Ignore:
Timestamp:
Nov 29, 2012, 2:06:31 PM (13 years ago)
Author:
Silvan Scherrer
Message:

Samba Server: updated trunk to 3.6.9 2nd part

Location:
trunk/server
Files:
6 deleted
34 edited
2 copied

Legend:

Unmodified
Added
Removed

  • trunk/server

  • trunk/server/docs/htmldocs/manpages/idmap_ad.8.html

    r745 r752  
    1313        to use it, using disjoint ranges. One usually needs to configure
    1414        a writeable default idmap range, using for example the
    15         <em class="parameter"><code>tdb</code></em> or <em class="parameter"><code>ldap</code></em>)
     15        <em class="parameter"><code>tdb</code></em> or <em class="parameter"><code>ldap</code></em>
    1616        backend, in order to be able to map the BUILTIN sids and
    1717        possibly other trusted domains. The writeable default config
     
    4242        </p><pre class="programlisting">
    4343        [global]
    44         idmap backend = tdb
    45         idmap uid = 1000000-1999999
    46         idmap gid = 1000000-1999999
     44        idmap config * : backend = tdb
     45        idmap config * : range = 1000000-1999999
    4746
    4847        idmap config CORP : backend  = ad
    4948        idmap config CORP : range = 1000-999999
    50         </pre></div><div class="refsect1" title="AUTHOR"><a name="id266886"></a><h2>AUTHOR</h2><p>
     49        </pre></div><div class="refsect1" title="AUTHOR"><a name="id266885"></a><h2>AUTHOR</h2><p>
    5150        The original Samba software and related utilities
    5251        were created by Andrew Tridgell. Samba is now developed

  • trunk/server/docs/htmldocs/manpages/idmap_adex.8.html

    r599 r752  
    3131        </p><pre class="programlisting">
    3232        [global]
    33         idmap backend = adex
    34         idmap uid = 1000-4000000000
    35         idmap gid = 1000-4000000000
     33        idmap config * : backend = adex
     34        idmap config * : range = 1000-4000000000
    3635
    3736        winbind nss info = adex

  • trunk/server/docs/htmldocs/manpages/idmap_autorid.8.html

    r745 r752  
    2020                        plan accordingly for your expected number of users in a domain
    2121                        with safety margins.
    22                 </p><p>The default value is 100000.</p></dd></dl></div></div><div class="refsect1" title="THE MAPPING FORMULAS"><a name="id266839"></a><h2>THE MAPPING FORMULAS</h2><p>
     22                        </p><p>One range will be used for local users and groups.
     23                        Thus the number of local users and groups that can be created is
     24                        limited by this option as well. If you plan to create a large amount
     25                        of local users or groups, you will need set this parameter accordingly.
     26                        </p><p>The default value is 100000.</p></dd></dl></div></div><div class="refsect1" title="THE MAPPING FORMULAS"><a name="id266845"></a><h2>THE MAPPING FORMULAS</h2><p>
    2327                The Unix ID for a RID is calculated this way:
    2428                </p><pre class="programlisting">
     
    3135                        RID = ID - IDMAP UID LOW VALUE - DOMAINRANGENUMBER * RANGESIZE
    3236                </pre><p>
    33         </p></div><div class="refsect1" title="EXAMPLES"><a name="id266864"></a><h2>EXAMPLES</h2><p>
     37        </p></div><div class="refsect1" title="EXAMPLES"><a name="id266870"></a><h2>EXAMPLES</h2><p>
    3438                This example shows you the minimal configuration that will
    3539                work for the principial domain and 19 trusted domains.
     
    4044        realm = CUSTOMER.COM
    4145
    42         idmap backend = autorid
    43         idmap uid = 1000000-1999999
    44         idmap gid = 1000000-1999999
     46        idmap config * : backend = autorid
     47        idmap config * : range = 1000000-1999999
    4548
    4649        </pre><p>
     
    4851                for all domains with a potentially large amount of users
    4952                plus a specific configuration for a trusted domain
    50                 that uses the SFU mapping scheme. Please note that idmap uid/gid
     53                that uses the SFU mapping scheme. Please note that idmap
    5154                ranges and sfu ranges are not allowed to overlap.
    5255        </p><pre class="programlisting">
     
    5659        realm = CUSTOMER.COM
    5760
    58         idmap backend = autorid
    59         autorid:rangesize = 1000000
    60         idmap uid = 1000000-19999999
    61         idmap gid = 1000000-19999999
     61        idmap config * : backend = autorid
     62        idmap config * : range = 1000000-19999999
     63        idmap config * : rangesize = 1000000
    6264
    6365        idmap config TRUSTED : backend  = ad
    6466        idmap config TRUSTED : range    = 50000 - 99999
    6567        idmap config TRUSTED : schema_mode = sfu
    66         </pre></div><div class="refsect1" title="AUTHOR"><a name="id266896"></a><h2>AUTHOR</h2><p>
     68        </pre></div><div class="refsect1" title="AUTHOR"><a name="id265697"></a><h2>AUTHOR</h2><p>
    6769        The original Samba software and related utilities
    6870        were created by Andrew Tridgell. Samba is now developed

  • trunk/server/docs/htmldocs/manpages/idmap_hash.8.html

    r599 r752  
    1515        </p><pre class="programlisting">
    1616        [global]
    17         idmap backend = hash
    18         idmap uid = 1000-4000000000
    19         idmap gid = 1000-4000000000
     17        idmap config * : backend = hash
     18        idmap config * : range = 1000-4000000000
    2019
    2120        winbind nss info = hash

  • trunk/server/docs/htmldocs/manpages/idmap_ldap.8.html

    r745 r752  
    55        In contrast to read only backends like idmap_rid, it is an allocating
    66        backend: This means that it needs to allocate new user and group IDs in
    7         order to create new mappings. The allocator can be provided by the
    8         idmap_ldap backend itself or by any other allocating backend like
    9         idmap_tdb or idmap_tdb2. This is configured with the
    10         parameter <em class="parameter"><code>idmap alloc backend</code></em>.
    11         </p><p>
    12         Note that in order for this (or any other allocating) backend to
    13         function at all, the default backend needs to be writeable.
    14         The ranges used for uid and gid allocation are the default ranges
    15         configured by "idmap uid" and "idmap gid".
    16         </p><p>
    17         Furthermore, since there is only one global allocating backend
    18         responsible for all domains using writeable idmap backends,
    19         any explicitly configured domain with idmap backend ldap
    20         should have the same range as the default range, since it needs
    21         to use the global uid / gid allocator. See the example below.
    22         </p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266361"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">ldap_base_dn = DN</span></dt><dd><p>
    23                         Defines the directory base suffix to use when searching for
     7        order to create new mappings.
     8        </p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266343"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">ldap_base_dn = DN</span></dt><dd><p>
     9                        Defines the directory base suffix to use for
    2410                        SID/uid/gid mapping entries.  If not defined, idmap_ldap will default
    2511                        to using the "ldap idmap suffix" option from smb.conf.
    2612                </p></dd><dt><span class="term">ldap_user_dn = DN</span></dt><dd><p>
    27                         Defines the user DN to be used for authentication. If absent an
    28                         anonymous bind will be performed.
     13                        Defines the user DN to be used for authentication.
     14                        The secret for authenticating this user should be
     15                        stored with net idmap secret
     16                        (see <a class="citerefentry" href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a>).
     17                        If absent, the ldap credentials from the ldap passdb configuration
     18                        are used, and if these are also absent, an anonymous
     19                        bind will be performed as last fallback.
    2920                </p></dd><dt><span class="term">ldap_url = ldap://server/</span></dt><dd><p>
    30                         Specifies the LDAP server to use when searching for existing
     21                        Specifies the LDAP server to use for
    3122                        SID/uid/gid map entries. If not defined, idmap_ldap will
    3223                        assume that ldap://localhost/ should be used.
     
    3425                        Defines the available matching uid and gid range for which the
    3526                        backend is authoritative.
    36                         If the parameter is absent, Winbind fails over to use the
    37                         "idmap uid" and "idmap gid" options
    38                         from smb.conf.
    39                 </p></dd></dl></div></div><div class="refsect1" title="IDMAP ALLOC OPTIONS"><a name="id266878"></a><h2>IDMAP ALLOC OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">ldap_base_dn = DN</span></dt><dd><p>
    40                         Defines the directory base suffix under which new SID/uid/gid mapping
    41                         entries should be stored.  If not defined, idmap_ldap will default
    42                         to using the "ldap idmap suffix" option from smb.conf.
    43                 </p></dd><dt><span class="term">ldap_user_dn = DN</span></dt><dd><p>
    44                         Defines the user DN to be used for authentication. If absent an
    45                         anonymous bind will be performed.
    46                 </p></dd><dt><span class="term">ldap_url = ldap://server/</span></dt><dd><p>
    47                         Specifies the LDAP server to which modify/add/delete requests should
    48                         be sent.  If not defined, idmap_ldap will assume that ldap://localhost/
    49                         should be used.
    50                 </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id265720"></a><h2>EXAMPLES</h2><p>
    51         The follow sets of a LDAP configuration which uses two LDAP
    52         directories, one for storing the ID mappings and one for retrieving
    53         new IDs.
     27                </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id266868"></a><h2>EXAMPLES</h2><p>
     28        The following example shows how an ldap directory is used as the
     29        default idmap backend. It also configures the idmap range and base
     30        directory suffix. The secret for the ldap_user_dn has to be set with
     31        "net idmap secret '*' password".
    5432        </p><pre class="programlisting">
    5533        [global]
    56         idmap backend = ldap:ldap://localhost/
    57         idmap uid = 1000000-1999999
    58         idmap gid = 1000000-1999999
     34        idmap config * : backend      = ldap
     35        idmap config * : range        = 1000000-1999999
     36        idmap config * : ldap_url     = ldap://localhost/
     37        idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
     38        idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
     39        </pre><p>
     40        This example shows how ldap can be used as a readonly backend while
     41        tdb is the default backend used to store the mappings.
     42        It adds an explicit configuration for some domain DOM1, that
     43        uses the ldap idmap backend. Note that a range disjoint from the
     44        default range is used.
     45        </p><pre class="programlisting">
     46        [global]
     47        # "backend = tdb" is redundant here since it is the default
     48        idmap config * : backend = tdb
     49        idmap config * : range = 1000000-1999999
    5950
    60         idmap alloc backend = ldap
    61         idmap alloc config : ldap_url   = ldap://id-master/
    62         idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
     51        idmap config DOM1 : backend = ldap
     52        idmap config DOM1 : range = 2000000-2999999
     53        idmap config DOM1 : read only = yes
     54        idmap config DOM1 : ldap_url = ldap://server/
     55        idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
     56        idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
    6357        </pre></div><div class="refsynopsisdiv" title="NOTE"><h2>NOTE</h2><p>In order to use authentication against ldap servers you may
    6458        need to provide a DN and a password. To avoid exposing the password
     
    6660        store. The "net idmap " command is used to store a secret
    6761        for the DN specified in a specific idmap domain.
    68         </p></div><div class="refsect1" title="AUTHOR"><a name="id265752"></a><h2>AUTHOR</h2><p>
     62        </p></div><div class="refsect1" title="AUTHOR"><a name="id265711"></a><h2>AUTHOR</h2><p>
    6963        The original Samba software and related utilities
    7064        were created by Andrew Tridgell. Samba is now developed

  • trunk/server/docs/htmldocs/manpages/idmap_nss.8.html

    r599 r752  
    11<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>idmap_nss</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="idmap_nss"><a name="idmap_nss.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>idmap_nss &#8212; Samba's idmap_nss Backend for Winbind</p></div><div class="refsynopsisdiv" title="DESCRIPTION"><h2>DESCRIPTION</h2><p>The idmap_nss plugin provides a means to map Unix users and groups
    2         to Windows accounts and obseletes the "winbind trusted domains only"
     2        to Windows accounts and obsoletes the "winbind trusted domains only"
    33        smb.conf option.  This provides a simple means of ensuring that the SID
    44        for a Unix user named jsmith is reported as the one assigned to
     
    1010        </p><pre class="programlisting">
    1111        [global]
    12         idmap backend = tdb
    13         idmap uid = 1000000-1999999
    14         idmap gid = 1000000-1999999
     12        idmap config * : backend = tdb
     13        idmap config * : range = 1000000-1999999
    1514
    1615        idmap config SAMBA : backend  = nss

  • trunk/server/docs/htmldocs/manpages/idmap_rid.8.html

    r745 r752  
    5353        workgroup = MAIN
    5454
    55         idmap backend = tdb
    56         idmap uid = 1000000-1999999
    57         idmap gid = 1000000-1999999
     55        idmap config * : backend        = tdb
     56        idmap config * : range          = 1000000-1999999
    5857
    5958        idmap config MAIN : backend     = rid

  • trunk/server/docs/htmldocs/manpages/idmap_tdb.8.html

    r745 r752  
    55        In contrast to read only backends like idmap_rid, it is an allocating
    66        backend: This means that it needs to allocate new user and group IDs in
    7         order to create new mappings. The allocator can be provided by the
    8         idmap_tdb backend itself or by any other allocating backend like
    9         idmap_ldap or idmap_tdb2. This is configured with the
    10         parameter <em class="parameter"><code>idmap alloc backend</code></em>.
    11         </p><p>
    12         Note that in order for this (or any other allocating) backend to
    13         function at all, the default backend needs to be writeable.
    14         The ranges used for uid and gid allocation are the default ranges
    15         configured by "idmap uid" and "idmap gid".
    16         </p><p>
    17         Furthermore, since there is only one global allocating backend
    18         responsible for all domains using writeable idmap backends,
    19         any explicitly configured domain with idmap backend tdb
    20         should have the same range as the default range, since it needs
    21         to use the global uid / gid allocator. See the example below.
    22         </p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266361"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">range = low - high</span></dt><dd><p>
     7        order to create new mappings.
     8        </p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266342"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">range = low - high</span></dt><dd><p>
    239                        Defines the available matching uid and gid range for which the
    2410                        backend is authoritative.
    25                         If the parameter is absent, Winbind fails over to use
    26                         the "idmap uid" and "idmap gid" options
    27                         from smb.conf.
    28                 </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id266840"></a><h2>EXAMPLES</h2><p>
     11                </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id266365"></a><h2>EXAMPLES</h2><p>
    2912        This example shows how tdb is used as a the default idmap backend.
    30         It configures the idmap range through the global options for all
    31         domains encountered. This same range is used for uid/gid allocation.
     13        This configured range is used for uid and gid allocation.
    3214        </p><pre class="programlisting">
    3315        [global]
    34         # "idmap backend = tdb" is redundant here since it is the default
    35         idmap backend = tdb
    36         idmap uid = 1000000-2000000
    37         idmap gid = 1000000-2000000
    38         </pre><p>
    39         This (rather theoretical) example shows how tdb can be used as the
    40         allocating backend while ldap is the default backend used to store
    41         the mappings.
    42         It adds an explicit configuration for some domain DOM1, that
    43         uses the tdb idmap backend. Note that the same range as the
    44         default uid/gid range is used, since the allocator has to serve
    45         both the default backend and the explicitly configured domain DOM1.
    46         </p><pre class="programlisting">
    47         [global]
    48         idmap backend = ldap
    49         idmap uid = 1000000-2000000
    50         idmap gid = 1000000-2000000
    51         # use a different uid/gid allocator:
    52         idmap alloc backend = tdb
    53 
    54         idmap config DOM1 : backend = tdb
    55         idmap config DOM1 : range = 1000000-2000000
    56         </pre></div><div class="refsect1" title="AUTHOR"><a name="id266873"></a><h2>AUTHOR</h2><p>
     16        # "backend = tdb" is redundant here since it is the default
     17        idmap config * : backend = tdb
     18        idmap config * : range = 1000000-2000000
     19        </pre></div><div class="refsect1" title="AUTHOR"><a name="id266838"></a><h2>AUTHOR</h2><p>
    5720        The original Samba software and related utilities
    5821        were created by Andrew Tridgell. Samba is now developed

  • trunk/server/docs/htmldocs/manpages/idmap_tdb2.8.html

    r745 r752  
    66        In contrast to read only backends like idmap_rid, it is an allocating
    77        backend: This means that it needs to allocate new user and group IDs in
    8         order to create new mappings. The allocator can be provided by the
    9         idmap_tdb2 backend itself or by any other allocating backend like
    10         idmap_tdb or idmap_ldap. This is configured with the
    11         parameter <em class="parameter"><code>idmap alloc backend</code></em>.
    12         </p><p>
    13         Note that in order for this (or any other allocating) backend to
    14         function at all, the default backend needs to be writeable.
    15         The ranges used for uid and gid allocation are the default ranges
    16         configured by "idmap uid" and "idmap gid".
    17         </p><p>
    18         Furthermore, since there is only one global allocating backend
    19         responsible for all domains using writeable idmap backends,
    20         any explicitly configured domain with idmap backend tdb2
    21         should have the same range as the default range, since it needs
    22         to use the global uid / gid allocator. See the example below.
    23         </p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266362"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">range = low - high</span></dt><dd><p>
     8        order to create new mappings.
     9        </p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266343"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">range = low - high</span></dt><dd><p>
    2410                        Defines the available matching uid and gid range for which the
    2511                        backend is authoritative.
    26                         If the parameter is absent, Winbind fails over to use
    27                         the "idmap uid" and "idmap gid" options
    28                         from smb.conf.
    29                 </p></dd></dl></div></div><div class="refsect1" title="IDMAP SCRIPT"><a name="id266839"></a><h2>IDMAP SCRIPT</h2><p>
    30         The tdb2 idmap backend supports a script for performing id mappings
    31         through the smb.conf option <em class="parameter"><code>idmap : script</code></em>.
     12                </p></dd><dt><span class="term">script</span></dt><dd><p>
     13                        This option can be used to configure an external program
     14                        for performing id mappings instead of using the tdb
     15                        counter. The mappings are then stored int tdb2 idmap
     16                        database. For details see the section on IDMAP SCRIPT below.
     17                </p></dd></dl></div></div><div class="refsect1" title="IDMAP SCRIPT"><a name="id266833"></a><h2>IDMAP SCRIPT</h2><p>
     18        The tdb2 idmap backend supports an external program for performing id mappings
     19        through the smb.conf option <em class="parameter"><code>idmap config * : script</code></em> or
     20        its deprecated legacy form <em class="parameter"><code>idmap : script</code></em>.
     21        </p><p>
     22        The mappings obtained by the script are then stored in the idmap tdb2
     23        database instead of mappings created by the incrementing id counters.
     24        It is therefore important that the script covers the complete range of
     25        SIDs that can be passed in for SID to Unix ID mapping, since otherwise
     26        SIDs unmapped by the script might get mapped to IDs that had
     27        previously been mapped by the script.
     28        </p><p>
    3229        The script should accept the following command line options.
    3330        </p><pre class="programlisting">
     
    4340        SID:yyyy
    4441        ERR:yyyy
    45         </pre><p>
    46         Note that the script should cover the complete range of SIDs
    47         that can be passed in for SID to Unix ID mapping, since otherwise
    48         SIDs unmapped by the script might get mapped to IDs that had
    49         previously been mapped by the script.
    50         </p></div><div class="refsect1" title="EXAMPLES"><a name="id266875"></a><h2>EXAMPLES</h2><p>
     42        </pre></div><div class="refsect1" title="EXAMPLES"><a name="id266880"></a><h2>EXAMPLES</h2><p>
    5143        This example shows how tdb2 is used as a the default idmap backend.
    52         It configures the idmap range through the global options for all
    53         domains encountered. This same range is used for uid/gid allocation.
    5444        </p><pre class="programlisting">
    5545        [global]
    56         idmap backend = tdb2
    57         idmap uid = 1000000-2000000
    58         idmap gid = 1000000-2000000
    59         </pre></div><div class="refsect1" title="AUTHOR"><a name="id266893"></a><h2>AUTHOR</h2><p>
     46        idmap config * : backend = tdb2
     47        idmap config * : range = 1000000-2000000
     48        </pre><p>
     49        This example shows how tdb2 is used as a the default idmap backend
     50        using an external program via the script parameter:
     51        </p><pre class="programlisting">
     52        [global]
     53        idmap config * : backend = tdb2
     54        idmap config * : range = 1000000-2000000
     55        idmap config * : script = /usr/local/samba/bin/idmap_script.sh
     56        </pre></div><div class="refsect1" title="AUTHOR"><a name="id265703"></a><h2>AUTHOR</h2><p>
    6057        The original Samba software and related utilities
    6158        were created by Andrew Tridgell. Samba is now developed

  • trunk/server/docs/htmldocs/manpages/index.html

    r745 r752  
    1111</p></dd><dt><span class="term"><a class="ulink" href="idmap_tdb2.8.html" target="_top">idmap_tdb2(8)</a></span></dt><dd><p>Samba's idmap_tdb2 Backend for Winbind
    1212</p></dd><dt><span class="term"><a class="ulink" href="idmap_tdb.8.html" target="_top">idmap_tdb(8)</a></span></dt><dd><p>Samba's idmap_tdb Backend for Winbind
    13 </p></dd><dt><span class="term"><a class="ulink" href="ldb.3.html" target="_top">ldb(3)</a></span></dt><dd><p>A light-weight database library
    14 </p></dd><dt><span class="term"><a class="ulink" href="ldbadd.1.html" target="_top">ldbadd(1)</a></span></dt><dd><p>Command-line utility for adding records to an LDB
    15 </p></dd><dt><span class="term"><a class="ulink" href="ldbdel.1.html" target="_top">ldbdel(1)</a></span></dt><dd><p>Command-line program for deleting LDB records
    16 </p></dd><dt><span class="term"><a class="ulink" href="ldbedit.1.html" target="_top">ldbedit(1)</a></span></dt><dd><p>Edit LDB databases using your preferred editor
    17 </p></dd><dt><span class="term"><a class="ulink" href="ldbmodify.1.html" target="_top">ldbmodify(1)</a></span></dt><dd><p>Modify records in a LDB database
    18 </p></dd><dt><span class="term"><a class="ulink" href="ldbrename.1.html" target="_top">ldbrename(1)</a></span></dt><dd><p>Edit LDB databases using your favorite editor
    19 </p></dd><dt><span class="term"><a class="ulink" href="ldbsearch.1.html" target="_top">ldbsearch(1)</a></span></dt><dd><p>Search for records in a LDB database
    2013</p></dd><dt><span class="term"><a class="ulink" href="libsmbclient.7.html" target="_top">libsmbclient(7)</a></span></dt><dd><p>An extension library for browsers and that can be used as a generic browsing API.
    2114</p></dd><dt><span class="term"><a class="ulink" href="lmhosts.5.html" target="_top">lmhosts(5)</a></span></dt><dd><p>The Samba NetBIOS hosts file
     
    6457</p></dd><dt><span class="term"><a class="ulink" href="vfs_acl_tdb.8.html" target="_top">vfs_acl_tdb(8)</a></span></dt><dd><p>Save NTFS-ACLs in a tdb file
    6558</p></dd><dt><span class="term"><a class="ulink" href="vfs_acl_xattr.8.html" target="_top">vfs_acl_xattr(8)</a></span></dt><dd><p>Save NTFS-ACLs in Extended Attributes (EAs)
     59</p></dd><dt><span class="term"><a class="ulink" href="vfs_aio_fork.8.html" target="_top">vfs_aio_fork(8)</a></span></dt><dd><p>implement async I/O in Samba vfs
     60</p></dd><dt><span class="term"><a class="ulink" href="vfs_aio_pthread.8.html" target="_top">vfs_aio_pthread(8)</a></span></dt><dd><p>implement async I/O in Samba vfs using a pthread pool
    6661</p></dd><dt><span class="term"><a class="ulink" href="vfs_audit.8.html" target="_top">vfs_audit(8)</a></span></dt><dd><p>record selected Samba VFS operations in the system log
    6762</p></dd><dt><span class="term"><a class="ulink" href="vfs_cacheprime.8.html" target="_top">vfs_cacheprime(8)</a></span></dt><dd><p>prime the kernel file data cache

  • trunk/server/docs/htmldocs/manpages/libsmbclient.7.html

    r745 r752  
    2626                        is a compile-time option. This value determines the maximum number of local master browsers to
    2727                        query for the list of workgroups.  In order to ensure that the list is complete for those present
    28                         on the network, all master browsers must be querried. If there are a large number of workgroups
     28                        on the network, all master browsers must be queried. If there are a large number of workgroups
    2929                        on the network, the time spent querying will be significant. For small networks (just a few
    3030                        workgroups), it is suggested to set this value to 0, instructing libsmbclient to query all local

  • trunk/server/docs/htmldocs/manpages/net.8.html

    r745 r752  
    99        Not all commands are available on all protocols.
    1010        </p></div><div class="refsect1" title="OPTIONS"><a name="id265736"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
     11</p></dd><dt><span class="term">-k|--kerberos</span></dt><dd><p>
     12Try to authenticate with kerberos. Only useful in
     13an Active Directory environment.
    1114</p></dd><dt><span class="term">-w target-workgroup</span></dt><dd><p>
    1215                Sets target workgroup or domain. You have to specify
     
    5861data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
    5962override the <a class="link" href="smb.conf.5.html#" target="_top"></a> parameter
    60 in the <code class="filename">smb.conf</code> file.</p></dd></dl></div></div><div class="refsect1" title="COMMANDS"><a name="id307116"></a><h2>COMMANDS</h2><div class="refsect2" title="CHANGESECRETPW"><a name="id307122"></a><h3>CHANGESECRETPW</h3><p>This command allows the Samba machine account password to be set from an external application
     63in the <code class="filename">smb.conf</code> file.</p></dd></dl></div></div><div class="refsect1" title="COMMANDS"><a name="id307128"></a><h2>COMMANDS</h2><div class="refsect2" title="CHANGESECRETPW"><a name="id307133"></a><h3>CHANGESECRETPW</h3><p>This command allows the Samba machine account password to be set from an external application
    6164to a machine account password that has already been stored in Active Directory. DO NOT USE this command
    6265unless you know exactly what you are doing. The use of this command requires that the force flag (-f)
     
    6568this without care and attention as it will overwrite a legitimate machine password without warning.
    6669YOU HAVE BEEN WARNED.
    67 </p></div><div class="refsect2" title="TIME"><a name="id307137"></a><h3>TIME</h3><p>The <code class="literal">NET TIME</code> command allows you to view the time on a remote server
    68         or synchronise the time on the local server with the time on the remote server.</p><div class="refsect3" title="TIME"><a name="id307152"></a><h4>TIME</h4><p>Without any options, the <code class="literal">NET TIME</code> command
     70</p></div><div class="refsect2" title="TIME"><a name="id307148"></a><h3>TIME</h3><p>The <code class="literal">NET TIME</code> command allows you to view the time on a remote server
     71        or synchronise the time on the local server with the time on the remote server.</p><div class="refsect3" title="TIME"><a name="id307163"></a><h4>TIME</h4><p>Without any options, the <code class="literal">NET TIME</code> command
    6972displays the time on the remote server.
    70 </p></div><div class="refsect3" title="TIME SYSTEM"><a name="id307166"></a><h4>TIME SYSTEM</h4><p>Displays the time on the remote server in a format ready for <code class="literal">/bin/date</code>.</p></div><div class="refsect3" title="TIME SET"><a name="id307181"></a><h4>TIME SET</h4><p>Tries to set the date and time of the local server to that on
    71 the remote server using <code class="literal">/bin/date</code>. </p></div><div class="refsect3" title="TIME ZONE"><a name="id307196"></a><h4>TIME ZONE</h4><p>Displays the timezone in hours from GMT on the remote computer.</p></div></div><div class="refsect2" title="[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]"><a name="id307207"></a><h3>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</h3><p>
     73</p></div><div class="refsect3" title="TIME SYSTEM"><a name="id307178"></a><h4>TIME SYSTEM</h4><p>Displays the time on the remote server in a format ready for <code class="literal">/bin/date</code>.</p></div><div class="refsect3" title="TIME SET"><a name="id307193"></a><h4>TIME SET</h4><p>Tries to set the date and time of the local server to that on
     74the remote server using <code class="literal">/bin/date</code>. </p></div><div class="refsect3" title="TIME ZONE"><a name="id307208"></a><h4>TIME ZONE</h4><p>Displays the timezone in hours from GMT on the remote computer.</p></div></div><div class="refsect2" title="[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]"><a name="id307218"></a><h3>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</h3><p>
    7275Join a domain.  If the account already exists on the server, and
    7376[TYPE] is MEMBER, the machine will attempt to join automatically.
     
    8689and ldap, so it may need to be doubled or quadrupled to pass through,
    8790and it is not used as a delimiter.
    88 </p></div><div class="refsect2" title="[RPC] OLDJOIN [options]"><a name="id307234"></a><h3>[RPC] OLDJOIN [options]</h3><p>Join a domain. Use the OLDJOIN option to join the domain
     91</p></div><div class="refsect2" title="[RPC] OLDJOIN [options]"><a name="id307246"></a><h3>[RPC] OLDJOIN [options]</h3><p>Join a domain. Use the OLDJOIN option to join the domain
    8992using the old style of domain joining - you need to create a trust
    90 account in server manager first.</p></div><div class="refsect2" title="[RPC|ADS] USER"><a name="id307245"></a><h3>[RPC|ADS] USER</h3><div class="refsect3" title="[RPC|ADS] USER"><a name="id307250"></a><h4>[RPC|ADS] USER</h4><p>List all users</p></div><div class="refsect3" title="[RPC|ADS] USER DELETE target"><a name="id307260"></a><h4>[RPC|ADS] USER DELETE <em class="replaceable"><code>target</code></em></h4><p>Delete specified user</p></div><div class="refsect3" title="[RPC|ADS] USER INFO target"><a name="id307272"></a><h4>[RPC|ADS] USER INFO <em class="replaceable"><code>target</code></em></h4><p>List the domain groups of the specified user.</p></div><div class="refsect3" title="[RPC|ADS] USER RENAME oldname newname"><a name="id307283"></a><h4>[RPC|ADS] USER RENAME <em class="replaceable"><code>oldname</code></em> <em class="replaceable"><code>newname</code></em></h4><p>Rename specified user.</p></div><div class="refsect3" title="[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]"><a name="id307298"></a><h4>[RPC|ADS] USER ADD <em class="replaceable"><code>name</code></em> [password] [-F user flags] [-C comment]</h4><p>Add specified user.</p></div></div><div class="refsect2" title="[RPC|ADS] GROUP"><a name="id307312"></a><h3>[RPC|ADS] GROUP</h3><div class="refsect3" title="[RPC|ADS] GROUP [misc options] [targets]"><a name="id307318"></a><h4>[RPC|ADS] GROUP [misc options] [targets]</h4><p>List user groups.</p></div><div class="refsect3" title="[RPC|ADS] GROUP DELETE name [misc. options]"><a name="id307327"></a><h4>[RPC|ADS] GROUP DELETE <em class="replaceable"><code>name</code></em> [misc. options]</h4><p>Delete specified group.</p></div><div class="refsect3" title="[RPC|ADS] GROUP ADD name [-C comment]"><a name="id307340"></a><h4>[RPC|ADS] GROUP ADD <em class="replaceable"><code>name</code></em> [-C comment]</h4><p>Create specified group.</p></div></div><div class="refsect2" title="[RAP|RPC] SHARE"><a name="id307354"></a><h3>[RAP|RPC] SHARE</h3><div class="refsect3" title="[RAP|RPC] SHARE [misc. options] [targets]"><a name="id307359"></a><h4>[RAP|RPC] SHARE [misc. options] [targets]</h4><p>Enumerates all exported resources (network shares) on target server.</p></div><div class="refsect3" title="[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]"><a name="id307369"></a><h4>[RAP|RPC] SHARE ADD <em class="replaceable"><code>name=serverpath</code></em> [-C comment] [-M maxusers] [targets]</h4><p>Adds a share from a server (makes the export active). Maxusers
     93account in server manager first.</p></div><div class="refsect2" title="[RPC|ADS] USER"><a name="id307257"></a><h3>[RPC|ADS] USER</h3><div class="refsect3" title="[RPC|ADS] USER"><a name="id307262"></a><h4>[RPC|ADS] USER</h4><p>List all users</p></div><div class="refsect3" title="[RPC|ADS] USER DELETE target"><a name="id307272"></a><h4>[RPC|ADS] USER DELETE <em class="replaceable"><code>target</code></em></h4><p>Delete specified user</p></div><div class="refsect3" title="[RPC|ADS] USER INFO target"><a name="id307283"></a><h4>[RPC|ADS] USER INFO <em class="replaceable"><code>target</code></em></h4><p>List the domain groups of the specified user.</p></div><div class="refsect3" title="[RPC|ADS] USER RENAME oldname newname"><a name="id307295"></a><h4>[RPC|ADS] USER RENAME <em class="replaceable"><code>oldname</code></em> <em class="replaceable"><code>newname</code></em></h4><p>Rename specified user.</p></div><div class="refsect3" title="[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]"><a name="id307310"></a><h4>[RPC|ADS] USER ADD <em class="replaceable"><code>name</code></em> [password] [-F user flags] [-C comment]</h4><p>Add specified user.</p></div></div><div class="refsect2" title="[RPC|ADS] GROUP"><a name="id307324"></a><h3>[RPC|ADS] GROUP</h3><div class="refsect3" title="[RPC|ADS] GROUP [misc options] [targets]"><a name="id307329"></a><h4>[RPC|ADS] GROUP [misc options] [targets]</h4><p>List user groups.</p></div><div class="refsect3" title="[RPC|ADS] GROUP DELETE name [misc. options]"><a name="id307339"></a><h4>[RPC|ADS] GROUP DELETE <em class="replaceable"><code>name</code></em> [misc. options]</h4><p>Delete specified group.</p></div><div class="refsect3" title="[RPC|ADS] GROUP ADD name [-C comment]"><a name="id307352"></a><h4>[RPC|ADS] GROUP ADD <em class="replaceable"><code>name</code></em> [-C comment]</h4><p>Create specified group.</p></div></div><div class="refsect2" title="[RAP|RPC] SHARE"><a name="id307366"></a><h3>[RAP|RPC] SHARE</h3><div class="refsect3" title="[RAP|RPC] SHARE [misc. options] [targets]"><a name="id307371"></a><h4>[RAP|RPC] SHARE [misc. options] [targets]</h4><p>Enumerates all exported resources (network shares) on target server.</p></div><div class="refsect3" title="[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]"><a name="id307380"></a><h4>[RAP|RPC] SHARE ADD <em class="replaceable"><code>name=serverpath</code></em> [-C comment] [-M maxusers] [targets]</h4><p>Adds a share from a server (makes the export active). Maxusers
    9194specifies the number of users that can be connected to the
    92 share simultaneously.</p></div><div class="refsect3" title="SHARE DELETE sharename"><a name="id307383"></a><h4>SHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p>Delete specified share.</p></div></div><div class="refsect2" title="[RPC|RAP] FILE"><a name="id307396"></a><h3>[RPC|RAP] FILE</h3><div class="refsect3" title="[RPC|RAP] FILE"><a name="id307401"></a><h4>[RPC|RAP] FILE</h4><p>List all open files on remote server.</p></div><div class="refsect3" title="[RPC|RAP] FILE CLOSE fileid"><a name="id307411"></a><h4>[RPC|RAP] FILE CLOSE <em class="replaceable"><code>fileid</code></em></h4><p>Close file with specified <em class="replaceable"><code>fileid</code></em> on
    93 remote server.</p></div><div class="refsect3" title="[RPC|RAP] FILE INFO fileid"><a name="id307426"></a><h4>[RPC|RAP] FILE INFO <em class="replaceable"><code>fileid</code></em></h4><p>
     95share simultaneously.</p></div><div class="refsect3" title="SHARE DELETE sharename"><a name="id307395"></a><h4>SHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p>Delete specified share.</p></div></div><div class="refsect2" title="[RPC|RAP] FILE"><a name="id307407"></a><h3>[RPC|RAP] FILE</h3><div class="refsect3" title="[RPC|RAP] FILE"><a name="id307413"></a><h4>[RPC|RAP] FILE</h4><p>List all open files on remote server.</p></div><div class="refsect3" title="[RPC|RAP] FILE CLOSE fileid"><a name="id307422"></a><h4>[RPC|RAP] FILE CLOSE <em class="replaceable"><code>fileid</code></em></h4><p>Close file with specified <em class="replaceable"><code>fileid</code></em> on
     96remote server.</p></div><div class="refsect3" title="[RPC|RAP] FILE INFO fileid"><a name="id307437"></a><h4>[RPC|RAP] FILE INFO <em class="replaceable"><code>fileid</code></em></h4><p>
    9497Print information on specified <em class="replaceable"><code>fileid</code></em>.
    9598Currently listed are: file-id, username, locks, path, permissions.
    96 </p></div><div class="refsect3" title="[RAP|RPC] FILE USER user"><a name="id307440"></a><h4>[RAP|RPC] FILE USER <em class="replaceable"><code>user</code></em></h4><p>
     99</p></div><div class="refsect3" title="[RAP|RPC] FILE USER user"><a name="id307452"></a><h4>[RAP|RPC] FILE USER <em class="replaceable"><code>user</code></em></h4><p>
    97100List files opened by specified <em class="replaceable"><code>user</code></em>.
    98101Please note that <code class="literal">net rap file user</code> does not work
    99102against Samba servers.
    100 </p></div></div><div class="refsect2" title="SESSION"><a name="id307462"></a><h3>SESSION</h3><div class="refsect3" title="RAP SESSION"><a name="id307467"></a><h4>RAP SESSION</h4><p>Without any other options, SESSION enumerates all active SMB/CIFS
    101 sessions on the target server.</p></div><div class="refsect3" title="RAP SESSION DELETE|CLOSE CLIENT_NAME"><a name="id307478"></a><h4>RAP SESSION DELETE|CLOSE <em class="replaceable"><code>CLIENT_NAME</code></em></h4><p>Close the specified sessions.</p></div><div class="refsect3" title="RAP SESSION INFO CLIENT_NAME"><a name="id307489"></a><h4>RAP SESSION INFO <em class="replaceable"><code>CLIENT_NAME</code></em></h4><p>Give a list with all the open files in specified session.</p></div></div><div class="refsect2" title="RAP SERVER DOMAIN"><a name="id307502"></a><h3>RAP SERVER <em class="replaceable"><code>DOMAIN</code></em></h3><p>List all servers in specified domain or workgroup. Defaults
    102 to local domain.</p></div><div class="refsect2" title="RAP DOMAIN"><a name="id307515"></a><h3>RAP DOMAIN</h3><p>Lists all domains and workgroups visible on the
    103 current network.</p></div><div class="refsect2" title="RAP PRINTQ"><a name="id307524"></a><h3>RAP PRINTQ</h3><div class="refsect3" title="RAP PRINTQ INFO QUEUE_NAME"><a name="id307530"></a><h4>RAP PRINTQ INFO <em class="replaceable"><code>QUEUE_NAME</code></em></h4><p>Lists the specified print queue and print jobs on the server.
     103</p></div></div><div class="refsect2" title="SESSION"><a name="id307473"></a><h3>SESSION</h3><div class="refsect3" title="RAP SESSION"><a name="id307479"></a><h4>RAP SESSION</h4><p>Without any other options, SESSION enumerates all active SMB/CIFS
     104sessions on the target server.</p></div><div class="refsect3" title="RAP SESSION DELETE|CLOSE CLIENT_NAME"><a name="id307489"></a><h4>RAP SESSION DELETE|CLOSE <em class="replaceable"><code>CLIENT_NAME</code></em></h4><p>Close the specified sessions.</p></div><div class="refsect3" title="RAP SESSION INFO CLIENT_NAME"><a name="id307501"></a><h4>RAP SESSION INFO <em class="replaceable"><code>CLIENT_NAME</code></em></h4><p>Give a list with all the open files in specified session.</p></div></div><div class="refsect2" title="RAP SERVER DOMAIN"><a name="id307514"></a><h3>RAP SERVER <em class="replaceable"><code>DOMAIN</code></em></h3><p>List all servers in specified domain or workgroup. Defaults
     105to local domain.</p></div><div class="refsect2" title="RAP DOMAIN"><a name="id307526"></a><h3>RAP DOMAIN</h3><p>Lists all domains and workgroups visible on the
     106current network.</p></div><div class="refsect2" title="RAP PRINTQ"><a name="id307536"></a><h3>RAP PRINTQ</h3><div class="refsect3" title="RAP PRINTQ INFO QUEUE_NAME"><a name="id307541"></a><h4>RAP PRINTQ INFO <em class="replaceable"><code>QUEUE_NAME</code></em></h4><p>Lists the specified print queue and print jobs on the server.
    104107If the <em class="replaceable"><code>QUEUE_NAME</code></em> is omitted, all
    105 queues are listed.</p></div><div class="refsect3" title="RAP PRINTQ DELETE JOBID"><a name="id307545"></a><h4>RAP PRINTQ DELETE <em class="replaceable"><code>JOBID</code></em></h4><p>Delete job with specified id.</p></div></div><div class="refsect2" title="RAP VALIDATE user [password]"><a name="id307558"></a><h3>RAP VALIDATE <em class="replaceable"><code>user</code></em> [<em class="replaceable"><code>password</code></em>]</h3><p>
     108queues are listed.</p></div><div class="refsect3" title="RAP PRINTQ DELETE JOBID"><a name="id307556"></a><h4>RAP PRINTQ DELETE <em class="replaceable"><code>JOBID</code></em></h4><p>Delete job with specified id.</p></div></div><div class="refsect2" title="RAP VALIDATE user [password]"><a name="id307569"></a><h3>RAP VALIDATE <em class="replaceable"><code>user</code></em> [<em class="replaceable"><code>password</code></em>]</h3><p>
    106109Validate whether the specified user can log in to the
    107110remote server. If the password is not specified on the commandline, it
    108111will be prompted.
    109 </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" title="RAP GROUPMEMBER"><a name="id307580"></a><h3>RAP GROUPMEMBER</h3><div class="refsect3" title="RAP GROUPMEMBER LIST GROUP"><a name="id307585"></a><h4>RAP GROUPMEMBER LIST <em class="replaceable"><code>GROUP</code></em></h4><p>List all members of the specified group.</p></div><div class="refsect3" title="RAP GROUPMEMBER DELETE GROUP USER"><a name="id307597"></a><h4>RAP GROUPMEMBER DELETE <em class="replaceable"><code>GROUP</code></em> <em class="replaceable"><code>USER</code></em></h4><p>Delete member from group.</p></div><div class="refsect3" title="RAP GROUPMEMBER ADD GROUP USER"><a name="id307612"></a><h4>RAP GROUPMEMBER ADD <em class="replaceable"><code>GROUP</code></em> <em class="replaceable"><code>USER</code></em></h4><p>Add member to group.</p></div></div><div class="refsect2" title="RAP ADMIN command"><a name="id307628"></a><h3>RAP ADMIN <em class="replaceable"><code>command</code></em></h3><p>Execute the specified <em class="replaceable"><code>command</code></em> on
     112</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" title="RAP GROUPMEMBER"><a name="id307591"></a><h3>RAP GROUPMEMBER</h3><div class="refsect3" title="RAP GROUPMEMBER LIST GROUP"><a name="id307596"></a><h4>RAP GROUPMEMBER LIST <em class="replaceable"><code>GROUP</code></em></h4><p>List all members of the specified group.</p></div><div class="refsect3" title="RAP GROUPMEMBER DELETE GROUP USER"><a name="id307608"></a><h4>RAP GROUPMEMBER DELETE <em class="replaceable"><code>GROUP</code></em> <em class="replaceable"><code>USER</code></em></h4><p>Delete member from group.</p></div><div class="refsect3" title="RAP GROUPMEMBER ADD GROUP USER"><a name="id307623"></a><h4>RAP GROUPMEMBER ADD <em class="replaceable"><code>GROUP</code></em> <em class="replaceable"><code>USER</code></em></h4><p>Add member to group.</p></div></div><div class="refsect2" title="RAP ADMIN command"><a name="id307639"></a><h3>RAP ADMIN <em class="replaceable"><code>command</code></em></h3><p>Execute the specified <em class="replaceable"><code>command</code></em> on
    110113the remote server. Only works with OS/2 servers.
    111 </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" title="RAP SERVICE"><a name="id307647"></a><h3>RAP SERVICE</h3><div class="refsect3" title="RAP SERVICE START NAME [arguments...]"><a name="id307652"></a><h4>RAP SERVICE START <em class="replaceable"><code>NAME</code></em> [arguments...]</h4><p>Start the specified service on the remote server. Not implemented yet.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect3" title="RAP SERVICE STOP"><a name="id307670"></a><h4>RAP SERVICE STOP</h4><p>Stop the specified service on the remote server.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div></div><div class="refsect2" title="RAP PASSWORD USER OLDPASS NEWPASS"><a name="id307685"></a><h3>RAP PASSWORD <em class="replaceable"><code>USER</code></em> <em class="replaceable"><code>OLDPASS</code></em> <em class="replaceable"><code>NEWPASS</code></em></h3><p>
     114</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" title="RAP SERVICE"><a name="id307658"></a><h3>RAP SERVICE</h3><div class="refsect3" title="RAP SERVICE START NAME [arguments...]"><a name="id307663"></a><h4>RAP SERVICE START <em class="replaceable"><code>NAME</code></em> [arguments...]</h4><p>Start the specified service on the remote server. Not implemented yet.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect3" title="RAP SERVICE STOP"><a name="id307681"></a><h4>RAP SERVICE STOP</h4><p>Stop the specified service on the remote server.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div></div><div class="refsect2" title="RAP PASSWORD USER OLDPASS NEWPASS"><a name="id307696"></a><h3>RAP PASSWORD <em class="replaceable"><code>USER</code></em> <em class="replaceable"><code>OLDPASS</code></em> <em class="replaceable"><code>NEWPASS</code></em></h3><p>
    112115Change password of <em class="replaceable"><code>USER</code></em> from <em class="replaceable"><code>OLDPASS</code></em> to <em class="replaceable"><code>NEWPASS</code></em>.
    113 </p></div><div class="refsect2" title="LOOKUP"><a name="id307712"></a><h3>LOOKUP</h3><div class="refsect3" title="LOOKUP HOST HOSTNAME [TYPE]"><a name="id307718"></a><h4>LOOKUP HOST <em class="replaceable"><code>HOSTNAME</code></em> [<em class="replaceable"><code>TYPE</code></em>]</h4><p>
     116</p></div><div class="refsect2" title="LOOKUP"><a name="id307724"></a><h3>LOOKUP</h3><div class="refsect3" title="LOOKUP HOST HOSTNAME [TYPE]"><a name="id307729"></a><h4>LOOKUP HOST <em class="replaceable"><code>HOSTNAME</code></em> [<em class="replaceable"><code>TYPE</code></em>]</h4><p>
    114117Lookup the IP address of the given host with the specified type (netbios suffix).
    115118The type defaults to 0x20 (workstation).
    116 </p></div><div class="refsect3" title="LOOKUP LDAP [DOMAIN]"><a name="id307735"></a><h4>LOOKUP LDAP [<em class="replaceable"><code>DOMAIN</code></em>]</h4><p>Give IP address of LDAP server of specified <em class="replaceable"><code>DOMAIN</code></em>. Defaults to local domain.</p></div><div class="refsect3" title="LOOKUP KDC [REALM]"><a name="id307751"></a><h4>LOOKUP KDC [<em class="replaceable"><code>REALM</code></em>]</h4><p>Give IP address of KDC for the specified <em class="replaceable"><code>REALM</code></em>.
    117 Defaults to local realm.</p></div><div class="refsect3" title="LOOKUP DC [DOMAIN]"><a name="id307767"></a><h4>LOOKUP DC [<em class="replaceable"><code>DOMAIN</code></em>]</h4><p>Give IP's of Domain Controllers for specified <em class="replaceable"><code>
    118 DOMAIN</code></em>. Defaults to local domain.</p></div><div class="refsect3" title="LOOKUP MASTER DOMAIN"><a name="id307783"></a><h4>LOOKUP MASTER <em class="replaceable"><code>DOMAIN</code></em></h4><p>Give IP of master browser for specified <em class="replaceable"><code>DOMAIN</code></em>
    119 or workgroup. Defaults to local domain.</p></div></div><div class="refsect2" title="CACHE"><a name="id307799"></a><h3>CACHE</h3><p>Samba uses a general caching interface called 'gencache'. It
     119</p></div><div class="refsect3" title="LOOKUP LDAP [DOMAIN]"><a name="id307746"></a><h4>LOOKUP LDAP [<em class="replaceable"><code>DOMAIN</code></em>]</h4><p>Give IP address of LDAP server of specified <em class="replaceable"><code>DOMAIN</code></em>. Defaults to local domain.</p></div><div class="refsect3" title="LOOKUP KDC [REALM]"><a name="id307762"></a><h4>LOOKUP KDC [<em class="replaceable"><code>REALM</code></em>]</h4><p>Give IP address of KDC for the specified <em class="replaceable"><code>REALM</code></em>.
     120Defaults to local realm.</p></div><div class="refsect3" title="LOOKUP DC [DOMAIN]"><a name="id307778"></a><h4>LOOKUP DC [<em class="replaceable"><code>DOMAIN</code></em>]</h4><p>Give IP's of Domain Controllers for specified <em class="replaceable"><code>
     121DOMAIN</code></em>. Defaults to local domain.</p></div><div class="refsect3" title="LOOKUP MASTER DOMAIN"><a name="id307794"></a><h4>LOOKUP MASTER <em class="replaceable"><code>DOMAIN</code></em></h4><p>Give IP of master browser for specified <em class="replaceable"><code>DOMAIN</code></em>
     122or workgroup. Defaults to local domain.</p></div></div><div class="refsect2" title="CACHE"><a name="id307810"></a><h3>CACHE</h3><p>Samba uses a general caching interface called 'gencache'. It
    120123can be controlled using 'NET CACHE'.</p><p>All the timeout parameters support the suffixes:
    121124
    122125</p><table border="0" summary="Simple list" class="simplelist"><tr><td>s - Seconds</td></tr><tr><td>m - Minutes</td></tr><tr><td>h - Hours</td></tr><tr><td>d - Days</td></tr><tr><td>w - Weeks</td></tr></table><p>
    123126
    124 </p><div class="refsect3" title="CACHE ADD key data time-out"><a name="id307833"></a><h4>CACHE ADD <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>data</code></em> <em class="replaceable"><code>time-out</code></em></h4><p>Add specified key+data to the cache with the given timeout.</p></div><div class="refsect3" title="CACHE DEL key"><a name="id307852"></a><h4>CACHE DEL <em class="replaceable"><code>key</code></em></h4><p>Delete key from the cache.</p></div><div class="refsect3" title="CACHE SET key data time-out"><a name="id307863"></a><h4>CACHE SET <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>data</code></em> <em class="replaceable"><code>time-out</code></em></h4><p>Update data of existing cache entry.</p></div><div class="refsect3" title="CACHE SEARCH PATTERN"><a name="id307882"></a><h4>CACHE SEARCH <em class="replaceable"><code>PATTERN</code></em></h4><p>Search for the specified pattern in the cache data.</p></div><div class="refsect3" title="CACHE LIST"><a name="id307893"></a><h4>CACHE LIST</h4><p>
     127</p><div class="refsect3" title="CACHE ADD key data time-out"><a name="id307844"></a><h4>CACHE ADD <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>data</code></em> <em class="replaceable"><code>time-out</code></em></h4><p>Add specified key+data to the cache with the given timeout.</p></div><div class="refsect3" title="CACHE DEL key"><a name="id307863"></a><h4>CACHE DEL <em class="replaceable"><code>key</code></em></h4><p>Delete key from the cache.</p></div><div class="refsect3" title="CACHE SET key data time-out"><a name="id307874"></a><h4>CACHE SET <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>data</code></em> <em class="replaceable"><code>time-out</code></em></h4><p>Update data of existing cache entry.</p></div><div class="refsect3" title="CACHE SEARCH PATTERN"><a name="id307893"></a><h4>CACHE SEARCH <em class="replaceable"><code>PATTERN</code></em></h4><p>Search for the specified pattern in the cache data.</p></div><div class="refsect3" title="CACHE LIST"><a name="id307904"></a><h4>CACHE LIST</h4><p>
    125128List all current items in the cache.
    126 </p></div><div class="refsect3" title="CACHE FLUSH"><a name="id307903"></a><h4>CACHE FLUSH</h4><p>Remove all the current items from the cache.</p></div></div><div class="refsect2" title="GETLOCALSID [DOMAIN]"><a name="id307914"></a><h3>GETLOCALSID [DOMAIN]</h3><p>Prints the SID of the specified domain, or if the parameter is
    127 omitted, the SID of the local server.</p></div><div class="refsect2" title="SETLOCALSID S-1-5-21-x-y-z"><a name="id307924"></a><h3>SETLOCALSID S-1-5-21-x-y-z</h3><p>Sets SID for the local server to the specified SID.</p></div><div class="refsect2" title="GETDOMAINSID"><a name="id307934"></a><h3>GETDOMAINSID</h3><p>Prints the local machine SID and the SID of the current
    128 domain.</p></div><div class="refsect2" title="SETDOMAINSID"><a name="id307944"></a><h3>SETDOMAINSID</h3><p>Sets the SID of the current domain.</p></div><div class="refsect2" title="GROUPMAP"><a name="id307954"></a><h3>GROUPMAP</h3><p>Manage the mappings between Windows group SIDs and UNIX groups.
     129</p></div><div class="refsect3" title="CACHE FLUSH"><a name="id307914"></a><h4>CACHE FLUSH</h4><p>Remove all the current items from the cache.</p></div></div><div class="refsect2" title="GETLOCALSID [DOMAIN]"><a name="id307925"></a><h3>GETLOCALSID [DOMAIN]</h3><p>Prints the SID of the specified domain, or if the parameter is
     130omitted, the SID of the local server.</p></div><div class="refsect2" title="SETLOCALSID S-1-5-21-x-y-z"><a name="id307935"></a><h3>SETLOCALSID S-1-5-21-x-y-z</h3><p>Sets SID for the local server to the specified SID.</p></div><div class="refsect2" title="GETDOMAINSID"><a name="id307945"></a><h3>GETDOMAINSID</h3><p>Prints the local machine SID and the SID of the current
     131domain.</p></div><div class="refsect2" title="SETDOMAINSID"><a name="id307955"></a><h3>SETDOMAINSID</h3><p>Sets the SID of the current domain.</p></div><div class="refsect2" title="GROUPMAP"><a name="id307965"></a><h3>GROUPMAP</h3><p>Manage the mappings between Windows group SIDs and UNIX groups.
    129132Common options include:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>unixgroup - Name of the UNIX group</p></li><li class="listitem"><p>ntgroup - Name of the Windows NT group (must be
    130133  resolvable to a SID</p></li><li class="listitem"><p>rid - Unsigned 32-bit integer</p></li><li class="listitem"><p>sid - Full SID in the form of "S-1-..."</p></li><li class="listitem"><p>type - Type of the group; either 'domain', 'local',
    131   or 'builtin'</p></li><li class="listitem"><p>comment - Freeform text description of the group</p></li></ul></div><div class="refsect3" title="GROUPMAP ADD"><a name="id307993"></a><h4>GROUPMAP ADD</h4><p>
     134  or 'builtin'</p></li><li class="listitem"><p>comment - Freeform text description of the group</p></li></ul></div><div class="refsect3" title="GROUPMAP ADD"><a name="id308004"></a><h4>GROUPMAP ADD</h4><p>
    132135Add a new group mapping entry:
    133136</p><pre class="programlisting">
     
