</p></dd></dl></div></div></div></div><div class="refsect1" title="WARNINGS"><a name="id2572350"></a><h2>WARNINGS</h2><p>
    64326472        Although the configuration file permits service names to contain spaces, your client software may not.
    64336473        Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
     
    64426482        care when designing these sections. In particular, ensure that the permissions on spool directories are
    64436483        correct.
    6444         </p></div><div class="refsect1" lang="en"><a name="id2566494"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2566504"></a><h2>SEE ALSO</h2><p>
    6445         <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id2566584"></a><h2>AUTHOR</h2><p>
     6484        </p></div><div class="refsect1" title="VERSION"><a name="id2572400"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id2572411"></a><h2>SEE ALSO</h2><p>
     6485        <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id2572490"></a><h2>AUTHOR</h2><p>
    64466486        The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
    64476487        by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
Note: See TracChangeset for help on using the changeset viewer.