    135138        [type={domain|local}] [ntgroup=string] [comment=string]
    136139</pre><p>
    137 </p></div><div class="refsect3" title="GROUPMAP DELETE"><a name="id308009"></a><h4>GROUPMAP DELETE</h4><p>Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.</p><p>net groupmap delete {ntgroup=string|sid=SID}</p></div><div class="refsect3" title="GROUPMAP MODIFY"><a name="id308023"></a><h4>GROUPMAP MODIFY</h4><p>Update en existing group entry.</p><p>
     140</p></div><div class="refsect3" title="GROUPMAP DELETE"><a name="id308020"></a><h4>GROUPMAP DELETE</h4><p>Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.</p><p>net groupmap delete {ntgroup=string|sid=SID}</p></div><div class="refsect3" title="GROUPMAP MODIFY"><a name="id308034"></a><h4>GROUPMAP MODIFY</h4><p>Update en existing group entry.</p><p>
    138141</p><pre class="programlisting">
    139142net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
    140143       [comment=string] [type={domain|local}]
    141144</pre><p>
    142 </p></div><div class="refsect3" title="GROUPMAP LIST"><a name="id308042"></a><h4>GROUPMAP LIST</h4><p>List existing group mapping entries.</p><p>net groupmap list [verbose] [ntgroup=string] [sid=SID]</p></div></div><div class="refsect2" title="MAXRID"><a name="id308056"></a><h3>MAXRID</h3><p>Prints out the highest RID currently in use on the local
     145</p></div><div class="refsect3" title="GROUPMAP LIST"><a name="id308053"></a><h4>GROUPMAP LIST</h4><p>List existing group mapping entries.</p><p>net groupmap list [verbose] [ntgroup=string] [sid=SID]</p></div></div><div class="refsect2" title="MAXRID"><a name="id308067"></a><h3>MAXRID</h3><p>Prints out the highest RID currently in use on the local
    143146server (by the active 'passdb backend').
    144 </p></div><div class="refsect2" title="RPC INFO"><a name="id308066"></a><h3>RPC INFO</h3><p>Print information about the domain of the remote server,
     147</p></div><div class="refsect2" title="RPC INFO"><a name="id308077"></a><h3>RPC INFO</h3><p>Print information about the domain of the remote server,
    145148such as domain name, domain sid and number of users and groups.
    146 </p></div><div class="refsect2" title="[RPC|ADS] TESTJOIN"><a name="id308077"></a><h3>[RPC|ADS] TESTJOIN</h3><p>Check whether participation in a domain is still valid.</p></div><div class="refsect2" title="[RPC|ADS] CHANGETRUSTPW"><a name="id308086"></a><h3>[RPC|ADS] CHANGETRUSTPW</h3><p>Force change of domain trust password.</p></div><div class="refsect2" title="RPC TRUSTDOM"><a name="id308096"></a><h3>RPC TRUSTDOM</h3><div class="refsect3" title="RPC TRUSTDOM ADD DOMAIN"><a name="id308101"></a><h4>RPC TRUSTDOM ADD <em class="replaceable"><code>DOMAIN</code></em></h4><p>Add a interdomain trust account for <em class="replaceable"><code>DOMAIN</code></em>.
     149</p></div><div class="refsect2" title="[RPC|ADS] TESTJOIN"><a name="id308088"></a><h3>[RPC|ADS] TESTJOIN</h3><p>Check whether participation in a domain is still valid.</p></div><div class="refsect2" title="[RPC|ADS] CHANGETRUSTPW"><a name="id308098"></a><h3>[RPC|ADS] CHANGETRUSTPW</h3><p>Force change of domain trust password.</p></div><div class="refsect2" title="RPC TRUSTDOM"><a name="id308107"></a><h3>RPC TRUSTDOM</h3><div class="refsect3" title="RPC TRUSTDOM ADD DOMAIN"><a name="id308112"></a><h4>RPC TRUSTDOM ADD <em class="replaceable"><code>DOMAIN</code></em></h4><p>Add a interdomain trust account for <em class="replaceable"><code>DOMAIN</code></em>.
    147150This is in fact a Samba account named <em class="replaceable"><code>DOMAIN$</code></em>
    148151with the account flag <code class="constant">'I'</code> (interdomain trust account).
     
    153156<code class="literal">smbpasswd -a -i DOMAIN</code>. Please note that both commands
    154157expect a appropriate UNIX account.
    155 </p></div><div class="refsect3" title="RPC TRUSTDOM DEL DOMAIN"><a name="id308131"></a><h4>RPC TRUSTDOM DEL <em class="replaceable"><code>DOMAIN</code></em></h4><p>Remove interdomain trust account for
     158</p></div><div class="refsect3" title="RPC TRUSTDOM DEL DOMAIN"><a name="id308142"></a><h4>RPC TRUSTDOM DEL <em class="replaceable"><code>DOMAIN</code></em></h4><p>Remove interdomain trust account for
    156159<em class="replaceable"><code>DOMAIN</code></em>. If it is used against localhost
    157160it has the same effect as <code class="literal">smbpasswd -x DOMAIN$</code>.
    158 </p></div><div class="refsect3" title="RPC TRUSTDOM ESTABLISH DOMAIN"><a name="id308152"></a><h4>RPC TRUSTDOM ESTABLISH <em class="replaceable"><code>DOMAIN</code></em></h4><p>
     161</p></div><div class="refsect3" title="RPC TRUSTDOM ESTABLISH DOMAIN"><a name="id308163"></a><h4>RPC TRUSTDOM ESTABLISH <em class="replaceable"><code>DOMAIN</code></em></h4><p>
    159162Establish a trust relationship to a trusted domain.
    160163Interdomain account must already be created on the remote PDC.
     
    164167You'll need winbind and a working idmap config to make them
    165168appear in your system.
    166 </p></div><div class="refsect3" title="RPC TRUSTDOM REVOKE DOMAIN"><a name="id308167"></a><h4>RPC TRUSTDOM REVOKE <em class="replaceable"><code>DOMAIN</code></em></h4><p>Abandon relationship to trusted domain</p></div><div class="refsect3" title="RPC TRUSTDOM LIST"><a name="id308179"></a><h4>RPC TRUSTDOM LIST</h4><p>List all interdomain trust relationships.</p></div><div class="refsect3" title="RPC RIGHTS"><a name="id308188"></a><h4>RPC RIGHTS</h4><p>This subcommand is used to view and manage Samba's rights assignments (also
     169</p></div><div class="refsect3" title="RPC TRUSTDOM REVOKE DOMAIN"><a name="id308178"></a><h4>RPC TRUSTDOM REVOKE <em class="replaceable"><code>DOMAIN</code></em></h4><p>Abandon relationship to trusted domain</p></div><div class="refsect3" title="RPC TRUSTDOM LIST"><a name="id308190"></a><h4>RPC TRUSTDOM LIST</h4><p>List all interdomain trust relationships.</p></div><div class="refsect3" title="RPC TRUSTDOM LIST"><a name="id308199"></a><h4>RPC TRUSTDOM LIST</h4><p>List all interdomain trust relationships.</p></div></div><div class="refsect2" title="RPC TRUST"><a name="id308210"></a><h3>RPC TRUST</h3><div class="refsect3" title="RPC TRUST CREATE"><a name="id308215"></a><h4>RPC TRUST CREATE</h4><p>Create a trust trust object by calling lsaCreateTrustedDomainEx2.
     170The can be done on a single server or on two servers at once with the
     171possibility to use a random trust password.</p><div class="variablelist" title="Options:"><p class="title"><b>Options:</b></p><dl><dt><span class="term">otherserver</span></dt><dd><p>Domain controller of the second domain</p></dd><dt><span class="term">otheruser</span></dt><dd><p>Admin user in the second domain</p></dd><dt><span class="term">otherdomainsid</span></dt><dd><p>SID of the second domain</p></dd><dt><span class="term">other_netbios_domain</span></dt><dd><p>NetBIOS (short) name of the second domain</p></dd><dt><span class="term">otherdomain</span></dt><dd><p>DNS (full) name of the second domain</p></dd><dt><span class="term">trustpw</span></dt><dd><p>Trust password</p></dd></dl></div><div class="variablelist" title="Examples:"><p class="title"><b>Examples:</b></p><dl><dt><span class="term">Create a trust object on srv1.dom1.dom for the domain dom2</span></dt><dd><div class="literallayout"><p><br>
     172net rpc trust create \<br>
     173    otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \<br>
     174    other_netbios_domain=dom2 \<br>
     175    otherdomain=dom2.dom \<br>
     176    trustpw=12345678 \<br>
     177    -S srv1.dom1.dom<br>
     178</p></div></dd><dt><span class="term">Create a trust relationship between dom1 and dom2</span></dt><dd><div class="literallayout"><p><br>
     179net rpc trust create \<br>
     180    otherserver=srv2.dom2.test \<br>
     181    otheruser=dom2adm \<br>
     182    -S srv1.dom1.dom<br>
     183</p></div></dd></dl></div></div><div class="refsect3" title="RPC TRUST DELETE"><a name="id308334"></a><h4>RPC TRUST DELETE</h4><p>Delete a trust trust object by calling lsaDeleteTrustedDomain.
     184The can be done on a single server or on two servers at once.</p><div class="variablelist" title="Options:"><p class="title"><b>Options:</b></p><dl><dt><span class="term">otherserver</span></dt><dd><p>Domain controller of the second domain</p></dd><dt><span class="term">otheruser</span></dt><dd><p>Admin user in the second domain</p></dd><dt><span class="term">otherdomainsid</span></dt><dd><p>SID of the second domain</p></dd></dl></div><div class="variablelist" title="Examples:"><p class="title"><b>Examples:</b></p><dl><dt><span class="term">Delete a trust object on srv1.dom1.dom for the domain dom2</span></dt><dd><div class="literallayout"><p><br>
     185net rpc trust delete \<br>
     186    otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \<br>
     187    -S srv1.dom1.dom<br>
     188</p></div></dd><dt><span class="term">Delete a trust relationship between dom1 and dom2</span></dt><dd><div class="literallayout"><p><br>
     189net rpc trust delete \<br>
     190    otherserver=srv2.dom2.test \<br>
     191    otheruser=dom2adm \<br>
     192    -S srv1.dom1.dom<br>
     193</p></div></dd></dl></div></div></div><div class="refsect2"><a name="id308420"></a><div class="refsect3" title="RPC RIGHTS"><a name="id308423"></a><h4>RPC RIGHTS</h4><p>This subcommand is used to view and manage Samba's rights assignments (also
    167194referred to as privileges).  There are three options currently available:
    168195<em class="parameter"><code>list</code></em>, <em class="parameter"><code>grant</code></em>, and
    169196<em class="parameter"><code>revoke</code></em>.  More details on Samba's privilege model and its use
    170 can be found in the Samba-HOWTO-Collection.</p></div></div><div class="refsect2" title="RPC ABORTSHUTDOWN"><a name="id308217"></a><h3>RPC ABORTSHUTDOWN</h3><p>Abort the shutdown of a remote server.</p></div><div class="refsect2" title="RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]"><a name="id308227"></a><h3>RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]</h3><p>Shut down the remote server.</p><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>
     197can be found in the Samba-HOWTO-Collection.</p></div></div><div class="refsect2" title="RPC ABORTSHUTDOWN"><a name="id308451"></a><h3>RPC ABORTSHUTDOWN</h3><p>Abort the shutdown of a remote server.</p></div><div class="refsect2" title="RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]"><a name="id308461"></a><h3>RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]</h3><p>Shut down the remote server.</p><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>
    171198Reboot after shutdown.
    172199</p></dd><dt><span class="term">-f</span></dt><dd><p>
     
    176203user of the system can use this time to cancel the shutdown.
    177204</p></dd><dt><span class="term">-C message</span></dt><dd><p>Display the specified message on the screen to
    178 announce the shutdown.</p></dd></dl></div></div><div class="refsect2" title="RPC SAMDUMP"><a name="id308284"></a><h3>RPC SAMDUMP</h3><p>Print out sam database of remote server. You need
    179 to run this against the PDC, from a Samba machine joined as a BDC. </p></div><div class="refsect2" title="RPC VAMPIRE"><a name="id308294"></a><h3>RPC VAMPIRE</h3><p>Export users, aliases and groups from remote server to
     205announce the shutdown.</p></dd></dl></div></div><div class="refsect2" title="RPC SAMDUMP"><a name="id308518"></a><h3>RPC SAMDUMP</h3><p>Print out sam database of remote server. You need
     206to run this against the PDC, from a Samba machine joined as a BDC. </p></div><div class="refsect2" title="RPC VAMPIRE"><a name="id308529"></a><h3>RPC VAMPIRE</h3><p>Export users, aliases and groups from remote server to
    180207local server.  You need to run this against the PDC, from a Samba machine joined as a BDC.
    181 </p></div><div class="refsect2" title="RPC VAMPIRE KEYTAB"><a name="id308305"></a><h3>RPC VAMPIRE KEYTAB</h3><p>Dump remote SAM database to local Kerberos keytab file.
    182 </p></div><div class="refsect2" title="RPC VAMPIRE LDIF"><a name="id308316"></a><h3>RPC VAMPIRE LDIF</h3><p>Dump remote SAM database to local LDIF file or standard output.
    183 </p></div><div class="refsect2" title="RPC GETSID"><a name="id308326"></a><h3>RPC GETSID</h3><p>Fetch domain SID and store it in the local <code class="filename">secrets.tdb</code>. </p></div><div class="refsect2" title="ADS LEAVE"><a name="id308341"></a><h3>ADS LEAVE</h3><p>Make the remote host leave the domain it is part of. </p></div><div class="refsect2" title="ADS STATUS"><a name="id308350"></a><h3>ADS STATUS</h3><p>Print out status of machine account of the local machine in ADS.
     208</p></div><div class="refsect2" title="RPC VAMPIRE KEYTAB"><a name="id308540"></a><h3>RPC VAMPIRE KEYTAB</h3><p>Dump remote SAM database to local Kerberos keytab file.
     209</p></div><div class="refsect2" title="RPC VAMPIRE LDIF"><a name="id308550"></a><h3>RPC VAMPIRE LDIF</h3><p>Dump remote SAM database to local LDIF file or standard output.
     210</p></div><div class="refsect2" title="RPC GETSID"><a name="id308560"></a><h3>RPC GETSID</h3><p>Fetch domain SID and store it in the local <code class="filename">secrets.tdb</code>. </p></div><div class="refsect2" title="ADS LEAVE"><a name="id308575"></a><h3>ADS LEAVE</h3><p>Make the remote host leave the domain it is part of. </p></div><div class="refsect2" title="ADS STATUS"><a name="id308585"></a><h3>ADS STATUS</h3><p>Print out status of machine account of the local machine in ADS.
    184211Prints out quite some debug info. Aimed at developers, regular
    185 users should use <code class="literal">NET ADS TESTJOIN</code>.</p></div><div class="refsect2" title="ADS PRINTER"><a name="id308366"></a><h3>ADS PRINTER</h3><div class="refsect3" title="ADS PRINTER INFO [PRINTER] [SERVER]"><a name="id308372"></a><h4>ADS PRINTER INFO [<em class="replaceable"><code>PRINTER</code></em>] [<em class="replaceable"><code>SERVER</code></em>]</h4><p>
     212users should use <code class="literal">NET ADS TESTJOIN</code>.</p></div><div class="refsect2" title="ADS PRINTER"><a name="id308601"></a><h3>ADS PRINTER</h3><div class="refsect3" title="ADS PRINTER INFO [PRINTER] [SERVER]"><a name="id308606"></a><h4>ADS PRINTER INFO [<em class="replaceable"><code>PRINTER</code></em>] [<em class="replaceable"><code>SERVER</code></em>]</h4><p>
    186213Lookup info for <em class="replaceable"><code>PRINTER</code></em> on <em class="replaceable"><code>SERVER</code></em>. The printer name defaults to "*", the
    187 server name defaults to the local host.</p></div><div class="refsect3" title="ADS PRINTER PUBLISH PRINTER"><a name="id308395"></a><h4>ADS PRINTER PUBLISH <em class="replaceable"><code>PRINTER</code></em></h4><p>Publish specified printer using ADS.</p></div><div class="refsect3" title="ADS PRINTER REMOVE PRINTER"><a name="id308407"></a><h4>ADS PRINTER REMOVE <em class="replaceable"><code>PRINTER</code></em></h4><p>Remove specified printer from ADS directory.</p></div></div><div class="refsect2" title="ADS SEARCH EXPRESSION ATTRIBUTES..."><a name="id308420"></a><h3>ADS SEARCH <em class="replaceable"><code>EXPRESSION</code></em> <em class="replaceable"><code>ATTRIBUTES...</code></em></h3><p>Perform a raw LDAP search on a ADS server and dump the results. The
     214server name defaults to the local host.</p></div><div class="refsect3" title="ADS PRINTER PUBLISH PRINTER"><a name="id308629"></a><h4>ADS PRINTER PUBLISH <em class="replaceable"><code>PRINTER</code></em></h4><p>Publish specified printer using ADS.</p></div><div class="refsect3" title="ADS PRINTER REMOVE PRINTER"><a name="id308641"></a><h4>ADS PRINTER REMOVE <em class="replaceable"><code>PRINTER</code></em></h4><p>Remove specified printer from ADS directory.</p></div></div><div class="refsect2" title="ADS SEARCH EXPRESSION ATTRIBUTES..."><a name="id308654"></a><h3>ADS SEARCH <em class="replaceable"><code>EXPRESSION</code></em> <em class="replaceable"><code>ATTRIBUTES...</code></em></h3><p>Perform a raw LDAP search on a ADS server and dump the results. The
    188215expression is a standard LDAP search expression, and the
    189216attributes are a list of LDAP fields to show in the results.</p><p>Example: <strong class="userinput"><code>net ads search '(objectCategory=group)' sAMAccountName</code></strong>
    190 </p></div><div class="refsect2" title="ADS DN DN (attributes)"><a name="id308445"></a><h3>ADS DN <em class="replaceable"><code>DN</code></em> <em class="replaceable"><code>(attributes)</code></em></h3><p>
     217</p></div><div class="refsect2" title="ADS DN DN (attributes)"><a name="id308679"></a><h3>ADS DN <em class="replaceable"><code>DN</code></em> <em class="replaceable"><code>(attributes)</code></em></h3><p>
    191218Perform a raw LDAP search on a ADS server and dump the results. The
    192219DN standard LDAP DN, and the attributes are a list of LDAP fields
    193220to show in the result.
    194 </p><p>Example: <strong class="userinput"><code>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</code></strong></p></div><div class="refsect2" title="ADS WORKGROUP"><a name="id308469"></a><h3>ADS WORKGROUP</h3><p>Print out workgroup name for specified kerberos realm.</p></div><div class="refsect2" title="SAM CREATEBUILTINGROUP &lt;NAME&gt;"><a name="id308479"></a><h3>SAM CREATEBUILTINGROUP &lt;NAME&gt;</h3><p>
     221</p><p>Example: <strong class="userinput"><code>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</code></strong></p></div><div class="refsect2" title="ADS WORKGROUP"><a name="id308703"></a><h3>ADS WORKGROUP</h3><p>Print out workgroup name for specified kerberos realm.</p></div><div class="refsect2" title="SAM CREATEBUILTINGROUP &lt;NAME&gt;"><a name="id308713"></a><h3>SAM CREATEBUILTINGROUP &lt;NAME&gt;</h3><p>
    195222(Re)Create a BUILTIN group.
    196223Only a wellknown set of BUILTIN groups can be created with this command.
     
    202229This command requires a running Winbindd with idmap allocation properly
    203230configured. The group gid will be allocated out of the winbindd range.
    204 </p></div><div class="refsect2" title="SAM CREATELOCALGROUP &lt;NAME&gt;"><a name="id308492"></a><h3>SAM CREATELOCALGROUP &lt;NAME&gt;</h3><p>
     231</p></div><div class="refsect2" title="SAM CREATELOCALGROUP &lt;NAME&gt;"><a name="id308727"></a><h3>SAM CREATELOCALGROUP &lt;NAME&gt;</h3><p>
    205232Create a LOCAL group (also known as Alias).
    206233
    207234This command requires a running Winbindd with idmap allocation properly
    208235configured. The group gid will be allocated out of the winbindd range.
    209 </p></div><div class="refsect2" title="SAM DELETELOCALGROUP &lt;NAME&gt;"><a name="id308504"></a><h3>SAM DELETELOCALGROUP &lt;NAME&gt;</h3><p>
     236</p></div><div class="refsect2" title="SAM DELETELOCALGROUP &lt;NAME&gt;"><a name="id308738"></a><h3>SAM DELETELOCALGROUP &lt;NAME&gt;</h3><p>
    210237Delete an existing LOCAL group (also known as Alias).
    211238
    212 </p></div><div class="refsect2" title="SAM MAPUNIXGROUP &lt;NAME&gt;"><a name="id308514"></a><h3>SAM MAPUNIXGROUP &lt;NAME&gt;</h3><p>
     239</p></div><div class="refsect2" title="SAM MAPUNIXGROUP &lt;NAME&gt;"><a name="id308748"></a><h3>SAM MAPUNIXGROUP &lt;NAME&gt;</h3><p>
    213240Map an existing Unix group and make it a Domain Group, the domain group
    214241will have the same name.
    215 </p></div><div class="refsect2" title="SAM UNMAPUNIXGROUP &lt;NAME&gt;"><a name="id308524"></a><h3>SAM UNMAPUNIXGROUP &lt;NAME&gt;</h3><p>
     242</p></div><div class="refsect2" title="SAM UNMAPUNIXGROUP &lt;NAME&gt;"><a name="id308759"></a><h3>SAM UNMAPUNIXGROUP &lt;NAME&gt;</h3><p>
    216243Remove an existing group mapping entry.
    217 </p></div><div class="refsect2" title="SAM ADDMEM &lt;GROUP&gt; &lt;MEMBER&gt;"><a name="id308534"></a><h3>SAM ADDMEM &lt;GROUP&gt; &lt;MEMBER&gt;</h3><p>
     244</p></div><div class="refsect2" title="SAM ADDMEM &lt;GROUP&gt; &lt;MEMBER&gt;"><a name="id308768"></a><h3>SAM ADDMEM &lt;GROUP&gt; &lt;MEMBER&gt;</h3><p>
    218245Add a member to a Local group. The group can be specified only by name,
    219246the member can be specified by name or SID.
    220 </p></div><div class="refsect2" title="SAM DELMEM &lt;GROUP&gt; &lt;MEMBER&gt;"><a name="id308545"></a><h3>SAM DELMEM  &lt;GROUP&gt; &lt;MEMBER&gt;</h3><p>
     247</p></div><div class="refsect2" title="SAM DELMEM &lt;GROUP&gt; &lt;MEMBER&gt;"><a name="id308780"></a><h3>SAM DELMEM  &lt;GROUP&gt; &lt;MEMBER&gt;</h3><p>
    221248Remove a member from a Local group. The group and the member must be
    222249specified by name.
    223 </p></div><div class="refsect2" title="SAM LISTMEM &lt;GROUP&gt;"><a name="id308557"></a><h3>SAM LISTMEM &lt;GROUP&gt;</h3><p>
     250</p></div><div class="refsect2" title="SAM LISTMEM &lt;GROUP&gt;"><a name="id308791"></a><h3>SAM LISTMEM &lt;GROUP&gt;</h3><p>
    224251List Local group members. The group must be specified by name.
    225 </p></div><div class="refsect2" title="SAM LIST &lt;users|groups|localgroups|builtin|workstations&gt; [verbose]"><a name="id308567"></a><h3>SAM LIST &lt;users|groups|localgroups|builtin|workstations&gt; [verbose]</h3><p>
     252</p></div><div class="refsect2" title="SAM LIST &lt;users|groups|localgroups|builtin|workstations&gt; [verbose]"><a name="id308801"></a><h3>SAM LIST &lt;users|groups|localgroups|builtin|workstations&gt; [verbose]</h3><p>
    226253List the specified set of accounts by name. If verbose is specified,
    227254the rid and description is also provided for each account.
    228 </p></div><div class="refsect2" title="SAM RIGHTS LIST"><a name="id308579"></a><h3>SAM RIGHTS LIST</h3><p>
     255</p></div><div class="refsect2" title="SAM RIGHTS LIST"><a name="id308813"></a><h3>SAM RIGHTS LIST</h3><p>
    229256List all available privileges.
    230 </p></div><div class="refsect2" title="SAM RIGHTS GRANT &lt;NAME&gt; &lt;PRIVILEGE&gt;"><a name="id308588"></a><h3>SAM RIGHTS GRANT &lt;NAME&gt; &lt;PRIVILEGE&gt;</h3><p>
     257</p></div><div class="refsect2" title="SAM RIGHTS GRANT &lt;NAME&gt; &lt;PRIVILEGE&gt;"><a name="id308823"></a><h3>SAM RIGHTS GRANT &lt;NAME&gt; &lt;PRIVILEGE&gt;</h3><p>
    231258Grant one or more privileges to a user.
    232 </p></div><div class="refsect2" title="SAM RIGHTS REVOKE &lt;NAME&gt; &lt;PRIVILEGE&gt;"><a name="id308598"></a><h3>SAM RIGHTS REVOKE &lt;NAME&gt; &lt;PRIVILEGE&gt;</h3><p>
     259</p></div><div class="refsect2" title="SAM RIGHTS REVOKE &lt;NAME&gt; &lt;PRIVILEGE&gt;"><a name="id308832"></a><h3>SAM RIGHTS REVOKE &lt;NAME&gt; &lt;PRIVILEGE&gt;</h3><p>
    233260Revoke one or more privileges from a user.
    234 </p></div><div class="refsect2" title="SAM SHOW &lt;NAME&gt;"><a name="id308608"></a><h3>SAM SHOW &lt;NAME&gt;</h3><p>
     261</p></div><div class="refsect2" title="SAM SHOW &lt;NAME&gt;"><a name="id308842"></a><h3>SAM SHOW &lt;NAME&gt;</h3><p>
    235262Show the full DOMAIN\\NAME the SID and the type for the corresponding
    236263account.
    237 </p></div><div class="refsect2" title="SAM SET HOMEDIR &lt;NAME&gt; &lt;DIRECTORY&gt;"><a name="id308618"></a><h3>SAM SET HOMEDIR &lt;NAME&gt; &lt;DIRECTORY&gt;</h3><p>
     264</p></div><div class="refsect2" title="SAM SET HOMEDIR &lt;NAME&gt; &lt;DIRECTORY&gt;"><a name="id308852"></a><h3>SAM SET HOMEDIR &lt;NAME&gt; &lt;DIRECTORY&gt;</h3><p>
    238265Set the home directory for a user account.
    239 </p></div><div class="refsect2" title="SAM SET PROFILEPATH &lt;NAME&gt; &lt;PATH&gt;"><a name="id308628"></a><h3>SAM SET PROFILEPATH &lt;NAME&gt; &lt;PATH&gt;</h3><p>
     266</p></div><div class="refsect2" title="SAM SET PROFILEPATH &lt;NAME&gt; &lt;PATH&gt;"><a name="id308862"></a><h3>SAM SET PROFILEPATH &lt;NAME&gt; &lt;PATH&gt;</h3><p>
    240267Set the profile path for a user account.
    241 </p></div><div class="refsect2" title="SAM SET COMMENT &lt;NAME&gt; &lt;COMMENT&gt;"><a name="id308637"></a><h3>SAM SET COMMENT &lt;NAME&gt; &lt;COMMENT&gt;</h3><p>
     268</p></div><div class="refsect2" title="SAM SET COMMENT &lt;NAME&gt; &lt;COMMENT&gt;"><a name="id308872"></a><h3>SAM SET COMMENT &lt;NAME&gt; &lt;COMMENT&gt;</h3><p>
    242269Set the comment for a user or group account.
    243 </p></div><div class="refsect2" title="SAM SET FULLNAME &lt;NAME&gt; &lt;FULL NAME&gt;"><a name="id308647"></a><h3>SAM SET FULLNAME &lt;NAME&gt; &lt;FULL NAME&gt;</h3><p>
     270</p></div><div class="refsect2" title="SAM SET FULLNAME &lt;NAME&gt; &lt;FULL NAME&gt;"><a name="id308881"></a><h3>SAM SET FULLNAME &lt;NAME&gt; &lt;FULL NAME&gt;</h3><p>
    244271Set the full name for a user account.
    245 </p></div><div class="refsect2" title="SAM SET LOGONSCRIPT &lt;NAME&gt; &lt;SCRIPT&gt;"><a name="id308656"></a><h3>SAM SET LOGONSCRIPT &lt;NAME&gt; &lt;SCRIPT&gt;</h3><p>
     272</p></div><div class="refsect2" title="SAM SET LOGONSCRIPT &lt;NAME&gt; &lt;SCRIPT&gt;"><a name="id308891"></a><h3>SAM SET LOGONSCRIPT &lt;NAME&gt; &lt;SCRIPT&gt;</h3><p>
    246273Set the logon script for a user account.
    247 </p></div><div class="refsect2" title="SAM SET HOMEDRIVE &lt;NAME&gt; &lt;DRIVE&gt;"><a name="id308666"></a><h3>SAM SET HOMEDRIVE &lt;NAME&gt; &lt;DRIVE&gt;</h3><p>
     274</p></div><div class="refsect2" title="SAM SET HOMEDRIVE &lt;NAME&gt; &lt;DRIVE&gt;"><a name="id308900"></a><h3>SAM SET HOMEDRIVE &lt;NAME&gt; &lt;DRIVE&gt;</h3><p>
    248275Set the home drive for a user account.
    249 </p></div><div class="refsect2" title="SAM SET WORKSTATIONS &lt;NAME&gt; &lt;WORKSTATIONS&gt;"><a name="id308676"></a><h3>SAM SET WORKSTATIONS &lt;NAME&gt; &lt;WORKSTATIONS&gt;</h3><p>
     276</p></div><div class="refsect2" title="SAM SET WORKSTATIONS &lt;NAME&gt; &lt;WORKSTATIONS&gt;"><a name="id308910"></a><h3>SAM SET WORKSTATIONS &lt;NAME&gt; &lt;WORKSTATIONS&gt;</h3><p>
    250277Set the workstations a user account is allowed to log in from.
    251 </p></div><div class="refsect2" title="SAM SET DISABLE &lt;NAME&gt;"><a name="id308686"></a><h3>SAM SET DISABLE &lt;NAME&gt;</h3><p>
     278</p></div><div class="refsect2" title="SAM SET DISABLE &lt;NAME&gt;"><a name="id308920"></a><h3>SAM SET DISABLE &lt;NAME&gt;</h3><p>
    252279Set the "disabled" flag for a user account.
    253 </p></div><div class="refsect2" title="SAM SET PWNOTREQ &lt;NAME&gt;"><a name="id308696"></a><h3>SAM SET PWNOTREQ &lt;NAME&gt;</h3><p>
     280</p></div><div class="refsect2" title="SAM SET PWNOTREQ &lt;NAME&gt;"><a name="id308930"></a><h3>SAM SET PWNOTREQ &lt;NAME&gt;</h3><p>
    254281Set the "password not required" flag for a user account.
    255 </p></div><div class="refsect2" title="SAM SET AUTOLOCK &lt;NAME&gt;"><a name="id308706"></a><h3>SAM SET AUTOLOCK &lt;NAME&gt;</h3><p>
     282</p></div><div class="refsect2" title="SAM SET AUTOLOCK &lt;NAME&gt;"><a name="id308940"></a><h3>SAM SET AUTOLOCK &lt;NAME&gt;</h3><p>
    256283Set the "autolock" flag for a user account.
    257 </p></div><div class="refsect2" title="SAM SET PWNOEXP &lt;NAME&gt;"><a name="id308715"></a><h3>SAM SET PWNOEXP &lt;NAME&gt;</h3><p>
     284</p></div><div class="refsect2" title="SAM SET PWNOEXP &lt;NAME&gt;"><a name="id308950"></a><h3>SAM SET PWNOEXP &lt;NAME&gt;</h3><p>
    258285Set the "password do not expire" flag for a user account.
    259 </p></div><div class="refsect2" title="SAM SET PWDMUSTCHANGENOW &lt;NAME&gt; [yes|no]"><a name="id308726"></a><h3>SAM SET PWDMUSTCHANGENOW &lt;NAME&gt; [yes|no]</h3><p>
     286</p></div><div class="refsect2" title="SAM SET PWDMUSTCHANGENOW &lt;NAME&gt; [yes|no]"><a name="id308960"></a><h3>SAM SET PWDMUSTCHANGENOW &lt;NAME&gt; [yes|no]</h3><p>
    260287Set or unset the "password must change" flag for a user account.
    261 </p></div><div class="refsect2" title="SAM POLICY LIST"><a name="id308736"></a><h3>SAM POLICY LIST</h3><p>
     288</p></div><div class="refsect2" title="SAM POLICY LIST"><a name="id308970"></a><h3>SAM POLICY LIST</h3><p>
    262289List the available account policies.
    263 </p></div><div class="refsect2" title="SAM POLICY SHOW &lt;account policy&gt;"><a name="id308746"></a><h3>SAM POLICY SHOW &lt;account policy&gt;</h3><p>
     290</p></div><div class="refsect2" title="SAM POLICY SHOW &lt;account policy&gt;"><a name="id308980"></a><h3>SAM POLICY SHOW &lt;account policy&gt;</h3><p>
    264291Show the account policy value.
    265 </p></div><div class="refsect2" title="SAM POLICY SET &lt;account policy&gt; &lt;value&gt;"><a name="id308755"></a><h3>SAM POLICY SET &lt;account policy&gt; &lt;value&gt;</h3><p>
     292</p></div><div class="refsect2" title="SAM POLICY SET &lt;account policy&gt; &lt;value&gt;"><a name="id308989"></a><h3>SAM POLICY SET &lt;account policy&gt; &lt;value&gt;</h3><p>
    266293Set a value for the account policy.
    267294Valid values can be: "forever", "never", "off", or a number.
    268 </p></div><div class="refsect2" title="SAM PROVISION"><a name="id308766"></a><h3>SAM PROVISION</h3><p>
     295</p></div><div class="refsect2" title="SAM PROVISION"><a name="id309001"></a><h3>SAM PROVISION</h3><p>
    269296Only available if ldapsam:editposix is set and winbindd is running.
    270297Properly populates the ldap tree with the basic accounts (Administrator)
    271298and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree.
    272 </p></div><div class="refsect2" title="IDMAP DUMP &lt;local tdb file name&gt;"><a name="id308778"></a><h3>IDMAP DUMP &lt;local tdb file name&gt;</h3><p>
     299</p></div><div class="refsect2" title="IDMAP DUMP &lt;local tdb file name&gt;"><a name="id309012"></a><h3>IDMAP DUMP &lt;local tdb file name&gt;</h3><p>
    273300Dumps the mappings contained in the local tdb file specified.
    274301This command is useful to dump only the mappings produced by the idmap_tdb backend.
    275 </p></div><div class="refsect2" title="IDMAP RESTORE [input file]"><a name="id308790"></a><h3>IDMAP RESTORE [input file]</h3><p>
     302</p></div><div class="refsect2" title="IDMAP RESTORE [input file]"><a name="id309024"></a><h3>IDMAP RESTORE [input file]</h3><p>
    276303Restore the mappings from the specified file or stdin.
    277 </p></div><div class="refsect2" title="IDMAP SECRET &lt;DOMAIN&gt; &lt;secret&gt;"><a name="id308800"></a><h3>IDMAP SECRET &lt;DOMAIN&gt; &lt;secret&gt;</h3><p>
     304</p></div><div class="refsect2" title="IDMAP SECRET &lt;DOMAIN&gt; &lt;secret&gt;"><a name="id309034"></a><h3>IDMAP SECRET &lt;DOMAIN&gt; &lt;secret&gt;</h3><p>
    278305Store a secret for the specified domain, used primarily for domains
    279306that use idmap_ldap as a backend. In this case the secret is used
    280307as the password for the user DN used to bind to the ldap server.
    281 </p></div><div class="refsect2" title="IDMAP DELETE [-f] [--db=&lt;DB&gt;] &lt;ID&gt;"><a name="id308812"></a><h3>IDMAP DELETE [-f] [--db=&lt;DB&gt;] &lt;ID&gt;</h3><p>
     308</p></div><div class="refsect2" title="IDMAP DELETE [-f] [--db=&lt;DB&gt;] &lt;ID&gt;"><a name="id309047"></a><h3>IDMAP DELETE [-f] [--db=&lt;DB&gt;] &lt;ID&gt;</h3><p>
    282309Delete a mapping sid &lt;-&gt; gid or sid &lt;-&gt; uid from the IDMAP database.
    283310The mapping is given by &lt;ID&gt; which may either be a sid: S-x-..., a gid: "GID number" or a uid: "UID number".
     
    286313  Use "smbcontrol all idmap ..." to notify running smbd instances.
    287314  See the <a class="citerefentry" href="smbcontrol.1.html"><span class="citerefentry"><span class="refentrytitle">smbcontrol</span>(1)</span></a> manpage for details.
    288 </p></div><div class="refsect2" title="USERSHARE"><a name="id308839"></a><h3>USERSHARE</h3><p>Starting with version 3.0.23, a Samba server now supports the ability for
     315</p></div><div class="refsect2" title="IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=&lt;DB&gt;]"><a name="id309073"></a><h3>IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=&lt;DB&gt;]</h3><p>
     316  Check and repair the IDMAP database. If no option is given a read only check
     317  of the database is done. Among others an interactive or automatic repair mode
     318  may be chosen with one of the following options:
     319
     320  </p><div class="variablelist"><dl><dt><span class="term">-r|--repair</span></dt><dd><p>
     321      Interactive repair mode, ask a lot of questions.
     322    </p></dd><dt><span class="term">-a|--auto</span></dt><dd><p>
     323      Noninteractive repair mode, use default answers.
     324    </p></dd><dt><span class="term">-v|--verbose</span></dt><dd><p>
     325        Produce more output.
     326      </p></dd><dt><span class="term">-f|--force</span></dt><dd><p>
     327        Try to apply changes, even if they do not apply cleanly.
     328      </p></dd><dt><span class="term">-T|--test</span></dt><dd><p>
     329        Dry run, show what changes would be made but don't touch anything.
     330      </p></dd><dt><span class="term">-l|--lock</span></dt><dd><p>
     331        Lock the database while doing the check.
     332      </p></dd><dt><span class="term">--db &lt;DB&gt;</span></dt><dd><p>
     333        Check the specified database.
     334      </p></dd><dt><span class="term"></span></dt><dd><p>
     335      </p></dd></dl></div><p>
     336
     337  It reports about the finding of the following errors:
     338
     339  </p><div class="variablelist"><dl><dt><span class="term">Missing reverse mapping:</span></dt><dd><p>
     340      A record with mapping A-&gt;B where there is no B-&gt;A. Default action
     341      in repair mode is to "fix" this by adding the reverse mapping.
     342    </p></dd><dt><span class="term">Invalid mapping:</span></dt><dd><p>
     343      A record with mapping A-&gt;B where B-&gt;C. Default action
     344      is to "delete" this record.
     345    </p></dd><dt><span class="term">Missing or invalid HWM:</span></dt><dd><p>
     346      A high water mark is not at least equal to the largest ID in the
     347      database. Default action is to "fix" this by setting it to the
     348      largest ID found +1.
     349    </p></dd><dt><span class="term">Invalid record:</span></dt><dd><p>
     350      Something we failed to parse. Default action is to "edit" it
     351      in interactive and "delete" it in automatic mode.
     352    </p></dd></dl></div><p>
     353</p></div><div class="refsect2" title="USERSHARE"><a name="id309217"></a><h3>USERSHARE</h3><p>Starting with version 3.0.23, a Samba server now supports the ability for
    289354non-root users to add user defined shares to be exported using the "net usershare"
    290355commands.
     
    315380</p><table border="0" summary="Simple list" class="simplelist"><tr><td>net usershare add sharename path [comment [acl] [guest_ok=[y|n]]] - to add or change a user defined share.</td></tr><tr><td>net usershare delete sharename - to delete a user defined share.</td></tr><tr><td>net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.</td></tr><tr><td>net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.</td></tr></table><p>
    316381
    317 </p><div class="refsect3" title="USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]"><a name="id308884"></a><h4>USERSHARE ADD <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> <em class="replaceable"><code>[comment]</code></em> <em class="replaceable"><code>[acl]</code></em> <em class="replaceable"><code>[guest_ok=[y|n]]</code></em></h4><p>
     382</p><div class="refsect3" title="USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]"><a name="id309263"></a><h4>USERSHARE ADD <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> <em class="replaceable"><code>[comment]</code></em> <em class="replaceable"><code>[acl]</code></em> <em class="replaceable"><code>[guest_ok=[y|n]]</code></em></h4><p>
    318383Add or replace a new user defined share, with name "sharename".
    319384</p><p>
     
    352417at connect time so will see the change immediately, there is no need
    353418to restart smbd on adding, deleting or changing a user defined share.
    354 </div><div class="refsect3" title="USERSHARE DELETE sharename"><a name="id308945"></a><h4>USERSHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p>
     419</div><div class="refsect3" title="USERSHARE DELETE sharename"><a name="id309320"></a><h4>USERSHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p>
    355420Deletes the user defined share by name. The Samba smbd daemon
    356421immediately notices this change, although it will not disconnect
    357422any users currently connected to the deleted share.
    358 </p></div><div class="refsect3" title="USERSHARE INFO [-l|--long] [wildcard sharename]"><a name="id308958"></a><h4>USERSHARE INFO <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>[wildcard sharename]</code></em></h4><p>
     423</p></div><div class="refsect3" title="USERSHARE INFO [-l|--long] [wildcard sharename]"><a name="id309333"></a><h4>USERSHARE INFO <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>[wildcard sharename]</code></em></h4><p>
    359424Get info on user defined shares owned by the current user matching the given pattern, or all users.
    360425</p><p>
     
    375440And is a list of the current settings of the user defined share that can be
    376441modified by the "net usershare add" command.
    377 </p></div><div class="refsect3" title="USERSHARE LIST [-l|--long] wildcard sharename"><a name="id308986"></a><h4>USERSHARE LIST <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>wildcard sharename</code></em></h4><p>
     442</p></div><div class="refsect3" title="USERSHARE LIST [-l|--long] wildcard sharename"><a name="id309361"></a><h4>USERSHARE LIST <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>wildcard sharename</code></em></h4><p>
    378443List all the user defined shares owned by the current user matching the given pattern, or all users.
    379444</p><p>
     
    383448If the '-l' or '--long' option is also given, it includes the names of user defined
    384449shares created by other users.
    385 </p></div></div><div class="refsect2" title="CONF"><a name="id309009"></a><h3>CONF</h3><p>Starting with version 3.2.0, a Samba server can be configured by data
     450</p></div></div><div class="refsect2" title="CONF"><a name="id309384"></a><h3>CONF</h3><p>Starting with version 3.2.0, a Samba server can be configured by data
    386451stored in registry. This configuration data can be edited with the new "net
    387452conf" commands.
     
    401466format.</td></tr><tr><td>net conf listshares - List the registry shares.</td></tr><tr><td>net conf drop - Delete the complete configuration from
    402467registry.</td></tr><tr><td>net conf showshare - Show the definition of a registry share.</td></tr><tr><td>net conf addshare - Create a new registry share.</td></tr><tr><td>net conf delshare - Delete a registry share.</td></tr><tr><td>net conf setparm - Store a parameter.</td></tr><tr><td>net conf getparm - Retrieve the value of a parameter.</td></tr><tr><td>net conf delparm - Delete a parameter.</td></tr><tr><td>net conf getincludes - Show the includes of a share definition.</td></tr><tr><td>net conf setincludes - Set includes for a share.</td></tr><tr><td>net conf delincludes - Delete includes from a share definition.</td></tr></table><p>
    403 </p><div class="refsect3" title="CONF LIST"><a name="id309114"></a><h4>CONF LIST</h4><p>
     468</p><div class="refsect3" title="CONF LIST"><a name="id309488"></a><h4>CONF LIST</h4><p>
    404469Print the configuration data stored in the registry in a smb.conf-like format to
    405470standard output.
    406 </p></div><div class="refsect3" title="CONF IMPORT [--test|-T] filename [section]"><a name="id309124"></a><h4>CONF IMPORT <em class="replaceable"><code>[--test|-T]</code></em> <em class="replaceable"><code>filename</code></em> <em class="replaceable"><code>[section]</code></em></h4><p>
     471</p></div><div class="refsect3" title="CONF IMPORT [--test|-T] filename [section]"><a name="id309499"></a><h4>CONF IMPORT <em class="replaceable"><code>[--test|-T]</code></em> <em class="replaceable"><code>filename</code></em> <em class="replaceable"><code>[section]</code></em></h4><p>
    407472This command imports configuration from a file in smb.conf format.
    408473If a section encountered in the input file is present in registry,
     
    414479the parameter "-T" on the commandline. In test mode, no changes are made to the
    415480registry, and the resulting configuration is printed to standard output instead.
    416 </p></div><div class="refsect3" title="CONF LISTSHARES"><a name="id309148"></a><h4>CONF LISTSHARES</h4><p>
     481</p></div><div class="refsect3" title="CONF LISTSHARES"><a name="id309523"></a><h4>CONF LISTSHARES</h4><p>
    417482List the names of the shares defined in registry.
    418 </p></div><div class="refsect3" title="CONF DROP"><a name="id309158"></a><h4>CONF DROP</h4><p>
     483</p></div><div class="refsect3" title="CONF DROP"><a name="id309532"></a><h4>CONF DROP</h4><p>
    419484Delete the complete configuration data from registry.
    420 </p></div><div class="refsect3" title="CONF SHOWSHARE sharename"><a name="id309167"></a><h4>CONF SHOWSHARE <em class="replaceable"><code>sharename</code></em></h4><p>
     485</p></div><div class="refsect3" title="CONF SHOWSHARE sharename"><a name="id309542"></a><h4>CONF SHOWSHARE <em class="replaceable"><code>sharename</code></em></h4><p>
    421486Show the definition of the share or section specified. It is valid to specify
    422487"global" as sharename to retrieve the global configuration options from
    423488registry.
    424 </p></div><div class="refsect3" title="CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N} [comment]]]"><a name="id309180"></a><h4>CONF ADDSHARE <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> [<em class="replaceable"><code>writeable={y|N}</code></em> [<em class="replaceable"><code>guest_ok={y|N}</code></em> [<em class="replaceable"><code>comment</code></em>]]] </h4><p>Create a new share definition in registry.
     489</p></div><div class="refsect3" title="CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N} [comment]]]"><a name="id309555"></a><h4>CONF ADDSHARE <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> [<em class="replaceable"><code>writeable={y|N}</code></em> [<em class="replaceable"><code>guest_ok={y|N}</code></em> [<em class="replaceable"><code>comment</code></em>]]] </h4><p>Create a new share definition in registry.
    425490The sharename and path have to be given. The share name may
    426491<span class="emphasis"><em>not</em></span> be "global". Optionally, values for the very
     
    428493The same result may be obtained by a sequence of "net conf setparm"
    429494commands.
    430 </p></div><div class="refsect3" title="CONF DELSHARE sharename"><a name="id309212"></a><h4>CONF DELSHARE <em class="replaceable"><code>sharename</code></em></h4><p>
     495</p></div><div class="refsect3" title="CONF DELSHARE sharename"><a name="id309587"></a><h4>CONF DELSHARE <em class="replaceable"><code>sharename</code></em></h4><p>
    431496Delete a share definition from registry.
    432 </p></div><div class="refsect3" title="CONF SETPARM section parameter value"><a name="id309224"></a><h4>CONF SETPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em> <em class="replaceable"><code>value</code></em></h4><p>
     497</p></div><div class="refsect3" title="CONF SETPARM section parameter value"><a name="id309598"></a><h4>CONF SETPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em> <em class="replaceable"><code>value</code></em></h4><p>
    433498Store a parameter in registry. The section may be global or a sharename.
    434499The section is created if it does not exist yet.
    435 </p></div><div class="refsect3" title="CONF GETPARM section parameter"><a name="id309243"></a><h4>CONF GETPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em></h4><p>
     500</p></div><div class="refsect3" title="CONF GETPARM section parameter"><a name="id309618"></a><h4>CONF GETPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em></h4><p>
    436501Show a parameter stored in registry.
    437 </p></div><div class="refsect3" title="CONF DELPARM section parameter"><a name="id309258"></a><h4>CONF DELPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em></h4><p>
     502</p></div><div class="refsect3" title="CONF DELPARM section parameter"><a name="id309633"></a><h4>CONF DELPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em></h4><p>
    438503Delete a parameter stored in registry.
    439 </p></div><div class="refsect3" title="CONF GETINCLUDES section"><a name="id309273"></a><h4>CONF GETINCLUDES <em class="replaceable"><code>section</code></em></h4><p>
     504</p></div><div class="refsect3" title="CONF GETINCLUDES section"><a name="id309648"></a><h4>CONF GETINCLUDES <em class="replaceable"><code>section</code></em></h4><p>
    440505Get the list of includes for the provided section (global or share).
    441506</p><p>
     
    453518configuration. In the future, there will be the ability to include configuration
    454519data from other registry keys.
    455 </p></div><div class="refsect3" title="CONF SETINCLUDES section [filename]+"><a name="id265639"></a><h4>CONF SETINCLUDES <em class="replaceable"><code>section</code></em> [<em class="replaceable"><code>filename</code></em>]+</h4><p>
     520</p></div><div class="refsect3" title="CONF SETINCLUDES section [filename]+"><a name="id309674"></a><h4>CONF SETINCLUDES <em class="replaceable"><code>section</code></em> [<em class="replaceable"><code>filename</code></em>]+</h4><p>
    456521Set the list of includes for the provided section (global or share) to the given
    457522list of one or more filenames. The filenames may contain the usual smb.conf
    458523macros like %I.
    459 </p></div><div class="refsect3" title="CONF DELINCLUDES section"><a name="id265657"></a><h4>CONF DELINCLUDES <em class="replaceable"><code>section</code></em></h4><p>
     524</p></div><div class="refsect3" title="CONF DELINCLUDES section"><a name="id309692"></a><h4>CONF DELINCLUDES <em class="replaceable"><code>section</code></em></h4><p>
    460525Delete the list of includes from the provided section (global or share).
    461 </p></div></div><div class="refsect2" title="REGISTRY"><a name="id265671"></a><h3>REGISTRY</h3><p>
     526</p></div></div><div class="refsect2" title="REGISTRY"><a name="id309705"></a><h3>REGISTRY</h3><p>
    462527Manipulate Samba's registry.
    463528</p><p>The registry commands are:
    464 </p><table border="0" summary="Simple list" class="simplelist"><tr><td>net registry enumerate   - Enumerate registry keys and values.</td></tr><tr><td>net registry createkey   - Create a new registry key.</td></tr><tr><td>net registry deletekey   - Delete a registry key.</td></tr><tr><td>net registry getvalue    - Print a registry value.</td></tr><tr><td>net registry getvalueraw - Print a registry value (raw format).</td></tr><tr><td>net registry setvalue    - Set a new registry value.</td></tr><tr><td>net registry increment   - Increment a DWORD registry value under a lock.
     529</p><table border="0" summary="Simple list" class="simplelist"><tr><td>net registry enumerate   - Enumerate registry keys and values.</td></tr><tr><td>net registry enumerate_recursive - Enumerate registry key and its subkeys.</td></tr><tr><td>net registry createkey   - Create a new registry key.</td></tr><tr><td>net registry deletekey   - Delete a registry key.</td></tr><tr><td>net registry deletekey_recursive - Delete a registry key with subkeys.</td></tr><tr><td>net registry getvalue    - Print a registry value.</td></tr><tr><td>net registry getvalueraw - Print a registry value (raw format).</td></tr><tr><td>net registry setvalue    - Set a new registry value.</td></tr><tr><td>net registry increment   - Increment a DWORD registry value under a lock.
    465530</td></tr><tr><td>net registry deletevalue - Delete a registry value.</td></tr><tr><td>net registry getsd       - Get security descriptor.</td></tr><tr><td>net registry getsd_sdd1  - Get security descriptor in sddl format.
    466531</td></tr><tr><td>net registry setsd_sdd1  - Set security descriptor from sddl format
     
    469534</td></tr><tr><td>net registry convert     - Convert a registration entries (.reg) file.
    470535</td></tr></table><p>
    471 </p><div class="refsect3" title="REGISTRY ENUMERATE key"><a name="id309469"></a><h4>REGISTRY ENUMERATE <em class="replaceable"><code>key</code></em> </h4><p>Enumerate subkeys and values of <span class="emphasis"><em>key</em></span>
    472   </p></div><div class="refsect3" title="REGISTRY CREATEKEY key"><a name="id309485"></a><h4>REGISTRY CREATEKEY <em class="replaceable"><code>key</code></em> </h4><p>Create a new <span class="emphasis"><em>key</em></span> if not yet existing.
    473   </p></div><div class="refsect3" title="REGISTRY DELETEKEY key"><a name="id309501"></a><h4>REGISTRY DELETEKEY <em class="replaceable"><code>key</code></em> </h4><p>Delete the given <span class="emphasis"><em>key</em></span> and all of its
     536</p><div class="refsect3" title="REGISTRY ENUMERATE key"><a name="id309781"></a><h4>REGISTRY ENUMERATE <em class="replaceable"><code>key</code></em> </h4><p>Enumerate subkeys and values of <span class="emphasis"><em>key</em></span>.
     537  </p></div><div class="refsect3" title="REGISTRY ENUMERATE_RECURSIVE key"><a name="id309797"></a><h4>REGISTRY ENUMERATE_RECURSIVE <em class="replaceable"><code>key</code></em> </h4><p>Enumerate values of <span class="emphasis"><em>key</em></span> and its subkeys.
     538  </p></div><div class="refsect3" title="REGISTRY CREATEKEY key"><a name="id309813"></a><h4>REGISTRY CREATEKEY <em class="replaceable"><code>key</code></em> </h4><p>Create a new <span class="emphasis"><em>key</em></span> if not yet existing.
     539  </p></div><div class="refsect3" title="REGISTRY DELETEKEY key"><a name="id309829"></a><h4>REGISTRY DELETEKEY <em class="replaceable"><code>key</code></em> </h4><p>Delete the given <span class="emphasis"><em>key</em></span> and its
     540  values from the registry, if it has no subkeys.
     541  </p></div><div class="refsect3" title="REGISTRY DELETEKEY_RECURSIVE key"><a name="id309845"></a><h4>REGISTRY DELETEKEY_RECURSIVE <em class="replaceable"><code>key</code></em> </h4><p>Delete the given <span class="emphasis"><em>key</em></span> and all of its
    474542  subkeys and values from the registry.
    475   </p></div><div class="refsect3" title="REGISTRY GETVALUE key name"><a name="id309517"></a><h4>REGISTRY GETVALUE <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em></h4><p>Output type and actual value of the value <span class="emphasis"><em>name</em></span>
     543  </p></div><div class="refsect3" title="REGISTRY GETVALUE key name"><a name="id309862"></a><h4>REGISTRY GETVALUE <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em></h4><p>Output type and actual value of the value <span class="emphasis"><em>name</em></span>
    476544  of the given <span class="emphasis"><em>key</em></span>.
    477   </p></div><div class="refsect3" title="REGISTRY GETVALUERAW key name"><a name="id309540"></a><h4>REGISTRY GETVALUERAW <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em></h4><p>Output the actual value of the value <span class="emphasis"><em>name</em></span>
     545  </p></div><div class="refsect3" title="REGISTRY GETVALUERAW key name"><a name="id309884"></a><h4>REGISTRY GETVALUERAW <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em></h4><p>Output the actual value of the value <span class="emphasis"><em>name</em></span>
    478546  of the given <span class="emphasis"><em>key</em></span>.
    479   </p></div><div class="refsect3" title="REGISTRY SETVALUE key name type value ..."><a name="id309562"></a><h4>REGISTRY SETVALUE <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em> <em class="replaceable"><code>type</code></em> <em class="replaceable"><code>value</code></em> ...</h4><p>Set the value <span class="emphasis"><em>name</em></span>
     547  </p></div><div class="refsect3" title="REGISTRY SETVALUE key name type value ..."><a name="id309907"></a><h4>REGISTRY SETVALUE <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em> <em class="replaceable"><code>type</code></em> <em class="replaceable"><code>value</code></em> ...</h4><p>Set the value <span class="emphasis"><em>name</em></span>
    480548  of an existing <span class="emphasis"><em>key</em></span>.
    481549  <span class="emphasis"><em>type</em></span> may be one of
     
    484552  In case of <span class="emphasis"><em>multi_sz</em></span> <em class="replaceable"><code>value</code></em> may
    485553  be given multiple times.
    486   </p></div><div class="refsect3" title="REGISTRY INCREMENT key name [inc]"><a name="id309613"></a><h4>REGISTRY INCREMENT <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em> <em class="replaceable"><code>[inc]</code></em></h4><p>Increment the DWORD value <span class="emphasis"><em>name</em></span>
     554  </p></div><div class="refsect3" title="REGISTRY INCREMENT key name [inc]"><a name="id309958"></a><h4>REGISTRY INCREMENT <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em> <em class="replaceable"><code>[inc]</code></em></h4><p>Increment the DWORD value <span class="emphasis"><em>name</em></span>
    487555  of <span class="emphasis"><em>key</em></span> by <em class="replaceable"><code>inc</code></em>
    488556  while holding a g_lock.
    489557  <span class="emphasis"><em>inc</em></span> defaults to 1.
    490   </p></div><div class="refsect3" title="REGISTRY DELETEVALUE key name"><a name="id309646"></a><h4>REGISTRY DELETEVALUE <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em></h4><p>Delete the value <span class="emphasis"><em>name</em></span>
     558  </p></div><div class="refsect3" title="REGISTRY DELETEVALUE key name"><a name="id309991"></a><h4>REGISTRY DELETEVALUE <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>name</code></em></h4><p>Delete the value <span class="emphasis"><em>name</em></span>
    491559  of the given <span class="emphasis"><em>key</em></span>.
    492   </p></div><div class="refsect3" title="REGISTRY GETSD key"><a name="id309669"></a><h4>REGISTRY GETSD <em class="replaceable"><code>key</code></em></h4><p>Get the security descriptor of the given <span class="emphasis"><em>key</em></span>.
    493   </p></div><div class="refsect3" title="REGISTRY GETSD_SDDL key"><a name="id309684"></a><h4>REGISTRY GETSD_SDDL <em class="replaceable"><code>key</code></em></h4><p>Get the security descriptor of the given <span class="emphasis"><em>key</em></span> as a
     560  </p></div><div class="refsect3" title="REGISTRY GETSD key"><a name="id310013"></a><h4>REGISTRY GETSD <em class="replaceable"><code>key</code></em></h4><p>Get the security descriptor of the given <span class="emphasis"><em>key</em></span>.
     561  </p></div><div class="refsect3" title="REGISTRY GETSD_SDDL key"><a name="id310028"></a><h4>REGISTRY GETSD_SDDL <em class="replaceable"><code>key</code></em></h4><p>Get the security descriptor of the given <span class="emphasis"><em>key</em></span> as a
    494562  Security Descriptor Definition Language (SDDL) string.
    495   </p></div><div class="refsect3" title="REGISTRY SETSD_SDDL keysd"><a name="id309699"></a><h4>REGISTRY SETSD_SDDL <em class="replaceable"><code>key</code></em><em class="replaceable"><code>sd</code></em></h4><p>Set the security descriptor of the given <span class="emphasis"><em>key</em></span> from a
     563  </p></div><div class="refsect3" title="REGISTRY SETSD_SDDL keysd"><a name="id310044"></a><h4>REGISTRY SETSD_SDDL <em class="replaceable"><code>key</code></em><em class="replaceable"><code>sd</code></em></h4><p>Set the security descriptor of the given <span class="emphasis"><em>key</em></span> from a
    496564  Security Descriptor Definition Language (SDDL) string <span class="emphasis"><em>sd</em></span>.
    497   </p></div><div class="refsect3" title="REGISTRY IMPORT file[opt]"><a name="id309721"></a><h4>REGISTRY IMPORT <em class="replaceable"><code>file</code></em><em class="replaceable"><code>[opt]</code></em></h4><p>Import a registration entries (.reg) <span class="emphasis"><em>file</em></span>.
    498   </p></div><div class="refsect3" title="REGISTRY EXPORT keyfile[opt]"><a name="id309739"></a><h4>REGISTRY EXPORT <em class="replaceable"><code>key</code></em><em class="replaceable"><code>file</code></em><em class="replaceable"><code>[opt]</code></em></h4><p>Export a <span class="emphasis"><em>key</em></span> to a registration entries (.reg)
     565  </p></div><div class="refsect3" title="REGISTRY IMPORT file[opt]"><a name="id310066"></a><h4>REGISTRY IMPORT <em class="replaceable"><code>file</code></em><em class="replaceable"><code>[opt]</code></em></h4><p>Import a registration entries (.reg) <span class="emphasis"><em>file</em></span>.
     566  </p></div><div class="refsect3" title="REGISTRY EXPORT keyfile[opt]"><a name="id310084"></a><h4>REGISTRY EXPORT <em class="replaceable"><code>key</code></em><em class="replaceable"><code>file</code></em><em class="replaceable"><code>[opt]</code></em></h4><p>Export a <span class="emphasis"><em>key</em></span> to a registration entries (.reg)
    499567  <span class="emphasis"><em>file</em></span>.
    500   </p></div><div class="refsect3" title="REGISTRY CONVERT in out [[inopt] outopt]"><a name="id309764"></a><h4>REGISTRY CONVERT <em class="replaceable"><code>in</code></em> <em class="replaceable"><code>out</code></em> <em class="replaceable"><code>[[inopt] outopt]</code></em></h4><p>Convert a registration entries (.reg) file <span class="emphasis"><em>in</em></span>.
    501   </p></div></div><div class="refsect2" title="EVENTLOG"><a name="id309788"></a><h3>EVENTLOG</h3><p>Starting with version 3.4.0 net can read, dump, import and export native
     568  </p></div><div class="refsect3" title="REGISTRY CONVERT in out [[inopt] outopt]"><a name="id310109"></a><h4>REGISTRY CONVERT <em class="replaceable"><code>in</code></em> <em class="replaceable"><code>out</code></em> <em class="replaceable"><code>[[inopt] outopt]</code></em></h4><p>Convert a registration entries (.reg) file <span class="emphasis"><em>in</em></span>.
     569  </p></div></div><div class="refsect2" title="EVENTLOG"><a name="id310133"></a><h3>EVENTLOG</h3><p>Starting with version 3.4.0 net can read, dump, import and export native
    502570win32 eventlog files (usually *.evt). evt files are used by the native Windows eventviewer tools.
    503571</p><p>
     
    509577tdb based representation of eventlogs.</td></tr><tr><td>net eventlog export - Export the samba internal tdb based representation
    510578of eventlogs into an eventlog *.evt file.</td></tr></table><p>
    511 </p><div class="refsect3" title="EVENTLOG DUMP filename"><a name="id309839"></a><h4>EVENTLOG DUMP <em class="replaceable"><code>filename</code></em></h4><p>
     579</p><div class="refsect3" title="EVENTLOG DUMP filename"><a name="id310184"></a><h4>EVENTLOG DUMP <em class="replaceable"><code>filename</code></em></h4><p>
    512580Prints a eventlog *.evt file to standard output.
    513 </p></div><div class="refsect3" title="EVENTLOG IMPORT filename eventlog"><a name="id309851"></a><h4>EVENTLOG IMPORT <em class="replaceable"><code>filename</code></em> <em class="replaceable"><code>eventlog</code></em></h4><p>
     581</p></div><div class="refsect3" title="EVENTLOG IMPORT filename eventlog"><a name="id310196"></a><h4>EVENTLOG IMPORT <em class="replaceable"><code>filename</code></em> <em class="replaceable"><code>eventlog</code></em></h4><p>
    514582Imports a eventlog *.evt file defined by <em class="replaceable"><code>filename</code></em> into the
    515583samba internal tdb representation of eventlog defined by <em class="replaceable"><code>eventlog</code></em>.
     
    517585defined in smb.conf.
    518586See the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manpage for details.
    519 </p></div><div class="refsect3" title="EVENTLOG EXPORT filename eventlog"><a name="id309889"></a><h4>EVENTLOG EXPORT <em class="replaceable"><code>filename</code></em> <em class="replaceable"><code>eventlog</code></em></h4><p>
     587</p></div><div class="refsect3" title="EVENTLOG EXPORT filename eventlog"><a name="id310233"></a><h4>EVENTLOG EXPORT <em class="replaceable"><code>filename</code></em> <em class="replaceable"><code>eventlog</code></em></h4><p>
    520588Exports the samba internal tdb representation of eventlog defined by <em class="replaceable"><code>eventlog</code></em>
    521589to a eventlog *.evt file defined by <em class="replaceable"><code>filename</code></em>.
     
    523591defined in smb.conf.
    524592See the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manpage for details.
    525 </p></div></div><div class="refsect2" title="DOM"><a name="id309928"></a><h3>DOM</h3><p>Starting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000.
     593</p></div></div><div class="refsect2" title="DOM"><a name="id310272"></a><h3>DOM</h3><p>Starting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000.
    526594</p><p>In order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege.
    527595</p><p>The client side support for remote join is implemented in the net dom commands which are:
    528596</p><table border="0" summary="Simple list" class="simplelist"><tr><td>net dom join - Join a remote computer into a domain.</td></tr><tr><td>net dom unjoin - Unjoin a remote computer from a domain.</td></tr><tr><td>net dom renamecomputer - Renames a remote computer joined to a domain.</td></tr></table><p>
    529 </p><div class="refsect3" title="DOM JOIN domain=DOMAIN ou=OU account=ACCOUNT password=PASSWORD reboot"><a name="id309963"></a><h4>DOM JOIN     <em class="replaceable"><code>domain=DOMAIN</code></em> <em class="replaceable"><code>ou=OU</code></em> <em class="replaceable"><code>account=ACCOUNT</code></em> <em class="replaceable"><code>password=PASSWORD</code></em> <em class="replaceable"><code>reboot</code></em></h4><p>
     597</p><div class="refsect3" title="DOM JOIN domain=DOMAIN ou=OU account=ACCOUNT password=PASSWORD reboot"><a name="id310308"></a><h4>DOM JOIN     <em class="replaceable"><code>domain=DOMAIN</code></em> <em class="replaceable"><code>ou=OU</code></em> <em class="replaceable"><code>account=ACCOUNT</code></em> <em class="replaceable"><code>password=PASSWORD</code></em> <em class="replaceable"><code>reboot</code></em></h4><p>
    530598Joins a computer into a domain. This command supports the following additional parameters:
    531 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="replaceable"><code>DOMAIN</code></em> can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The <em class="replaceable"><code>DOMAIN</code></em> parameter cannot be NULL.</p></li><li class="listitem"><p><em class="replaceable"><code>OU</code></em> can be set to a RFC 1779 LDAP DN, like <span class="emphasis"><em>ou=mymachines,cn=Users,dc=example,dc=com</em></span> in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.</p></li><li class="listitem"><p><em class="replaceable"><code>ACCOUNT</code></em> defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.</p></li><li class="listitem"><p><em class="replaceable"><code>PASSWORD</code></em> defines the password for the domain account defined with <em class="replaceable"><code>ACCOUNT</code></em>.</p></li><li class="listitem"><p><em class="replaceable"><code>REBOOT</code></em> is an optional parameter that can be set to reboot the remote machine after successful join to the domain.</p></li></ul></div><p>
     599</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="replaceable"><code>DOMAIN</code></em> can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The <em class="replaceable"><code>DOMAIN</code></em> parameter cannot be NULL.</p></li><li class="listitem"><p><em class="replaceable"><code>OU</code></em> can be set to a RFC 1779 LDAP DN, like <span class="emphasis"><em>ou=mymachines,cn=Users,dc=example,dc=com</em></span> in order to create the machine account in a non-default LDAP container. This optional parameter is only supported when joining Active Directory Domains.</p></li><li class="listitem"><p><em class="replaceable"><code>ACCOUNT</code></em> defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.</p></li><li class="listitem"><p><em class="replaceable"><code>PASSWORD</code></em> defines the password for the domain account defined with <em class="replaceable"><code>ACCOUNT</code></em>.</p></li><li class="listitem"><p><em class="replaceable"><code>REBOOT</code></em> is an optional parameter that can be set to reboot the remote machine after successful join to the domain.</p></li></ul></div><p>
    532600Note that you also need to use standard net parameters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user.
    533601</p><p>
     
    536604</p><p>
    537605This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot.
    538 </p></div><div class="refsect3" title="DOM UNJOIN account=ACCOUNT password=PASSWORD reboot"><a name="id310056"></a><h4>DOM UNJOIN <em class="replaceable"><code>account=ACCOUNT</code></em> <em class="replaceable"><code>password=PASSWORD</code></em> <em class="replaceable"><code>reboot</code></em></h4><p>
     606</p></div><div class="refsect3" title="DOM UNJOIN account=ACCOUNT password=PASSWORD reboot"><a name="id310403"></a><h4>DOM UNJOIN <em class="replaceable"><code>account=ACCOUNT</code></em> <em class="replaceable"><code>password=PASSWORD</code></em> <em class="replaceable"><code>reboot</code></em></h4><p>
    539607Unjoins a computer from a domain. This command supports the following additional parameters:
    540608</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="replaceable"><code>ACCOUNT</code></em> defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines.</p></li><li class="listitem"><p><em class="replaceable"><code>PASSWORD</code></em> defines the password for the domain account defined with <em class="replaceable"><code>ACCOUNT</code></em>.</p></li><li class="listitem"><p><em class="replaceable"><code>REBOOT</code></em> is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain.</p></li></ul></div><p>
     
    545613</p><p>
    546614This example would connect to a computer named XP as the local administrator using password secret, and unjoin the computer from the domain using the MYDOM domain administrator account and password topsecret. After successful unjoin, the computer would reboot.
    547 </p></div><div class="refsect3" title="DOM RENAMECOMPUTER newname=NEWNAME account=ACCOUNT password=PASSWORD reboot"><a name="id310118"></a><h4>DOM RENAMECOMPUTER <em class="replaceable"><code>newname=NEWNAME</code></em> <em class="replaceable"><code>account=ACCOUNT</code></em> <em class="replaceable"><code>password=PASSWORD</code></em> <em class="replaceable"><code>reboot</code></em></h4><p>
     615</p></div><div class="refsect3" title="DOM RENAMECOMPUTER newname=NEWNAME account=ACCOUNT password=PASSWORD reboot"><a name="id310466"></a><h4>DOM RENAMECOMPUTER <em class="replaceable"><code>newname=NEWNAME</code></em> <em class="replaceable"><code>account=ACCOUNT</code></em> <em class="replaceable"><code>password=PASSWORD</code></em> <em class="replaceable"><code>reboot</code></em></h4><p>
    548616Renames a computer that is joined to a domain. This command supports the following additional parameters:
    549617</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="replaceable"><code>NEWNAME</code></em> defines the new name of the machine in the domain.</p></li><li class="listitem"><p><em class="replaceable"><code>ACCOUNT</code></em> defines a domain account that will be used to rename the machine in the domain. This domain account needs to have sufficient privileges to rename machines.</p></li><li class="listitem"><p><em class="replaceable"><code>PASSWORD</code></em> defines the password for the domain account defined with <em class="replaceable"><code>ACCOUNT</code></em>.</p></li><li class="listitem"><p><em class="replaceable"><code>REBOOT</code></em> is an optional parameter that can be set to reboot the remote machine after successful rename in the domain.</p></li></ul></div><p>
     
    554622</p><p>
    555623This example would connect to a computer named XP as the local administrator using password secret, and rename the joined computer to XPNEW using the MYDOM domain administrator account and password topsecret. After successful rename, the computer would reboot.
    556 </p></div></div><div class="refsect2" title="G_LOCK"><a name="id310192"></a><h3>G_LOCK</h3><p>Manage global locks.</p><div class="refsect3" title="G_LOCK DO lockname timeout command"><a name="id310201"></a><h4>G_LOCK DO <em class="replaceable"><code>lockname</code></em> <em class="replaceable"><code>timeout</code></em> <em class="replaceable"><code>command</code></em></h4><p>
     624</p></div></div><div class="refsect2" title="G_LOCK"><a name="id310539"></a><h3>G_LOCK</h3><p>Manage global locks.</p><div class="refsect3" title="G_LOCK DO lockname timeout command"><a name="id310548"></a><h4>G_LOCK DO <em class="replaceable"><code>lockname</code></em> <em class="replaceable"><code>timeout</code></em> <em class="replaceable"><code>command</code></em></h4><p>
    557625Execute a shell command under a global lock. This might be useful to define the
    558626order in which several shell commands will be executed. The locking information
    559627is stored in a file called <code class="filename">g_lock.tdb</code>. In setups with CTDB
    560628running, the locking information will be available on all cluster nodes.
    561 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="replaceable"><code>LOCKNAME</code></em> defines the name of the global lock.</p></li><li class="listitem"><p><em class="replaceable"><code>TIMEOUT</code></em> defines the timeout.</p></li><li class="listitem"><p><em class="replaceable"><code>COMMAND</code></em> defines the shell command to execute.</p></li></ul></div></div><div class="refsect3" title="G_LOCK LOCKS"><a name="id310249"></a><h4>G_LOCK LOCKS</h4><p>
     629</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><em class="replaceable"><code>LOCKNAME</code></em> defines the name of the global lock.</p></li><li class="listitem"><p><em class="replaceable"><code>TIMEOUT</code></em> defines the timeout.</p></li><li class="listitem"><p><em class="replaceable"><code>COMMAND</code></em> defines the shell command to execute.</p></li></ul></div></div><div class="refsect3" title="G_LOCK LOCKS"><a name="id310596"></a><h4>G_LOCK LOCKS</h4><p>
    562630Print a list of all currently existing locknames.
    563 </p></div><div class="refsect3" title="G_LOCK DUMP lockname"><a name="id310259"></a><h4>G_LOCK DUMP <em class="replaceable"><code>lockname</code></em></h4><p>
     631</p></div><div class="refsect3" title="G_LOCK DUMP lockname"><a name="id310606"></a><h4>G_LOCK DUMP <em class="replaceable"><code>lockname</code></em></h4><p>
    564632Dump the locking table of a certain global lock.
    565 </p></div></div><div class="refsect2" title="HELP [COMMAND]"><a name="id310272"></a><h3>HELP [COMMAND]</h3><p>Gives usage information for the specified command.</p></div></div><div class="refsect1" title="VERSION"><a name="id310282"></a><h2>VERSION</h2><p>This man page is complete for version 3 of the Samba
    566         suite.</p></div><div class="refsect1" title="AUTHOR"><a name="id310292"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     633</p></div></div><div class="refsect2" title="HELP [COMMAND]"><a name="id310619"></a><h3>HELP [COMMAND]</h3><p>Gives usage information for the specified command.</p></div></div><div class="refsect1" title="VERSION"><a name="id310629"></a><h2>VERSION</h2><p>This man page is complete for version 3 of the Samba
     634        suite.</p></div><div class="refsect1" title="AUTHOR"><a name="id310640"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    567635        were created by Andrew Tridgell. Samba is now developed
    568636        by the Samba Team as an Open Source project similar

  • trunk/server/docs/htmldocs/manpages/ntlm_auth.1.html

    r745 r752  
    6161                could cause the helper to authenticate the
    6262                user). </p><p>Currently implemented parameters from the
    63                 external program to the helper are:</p><div class="variablelist"><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3>Implementors should take care to base64 encode
     63                external program to the helper are:</p><div class="variablelist"><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3>Implementers should take care to base64 encode
    6464                any data (such as usernames/passwords) that may contain malicous user data, such as
    6565                a newline.  They may also need to decode strings from
     
    7575                MSCHAPv2) generated in some way by both the server and
    7676                the client.
    77                 </p><div class="example"><a name="id307176"></a><p class="title"><b>Example 7. </b></p><div class="example-contents">LANMAN-Challege: 0102030405060708</div></div><p><br class="example-break"></p></dd><dt><span class="term">LANMAN-Response</span></dt><dd><p>The 24 byte <code class="literal">LANMAN Response</code> value,
     77                </p><div class="example"><a name="id307176"></a><p class="title"><b>Example 7. </b></p><div class="example-contents">LANMAN-Challenge: 0102030405060708</div></div><p><br class="example-break"></p></dd><dt><span class="term">LANMAN-Response</span></dt><dd><p>The 24 byte <code class="literal">LANMAN Response</code> value,
    7878                calculated from the user's password and the supplied
    7979                <code class="literal">LANMAN Challenge</code>.  Typically, this
     
    8787                used in a legacy situation that exposes plaintext
    8888                passwords in this way.
    89                  </p><div class="example"><a name="id307248"></a><p class="title"><b>Example 10. </b></p><div class="example-contents">Password: samba2</div></div><p><br class="example-break"></p><div class="example"><a name="id307252"></a><p class="title"><b>Example 11. </b></p><div class="example-contents">Password:: c2FtYmEy</div></div><p><br class="example-break"></p></dd><dt><span class="term">Request-User-Session-Key</span></dt><dd><p>Apon sucessful authenticaiton, return
     89                 </p><div class="example"><a name="id307248"></a><p class="title"><b>Example 10. </b></p><div class="example-contents">Password: samba2</div></div><p><br class="example-break"></p><div class="example"><a name="id307252"></a><p class="title"><b>Example 11. </b></p><div class="example-contents">Password:: c2FtYmEy</div></div><p><br class="example-break"></p></dd><dt><span class="term">Request-User-Session-Key</span></dt><dd><p>Upon successful authenticaiton, return
    9090                the user session key associated with the login.
    91                  </p><div class="example"><a name="id307268"></a><p class="title"><b>Example 12. </b></p><div class="example-contents">Request-User-Session-Key: Yes</div></div><p><br class="example-break"></p></dd><dt><span class="term">Request-LanMan-Session-Key</span></dt><dd><p>Apon sucessful authenticaiton, return
     91                 </p><div class="example"><a name="id307269"></a><p class="title"><b>Example 12. </b></p><div class="example-contents">Request-User-Session-Key: Yes</div></div><p><br class="example-break"></p></dd><dt><span class="term">Request-LanMan-Session-Key</span></dt><dd><p>Upon successful authenticaiton, return
    9292                the LANMAN session key associated with the login.
    9393                 </p><div class="example"><a name="id307285"></a><p class="title"><b>Example 13. </b></p><div class="example-contents">Request-LanMan-Session-Key: Yes</div></div><p><br class="example-break"></p></dd></dl></div></dd></dl></div></dd><dt><span class="term">--username=USERNAME</span></dt><dd><p>
     
    101101        required.  </p><p>For the NTLMSSP based server roles, this parameter
    102102          specifies the expected password, allowing testing without
    103           winbindd operational.</p></dd><dt><span class="term">--request-lm-key</span></dt><dd><p>Retreive LM session key</p></dd><dt><span class="term">--request-nt-key</span></dt><dd><p>Request NT key</p></dd><dt><span class="term">--diagnostics</span></dt><dd><p>Perform Diagnostics on the authentication
     103          winbindd operational.</p></dd><dt><span class="term">--request-lm-key</span></dt><dd><p>Retrieve LM session key</p></dd><dt><span class="term">--request-nt-key</span></dt><dd><p>Request NT key</p></dd><dt><span class="term">--diagnostics</span></dt><dd><p>Perform Diagnostics on the authentication
    104104        chain.  Uses the password from <code class="literal">--password</code>
    105105        or prompts for one.</p></dd><dt><span class="term">--require-membership-of={SID|Name}</span></dt><dd><p>Require that a user be a member of specified
     
    129129log.smbd, etc...). The log file is never removed by the client.
    130130</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
    131 </p></dd></dl></div></div><div class="refsect1" title="EXAMPLE SETUP"><a name="id307538"></a><h2>EXAMPLE SETUP</h2><p>To setup ntlm_auth for use by squid 2.5, with both basic and
     131</p></dd></dl></div></div><div class="refsect1" title="EXAMPLE SETUP"><a name="id307539"></a><h2>EXAMPLE SETUP</h2><p>To setup ntlm_auth for use by squid 2.5, with both basic and
    132132        NTLMSSP authentication, the following
    133133        should be placed in the <code class="filename">squid.conf</code> file.
     
    146146auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'
    147147</pre></div><div class="refsect1" title="TROUBLESHOOTING"><a name="id307587"></a><h2>TROUBLESHOOTING</h2><p>If you're experiencing problems with authenticating Internet Explorer running
    148         under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication
     148        under MS Windows 9X or Millennium Edition against ntlm_auth's NTLMSSP authentication
    149149        helper (--helper-protocol=squid-2.5-ntlmssp), then please read
    150150        <a class="ulink" href="http://support.microsoft.com/support/kb/articles/Q239/8/69.ASP" target="_top">

  • trunk/server/docs/htmldocs/manpages/pdbedit.8.html

    r745 r752  
    44        are smbpasswd, ldap, nis+ and tdb based and more can be added
    55        without changing the tool).</p><p>There are five main ways to use pdbedit: adding a user account,
    6         removing a user account, modifing a user account, listing user
     6        removing a user account, modifying a user account, listing user
    77        accounts, importing users accounts.</p></div><div class="refsect1" title="OPTIONS"><a name="id265892"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-L|--list</span></dt><dd><p>This option lists all the user accounts
    88                present in the users database.
     
    4848                operations and <span class="emphasis"><em>optional</em></span> in list
    4949                operations.</p></dd><dt><span class="term">-f|--fullname fullname</span></dt><dd><p>This option can be used while adding or
    50                 modifing a user account. It will specify the user's full
     50                modifying a user account. It will specify the user's full
    5151                name. </p><p>Example: <code class="literal">-f "Simo Sorce"</code></p></dd><dt><span class="term">-h|--homedir homedir</span></dt><dd><p>This option can be used while adding or
    52                 modifing a user account. It will specify the user's home
     52                modifying a user account. It will specify the user's home
    5353                directory network path.</p><p>Example: <code class="literal">-h "\\\\BERSERKER\\sorce"</code>
    5454                </p></dd><dt><span class="term">-D|--drive drive</span></dt><dd><p>This option can be used while adding or
    55                 modifing a user account. It will specify the windows drive
     55                modifying a user account. It will specify the windows drive
    5656                letter to be used to map the home directory.</p><p>Example: <code class="literal">-D "H:"</code>
    5757                </p></dd><dt><span class="term">-S|--script script</span></dt><dd><p>This option can be used while adding or
    58                 modifing a user account. It will specify the user's logon
     58                modifying a user account. It will specify the user's logon
    5959                script path.</p><p>Example: <code class="literal">-S "\\\\BERSERKER\\netlogon\\sorce.bat"</code>
    6060                </p></dd><dt><span class="term">-p|--profile profile</span></dt><dd><p>This option can be used while adding or
    61                 modifing a user account. It will specify the user's profile
     61                modifying a user account. It will specify the user's profile
    6262                directory.</p><p>Example: <code class="literal">-p "\\\\BERSERKER\\netlogon"</code>
    6363                </p></dd><dt><span class="term">-M|'--machine SID' SID|rid</span></dt><dd><p>
     
    126126                                password upon next login.
    127127                </p></dd><dt><span class="term">-N|--account-desc description</span></dt><dd><p>This option can be used while adding or
    128                 modifing a user account. It will specify the user's description
     128                modifying a user account. It will specify the user's description
    129129                field.</p><p>Example: <code class="literal">-N "test description"</code>
    130130                </p></dd><dt><span class="term">-Z|--logon-hours-reset</span></dt><dd><p>This option can be used while adding or
    131                 modifing a user account. It will reset the user's allowed logon
     131                modifying a user account. It will reset the user's allowed logon
    132132                hours. A user may login at any time afterwards.</p><p>Example: <code class="literal">-Z</code>
    133133                </p></dd><dt><span class="term">-z|--bad-password-count-reset</span></dt><dd><p>This option can be used while adding or
    134                 modifing a user account. It will reset the stored bad login
     134                modifying a user account. It will reset the stored bad login
    135135                counter from a specified user.</p><p>Example: <code class="literal">-z</code>
    136136                </p></dd><dt><span class="term">--policies-reset</span></dt><dd><p>This option can be used to reset the general
     
    138138                                default values.</p><p>Example: <code class="literal">--policies-reset</code>
    139139                </p></dd><dt><span class="term">-I|--domain</span></dt><dd><p>This option can be used while adding or
    140                 modifing a user account. It will specify the user's domain field.</p><p>Example: <code class="literal">-I "MYDOMAIN"</code>
     140                modifying a user account. It will specify the user's domain field.</p><p>Example: <code class="literal">-I "MYDOMAIN"</code>
    141141                </p></dd><dt><span class="term">--time-format</span></dt><dd><p>This option is currently not being used.</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
    142142</p></dd><dt><span class="term">-d|--debuglevel=level</span></dt><dd><p><em class="replaceable"><code>level</code></em> is an integer

  • trunk/server/docs/htmldocs/manpages/profiles.1.html

    r745 r752  
    44        supports NT.
    55        </p></div><div class="refsect1" title="OPTIONS"><a name="id266853"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">file</span></dt><dd><p>Registry file to view or edit.  </p></dd><dt><span class="term">-v,--verbose</span></dt><dd><p>Increases verbosity of messages.
    6                 </p></dd><dt><span class="term">-c SID1 -n SID2</span></dt><dd><p>Change all occurences of SID1 in <code class="filename">file</code> by SID2.
     6                </p></dd><dt><span class="term">-c SID1 -n SID2</span></dt><dd><p>Change all occurrences of SID1 in <code class="filename">file</code> by SID2.
    77                </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
    88</p></dd></dl></div></div><div class="refsect1" title="VERSION"><a name="id265711"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba

  • trunk/server/docs/htmldocs/manpages/samba.7.html

    r599 r752  
    5151                that retrieves and stores information related to winbind.
    5252                </p></dd><dt><span class="term"><a class="citerefentry" href="profiles.1.html"><span class="citerefentry"><span class="refentrytitle">profiles</span>(1)</span></a></span></dt><dd><p><code class="literal">profiles</code> is a command-line
    53                 utility that can be used to replace all occurences of
     53                utility that can be used to replace all occurrences of
    5454                a certain SID with another SID.
    5555                </p></dd><dt><span class="term"><a class="citerefentry" href="log2pcap.1.html"><span class="citerefentry"><span class="refentrytitle">log2pcap</span>(1)</span></a></span></dt><dd><p><code class="literal">log2pcap</code> is a utility

  • trunk/server/docs/htmldocs/manpages/smb.conf.5.html

    r745 r752  
    227227                    2003R2 (<code class="constant">Win2K3</code>), and Windows
    228228                    Vista (<code class="constant">Vista</code>).  Anything else will be known as
    229                     <code class="constant">UNKNOWN</code>.</p></dd><dt><span class="term">%I</span></dt><dd><p>the IP address of the client machine.</p></dd><dt><span class="term">%i</span></dt><dd><p>the local IP address to which a client connected.</p></dd><dt><span class="term">%T</span></dt><dd><p>the current date and time.</p></dd><dt><span class="term">%D</span></dt><dd><p>name of the domain or workgroup of the current user.</p></dd><dt><span class="term">%w</span></dt><dd><p>the winbind separator.</p></dd><dt><span class="term">%$(<em class="replaceable"><code>envvar</code></em>)</span></dt><dd><p>the value of the environment variable
     229                    <code class="constant">UNKNOWN</code>.</p></dd><dt><span class="term">%I</span></dt><dd><p>the IP address of the client machine.</p><p>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
     230                        now it only contains IPv4 or IPv6 addresses.</p></dd><dt><span class="term">%i</span></dt><dd><p>the local IP address to which a client connected.</p><p>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
     231                        now it only contains IPv4 or IPv6 addresses.</p></dd><dt><span class="term">%T</span></dt><dd><p>the current date and time.</p></dd><dt><span class="term">%D</span></dt><dd><p>name of the domain or workgroup of the current user.</p></dd><dt><span class="term">%w</span></dt><dd><p>the winbind separator.</p></dd><dt><span class="term">%$(<em class="replaceable"><code>envvar</code></em>)</span></dt><dd><p>the value of the environment variable
    230232                <em class="replaceable"><code>envar</code></em>.</p></dd></dl></div><p>
    231233        The following substitutes apply only to some configuration options (only those that are
     
    307309                If the service is a guest service, a connection is made as the username given in the <code class="literal">guest account
    308310                =</code> for the service, irrespective of the supplied password.
    309                 </p></li></ol></div></div><div class="refsect1" title="REGISTRY-BASED CONFIGURATION"><a name="id308128"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
     311                </p></li></ol></div></div><div class="refsect1" title="REGISTRY-BASED CONFIGURATION"><a name="id308136"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>
    310312                Starting with Samba version 3.2.0, the capability to
    311313                store Samba configuration in the registry is available.
     
    362364                accessing the database file, circumventing the
    363365                server.
    364         </p></div><div class="refsect1" title="EXPLANATION OF EACH PARAMETER"><a name="id308281"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section"><div class="titlepage"></div><div class="section" title="abort shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308291"></a>
     366        </p></div><div class="refsect1" title="EXPLANATION OF EACH PARAMETER"><a name="id308290"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section"><div class="titlepage"></div><div class="section" title="abort shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308299"></a>
    365367
    366368abort shutdown script (G)
    367 </h3></div></div></div><a class="indexterm" name="id308292"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
     369</h3></div></div></div><a class="indexterm" name="id308300"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
    368370        should stop a shutdown procedure issued by the <a class="link" href="smb.conf.5.html#SHUTDOWNSCRIPT" target="_top">shutdown script</a>.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
    369371        right, this command will be run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">""</code>
     
    371373</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">/sbin/shutdown -c</code>
    372374</em></span>
    373 </p></dd></dl></div></div><div class="section" title="access based share enum (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308365"></a>
     375</p></dd></dl></div></div><div class="section" title="access based share enum (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308374"></a>
    374376
    375377access based share enum (S)
    376 </h3></div></div></div><a class="indexterm" name="id308366"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a
     378</h3></div></div></div><a class="indexterm" name="id308375"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a
    377379    service, then the share hosted by the service will only be visible
    378380    to users who have read or write access to the share during share
     
    383385    computing enumeration access rights.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>access based share enum</code></em> = <code class="literal">no</code>
    384386</em></span>
    385 </p></dd></dl></div></div><div class="section" title="acl check permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308409"></a>
     387</p></dd></dl></div></div><div class="section" title="acl check permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308418"></a>
    386388
    387389acl check permissions (S)
    388 </h3></div></div></div><a class="indexterm" name="id308410"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
     390</h3></div></div></div><a class="indexterm" name="id308419"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"
    389391    from a Windows client. If a Windows client doesn't have permissions to delete a file then they
    390392    expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by
     
    406408    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code>
    407409</em></span>
    408 </p></dd></dl></div></div><div class="section" title="acl compatibility (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308480"></a>
     410</p></dd></dl></div></div><div class="section" title="acl compatibility (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308489"></a>
    409411
    410412acl compatibility (G)
    411 </h3></div></div></div><a class="indexterm" name="id308482"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
     413</h3></div></div></div><a class="indexterm" name="id308490"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should
    412414        be compatible with. Possible values are <span class="emphasis"><em>winnt</em></span> for Windows NT 4,
    413415        <span class="emphasis"><em>win2k</em></span> for Windows 2000 and above and <span class="emphasis"><em>auto</em></span>.
     
    418420</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>acl compatibility</code></em> = <code class="literal">win2k</code>
    419421</em></span>
    420 </p></dd></dl></div></div><div class="section" title="acl group control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308548"></a>
     422</p></dd></dl></div></div><div class="section" title="acl group control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308557"></a>
    421423
    422424acl group control (S)
    423 </h3></div></div></div><a class="indexterm" name="id308549"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     425</h3></div></div></div><a class="indexterm" name="id308558"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    424426        In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
    425427        and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
     
    448450        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl group control</code></em> = <code class="literal">no</code>
    449451</em></span>
    450 </p></dd></dl></div></div><div class="section" title="acl map full control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308629"></a>
     452</p></dd></dl></div></div><div class="section" title="acl map full control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308638"></a>
    451453
    452454acl map full control (S)
    453 </h3></div></div></div><a class="indexterm" name="id308630"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     455</h3></div></div></div><a class="indexterm" name="id308639"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    454456        This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum
    455457        allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX
     
    459461        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl map full control</code></em> = <code class="literal">True</code>
    460462</em></span>
    461 </p></dd></dl></div></div><div class="section" title="add group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308677"></a>
     463</p></dd></dl></div></div><div class="section" title="add group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308686"></a>
    462464
    463465add group script (G)
    464 </h3></div></div></div><a class="indexterm" name="id308678"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     466</h3></div></div></div><a class="indexterm" name="id308687"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    465467        This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a new group is requested. It
    466468        will expand any <em class="parameter"><code>%g</code></em> to the group name passed. This script is only useful
     
    472474</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add group script</code></em> = <code class="literal">/usr/sbin/groupadd %g</code>
    473475</em></span>
    474 </p></dd></dl></div></div><div class="section" title="add machine script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308748"></a>
     476</p></dd></dl></div></div><div class="section" title="add machine script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308756"></a>
    475477
    476478add machine script (G)
    477 </h3></div></div></div><a class="indexterm" name="id308749"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     479</h3></div></div></div><a class="indexterm" name="id308758"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    478480        This is the full pathname to a script that will  be run by
    479481         <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a machine is
     
    486488</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = <code class="literal">/usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u</code>
    487489</em></span>
    488 </p></dd></dl></div></div><div class="section" title="add port command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308820"></a>
     490</p></dd></dl></div></div><div class="section" title="add port command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308829"></a>
    489491
    490492add port command (G)
    491 </h3></div></div></div><a class="indexterm" name="id308821"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
     493</h3></div></div></div><a class="indexterm" name="id308830"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports
    492494        remotely using the Windows "Add Standard TCP/IP Port Wizard".
    493495        This option defines an external program to be executed when
     
    498500</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal">/etc/samba/scripts/addport.sh</code>
    499501</em></span>
    500 </p></dd></dl></div></div><div class="section" title="addprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id265681"></a>
     502</p></dd></dl></div></div><div class="section" title="addprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308910"></a>
    501503
    502504addprinter command (G)
    503 </h3></div></div></div><a class="indexterm" name="id265682"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
     505</h3></div></div></div><a class="indexterm" name="id308911"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing
    504506    support for Windows NT/2000 clients in Samba 2.2, The MS Add
    505507    Printer Wizard (APW) icon is now also available in the
     
    532534</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>addprinter command</code></em> = <code class="literal">/usr/bin/addprinter</code>
    533535</em></span>
    534 </p></dd></dl></div></div><div class="section" title="add share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309147"></a>
     536</p></dd></dl></div></div><div class="section" title="add share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309085"></a>
    535537
    536538add share command (G)
    537 </h3></div></div></div><a class="indexterm" name="id309148"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     539</h3></div></div></div><a class="indexterm" name="id309086"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    538540        Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
    539541        Manager.  The <em class="parameter"><code>add share command</code></em> is used to define an external program
     
    567569</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add share command</code></em> = <code class="literal">/usr/local/bin/addshare</code>
    568570</em></span>
    569 </p></dd></dl></div></div><div class="section" title="add user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309323"></a>
     571</p></dd></dl></div></div><div class="section" title="add user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309261"></a>
    570572
    571573add user script (G)
    572 </h3></div></div></div><a class="indexterm" name="id309324"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     574</h3></div></div></div><a class="indexterm" name="id309262"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    573575        This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by
    574576        <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
     
    605607</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = <code class="literal">/usr/local/samba/bin/add_user %u</code>
    606608</em></span>
    607 </p></dd></dl></div></div><div class="section" title="add user to group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309511"></a>
     609</p></dd></dl></div></div><div class="section" title="add user to group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309450"></a>
    608610
    609611add user to group script (G)
    610 </h3></div></div></div><a class="indexterm" name="id309512"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     612</h3></div></div></div><a class="indexterm" name="id309451"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    611613        Full path to the script that will be called when a user is added to a group using the Windows NT domain administration
    612614        tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
     
    620622</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user to group script</code></em> = <code class="literal">/usr/sbin/adduser %u %g</code>
    621623</em></span>
    622 </p></dd></dl></div></div><div class="section" title="administrative share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309595"></a>
     624</p></dd></dl></div></div><div class="section" title="administrative share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309533"></a>
    623625
    624626administrative share (S)
    625 </h3></div></div></div><a class="indexterm" name="id309596"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
     627</h3></div></div></div><a class="indexterm" name="id309534"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for
    626628      a share, then the share will be an administrative share. The Administrative
    627629      Shares are the default network shares created by all Windows NT-based
     
    630632      information about this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>administrative share</code></em> = <code class="literal">no</code>
    631633</em></span>
    632 </p></dd></dl></div></div><div class="section" title="admin users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309648"></a>
     634</p></dd></dl></div></div><div class="section" title="admin users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309586"></a>
    633635
    634636admin users (S)
    635 </h3></div></div></div><a class="indexterm" name="id309649"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
     637</h3></div></div></div><a class="indexterm" name="id309587"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted
    636638    administrative privileges on the share. This means that they
    637639    will do all file operations as the super-user (root).</p><p>You should use this option very carefully, as any user in
     
    642644</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = <code class="literal">jason</code>
    643645</em></span>
    644 </p></dd></dl></div></div><div class="section" title="afs share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309716"></a>
     646</p></dd></dl></div></div><div class="section" title="afs share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309654"></a>
    645647
    646648afs share (S)
    647 </h3></div></div></div><a class="indexterm" name="id309717"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
     649</h3></div></div></div><a class="indexterm" name="id309655"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled
    648650        for this share. If enabled, it assumes that the directory exported via
    649651        the <em class="parameter"><code>path</code></em> parameter is a local AFS import. The
     
    652654        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>afs share</code></em> = <code class="literal">no</code>
    653655</em></span>
    654 </p></dd></dl></div></div><div class="section" title="afs username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309760"></a>
     656</p></dd></dl></div></div><div class="section" title="afs username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309699"></a>
    655657
    656658afs username map (G)
    657 </h3></div></div></div><a class="indexterm" name="id309762"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
     659</h3></div></div></div><a class="indexterm" name="id309700"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might
    658660        want to hand-craft the usernames you are creating tokens for.
    659661        For example this is necessary if you have users from several domain
     
    665667</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>afs username map</code></em> = <code class="literal">%u@afs.samba.org</code>
    666668</em></span>
    667 </p></dd></dl></div></div><div class="section" title="aio read size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309819"></a>
     669</p></dd></dl></div></div><div class="section" title="aio read size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309757"></a>
    668670
    669671aio read size (S)
    670 </h3></div></div></div><a class="indexterm" name="id309820"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
     672</h3></div></div></div><a class="indexterm" name="id309758"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
    671673    integer parameter is set to non-zero value,
    672674    Samba will read from file asynchronously when size of request is bigger
     
    679681    request size</code>
    680682</em></span>
    681 </p></dd></dl></div></div><div class="section" title="aio write behind (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309897"></a>
     683</p></dd></dl></div></div><div class="section" title="aio write behind (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309836"></a>
    682684
    683685aio write behind (S)
    684 </h3></div></div></div><a class="indexterm" name="id309898"></a><a name="AIOWRITEBEHIND"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support,
     686</h3></div></div></div><a class="indexterm" name="id309837"></a><a name="AIOWRITEBEHIND"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support,
    685687        Samba will not wait until write requests are finished before returning
    686688        the result to the client for files listed in this parameter.
     
    697699</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal">/*.tmp/</code>
    698700</em></span>
    699 </p></dd></dl></div></div><div class="section" title="aio write size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309968"></a>
     701</p></dd></dl></div></div><div class="section" title="aio write size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309902"></a>
    700702
    701703aio write size (S)
    702 </h3></div></div></div><a class="indexterm" name="id309969"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
     704</h3></div></div></div><a class="indexterm" name="id309904"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this
    703705    integer parameter is set to non-zero value,
    704706    Samba will write to file asynchronously when size of request is bigger
     
    711713    request size</code>
    712714</em></span>
    713 </p></dd></dl></div></div><div class="section" title="algorithmic rid base (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310046"></a>
     715</p></dd></dl></div></div><div class="section" title="algorithmic rid base (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309981"></a>
    714716
    715717algorithmic rid base (G)
    716 </h3></div></div></div><a class="indexterm" name="id310047"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its
     718</h3></div></div></div><a class="indexterm" name="id309982"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its
    717719    algorithmic mapping from uids/gid to the RIDs needed to construct
    718720    NT Security Identifiers.
     
    729731</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>algorithmic rid base</code></em> = <code class="literal">100000</code>
    730732</em></span>
    731 </p></dd></dl></div></div><div class="section" title="allocation roundup size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310111"></a>
     733</p></dd></dl></div></div><div class="section" title="allocation roundup size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310046"></a>
    732734
    733735allocation roundup size (S)
    734 </h3></div></div></div><a class="indexterm" name="id310112"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
     736</h3></div></div></div><a class="indexterm" name="id310047"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the
    735737    allocation size reported to Windows clients.  The default
    736738    size of 1Mb generally results in improved Windows client
     
    744746# (to disable roundups)</code>
    745747</em></span>
    746 </p></dd></dl></div></div><div class="section" title="allow trusted domains (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310171"></a>
     748</p></dd></dl></div></div><div class="section" title="allow insecure wide links (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310110"></a>
     749
     750allow insecure wide links (G)
     751</h3></div></div></div><a class="indexterm" name="id310111"></a><a name="ALLOWINSECUREWIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     752        In normal operation the option <a class="link" href="smb.conf.5.html#WIDELINKS" target="_top">wide links</a>
     753        which allows the server to follow symlinks outside of a share path
     754        is automatically disabled when <a class="link" href="smb.conf.5.html#UNIXEXTENSIONS" target="_top">unix extensions</a>
     755        are enabled on a Samba server. This is done for security purposes
     756        to prevent UNIX clients creating symlinks to areas of the server
     757        file system that the administrator does not wish to export.
     758        </p><p>
     759        Setting <a class="link" href="smb.conf.5.html#ALLOWINSECUREWIDELINKS" target="_top">allow insecure wide links</a> to
     760        true disables the link between these two parameters, removing
     761        this protection and allowing a site to configure
     762        the server to follow symlinks (by setting <a class="link" href="smb.conf.5.html#WIDELINKS" target="_top">wide links</a>
     763        to "true") even when <a class="link" href="smb.conf.5.html#UNIXEXTENSIONS" target="_top">unix extensions</a>
     764        is turned on.
     765        </p><p>
     766        If is not recommended to enable this option unless you
     767        fully understand the implications of allowing the server to
     768        follow symbolic links created by UNIX clients. For most
     769        normal Samba configurations this would be considered a security
     770        hole and setting this parameter is not recommended.
     771        </p><p>
     772        This option was added at the request of sites who had
     773        deliberately set Samba up in this way and needed to continue
     774        supporting this functionality without having to patch the
     775        Samba code.
     776        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow insecure wide links</code></em> = <code class="literal">no</code>
     777</em></span>
     778</p></dd></dl></div></div><div class="section" title="allow trusted domains (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310201"></a>
    747779
    748780allow trusted domains (G)
    749 </h3></div></div></div><a class="indexterm" name="id310172"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     781</h3></div></div></div><a class="indexterm" name="id310202"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    750782    This option only takes effect when the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> option is set to
    751783    <code class="constant">server</code>, <code class="constant">domain</code> or <code class="constant">ads</code>. 
     
    762794    can make implementing a security boundary difficult.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow trusted domains</code></em> = <code class="literal">yes</code>
    763795</em></span>
    764 </p></dd></dl></div></div><div class="section" title="announce as (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310236"></a>
     796</p></dd></dl></div></div><div class="section" title="announce as (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310265"></a>
    765797
    766798announce as (G)
    767 </h3></div></div></div><a class="indexterm" name="id310237"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
     799</h3></div></div></div><a class="indexterm" name="id310266"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse
    768800    list. By default this is set to Windows NT. The valid options
    769801    are : "NT Server" (which can also be written as "NT"),
     
    777809</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce as</code></em> = <code class="literal">Win95</code>
    778810</em></span>
    779 </p></dd></dl></div></div><div class="section" title="announce version (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310300"></a>
     811</p></dd></dl></div></div><div class="section" title="announce version (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310329"></a>
    780812
    781813announce version (G)
    782 </h3></div></div></div><a class="indexterm" name="id310301"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
     814</h3></div></div></div><a class="indexterm" name="id310330"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers
    783815    that nmbd will use when announcing itself as a server. The default
    784816    is 4.9.  Do not change this parameter unless you have a specific
     
    787819</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">2.0</code>
    788820</em></span>
    789 </p></dd></dl></div></div><div class="section" title="auth methods (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310355"></a>
     821</p></dd></dl></div></div><div class="section" title="async smb echo handler (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310384"></a>
     822
     823async smb echo handler (G)
     824</h3></div></div></div><a class="indexterm" name="id310385"></a><a name="ASYNCSMBECHOHANDLER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should fork the
     825          async smb echo handler. It can be beneficial if your file
     826          system can block syscalls for a very long time. In some
     827          circumstances, it prolongs the timeout that Windows uses to
     828          determine whether a connection is dead.
     829        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>async smb echo handler</code></em> = <code class="literal">no</code>
     830</em></span>
     831</p></dd></dl></div></div><div class="section" title="auth methods (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310423"></a>
    790832
    791833auth methods (G)
    792 </h3></div></div></div><a class="indexterm" name="id310356"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     834</h3></div></div></div><a class="indexterm" name="id310424"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    793835    This option allows the administrator to chose what authentication methods <code class="literal">smbd</code>
    794836    will use when authenticating a user. This option defaults to sensible values based on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a>. 
     
    811853</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>auth methods</code></em> = <code class="literal">guest sam winbind</code>
    812854</em></span>
    813 </p></dd></dl></div></div><div class="section" title="available (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310450"></a>
     855</p></dd></dl></div></div><div class="section" title="available (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310518"></a>
    814856
    815857available (S)
    816 </h3></div></div></div><a class="indexterm" name="id310451"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
     858</h3></div></div></div><a class="indexterm" name="id310519"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If
    817859        <em class="parameter"><code>available = no</code></em>, then <span class="emphasis"><em>ALL</em></span>
    818860        attempts to connect to the service will fail. Such failures are
    819861        logged.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>available</code></em> = <code class="literal">yes</code>
    820862</em></span>
    821 </p></dd></dl></div></div><div class="section" title="bind interfaces only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310496"></a>
     863</p></dd></dl></div></div><div class="section" title="bind interfaces only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310564"></a>
    822864
    823865bind interfaces only (G)
    824 </h3></div></div></div><a class="indexterm" name="id310497"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
     866</h3></div></div></div><a class="indexterm" name="id310565"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin
    825867        to limit what interfaces on a machine will serve SMB requests. It
    826868        affects file service <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p>
     
    863905        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>bind interfaces only</code></em> = <code class="literal">no</code>
    864906</em></span>
    865 </p></dd></dl></div></div><div class="section" title="blocking locks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310793"></a>
     907</p></dd></dl></div></div><div class="section" title="blocking locks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310861"></a>
    866908
    867909blocking locks (S)
    868 </h3></div></div></div><a class="indexterm" name="id310794"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
     910</h3></div></div></div><a class="indexterm" name="id310862"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior
    869911        of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when given a request by a client
    870912        to obtain a byte range lock on a region of an open file, and the
     
    877919        cannot be obtained.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>blocking locks</code></em> = <code class="literal">yes</code>
    878920</em></span>
    879 </p></dd></dl></div></div><div class="section" title="block size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310851"></a>
     921</p></dd></dl></div></div><div class="section" title="block size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310919"></a>
    880922
    881923block size (S)
    882 </h3></div></div></div><a class="indexterm" name="id310852"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
     924</h3></div></div></div><a class="indexterm" name="id310920"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free
    883925    sizes. By default, this reports a disk block size of 1024 bytes.
    884926    </p><p>Changing this parameter may have some effect on the
     
    894936</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>block size</code></em> = <code class="literal">4096</code>
    895937</em></span>
    896 </p></dd></dl></div></div><div class="section" title="browsable"><div class="titlepage"><div><div><h3 class="title"><a name="id310923"></a>
     938</p></dd></dl></div></div><div class="section" title="browsable"><div class="titlepage"><div><div><h3 class="title"><a name="id310991"></a>
    897939
    898940<a name="BROWSABLE"></a>browsable
    899 </h3></div></div></div><a class="indexterm" name="id310924"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" title="browseable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310949"></a>
     941</h3></div></div></div><a class="indexterm" name="id310992"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" title="browseable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311018"></a>
    900942
    901943browseable (S)
    902 </h3></div></div></div><a class="indexterm" name="id310950"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
     944</h3></div></div></div><a class="indexterm" name="id311019"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in
    903945        the list of available shares in a net view and in the browse list.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browseable</code></em> = <code class="literal">yes</code>
    904946</em></span>
    905 </p></dd></dl></div></div><div class="section" title="browse list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310987"></a>
     947</p></dd></dl></div></div><div class="section" title="browse list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311055"></a>
    906948
    907949browse list (G)
    908 </h3></div></div></div><a class="indexterm" name="id310988"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
     950</h3></div></div></div><a class="indexterm" name="id311056"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to
    909951        a client doing a <code class="literal">NetServerEnum</code> call. Normally
    910952        set to <code class="constant">yes</code>. You should never need to change
    911953        this.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browse list</code></em> = <code class="literal">yes</code>
    912954</em></span>
    913 </p></dd></dl></div></div><div class="section" title="cache directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311040"></a>
     955</p></dd></dl></div></div><div class="section" title="cache directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311108"></a>
    914956
    915957cache directory (G)
    916 </h3></div></div></div><a class="indexterm" name="id311041"></a><a name="CACHEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the <em class="parameter"><code>lock directory</code></em>. Since Samba 3.4.0, it is
     958</h3></div></div></div><a class="indexterm" name="id311109"></a><a name="CACHEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the <em class="parameter"><code>lock directory</code></em>. Since Samba 3.4.0, it is
    917959        possible to differentiate between TDB files with persistent data and
    918960        TDB files with non-persistent data using the
     
    925967</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cache directory</code></em> = <code class="literal">/var/run/samba/locks/cache</code>
    926968</em></span>
    927 </p></dd></dl></div></div><div class="section" title="casesignames"><div class="titlepage"><div><div><h3 class="title"><a name="id311114"></a>
     969</p></dd></dl></div></div><div class="section" title="casesignames"><div class="titlepage"><div><div><h3 class="title"><a name="id311182"></a>
    928970
    929971<a name="CASESIGNAMES"></a>casesignames
    930 </h3></div></div></div><a class="indexterm" name="id311115"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" title="case sensitive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311140"></a>
     972</h3></div></div></div><a class="indexterm" name="id311183"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" title="case sensitive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311208"></a>
    931973
    932974case sensitive (S)
    933 </h3></div></div></div><a class="indexterm" name="id311141"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>
    934 </em></span>
    935 </p></dd></dl></div></div><div class="section" title="change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311185"></a>
     975</h3></div></div></div><a class="indexterm" name="id311209"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">auto</code>
     976</em></span>
     977</p></dd></dl></div></div><div class="section" title="change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311253"></a>
    936978
    937979change notify (S)
    938 </h3></div></div></div><a class="indexterm" name="id311186"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
     980</h3></div></div></div><a class="indexterm" name="id311254"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply
    939981        to a client's file change notify requests.
    940982        </p><p>You should never need to change this parameter</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>change notify</code></em> = <code class="literal">yes</code>
    941983</em></span>
    942 </p></dd></dl></div></div><div class="section" title="change share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311226"></a>
     984</p></dd></dl></div></div><div class="section" title="change share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311294"></a>
    943985
    944986change share command (G)
    945 </h3></div></div></div><a class="indexterm" name="id311227"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     987</h3></div></div></div><a class="indexterm" name="id311295"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    946988        Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
    947989Manager.  The <em class="parameter"><code>change share command</code></em> is used to define an external
     
    9781020</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>change share command</code></em> = <code class="literal">/usr/local/bin/changeshare</code>
    9791021</em></span>
    980 </p></dd></dl></div></div><div class="section" title="check password script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311395"></a>
     1022</p></dd></dl></div></div><div class="section" title="check password script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311463"></a>
    9811023
    9821024check password script (G)
    983 </h3></div></div></div><a class="indexterm" name="id311396"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password
     1025</h3></div></div></div><a class="indexterm" name="id311464"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password
    9841026    complexity. The password is sent to the program's standard input.</p><p>The program must return 0 on a good password, or any other value
    9851027    if the password is bad.
     
    9901032</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>check password script</code></em> = <code class="literal">/usr/local/sbin/crackcheck</code>
    9911033</em></span>
    992 </p></dd></dl></div></div><div class="section" title="client lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311463"></a>
     1034</p></dd></dl></div></div><div class="section" title="client lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311531"></a>
    9931035
    9941036client lanman auth (G)
    995 </h3></div></div></div><a class="indexterm" name="id311464"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
     1037</h3></div></div></div><a class="indexterm" name="id311532"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client
    9961038    tools will attempt to authenticate itself to servers using the
    9971039    weaker LANMAN password hash. If disabled, only server which support NT
     
    10041046    attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code>
    10051047</em></span>
    1006 </p></dd></dl></div></div><div class="section" title="client ldap sasl wrapping (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311533"></a>
     1048</p></dd></dl></div></div><div class="section" title="client ldap sasl wrapping (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311601"></a>
    10071049
    10081050client ldap sasl wrapping (G)
    1009 </h3></div></div></div><a class="indexterm" name="id311534"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1051</h3></div></div></div><a class="indexterm" name="id311602"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>
    10101052        The <a class="link" href="smb.conf.5.html#CLIENTLDAPSASLWRAPPING" target="_top">client ldap sasl wrapping</a> defines whether
    10111053        ldap traffic will be signed or signed and encrypted (sealed).
     
    10351077        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ldap sasl wrapping</code></em> = <code class="literal">plain</code>
    10361078</em></span>
    1037 </p></dd></dl></div></div><div class="section" title="client ntlmv2 auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311638"></a>
     1079</p></dd></dl></div></div><div class="section" title="client ntlmv2 auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311707"></a>
    10381080
    10391081client ntlmv2 auth (G)
    1040 </h3></div></div></div><a class="indexterm" name="id311640"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
     1082</h3></div></div></div><a class="indexterm" name="id311708"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
    10411083    authenticate itself to servers using the NTLMv2 encrypted password
    10421084    response.</p><p>If enabled, only an NTLMv2 and LMv2 response (both much more
     
    10511093    not the weaker LM or NTLM.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ntlmv2 auth</code></em> = <code class="literal">yes</code>
    10521094</em></span>
    1053 </p></dd></dl></div></div><div class="section" title="client plaintext auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311719"></a>
     1095</p></dd></dl></div></div><div class="section" title="client plaintext auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311787"></a>
    10541096
    10551097client plaintext auth (G)
    1056 </h3></div></div></div><a class="indexterm" name="id311720"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
     1098</h3></div></div></div><a class="indexterm" name="id311788"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
    10571099                password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code>
    10581100</em></span>
    1059 </p></dd></dl></div></div><div class="section" title="client schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311757"></a>
     1101</p></dd></dl></div></div><div class="section" title="client schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311825"></a>
    10601102
    10611103client schannel (G)
    1062 </h3></div></div></div><a class="indexterm" name="id311758"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1104</h3></div></div></div><a class="indexterm" name="id311826"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    10631105    This controls whether the client offers or even demands the use of the netlogon schannel.
    10641106    <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = no</a> does not offer the schannel,
     
    10701112</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = <code class="literal">yes</code>
    10711113</em></span>
    1072 </p></dd></dl></div></div><div class="section" title="client signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311832"></a>
     1114</p></dd></dl></div></div><div class="section" title="client signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311900"></a>
    10731115
    10741116client signing (G)
    1075 </h3></div></div></div><a class="indexterm" name="id311833"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
     1117</h3></div></div></div><a class="indexterm" name="id311901"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
    10761118    are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
    10771119    and <span class="emphasis"><em>disabled</em></span>.
     
    10811123</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code>
    10821124</em></span>
    1083 </p></dd></dl></div></div><div class="section" title="client use spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311884"></a>
     1125</p></dd></dl></div></div><div class="section" title="client use spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311952"></a>
    10841126
    10851127client use spnego principal (G)
    1086 </h3></div></div></div><a class="indexterm" name="id311885"></a><a name="CLIENTUSESPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
     1128</h3></div></div></div><a class="indexterm" name="id311953"></a><a name="CLIENTUSESPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
    10871129    <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba components
    10881130    acting as a client will attempt to use the server-supplied
     
    10971139    supply this 'rfc4178 hint' principal on the server side.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego principal</code></em> = <code class="literal">no</code>
    10981140</em></span>
    1099 </p></dd></dl></div></div><div class="section" title="client use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311945"></a>
     1141</p></dd></dl></div></div><div class="section" title="client use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312013"></a>
    11001142
    11011143client use spnego (G)
    1102 </h3></div></div></div><a class="indexterm" name="id311946"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
     1144</h3></div></div></div><a class="indexterm" name="id312014"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try
    11031145    to use Simple and Protected NEGOciation (as specified by rfc2478) with
    11041146    supporting servers (including WindowsXP, Windows2000 and Samba
     
    11061148    mechanism.  This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code>
    11071149</em></span>
    1108 </p></dd></dl></div></div><div class="section" title="cluster addresses (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311984"></a>
     1150</p></dd></dl></div></div><div class="section" title="cluster addresses (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312052"></a>
    11091151
    11101152cluster addresses (G)
    1111 </h3></div></div></div><a class="indexterm" name="id311985"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
     1153</h3></div></div></div><a class="indexterm" name="id312053"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses
    11121154        nmbd will register with a WINS server. These addresses are not
    11131155        necessarily present on all nodes simultaneously, but they will
     
    11181160</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code>
    11191161</em></span>
    1120 </p></dd></dl></div></div><div class="section" title="clustering (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312038"></a>
     1162</p></dd></dl></div></div><div class="section" title="clustering (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312106"></a>
    11211163
    11221164clustering (G)
    1123 </h3></div></div></div><a class="indexterm" name="id312039"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
     1165</h3></div></div></div><a class="indexterm" name="id312107"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact
    11241166        ctdb for accessing its tdb files and use ctdb as a backend
    11251167        for its messaging backend.
     
    11281170        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>clustering</code></em> = <code class="literal">no</code>
    11291171</em></span>
    1130 </p></dd></dl></div></div><div class="section" title="comment (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312085"></a>
     1172</p></dd></dl></div></div><div class="section" title="comment (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312153"></a>
    11311173
    11321174comment (S)
    1133 </h3></div></div></div><a class="indexterm" name="id312086"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
     1175</h3></div></div></div><a class="indexterm" name="id312154"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share
    11341176        when a client does a queries the server, either via the network
    11351177        neighborhood or via <code class="literal">net view</code> to list what shares
     
    11401182</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">Fred's Files</code>
    11411183</em></span>
    1142 </p></dd></dl></div></div><div class="section" title="config backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312156"></a>
     1184</p></dd></dl></div></div><div class="section" title="config backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312224"></a>
    11431185
    11441186config backend (G)
    1145 </h3></div></div></div><a class="indexterm" name="id312157"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1187</h3></div></div></div><a class="indexterm" name="id312225"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    11461188                This controls the backend for storing the configuration.
    11471189                Possible values are <span class="emphasis"><em>file</em></span> (the default)
     
    11611203</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config backend</code></em> = <code class="literal">registry</code>
    11621204</em></span>
    1163 </p></dd></dl></div></div><div class="section" title="config file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312239"></a>
     1205</p></dd></dl></div></div><div class="section" title="config file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312308"></a>
    11641206
    11651207config file (G)
    1166 </h3></div></div></div><a class="indexterm" name="id312240"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
     1208</h3></div></div></div><a class="indexterm" name="id312309"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file
    11671209        to use, instead of the default (usually <code class="filename">smb.conf</code>).
    11681210        There is a chicken and egg problem here as this option is set
     
    11741216        clients).</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config file</code></em> = <code class="literal">/usr/local/samba/lib/smb.conf.%m</code>
    11751217</em></span>
    1176 </p></dd></dl></div></div><div class="section" title="copy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312300"></a>
     1218</p></dd></dl></div></div><div class="section" title="copy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312368"></a>
    11771219
    11781220copy (S)
    1179 </h3></div></div></div><a class="indexterm" name="id312301"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
     1221</h3></div></div></div><a class="indexterm" name="id312369"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service
    11801222        entries. The specified service is simply duplicated under the
    11811223        current service's name. Any parameters specified in the current
     
    11871229</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>copy</code></em> = <code class="literal">otherservice</code>
    11881230</em></span>
    1189 </p></dd></dl></div></div><div class="section" title="create krb5 conf (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312359"></a>
     1231</p></dd></dl></div></div><div class="section" title="create krb5 conf (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312427"></a>
    11901232
    11911233create krb5 conf (G)
    1192 </h3></div></div></div><a class="indexterm" name="id312360"></a><a name="CREATEKRB5CONF"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1234</h3></div></div></div><a class="indexterm" name="id312428"></a><a name="CREATEKRB5CONF"></a><div class="variablelist"><dl><dt></dt><dd><p>
    11931235        Setting this paramter to <code class="literal">no</code> prevents
    11941236        winbind from creating custom krb5.conf files. Winbind normally does
     
    12031245        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>create krb5 conf</code></em> = <code class="literal">yes</code>
    12041246</em></span>
    1205 </p></dd></dl></div></div><div class="section" title="create mode"><div class="titlepage"><div><div><h3 class="title"><a name="id312408"></a>
     1247</p></dd></dl></div></div><div class="section" title="create mode"><div class="titlepage"><div><div><h3 class="title"><a name="id312476"></a>
    12061248
    12071249<a name="CREATEMODE"></a>create mode
    1208 </h3></div></div></div><a class="indexterm" name="id312409"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" title="create mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312435"></a>
     1250</h3></div></div></div><a class="indexterm" name="id312478"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" title="create mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312503"></a>
    12091251
    12101252create mask (S)
    1211 </h3></div></div></div><a class="indexterm" name="id312436"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1253</h3></div></div></div><a class="indexterm" name="id312504"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12121254        When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to
    12131255        UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may
     
    12301272</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0775</code>
    12311273</em></span>
    1232 </p></dd></dl></div></div><div class="section" title="csc policy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312543"></a>
     1274</p></dd></dl></div></div><div class="section" title="csc policy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312611"></a>
    12331275
    12341276csc policy (S)
    1235 </h3></div></div></div><a class="indexterm" name="id312544"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1277</h3></div></div></div><a class="indexterm" name="id312612"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12361278        This stands for <span class="emphasis"><em>client-side caching policy</em></span>, and specifies how clients capable of offline
    12371279        caching will cache the files in the share. The valid values are: manual, documents, programs, disable.
     
    12451287</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>csc policy</code></em> = <code class="literal">programs</code>
    12461288</em></span>
    1247 </p></dd></dl></div></div><div class="section" title="ctdbd socket (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312615"></a>
     1289</p></dd></dl></div></div><div class="section" title="ctdbd socket (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312683"></a>
    12481290
    12491291ctdbd socket (G)
    1250 </h3></div></div></div><a class="indexterm" name="id312616"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,
     1292</h3></div></div></div><a class="indexterm" name="id312684"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,
    12511293        you need to tell Samba where ctdbd listens on its unix domain
    12521294        socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which
     
    12561298</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ctdbd socket</code></em> = <code class="literal">/tmp/ctdb.socket</code>
    12571299</em></span>
    1258 </p></dd></dl></div></div><div class="section" title="ctdb locktime warn threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312674"></a>
     1300</p></dd></dl></div></div><div class="section" title="ctdb locktime warn threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312742"></a>
    12591301
    12601302ctdb locktime warn threshold (G)
    1261 </h3></div></div></div><a class="indexterm" name="id312675"></a><a name="CTDBLOCKTIMEWARNTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1303</h3></div></div></div><a class="indexterm" name="id312743"></a><a name="CTDBLOCKTIMEWARNTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
    12621304        In a cluster environment using Samba and ctdb it is critical
    12631305        that locks on central ctdb-hosted databases like locking.tdb
     
    12751317        </p><p>The default value of 0 disables this logging.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ctdb locktime warn threshold</code></em> = <code class="literal">0</code>
    12761318</em></span>
    1277 </p></dd></dl></div></div><div class="section" title="ctdb timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312723"></a>
     1319</p></dd></dl></div></div><div class="section" title="ctdb timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312791"></a>
    12781320
    12791321ctdb timeout (G)
    1280 </h3></div></div></div><a class="indexterm" name="id312724"></a><a name="CTDBTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a timeout in seconds for the
     1322</h3></div></div></div><a class="indexterm" name="id312792"></a><a name="CTDBTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a timeout in seconds for the
    12811323          connection between Samba and ctdb. It is only valid if you
    12821324          have compiled Samba with clustering and if you have
     
    13041346        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ctdb timeout</code></em> = <code class="literal">0</code>
    13051347</em></span>
    1306 </p></dd></dl></div></div><div class="section" title="cups connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312791"></a>
     1348</p></dd></dl></div></div><div class="section" title="cups connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312859"></a>
    13071349
    13081350cups connection timeout (G)
    1309 </h3></div></div></div><a class="indexterm" name="id312792"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1351</h3></div></div></div><a class="indexterm" name="id312860"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13101352    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>.
    13111353    </p><p>
     
    13171359</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups connection timeout</code></em> = <code class="literal">60</code>
    13181360</em></span>
    1319 </p></dd></dl></div></div><div class="section" title="cups encrypt (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312859"></a>
     1361</p></dd></dl></div></div><div class="section" title="cups encrypt (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312927"></a>
    13201362
    13211363cups encrypt (G)
    1322 </h3></div></div></div><a class="indexterm" name="id312860"></a><a name="CUPSENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1364</h3></div></div></div><a class="indexterm" name="id312928"></a><a name="CUPSENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13231365        This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a>
    13241366        is set to <code class="constant">cups</code> and if you use CUPS newer than
     
    13331375        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>cups encrypt</code></em> = <code class="literal">"no"</code>
    13341376</em></span>
    1335 </p></dd></dl></div></div><div class="section" title="cups options (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312922"></a>
     1377</p></dd></dl></div></div><div class="section" title="cups options (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312990"></a>
    13361378
    13371379cups options (S)
    1338 </h3></div></div></div><a class="indexterm" name="id312923"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1380</h3></div></div></div><a class="indexterm" name="id312991"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13391381    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is
    13401382    set to <code class="constant">cups</code>.  Its value is a free form string of options
     
    13581400</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups options</code></em> = <code class="literal">"raw media=a4"</code>
    13591401</em></span>
    1360 </p></dd></dl></div></div><div class="section" title="cups server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313011"></a>
     1402</p></dd></dl></div></div><div class="section" title="cups server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313079"></a>
    13611403
    13621404cups server (G)
    1363 </h3></div></div></div><a class="indexterm" name="id313012"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1405</h3></div></div></div><a class="indexterm" name="id313080"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13641406    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>.
    13651407    </p><p>
     
    13751417</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups server</code></em> = <code class="literal">mycupsserver:1631</code>
    13761418</em></span>
    1377 </p></dd></dl></div></div><div class="section" title="deadtime (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313104"></a>
     1419</p></dd></dl></div></div><div class="section" title="deadtime (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313172"></a>
    13781420
    13791421deadtime (G)
    1380 </h3></div></div></div><a class="indexterm" name="id313105"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
     1422</h3></div></div></div><a class="indexterm" name="id313173"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)
    13811423    represents the number of minutes of inactivity before a connection
    13821424    is considered dead, and it is disconnected. The deadtime only takes
     
    13901432</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deadtime</code></em> = <code class="literal">15</code>
    13911433</em></span>
    1392 </p></dd></dl></div></div><div class="section" title="debug class (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313174"></a>
     1434</p></dd></dl></div></div><div class="section" title="debug class (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313242"></a>
    13931435
    13941436debug class (G)
    1395 </h3></div></div></div><a class="indexterm" name="id313175"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1437</h3></div></div></div><a class="indexterm" name="id313244"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    13961438    With this boolean parameter enabled, the debug class (DBGC_CLASS)
    13971439    will be displayed in the debug header.
     
    14011443    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug class</code></em> = <code class="literal">no</code>
    14021444</em></span>
    1403 </p></dd></dl></div></div><div class="section" title="debug hires timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313224"></a>
     1445</p></dd></dl></div></div><div class="section" title="debug hires timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313292"></a>
    14041446
    14051447debug hires timestamp (G)
    1406 </h3></div></div></div><a class="indexterm" name="id313225"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1448</h3></div></div></div><a class="indexterm" name="id313294"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14071449    Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this
    14081450    boolean parameter adds microsecond resolution to the timestamp  message header when turned on.
     
    14111453    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = <code class="literal">yes</code>
    14121454</em></span>
    1413 </p></dd></dl></div></div><div class="section" title="debug pid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313273"></a>
     1455</p></dd></dl></div></div><div class="section" title="debug pid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313342"></a>
    14141456
    14151457debug pid (G)
    1416 </h3></div></div></div><a class="indexterm" name="id313274"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1458</h3></div></div></div><a class="indexterm" name="id313343"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14171459    When using only one log file for more then one forked <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>-process there may be hard to follow which process outputs which
    14181460    message. This boolean parameter is adds the process-id to the timestamp message headers in the
     
    14221464    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = <code class="literal">no</code>
    14231465</em></span>
    1424 </p></dd></dl></div></div><div class="section" title="debug prefix timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313330"></a>
     1466</p></dd></dl></div></div><div class="section" title="debug prefix timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313399"></a>
    14251467
    14261468debug prefix timestamp (G)
    1427 </h3></div></div></div><a class="indexterm" name="id313332"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1469</h3></div></div></div><a class="indexterm" name="id313400"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14281470    With this option enabled, the timestamp message header is prefixed to the debug message without the
    14291471    filename and function information that is included with the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a>
     
    14331475    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = <code class="literal">no</code>
    14341476</em></span>
    1435 </p></dd></dl></div></div><div class="section" title="timestamp logs"><div class="titlepage"><div><div><h3 class="title"><a name="id313387"></a>
     1477</p></dd></dl></div></div><div class="section" title="timestamp logs"><div class="titlepage"><div><div><h3 class="title"><a name="id313456"></a>
    14361478
    14371479<a name="TIMESTAMPLOGS"></a>timestamp logs
    1438 </h3></div></div></div><a class="indexterm" name="id313388"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" title="debug timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313414"></a>
     1480</h3></div></div></div><a class="indexterm" name="id313457"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" title="debug timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313482"></a>
    14391481
    14401482debug timestamp (G)
    1441 </h3></div></div></div><a class="indexterm" name="id313415"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1483</h3></div></div></div><a class="indexterm" name="id313483"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14421484    Samba debug log messages are timestamped by default. If you are running at a high
    14431485    <a class="link" href="smb.conf.5.html#DEBUGLEVEL" target="_top">debug level</a> these timestamps can be distracting. This
     
    14451487        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code>
    14461488</em></span>
    1447 </p></dd></dl></div></div><div class="section" title="debug uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313460"></a>
     1489</p></dd></dl></div></div><div class="section" title="debug uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313528"></a>
    14481490
    14491491debug uid (G)
    1450 </h3></div></div></div><a class="indexterm" name="id313461"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1492</h3></div></div></div><a class="indexterm" name="id313529"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14511493    Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the
    14521494    current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
     
    14551497    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = <code class="literal">no</code>
    14561498</em></span>
    1457 </p></dd></dl></div></div><div class="section" title="dedicated keytab file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313509"></a>
     1499</p></dd></dl></div></div><div class="section" title="dedicated keytab file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313577"></a>
    14581500
    14591501dedicated keytab file (G)
    1460 </h3></div></div></div><a class="indexterm" name="id313510"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1502</h3></div></div></div><a class="indexterm" name="id313578"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    14611503          Specifies the path to the kerberos keytab file when
    14621504          <a class="link" href="smb.conf.5.html#KERBEROSMETHOD" target="_top">kerberos method</a> is set to "dedicated
     
    14661508</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dedicated keytab file</code></em> = <code class="literal">/usr/local/etc/krb5.keytab</code>
    14671509</em></span>
    1468 </p></dd></dl></div></div><div class="section" title="default case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id313568"></a>
     1510</p></dd></dl></div></div><div class="section" title="default case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id313636"></a>
    14691511
    14701512default case (S)
    1471 </h3></div></div></div><a class="indexterm" name="id313569"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
     1513</h3></div></div></div><a class="indexterm" name="id313637"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.
    14721514        Also note the <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" target="_top">short preserve case</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = <code class="literal">lower</code>
    14731515</em></span>
    1474 </p></dd></dl></div></div><div class="section" title="default devmode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id313619"></a>
     1516</p></dd></dl></div></div><div class="section" title="default devmode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id313687"></a>
    14751517
    14761518default devmode (S)
    1477 </h3></div></div></div><a class="indexterm" name="id313620"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
     1519</h3></div></div></div><a class="indexterm" name="id313688"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.
    14781520    When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
    14791521    server has a Device Mode which defines things such as paper size and
     
    14981540</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = <code class="literal">yes</code>
    14991541</em></span>
    1500 </p></dd></dl></div></div><div class="section" title="default"><div class="titlepage"><div><div><h3 class="title"><a name="id313694"></a>
     1542</p></dd></dl></div></div><div class="section" title="default"><div class="titlepage"><div><div><h3 class="title"><a name="id313762"></a>
    15011543
    15021544<a name="DEFAULT"></a>default
    1503 </h3></div></div></div><a class="indexterm" name="id313695"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" title="default service (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313720"></a>
     1545</h3></div></div></div><a class="indexterm" name="id313763"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" title="default service (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313788"></a>
    15041546
    15051547default service (G)
    1506 </h3></div></div></div><a class="indexterm" name="id313721"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
     1548</h3></div></div></div><a class="indexterm" name="id313789"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service
    15071549        which will be connected to if the service actually requested cannot
    15081550        be found. Note that the square brackets are <span class="emphasis"><em>NOT</em></span>
     
    15181560</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>default service</code></em> = <code class="literal">pub</code>
    15191561</em></span>
    1520 </p></dd></dl></div></div><div class="section" title="defer sharing violations (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313813"></a>
     1562</p></dd></dl></div></div><div class="section" title="defer sharing violations (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313882"></a>
    15211563
    15221564defer sharing violations (G)
    1523 </h3></div></div></div><a class="indexterm" name="id313814"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1565</h3></div></div></div><a class="indexterm" name="id313883"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    15241566        Windows allows specifying how a file will be shared with
    15251567        other processes when it is opened. Sharing violations occur when
     
    15341576        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>defer sharing violations</code></em> = <code class="literal">True</code>
    15351577</em></span>
    1536 </p></dd></dl></div></div><div class="section" title="delete group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313862"></a>
     1578</p></dd></dl></div></div><div class="section" title="delete group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313934"></a>
    15371579
    15381580delete group script (G)
    1539 </h3></div></div></div><a class="indexterm" name="id313863"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
     1581</h3></div></div></div><a class="indexterm" name="id313935"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
    15401582        be run <span class="emphasis"><em>AS ROOT</em></span> <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a group is requested to be deleted.
    15411583        It will expand any <em class="parameter"><code>%g</code></em> to the group name passed. 
     
    15431585        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete group script</code></em> = <code class="literal"></code>
    15441586</em></span>
    1545 </p></dd></dl></div></div><div class="section" title="deleteprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313916"></a>
     1587</p></dd></dl></div></div><div class="section" title="deleteprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313987"></a>
    15461588
    15471589deleteprinter command (G)
    1548 </h3></div></div></div><a class="indexterm" name="id313917"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
     1590</h3></div></div></div><a class="indexterm" name="id313988"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer
    15491591    support for Windows NT/2000 clients in Samba 2.2, it is now
    15501592    possible to delete a printer at run time by issuing the
     
    15641606</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deleteprinter command</code></em> = <code class="literal">/usr/bin/removeprinter</code>
    15651607</em></span>
    1566 </p></dd></dl></div></div><div class="section" title="delete readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314032"></a>
     1608</p></dd></dl></div></div><div class="section" title="delete readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314104"></a>
    15671609
    15681610delete readonly (S)
    1569 </h3></div></div></div><a class="indexterm" name="id314033"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted. 
     1611</h3></div></div></div><a class="indexterm" name="id314105"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted. 
    15701612        This is not normal DOS semantics, but is allowed by UNIX.</p><p>This option may be useful for running applications such
    15711613        as rcs, where UNIX file ownership prevents changing file
    15721614        permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code>
    15731615</em></span>
    1574 </p></dd></dl></div></div><div class="section" title="delete share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314075"></a>
     1616</p></dd></dl></div></div><div class="section" title="delete share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314147"></a>
    15751617
    15761618delete share command (G)
    1577 </h3></div></div></div><a class="indexterm" name="id314076"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1619</h3></div></div></div><a class="indexterm" name="id314148"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    15781620        Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
    15791621        Manager.  The <em class="parameter"><code>delete share command</code></em> is used to define an external
     
    16011643</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = <code class="literal">/usr/local/bin/delshare</code>
    16021644</em></span>
    1603 </p></dd></dl></div></div><div class="section" title="delete user from group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314218"></a>
     1645</p></dd></dl></div></div><div class="section" title="delete user from group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314290"></a>
    16041646
    16051647delete user from group script (G)
    1606 </h3></div></div></div><a class="indexterm" name="id314219"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
     1648</h3></div></div></div><a class="indexterm" name="id314291"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when
    16071649        a user is removed from a group using the Windows NT domain administration
    16081650        tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> <span class="emphasis"><em>AS ROOT</em></span>.
     
    16131655</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user from group script</code></em> = <code class="literal">/usr/sbin/deluser %u %g</code>
    16141656</em></span>
    1615 </p></dd></dl></div></div><div class="section" title="delete user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314292"></a>
     1657</p></dd></dl></div></div><div class="section" title="delete user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314364"></a>
    16161658
    16171659delete user script (G)
    1618 </h3></div></div></div><a class="indexterm" name="id314293"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
     1660</h3></div></div></div><a class="indexterm" name="id314365"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will
    16191661        be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when managing users
    16201662        with remote RPC (NT) tools.
     
    16251667</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user script</code></em> = <code class="literal">/usr/local/samba/bin/del_user %u</code>
    16261668</em></span>
    1627 </p></dd></dl></div></div><div class="section" title="delete veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314364"></a>
     1669</p></dd></dl></div></div><div class="section" title="delete veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314437"></a>
    16281670
    16291671delete veto files (S)
    1630 </h3></div></div></div><a class="indexterm" name="id314366"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
     1672</h3></div></div></div><a class="indexterm" name="id314438"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to
    16311673        delete a directory that contains one or more vetoed directories
    16321674        (see the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a>
     
    16421684        is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = <code class="literal">no</code>
    16431685</em></span>
    1644 </p></dd></dl></div></div><div class="section" title="dfree cache time (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314440"></a>
     1686</p></dd></dl></div></div><div class="section" title="dfree cache time (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314512"></a>
    16451687
    16461688dfree cache time (S)
    1647 </h3></div></div></div><a class="indexterm" name="id314441"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1689</h3></div></div></div><a class="indexterm" name="id314513"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    16481690        The <em class="parameter"><code>dfree cache time</code></em> should only be used on systems where a problem
    16491691        occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur
     
    16581700        </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code>
    16591701</em></span>
    1660 </p></dd></dl></div></div><div class="section" title="dfree command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314506"></a>
     1702</p></dd></dl></div></div><div class="section" title="dfree command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314578"></a>
    16611703
    16621704dfree command (S)
    1663 </h3></div></div></div><a class="indexterm" name="id314507"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1705</h3></div></div></div><a class="indexterm" name="id314579"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    16641706        The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a
    16651707        problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may
     
    16991741        </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree command</code></em> = <code class="literal">/usr/local/samba/bin/dfree</code>
    17001742</em></span>
    1701 </p></dd></dl></div></div><div class="section" title="directory mode"><div class="titlepage"><div><div><h3 class="title"><a name="id314612"></a>
     1743</p></dd></dl></div></div><div class="section" title="directory mode"><div class="titlepage"><div><div><h3 class="title"><a name="id314684"></a>
    17021744
    17031745<a name="DIRECTORYMODE"></a>directory mode
    1704 </h3></div></div></div><a class="indexterm" name="id314613"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" title="directory mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314638"></a>
     1746</h3></div></div></div><a class="indexterm" name="id314685"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" title="directory mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314710"></a>
    17051747
    17061748directory mask (S)
    1707 </h3></div></div></div><a class="indexterm" name="id314639"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
     1749</h3></div></div></div><a class="indexterm" name="id314711"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are
    17081750    used when converting DOS modes to UNIX modes when creating UNIX
    17091751    directories.</p><p>When a directory is created, the necessary permissions are
     
    17231765</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0775</code>
    17241766</em></span>
    1725 </p></dd></dl></div></div><div class="section" title="directory name cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314732"></a>
     1767</p></dd></dl></div></div><div class="section" title="directory name cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314804"></a>
    17261768
    17271769directory name cache size (S)
    1728 </h3></div></div></div><a class="indexterm" name="id314733"></a><a name="DIRECTORYNAMECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1770</h3></div></div></div><a class="indexterm" name="id314805"></a><a name="DIRECTORYNAMECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    17291771        This parameter specifies the the size of the directory name cache.
    17301772        It will be needed to turn this off for *BSD systems.
    17311773        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory name cache size</code></em> = <code class="literal">100</code>
    17321774</em></span>
    1733 </p></dd></dl></div></div><div class="section" title="directory security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314770"></a>
     1775</p></dd></dl></div></div><div class="section" title="directory security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314842"></a>
    17341776
    17351777directory security mask (S)
    1736 </h3></div></div></div><a class="indexterm" name="id314771"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
     1778</h3></div></div></div><a class="indexterm" name="id314843"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits
    17371779    will be set when a Windows NT client is manipulating the UNIX
    17381780    permission on a directory using the native NT security dialog
     
    17541796</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code>
    17551797</em></span>
    1756 </p></dd></dl></div></div><div class="section" title="disable netbios (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314858"></a>
     1798</p></dd></dl></div></div><div class="section" title="disable netbios (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314930"></a>
    17571799
    17581800disable netbios (G)
    1759 </h3></div></div></div><a class="indexterm" name="id314859"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
     1801</h3></div></div></div><a class="indexterm" name="id314931"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support
    17601802    in Samba. Netbios is the only available form of browsing in
    17611803    all windows versions except for 2000 and XP. </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to
     
    17631805        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code>
    17641806</em></span>
    1765 </p></dd></dl></div></div><div class="section" title="disable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314902"></a>
     1807</p></dd></dl></div></div><div class="section" title="disable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314974"></a>
    17661808
    17671809disable spoolss (G)
    1768 </h3></div></div></div><a class="indexterm" name="id314903"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
     1810</h3></div></div></div><a class="indexterm" name="id314975"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support
    17691811    for the SPOOLSS set of MS-RPC's and will yield identical behavior
    17701812    as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
     
    17781820</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable spoolss</code></em> = <code class="literal">no</code>
    17791821</em></span>
    1780 </p></dd></dl></div></div><div class="section" title="display charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314947"></a>
     1822</p></dd></dl></div></div><div class="section" title="display charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id265642"></a>
    17811823
    17821824display charset (G)
    1783 </h3></div></div></div><a class="indexterm" name="id314948"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1825</h3></div></div></div><a class="indexterm" name="id265643"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>
    17841826        Specifies the charset that samba will use to print messages to stdout and stderr.
    17851827        The default value is "LOCALE", which means automatically set, depending on the
     
    17901832</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = <code class="literal">UTF8</code>
    17911833</em></span>
    1792 </p></dd></dl></div></div><div class="section" title="dmapi support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315009"></a>
     1834</p></dd></dl></div></div><div class="section" title="dmapi support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315156"></a>
    17931835
    17941836dmapi support (S)
    1795 </h3></div></div></div><a class="indexterm" name="id315010"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to
     1837</h3></div></div></div><a class="indexterm" name="id315157"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to
    17961838        determine whether a file is offline or not. This would typically
    17971839        be used in conjunction with a hierarchical storage system that
     
    18081850        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dmapi support</code></em> = <code class="literal">no</code>
    18091851</em></span>
    1810 </p></dd></dl></div></div><div class="section" title="dns proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315062"></a>
     1852</p></dd></dl></div></div><div class="section" title="dns proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315208"></a>
    18111853
    18121854dns proxy (G)
    1813 </h3></div></div></div><a class="indexterm" name="id315063"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
     1855</h3></div></div></div><a class="indexterm" name="id315209"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and
    18141856        finding that a NetBIOS name has not been registered, should treat the
    18151857        NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server
     
    18201862        action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code>
    18211863</em></span>
    1822 </p></dd></dl></div></div><div class="section" title="domain logons (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315121"></a>
     1864</p></dd></dl></div></div><div class="section" title="domain logons (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315268"></a>
    18231865
    18241866domain logons (G)
    1825 </h3></div></div></div><a class="indexterm" name="id315122"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1867</h3></div></div></div><a class="indexterm" name="id315269"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    18261868        If set to <code class="constant">yes</code>, the Samba server will
    18271869        provide the netlogon service for Windows 9X network logons for the
     
    18331875        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain logons</code></em> = <code class="literal">no</code>
    18341876</em></span>
    1835 </p></dd></dl></div></div><div class="section" title="domain master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315171"></a>
     1877</p></dd></dl></div></div><div class="section" title="domain master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315318"></a>
    18361878
    18371879domain master (G)
    1838 </h3></div></div></div><a class="indexterm" name="id315172"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     1880</h3></div></div></div><a class="indexterm" name="id315319"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    18391881        Tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to enable
    18401882        WAN-wide browse list collation. Setting this option causes <code class="literal">nmbd</code> to claim a
     
    18621904        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = <code class="literal">auto</code>
    18631905</em></span>
    1864 </p></dd></dl></div></div><div class="section" title="dont descend (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315338"></a>
     1906</p></dd></dl></div></div><div class="section" title="dont descend (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315485"></a>
    18651907
    18661908dont descend (S)
    1867 </h3></div></div></div><a class="indexterm" name="id315339"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
     1909</h3></div></div></div><a class="indexterm" name="id315486"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems
    18681910        (e.g., the <code class="filename">/proc</code> tree under Linux) that are either not
    18691911        of interest to clients or are infinitely deep (recursive). This
     
    18761918</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dont descend</code></em> = <code class="literal">/proc,/dev</code>
    18771919</em></span>
    1878 </p></dd></dl></div></div><div class="section" title="dos charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315412"></a>
     1920</p></dd></dl></div></div><div class="section" title="dos charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315559"></a>
    18791921
    18801922dos charset (G)
    1881 </h3></div></div></div><a class="indexterm" name="id315413"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
     1923</h3></div></div></div><a class="indexterm" name="id315560"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has
    18821924        the same charset as they do. This option specifies which
    18831925        charset Samba should talk to DOS clients.
    18841926        </p><p>The default depends on which charsets you have installed.
    18851927        Samba tries to use charset 850 but falls back to ASCII in
    1886         case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="dos filemode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315450"></a>
     1928        case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="dos filemode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315597"></a>
    18871929
    18881930dos filemode (S)
    1889 </h3></div></div></div><a class="indexterm" name="id315452"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
     1931</h3></div></div></div><a class="indexterm" name="id315598"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide
    18901932        UNIX-like behavior where only the owner of a file/directory is
    18911933        able to change the permissions on it.  However, this behavior
     
    19041946        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filemode</code></em> = <code class="literal">no</code>
    19051947</em></span>
    1906 </p></dd></dl></div></div><div class="section" title="dos filetime resolution (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315494"></a>
     1948</p></dd></dl></div></div><div class="section" title="dos filetime resolution (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315641"></a>
    19071949
    19081950dos filetime resolution (S)
    1909 </h3></div></div></div><a class="indexterm" name="id315495"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
     1951</h3></div></div></div><a class="indexterm" name="id315642"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest
    19101952        granularity on time resolution is two seconds. Setting this parameter
    19111953        for a share causes Samba to round the reported time down to the
     
    19221964        happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code>
    19231965</em></span>
    1924 </p></dd></dl></div></div><div class="section" title="dos filetimes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315550"></a>
     1966</p></dd></dl></div></div><div class="section" title="dos filetimes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315696"></a>
    19251967
    19261968dos filetimes (S)
    1927 </h3></div></div></div><a class="indexterm" name="id315551"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
     1969</h3></div></div></div><a class="indexterm" name="id315698"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a
    19281970        file they can change the timestamp on it. Under POSIX semantics,
    19291971        only the owner of the file or root may change the timestamp. By
     
    19381980        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetimes</code></em> = <code class="literal">yes</code>
    19391981</em></span>
    1940 </p></dd></dl></div></div><div class="section" title="ea support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315597"></a>
     1982</p></dd></dl></div></div><div class="section" title="ea support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315744"></a>
    19411983
    19421984ea support (S)
    1943 </h3></div></div></div><a class="indexterm" name="id315598"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
     1985</h3></div></div></div><a class="indexterm" name="id315745"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended
    19441986    attributes on a share. In order to enable this parameter the underlying filesystem exported by
    19451987    the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the
     
    19481990                extended attributes must be compiled into the Linux kernel.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ea support</code></em> = <code class="literal">no</code>
    19491991</em></span>
    1950 </p></dd></dl></div></div><div class="section" title="enable asu support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315646"></a>
     1992</p></dd></dl></div></div><div class="section" title="enable asu support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315797"></a>
    19511993
    19521994enable asu support (G)
    1953 </h3></div></div></div><a class="indexterm" name="id315647"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
     1995</h3></div></div></div><a class="indexterm" name="id315798"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product
    19541996    require some special accomodations such as creating a builtin [ADMIN$]
    19551997    share that only supports IPC connections.  The has been the default
     
    19592001    an [ADMIN$] file share in smb.conf.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable asu support</code></em> = <code class="literal">no</code>
    19602002</em></span>
    1961 </p></dd></dl></div></div><div class="section" title="enable core files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315687"></a>
     2003</p></dd></dl></div></div><div class="section" title="enable core files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315842"></a>
    19622004
    19632005enable core files (G)
    1964 </h3></div></div></div><a class="indexterm" name="id315688"></a><a name="ENABLECOREFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether core dumps should be written
     2006</h3></div></div></div><a class="indexterm" name="id315843"></a><a name="ENABLECOREFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether core dumps should be written
    19652007        on internal exits. Normally set to <code class="constant">yes</code>.
    19662008        You should never need to change this.
     
    19692011</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">no</code>
    19702012</em></span>
    1971 </p></dd></dl></div></div><div class="section" title="enable privileges (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315743"></a>
     2013</p></dd></dl></div></div><div class="section" title="enable privileges (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315903"></a>
    19722014
    19732015enable privileges (G)
    1974 </h3></div></div></div><a class="indexterm" name="id315744"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    1975         This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
     2016</h3></div></div></div><a class="indexterm" name="id315904"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2017        This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
    19762018         <code class="literal">net rpc rights</code> or one of the Windows user and group manager tools.  This parameter is
    19772019        enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
     
    19852027        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code>
    19862028</em></span>
    1987 </p></dd></dl></div></div><div class="section" title="enable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315797"></a>
     2029</p></dd></dl></div></div><div class="section" title="enable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315961"></a>
    19882030
    19892031enable spoolss (G)
    1990 </h3></div></div></div><a class="indexterm" name="id315798"></a><a name="ENABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#DISABLESPOOLSS" target="_top">disable spoolss</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable spoolss</code></em> = <code class="literal">yes</code>
    1991 </em></span>
    1992 </p></dd></dl></div></div><div class="section" title="encrypt passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315842"></a>
     2032</h3></div></div></div><a class="indexterm" name="id315962"></a><a name="ENABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#DISABLESPOOLSS" target="_top">disable spoolss</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable spoolss</code></em> = <code class="literal">yes</code>
     2033</em></span>
     2034</p></dd></dl></div></div><div class="section" title="encrypt passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316013"></a>
    19932035
    19942036encrypt passwords (G)
    1995 </h3></div></div></div><a class="indexterm" name="id315843"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
     2037</h3></div></div></div><a class="indexterm" name="id316014"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords
    19962038    will be negotiated with the client. Note that Windows NT 4.0 SP3 and
    19972039    above and also Windows 98 will by default expect encrypted passwords
     
    20162058        server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = <code class="literal">yes</code>
    20172059</em></span>
    2018 </p></dd></dl></div></div><div class="section" title="enhanced browsing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315940"></a>
     2060</p></dd></dl></div></div><div class="section" title="enhanced browsing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316114"></a>
    20192061
    20202062enhanced browsing (G)
    2021 </h3></div></div></div><a class="indexterm" name="id315941"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
     2063</h3></div></div></div><a class="indexterm" name="id316115"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to
    20222064        cross-subnet browse propagation that have been added in Samba
    20232065        but which are not standard in Microsoft implementations. 
     
    20322074        cross-subnet browse propagation much more reliable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enhanced browsing</code></em> = <code class="literal">yes</code>
    20332075</em></span>
    2034 </p></dd></dl></div></div><div class="section" title="enumports command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315998"></a>
     2076</p></dd></dl></div></div><div class="section" title="enumports command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316171"></a>
    20352077
    20362078enumports command (G)
    2037 </h3></div></div></div><a class="indexterm" name="id315999"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
     2079</h3></div></div></div><a class="indexterm" name="id316172"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign
    20382080    to UNIX hosts.  Under Windows NT/2000 print servers, a port
    20392081    is associated with a port monitor and generally takes the form of
     
    20522094</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enumports command</code></em> = <code class="literal">/usr/bin/listports</code>
    20532095</em></span>
    2054 </p></dd></dl></div></div><div class="section" title="eventlog list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316079"></a>
     2096</p></dd></dl></div></div><div class="section" title="eventlog list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316252"></a>
    20552097
    20562098eventlog list (G)
    2057 </h3></div></div></div><a class="indexterm" name="id316080"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will
     2099</h3></div></div></div><a class="indexterm" name="id316253"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will
    20582100    report to the Microsoft EventViewer utility.  The listed
    20592101    eventlogs will be associated with tdb file on disk in the
     
    20682110</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>eventlog list</code></em> = <code class="literal">Security Application Syslog Apache</code>
    20692111</em></span>
    2070 </p></dd></dl></div></div><div class="section" title="fake directory create times (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316154"></a>
     2112</p></dd></dl></div></div><div class="section" title="fake directory create times (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316327"></a>
    20712113
    20722114fake directory create times (S)
    2073 </h3></div></div></div><a class="indexterm" name="id316155"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
     2115</h3></div></div></div><a class="indexterm" name="id316328"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create
    20742116        time for all files and directories. This is not the same as the
    20752117        ctime - status change time - that Unix keeps, so Samba by default
     
    20932135        will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code>
    20942136</em></span>
    2095 </p></dd></dl></div></div><div class="section" title="fake oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316213"></a>
     2137</p></dd></dl></div></div><div class="section" title="fake oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316391"></a>
    20962138
    20972139fake oplocks (S)
    2098 </h3></div></div></div><a class="indexterm" name="id316214"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
     2140</h3></div></div></div><a class="indexterm" name="id316392"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission
    20992141        from a server to locally cache file operations. If a server grants
    21002142        an oplock (opportunistic lock) then the client is free to assume
     
    21122154        this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code>
    21132155</em></span>
    2114 </p></dd></dl></div></div><div class="section" title="follow symlinks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316296"></a>
     2156</p></dd></dl></div></div><div class="section" title="follow symlinks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316474"></a>
    21152157
    21162158follow symlinks (S)
    2117 </h3></div></div></div><a class="indexterm" name="id316297"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2159</h3></div></div></div><a class="indexterm" name="id316475"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    21182160        This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>       from following symbolic links in a particular share. Setting this
    21192161        parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being
     
    21252167        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code>
    21262168</em></span>
    2127 </p></dd></dl></div></div><div class="section" title="force create mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316366"></a>
     2169</p></dd></dl></div></div><div class="section" title="force create mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316544"></a>
    21282170
    21292171force create mode (S)
    2130 </h3></div></div></div><a class="indexterm" name="id316367"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
     2172</h3></div></div></div><a class="indexterm" name="id316545"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
    21312173    permissions that will <span class="emphasis"><em>always</em></span> be set on a
    21322174    file created by Samba. This is done by bitwise 'OR'ing these bits onto
     
    21402182</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force create mode</code></em> = <code class="literal">0755</code>
    21412183</em></span>
    2142 </p></dd></dl></div></div><div class="section" title="force directory mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316442"></a>
     2184</p></dd></dl></div></div><div class="section" title="force directory mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316620"></a>
    21432185
    21442186force directory mode (S)
    2145 </h3></div></div></div><a class="indexterm" name="id316443"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
     2187</h3></div></div></div><a class="indexterm" name="id316621"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit
    21462188    permissions that will <span class="emphasis"><em>always</em></span> be set on a directory
    21472189    created by Samba. This is done by bitwise 'OR'ing these bits onto the
     
    21562198</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory mode</code></em> = <code class="literal">0755</code>
    21572199</em></span>
    2158 </p></dd></dl></div></div><div class="section" title="force directory security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316517"></a>
     2200</p></dd></dl></div></div><div class="section" title="force directory security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316695"></a>
    21592201
    21602202force directory security mode (S)
    2161 </h3></div></div></div><a class="indexterm" name="id316518"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2203</h3></div></div></div><a class="indexterm" name="id316696"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    21622204        This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
    21632205        the UNIX permission on a directory using the native NT security dialog box.
     
    21802222</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory security mode</code></em> = <code class="literal">700</code>
    21812223</em></span>
    2182 </p></dd></dl></div></div><div class="section" title="group"><div class="titlepage"><div><div><h3 class="title"><a name="id316610"></a>
     2224</p></dd></dl></div></div><div class="section" title="group"><div class="titlepage"><div><div><h3 class="title"><a name="id316788"></a>
    21832225
    21842226<a name="GROUP"></a>group
    2185 </h3></div></div></div><a class="indexterm" name="id316611"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" title="force group (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316642"></a>
     2227</h3></div></div></div><a class="indexterm" name="id316789"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" title="force group (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316820"></a>
    21862228
    21872229force group (S)
    2188 </h3></div></div></div><a class="indexterm" name="id316643"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
     2230</h3></div></div></div><a class="indexterm" name="id316821"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be
    21892231    assigned as the default primary group for all users connecting
    21902232    to this service. This is useful for sharing files by ensuring
     
    22102252</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> = <code class="literal">agroup</code>
    22112253</em></span>
    2212 </p></dd></dl></div></div><div class="section" title="force printername (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316744"></a>
     2254</p></dd></dl></div></div><div class="section" title="force printername (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316922"></a>
    22132255
    22142256force printername (S)
    2215 </h3></div></div></div><a class="indexterm" name="id316746"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),
     2257</h3></div></div></div><a class="indexterm" name="id316923"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),
    22162258    each printer in <code class="filename">smb.conf</code> has two
    22172259    associated names which can be used by the client.  The first
     
    22362278    folder.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force printername</code></em> = <code class="literal">no</code>
    22372279</em></span>
    2238 </p></dd></dl></div></div><div class="section" title="force security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316824"></a>
     2280</p></dd></dl></div></div><div class="section" title="force security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317002"></a>
    22392281
    22402282force security mode (S)
    2241 </h3></div></div></div><a class="indexterm" name="id316825"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2283</h3></div></div></div><a class="indexterm" name="id317003"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    22422284        This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
    22432285    the UNIX permission on a file using the native NT security dialog box.
     
    22592301</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force security mode</code></em> = <code class="literal">700</code>
    22602302</em></span>
    2261 </p></dd></dl></div></div><div class="section" title="force unknown acl user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316915"></a>
     2303</p></dd></dl></div></div><div class="section" title="force unknown acl user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317093"></a>
    22622304
    22632305force unknown acl user (S)
    2264 </h3></div></div></div><a class="indexterm" name="id316916"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2306</h3></div></div></div><a class="indexterm" name="id317094"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    22652307    If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or
    22662308    representation of a user or group id) as the owner or group owner of the file will be silently
     
    22762318    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force unknown acl user</code></em> = <code class="literal">no</code>
    22772319</em></span>
    2278 </p></dd></dl></div></div><div class="section" title="force user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316969"></a>
     2320</p></dd></dl></div></div><div class="section" title="force user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317147"></a>
    22792321
    22802322force user (S)
    2281 </h3></div></div></div><a class="indexterm" name="id316970"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
     2323</h3></div></div></div><a class="indexterm" name="id317148"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be
    22822324    assigned as the default user for all users connecting to this service.
    22832325    This is useful for sharing files. You should also use it carefully
     
    22932335</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force user</code></em> = <code class="literal">auser</code>
    22942336</em></span>
    2295 </p></dd></dl></div></div><div class="section" title="fstype (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317039"></a>
     2337</p></dd></dl></div></div><div class="section" title="fstype (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317217"></a>
    22962338
    22972339fstype (S)
    2298 </h3></div></div></div><a class="indexterm" name="id317040"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2340</h3></div></div></div><a class="indexterm" name="id317218"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    22992341        This parameter allows the administrator to configure the string that specifies the type of filesystem a share
    23002342        is using that is reported by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
     
    23062348</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>fstype</code></em> = <code class="literal">Samba</code>
    23072349</em></span>
    2308 </p></dd></dl></div></div><div class="section" title="get quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317118"></a>
     2350</p></dd></dl></div></div><div class="section" title="get quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317296"></a>
    23092351
    23102352get quota command (G)
    2311 </h3></div></div></div><a class="indexterm" name="id317119"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used
     2353</h3></div></div></div><a class="indexterm" name="id317297"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used
    23122354        whenever there is no operating system API available from the OS that
    23132355        samba can use.</p><p>This option is only available you have compiled Samba with the
     
    23222364</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code>
    23232365</em></span>
    2324 </p></dd></dl></div></div><div class="section" title="getwd cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317294"></a>
     2366</p></dd></dl></div></div><div class="section" title="getwd cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317472"></a>
    23252367
    23262368getwd cache (G)
    2327 </h3></div></div></div><a class="indexterm" name="id317295"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
     2369</h3></div></div></div><a class="indexterm" name="id317473"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a
    23282370    caching algorithm will be used to reduce the time taken for getwd()
    23292371    calls. This can have a significant impact on performance, especially
    23302372    when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code>
    23312373</em></span>
    2332 </p></dd></dl></div></div><div class="section" title="guest account (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317352"></a>
     2374</p></dd></dl></div></div><div class="section" title="guest account (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317530"></a>
    23332375
    23342376guest account (G)
    2335 </h3></div></div></div><a class="indexterm" name="id317353"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
     2377</h3></div></div></div><a class="indexterm" name="id317531"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access
    23362378    to services which are specified as <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> (see below). Whatever privileges this
    23372379    user has will be available to any client connecting to the guest service.
     
    23512393</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code>
    23522394</em></span>
    2353 </p></dd></dl></div></div><div class="section" title="public"><div class="titlepage"><div><div><h3 class="title"><a name="id317451"></a>
     2395</p></dd></dl></div></div><div class="section" title="public"><div class="titlepage"><div><div><h3 class="title"><a name="id317629"></a>
    23542396
    23552397<a name="PUBLIC"></a>public
    2356 </h3></div></div></div><a class="indexterm" name="id317452"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" title="guest ok (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317482"></a>
     2398</h3></div></div></div><a class="indexterm" name="id317630"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" title="guest ok (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317660"></a>
    23572399
    23582400guest ok (S)
    2359 </h3></div></div></div><a class="indexterm" name="id317483"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
     2401</h3></div></div></div><a class="indexterm" name="id317661"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
    23602402    a service, then no password is required to connect to the service.
    23612403    Privileges will be those of the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p><p>This parameter nullifies the benefits of setting
     
    23642406        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = <code class="literal">no</code>
    23652407</em></span>
    2366 </p></dd></dl></div></div><div class="section" title="only guest"><div class="titlepage"><div><div><h3 class="title"><a name="id317567"></a>
     2408</p></dd></dl></div></div><div class="section" title="only guest"><div class="titlepage"><div><div><h3 class="title"><a name="id317745"></a>
    23672409
    23682410<a name="ONLYGUEST"></a>only guest
    2369 </h3></div></div></div><a class="indexterm" name="id317568"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" title="guest only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317600"></a>
     2411</h3></div></div></div><a class="indexterm" name="id317746"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" title="guest only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317778"></a>
    23702412
    23712413guest only (S)
    2372 </h3></div></div></div><a class="indexterm" name="id317601"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
     2414</h3></div></div></div><a class="indexterm" name="id317779"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for
    23732415    a service, then only guest connections to the service are permitted.
    23742416    This parameter will have no effect if <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> is not set for the service.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option.
    23752417        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = <code class="literal">no</code>
    23762418</em></span>
    2377 </p></dd></dl></div></div><div class="section" title="hide dot files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317669"></a>
     2419</p></dd></dl></div></div><div class="section" title="hide dot files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317847"></a>
    23782420
    23792421hide dot files (S)
    2380 </h3></div></div></div><a class="indexterm" name="id317670"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
     2422</h3></div></div></div><a class="indexterm" name="id317848"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether
    23812423        files starting with a dot appear as hidden files.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide dot files</code></em> = <code class="literal">yes</code>
    23822424</em></span>
    2383 </p></dd></dl></div></div><div class="section" title="hide files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317710"></a>
     2425</p></dd></dl></div></div><div class="section" title="hide files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317888"></a>
    23842426
    23852427hide files (S)
    2386 </h3></div></div></div><a class="indexterm" name="id317711"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
     2428</h3></div></div></div><a class="indexterm" name="id317889"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not
    23872429        visible but are accessible.  The DOS 'hidden' attribute is applied
    23882430        to any files or directories that match.</p><p>Each entry in the list must be separated by a '/',
     
    24062448# no file are hidden</code>
    24072449</em></span>
    2408 </p></dd></dl></div></div><div class="section" title="hide special files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317789"></a>
     2450</p></dd></dl></div></div><div class="section" title="hide special files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317967"></a>
    24092451
    24102452hide special files (S)
    2411 </h3></div></div></div><a class="indexterm" name="id317790"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2453</h3></div></div></div><a class="indexterm" name="id317968"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    24122454        This parameter prevents clients from seeing special files such as sockets, devices and
    24132455        fifo's in directory listings.
    24142456        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code>
    24152457</em></span>
    2416 </p></dd></dl></div></div><div class="section" title="hide unreadable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317830"></a>
     2458</p></dd></dl></div></div><div class="section" title="hide unreadable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318008"></a>
    24172459
    24182460hide unreadable (S)
    2419 </h3></div></div></div><a class="indexterm" name="id317831"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
     2461</h3></div></div></div><a class="indexterm" name="id318009"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the
    24202462                existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code>
    24212463</em></span>
    2422 </p></dd></dl></div></div><div class="section" title="hide unwriteable files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317872"></a>
     2464</p></dd></dl></div></div><div class="section" title="hide unwriteable files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318050"></a>
    24232465
    24242466hide unwriteable files (S)
    2425 </h3></div></div></div><a class="indexterm" name="id317873"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2467</h3></div></div></div><a class="indexterm" name="id318051"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    24262468    This parameter prevents clients from seeing the existance of files that cannot be written to.
    24272469    Defaults to off. Note that unwriteable directories are shown as usual.
    24282470    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code>
    24292471</em></span>
    2430 </p></dd></dl></div></div><div class="section" title="homedir map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317914"></a>
     2472</p></dd></dl></div></div><div class="section" title="homedir map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318091"></a>
    24312473
    24322474homedir map (G)
    2433 </h3></div></div></div><a class="indexterm" name="id317915"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2475</h3></div></div></div><a class="indexterm" name="id318092"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    24342476        If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting         as a Win95/98 <em class="parameter"><code>logon server</code></em>
    24352477        then this parameter specifies the NIS (or YP) map from which the server for the user's  home directory should be extracted. 
     
    24462488</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal">amd.homedir</code>
    24472489</em></span>
    2448 </p></dd></dl></div></div><div class="section" title="host msdfs (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318020"></a>
     2490</p></dd></dl></div></div><div class="section" title="host msdfs (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318198"></a>
    24492491
    24502492host msdfs (G)
    2451 </h3></div></div></div><a class="indexterm" name="id318021"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2493</h3></div></div></div><a class="indexterm" name="id318199"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    24522494        If set to <code class="constant">yes</code>, Samba will act as a Dfs server, and allow Dfs-aware clients to browse
    24532495        Dfs trees hosted on the server.
     
    24572499        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = <code class="literal">yes</code>
    24582500</em></span>
    2459 </p></dd></dl></div></div><div class="section" title="hostname lookups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318082"></a>
     2501</p></dd></dl></div></div><div class="section" title="hostname lookups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318260"></a>
    24602502
    24612503hostname lookups (G)
    2462 </h3></div></div></div><a class="indexterm" name="id318083"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
     2504</h3></div></div></div><a class="indexterm" name="id318261"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)
    24632505    hostname lookups or use the ip addresses instead. An example place
    24642506    where hostname lookups are currently used is when checking
     
    24682510</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = <code class="literal">yes</code>
    24692511</em></span>
    2470 </p></dd></dl></div></div><div class="section" title="allow hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318153"></a>
     2512</p></dd></dl></div></div><div class="section" title="allow hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318331"></a>
    24712513
    24722514<a name="ALLOWHOSTS"></a>allow hosts
    2473 </h3></div></div></div><a class="indexterm" name="id318154"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" title="hosts allow (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318185"></a>
     2515</h3></div></div></div><a class="indexterm" name="id318332"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" title="hosts allow (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318363"></a>
    24742516
    24752517hosts allow (S)
    2476 </h3></div></div></div><a class="indexterm" name="id318186"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
     2518</h3></div></div></div><a class="indexterm" name="id318364"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited
    24772519    set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will
    24782520    apply to all services, regardless of whether the individual
     
    24942536</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code>
    24952537</em></span>
    2496 </p></dd></dl></div></div><div class="section" title="deny hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318373"></a>
     2538</p></dd></dl></div></div><div class="section" title="deny hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318551"></a>
    24972539
    24982540<a name="DENYHOSTS"></a>deny hosts
    2499 </h3></div></div></div><a class="indexterm" name="id318374"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" title="hosts deny (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318404"></a>
     2541</h3></div></div></div><a class="indexterm" name="id318552"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" title="hosts deny (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318582"></a>
    25002542
    25012543hosts deny (S)
    2502 </h3></div></div></div><a class="indexterm" name="id318405"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
     2544</h3></div></div></div><a class="indexterm" name="id318583"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>
    25032545    - hosts listed here are <span class="emphasis"><em>NOT</em></span> permitted access to
    25042546    services unless the specific services have their own lists to override
     
    25142556</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = <code class="literal">150.203.4. badhost.mynet.edu.au</code>
    25152557</em></span>
    2516 </p></dd></dl></div></div><div class="section" title="idmap alloc config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318502"></a>
    2517 
    2518 idmap alloc config (G)
    2519 </h3></div></div></div><a class="indexterm" name="id318503"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
    2520         The idmap alloc config prefix provides a means of managing settings
    2521         for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a>
    2522         parameter.  Refer to the man page for each idmap plugin regarding
    2523         specific configuration details.
    2524         </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="idmap backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318542"></a>
     2558</p></dd></dl></div></div><div class="section" title="idmap backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318680"></a>
    25252559
    25262560idmap backend (G)
    2527 </h3></div></div></div><a class="indexterm" name="id318543"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2561</h3></div></div></div><a class="indexterm" name="id318681"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>
    25282562        The idmap backend provides a plugin interface for Winbind to use
    25292563        varying backends to store SID/uid/gid mapping tables.
    25302564        </p><p>
    25312565        This option specifies the default backend that is used when no special
    2532         configuration set by <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> matches the
    2533         specific request.
    2534         </p><p>
    2535         This default backend also specifies the place where winbind-generated
    2536         idmap entries will be stored. So it is highly recommended that you
    2537         specify a writable backend like <a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a> or <a class="citerefentry" href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a> as the idmap backend. The <a class="citerefentry" href="idmap_rid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_rid</span>(8)</span></a> and <a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a> backends are not writable and thus will generate
    2538         unexpected results if set as idmap backend.
    2539         </p><p>
    2540         To use the rid and ad backends, please specify them via the
    2541         <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> parameter, possibly also for the
    2542         domain your machine is member of, specified by <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a>.
    2543         </p><p>Examples of SID/uid/gid backends include tdb (<a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>),
    2544         ldap (<a class="citerefentry" href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>), rid (<a class="citerefentry" href="idmap_rid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_rid</span>(8)</span></a>),
    2545         and ad (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>).
     2566        configuration set, but it is now deprecated in favour of the new
     2567        spelling <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:BACKEND" target="_top">idmap config * :  backend</a>.
    25462568        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code>
    25472569</em></span>
    2548 </p></dd></dl></div></div><div class="section" title="idmap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318707"></a>
     2570</p></dd></dl></div></div><div class="section" title="idmap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318737"></a>
    25492571
    25502572idmap cache time (G)
    2551 </h3></div></div></div><a class="indexterm" name="id318708"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
     2573</h3></div></div></div><a class="indexterm" name="id318738"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
    25522574        idmap interface will cache positive SID/uid/gid query results.
    25532575        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">604800 (one week)</code>
    25542576</em></span>
    2555 </p></dd></dl></div></div><div class="section" title="idmap config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318748"></a>
     2577</p></dd></dl></div></div><div class="section" title="idmap config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318779"></a>
    25562578
    25572579idmap config (G)
    2558 </h3></div></div></div><a class="indexterm" name="id318749"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
    2559         The idmap config prefix provides a means of managing each trusted
    2560         domain separately. The idmap config prefix should be followed by the
    2561         name of the domain, a colon, and a setting specific to the chosen
    2562         backend. There are three options available for all domains:
     2580</h3></div></div></div><a class="indexterm" name="id318780"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2581        ID mapping in Samba is the mapping between Windows SIDs and Unix user
     2582        and group IDs. This is performed by Winbindd with a configurable plugin
     2583        interface. Samba's ID mapping is configured by options starting with the
     2584        <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> prefix.
     2585        An idmap option consists of the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a>
     2586        prefix, followed by a domain name or the asterisk character (*),
     2587        a colon, and the name of an idmap setting for the chosen domain.
     2588        </p><p>
     2589        The idmap configuration is hence divided into groups, one group
     2590        for each domain to be configured, and one group with the the
     2591        asterisk instead of a proper domain name, which speifies the
     2592        default configuration that is used to catch all domains that do
     2593        not have an explicit idmap configuration of their own.
     2594        </p><p>
     2595        There are three general options available:
    25632596        </p><div class="variablelist"><dl><dt><span class="term">backend = backend_name</span></dt><dd><p>
    2564                         Specifies the name of the idmap plugin to use as the
    2565                         SID/uid/gid backend for this domain.
     2597                This specifies the name of the idmap plugin to use as the
     2598                SID/uid/gid backend for this domain. The standard backends are
     2599                tdb
     2600                (<a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>),
     2601                tdb2
     2602                (<a class="citerefentry" href="idmap_tdb2.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb2</span>(8)</span></a>),
     2603                ldap
     2604                (<a class="citerefentry" href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>),
     2605                ,
     2606                rid
     2607                (<a class="citerefentry" href="idmap_rid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_rid</span>(8)</span></a>),
     2608                ,
     2609                hash
     2610                (<a class="citerefentry" href="idmap_hash.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_hash</span>(8)</span></a>),
     2611                ,
     2612                autorid
     2613                (<a class="citerefentry" href="idmap_autorid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_autorid</span>(8)</span></a>),
     2614                ,
     2615                ad
     2616                (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>),
     2617                ,
     2618                adex
     2619                (<a class="citerefentry" href="idmap_adex.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_adex</span>(8)</span></a>),
     2620                ,
     2621                and nss.
     2622                (<a class="citerefentry" href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a>),
     2623                The corresponding manual pages contain the details, but
     2624                here is a summary.
     2625                </p><p>
     2626                The first three of these create mappings of their own using
     2627                internal unixid counters and store the mappings in a database.
     2628                These are suitable for use in the default idmap configuration.
     2629                The rid and hash backends use a pure algorithmic calculation
     2630                to determine the unixid for a SID. The autorid module is a
     2631                mixture of the tdb and rid backend. It creates ranges for
     2632                each domain encountered and then uses the rid algorithm for each
     2633                of these automatically configured domains individually.
     2634                The ad and adex
     2635                backends both use unix IDs stored in Active Directory via
     2636                the standard schema extensions. The nss backend reverses
     2637                the standard winbindd setup and gets the unixids via names
     2638                from nsswitch which can be useful in an ldap setup.
    25662639                </p></dd><dt><span class="term">range = low - high</span></dt><dd><p>
    25672640                Defines the available matching uid and gid range for which the
    2568                 backend is authoritative.  Note that the range commonly
    2569                 matches the allocation range due to the fact that the same
    2570                 backend will store and retrieve SID/uid/gid mapping entries.
    2571                 </p><p>
     2641                backend is authoritative. For allocating backends, this also
     2642                defines the start and the end of the range for allocating
     2643                new unid IDs.
     2644                </p><p>
    25722645                winbind uses this parameter to find the backend that is
    2573                 authoritative for a unix ID to SID mapping, so it must be set
    2574                 for each individually configured domain, and it must be
    2575                 disjoint from the ranges set via <a class="link" href="smb.conf.5.html#IDMAPUID" target="_top">idmap                 uid</a> and <a class="link" href="smb.conf.5.html#IDMAPGID" target="_top">idmap gid</a>.
     2646                authoritative for a unix ID to SID mapping, so it must be set
     2647                for each individually configured domain and for the default
     2648                configuration. The configured ranges must be mutually disjoint.
     2649                </p></dd><dt><span class="term">read only = yes|no</span></dt><dd><p>
     2650                This option can be used to turn the writing backends
     2651                tdb, tdb2, and ldap into read only mode. This can be useful
     2652                e.g. in cases where a pre-filled database exists that should
     2653                not be extended automatically.
    25762654                </p></dd></dl></div><p>
    2577         The following example illustrates how to configure the <a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a> for the CORP domain and the
     2655        The following example illustrates how to configure the <a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a> backend for the CORP domain and the
    25782656        <a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a> backend for all other
    25792657        domains. This configuration assumes that the admin of CORP assigns
     
    25822660        domains and for local groups for example.
    25832661        </p><pre class="programlisting">
    2584         idmap backend = tdb
    2585         idmap uid = 1000000-1999999
    2586         idmap gid = 1000000-1999999
     2662        idmap config * : backend = tdb
     2663        idmap config * : range = 1000000-1999999
    25872664
    25882665        idmap config CORP : backend  = ad
    25892666        idmap config CORP : range = 1000-999999
    2590         </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="winbind gid"><div class="titlepage"><div><div><h3 class="title"><a name="id318868"></a>
     2667        </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="winbind gid"><div class="titlepage"><div><div><h3 class="title"><a name="id319002"></a>
    25912668
    25922669<a name="WINBINDGID"></a>winbind gid
    2593 </h3></div></div></div><a class="indexterm" name="id318869"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" title="idmap gid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318899"></a>
     2670</h3></div></div></div><a class="indexterm" name="id319003"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" title="idmap gid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319034"></a>
    25942671
    25952672idmap gid (G)
    2596 </h3></div></div></div><a class="indexterm" name="id318900"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids
    2597         that are allocated for the purpose of mapping UNX groups to NT group
    2598         SIDs. This range of group ids should have no
    2599         existing local or NIS groups within it as strange conflicts can
    2600         occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a>, and
    2601         <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> options.
    2602         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal"></code>
     2673</h3></div></div></div><a class="indexterm" name="id319036"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2674        The idmap gid parameter specifies the range of group ids
     2675        for the default idmap configuration. It is now deprecated
     2676        in favour of <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:RANGE" target="_top">idmap config * : range</a>.
     2677        </p><p>See the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal"></code>
    26032678</em></span>
    26042679</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code>
    26052680</em></span>
    2606 </p></dd></dl></div></div><div class="section" title="idmap negative cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318983"></a>
     2681</p></dd></dl></div></div><div class="section" title="idmap negative cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319118"></a>
    26072682
    26082683idmap negative cache time (G)
    2609 </h3></div></div></div><a class="indexterm" name="id318984"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
     2684</h3></div></div></div><a class="indexterm" name="id319120"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's
    26102685        idmap interface will cache negative SID/uid/gid query results.
    26112686        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code>
    26122687</em></span>
    2613 </p></dd></dl></div></div><div class="section" title="winbind uid"><div class="titlepage"><div><div><h3 class="title"><a name="id319026"></a>
     2688</p></dd></dl></div></div><div class="section" title="winbind uid"><div class="titlepage"><div><div><h3 class="title"><a name="id319161"></a>
    26142689
    26152690<a name="WINBINDUID"></a>winbind uid
    2616 </h3></div></div></div><a class="indexterm" name="id319027"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" title="idmap uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319057"></a>
     2691</h3></div></div></div><a class="indexterm" name="id319162"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" title="idmap uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319193"></a>
    26172692
    26182693idmap uid (G)
    2619 </h3></div></div></div><a class="indexterm" name="id319058"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
    2620         The idmap uid parameter specifies the range of user ids that are
    2621         allocated for use in mapping UNIX users to NT user SIDs. This
    2622         range of ids should have no existing local
    2623         or NIS users within it as strange conflicts can occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a> and
    2624         <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> options.
    2625         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal"></code>
     2694</h3></div></div></div><a class="indexterm" name="id319194"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2695        The idmap uid parameter specifies the range of user ids for
     2696        the default idmap configuration. It is now deprecated in favour
     2697        of <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:RANGE" target="_top">idmap config * : range</a>.
     2698        </p><p>See the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal"></code>
    26262699</em></span>
    26272700</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal">10000-20000</code>
    26282701</em></span>
    2629 </p></dd></dl></div></div><div class="section" title="include (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319139"></a>
     2702</p></dd></dl></div></div><div class="section" title="include (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319274"></a>
    26302703
    26312704include (G)
    2632 </h3></div></div></div><a class="indexterm" name="id319140"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2705</h3></div></div></div><a class="indexterm" name="id319276"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    26332706        This allows you to include one config file inside another.  The file is included literally, as though typed
    26342707        in place.
     
    26482721</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>include</code></em> = <code class="literal">/usr/local/samba/lib/admin_smb.conf</code>
    26492722</em></span>
    2650 </p></dd></dl></div></div><div class="section" title="inherit acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319236"></a>
     2723</p></dd></dl></div></div><div class="section" title="inherit acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319371"></a>
    26512724
    26522725inherit acls (S)
    2653 </h3></div></div></div><a class="indexterm" name="id319237"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls
     2726</h3></div></div></div><a class="indexterm" name="id319372"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls
    26542727    exist on parent directories, they are always honored when creating a
    26552728    new file or subdirectory in these parent directories. The default
     
    26642737</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit acls</code></em> = <code class="literal">no</code>
    26652738</em></span>
    2666 </p></dd></dl></div></div><div class="section" title="inherit owner (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319282"></a>
     2739</p></dd></dl></div></div><div class="section" title="inherit owner (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319417"></a>
    26672740
    26682741inherit owner (S)
    2669 </h3></div></div></div><a class="indexterm" name="id319283"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
     2742</h3></div></div></div><a class="indexterm" name="id319418"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories
    26702743        is normally governed by effective uid of the connected user.
    26712744        This option allows the Samba administrator to specify that
     
    26762749        roaming profile directory are actually owner by the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit owner</code></em> = <code class="literal">no</code>
    26772750</em></span>
    2678 </p></dd></dl></div></div><div class="section" title="inherit permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319330"></a>
     2751</p></dd></dl></div></div><div class="section" title="inherit permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319465"></a>
    26792752
    26802753inherit permissions (S)
    2681 </h3></div></div></div><a class="indexterm" name="id319331"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2754</h3></div></div></div><a class="indexterm" name="id319466"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    26822755        The permissions on new files and directories are normally governed by <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>,
    26832756        <a class="link" href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a>, <a class="link" href="smb.conf.5.html#FORCECREATEMODE" target="_top">force create mode</a> and <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" target="_top">force directory mode</a> but the boolean inherit permissions parameter overrides this.
     
    26912764    share to be used flexibly by each user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit permissions</code></em> = <code class="literal">no</code>
    26922765</em></span>
    2693 </p></dd></dl></div></div><div class="section" title="init logon delayed hosts (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319468"></a>
     2766</p></dd></dl></div></div><div class="section" title="init logon delayed hosts (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319603"></a>
    26942767
    26952768init logon delayed hosts (G)
    2696 </h3></div></div></div><a class="indexterm" name="id319469"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2769</h3></div></div></div><a class="indexterm" name="id319604"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    26972770        This parameter takes a list of host names, addresses or networks for
    26982771        which the initial samlogon reply should be delayed (so other DCs get
     
    27052778</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>init logon delayed hosts</code></em> = <code class="literal">150.203.5. myhost.mynet.de</code>
    27062779</em></span>
    2707 </p></dd></dl></div></div><div class="section" title="init logon delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319541"></a>
     2780</p></dd></dl></div></div><div class="section" title="init logon delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319677"></a>
    27082781
    27092782init logon delay (G)
    2710 </h3></div></div></div><a class="indexterm" name="id319542"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2783</h3></div></div></div><a class="indexterm" name="id319678"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27112784        This parameter specifies a delay in milliseconds for the hosts configured
    27122785        for delayed initial samlogon with
     
    27142787        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>init logon delay</code></em> = <code class="literal">100</code>
    27152788</em></span>
    2716 </p></dd></dl></div></div><div class="section" title="interfaces (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319594"></a>
     2789</p></dd></dl></div></div><div class="section" title="interfaces (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319729"></a>
    27172790
    27182791interfaces (G)
    2719 </h3></div></div></div><a class="indexterm" name="id319595"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
     2792</h3></div></div></div><a class="indexterm" name="id319730"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default
    27202793        network interfaces list that Samba will use for browsing, name
    27212794        registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query
     
    27412814</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>interfaces</code></em> = <code class="literal">eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</code>
    27422815</em></span>
    2743 </p></dd></dl></div></div><div class="section" title="invalid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319699"></a>
     2816</p></dd></dl></div></div><div class="section" title="invalid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319835"></a>
    27442817
    27452818invalid users (S)
    2746 </h3></div></div></div><a class="indexterm" name="id319700"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
     2819</h3></div></div></div><a class="indexterm" name="id319836"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed
    27472820    to login to this service. This is really a <span class="emphasis"><em>paranoid</em></span>
    27482821    check to absolutely ensure an improper setting does not breach
     
    27642837</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>invalid users</code></em> = <code class="literal">root fred admin @wheel</code>
    27652838</em></span>
    2766 </p></dd></dl></div></div><div class="section" title="iprint server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319800"></a>
     2839</p></dd></dl></div></div><div class="section" title="iprint server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319936"></a>
    27672840
    27682841iprint server (G)
    2769 </h3></div></div></div><a class="indexterm" name="id319801"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2842</h3></div></div></div><a class="indexterm" name="id319937"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27702843    This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">iprint</code>.
    27712844    </p><p>
     
    27762849</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code>
    27772850</em></span>
    2778 </p></dd></dl></div></div><div class="section" title="keepalive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319882"></a>
     2851</p></dd></dl></div></div><div class="section" title="keepalive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320018"></a>
    27792852
    27802853keepalive (G)
    2781 </h3></div></div></div><a class="indexterm" name="id319884"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
     2854</h3></div></div></div><a class="indexterm" name="id320019"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents
    27822855    the number of seconds between <em class="parameter"><code>keepalive</code></em>
    27832856    packets. If this parameter is zero, no keepalive packets will be
     
    27892862</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = <code class="literal">600</code>
    27902863</em></span>
    2791 </p></dd></dl></div></div><div class="section" title="kerberos method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319964"></a>
     2864</p></dd></dl></div></div><div class="section" title="kerberos method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320100"></a>
    27922865
    27932866kerberos method (G)
    2794 </h3></div></div></div><a class="indexterm" name="id319965"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2867</h3></div></div></div><a class="indexterm" name="id320101"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p>
    27952868        Controls how kerberos tickets are verified.
    27962869        </p><p>Valid options are:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>secrets only - use only the secrets.tdb for
     
    28092882        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kerberos method</code></em> = <code class="literal">secrets only</code>
    28102883</em></span>
    2811 </p></dd></dl></div></div><div class="section" title="kernel change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id320053"></a>
     2884</p></dd></dl></div></div><div class="section" title="kernel change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id320189"></a>
    28122885
    28132886kernel change notify (S)
    2814 </h3></div></div></div><a class="indexterm" name="id320054"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
     2887</h3></div></div></div><a class="indexterm" name="id320190"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the
    28152888        kernel for change notifications in directories so that
    28162889        SMB clients can refresh whenever the data on the server changes.
     
    28192892        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = <code class="literal">yes</code>
    28202893</em></span>
    2821 </p></dd></dl></div></div><div class="section" title="kernel oplocks (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320099"></a>
     2894</p></dd></dl></div></div><div class="section" title="kernel oplocks (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320235"></a>
    28222895
    28232896kernel oplocks (G)
    2824 </h3></div></div></div><a class="indexterm" name="id320100"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
     2897</h3></div></div></div><a class="indexterm" name="id320236"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
    28252898        (currently only IRIX and the Linux 2.4 kernel), this parameter
    28262899        allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks
     
    28322905        You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code>
    28332906</em></span>
    2834 </p></dd></dl></div></div><div class="section" title="lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320181"></a>
     2907</p></dd></dl></div></div><div class="section" title="lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320317"></a>
    28352908
    28362909lanman auth (G)
    2837 </h3></div></div></div><a class="indexterm" name="id320182"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
     2910</h3></div></div></div><a class="indexterm" name="id320318"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
    28382911    authenticate users or permit password changes
    28392912    using the LANMAN password hash. If disabled, only clients which support NT
     
    28572930    special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code>
    28582931</em></span>
    2859 </p></dd></dl></div></div><div class="section" title="large readwrite (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320276"></a>
     2932</p></dd></dl></div></div><div class="section" title="large readwrite (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320412"></a>
    28602933
    28612934large readwrite (G)
    2862 </h3></div></div></div><a class="indexterm" name="id320277"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
     2935</h3></div></div></div><a class="indexterm" name="id320413"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
    28632936    <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> supports the new 64k
    28642937    streaming read and write variant SMB requests introduced with
     
    28692942        tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code>
    28702943</em></span>
    2871 </p></dd></dl></div></div><div class="section" title="ldap admin dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320328"></a>
     2944</p></dd></dl></div></div><div class="section" title="ldap admin dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320464"></a>
    28722945
    28732946ldap admin dn (G)
    2874 </h3></div></div></div><a class="indexterm" name="id320329"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2947</h3></div></div></div><a class="indexterm" name="id320465"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>
    28752948        The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished  Name (DN) name used by Samba to contact
    28762949        the ldap server when retreiving  user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used
     
    28802953        </p><p>
    28812954        The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap  suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a>.
    2882         </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="ldap connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320431"></a>
     2955        </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="ldap connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320566"></a>
    28832956
    28842957ldap connection timeout (G)
    2885 </h3></div></div></div><a class="indexterm" name="id320432"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2958</h3></div></div></div><a class="indexterm" name="id320567"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    28862959        This parameter tells the LDAP library calls which timeout in seconds
    28872960        they should honor during initial connection establishments to LDAP servers.
     
    28952968        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap connection timeout</code></em> = <code class="literal">2</code>
    28962969</em></span>
    2897 </p></dd></dl></div></div><div class="section" title="ldap debug level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320489"></a>
     2970</p></dd></dl></div></div><div class="section" title="ldap debug level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320625"></a>
    28982971
    28992972ldap debug level (G)
    2900 </h3></div></div></div><a class="indexterm" name="id320490"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2973</h3></div></div></div><a class="indexterm" name="id320626"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    29012974                This parameter controls the debug level of the LDAP library
    29022975                calls. In the case of OpenLDAP, it is the same
     
    29152988</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug level</code></em> = <code class="literal">1</code>
    29162989</em></span>
    2917 </p></dd></dl></div></div><div class="section" title="ldap debug threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320573"></a>
     2990</p></dd></dl></div></div><div class="section" title="ldap debug threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320708"></a>
    29182991
    29192992ldap debug threshold (G)
    2920 </h3></div></div></div><a class="indexterm" name="id320574"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
     2993</h3></div></div></div><a class="indexterm" name="id320710"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>
    29212994                This parameter controls the Samba debug level at which
    29222995                the ldap library debug output is
     
    29273000</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code>
    29283001</em></span>
    2929 </p></dd></dl></div></div><div class="section" title="ldap delete dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320638"></a>
     3002</p></dd></dl></div></div><div class="section" title="ldap delete dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320773"></a>
    29303003
    29313004ldap delete dn (G)
    2932 </h3></div></div></div><a class="indexterm" name="id320639"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
     3005</h3></div></div></div><a class="indexterm" name="id320774"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete
    29333006        operation in the ldapsam deletes the complete entry or only the attributes
    29343007        specific to Samba.
    29353008        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code>
    29363009</em></span>
    2937 </p></dd></dl></div></div><div class="section" title="ldap deref (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320680"></a>
     3010</p></dd></dl></div></div><div class="section" title="ldap deref (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320815"></a>
    29383011
    29393012ldap deref (G)
    2940 </h3></div></div></div><a class="indexterm" name="id320681"></a><a name="LDAPDEREF"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether Samba should tell the LDAP library
     3013</h3></div></div></div><a class="indexterm" name="id320816"></a><a name="LDAPDEREF"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether Samba should tell the LDAP library
    29413014        to use a certain alias dereferencing method. The default is
    29423015        <span class="emphasis"><em>auto</em></span>, which means that the default setting of the
     
    29493022</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap deref</code></em> = <code class="literal">searching</code>
    29503023</em></span>
    2951 </p></dd></dl></div></div><div class="section" title="ldap follow referral (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320757"></a>
     3024</p></dd></dl></div></div><div class="section" title="ldap follow referral (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320893"></a>
    29523025
    29533026ldap follow referral (G)
    2954 </h3></div></div></div><a class="indexterm" name="id320758"></a><a name="LDAPFOLLOWREFERRAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether to follow LDAP referrals or not when
     3027</h3></div></div></div><a class="indexterm" name="id320894"></a><a name="LDAPFOLLOWREFERRAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether to follow LDAP referrals or not when
    29553028        searching for entries in the LDAP database. Possible values are
    29563029        <span class="emphasis"><em>on</em></span> to enable following referrals,
     
    29633036</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap follow referral</code></em> = <code class="literal">off</code>
    29643037</em></span>
    2965 </p></dd></dl></div></div><div class="section" title="ldap group suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320828"></a>
     3038</p></dd></dl></div></div><div class="section" title="ldap group suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320964"></a>
    29663039
    29673040ldap group suffix (G)
    2968 </h3></div></div></div><a class="indexterm" name="id320829"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
     3041</h3></div></div></div><a class="indexterm" name="id320965"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is
    29693042        used for groups when these are added to the LDAP directory.
    29703043        If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix string is pre-pended to the
     
    29733046</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal">ou=Groups</code>
    29743047</em></span>
    2975 </p></dd></dl></div></div><div class="section" title="ldap idmap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320908"></a>
     3048</p></dd></dl></div></div><div class="section" title="ldap idmap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321044"></a>
    29763049
    29773050ldap idmap suffix (G)
    2978 </h3></div></div></div><a class="indexterm" name="id320909"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3051</h3></div></div></div><a class="indexterm" name="id321045"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    29793052        This parameters specifies the suffix that is used when storing idmap mappings. If this parameter
    29803053        is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix
     
    29843057</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal">ou=Idmap</code>
    29853058</em></span>
    2986 </p></dd></dl></div></div><div class="section" title="ldap machine suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320987"></a>
     3059</p></dd></dl></div></div><div class="section" title="ldap machine suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321123"></a>
    29873060
    29883061ldap machine suffix (G)
    2989 </h3></div></div></div><a class="indexterm" name="id320988"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3062</h3></div></div></div><a class="indexterm" name="id321124"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    29903063        It specifies where machines should be added to the ldap tree.  If this parameter is unset, the value of
    29913064        <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix string is pre-pended to the
     
    29953068</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = <code class="literal">ou=Computers</code>
    29963069</em></span>
    2997 </p></dd></dl></div></div><div class="section" title="ldap page size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321066"></a>
     3070</p></dd></dl></div></div><div class="section" title="ldap page size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321202"></a>
    29983071
    29993072ldap page size (G)
    3000 </h3></div></div></div><a class="indexterm" name="id321067"></a><a name="LDAPPAGESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3073</h3></div></div></div><a class="indexterm" name="id321203"></a><a name="LDAPPAGESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    30013074        This parameter specifies the number of entries per page.
    30023075        </p><p>If the LDAP server supports paged results, clients can
     
    30073080</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">512</code>
    30083081</em></span>
    3009 </p></dd></dl></div></div><div class="section" title="ldap passwd sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321129"></a>
     3082</p></dd></dl></div></div><div class="section" title="ldap passwd sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321265"></a>
    30103083
    30113084ldap passwd sync (G)
    3012 </h3></div></div></div><a class="indexterm" name="id321130"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3085</h3></div></div></div><a class="indexterm" name="id321266"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    30133086        This option is used to define whether or not Samba should sync the LDAP password with the NT
    30143087        and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password
     
    30213094                        the LDAP password and let the LDAP server do the rest.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap passwd sync</code></em> = <code class="literal">no</code>
    30223095</em></span>
    3023 </p></dd></dl></div></div><div class="section" title="ldap replication sleep (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321224"></a>
     3096</p></dd></dl></div></div><div class="section" title="ldap replication sleep (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321360"></a>
    30243097
    30253098ldap replication sleep (G)
    3026 </h3></div></div></div><a class="indexterm" name="id321226"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3099</h3></div></div></div><a class="indexterm" name="id321361"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    30273100        When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server.
    30283101        This server then replicates our changes back to the 'local' server, however the replication might take some seconds,
     
    30373110        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code>
    30383111</em></span>
    3039 </p></dd></dl></div></div><div class="section" title="ldapsam:editposix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321280"></a>
     3112</p></dd></dl></div></div><div class="section" title="ldapsam:editposix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321416"></a>
    30403113
    30413114ldapsam:editposix (G)
    3042 </h3></div></div></div><a class="indexterm" name="id321281"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3115</h3></div></div></div><a class="indexterm" name="id321417"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    30433116        Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
    30443117        eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
     
    31183191        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = <code class="literal">no</code>
    31193192</em></span>
    3120 </p></dd></dl></div></div><div class="section" title="ldapsam:trusted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321385"></a>
     3193</p></dd></dl></div></div><div class="section" title="ldapsam:trusted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321521"></a>
    31213194
    31223195ldapsam:trusted (G)
    3123 </h3></div></div></div><a class="indexterm" name="id321386"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3196</h3></div></div></div><a class="indexterm" name="id321522"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
    31243197        By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
    31253198        access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group
     
    31393212        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:trusted</code></em> = <code class="literal">no</code>
    31403213</em></span>
    3141 </p></dd></dl></div></div><div class="section" title="ldap ssl ads (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321460"></a>
     3214</p></dd></dl></div></div><div class="section" title="ldap ssl ads (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321595"></a>
    31423215
    31433216ldap ssl ads (G)
    3144 </h3></div></div></div><a class="indexterm" name="id321461"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
     3217</h3></div></div></div><a class="indexterm" name="id321596"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
    31453218        use SSL when connecting to the ldap server using
    31463219        <span class="emphasis"><em>ads</em></span> methods.
     
    31523225        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl ads</code></em> = <code class="literal">no</code>
    31533226</em></span>
    3154 </p></dd></dl></div></div><div class="section" title="ldap ssl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321542"></a>
     3227</p></dd></dl></div></div><div class="section" title="ldap ssl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321677"></a>
    31553228
    31563229ldap ssl (G)
    3157 </h3></div></div></div><a class="indexterm" name="id321543"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
     3230</h3></div></div></div><a class="indexterm" name="id321678"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should
    31583231        use SSL when connecting to the ldap server
    31593232        This is <span class="emphasis"><em>NOT</em></span> related to
     
    31803253        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code>
    31813254</em></span>
    3182 </p></dd></dl></div></div><div class="section" title="ldap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321726"></a>
     3255</p></dd></dl></div></div><div class="section" title="ldap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321862"></a>
    31833256
    31843257ldap suffix (G)
    3185 </h3></div></div></div><a class="indexterm" name="id321727"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
     3258</h3></div></div></div><a class="indexterm" name="id321863"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
    31863259        The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>,
    31873260         <a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the
     
    31923265</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code>
    31933266</em></span>
    3194 </p></dd></dl></div></div><div class="section" title="ldap timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321842"></a>
     3267</p></dd></dl></div></div><div class="section" title="ldap timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321978"></a>
    31953268
    31963269ldap timeout (G)
    3197 </h3></div></div></div><a class="indexterm" name="id321843"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3270</h3></div></div></div><a class="indexterm" name="id321979"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    31983271        This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
    31993272        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code>
    32003273</em></span>
    3201 </p></dd></dl></div></div><div class="section" title="ldap user suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321882"></a>
     3274</p></dd></dl></div></div><div class="section" title="ldap user suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322018"></a>
    32023275
    32033276ldap user suffix (G)
    3204 </h3></div></div></div><a class="indexterm" name="id321883"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3277</h3></div></div></div><a class="indexterm" name="id322019"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>
    32053278        This parameter specifies where users are added to the tree. If this parameter is unset,
    32063279        the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead.  The suffix
     
    32103283</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal">ou=people</code>
    32113284</em></span>
    3212 </p></dd></dl></div></div><div class="section" title="level2 oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id321961"></a>
     3285</p></dd></dl></div></div><div class="section" title="level2 oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id322097"></a>
    32133286
    32143287level2 oplocks (S)
    3215 </h3></div></div></div><a class="indexterm" name="id321962"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
     3288</h3></div></div></div><a class="indexterm" name="id322098"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports
    32163289        level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients
    32173290        that have an oplock on a file to downgrade from a read-write oplock
     
    32333306        this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code>
    32343307</em></span>
    3235 </p></dd></dl></div></div><div class="section" title="lm announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322056"></a>
     3308</p></dd></dl></div></div><div class="section" title="lm announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322192"></a>
    32363309
    32373310lm announce (G)
    3238 </h3></div></div></div><a class="indexterm" name="id322058"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
     3311</h3></div></div></div><a class="indexterm" name="id322193"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce
    32393312        broadcasts that are needed by OS/2 clients in order for them to see
    32403313        the Samba server in their browse list. This parameter can have three
     
    32523325</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">yes</code>
    32533326</em></span>
    3254 </p></dd></dl></div></div><div class="section" title="lm interval (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322172"></a>
     3327</p></dd></dl></div></div><div class="section" title="lm interval (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322307"></a>
    32553328
    32563329lm interval (G)
    3257 </h3></div></div></div><a class="indexterm" name="id322173"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
     3330</h3></div></div></div><a class="indexterm" name="id322308"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce
    32583331        broadcasts needed by OS/2 clients (see the
    32593332                <a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> parameter) then this
     
    32653338</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code>
    32663339</em></span>
    3267 </p></dd></dl></div></div><div class="section" title="load printers (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322253"></a>
     3340</p></dd></dl></div></div><div class="section" title="load printers (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322388"></a>
    32683341
    32693342load printers (G)
    3270 </h3></div></div></div><a class="indexterm" name="id322254"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
     3343</h3></div></div></div><a class="indexterm" name="id322390"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all
    32713344    printers in the printcap will be loaded for browsing by default.
    32723345    See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for
    32733346    more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code>
    32743347</em></span>
    3275 </p></dd></dl></div></div><div class="section" title="local master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322307"></a>
     3348</p></dd></dl></div></div><div class="section" title="local master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322442"></a>
    32763349
    32773350local master (G)
    3278 </h3></div></div></div><a class="indexterm" name="id322308"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
     3351</h3></div></div></div><a class="indexterm" name="id322443"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser
    32793352        on a subnet. If set to <code class="constant">no</code> then <code class="literal">
    32803353        nmbd</code> will not attempt to become a local master browser
     
    32863359master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code>
    32873360</em></span>
    3288 </p></dd></dl></div></div><div class="section" title="lock dir"><div class="titlepage"><div><div><h3 class="title"><a name="id322403"></a>
     3361</p></dd></dl></div></div><div class="section" title="lock dir"><div class="titlepage"><div><div><h3 class="title"><a name="id322539"></a>
    32893362
    32903363<a name="LOCKDIR"></a>lock dir
    3291 </h3></div></div></div><a class="indexterm" name="id322404"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" title="lock directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322434"></a>
     3364</h3></div></div></div><a class="indexterm" name="id322540"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" title="lock directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322570"></a>
    32923365
    32933366lock directory (G)
    3294 </h3></div></div></div><a class="indexterm" name="id322436"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
     3367</h3></div></div></div><a class="indexterm" name="id322571"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock
    32953368        files will be placed.  The lock files are used to implement the
    32963369        <a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option.
     
    33023375</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = <code class="literal">/var/run/samba/locks</code>
    33033376</em></span>
    3304 </p></dd></dl></div></div><div class="section" title="locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id322509"></a>
     3377</p></dd></dl></div></div><div class="section" title="locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id322644"></a>
    33053378
    33063379locking (S)
    3307 </h3></div></div></div><a class="indexterm" name="id322510"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
     3380</h3></div></div></div><a class="indexterm" name="id322645"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be
    33083381        performed by the server in response to lock requests from the
    33093382        client.</p><p>If <code class="literal">locking = no</code>, all lock and unlock
     
    33153388        is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a
    33163389        specific service, as lack of locking may result in data corruption.
    3317         You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="lock spin count (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322578"></a>
     3390        You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="lock spin count (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322713"></a>
    33183391
    33193392lock spin count (G)
    3320 </h3></div></div></div><a class="indexterm" name="id322579"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
     3393</h3></div></div></div><a class="indexterm" name="id322714"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
    33213394        The functionality it contolled is now controlled by the parameter
    33223395        <a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>.
    33233396        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code>
    33243397</em></span>
    3325 </p></dd></dl></div></div><div class="section" title="lock spin time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322631"></a>
     3398</p></dd></dl></div></div><div class="section" title="lock spin time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322766"></a>
    33263399
    33273400lock spin time (G)
    3328 </h3></div></div></div><a class="indexterm" name="id322632"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in milliseconds that smbd should
     3401</h3></div></div></div><a class="indexterm" name="id322767"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in milliseconds that smbd should
    33293402        keep waiting to see if a failed lock request can
    33303403        be granted. This parameter has changed in default
     
    33343407        to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code>
    33353408</em></span>
    3336 </p></dd></dl></div></div><div class="section" title="log file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322685"></a>
     3409</p></dd></dl></div></div><div class="section" title="log file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322820"></a>
    33373410
    33383411log file (G)
    3339 </h3></div></div></div><a class="indexterm" name="id322686"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3412</h3></div></div></div><a class="indexterm" name="id322821"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    33403413    This option allows you to override the name of the Samba log file (also known as the debug file).
    33413414    </p><p>
     
    33433416    </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code>
    33443417</em></span>
    3345 </p></dd></dl></div></div><div class="section" title="debuglevel"><div class="titlepage"><div><div><h3 class="title"><a name="id322735"></a>
     3418</p></dd></dl></div></div><div class="section" title="debuglevel"><div class="titlepage"><div><div><h3 class="title"><a name="id322870"></a>
    33463419
    33473420<a name="DEBUGLEVEL"></a>debuglevel
    3348 </h3></div></div></div><a class="indexterm" name="id322736"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" title="log level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322766"></a>
     3421</h3></div></div></div><a class="indexterm" name="id322872"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" title="log level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322901"></a>
    33493422
    33503423log level (G)
    3351 </h3></div></div></div><a class="indexterm" name="id322767"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3424</h3></div></div></div><a class="indexterm" name="id322902"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    33523425    The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
    33533426    <code class="filename">smb.conf</code> file.
     
    33603433</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code>
    33613434</em></span>
    3362 </p></dd></dl></div></div><div class="section" title="logon drive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322995"></a>
     3435</p></dd></dl></div></div><div class="section" title="logon drive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323130"></a>
    33633436
    33643437logon drive (G)
    3365 </h3></div></div></div><a class="indexterm" name="id322996"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3438</h3></div></div></div><a class="indexterm" name="id323131"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    33663439        This parameter specifies the local path to which the home directory will be
    33673440        connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT
     
    33733446</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon drive</code></em> = <code class="literal">h:</code>
    33743447</em></span>
    3375 </p></dd></dl></div></div><div class="section" title="logon home (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323068"></a>
     3448</p></dd></dl></div></div><div class="section" title="logon home (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323203"></a>
    33763449
    33773450logon home (G)
    3378 </h3></div></div></div><a class="indexterm" name="id323069"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3451</h3></div></div></div><a class="indexterm" name="id323204"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    33793452        This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. 
    33803453        It allows you to do
     
    34073480</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code>
    34083481</em></span>
    3409 </p></dd></dl></div></div><div class="section" title="logon path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323221"></a>
     3482</p></dd></dl></div></div><div class="section" title="logon path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323356"></a>
    34103483
    34113484logon path (G)
    3412 </h3></div></div></div><a class="indexterm" name="id323222"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3485</h3></div></div></div><a class="indexterm" name="id323357"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>
    34133486        This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are
    34143487        stored.  Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
     
    34543527        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>logon path</code></em> = <code class="literal">\\%N\%U\profile</code>
    34553528</em></span>
    3456 </p></dd></dl></div></div><div class="section" title="logon script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323372"></a>
     3529</p></dd></dl></div></div><div class="section" title="logon script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323503"></a>
    34573530
    34583531logon script (G)
    3459 </h3></div></div></div><a class="indexterm" name="id323373"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3532</h3></div></div></div><a class="indexterm" name="id323504"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    34603533        This parameter specifies the batch file (<code class="filename">.bat</code>) or NT command file
    34613534        (<code class="filename">.cmd</code>) to be downloaded and run on a machine when a user successfully logs in.  The file
     
    34883561</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon script</code></em> = <code class="literal">scripts\%U.bat</code>
    34893562</em></span>
    3490 </p></dd></dl></div></div><div class="section" title="log writeable files on exit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323529"></a>
     3563</p></dd></dl></div></div><div class="section" title="log writeable files on exit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323660"></a>
    34913564
    34923565log writeable files on exit (G)
    3493 </h3></div></div></div><a class="indexterm" name="id323530"></a><a name="LOGWRITEABLEFILESONEXIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3566</h3></div></div></div><a class="indexterm" name="id323661"></a><a name="LOGWRITEABLEFILESONEXIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    34943567        When the network connection between a CIFS client and Samba
    34953568        dies, Samba has no option but to simply shut down the server
     
    35053578        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>log writeable files on exit</code></em> = <code class="literal">no</code>
    35063579</em></span>
    3507 </p></dd></dl></div></div><div class="section" title="lppause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323576"></a>
     3580</p></dd></dl></div></div><div class="section" title="lppause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323707"></a>
    35083581
    35093582lppause command (S)
    3510 </h3></div></div></div><a class="indexterm" name="id323577"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3583</h3></div></div></div><a class="indexterm" name="id323708"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    35113584    executed on the server host in order to stop printing or spooling
    35123585    a specific print job.</p><p>This command should be a program or script which takes
     
    35323605</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p0</code>
    35333606</em></span>
    3534 </p></dd></dl></div></div><div class="section" title="lpq cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323712"></a>
     3607</p></dd></dl></div></div><div class="section" title="lpq cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323843"></a>
    35353608
    35363609lpq cache time (G)
    3537 </h3></div></div></div><a class="indexterm" name="id323713"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
     3610</h3></div></div></div><a class="indexterm" name="id323844"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached
    35383611        for to prevent the <code class="literal">lpq</code> command being called too
    35393612        often. A separate cache is kept for each variation of the <code class="literal">
     
    35483621</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = <code class="literal">10</code>
    35493622</em></span>
    3550 </p></dd></dl></div></div><div class="section" title="lpq command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323823"></a>
     3623</p></dd></dl></div></div><div class="section" title="lpq command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323954"></a>
    35513624
    35523625lpq command (S)
    3553 </h3></div></div></div><a class="indexterm" name="id323824"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3626</h3></div></div></div><a class="indexterm" name="id323956"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    35543627    executed on the server host in order to obtain <code class="literal">lpq
    35553628    </code>-style printer status information.</p><p>This command should be a program or script which
     
    35733646</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq command</code></em> = <code class="literal">/usr/bin/lpq -P%p</code>
    35743647</em></span>
    3575 </p></dd></dl></div></div><div class="section" title="lpresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323940"></a>
     3648</p></dd></dl></div></div><div class="section" title="lpresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324071"></a>
    35763649
    35773650lpresume command (S)
    3578 </h3></div></div></div><a class="indexterm" name="id323941"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3651</h3></div></div></div><a class="indexterm" name="id324072"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    35793652    executed on the server host in order to restart or continue
    35803653    printing or spooling a specific print job.</p><p>This command should be a program or script which takes
     
    35893662    is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code>
    35903663</em></span>
    3591 </p></dd></dl></div></div><div class="section" title="lprm command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324083"></a>
     3664</p></dd></dl></div></div><div class="section" title="lprm command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324215"></a>
    35923665
    35933666lprm command (S)
    3594 </h3></div></div></div><a class="indexterm" name="id324084"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     3667</h3></div></div></div><a class="indexterm" name="id324216"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    35953668    executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes
    35963669    a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
     
    36093682        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code>
    36103683</em></span>
    3611 </p></dd></dl></div></div><div class="section" title="machine password timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324165"></a>
     3684</p></dd></dl></div></div><div class="section" title="machine password timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324296"></a>
    36123685
    36133686machine password timeout (G)
    3614 </h3></div></div></div><a class="indexterm" name="id324166"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3687</h3></div></div></div><a class="indexterm" name="id324297"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    36153688        If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change
    36163689        the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
     
    36223695        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code>
    36233696</em></span>
    3624 </p></dd></dl></div></div><div class="section" title="magic output (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324249"></a>
     3697</p></dd></dl></div></div><div class="section" title="magic output (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324380"></a>
    36253698
    36263699magic output (S)
    3627 </h3></div></div></div><a class="indexterm" name="id324250"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3700</h3></div></div></div><a class="indexterm" name="id324381"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    36283701        This parameter specifies the name of a file which will contain output created by a magic script (see the
    36293702        <a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below).
     
    36343707</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code>
    36353708</em></span>
    3636 </p></dd></dl></div></div><div class="section" title="magic script (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324329"></a>
     3709</p></dd></dl></div></div><div class="section" title="magic script (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324460"></a>
    36373710
    36383711magic script (S)
    3639 </h3></div></div></div><a class="indexterm" name="id324330"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
     3712</h3></div></div></div><a class="indexterm" name="id324461"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,
    36403713        if opened, will be executed by the server when the file is closed.
    36413714        This allows a UNIX script to be sent to the Samba host and
     
    36533726</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code>
    36543727</em></span>
    3655 </p></dd></dl></div></div><div class="section" title="mangled names (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324427"></a>
     3728</p></dd></dl></div></div><div class="section" title="mangled names (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324558"></a>
    36563729
    36573730mangled names (S)
    3658 </h3></div></div></div><a class="indexterm" name="id324428"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
     3731</h3></div></div></div><a class="indexterm" name="id324559"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX
    36593732        should be mapped to DOS-compatible names ("mangled") and made visible,
    36603733        or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for
     
    36813754        do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code>
    36823755</em></span>
    3683 </p></dd></dl></div></div><div class="section" title="mangle prefix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324546"></a>
     3756</p></dd></dl></div></div><div class="section" title="mangle prefix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324677"></a>
    36843757
    36853758mangle prefix (G)
    3686 </h3></div></div></div><a class="indexterm" name="id324547"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
     3759</h3></div></div></div><a class="indexterm" name="id324678"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix
    36873760        characters from the original name used when generating
    36883761        the mangled names. A larger value will give a weaker
     
    36943767</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code>
    36953768</em></span>
    3696 </p></dd></dl></div></div><div class="section" title="mangling char (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324610"></a>
     3769</p></dd></dl></div></div><div class="section" title="mangling char (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324741"></a>
    36973770
    36983771mangling char (S)
    3699 </h3></div></div></div><a class="indexterm" name="id324611"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
     3772</h3></div></div></div><a class="indexterm" name="id324742"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as
    37003773        the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The
    37013774        default is a '~' but this may interfere with some software. Use this option to set
     
    37043777</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code>
    37053778</em></span>
    3706 </p></dd></dl></div></div><div class="section" title="mangling method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324684"></a>
     3779</p></dd></dl></div></div><div class="section" title="mangling method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324815"></a>
    37073780
    37083781mangling method (G)
    3709 </h3></div></div></div><a class="indexterm" name="id324685"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
     3782</h3></div></div></div><a class="indexterm" name="id324816"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating
    37103783        the mangled names. Can take two different values, "hash" and
    37113784        "hash2". "hash" is the algorithm that was used
     
    37183791</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code>
    37193792</em></span>
    3720 </p></dd></dl></div></div><div class="section" title="map acl inherit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324746"></a>
     3793</p></dd></dl></div></div><div class="section" title="map acl inherit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324877"></a>
    37213794
    37223795map acl inherit (S)
    3723 </h3></div></div></div><a class="indexterm" name="id324747"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
     3796</h3></div></div></div><a class="indexterm" name="id324878"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'
    37243797    access control entry flags stored in Windows ACLs into an extended attribute
    37253798    called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
     
    37293802    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map acl inherit</code></em> = <code class="literal">no</code>
    37303803</em></span>
    3731 </p></dd></dl></div></div><div class="section" title="map archive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324798"></a>
     3804</p></dd></dl></div></div><div class="section" title="map archive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324930"></a>
    37323805
    37333806map archive (S)
    3734 </h3></div></div></div><a class="indexterm" name="id324799"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3807</h3></div></div></div><a class="indexterm" name="id324931"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    37353808        This controls whether the DOS archive attribute
    37363809        should be mapped to the UNIX owner execute bit.  The DOS archive bit
     
    37453818        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code>
    37463819</em></span>
    3747 </p></dd></dl></div></div><div class="section" title="map hidden (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324867"></a>
     3820</p></dd></dl></div></div><div class="section" title="map hidden (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324999"></a>
    37483821
    37493822map hidden (S)
    3750 </h3></div></div></div><a class="indexterm" name="id324868"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3823</h3></div></div></div><a class="indexterm" name="id325000"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>
    37513824        This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
    37523825        </p><p>
     
    37543827        bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>
    37553828        for details.
    3756         </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="map readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324922"></a>
     3829        </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="map readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325053"></a>
    37573830
    37583831map readonly (S)
    3759 </h3></div></div></div><a class="indexterm" name="id324923"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3832</h3></div></div></div><a class="indexterm" name="id325054"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    37603833        This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
    37613834        </p><p>
     
    37823855                </p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map readonly</code></em> = <code class="literal">yes</code>
    37833856</em></span>
    3784 </p></dd></dl></div></div><div class="section" title="map system (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325064"></a>
     3857</p></dd></dl></div></div><div class="section" title="map system (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325195"></a>
    37853858
    37863859map system (S)
    3787 </h3></div></div></div><a class="indexterm" name="id325065"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3860</h3></div></div></div><a class="indexterm" name="id325196"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>
    37883861        This controls whether DOS style system files should be mapped to the UNIX group execute bit.
    37893862        </p><p>
     
    37933866        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code>
    37943867</em></span>
    3795 </p></dd></dl></div></div><div class="section" title="map to guest (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325130"></a>
     3868</p></dd></dl></div></div><div class="section" title="map to guest (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325262"></a>
    37963869
    37973870map to guest (G)
    3798 </h3></div></div></div><a class="indexterm" name="id325131"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
     3871</h3></div></div></div><a class="indexterm" name="id325263"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =
    37993872    security</a> modes other than <em class="parameter"><code>security = share</code></em>
    38003873    and <em class="parameter"><code>security = server</code></em>
     
    38383911</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code>
    38393912</em></span>
    3840 </p></dd></dl></div></div><div class="section" title="map untrusted to domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325346"></a>
     3913</p></dd></dl></div></div><div class="section" title="map untrusted to domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325478"></a>
    38413914
    38423915map untrusted to domain (G)
    3843 </h3></div></div></div><a class="indexterm" name="id325347"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3916</h3></div></div></div><a class="indexterm" name="id325479"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
    38443917    If a client connects to smbd using an untrusted domain name, such as
    38453918    BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
     
    38593932    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map untrusted to domain</code></em> = <code class="literal">no</code>
    38603933</em></span>
    3861 </p></dd></dl></div></div><div class="section" title="max connections (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325404"></a>
     3934</p></dd></dl></div></div><div class="section" title="max connections (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325536"></a>
    38623935
    38633936max connections (S)
    3864 </h3></div></div></div><a class="indexterm" name="id325405"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
     3937</h3></div></div></div><a class="indexterm" name="id325537"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.
    38653938    If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections
    38663939    will be refused if this number of connections to the service are already open. A value
     
    38703943</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">10</code>
    38713944</em></span>
    3872 </p></dd></dl></div></div><div class="section" title="max disk size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325486"></a>
     3945</p></dd></dl></div></div><div class="section" title="max disk size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325617"></a>
    38733946
    38743947max disk size (G)
    3875 </h3></div></div></div><a class="indexterm" name="id325487"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
     3948</h3></div></div></div><a class="indexterm" name="id325618"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit
    38763949    on the apparent size of disks. If you set this option to 100
    38773950    then all shares will appear to be not larger than 100 MB in
     
    38873960</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max disk size</code></em> = <code class="literal">1000</code>
    38883961</em></span>
    3889 </p></dd></dl></div></div><div class="section" title="max log size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325571"></a>
     3962</p></dd></dl></div></div><div class="section" title="max log size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325702"></a>
    38903963
    38913964max log size (G)
    3892 </h3></div></div></div><a class="indexterm" name="id325572"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     3965</h3></div></div></div><a class="indexterm" name="id325703"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    38933966    This option (an integer in kilobytes) specifies the max size the log file should grow to.
    38943967    Samba periodically checks the size and if it is exceeded it will rename the file, adding
     
    38993972</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code>
    39003973</em></span>
    3901 </p></dd></dl></div></div><div class="section" title="max mux (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325639"></a>
     3974</p></dd></dl></div></div><div class="section" title="max mux (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325771"></a>
    39023975
    39033976max mux (G)
    3904 </h3></div></div></div><a class="indexterm" name="id325640"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
     3977</h3></div></div></div><a class="indexterm" name="id325772"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of
    39053978    outstanding simultaneous SMB operations that Samba tells the client
    39063979        it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code>
    39073980</em></span>
    3908 </p></dd></dl></div></div><div class="section" title="max open files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325681"></a>
     3981</p></dd></dl></div></div><div class="section" title="max open files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325812"></a>
    39093982
    39103983max open files (G)
    3911 </h3></div></div></div><a class="indexterm" name="id325682"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
     3984</h3></div></div></div><a class="indexterm" name="id325813"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
    39123985    open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file
    39133986    serving process may have open for a client at any one time. The
     
    39203993    this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">16404</code>
    39213994</em></span>
    3922 </p></dd></dl></div></div><div class="section" title="max print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325738"></a>
     3995</p></dd></dl></div></div><div class="section" title="max print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325869"></a>
    39233996
    39243997max print jobs (S)
    3925 </h3></div></div></div><a class="indexterm" name="id325739"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
     3998</h3></div></div></div><a class="indexterm" name="id325870"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of
    39263999    jobs allowable in a Samba printer queue at any given moment.
    39274000    If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client.
     
    39304003</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code>
    39314004</em></span>
    3932 </p></dd></dl></div></div><div class="section" title="protocol"><div class="titlepage"><div><div><h3 class="title"><a name="id325806"></a>
     4005</p></dd></dl></div></div><div class="section" title="protocol"><div class="titlepage"><div><div><h3 class="title"><a name="id325937"></a>
    39334006
    39344007<a name="PROTOCOL"></a>protocol
    3935 </h3></div></div></div><a class="indexterm" name="id325807"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" title="max protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325838"></a>
     4008</h3></div></div></div><a class="indexterm" name="id325938"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" title="max protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325969"></a>
    39364009
    39374010max protocol (G)
    3938 </h3></div></div></div><a class="indexterm" name="id325839"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
     4011</h3></div></div></div><a class="indexterm" name="id325970"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest
    39394012    protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">CORE</code>: Earliest version. No
    39404013            concept of user names.</p></li><li class="listitem"><p><code class="constant">COREPLUS</code>: Slight improvements on
     
    39504023</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code>
    39514024</em></span>
    3952 </p></dd></dl></div></div><div class="section" title="max reported print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325967"></a>
     4025</p></dd></dl></div></div><div class="section" title="max reported print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326099"></a>
    39534026
    39544027max reported print jobs (S)
    3955 </h3></div></div></div><a class="indexterm" name="id325968"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4028</h3></div></div></div><a class="indexterm" name="id326100"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    39564029    This parameter limits the maximum number of jobs displayed in a port monitor for
    39574030    Samba printer queue at any given moment. If this number is exceeded, the excess
     
    39624035</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code>
    39634036</em></span>
    3964 </p></dd></dl></div></div><div class="section" title="max smbd processes (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326026"></a>
     4037</p></dd></dl></div></div><div class="section" title="max smbd processes (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326158"></a>
    39654038
    39664039max smbd processes (G)
    3967 </h3></div></div></div><a class="indexterm" name="id326027"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
     4040</h3></div></div></div><a class="indexterm" name="id326159"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended
    39684041    as a stopgap to prevent degrading service to clients in the event that the server has insufficient
    39694042    resources to handle more than this number of connections.  Remember that under normal operating
     
    39734046</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max smbd processes</code></em> = <code class="literal">1000</code>
    39744047</em></span>
    3975 </p></dd></dl></div></div><div class="section" title="max stat cache size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326103"></a>
     4048</p></dd></dl></div></div><div class="section" title="max stat cache size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326235"></a>
    39764049
    39774050max stat cache size (G)
    3978 </h3></div></div></div><a class="indexterm" name="id326104"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
     4051</h3></div></div></div><a class="indexterm" name="id326236"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any
    39794052          <em class="parameter"><code>stat cache</code></em> being used
    39804053          to speed up case insensitive name mappings. It represents
    39814054          the number of kilobyte (1024) units the stat cache can use.
    39824055          A value of zero, meaning unlimited, is not advisable due to
    3983           increased memory useage.  You should not need to change this
     4056          increased memory usage.  You should not need to change this
    39844057          parameter.
    39854058        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">256</code>
     
    39874060</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code>
    39884061</em></span>
    3989 </p></dd></dl></div></div><div class="section" title="max ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326169"></a>
     4062</p></dd></dl></div></div><div class="section" title="max ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326301"></a>
    39904063
    39914064max ttl (G)
    3992 </h3></div></div></div><a class="indexterm" name="id326170"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
     4065</h3></div></div></div><a class="indexterm" name="id326302"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'
    39934066    of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is
    39944067    requesting a name using either a broadcast packet or from a WINS server. You should
    39954068        never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code>
    39964069</em></span>
    3997 </p></dd></dl></div></div><div class="section" title="max wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326226"></a>
     4070</p></dd></dl></div></div><div class="section" title="max wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326358"></a>
    39984071
    39994072max wins ttl (G)
    4000 </h3></div></div></div><a class="indexterm" name="id326227"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
     4073</h3></div></div></div><a class="indexterm" name="id326359"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
    40014074        (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum
    40024075    'time to live' of NetBIOS names that <code class="literal">nmbd</code>
     
    40044077        parameter.  The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code>
    40054078</em></span>
    4006 </p></dd></dl></div></div><div class="section" title="max xmit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326295"></a>
     4079</p></dd></dl></div></div><div class="section" title="max xmit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326426"></a>
    40074080
    40084081max xmit (G)
    4009 </h3></div></div></div><a class="indexterm" name="id326296"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
     4082</h3></div></div></div><a class="indexterm" name="id326428"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size
    40104083    that will be negotiated by Samba. The default is 16644, which
    40114084    matches the behavior of Windows 2000.  A value below 2048 is likely to cause problems.
     
    40154088</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max xmit</code></em> = <code class="literal">8192</code>
    40164089</em></span>
    4017 </p></dd></dl></div></div><div class="section" title="message command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326354"></a>
     4090</p></dd></dl></div></div><div class="section" title="message command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326486"></a>
    40184091
    40194092message command (G)
    4020 </h3></div></div></div><a class="indexterm" name="id326355"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
     4093</h3></div></div></div><a class="indexterm" name="id326488"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the
    40214094        server receives a WinPopup style message.</p><p>This would normally be a command that would
    40224095        deliver the message somehow. How this is to be done is
     
    40574130</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &amp;</code>
    40584131</em></span>
    4059 </p></dd></dl></div></div><div class="section" title="min print space (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326547"></a>
     4132</p></dd></dl></div></div><div class="section" title="min print space (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326678"></a>
    40604133
    40614134min print space (S)
    4062 </h3></div></div></div><a class="indexterm" name="id326548"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
     4135</h3></div></div></div><a class="indexterm" name="id326679"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk
    40634136    space that must be available before a user will be able to spool
    40644137    a print job. It is specified in kilobytes. The default is 0, which
     
    40674140</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code>
    40684141</em></span>
    4069 </p></dd></dl></div></div><div class="section" title="min protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326606"></a>
     4142</p></dd></dl></div></div><div class="section" title="min protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326738"></a>
    40704143
    40714144min protocol (G)
    4072 </h3></div></div></div><a class="indexterm" name="id326607"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
     4145</h3></div></div></div><a class="indexterm" name="id326739"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the
    40734146    lowest SMB protocol dialect than Samba will support.  Please refer
    40744147    to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a>
     
    40824155</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code>
    40834156</em></span>
    4084 </p></dd></dl></div></div><div class="section" title="min receivefile size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326699"></a>
     4157</p></dd></dl></div></div><div class="section" title="min receivefile size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326831"></a>
    40854158
    40864159min receivefile size (G)
    4087 </h3></div></div></div><a class="indexterm" name="id326700"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
     4160</h3></div></div></div><a class="indexterm" name="id326832"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming
    40884161SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
    40894162be passed to any underlying kernel recvfile or splice system call (if there is no such
     
    40944167nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code>
    40954168</em></span>
    4096 </p></dd></dl></div></div><div class="section" title="min wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326761"></a>
     4169</p></dd></dl></div></div><div class="section" title="min wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326892"></a>
    40974170
    40984171min wins ttl (G)
    4099 </h3></div></div></div><a class="indexterm" name="id326762"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
     4172</h3></div></div></div><a class="indexterm" name="id326894"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
    41004173    when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live'
    41014174    of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in
     
    41034176    is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code>
    41044177</em></span>
    4105 </p></dd></dl></div></div><div class="section" title="msdfs proxy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326828"></a>
     4178</p></dd></dl></div></div><div class="section" title="msdfs proxy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326960"></a>
    41064179
    41074180msdfs proxy (S)
    4108 </h3></div></div></div><a class="indexterm" name="id326829"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
     4181</h3></div></div></div><a class="indexterm" name="id326961"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a
    41094182        stand-in for another CIFS share whose location is specified by
    41104183        the value of the parameter. When clients attempt to connect to
     
    41144187        options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code>
    41154188</em></span>
    4116 </p></dd></dl></div></div><div class="section" title="msdfs root (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326901"></a>
     4189</p></dd></dl></div></div><div class="section" title="msdfs root (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id327033"></a>
    41174190
    41184191msdfs root (S)
    4119 </h3></div></div></div><a class="indexterm" name="id326902"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
     4192</h3></div></div></div><a class="indexterm" name="id327034"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the
    41204193        share as a Dfs root and allows clients to browse the
    41214194        distributed file system tree rooted at the share directory.
     
    41254198        Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code>
    41264199</em></span>
    4127 </p></dd></dl></div></div><div class="section" title="multicast dns register (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326954"></a>
     4200</p></dd></dl></div></div><div class="section" title="multicast dns register (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327086"></a>
    41284201
    41294202multicast dns register (G)
    4130 </h3></div></div></div><a class="indexterm" name="id326955"></a><a name="MULTICASTDNSREGISTER"></a><div class="variablelist"><dl><dt></dt><dd><p>If compiled with proper support for it, Samba will
     4203</h3></div></div></div><a class="indexterm" name="id327087"></a><a name="MULTICASTDNSREGISTER"></a><div class="variablelist"><dl><dt></dt><dd><p>If compiled with proper support for it, Samba will
    41314204        announce itself with multicast DNS services like for example
    41324205        provided by the Avahi daemon.</p><p>This parameter allows disabling Samba to register
    41334206        itself.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>multicast dns register</code></em> = <code class="literal">yes</code>
    41344207</em></span>
    4135 </p></dd></dl></div></div><div class="section" title="name cache timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327000"></a>
     4208</p></dd></dl></div></div><div class="section" title="name cache timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327132"></a>
    41364209
    41374210name cache timeout (G)
    4138 </h3></div></div></div><a class="indexterm" name="id327001"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
     4211</h3></div></div></div><a class="indexterm" name="id327133"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before
    41394212    entries in samba's hostname resolve cache time out. If
    41404213    the timeout is set to 0. the caching is disabled.
     
    41434216</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code>
    41444217</em></span>
    4145 </p></dd></dl></div></div><div class="section" title="name resolve order (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327059"></a>
     4218</p></dd></dl></div></div><div class="section" title="name resolve order (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327190"></a>
    41464219
    41474220name resolve order (G)
    4148 </h3></div></div></div><a class="indexterm" name="id327060"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
     4221</h3></div></div></div><a class="indexterm" name="id327191"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba
    41494222    suite to determine what naming services to use and in what order
    41504223    to resolve host names to IP addresses. Its main purpose to is to
     
    41734246    system hostname lookup.</p><p>When Samba is functioning in ADS security mode (<code class="literal">security = ads</code>)
    41744247    it is advised to use following settings for <em class="parameter"><code>name resolve order</code></em>:</p><p><code class="literal">name resolve order = wins bcast</code></p><p>DC lookups will still be done via DNS, but fallbacks to netbios names will
    4175                 not inundate your DNS servers with needless querys for DOMAIN&lt;0x1c&gt; lookups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts host wins bcast</code>
     4248                not inundate your DNS servers with needless querys for DOMAIN&lt;0x1c&gt; lookups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts wins host bcast</code>
    41764249</em></span>
    41774250</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts bcast host</code>
    41784251</em></span>
    4179 </p></dd></dl></div></div><div class="section" title="netbios aliases (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327241"></a>
     4252</p></dd></dl></div></div><div class="section" title="ncalrpc dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327373"></a>
     4253
     4254ncalrpc dir (G)
     4255</h3></div></div></div><a class="indexterm" name="id327374"></a><a name="NCALRPCDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This directory will hold a series of named pipes to allow RPC over inter-process communication.  </p>.
     4256        <p>This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP.  Additionally a sub-directory 'np' has restricted permissions, and allows a trusted communication channel between Samba processes</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ncalrpc dir</code></em> = <code class="literal">${prefix}/var/ncalrpc</code>
     4257</em></span>
     4258</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ncalrpc dir</code></em> = <code class="literal">/var/run/samba/ncalrpc</code>
     4259</em></span>
     4260</p></dd></dl></div></div><div class="section" title="netbios aliases (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327437"></a>
    41804261
    41814262netbios aliases (G)
    4182 </h3></div></div></div><a class="indexterm" name="id327242"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
     4263</h3></div></div></div><a class="indexterm" name="id327438"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will
    41834264        advertise as additional names by which the Samba server is known. This allows one machine
    41844265        to appear in browse lists under multiple names. If a machine is acting as a browse server
     
    41904271</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios aliases</code></em> = <code class="literal">TEST TEST1 TEST2</code>
    41914272</em></span>
    4192 </p></dd></dl></div></div><div class="section" title="netbios name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327303"></a>
     4273</p></dd></dl></div></div><div class="section" title="netbios name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327499"></a>
    41934274
    41944275netbios name (G)
    4195 </h3></div></div></div><a class="indexterm" name="id327304"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4276</h3></div></div></div><a class="indexterm" name="id327500"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    41964277                This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
    41974278                of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
     
    42064287</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code>
    42074288</em></span>
    4208 </p></dd></dl></div></div><div class="section" title="netbios scope (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327379"></a>
     4289</p></dd></dl></div></div><div class="section" title="netbios scope (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327574"></a>
    42094290
    42104291netbios scope (G)
    4211 </h3></div></div></div><a class="indexterm" name="id327380"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
     4292</h3></div></div></div><a class="indexterm" name="id327575"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will
    42124293        operate under. This should not be set unless every machine
    42134294        on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code>
    42144295</em></span>
    4215 </p></dd></dl></div></div><div class="section" title="nis homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327420"></a>
     4296</p></dd></dl></div></div><div class="section" title="nis homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327615"></a>
    42164297
    42174298nis homedir (G)
    4218 </h3></div></div></div><a class="indexterm" name="id327421"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
     4299</h3></div></div></div><a class="indexterm" name="id327616"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For
    42194300        UNIX systems that use an automounter, the user's home directory
    42204301        will often be mounted on a workstation on demand from a remote
     
    42354316        be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code>
    42364317</em></span>
    4237 </p></dd></dl></div></div><div class="section" title="nmbd bind explicit broadcast (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327490"></a>
     4318</p></dd></dl></div></div><div class="section" title="nmbd bind explicit broadcast (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327686"></a>
    42384319
    42394320nmbd bind explicit broadcast (G)
    4240 </h3></div></div></div><a class="indexterm" name="id327492"></a><a name="NMBDBINDEXPLICITBROADCAST"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4321</h3></div></div></div><a class="indexterm" name="id327687"></a><a name="NMBDBINDEXPLICITBROADCAST"></a><div class="variablelist"><dl><dt></dt><dd><p>
    42414322        This option causes <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to explicitly bind to the
    42424323        broadcast address of the local subnets. This is needed to make nmbd
     
    42454326        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nmbd bind explicit broadcast</code></em> = <code class="literal">yes</code>
    42464327</em></span>
    4247 </p></dd></dl></div></div><div class="section" title="nt acl support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id327553"></a>
     4328</p></dd></dl></div></div><div class="section" title="nt acl support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id327749"></a>
    42484329
    42494330nt acl support (S)
    4250 </h3></div></div></div><a class="indexterm" name="id327554"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
     4331</h3></div></div></div><a class="indexterm" name="id327750"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map
    42514332    UNIX permissions into Windows NT access control lists.  The UNIX
    42524333    permissions considered are the the traditional UNIX owner and
     
    42554336    releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code>
    42564337</em></span>
    4257 </p></dd></dl></div></div><div class="section" title="ntlm auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327605"></a>
     4338</p></dd></dl></div></div><div class="section" title="ntlm auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327800"></a>
    42584339
    42594340ntlm auth (G)
    4260 </h3></div></div></div><a class="indexterm" name="id327606"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
     4341</h3></div></div></div><a class="indexterm" name="id327802"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to
    42614342    authenticate users using the NTLM encrypted password response.
    42624343    If disabled, either the lanman password hash or an NTLMv2 response
     
    42664347        special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code>
    42674348</em></span>
    4268 </p></dd></dl></div></div><div class="section" title="nt pipe support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327665"></a>
     4349</p></dd></dl></div></div><div class="section" title="nt pipe support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327861"></a>
    42694350
    42704351nt pipe support (G)
    4271 </h3></div></div></div><a class="indexterm" name="id327666"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
     4352</h3></div></div></div><a class="indexterm" name="id327862"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether
    42724353    <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT
    42734354    clients to connect to the NT SMB specific <code class="constant">IPC$</code>
     
    42754356        alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code>
    42764357</em></span>
    4277 </p></dd></dl></div></div><div class="section" title="nt status support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327718"></a>
     4358</p></dd></dl></div></div><div class="section" title="nt status support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327914"></a>
    42784359
    42794360nt status support (G)
    4280 </h3></div></div></div><a class="indexterm" name="id327719"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
     4361</h3></div></div></div><a class="indexterm" name="id327915"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status
    42814362    support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
    42824363    If this option is set to <code class="constant">no</code> then Samba offers
     
    42844365    reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code>
    42854366</em></span>
    4286 </p></dd></dl></div></div><div class="section" title="null passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327776"></a>
     4367</p></dd></dl></div></div><div class="section" title="null passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327972"></a>
    42874368
    42884369null passwords (G)
    4289 </h3></div></div></div><a class="indexterm" name="id327777"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
    4290 </em></span>
    4291 </p></dd></dl></div></div><div class="section" title="obey pam restrictions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327828"></a>
     4370</h3></div></div></div><a class="indexterm" name="id327973"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>
     4371</em></span>
     4372</p></dd></dl></div></div><div class="section" title="obey pam restrictions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328024"></a>
    42924373
    42934374obey pam restrictions (G)
    4294 </h3></div></div></div><a class="indexterm" name="id327829"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
     4375</h3></div></div></div><a class="indexterm" name="id328025"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support
    42954376    (i.e. --with-pam), this parameter will control whether or not Samba
    42964377    should obey PAM's account and session management directives.  The
     
    43024383</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code>
    43034384</em></span>
    4304 </p></dd></dl></div></div><div class="section" title="only user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id327885"></a>
     4385</p></dd></dl></div></div><div class="section" title="only user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328081"></a>
    43054386
    43064387only user (S)
    4307 </h3></div></div></div><a class="indexterm" name="id327886"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
     4388</h3></div></div></div><a class="indexterm" name="id328082"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether
    43084389    connections with usernames not in the <em class="parameter"><code>user</code></em>
    43094390    list will be allowed. By default this option is disabled so that a
     
    43184399    name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code>
    43194400</em></span>
    4320 </p></dd></dl></div></div><div class="section" title="oplock break wait time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327968"></a>
     4401</p></dd></dl></div></div><div class="section" title="oplock break wait time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328164"></a>
    43214402
    43224403oplock break wait time (G)
    4323 </h3></div></div></div><a class="indexterm" name="id327969"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4404</h3></div></div></div><a class="indexterm" name="id328165"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    43244405        This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too
    43254406        quickly when that client issues an SMB that can cause an oplock break request, then the network client can
     
    43304411        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code>
    43314412</em></span>
    4332 </p></dd></dl></div></div><div class="section" title="oplock contention limit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328017"></a>
     4413</p></dd></dl></div></div><div class="section" title="oplock contention limit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328213"></a>
    43334414
    43344415oplock contention limit (S)
    4335 </h3></div></div></div><a class="indexterm" name="id328018"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4416</h3></div></div></div><a class="indexterm" name="id328214"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    43364417        This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the
    43374418        granting of oplocks under multiple client contention for the same file.
     
    43454426        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code>
    43464427</em></span>
    4347 </p></dd></dl></div></div><div class="section" title="oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328095"></a>
     4428</p></dd></dl></div></div><div class="section" title="oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328291"></a>
    43484429
    43494430oplocks (S)
    4350 </h3></div></div></div><a class="indexterm" name="id328096"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4431</h3></div></div></div><a class="indexterm" name="id328292"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    43514432        This boolean option tells <code class="literal">smbd</code> whether to
    43524433        issue oplocks (opportunistic locks) to file open requests on this
     
    43654446        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code>
    43664447</em></span>
    4367 </p></dd></dl></div></div><div class="section" title="os2 driver map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328172"></a>
     4448</p></dd></dl></div></div><div class="section" title="os2 driver map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328368"></a>
    43684449
    43694450os2 driver map (G)
    4370 </h3></div></div></div><a class="indexterm" name="id328173"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
     4451</h3></div></div></div><a class="indexterm" name="id328369"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute
    43714452    path to a file containing a mapping of Windows NT printer driver
    43724453    names to OS/2 printer driver names.  The format is:</p><p>&lt;nt driver name&gt; = &lt;os2 driver name&gt;.&lt;device name&gt;</p><p>For example, a valid entry using the HP LaserJet 5
     
    43784459    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code>
    43794460</em></span>
    4380 </p></dd></dl></div></div><div class="section" title="os level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328232"></a>
     4461</p></dd></dl></div></div><div class="section" title="os level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328428"></a>
    43814462
    43824463os level (G)
    4383 </h3></div></div></div><a class="indexterm" name="id328233"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4464</h3></div></div></div><a class="indexterm" name="id328429"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    43844465        This integer value controls what level Samba advertises itself as for browse elections. The value of this
    43854466        parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area.
     
    43974478</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code>
    43984479</em></span>
    4399 </p></dd></dl></div></div><div class="section" title="pam password change (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328326"></a>
     4480</p></dd></dl></div></div><div class="section" title="pam password change (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328522"></a>
    44004481
    44014482pam password change (G)
    4402 </h3></div></div></div><a class="indexterm" name="id328327"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
     4483</h3></div></div></div><a class="indexterm" name="id328523"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,
    44034484    this parameter, it is possible to use PAM's password change control
    44044485    flag for Samba.  If enabled, then PAM will be used for password
     
    44084489    <a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code>
    44094490</em></span>
    4410 </p></dd></dl></div></div><div class="section" title="panic action (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328393"></a>
     4491</p></dd></dl></div></div><div class="section" title="panic action (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328589"></a>
    44114492
    44124493panic action (G)
    4413 </h3></div></div></div><a class="indexterm" name="id328394"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
     4494</h3></div></div></div><a class="indexterm" name="id328590"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a
    44144495        system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>      crashes. This is usually used to
    44154496        draw attention to the fact that a problem occurred.
     
    44184499</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code>
    44194500</em></span>
    4420 </p></dd></dl></div></div><div class="section" title="paranoid server security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328467"></a>
     4501</p></dd></dl></div></div><div class="section" title="paranoid server security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328662"></a>
    44214502
    44224503paranoid server security (G)
    4423 </h3></div></div></div><a class="indexterm" name="id328468"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
     4504</h3></div></div></div><a class="indexterm" name="id328663"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest
    44244505    users with a bad passowrd. When this option is enabled, samba will not
    44254506    use a broken NT 4.x server as password server, but instead complain
     
    44294510    bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code>
    44304511</em></span>
    4431 </p></dd></dl></div></div><div class="section" title="passdb backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328515"></a>
     4512</p></dd></dl></div></div><div class="section" title="passdb backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328710"></a>
    44324513
    44334514passdb backend (G)
    4434 </h3></div></div></div><a class="indexterm" name="id328516"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
     4515</h3></div></div></div><a class="indexterm" name="id328711"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend
    44354516    will be used for storing user and possibly group information.  This allows
    44364517    you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location'
     
    44674548</pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">tdbsam</code>
    44684549</em></span>
    4469 </p></dd></dl></div></div><div class="section" title="passdb expand explicit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328658"></a>
     4550</p></dd></dl></div></div><div class="section" title="passdb expand explicit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328854"></a>
    44704551
    44714552passdb expand explicit (G)
    4472 </h3></div></div></div><a class="indexterm" name="id328659"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4553</h3></div></div></div><a class="indexterm" name="id328855"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    44734554        This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
    44744555        used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
     
    44764557    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code>
    44774558</em></span>
    4478 </p></dd></dl></div></div><div class="section" title="passwd chat debug (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328701"></a>
     4559</p></dd></dl></div></div><div class="section" title="passwd chat debug (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328897"></a>
    44794560
    44804561passwd chat debug (G)
    4481 </h3></div></div></div><a class="indexterm" name="id328702"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
     4562</h3></div></div></div><a class="indexterm" name="id328898"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script
    44824563    parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the
    44834564    strings passed to and received from the passwd chat are printed
     
    44924573        parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code>
    44934574</em></span>
    4494 </p></dd></dl></div></div><div class="section" title="passwd chat timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328798"></a>
     4575</p></dd></dl></div></div><div class="section" title="passwd chat timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328993"></a>
    44954576
    44964577passwd chat timeout (G)
    4497 </h3></div></div></div><a class="indexterm" name="id328799"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
     4578</h3></div></div></div><a class="indexterm" name="id328994"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial
    44984579    answer from a passwd chat script being run. Once the initial answer is received
    44994580    the subsequent answers must be received in one tenth of this time. The default it
    45004581    two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code>
    45014582</em></span>
    4502 </p></dd></dl></div></div><div class="section" title="passwd chat (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328840"></a>
     4583</p></dd></dl></div></div><div class="section" title="passwd chat (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329036"></a>
    45034584
    45044585passwd chat (G)
    4505 </h3></div></div></div><a class="indexterm" name="id328841"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
     4586</h3></div></div></div><a class="indexterm" name="id329037"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>
    45064587    conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing
    45074588    program to change the user's password. The string describes a
     
    45344615</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd chat</code></em> = <code class="literal">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</code>
    45354616</em></span>
    4536 </p></dd></dl></div></div><div class="section" title="passwd program (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329024"></a>
     4617</p></dd></dl></div></div><div class="section" title="passwd program (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329219"></a>
    45374618
    45384619passwd program (G)
    4539 </h3></div></div></div><a class="indexterm" name="id329025"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
     4620</h3></div></div></div><a class="indexterm" name="id329220"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set
    45404621    UNIX user passwords.  Any occurrences of <em class="parameter"><code>%u</code></em>
    45414622    will be replaced with the user name. The user name is checked for
     
    45584639</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd program</code></em> = <code class="literal">/bin/passwd %u</code>
    45594640</em></span>
    4560 </p></dd></dl></div></div><div class="section" title="password level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329150"></a>
     4641</p></dd></dl></div></div><div class="section" title="password level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329346"></a>
    45614642
    45624643password level (G)
    4563 </h3></div></div></div><a class="indexterm" name="id329151"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
     4644</h3></div></div></div><a class="indexterm" name="id329347"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty
    45644645    with mixed-case passwords.  One offending client is Windows for
    45654646    Workgroups, which for some reason forces passwords to upper
     
    45684649    family of operating systems.  These clients upper case clear
    45694650    text passwords even when NT LM 0.12 selected by the protocol
    4570     negotiation request/response.</p><p>This parameter defines the maximum number of characters
     4651    negotiation request/response.</p><p>This deprecated parameter defines the maximum number of characters
    45714652    that may be upper case in passwords.</p><p>For example, say the password given was "FRED". If <em class="parameter"><code>
    45724653    password level</code></em> is set to 1, the following combinations
     
    45834664</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">4</code>
    45844665</em></span>
    4585 </p></dd></dl></div></div><div class="section" title="password server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329273"></a>
     4666</p></dd></dl></div></div><div class="section" title="password server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329468"></a>
    45864667
    45874668password server (G)
    4588 </h3></div></div></div><a class="indexterm" name="id329274"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
     4669</h3></div></div></div><a class="indexterm" name="id329469"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server
    45894670    or Active Directory domain controller with this option,
    45904671    and using <code class="literal">security = [ads|domain|server]</code>
    45914672    it is possible to get Samba
    4592     to do all its username/password validation using a specific remote server.</p><p>This option sets the name or IP address of the password server to use.
    4593     New syntax has been added to support defining the port to use when connecting
    4594     to the server the case of an ADS realm.  To define a port other than the
    4595     default LDAP port of 389, add the port number using a colon after the
    4596     name or IP address (e.g. 192.168.1.100:389).  If you do not specify a port,
    4597     Samba will use the standard LDAP port of tcp/389.  Note that port numbers
    4598     have no effect on password servers for Windows NT 4.0 domains or netbios
    4599     connections.</p><p>If parameter is a name, it is looked up using the
    4600     parameter <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order</a> and so may resolved
    4601     by any method and order described in that parameter.</p><p>The password server must be a machine capable of using
    4602     the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
    4603     user level security mode.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Using a password server  means your UNIX box (running
    4604     Samba) is only as secure as your  password server. <span class="emphasis"><em>DO NOT
    4605     CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</em></span>.
    4606     </p></div><p>Never point a Samba server at itself for password serving.
    4607     This will cause a loop and could lock up your Samba  server!</p><p>The name of the password server takes the standard
    4608     substitutions, but probably the only useful one is <em class="parameter"><code>%m
    4609     </code></em>, which means the Samba server will use the incoming
    4610     client as the password server. If you use this then you better
    4611     trust your clients, and you had better restrict them with hosts allow!</p><p>If the <em class="parameter"><code>security</code></em> parameter is set to
    4612     <code class="constant">domain</code> or <code class="constant">ads</code>, then the list of machines in this
    4613     option must be a list of Primary or Backup Domain controllers for the
    4614     Domain or the character '*', as the Samba server is effectively
    4615     in that domain, and will use cryptographically authenticated RPC calls
    4616     to authenticate the user logging on. The advantage of using <code class="literal">
    4617     security = domain</code> is that if you list several hosts in the
    4618     <em class="parameter"><code>password server</code></em> option then <code class="literal">smbd
    4619     </code> will try each in turn till it finds one that responds.  This
    4620     is useful in case your primary server goes down.</p><p>If the <em class="parameter"><code>password server</code></em> option is set
    4621     to the character '*', then Samba will attempt to auto-locate the
    4622     Primary or Backup Domain controllers to authenticate against by
    4623     doing a query for the name <code class="constant">WORKGROUP&lt;1C&gt;</code>
    4624     and then contacting each server returned in the list of IP
    4625     addresses from the name resolution source. </p><p>If the list of servers contains both names/IP's and the '*'
     4673    to do all its username/password validation using a specific remote server.</p><p>If the <em class="parameter"><code>security</code></em> parameter is set to
     4674    <code class="constant">domain</code> or <code class="constant">ads</code>, then this option
     4675    <span class="emphasis"><em>should not</em></span> be used, as the default '*' indicates to Samba
     4676    to determine the best DC to contact dynamically, just as all other hosts in an
     4677    AD domain do.  This allows the domain to be maintained without modification to
     4678    the smb.conf file.  The cryptograpic protection on the authenticated RPC calls
     4679    used to verify passwords ensures that this default is safe.</p><p><span class="emphasis"><em>It is strongly recommended that you use the
     4680    default of '*'</em></span>, however if in your particular
     4681    environment you have reason to specify a particular DC list, then
     4682    the list of machines in this option must be a list of names or IP
     4683    addresses of Domain controllers for the Domain. If you use the
     4684    default of '*', or list several hosts in the <em class="parameter"><code>password server</code></em> option then <code class="literal">smbd </code> will try each in turn till it
     4685    finds one that responds.  This is useful in case your primary
     4686    server goes down.</p><p>If the list of servers contains both names/IP's and the '*'
    46264687    character, the list is treated as a list of preferred
    46274688    domain controllers, but an auto lookup of all remaining DC's
    46284689    will be added to the list as well.  Samba will not attempt to optimize
    4629     this list by locating the closest DC.</p><p>If the <em class="parameter"><code>security</code></em> parameter is
    4630     set to <code class="constant">server</code>, then there are different
    4631     restrictions that <code class="literal">security = domain</code> doesn't
    4632     suffer from:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may list several password servers in
     4690    this list by locating the closest DC.</p><p>If parameter is a name, it is looked up using the
     4691    parameter <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order</a> and so may resolved
     4692    by any method and order described in that parameter.</p><p>If the <em class="parameter"><code>security</code></em> parameter is
     4693    set to <code class="constant">server</code>, these additional restrictions apply:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may list several password servers in
    46334694            the <em class="parameter"><code>password server</code></em> parameter, however if an
    46344695            <code class="literal">smbd</code> makes a connection to a password server,
     
    46364697            to be authenticated from this <code class="literal">smbd</code>.  This is a
    46374698            restriction of the SMB/CIFS protocol when in <code class="literal">security = server
    4638             </code> mode and cannot be fixed in Samba.</p></li><li class="listitem"><p>If you are using a Windows NT server as your
    4639             password server then you will have to ensure that your users
     4699            </code> mode and cannot be fixed in Samba.</p></li><li class="listitem"><p>You will have to ensure that your users
    46404700            are able to login from the Samba server, as when in <code class="literal">
    46414701            security = server</code>  mode the network logon will appear to
    4642             come from there rather than from the users workstation.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">*</code>
     4702            come from the Samba server rather than from the users workstation.</p></li><li class="listitem"><p>The client must not select NTLMv2 authentication.</p></li><li class="listitem"><p>The password server must be a machine capable of using
     4703          the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
     4704          user level security mode.</p></li><li class="listitem"><p>Using a password server  means your UNIX box (running
     4705          Samba) is only as secure as (a host masqurading as) your password server. <span class="emphasis"><em>DO NOT
     4706          CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</em></span>.
     4707          </p></li><li class="listitem"><p>Never point a Samba server at itself for password serving.
     4708          This will cause a loop and could lock up your Samba  server!</p></li><li class="listitem"><p>The name of the password server takes the standard
     4709          substitutions, but probably the only useful one is <em class="parameter"><code>%m
     4710          </code></em>, which means the Samba server will use the incoming
     4711          client as the password server. If you use this then you better
     4712          trust your clients, and you had better restrict them with hosts allow!</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">*</code>
    46434713</em></span>
    46444714</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">NT-PDC, NT-BDC1, NT-BDC2, *</code>
     
    46464716</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code>
    46474717</em></span>
    4648 </p></dd></dl></div></div><div class="section" title="directory"><div class="titlepage"><div><div><h3 class="title"><a name="id329538"></a>
     4718</p></dd></dl></div></div><div class="section" title="directory"><div class="titlepage"><div><div><h3 class="title"><a name="id329728"></a>
    46494719
    46504720<a name="DIRECTORY"></a>directory
    4651 </h3></div></div></div><a class="indexterm" name="id329539"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" title="path (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329568"></a>
     4721</h3></div></div></div><a class="indexterm" name="id329729"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" title="path (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329759"></a>
    46524722
    46534723path (S)
    4654 </h3></div></div></div><a class="indexterm" name="id329570"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
     4724</h3></div></div></div><a class="indexterm" name="id329760"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which
    46554725        the user of the service is to be given access. In the case of
    46564726        printable services, this is where print data will spool prior to
     
    46694739</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code>
    46704740</em></span>
    4671 </p></dd></dl></div></div><div class="section" title="perfcount module (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329666"></a>
     4741</p></dd></dl></div></div><div class="section" title="perfcount module (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329856"></a>
    46724742
    46734743perfcount module (G)
    4674 </h3></div></div></div><a class="indexterm" name="id329667"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB
     4744</h3></div></div></div><a class="indexterm" name="id329857"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB
    46754745        operations.  Only one perfcount module may be used, and it must implement all of the
    46764746        apis contained in the smb_perfcount_handler structure defined in smb.h.
    4677         </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="pid directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329696"></a>
     4747        </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="pid directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329887"></a>
    46784748
    46794749pid directory (G)
    4680 </h3></div></div></div><a class="indexterm" name="id329697"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4750</h3></div></div></div><a class="indexterm" name="id329888"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    46814751        This option specifies the directory where pid files will be placed. 
    46824752        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code>
     
    46844754</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code>
    46854755</em></span>
    4686 </p></dd></dl></div></div><div class="section" title="posix locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329754"></a>
     4756</p></dd></dl></div></div><div class="section" title="posix locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329944"></a>
    46874757
    46884758posix locking (S)
    4689 </h3></div></div></div><a class="indexterm" name="id329755"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4759</h3></div></div></div><a class="indexterm" name="id329945"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
    46904760        The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>
    46914761        daemon maintains an database of file locks obtained by SMB clients. The default behavior is
     
    46964766        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code>
    46974767</em></span>
    4698 </p></dd></dl></div></div><div class="section" title="postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329806"></a>
     4768</p></dd></dl></div></div><div class="section" title="postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330001"></a>
    46994769
    47004770postexec (S)
    4701 </h3></div></div></div><a class="indexterm" name="id329807"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
     4771</h3></div></div></div><a class="indexterm" name="id330002"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run
    47024772        whenever the service is disconnected. It takes the usual
    47034773        substitutions. The command may be run as the root on some
     
    47074777</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" &gt;&gt; /tmp/log</code>
    47084778</em></span>
    4709 </p></dd></dl></div></div><div class="section" title="preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329876"></a>
     4779</p></dd></dl></div></div><div class="section" title="preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330070"></a>
    47104780
    47114781preexec close (S)
    4712 </h3></div></div></div><a class="indexterm" name="id329877"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4782</h3></div></div></div><a class="indexterm" name="id330072"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    47134783        This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a>
    47144784        should close the service being connected to.
    47154785        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code>
    47164786</em></span>
    4717 </p></dd></dl></div></div><div class="section" title="exec"><div class="titlepage"><div><div><h3 class="title"><a name="id329929"></a>
     4787</p></dd></dl></div></div><div class="section" title="exec"><div class="titlepage"><div><div><h3 class="title"><a name="id330123"></a>
    47184788
    47194789<a name="EXEC"></a>exec
    4720 </h3></div></div></div><a class="indexterm" name="id329930"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" title="preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329960"></a>
     4790</h3></div></div></div><a class="indexterm" name="id330124"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" title="preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330154"></a>
    47214791
    47224792preexec (S)
    4723 </h3></div></div></div><a class="indexterm" name="id329961"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
     4793</h3></div></div></div><a class="indexterm" name="id330156"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever
    47244794        the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome
    47254795        message every time they log in. Maybe a message of the day? Here
     
    47334803</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" &gt;&gt; /tmp/log</code>
    47344804</em></span>
    4735 </p></dd></dl></div></div><div class="section" title="prefered master"><div class="titlepage"><div><div><h3 class="title"><a name="id330061"></a>
     4805</p></dd></dl></div></div><div class="section" title="prefered master"><div class="titlepage"><div><div><h3 class="title"><a name="id330256"></a>
    47364806
    47374807<a name="PREFEREDMASTER"></a>prefered master
    4738 </h3></div></div></div><a class="indexterm" name="id330062"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" title="preferred master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330093"></a>
     4808</h3></div></div></div><a class="indexterm" name="id330257"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" title="preferred master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330288"></a>
    47394809
    47404810preferred master (G)
    4741 </h3></div></div></div><a class="indexterm" name="id330094"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4811</h3></div></div></div><a class="indexterm" name="id330289"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    47424812        This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser  for its workgroup.
    47434813        </p><p>
     
    47534823        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code>
    47544824</em></span>
    4755 </p></dd></dl></div></div><div class="section" title="preload modules (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330180"></a>
     4825</p></dd></dl></div></div><div class="section" title="preload modules (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330374"></a>
    47564826
    47574827preload modules (G)
    4758 </h3></div></div></div><a class="indexterm" name="id330181"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
     4828</h3></div></div></div><a class="indexterm" name="id330375"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should
    47594829        be loaded into smbd before a client connects. This improves
    47604830        the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code>
     
    47624832</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code>
    47634833</em></span>
    4764 </p></dd></dl></div></div><div class="section" title="auto services"><div class="titlepage"><div><div><h3 class="title"><a name="id330238"></a>
     4834</p></dd></dl></div></div><div class="section" title="auto services"><div class="titlepage"><div><div><h3 class="title"><a name="id330433"></a>
    47654835
    47664836<a name="AUTOSERVICES"></a>auto services
    4767 </h3></div></div></div><a class="indexterm" name="id330239"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" title="preload (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330270"></a>
     4837</h3></div></div></div><a class="indexterm" name="id330434"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" title="preload (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330464"></a>
    47684838
    47694839preload (G)
    4770 </h3></div></div></div><a class="indexterm" name="id330271"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
     4840</h3></div></div></div><a class="indexterm" name="id330465"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be
    47714841        automatically added to the browse lists. This is most useful
    47724842        for homes and printers services that would otherwise not be
     
    47794849</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code>
    47804850</em></span>
    4781 </p></dd></dl></div></div><div class="section" title="preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330343"></a>
     4851</p></dd></dl></div></div><div class="section" title="preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330537"></a>
    47824852
    47834853preserve case (S)
    4784 </h3></div></div></div><a class="indexterm" name="id330344"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4854</h3></div></div></div><a class="indexterm" name="id330538"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    47854855        This controls if new filenames are created with the case that the client passes, or if
    47864856        they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
     
    47894859        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code>
    47904860</em></span>
    4791 </p></dd></dl></div></div><div class="section" title="print ok"><div class="titlepage"><div><div><h3 class="title"><a name="id330407"></a>
     4861</p></dd></dl></div></div><div class="section" title="print ok"><div class="titlepage"><div><div><h3 class="title"><a name="id330601"></a>
    47924862
    47934863<a name="PRINTOK"></a>print ok
    4794 </h3></div></div></div><a class="indexterm" name="id330408"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" title="printable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330438"></a>
     4864</h3></div></div></div><a class="indexterm" name="id330602"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" title="printable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330632"></a>
    47954865
    47964866printable (S)
    4797 </h3></div></div></div><a class="indexterm" name="id330439"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
     4867</h3></div></div></div><a class="indexterm" name="id330633"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then
    47984868    clients may open, write to and submit spool files on the directory
    47994869    specified for the service. </p><p>Note that a printable service will ALWAYS allow writing
     
    48024872    the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code>
    48034873</em></span>
    4804 </p></dd></dl></div></div><div class="section" title="printcap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330499"></a>
     4874</p></dd></dl></div></div><div class="section" title="printcap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330692"></a>
    48054875
    48064876printcap cache time (G)
    4807 </h3></div></div></div><a class="indexterm" name="id330500"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
     4877</h3></div></div></div><a class="indexterm" name="id330694"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing
    48084878    subsystem is again asked for the known printers.
    48094879    </p><p>Setting this parameter to 0 disables any rescanning for new
     
    48134883</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code>
    48144884</em></span>
    4815 </p></dd></dl></div></div><div class="section" title="printcap"><div class="titlepage"><div><div><h3 class="title"><a name="id330562"></a>
     4885</p></dd></dl></div></div><div class="section" title="printcap"><div class="titlepage"><div><div><h3 class="title"><a name="id330756"></a>
    48164886
    48174887<a name="PRINTCAP"></a>printcap
    4818 </h3></div></div></div><a class="indexterm" name="id330563"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" title="printcap name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330594"></a>
     4888</h3></div></div></div><a class="indexterm" name="id330757"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" title="printcap name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330788"></a>
    48194889
    48204890printcap name (G)
    4821 </h3></div></div></div><a class="indexterm" name="id330595"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4891</h3></div></div></div><a class="indexterm" name="id330789"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    48224892        This parameter may be used to override the compiled-in default printcap name used by the server (usually
    48234893        <code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this.
     
    48544924</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code>
    48554925</em></span>
    4856 </p></dd></dl></div></div><div class="section" title="print command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330766"></a>
     4926</p></dd></dl></div></div><div class="section" title="print command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330959"></a>
    48574927
    48584928print command (S)
    4859 </h3></div></div></div><a class="indexterm" name="id330767"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
     4929</h3></div></div></div><a class="indexterm" name="id330960"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to
    48604930    a service, this command will be used via a <code class="literal">system()</code>
    48614931    call to process the spool file. Typically the command specified will
     
    48994969        set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code>
    49004970</em></span>
    4901 </p></dd></dl></div></div><div class="section" title="printer admin (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331008"></a>
     4971</p></dd></dl></div></div><div class="section" title="printer admin (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331202"></a>
    49024972
    49034973printer admin (S)
    4904 </h3></div></div></div><a class="indexterm" name="id331010"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4974</h3></div></div></div><a class="indexterm" name="id331204"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>
    49054975        This lists users who can do anything to printers
    49064976        via the remote administration interfaces offered
     
    49184988</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code>
    49194989</em></span>
    4920 </p></dd></dl></div></div><div class="section" title="printer"><div class="titlepage"><div><div><h3 class="title"><a name="id331072"></a>
     4990</p></dd></dl></div></div><div class="section" title="printer"><div class="titlepage"><div><div><h3 class="title"><a name="id331266"></a>
    49214991
    49224992<a name="PRINTER"></a>printer
    4923 </h3></div></div></div><a class="indexterm" name="id331073"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" title="printer name (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331103"></a>
     4993</h3></div></div></div><a class="indexterm" name="id331267"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" title="printer name (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331297"></a>
    49244994
    49254995printer name (S)
    4926 </h3></div></div></div><a class="indexterm" name="id331104"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     4996</h3></div></div></div><a class="indexterm" name="id331298"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    49274997        This parameter specifies the name of the printer to which print jobs spooled through a printable service
    49284998        will be sent.
     
    49375007</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code>
    49385008</em></span>
    4939 </p></dd></dl></div></div><div class="section" title="printing (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331187"></a>
     5009</p></dd></dl></div></div><div class="section" title="printing (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331381"></a>
    49405010
    49415011printing (S)
    4942 </h3></div></div></div><a class="indexterm" name="id331188"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status  information is
     5012</h3></div></div></div><a class="indexterm" name="id331382"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status  information is
    49435013    interpreted on your system. It also affects the  default values for
    49445014    the <em class="parameter"><code>print command</code></em>,  <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and  <em class="parameter"><code>lprm command</code></em> if specified in the
     
    49575027<code class="literal">testparm -v.</code></code>
    49585028</em></span>
    4959 </p></dd></dl></div></div><div class="section" title="printjob username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331333"></a>
     5029</p></dd></dl></div></div><div class="section" title="printjob username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331527"></a>
    49605030
    49615031printjob username (S)
    4962 </h3></div></div></div><a class="indexterm" name="id331334"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
     5032</h3></div></div></div><a class="indexterm" name="id331528"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be
    49635033    passed to the printing system. Usually, the username is sent,
    49645034    but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code>
     
    49665036</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code>
    49675037</em></span>
    4968 </p></dd></dl></div></div><div class="section" title="print notify backchannel (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331392"></a>
     5038</p></dd></dl></div></div><div class="section" title="print notify backchannel (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331586"></a>
    49695039
    49705040print notify backchannel (S)
    4971 </h3></div></div></div><a class="indexterm" name="id331393"></a><a name="PRINTNOTIFYBACKCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Windows print clients can update print queue status by expecting
     5041</h3></div></div></div><a class="indexterm" name="id331587"></a><a name="PRINTNOTIFYBACKCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Windows print clients can update print queue status by expecting
    49725042        the server to open a backchannel SMB connection to them. Due to
    49735043        client firewall settings this can cause considerable timeouts
     
    49805050</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>print notify backchannel</code></em> = <code class="literal">yes</code>
    49815051</em></span>
    4982 </p></dd></dl></div></div><div class="section" title="private dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id331444"></a>
     5052</p></dd></dl></div></div><div class="section" title="private dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id331638"></a>
    49835053
    49845054private dir (G)
    4985 </h3></div></div></div><a class="indexterm" name="id331445"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
     5055</h3></div></div></div><a class="indexterm" name="id331639"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory
    49865056    smbd will use for storing such files as <code class="filename">smbpasswd</code>
    49875057    and <code class="filename">secrets.tdb</code>.
    49885058</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code>
    49895059</em></span>
    4990 </p></dd></dl></div></div><div class="section" title="profile acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331497"></a>
     5060</p></dd></dl></div></div><div class="section" title="profile acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331691"></a>
    49915061
    49925062profile acls (S)
    4993 </h3></div></div></div><a class="indexterm" name="id331498"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5063</h3></div></div></div><a class="indexterm" name="id331692"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    49945064        This boolean parameter was added to fix the problems that people have been
    49955065        having with storing user profiles on Samba shares from Windows 2000 or
     
    50175087        workstation profile code and has an ACL restricting entry to the directory
    50185088        tree to the owning user.
     5089        </p><p>
     5090        Note that this parameter should be set to yes on dedicated profile shares only.
     5091        On other shares, it might cause incorrect file ownerships.
    50195092        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code>
    50205093</em></span>
    5021 </p></dd></dl></div></div><div class="section" title="queuepause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331557"></a>
     5094</p></dd></dl></div></div><div class="section" title="queuepause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331761"></a>
    50225095
    50235096queuepause command (S)
    5024 </h3></div></div></div><a class="indexterm" name="id331558"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     5097</h3></div></div></div><a class="indexterm" name="id331762"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    50255098    executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes
    50265099    a printer name as its only parameter and stops the printer queue,
     
    50335106        server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code>
    50345107</em></span>
    5035 </p></dd></dl></div></div><div class="section" title="queueresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331628"></a>
     5108</p></dd></dl></div></div><div class="section" title="queueresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331832"></a>
    50365109
    50375110queueresume command (S)
    5038 </h3></div></div></div><a class="indexterm" name="id331629"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
     5111</h3></div></div></div><a class="indexterm" name="id331833"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be
    50395112    executed on the server host in order to resume the printer queue. It
    50405113    is the command to undo the behavior that is caused by the
     
    50515124</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code>
    50525125</em></span>
    5053 </p></dd></dl></div></div><div class="section" title="read list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331722"></a>
     5126</p></dd></dl></div></div><div class="section" title="read list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331926"></a>
    50545127
    50555128read list (S)
    5056 </h3></div></div></div><a class="indexterm" name="id331723"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5129</h3></div></div></div><a class="indexterm" name="id331927"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
    50575130        This is a list of users that are given read-only access to a service. If the connecting user is in this list
    50585131        then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set
     
    50645137</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code>
    50655138</em></span>
    5066 </p></dd></dl></div></div><div class="section" title="read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331816"></a>
     5139</p></dd></dl></div></div><div class="section" title="read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332020"></a>
    50675140
    50685141read only (S)
    5069 </h3></div></div></div><a class="indexterm" name="id331817"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
     5142</h3></div></div></div><a class="indexterm" name="id332021"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users
    50705143    of a service may not create or modify files in the service's
    50715144    directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>)
     
    50735146    (user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code>
    50745147</em></span>
    5075 </p></dd></dl></div></div><div class="section" title="read raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id331888"></a>
     5148</p></dd></dl></div></div><div class="section" title="read raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332092"></a>
    50765149
    50775150read raw (G)
    5078 </h3></div></div></div><a class="indexterm" name="id331890"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
     5151</h3></div></div></div><a class="indexterm" name="id332094"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
    50795152    will support the raw read SMB requests when transferring data
    50805153    to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in
     
    50855158        tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code>
    50865159</em></span>
    5087 </p></dd></dl></div></div><div class="section" title="realm (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id331944"></a>
     5160</p></dd></dl></div></div><div class="section" title="realm (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332148"></a>
    50885161
    50895162realm (G)
    5090 </h3></div></div></div><a class="indexterm" name="id331945"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
     5163</h3></div></div></div><a class="indexterm" name="id332149"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is
    50915164        used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It
    50925165        is usually set to the DNS name of the kerberos server.
     
    50955168</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code>
    50965169</em></span>
    5097 </p></dd></dl></div></div><div class="section" title="registry shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332006"></a>
     5170</p></dd></dl></div></div><div class="section" title="registry shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332211"></a>
    50985171
    50995172registry shares (G)
    5100 </h3></div></div></div><a class="indexterm" name="id332007"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5173</h3></div></div></div><a class="indexterm" name="id332212"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    51015174        This turns on or off support for share definitions read from
    51025175        registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take
     
    51135186</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>registry shares</code></em> = <code class="literal">yes</code>
    51145187</em></span>
    5115 </p></dd></dl></div></div><div class="section" title="remote announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332089"></a>
     5188</p></dd></dl></div></div><div class="section" title="remote announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332294"></a>
    51165189
    51175190remote announce (G)
    5118 </h3></div></div></div><a class="indexterm" name="id332090"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5191</h3></div></div></div><a class="indexterm" name="id332295"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    51195192        This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically announce itself
    51205193        to arbitrary IP addresses with an arbitrary workgroup name.
     
    51405213        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code>
    51415214</em></span>
    5142 </p></dd></dl></div></div><div class="section" title="remote browse sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332186"></a>
     5215</p></dd></dl></div></div><div class="section" title="remote browse sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332390"></a>
    51435216
    51445217remote browse sync (G)
    5145 </h3></div></div></div><a class="indexterm" name="id332187"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5218</h3></div></div></div><a class="indexterm" name="id332391"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    51465219        This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request
    51475220        synchronization of browse lists with the master browser of a Samba
     
    51755248        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code>
    51765249</em></span>
    5177 </p></dd></dl></div></div><div class="section" title="rename user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332290"></a>
     5250</p></dd></dl></div></div><div class="section" title="rename user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332490"></a>
    51785251
    51795252rename user script (G)
    5180 </h3></div></div></div><a class="indexterm" name="id332291"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5253</h3></div></div></div><a class="indexterm" name="id332491"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>
    51815254        This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below.
    51825255        </p><p>
     
    51965269        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>rename user script</code></em> = <code class="literal">no</code>
    51975270</em></span>
    5198 </p></dd></dl></div></div><div class="section" title="reset on zero vc (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332369"></a>
     5271</p></dd></dl></div></div><div class="section" title="reset on zero vc (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332569"></a>
    51995272
    52005273reset on zero vc (G)
    5201 </h3></div></div></div><a class="indexterm" name="id332370"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5274</h3></div></div></div><a class="indexterm" name="id332570"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    52025275        This boolean option controls whether an incoming session setup
    52035276        should kill other connections coming from the same IP. This matches
     
    52185291        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>reset on zero vc</code></em> = <code class="literal">no</code>
    52195292</em></span>
    5220 </p></dd></dl></div></div><div class="section" title="restrict anonymous (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332415"></a>
     5293</p></dd></dl></div></div><div class="section" title="restrict anonymous (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332616"></a>
    52215294
    52225295restrict anonymous (G)
    5223 </h3></div></div></div><a class="indexterm" name="id332416"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
     5296</h3></div></div></div><a class="indexterm" name="id332617"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and
    52245297    group list information is returned for an anonymous connection.
    52255298    and mirrors the effects of the
     
    52445317        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code>
    52455318</em></span>
    5246 </p></dd></dl></div></div><div class="section" title="root"><div class="titlepage"><div><div><h3 class="title"><a name="id332488"></a>
     5319</p></dd></dl></div></div><div class="section" title="root"><div class="titlepage"><div><div><h3 class="title"><a name="id332693"></a>
    52475320
    52485321<a name="ROOT"></a>root
    5249 </h3></div></div></div><a class="indexterm" name="id332490"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root dir"><div class="titlepage"><div><div><h3 class="title"><a name="id332521"></a>
     5322</h3></div></div></div><a class="indexterm" name="id332694"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root dir"><div class="titlepage"><div><div><h3 class="title"><a name="id332725"></a>
    52505323
    52515324<a name="ROOTDIR"></a>root dir
    5252 </h3></div></div></div><a class="indexterm" name="id332522"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332552"></a>
     5325</h3></div></div></div><a class="indexterm" name="id332726"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332756"></a>
    52535326
    52545327root directory (G)
    5255 </h3></div></div></div><a class="indexterm" name="id332553"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
     5328</h3></div></div></div><a class="indexterm" name="id332757"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.
    52565329    Change its root directory) to this directory on startup. This is
    52575330    not strictly necessary for secure operation. Even without it the
     
    52765349</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code>
    52775350</em></span>
    5278 </p></dd></dl></div></div><div class="section" title="root postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332664"></a>
     5351</p></dd></dl></div></div><div class="section" title="root postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332869"></a>
    52795352
    52805353root postexec (S)
    5281 </h3></div></div></div><a class="indexterm" name="id332665"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5354</h3></div></div></div><a class="indexterm" name="id332870"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    52825355        This is the same as the <em class="parameter"><code>postexec</code></em>
    52835356        parameter except that the command is run as root. This is useful for
     
    52855358        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code>
    52865359</em></span>
    5287 </p></dd></dl></div></div><div class="section" title="root preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332711"></a>
     5360</p></dd></dl></div></div><div class="section" title="root preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332916"></a>
    52885361
    52895362root preexec close (S)
    5290 </h3></div></div></div><a class="indexterm" name="id332712"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
     5363</h3></div></div></div><a class="indexterm" name="id332917"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close
    52915364        </code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code>
    52925365</em></span>
    5293 </p></dd></dl></div></div><div class="section" title="root preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332758"></a>
     5366</p></dd></dl></div></div><div class="section" title="root preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332963"></a>
    52945367
    52955368root preexec (S)
    5296 </h3></div></div></div><a class="indexterm" name="id332760"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5369</h3></div></div></div><a class="indexterm" name="id332964"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>
    52975370        This is the same as the <em class="parameter"><code>preexec</code></em>
    52985371        parameter except that the command is run as root. This is useful for
     
    53005373        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code>
    53015374</em></span>
    5302 </p></dd></dl></div></div><div class="section" title="rpc_server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332806"></a>
     5375</p></dd></dl></div></div><div class="section" title="rpc_server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333010"></a>
    53035376
    53045377rpc_server (G)
    5305 </h3></div></div></div><a class="indexterm" name="id332807"></a><a name="RPC_SERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5378</h3></div></div></div><a class="indexterm" name="id333011"></a><a name="RPC_SERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>
    53065379        Defines what kind of rpc server to use for a named pipe.
    53075380        The rpc_server prefix must be followed by the pipe name, and a value.
     
    53305403        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>rpc_server</code></em> = <code class="literal">none</code>
    53315404</em></span>
    5332 </p></dd></dl></div></div><div class="section" title="security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332905"></a>
     5405</p></dd></dl></div></div><div class="section" title="security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id333109"></a>
    53335406
    53345407security mask (S)
    5335 </h3></div></div></div><a class="indexterm" name="id332906"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5408</h3></div></div></div><a class="indexterm" name="id333110"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>
    53365409        This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
    53375410        UNIX permission on a file using the native NT security dialog box.
     
    53525425</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security mask</code></em> = <code class="literal">0770</code>
    53535426</em></span>
    5354 </p></dd></dl></div></div><div class="section" title="security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333001"></a>
     5427</p></dd></dl></div></div><div class="section" title="security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333205"></a>
    53555428
    53565429security (G)
    5357 </h3></div></div></div><a class="indexterm" name="id333002"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
     5430</h3></div></div></div><a class="indexterm" name="id333206"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to
    53585431    Samba and is one of the most important settings in the <code class="filename">
    53595432    smb.conf</code> file.</p><p>The option sets the "security mode bit" in replies to
     
    53625435    information to the server.</p><p>The default is <code class="literal">security = user</code>, as this is
    53635436    the most common setting needed when talking to Windows 98 and
    5364     Windows NT.</p><p>The alternatives are <code class="literal">security = share</code>,
    5365     <code class="literal">security = server</code> or <code class="literal">security = domain
    5366     </code>.</p><p>In versions of Samba prior to 2.0.0, the default was
     5437    Windows NT.</p><p>The alternatives are
     5438    <code class="literal">security = ads</code> or <code class="literal">security = domain
     5439    </code>, which support joining Samba to a Windows domain, along with <code class="literal">security = share</code> and <code class="literal">security = server</code>, both of which are deprecated.</p><p>In versions of Samba prior to 2.0.0, the default was
    53675440    <code class="literal">security = share</code> mainly because that was
    5368     the only option at one stage.</p><p>There is a bug in WfWg that has relevance to this
    5369     setting. When in user or server level security a WfWg client
    5370     will totally ignore the username and password you type in the "connect
    5371     drive" dialog box. This makes it very difficult (if not impossible)
    5372     to connect to a Samba service as anyone except the user that
    5373     you are logged into WfWg as.</p><p>If your PCs use usernames that are the same as their
    5374     usernames on the UNIX machine then you will want to use
    5375     <code class="literal">security = user</code>. If you mostly use usernames
    5376     that don't exist on the UNIX box then use <code class="literal">security =
    5377     share</code>.</p><p>You should also use <code class="literal">security = share</code> if you
     5441    the only option at one stage.</p><p>You should use <code class="literal">security = user</code> and
     5442    <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> if you
    53785443    want to mainly setup shares without a password (guest shares). This
    5379     is commonly used for a shared printer server. It is more difficult
    5380     to setup guest shares with <code class="literal">security = user</code>, see
    5381     the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em>
     5444    is commonly used for a shared printer server. </p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em>
    53825445    hybrid mode</em></span> where it is offers both user and share
    5383     level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server, they
     5446    level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba.
     5447    With user-level security a client must first "log-on" with a
     5448    valid username and password (which can be mapped using the <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a>
     5449    parameter). Encrypted passwords (see the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter) can also
     5450    be used in this security mode. Parameters such as <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> and <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> if set       are then applied and
     5451    may change the UNIX user to use on this connection, but only after
     5452    the user has been successfully authenticated.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
     5453    requested is <span class="emphasis"><em>not</em></span> sent to the server until after
     5454    the server has successfully authenticated the client. This is why
     5455    guest shares don't work in user level security without allowing
     5456    the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.
     5457    See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a class="citerefentry" href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this
     5458    machine into a Windows NT Domain. It expects the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a>
     5459        parameter to be set to <code class="constant">yes</code>. In this
     5460    mode Samba will try to validate the username/password by passing
     5461    it to a Windows NT Primary or Backup Domain Controller, in exactly
     5462    the same way that a Windows NT Server would do.</p><p><span class="emphasis"><em>Note</em></span> that a valid UNIX user must still
     5463    exist as well as the account on the Domain Controller to allow
     5464    Samba to have a valid UNIX account to map file access to.</p><p><span class="emphasis"><em>Note</em></span> that from the client's point
     5465    of view <code class="literal">security = domain</code> is the same
     5466    as <code class="literal">security = user</code>. It only
     5467    affects how the server deals with the authentication,
     5468    it does not in any way affect what the client sees.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
     5469    requested is <span class="emphasis"><em>not</em></span> sent to the server until after
     5470    the server has successfully authenticated the client. This is why
     5471    guest shares don't work in user level security without allowing
     5472    the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.
     5473    See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
     5474    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> parameter and
     5475         the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This option is deprecated as it is incompatible with SMB2</p></div><p>When clients connect to a share level security server, they
    53845476    need not log onto the server with a valid username and password before
    53855477    attempting to connect to a shared resource (although modern clients
     
    54165508    in share-level security as to which UNIX username will eventually
    54175509    be used in granting access.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
    5418     NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba 3.0.
    5419     With user-level security a client must first "log-on" with a
    5420     valid username and password (which can be mapped using the <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a>
    5421     parameter). Encrypted passwords (see the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter) can also
    5422     be used in this security mode. Parameters such as <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> and <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> if set       are then applied and
    5423     may change the UNIX user to use on this connection, but only after
    5424     the user has been successfully authenticated.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
    5425     requested is <span class="emphasis"><em>not</em></span> sent to the server until after
    5426     the server has successfully authenticated the client. This is why
    5427     guest shares don't work in user level security without allowing
    5428     the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.
    5429     See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a class="citerefentry" href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this
    5430     machine into a Windows NT Domain. It expects the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a>
    5431         parameter to be set to <code class="constant">yes</code>. In this
    5432     mode Samba will try to validate the username/password by passing
    5433     it to a Windows NT Primary or Backup Domain Controller, in exactly
    5434     the same way that a Windows NT Server would do.</p><p><span class="emphasis"><em>Note</em></span> that a valid UNIX user must still
    5435     exist as well as the account on the Domain Controller to allow
    5436     Samba to have a valid UNIX account to map file access to.</p><p><span class="emphasis"><em>Note</em></span> that from the client's point
    5437     of view <code class="literal">security = domain</code> is the same
    5438     as <code class="literal">security = user</code>. It only
    5439     affects how the server deals with the authentication,
    5440     it does not in any way affect what the client sees.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
    5441     requested is <span class="emphasis"><em>not</em></span> sent to the server until after
    5442     the server has successfully authenticated the client. This is why
    5443     guest shares don't work in user level security without allowing
    5444     the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.
    5445     See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
    5446     NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> parameter and
    5447          the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p>
    5448         In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an
     5510    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p>
     5511        In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an
    54495512        NT box. If this fails it will revert to <code class="literal">security = user</code>. It expects the
    54505513        <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter to be set to <code class="constant">yes</code>, unless the remote
     
    54555518    significant pitfalls since it is more vulnerable to
    54565519    man-in-the-middle attacks and server impersonation.  In particular,
    5457     this mode of operation can cause significant resource consuption on
     5520    this mode of operation can cause significant resource consumption on
    54585521    the PDC, as it must maintain an active connection for the duration
    54595522    of the user's session.  Furthermore, if this connection is lost,
    5460     there is no way to reestablish it, and futher authentications to the
     5523    there is no way to reestablish it, and further authentications to the
    54615524    Samba server may fail (from a single client, till it disconnects).
     5525        </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>If the client selects NTLMv2 authentication, then this mode of operation <span class="emphasis"><em>will fail</em></span>
    54625526        </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of
    54635527    view, <code class="literal">security = server</code> is the
    54645528    same as <code class="literal">security = user</code>.  It
    54655529    only affects how the server deals  with the authentication, it does
    5466         not in any way affect what the  client sees.</p></div><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
     5530        not in any way affect what the  client sees.</p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This option is deprecated, and may be removed in future</p></div><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
    54675531    requested is <span class="emphasis"><em>not</em></span> sent to the server until after
    54685532    the server has successfully authenticated the client. This is why
     
    54795543</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code>
    54805544</em></span>
    5481 </p></dd></dl></div></div><div class="section" title="send spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333789"></a>
     5545</p></dd></dl></div></div><div class="section" title="send spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333989"></a>
    54825546
    54835547send spnego principal (G)
    5484 </h3></div></div></div><a class="indexterm" name="id333790"></a><a name="SENDSPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
     5548</h3></div></div></div><a class="indexterm" name="id333990"></a><a name="SENDSPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not
    54855549    <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will send the
    54865550    server-supplied principal sometimes given in the SPNEGO
     
    54955559    this value in all circumstances. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>send spnego principal</code></em> = <code class="literal">no</code>
    54965560</em></span>
    5497 </p></dd></dl></div></div><div class="section" title="server schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333854"></a>
     5561</p></dd></dl></div></div><div class="section" title="server schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334054"></a>
    54985562
    54995563server schannel (G)
    5500 </h3></div></div></div><a class="indexterm" name="id333855"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5564</h3></div></div></div><a class="indexterm" name="id334055"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>
    55015565        This controls whether the server offers or even demands the use of the netlogon schannel.
    55025566        <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel.
     
    55095573</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code>
    55105574</em></span>
    5511 </p></dd></dl></div></div><div class="section" title="server signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333962"></a>
     5575</p></dd></dl></div></div><div class="section" title="server signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334161"></a>
    55125576
    55135577server signing (G)
    5514 </h3></div></div></div><a class="indexterm" name="id333963"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
     5578</h3></div></div></div><a class="indexterm" name="id334162"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values
    55155579    are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span>
    55165580    and <span class="emphasis"><em>disabled</em></span>.
     
    55195583        to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code>
    55205584</em></span>
    5521 </p></dd></dl></div></div><div class="section" title="server string (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334019"></a>
     5585</p></dd></dl></div></div><div class="section" title="server string (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334218"></a>
    55225586
    55235587server string (G)
    5524 </h3></div></div></div><a class="indexterm" name="id334020"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
     5588</h3></div></div></div><a class="indexterm" name="id334220"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print
    55255589        manager and next to the IPC connection in <code class="literal">net view</code>. It
    55265590        can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next
     
    55315595</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server string</code></em> = <code class="literal">University of GNUs Samba Server</code>
    55325596</em></span>
    5533 </p></dd></dl></div></div><div class="section" title="set directory (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334106"></a>
     5597</p></dd></dl></div></div><div class="section" title="set directory (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334305"></a>
    55345598
    55355599set directory (S)
    5536 </h3></div></div></div><a class="indexterm" name="id334107"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5600</h3></div></div></div><a class="indexterm" name="id334306"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    55375601        If <code class="literal">set directory = no</code>, then        users of the
    55385602        service may not use the setdir command to change directory.
     
    55435607        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code>
    55445608</em></span>
    5545 </p></dd></dl></div></div><div class="section" title="set primary group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334163"></a>
     5609</p></dd></dl></div></div><div class="section" title="set primary group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334363"></a>
    55465610
    55475611set primary group script (G)
    5548 </h3></div></div></div><a class="indexterm" name="id334164"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
     5612</h3></div></div></div><a class="indexterm" name="id334364"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a
    55495613        primary group in addition to the auxiliary groups.  This script
    55505614        sets the primary group in the unix userdatase when an
     
    55585622</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code>
    55595623</em></span>
    5560 </p></dd></dl></div></div><div class="section" title="set quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334240"></a>
     5624</p></dd></dl></div></div><div class="section" title="set quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334440"></a>
    55615625
    55625626set quota command (G)
    5563 </h3></div></div></div><a class="indexterm" name="id334241"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
     5627</h3></div></div></div><a class="indexterm" name="id334441"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used
    55645628        whenever there is no operating system API available from the OS that
    55655629        samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or
     
    55715635</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code>
    55725636</em></span>
    5573 </p></dd></dl></div></div><div class="section" title="share:fake_fscaps (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334394"></a>
     5637</p></dd></dl></div></div><div class="section" title="share:fake_fscaps (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334594"></a>
    55745638
    55755639share:fake_fscaps (G)
    5576 </h3></div></div></div><a class="indexterm" name="id334395"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5640</h3></div></div></div><a class="indexterm" name="id334595"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    55775641        This is needed to support some special application that makes
    55785642        QFSINFO calls to check whether we set the SPARSE_FILES bit
     
    55845648        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share:fake_fscaps</code></em> = <code class="literal">0</code>
    55855649</em></span>
    5586 </p></dd></dl></div></div><div class="section" title="share modes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334450"></a>
     5650</p></dd></dl></div></div><div class="section" title="share modes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334650"></a>
    55875651
    55885652share modes (S)
    5589 </h3></div></div></div><a class="indexterm" name="id334451"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
     5653</h3></div></div></div><a class="indexterm" name="id334651"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of
    55905654        the <em class="parameter"><code>share modes</code></em> during a file open. These
    55915655        modes are used by clients to gain exclusive read or write access
     
    55995663        off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code>
    56005664</em></span>
    5601 </p></dd></dl></div></div><div class="section" title="short preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334520"></a>
     5665</p></dd></dl></div></div><div class="section" title="short preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334720"></a>
    56025666
    56035667short preserve case (S)
    5604 </h3></div></div></div><a class="indexterm" name="id334522"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5668</h3></div></div></div><a class="indexterm" name="id334721"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>
    56055669        This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
    56065670        suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>.
     
    56095673        </p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code>
    56105674</em></span>
    5611 </p></dd></dl></div></div><div class="section" title="show add printer wizard (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334594"></a>
     5675</p></dd></dl></div></div><div class="section" title="show add printer wizard (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334794"></a>
    56125676
    56135677show add printer wizard (G)
    5614 </h3></div></div></div><a class="indexterm" name="id334595"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
     5678</h3></div></div></div><a class="indexterm" name="id334795"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support
    56155679    for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
    56165680    appear on Samba hosts in the share listing.  Normally this folder will
     
    56305694                administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code>
    56315695</em></span>
    5632 </p></dd></dl></div></div><div class="section" title="shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334667"></a>
     5696</p></dd></dl></div></div><div class="section" title="shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334866"></a>
    56335697
    56345698shutdown script (G)
    5635 </h3></div></div></div><a class="indexterm" name="id334668"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
     5699</h3></div></div></div><a class="indexterm" name="id334868"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by
    56365700         <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should
    56375701        start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
     
    56595723</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>shutdown script</code></em> = <code class="literal">/usr/local/samba/sbin/shutdown %m %t %r %f</code>
    56605724</em></span>
    5661 </p></dd></dl></div></div><div class="section" title="smb2 max credits (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334813"></a>
     5725</p></dd></dl></div></div><div class="section" title="smb2 max credits (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335013"></a>
    56625726
    56635727smb2 max credits (G)
    5664 </h3></div></div></div><a class="indexterm" name="id334814"></a><a name="SMB2MAXCREDITS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of outstanding simultaneous SMB2 operations
     5728</h3></div></div></div><a class="indexterm" name="id335014"></a><a name="SMB2MAXCREDITS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of outstanding simultaneous SMB2 operations
    56655729that Samba tells the client it will allow. This is similar to the <a class="link" href="smb.conf.5.html#MAXMUX" target="_top">max mux</a>
    56665730parameter for SMB1. You should never need to set this parameter.
    5667 </p><p>The default is 128 credits, which is the same as a Windows SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max credits</code></em> = <code class="literal">128</code>
    5668 </em></span>
    5669 </p></dd></dl></div></div><div class="section" title="smb2 max read (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334871"></a>
     5731</p><p>The default is 8192 credits, which is the same as a Windows 2008R2 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max credits</code></em> = <code class="literal">8192</code>
     5732</em></span>
     5733</p></dd></dl></div></div><div class="section" title="smb2 max read (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335070"></a>
    56705734
    56715735smb2 max read (G)
    5672 </h3></div></div></div><a class="indexterm" name="id334872"></a><a name="SMB2MAXREAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest
     5736</h3></div></div></div><a class="indexterm" name="id335071"></a><a name="SMB2MAXREAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest
    56735737size that may be returned by a single SMB2 read call.
    5674 </p><p>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max read</code></em> = <code class="literal">1048576</code>
    5675 </em></span>
    5676 </p></dd></dl></div></div><div class="section" title="smb2 max trans (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334924"></a>
     5738</p><p>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max read</code></em> = <code class="literal">65536</code>
     5739</em></span>
     5740</p></dd></dl></div></div><div class="section" title="smb2 max trans (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335124"></a>
    56775741
    56785742smb2 max trans (G)
    5679 </h3></div></div></div><a class="indexterm" name="id334925"></a><a name="SMB2MAXTRANS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest
     5743</h3></div></div></div><a class="indexterm" name="id335125"></a><a name="SMB2MAXTRANS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest
    56805744size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls.
    5681 </p><p>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max trans</code></em> = <code class="literal">1048576</code>
    5682 </em></span>
    5683 </p></dd></dl></div></div><div class="section" title="smb2 max write (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334979"></a>
     5745</p><p>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max trans</code></em> = <code class="literal">65536</code>
     5746</em></span>
     5747</p></dd></dl></div></div><div class="section" title="smb2 max write (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335179"></a>
    56845748
    56855749smb2 max write (G)
    5686 </h3></div></div></div><a class="indexterm" name="id334980"></a><a name="SMB2MAXWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest
     5750</h3></div></div></div><a class="indexterm" name="id335180"></a><a name="SMB2MAXWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest
    56875751size that may be sent to the server by a single SMB2 write call.
    5688 </p><p>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max write</code></em> = <code class="literal">1048576</code>
    5689 </em></span>
    5690 </p></dd></dl></div></div><div class="section" title="smb encrypt (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335033"></a>
     5752</p><p>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max write</code></em> = <code class="literal">65536</code>
     5753</em></span>
     5754</p></dd></dl></div></div><div class="section" title="smb encrypt (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335233"></a>
    56915755
    56925756smb encrypt (S)
    5693 </h3></div></div></div><a class="indexterm" name="id335034"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
     5757</h3></div></div></div><a class="indexterm" name="id335234"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an
    56945758    extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
    56955759    SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
     
    57195783    to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code>
    57205784</em></span>
    5721 </p></dd></dl></div></div><div class="section" title="smb passwd file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335124"></a>
     5785</p></dd></dl></div></div><div class="section" title="smb passwd file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335324"></a>
    57225786
    57235787smb passwd file (G)
    5724 </h3></div></div></div><a class="indexterm" name="id335125"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
     5788</h3></div></div></div><a class="indexterm" name="id335325"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By
    57255789    default the path to the smbpasswd file  is compiled into Samba.</p><p>
    57265790    An example of use is:
     
    57305794    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code>
    57315795</em></span>
    5732 </p></dd></dl></div></div><div class="section" title="smb ports (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335176"></a>
     5796</p></dd></dl></div></div><div class="section" title="smb ports (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335376"></a>
    57335797
    57345798smb ports (G)
    5735 </h3></div></div></div><a class="indexterm" name="id335177"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
    5736 </em></span>
    5737 </p></dd></dl></div></div><div class="section" title="socket address (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335217"></a>
     5799</h3></div></div></div><a class="indexterm" name="id335377"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>
     5800</em></span>
     5801</p></dd></dl></div></div><div class="section" title="socket address (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335416"></a>
    57385802
    57395803socket address (G)
    5740 </h3></div></div></div><a class="indexterm" name="id335218"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
     5804</h3></div></div></div><a class="indexterm" name="id335417"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what
    57415805        address Samba will listen for connections on. This is used to
    57425806        support multiple virtual interfaces on the one server, each
     
    57475811</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal">192.168.2.20</code>
    57485812</em></span>
    5749 </p></dd></dl></div></div><div class="section" title="socket options (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335283"></a>
     5813</p></dd></dl></div></div><div class="section" title="socket options (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335482"></a>
    57505814
    57515815socket options (G)
    5752 </h3></div></div></div><a class="indexterm" name="id335284"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
     5816</h3></div></div></div><a class="indexterm" name="id335483"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options
    57535817    to be used when talking with the client.</p><p>Socket options are controls on the networking layer
    57545818    of the operating systems which allow the connection to be
     
    57785842</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code>
    57795843</em></span>
    5780 </p></dd></dl></div></div><div class="section" title="stat cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335475"></a>
     5844</p></dd></dl></div></div><div class="section" title="stat cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335675"></a>
    57815845
    57825846stat cache (G)
    5783 </h3></div></div></div><a class="indexterm" name="id335476"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
     5847</h3></div></div></div><a class="indexterm" name="id335676"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to
    57845848        speed up case insensitive name mappings. You should never need
    57855849        to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code>
    57865850</em></span>
    5787 </p></dd></dl></div></div><div class="section" title="state directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335525"></a>
     5851</p></dd></dl></div></div><div class="section" title="state directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335725"></a>
    57885852
    57895853state directory (G)
    5790 </h3></div></div></div><a class="indexterm" name="id335526"></a><a name="STATEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the
     5854</h3></div></div></div><a class="indexterm" name="id335726"></a><a name="STATEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the
    57915855        <em class="parameter"><code>lock directory</code></em>. Since
    57925856        Samba 3.4.0, it is possible to differentiate between TDB files
     
    58005864</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>state directory</code></em> = <code class="literal">/var/run/samba/locks/state</code>
    58015865</em></span>
    5802 </p></dd></dl></div></div><div class="section" title="store dos attributes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335607"></a>
     5866</p></dd></dl></div></div><div class="section" title="store dos attributes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335807"></a>
    58035867
    58045868store dos attributes (S)
    5805 </h3></div></div></div><a class="indexterm" name="id335608"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5869</h3></div></div></div><a class="indexterm" name="id335808"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    58065870        If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
    58075871        READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
     
    58225886        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code>
    58235887</em></span>
    5824 </p></dd></dl></div></div><div class="section" title="strict allocate (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335731"></a>
     5888</p></dd></dl></div></div><div class="section" title="strict allocate (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335923"></a>
    58255889
    58265890strict allocate (S)
    5827 </h3></div></div></div><a class="indexterm" name="id335732"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
     5891</h3></div></div></div><a class="indexterm" name="id335924"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of
    58285892    disk space allocation in the server. When this is set to <code class="constant">yes</code>
    58295893    the server will change from UNIX behaviour of not committing real
     
    58315895    of actually forcing the disk system to allocate real storage blocks
    58325896    when a file is created or extended to be a given size. In UNIX
    5833     terminology this means that Samba will stop creating sparse files.
    5834     Modern UNIX filesystems now support extents and so in Samba 3.6.0 we
    5835     have changed this parameter to default to "yes". On older filesystems
    5836     without extents you might want to turn this parameter to "no".
    5837     </p><p>When you have an extent based filesystem it's likely that we can make
     5897    terminology this means that Samba will stop creating sparse files.</p><p>This option is really desgined for file systems that support
     5898    fast allocation of large numbers of blocks such as extent-based file systems.
     5899    On file systems that don't support extents (most notably ext3) this can
     5900    make Samba slower. When you work with large files over &gt;100MB on file
     5901    systems without extents you may even run into problems with clients
     5902    running into timeouts.</p><p>When you have an extent based filesystem it's likely that we can make
    58385903    use of unwritten extents which allows Samba to allocate even large amounts
    58395904    of space very fast and you will not see any timeout problems caused by
     
    58475912    performance and risk to let clients run into timeouts when creating large
    58485913    files. Examples are ext3, ZFS, HFS+ and most others, so be aware if you
    5849     leave the default setting on those filesystems.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">yes</code>
    5850 </em></span>
    5851 </p></dd></dl></div></div><div class="section" title="strict locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335795"></a>
     5914    activate this setting on those filesystems.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code>
     5915</em></span>
     5916</p></dd></dl></div></div><div class="section" title="strict locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335994"></a>
    58525917
    58535918strict locking (S)
    5854 </h3></div></div></div><a class="indexterm" name="id335796"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5919</h3></div></div></div><a class="indexterm" name="id335995"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>
    58555920        This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>,
    58565921        the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on
     
    58685933        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code>
    58695934</em></span>
    5870 </p></dd></dl></div></div><div class="section" title="strict sync (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335868"></a>
     5935</p></dd></dl></div></div><div class="section" title="strict sync (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336066"></a>
    58715936
    58725937strict sync (S)
    5873 </h3></div></div></div><a class="indexterm" name="id335869"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
     5938</h3></div></div></div><a class="indexterm" name="id336067"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer
    58745939    shell) seem to confuse flushing buffer contents to disk with doing
    58755940    a sync to disk. Under UNIX, a sync call forces the process to be
     
    58855950    reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code>
    58865951</em></span>
    5887 </p></dd></dl></div></div><div class="section" title="svcctl list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335926"></a>
     5952</p></dd></dl></div></div><div class="section" title="svcctl list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336124"></a>
    58885953
    58895954svcctl list (G)
    5890 </h3></div></div></div><a class="indexterm" name="id335927"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
     5955</h3></div></div></div><a class="indexterm" name="id336125"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd
    58915956    will use for starting and stopping Unix services via the Win32
    58925957    ServiceControl API.  This allows Windows administrators to
     
    59015966</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>svcctl list</code></em> = <code class="literal">cups postfix portmap httpd</code>
    59025967</em></span>
    5903 </p></dd></dl></div></div><div class="section" title="sync always (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336006"></a>
     5968</p></dd></dl></div></div><div class="section" title="sync always (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336204"></a>
    59045969
    59055970sync always (S)
    5906 </h3></div></div></div><a class="indexterm" name="id336007"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
     5971</h3></div></div></div><a class="indexterm" name="id336205"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls
    59075972    whether writes will always be written to stable storage before
    59085973    the write call returns. If this is <code class="constant">no</code> then the server will be
     
    59155980    any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code>
    59165981</em></span>
    5917 </p></dd></dl></div></div><div class="section" title="syslog only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336072"></a>
     5982</p></dd></dl></div></div><div class="section" title="syslog only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336271"></a>
    59185983
    59195984syslog only (G)
    5920 </h3></div></div></div><a class="indexterm" name="id336074"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5985</h3></div></div></div><a class="indexterm" name="id336272"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    59215986    If this parameter is set then Samba debug messages are logged into the system
    59225987    syslog only, and not to the debug log files. There still will be some
     
    59245989    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code>
    59255990</em></span>
    5926 </p></dd></dl></div></div><div class="section" title="syslog (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336118"></a>
     5991</p></dd></dl></div></div><div class="section" title="syslog (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336316"></a>
    59275992
    59285993syslog (G)
    5929 </h3></div></div></div><a class="indexterm" name="id336119"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
     5994</h3></div></div></div><a class="indexterm" name="id336317"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>
    59305995    This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
    59315996    Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto
     
    59386003    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code>
    59396004</em></span>
    5940 </p></dd></dl></div></div><div class="section" title="template homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336185"></a>
     6005</p></dd></dl></div></div><div class="section" title="template homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336383"></a>
    59416006
    59426007template homedir (G)
    5943 </h3></div></div></div><a class="indexterm" name="id336186"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
     6008</h3></div></div></div><a class="indexterm" name="id336384"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
    59446009        user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon  uses this
    59456010        parameter to fill in the home directory for that user. If the
     
    59496014        is substituted with the user's Windows  NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code>
    59506015</em></span>
    5951 </p></dd></dl></div></div><div class="section" title="template shell (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336247"></a>
     6016</p></dd></dl></div></div><div class="section" title="template shell (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336445"></a>
    59526017
    59536018template shell (G)
    5954 </h3></div></div></div><a class="indexterm" name="id336248"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
     6019</h3></div></div></div><a class="indexterm" name="id336446"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT
    59556020        user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this
    5956         parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="time offset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336284"></a>
     6021        parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="time offset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336482"></a>
    59576022
    59586023time offset (G)
    5959 </h3></div></div></div><a class="indexterm" name="id336285"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add
     6024</h3></div></div></div><a class="indexterm" name="id336483"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This deprecated parameter is a setting in minutes to add
    59606025        to the normal GMT to local time conversion. This is useful if
    59616026        you are serving a lot of PCs that have incorrect daylight
    5962         saving time handling.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code>
     6027        saving time handling.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This option is deprecated, and will be removed in the next major release</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code>
    59636028</em></span>
    59646029</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code>
    59656030</em></span>
    5966 </p></dd></dl></div></div><div class="section" title="time server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336343"></a>
     6031</p></dd></dl></div></div><div class="section" title="time server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336547"></a>
    59676032
    59686033time server (G)
    5969 </h3></div></div></div><a class="indexterm" name="id336344"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
     6034</h3></div></div></div><a class="indexterm" name="id336548"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows
    59706035clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code>
    59716036</em></span>
    5972 </p></dd></dl></div></div><div class="section" title="unix charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336393"></a>
     6037</p></dd></dl></div></div><div class="section" title="unix charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336596"></a>
    59736038
    59746039unix charset (G)
    5975 </h3></div></div></div><a class="indexterm" name="id336394"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
     6040</h3></div></div></div><a class="indexterm" name="id336597"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine
    59766041                Samba runs on uses. Samba needs to know this in order to be able to
    59776042                convert text to the charsets other SMB clients use.
     
    59826047</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code>
    59836048</em></span>
    5984 </p></dd></dl></div></div><div class="section" title="unix extensions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336456"></a>
     6049</p></dd></dl></div></div><div class="section" title="unix extensions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336659"></a>
    59856050
    59866051unix extensions (G)
    5987 </h3></div></div></div><a class="indexterm" name="id336457"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
     6052</h3></div></div></div><a class="indexterm" name="id336660"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
    59886053    implements the CIFS UNIX extensions, as defined by HP.
    59896054    These extensions enable Samba to better serve UNIX CIFS clients
     
    59936058    Note if this parameter is turned on, the <a class="link" href="smb.conf.5.html#WIDELINKS" target="_top">wide links</a>
    59946059    parameter will automatically be disabled.
     6060    </p><p>
     6061    See the parameter <a class="link" href="smb.conf.5.html#ALLOWINSECUREWIDELINKS" target="_top">allow insecure wide links</a>
     6062    if you wish to change this coupling between the two parameters.
    59956063    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code>
    59966064</em></span>
    5997 </p></dd></dl></div></div><div class="section" title="unix password sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336517"></a>
     6065</p></dd></dl></div></div><div class="section" title="unix password sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336732"></a>
    59986066
    59996067unix password sync (G)
    6000 </h3></div></div></div><a class="indexterm" name="id336518"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
     6068</h3></div></div></div><a class="indexterm" name="id336733"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba
    60016069    attempts to synchronize the UNIX password with the SMB password
    60026070    when the encrypted SMB password in the smbpasswd file is changed.
     
    60076075        access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code>
    60086076</em></span>
    6009 </p></dd></dl></div></div><div class="section" title="use client driver (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336574"></a>
     6077</p></dd></dl></div></div><div class="section" title="use client driver (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336789"></a>
    60106078
    60116079use client driver (S)
    6012 </h3></div></div></div><a class="indexterm" name="id336575"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
     6080</h3></div></div></div><a class="indexterm" name="id336790"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000
    60136081    clients.  It has no effect on Windows 95/98/ME clients.  When
    60146082    serving a printer to Windows NT/2000 clients without first installing
     
    60356103        server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code>
    60366104</em></span>
    6037 </p></dd></dl></div></div><div class="section" title="use mmap (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336642"></a>
     6105</p></dd></dl></div></div><div class="section" title="use mmap (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336857"></a>
    60386106
    60396107use mmap (G)
    6040 </h3></div></div></div><a class="indexterm" name="id336643"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
     6108</h3></div></div></div><a class="indexterm" name="id336858"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can
    60416109    depend on mmap working correctly on the running system. Samba requires a coherent
    60426110    mmap/read-write system memory cache. Currently only HPUX does not have such a
     
    60476115    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code>
    60486116</em></span>
    6049 </p></dd></dl></div></div><div class="section" title="username level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336690"></a>
     6117</p></dd></dl></div></div><div class="section" title="username level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336905"></a>
    60506118
    60516119username level (G)
    6052 </h3></div></div></div><a class="indexterm" name="id336691"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
     6120</h3></div></div></div><a class="indexterm" name="id336906"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at
    60536121    the real UNIX username, as many DOS clients send an all-uppercase
    60546122    username. By default Samba tries all lowercase, followed by the
     
    60656133</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username level</code></em> = <code class="literal">5</code>
    60666134</em></span>
    6067 </p></dd></dl></div></div><div class="section" title="username map cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336763"></a>
     6135</p></dd></dl></div></div><div class="section" title="username map cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336979"></a>
    60686136
    60696137username map cache time (G)
    6070 </h3></div></div></div><a class="indexterm" name="id336764"></a><a name="USERNAMEMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6138</h3></div></div></div><a class="indexterm" name="id336980"></a><a name="USERNAMEMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>
    60716139        Mapping usernames with the <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a>
    60726140        or <a class="link" href="smb.conf.5.html#USERNAMEMAPSCRIPT" target="_top">username map script</a>
     
    60856153</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map cache time</code></em> = <code class="literal">60</code>
    60866154</em></span>
    6087 </p></dd></dl></div></div><div class="section" title="username map script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336873"></a>
     6155</p></dd></dl></div></div><div class="section" title="username map script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337089"></a>
    60886156
    60896157username map script (G)
    6090 </h3></div></div></div><a class="indexterm" name="id336874"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
     6158</h3></div></div></div><a class="indexterm" name="id337090"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the
    60916159        <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> parameter.  This parameter
    60926160        specifies and external program or script that must accept a single
     
    60996167</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map script</code></em> = <code class="literal">/etc/samba/scripts/mapusers.sh</code>
    61006168</em></span>
    6101 </p></dd></dl></div></div><div class="section" title="username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336944"></a>
     6169</p></dd></dl></div></div><div class="section" title="username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337160"></a>
    61026170
    61036171username map (G)
    6104 </h3></div></div></div><a class="indexterm" name="id336945"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6172</h3></div></div></div><a class="indexterm" name="id337161"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    61056173        This option allows you to specify a file containing a mapping of usernames from the clients to the server.
    61066174        This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
     
    61866254# no username map</code>
    61876255</em></span>
    6188 </p></dd></dl></div></div><div class="section" title="user"><div class="titlepage"><div><div><h3 class="title"><a name="id337186"></a>
     6256</p></dd></dl></div></div><div class="section" title="user"><div class="titlepage"><div><div><h3 class="title"><a name="id337402"></a>
    61896257
    61906258<a name="USER"></a>user
    6191 </h3></div></div></div><a class="indexterm" name="id337187"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="users"><div class="titlepage"><div><div><h3 class="title"><a name="id337217"></a>
     6259</h3></div></div></div><a class="indexterm" name="id337403"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="users"><div class="titlepage"><div><div><h3 class="title"><a name="id337433"></a>
    61926260
    61936261<a name="USERS"></a>users
    6194 </h3></div></div></div><a class="indexterm" name="id337218"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id337248"></a>
     6262</h3></div></div></div><a class="indexterm" name="id337434"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id337465"></a>
    61956263
    61966264username (S)
    6197 </h3></div></div></div><a class="indexterm" name="id337250"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
     6265</h3></div></div></div><a class="indexterm" name="id337466"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited
    61986266    list, in which case the supplied password will be tested against
    6199     each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when
     6267    each username in turn (left to right).</p><p>The deprecated <em class="parameter"><code>username</code></em> line is needed only when
    62006268    the PC is unable to supply its own username. This is the case
    62016269    for the COREPLUS protocol or where your users have different WfWg
     
    62336301</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code>
    62346302</em></span>
    6235 </p></dd></dl></div></div><div class="section" title="usershare allow guests (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337395"></a>
     6303</p></dd></dl></div></div><div class="section" title="usershare allow guests (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337611"></a>
    62366304
    62376305usershare allow guests (G)
    6238 </h3></div></div></div><a class="indexterm" name="id337396"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
     6306</h3></div></div></div><a class="indexterm" name="id337612"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed
    62396307        to be accessed by non-authenticated users or not. It is the equivalent
    62406308        of allowing people who can create a share the option of setting
     
    62436311        is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code>
    62446312</em></span>
    6245 </p></dd></dl></div></div><div class="section" title="usershare max shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337444"></a>
     6313</p></dd></dl></div></div><div class="section" title="usershare max shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337660"></a>
    62466314
    62476315usershare max shares (G)
    6248 </h3></div></div></div><a class="indexterm" name="id337445"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
     6316</h3></div></div></div><a class="indexterm" name="id337661"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares
    62496317        that are allowed to be created by users belonging to the group owning the
    62506318        usershare directory. If set to zero (the default) user defined shares are ignored.
    62516319        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code>
    62526320</em></span>
    6253 </p></dd></dl></div></div><div class="section" title="usershare owner only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337486"></a>
     6321</p></dd></dl></div></div><div class="section" title="usershare owner only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337702"></a>
    62546322
    62556323usershare owner only (G)
    6256 </h3></div></div></div><a class="indexterm" name="id337487"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
     6324</h3></div></div></div><a class="indexterm" name="id337703"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by
    62576325        a user defined shares must be owned by the user creating the
    62586326        user defined share or not. If set to True (the default) then
     
    62646332        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code>
    62656333</em></span>
    6266 </p></dd></dl></div></div><div class="section" title="usershare path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337530"></a>
     6334</p></dd></dl></div></div><div class="section" title="usershare path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337746"></a>
    62676335
    62686336usershare path (G)
    6269 </h3></div></div></div><a class="indexterm" name="id337531"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
     6337</h3></div></div></div><a class="indexterm" name="id337747"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the
    62706338        filesystem used to store the user defined share definition files.
    62716339        This directory must be owned by root, and have no access for
     
    62886356        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code>
    62896357</em></span>
    6290 </p></dd></dl></div></div><div class="section" title="usershare prefix allow list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337594"></a>
     6358</p></dd></dl></div></div><div class="section" title="usershare prefix allow list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337810"></a>
    62916359
    62926360usershare prefix allow list (G)
    6293 </h3></div></div></div><a class="indexterm" name="id337595"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
     6361</h3></div></div></div><a class="indexterm" name="id337811"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
    62946362        the root of which are allowed to be exported by user defined share definitions.
    62956363        If the pathname to be exported doesn't start with one of the strings in this
     
    63066374</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code>
    63076375</em></span>
    6308 </p></dd></dl></div></div><div class="section" title="usershare prefix deny list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337661"></a>
     6376</p></dd></dl></div></div><div class="section" title="usershare prefix deny list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337877"></a>
    63096377
    63106378usershare prefix deny list (G)
    6311 </h3></div></div></div><a class="indexterm" name="id337662"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
     6379</h3></div></div></div><a class="indexterm" name="id337878"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames
    63126380        the root of which are NOT allowed to be exported by user defined share definitions.
    63136381        If the pathname exported starts with one of the strings in this
     
    63256393</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code>
    63266394</em></span>
    6327 </p></dd></dl></div></div><div class="section" title="usershare template share (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337728"></a>
     6395</p></dd></dl></div></div><div class="section" title="usershare template share (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337944"></a>
    63286396
    63296397usershare template share (G)
    6330 </h3></div></div></div><a class="indexterm" name="id337729"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
     6398</h3></div></div></div><a class="indexterm" name="id337945"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters
    63316399        such as path, guest ok, etc. This parameter allows usershares to
    63326400        "cloned" from an existing share. If "usershare template share"
     
    63436411</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code>
    63446412</em></span>
    6345 </p></dd></dl></div></div><div class="section" title="use sendfile (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id337795"></a>
     6413</p></dd></dl></div></div><div class="section" title="use sendfile (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338011"></a>
    63466414
    63476415use sendfile (S)
    6348 </h3></div></div></div><a class="indexterm" name="id337796"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
     6416</h3></div></div></div><a class="indexterm" name="id338012"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>
    63496417    system call is supported by the underlying operating system, then some SMB read calls
    63506418    (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
     
    63556423    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use sendfile</code></em> = <code class="literal">false</code>
    63566424</em></span>
    6357 </p></dd></dl></div></div><div class="section" title="use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337847"></a>
     6425</p></dd></dl></div></div><div class="section" title="use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338063"></a>
    63586426
    63596427use spnego (G)
    6360 </h3></div></div></div><a class="indexterm" name="id337848"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try
     6428</h3></div></div></div><a class="indexterm" name="id338064"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This deprecated variable controls controls whether samba will try
    63616429    to use Simple and Protected NEGOciation (as specified by rfc2478) with
    63626430    WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
     
    63666434        disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code>
    63676435</em></span>
    6368 </p></dd></dl></div></div><div class="section" title="utmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337894"></a>
     6436</p></dd></dl></div></div><div class="section" title="utmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338110"></a>
    63696437
    63706438utmp directory (G)
    6371 </h3></div></div></div><a class="indexterm" name="id337895"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
     6439</h3></div></div></div><a class="indexterm" name="id338111"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has
    63726440        been configured and compiled with the option <code class="literal">
    63736441        --with-utmp</code>. It specifies a directory pathname that is
     
    63816449</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>utmp directory</code></em> = <code class="literal">/var/run/utmp</code>
    63826450</em></span>
    6383 </p></dd></dl></div></div><div class="section" title="utmp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337967"></a>
     6451</p></dd></dl></div></div><div class="section" title="utmp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338183"></a>
    63846452
    63856453utmp (G)
    6386 </h3></div></div></div><a class="indexterm" name="id337968"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6454</h3></div></div></div><a class="indexterm" name="id338184"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>
    63876455        This boolean parameter is only available if Samba has been configured and compiled 
    63886456        with the option <code class="literal">--with-utmp</code>. If set to
     
    63966464        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code>
    63976465</em></span>
    6398 </p></dd></dl></div></div><div class="section" title="valid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338025"></a>
     6466</p></dd></dl></div></div><div class="section" title="valid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338241"></a>
    63996467
    64006468valid users (S)
    6401 </h3></div></div></div><a class="indexterm" name="id338026"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6469</h3></div></div></div><a class="indexterm" name="id338242"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>
    64026470    This is a list of users that should be allowed to login to this service. Names starting with
    64036471    '@', '+' and  '&amp;' are interpreted using the same rules as described in the
     
    64156483</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>valid users</code></em> = <code class="literal">greg, @pcusers</code>
    64166484</em></span>
    6417 </p></dd></dl></div></div><div class="section" title="-valid (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338111"></a>
     6485</p></dd></dl></div></div><div class="section" title="-valid (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338327"></a>
    64186486
    64196487-valid (S)
    6420 </h3></div></div></div><a class="indexterm" name="id338112"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
     6488</h3></div></div></div><a class="indexterm" name="id338328"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is
    64216489        valid and thus can be used. When this parameter is set to false,
    64226490        the share will be in no way visible nor accessible.
     
    64276495        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code>
    64286496</em></span>
    6429 </p></dd></dl></div></div><div class="section" title="veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338157"></a>
     6497</p></dd></dl></div></div><div class="section" title="veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338374"></a>
    64306498
    64316499veto files (S)
    6432 </h3></div></div></div><a class="indexterm" name="id338158"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6500</h3></div></div></div><a class="indexterm" name="id338375"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    64336501        This is a list of files and directories that are neither visible nor accessible.  Each entry in
    64346502        the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
     
    64616529        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto files</code></em> = <code class="literal">No files or directories are vetoed.</code>
    64626530</em></span>
    6463 </p></dd></dl></div></div><div class="section" title="veto oplock files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338264"></a>
     6531</p></dd></dl></div></div><div class="section" title="veto oplock files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338481"></a>
    64646532
    64656533veto oplock files (S)
    6466 </h3></div></div></div><a class="indexterm" name="id338266"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6534</h3></div></div></div><a class="indexterm" name="id338482"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>
    64676535        This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>
    64686536        parameter is turned on for a share. It allows the Samba administrator
     
    64856553# No files are vetoed for oplock grants</code>
    64866554</em></span>
    6487 </p></dd></dl></div></div><div class="section" title="vfs object"><div class="titlepage"><div><div><h3 class="title"><a name="id338350"></a>
     6555</p></dd></dl></div></div><div class="section" title="vfs object"><div class="titlepage"><div><div><h3 class="title"><a name="id338567"></a>
    64886556
    64896557<a name="VFSOBJECT"></a>vfs object
    6490 </h3></div></div></div><a class="indexterm" name="id338351"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" title="vfs objects (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338382"></a>
     6558</h3></div></div></div><a class="indexterm" name="id338568"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" title="vfs objects (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338598"></a>
    64916559
    64926560vfs objects (S)
    6493 </h3></div></div></div><a class="indexterm" name="id338383"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
     6561</h3></div></div></div><a class="indexterm" name="id338599"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which
    64946562        are used for Samba VFS I/O operations.  By default, normal
    64956563        disk I/O operations are used but these can be overloaded
     
    64986566</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code>
    64996567</em></span>
    6500 </p></dd></dl></div></div><div class="section" title="volume (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338440"></a>
     6568</p></dd></dl></div></div><div class="section" title="volume (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338656"></a>
    65016569
    65026570volume (S)
    6503 </h3></div></div></div><a class="indexterm" name="id338441"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
     6571</h3></div></div></div><a class="indexterm" name="id338658"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label
    65046572        returned for a share. Useful for CDROMs with installation programs
    65056573        that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal">
    65066574# the name of the share</code>
    65076575</em></span>
    6508 </p></dd></dl></div></div><div class="section" title="wide links (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338482"></a>
     6576</p></dd></dl></div></div><div class="section" title="wide links (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338698"></a>
    65096577
    65106578wide links (S)
    6511 </h3></div></div></div><a class="indexterm" name="id338483"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
     6579</h3></div></div></div><a class="indexterm" name="id338699"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links
    65126580        in the UNIX file system may be followed by the server. Links
    65136581        that point to areas within the directory tree exported by the
     
    65206588        disabled (with a message in the log file) if the
    65216589        <a class="link" href="smb.conf.5.html#UNIXEXTENSIONS" target="_top">unix extensions</a> option is on.
     6590        </p><p>
     6591        See the parameter <a class="link" href="smb.conf.5.html#ALLOWINSECUREWIDELINKS" target="_top">allow insecure wide links</a>
     6592        if you wish to change this coupling between the two parameters.
    65226593        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wide links</code></em> = <code class="literal">no</code>
    65236594</em></span>
    6524 </p></dd></dl></div></div><div class="section" title="winbind cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338542"></a>
     6595</p></dd></dl></div></div><div class="section" title="winbind cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338773"></a>
    65256596
    65266597winbind cache time (G)
    6527 </h3></div></div></div><a class="indexterm" name="id338543"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
     6598</h3></div></div></div><a class="indexterm" name="id338774"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
    65286599        seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache
    65296600        user and group information before querying a Windows NT server
     
    65336604        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code>
    65346605</em></span>
    6535 </p></dd></dl></div></div><div class="section" title="winbind enum groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338609"></a>
     6606</p></dd></dl></div></div><div class="section" title="winbind enum groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338839"></a>
    65366607
    65376608winbind enum groups (G)
    6538 </h3></div></div></div><a class="indexterm" name="id338610"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
     6609</h3></div></div></div><a class="indexterm" name="id338840"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
    65396610        the enumeration of groups through the <code class="literal">setgrent()</code>,
    65406611        <code class="literal">getgrent()</code> and
     
    65446615        call will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly.  </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code>
    65456616</em></span>
    6546 </p></dd></dl></div></div><div class="section" title="winbind enum users (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338697"></a>
     6617</p></dd></dl></div></div><div class="section" title="winbind enum users (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338927"></a>
    65476618
    65486619winbind enum users (G)
    6549 </h3></div></div></div><a class="indexterm" name="id338698"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
     6620</h3></div></div></div><a class="indexterm" name="id338928"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be
    65506621        necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>,
    65516622         <code class="literal">getpwent()</code> and
     
    65596630        usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code>
    65606631</em></span>
    6561 </p></dd></dl></div></div><div class="section" title="winbind expand groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338786"></a>
     6632</p></dd></dl></div></div><div class="section" title="winbind expand groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339016"></a>
    65626633
    65636634winbind expand groups (G)
    6564 </h3></div></div></div><a class="indexterm" name="id338787"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
     6635</h3></div></div></div><a class="indexterm" name="id339017"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd
    65656636              will traverse when flattening nested group memberships
    65666637              of Windows domain groups.  This is different from the
     
    65746645         incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code>
    65756646</em></span>
    6576 </p></dd></dl></div></div><div class="section" title="winbind max clients (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338848"></a>
     6647</p></dd></dl></div></div><div class="section" title="winbind max clients (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339078"></a>
    65776648
    65786649winbind max clients (G)
    6579 </h3></div></div></div><a class="indexterm" name="id338849"></a><a name="WINBINDMAXCLIENTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of clients
     6650</h3></div></div></div><a class="indexterm" name="id339079"></a><a name="WINBINDMAXCLIENTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of clients
    65806651        the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon can connect with.
    65816652        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind max clients</code></em> = <code class="literal">200</code>
    65826653</em></span>
    6583 </p></dd></dl></div></div><div class="section" title="winbind max domain connections (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338897"></a>
     6654</p></dd></dl></div></div><div class="section" title="winbind max domain connections (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339128"></a>
    65846655
    65856656winbind max domain connections (G)
    6586 </h3></div></div></div><a class="indexterm" name="id338898"></a><a name="WINBINDMAXDOMAINCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of simultaneous
     6657</h3></div></div></div><a class="indexterm" name="id339129"></a><a name="WINBINDMAXDOMAINCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of simultaneous
    65876658        connections that the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should open to the
    65886659        domain controller of one domain.
     
    65986669</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind max domain connections</code></em> = <code class="literal">10</code>
    65996670</em></span>
    6600 </p></dd></dl></div></div><div class="section" title="winbind nested groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338983"></a>
     6671</p></dd></dl></div></div><div class="section" title="winbind nested groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339213"></a>
    66016672
    66026673winbind nested groups (G)
    6603 </h3></div></div></div><a class="indexterm" name="id338984"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
     6674</h3></div></div></div><a class="indexterm" name="id339214"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested
    66046675                 groups. Nested groups are also called local groups or
    66056676                 aliases. They work like their counterparts in Windows: Nested
     
    66096680                 groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code>
    66106681</em></span>
    6611 </p></dd></dl></div></div><div class="section" title="winbind normalize names (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339032"></a>
     6682</p></dd></dl></div></div><div class="section" title="winbind normalize names (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339258"></a>
    66126683
    66136684winbind normalize names (G)
    6614 </h3></div></div></div><a class="indexterm" name="id339033"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
     6685</h3></div></div></div><a class="indexterm" name="id339259"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace
    66156686          whitespace in user and group names with an underscore (_) character.
    66166687          For example, whether the name "Space Kadet" should be
     
    66326703</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code>
    66336704</em></span>
    6634 </p></dd></dl></div></div><div class="section" title="winbind nss info (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339101"></a>
     6705</p></dd></dl></div></div><div class="section" title="winbind nss info (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339327"></a>
    66356706
    66366707winbind nss info (G)
    6637 </h3></div></div></div><a class="indexterm" name="id339102"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
     6708</h3></div></div></div><a class="indexterm" name="id339328"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name
    66386709        Service Information to construct a user's home directory and login shell.
    66396710        Currently the following settings are available:
     
    66566727</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">sfu</code>
    66576728</em></span>
    6658 </p></dd></dl></div></div><div class="section" title="winbind offline logon (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339208"></a>
     6729</p></dd></dl></div></div><div class="section" title="winbind offline logon (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339434"></a>
    66596730
    66606731winbind offline logon (G)
    6661 </h3></div></div></div><a class="indexterm" name="id339209"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
     6732</h3></div></div></div><a class="indexterm" name="id339435"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should
    66626733        allow to login with the <em class="parameter"><code>pam_winbind</code></em>
    66636734        module using Cached Credentials. If enabled, winbindd will store user credentials
     
    66676738</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code>
    66686739</em></span>
    6669 </p></dd></dl></div></div><div class="section" title="winbind reconnect delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339274"></a>
     6740</p></dd></dl></div></div><div class="section" title="winbind reconnect delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339500"></a>
    66706741
    66716742winbind reconnect delay (G)
    6672 </h3></div></div></div><a class="indexterm" name="id339275"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
     6743</h3></div></div></div><a class="indexterm" name="id339501"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of
    66736744        seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will wait between
    66746745        attempts to contact a Domain controller for a domain that is
    66756746        determined to be down or not contactable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind reconnect delay</code></em> = <code class="literal">30</code>
    66766747</em></span>
    6677 </p></dd></dl></div></div><div class="section" title="winbind refresh tickets (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339324"></a>
     6748</p></dd></dl></div></div><div class="section" title="winbind refresh tickets (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339550"></a>
    66786749
    66796750winbind refresh tickets (G)
    6680 </h3></div></div></div><a class="indexterm" name="id339325"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
     6751</h3></div></div></div><a class="indexterm" name="id339551"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets
    66816752        retrieved using the <em class="parameter"><code>pam_winbind</code></em> module.
    66826753
     
    66856756</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code>
    66866757</em></span>
    6687 </p></dd></dl></div></div><div class="section" title="winbind rpc only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339389"></a>
     6758</p></dd></dl></div></div><div class="section" title="winbind rpc only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339615"></a>
    66886759
    66896760winbind rpc only (G)
    6690 </h3></div></div></div><a class="indexterm" name="id339390"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6761</h3></div></div></div><a class="indexterm" name="id339616"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    66916762        Setting this parameter to <code class="literal">yes</code> forces
    66926763        winbindd to use RPC instead of LDAP to retrieve information from Domain
     
    66946765        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code>
    66956766</em></span>
    6696 </p></dd></dl></div></div><div class="section" title="winbind separator (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339436"></a>
     6767</p></dd></dl></div></div><div class="section" title="winbind separator (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339662"></a>
    66976768
    66986769winbind separator (G)
    6699 </h3></div></div></div><a class="indexterm" name="id339437"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
     6770</h3></div></div></div><a class="indexterm" name="id339664"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character
    67006771        used when listing a username of the form of <em class="replaceable"><code>DOMAIN
    67016772        </code></em>\<em class="replaceable"><code>user</code></em>.  This parameter
     
    67086779</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code>
    67096780</em></span>
    6710 </p></dd></dl></div></div><div class="section" title="winbind trusted domains only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339519"></a>
     6781</p></dd></dl></div></div><div class="section" title="winbind trusted domains only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339745"></a>
    67116782
    67126783winbind trusted domains only (G)
    6713 </h3></div></div></div><a class="indexterm" name="id339520"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6784</h3></div></div></div><a class="indexterm" name="id339746"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    67146785        This parameter is designed to allow Samba servers that are members
    67156786        of a Samba controlled domain to use UNIX accounts distributed via NIS,
     
    67226793        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code>
    67236794</em></span>
    6724 </p></dd></dl></div></div><div class="section" title="winbind use default domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339580"></a>
     6795</p></dd></dl></div></div><div class="section" title="winbind use default domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339807"></a>
    67256796
    67266797winbind use default domain (G)
    6727 </h3></div></div></div><a class="indexterm" name="id339582"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
     6798</h3></div></div></div><a class="indexterm" name="id339808"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the
    67286799         <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users 
    67296800        without domain component in their username. Users without a domain
     
    67386809</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code>
    67396810</em></span>
    6740 </p></dd></dl></div></div><div class="section" title="wins hook (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339655"></a>
     6811</p></dd></dl></div></div><div class="section" title="wins hook (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339881"></a>
    67416812
    67426813wins hook (G)
    6743 </h3></div></div></div><a class="indexterm" name="id339656"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
     6814</h3></div></div></div><a class="indexterm" name="id339882"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this
    67446815        allows you to call an external program for all changes to the
    67456816        WINS database. The primary use for this option is to allow the
     
    67626833                        empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update
    67636834        program <code class="literal">nsupdate</code> is provided in the examples
    6764         directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="wins proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339749"></a>
     6835        directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="wins proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339976"></a>
    67656836
    67666837wins proxy (G)
    6767 </h3></div></div></div><a class="indexterm" name="id339750"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
     6838</h3></div></div></div><a class="indexterm" name="id339977"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name
    67686839        queries on behalf of  other hosts. You may need to set this
    67696840        to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code>
    67706841</em></span>
    6771 </p></dd></dl></div></div><div class="section" title="wins server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339803"></a>
     6842</p></dd></dl></div></div><div class="section" title="wins server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340029"></a>
    67726843
    67736844wins server (G)
    6774 </h3></div></div></div><a class="indexterm" name="id339804"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
     6845</h3></div></div></div><a class="indexterm" name="id340030"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP
    67756846        address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on
    67766847        your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a
     
    67916862</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code>
    67926863</em></span>
    6793 </p></dd></dl></div></div><div class="section" title="wins support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339905"></a>
     6864</p></dd></dl></div></div><div class="section" title="wins support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340132"></a>
    67946865
    67956866wins support (G)
    6796 </h3></div></div></div><a class="indexterm" name="id339906"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
     6867</h3></div></div></div><a class="indexterm" name="id340133"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should
    67976868        not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and
    67986869        you wish a particular <code class="literal">nmbd</code> to be your WINS server.
     
    68006871        on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code>
    68016872</em></span>
    6802 </p></dd></dl></div></div><div class="section" title="workgroup (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339972"></a>
     6873</p></dd></dl></div></div><div class="section" title="workgroup (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340198"></a>
    68036874
    68046875workgroup (G)
    6805 </h3></div></div></div><a class="indexterm" name="id339973"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
     6876</h3></div></div></div><a class="indexterm" name="id340199"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will
    68066877        appear to be in when queried by clients. Note that this parameter
    68076878        also controls the Domain name used with
     
    68116882</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code>
    68126883</em></span>
    6813 </p></dd></dl></div></div><div class="section" title="writable"><div class="titlepage"><div><div><h3 class="title"><a name="id340043"></a>
     6884</p></dd></dl></div></div><div class="section" title="writable"><div class="titlepage"><div><div><h3 class="title"><a name="id340269"></a>
    68146885
    68156886<a name="WRITABLE"></a>writable
    6816 </h3></div></div></div><a class="indexterm" name="id340044"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" title="writeable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340074"></a>
     6887</h3></div></div></div><a class="indexterm" name="id340270"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" title="writeable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340300"></a>
    68176888
    68186889writeable (S)
    6819 </h3></div></div></div><a class="indexterm" name="id340075"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
    6820 </em></span>
    6821 </p></dd></dl></div></div><div class="section" title="write cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340125"></a>
     6890</h3></div></div></div><a class="indexterm" name="id340301"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>
     6891</em></span>
     6892</p></dd></dl></div></div><div class="section" title="write cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340351"></a>
    68226893
    68236894write cache size (S)
    6824 </h3></div></div></div><a class="indexterm" name="id340126"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
     6895</h3></div></div></div><a class="indexterm" name="id340352"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,
    68256896    Samba will create an in-memory cache for each oplocked file
    68266897    (it does <span class="emphasis"><em>not</em></span> do this for
     
    68406911#  for a 256k cache size per file</code>
    68416912</em></span>
    6842 </p></dd></dl></div></div><div class="section" title="write list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340199"></a>
     6913</p></dd></dl></div></div><div class="section" title="write list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340425"></a>
    68436914
    68446915write list (S)
    6845 </h3></div></div></div><a class="indexterm" name="id340200"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6916</h3></div></div></div><a class="indexterm" name="id340426"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>
    68466917    This is a list of users that are given read-write access to a service. If the
    68476918    connecting user is in this list then they will be given write access, no matter
     
    68586929</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code>
    68596930</em></span>
    6860 </p></dd></dl></div></div><div class="section" title="write raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340287"></a>
     6931</p></dd></dl></div></div><div class="section" title="write raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340514"></a>
    68616932
    68626933write raw (G)
    6863 </h3></div></div></div><a class="indexterm" name="id340288"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
     6934</h3></div></div></div><a class="indexterm" name="id340515"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server
    68646935    will support raw write SMB's when transferring data from clients.
    68656936    You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code>
    68666937</em></span>
    6867 </p></dd></dl></div></div><div class="section" title="wtmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340330"></a>
     6938</p></dd></dl></div></div><div class="section" title="wtmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340556"></a>
    68686939
    68696940wtmp directory (G)
    6870 </h3></div></div></div><a class="indexterm" name="id340331"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
     6941</h3></div></div></div><a class="indexterm" name="id340557"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>
    68716942        This parameter is only available if Samba has been configured and compiled with the option <code class="literal">
    68726943        --with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on
     
    68806951</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = <code class="literal">/var/log/wtmp</code>
    68816952</em></span>
    6882 </p></dd></dl></div></div></div></div><div class="refsect1" title="WARNINGS"><a name="id340408"></a><h2>WARNINGS</h2><p>
     6953</p></dd></dl></div></div></div></div><div class="refsect1" title="WARNINGS"><a name="id340634"></a><h2>WARNINGS</h2><p>
    68836954        Although the configuration file permits service names to contain spaces, your client software may not.
    68846955        Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
     
    68936964        care when designing these sections. In particular, ensure that the permissions on spool directories are
    68946965        correct.
    6895         </p></div><div class="refsect1" title="VERSION"><a name="id340451"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id340462"></a><h2>SEE ALSO</h2><p>
    6896         <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id340541"></a><h2>AUTHOR</h2><p>
     6966        </p></div><div class="refsect1" title="VERSION"><a name="id340677"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id340688"></a><h2>SEE ALSO</h2><p>
     6967        <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id340767"></a><h2>AUTHOR</h2><p>
    68976968        The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
    68986969        by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

  • trunk/server/docs/htmldocs/manpages/smbcacls.1.html

    r745 r752  
    1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcacls</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smbcacls"><a name="smbcacls.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smbcacls &#8212; Set or get ACLs on an NT file or directory names</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">smbcacls</code> {//server/share} {filename} [-D|--delete acls] [-M|--modify acls] [-a|--add acls] [-S|--set acls] [-C|--chown name] [-G|--chgrp name] [-I allow|romove|copy] [--numeric] [-t] [-U username] [-h] [-d]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id265699"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">smbcacls</code> program manipulates NT Access Control
     1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcacls</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smbcacls"><a name="smbcacls.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smbcacls &#8212; Set or get ACLs on an NT file or directory names</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">smbcacls</code> {//server/share} {/filename} [-D|--delete acls] [-M|--modify acls] [-a|--add acls] [-S|--set acls] [-C|--chown name] [-G|--chgrp name] [-I allow|romove|copy] [--numeric] [-t] [-U username] [-h] [-d]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id265699"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">smbcacls</code> program manipulates NT Access Control
    22        Lists (ACLs) on SMB file shares. </p></div><div class="refsect1" title="OPTIONS"><a name="id265727"></a><h2>OPTIONS</h2><p>The following options are available to the <code class="literal">smbcacls</code> program. 
    33        The format of ACLs is described in the section ACL FORMAT </p><div class="variablelist"><dl><dt><span class="term">-a|--add acls</span></dt><dd><p>Add the ACLs specified to the ACL list.  Existing

  • trunk/server/docs/htmldocs/manpages/smbclient.1.html

    r745 r752  
    118118                encrypted. This is new for Samba 3.2 and will only work with Samba
    119119                3.2 or above servers. Negotiates SMB encryption using GSSAPI. Uses
    120                 the given credentials for the encryption negotiaion (either kerberos
     120                the given credentials for the encryption negotiation (either kerberos
    121121                or NTLMv1/v2 if given domain/username/password triple. Fails the
    122122                connection if encryption cannot be negotiated.
     
    251251                as the component separator) or as UNIX path names (with '/' as
    252252                the component separator). </p><p><span class="emphasis"><em>Examples</em></span></p><p>Restore from tar file <code class="filename">backup.tar</code> into myshare on mypc
    253                 (no password on share). </p><p><code class="literal">smbclient //mypc/yshare "" -N -Tx backup.tar
     253                (no password on share). </p><p><code class="literal">smbclient //mypc/myshare "" -N -Tx backup.tar
    254254                </code></p><p>Restore everything except <code class="filename">users/docs</code>
    255255                </p><p><code class="literal">smbclient //mypc/myshare "" -N -TXx backup.tar
     
    322322                directory on the server. </p></dd><dt><span class="term">dir &lt;mask&gt;</span></dt><dd><p>A list of the files matching <em class="replaceable"><code>mask</code></em> in the current
    323323                working directory on the server will be retrieved from the server
    324                 and displayed. </p></dd><dt><span class="term">du &lt;filename&gt;</span></dt><dd><p>Does a directory listing and then prints out the current disk useage and free space on a share.
     324                and displayed. </p></dd><dt><span class="term">du &lt;filename&gt;</span></dt><dd><p>Does a directory listing and then prints out the current disk usage and free space on a share.
    325325                </p></dd><dt><span class="term">echo &lt;number&gt; &lt;data&gt;</span></dt><dd><p>Does an SMBecho request to ping the server. Used for internal Samba testing purposes.
    326326                </p></dd><dt><span class="term">exit</span></dt><dd><p>Terminate the connection with the server and exit

  • trunk/server/docs/htmldocs/manpages/smbcontrol.1.html

    r745 r752  
    5959            specified.</p></dd></dl></div><p>
    6060        Note that this message only sends notification that an
    61         event has occured.  It doesn't actually cause the
     61        event has occurred.  It doesn't actually cause the
    6262        event to happen.
    6363        </p><p>This message can only be sent to <code class="constant">smbd</code>. </p></dd><dt><span class="term">samsync</span></dt><dd><p>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <code class="constant">smbd</code>. </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Not working at the moment</p></div></dd><dt><span class="term">samrepl</span></dt><dd><p>Send sam replication message, with specified serial. Can only be sent to <code class="constant">smbd</code>. Should not be used manually.</p></dd><dt><span class="term">dmalloc-mark</span></dt><dd><p>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </p></dd><dt><span class="term">dmalloc-log-changed</span></dt><dd><p>

  • trunk/server/docs/htmldocs/manpages/smbcquotas.1.html

    r745 r752  
    6565via the <code class="literal">ps</code> command.  To be safe always allow
    6666<code class="literal">rpcclient</code> to prompt for a password and type
    67 it in directly. </p></dd></dl></div></div><div class="refsect1" title="QUOTA_SET_COMAND"><a name="id307223"></a><h2>QUOTA_SET_COMAND</h2><p>The format of an the QUOTA_SET_COMMAND is an operation
     67it in directly. </p></dd></dl></div></div><div class="refsect1" title="QUOTA_SET_COMMAND"><a name="id307223"></a><h2>QUOTA_SET_COMMAND</h2><p>The format of an the QUOTA_SET_COMMAND is an operation
    6868        name followed by a set of parameters specific to that operation.
    6969        </p><p>To set user quotas for the user specified by -u or for the

  • trunk/server/docs/htmldocs/manpages/smbd.8.html

    r745 r752  
    110110        password), for account checking (is this account disabled?) and for
    111111        session management.  The degree too which samba supports PAM is restricted
    112         by the limitations of the SMB protocol and the <a class="link" href="smb.conf.5.html#OBEYPAMRESTRICTIONS" target="_top">obey pam restrictions</a> <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> paramater.  When this is set, the following restrictions apply:
     112        by the limitations of the SMB protocol and the <a class="link" href="smb.conf.5.html#OBEYPAMRESTRICTIONS" target="_top">obey pam restrictions</a> <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> parameter.  When this is set, the following restrictions apply:
    113113        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><span class="emphasis"><em>Account Validation</em></span>:  All accesses to a
    114114        samba server are checked
    115         against PAM to see if the account is vaild, not disabled and is permitted to
     115        against PAM to see if the account is valid, not disabled and is permitted to
    116116        login at this time.  This also applies to encrypted logins.
    117117        </p></li><li class="listitem"><p><span class="emphasis"><em>Session Management</em></span>:  When not using share
    118         level secuirty, users must pass PAM's session checks before access
    119         is granted.  Note however, that this is bypassed in share level secuirty. 
     118        level security, users must pass PAM's session checks before access
     119        is granted.  Note however, that this is bypassed in share level security.
    120120        Note also that some older pam configuration files may need a line
    121121        added for session support.

  • trunk/server/docs/htmldocs/manpages/smbta-util.8.html

    r745 r752  
    11<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbta-util</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smbta-util"><a name="smbta-util.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smbta-util &#8212; control encryption in VFS smb_traffic_analyzer</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">smbta-util</code></p></div><div class="cmdsynopsis"><p><code class="literal">smbta-util</code> [
    2                 <em class="replaceable"><code>COMMANDS</code></em>
     2                <em class="replaceable"><code>OPTIONS</code></em>
    33                ...]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id266361"></a><h2>DESCRIPTION</h2><p>This tool is part of the
    4         <a class="citerefentry" href="samba.1.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(1)</span></a> suite.</p><p><code class="literal">smbta-util</code> is a tool to ease the
     4        <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p><code class="literal">smbta-util</code> is a tool to ease the
    55        configuration of the vfs_smb_traffic_analyzer module regarding
    66        data encryption.</p><p>The user can generate a key, install a key (activating
     
    88        Any operation that installs a key will create a File containing
    99        the key. This file can be used by smbta-tool on other machines
    10         to install the same key from the file.</p></div><div class="refsect1" title="COMMANDS"><a name="id266850"></a><h2>COMMANDS</h2><div class="variablelist"><dl><dt><span class="term"><code class="option">-h</code></span></dt><dd><p>Show a short help text on the command line.
     10        to install the same key from the file.</p></div><div class="refsect1" title="OPTIONS"><a name="id266850"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term"><code class="option">-h</code></span></dt><dd><p>Show a short help text on the command line.
    1111                </p></dd><dt><span class="term"><code class="option">-f</code>
    1212                <em class="replaceable"><code>KEYFILE</code></em></span></dt><dd><p>Open an existing keyfile, read the key from
     
    1919                </p></dd><dt><span class="term"><code class="option">-c</code>
    2020                <em class="replaceable"><code>KEYFILE</code></em></span></dt><dd><p>Create a KEYFILE from an installed key.
    21                 </p></dd></dl></div></div><div class="refsect1" title="VERSION"><a name="id265741"></a><h2>VERSION</h2><p>This man page is correct for version 3.4 of the Samba suite.</p></div><div class="refsect1" title="AUTHOR"><a name="id265751"></a><h2>AUTHOR</h2><p> The original version of smbta-util was created by Holger Hetterich.
     21                </p></dd></dl></div></div><div class="refsect1" title="VERSION"><a name="id265741"></a><h2>VERSION</h2><p>This man page is correct for version 3.6 of the Samba suite.</p></div><div class="refsect1" title="AUTHOR"><a name="id265751"></a><h2>AUTHOR</h2><p> The original version of smbta-util was created by Holger Hetterich.
    2222        </p><p> The original Samba software and related utilities were
    2323        created by Andrew Tridgell.  Samba is now developed by the

  • trunk/server/docs/htmldocs/manpages/tdbbackup.8.html

    r745 r752  
    66                Get help information.
    77                </p></dd><dt><span class="term">-s suffix</span></dt><dd><p>
    8                 The <code class="literal">-s</code> option allows the adminisistrator to specify a file
     8                The <code class="literal">-s</code> option allows the administrator to specify a file
    99                backup extension. This way it is possible to keep a history of tdb backup
    1010                files by using a new suffix for each backup.
    1111                </p></dd><dt><span class="term">-v</span></dt><dd><p>
    12                 The <code class="literal">-v</code> will check the database for damages (currupt data)
     12                The <code class="literal">-v</code> will check the database for damages (corrupt data)
    1313                which if detected causes the backup to be restored.
    1414                </p></dd></dl></div></div><div class="refsect1" title="COMMANDS"><a name="id265701"></a><h2>COMMANDS</h2><p><span class="emphasis"><em>GENERAL INFORMATION</em></span></p><p>

  • trunk/server/docs/htmldocs/manpages/testparm.1.html

    r745 r752  
    2323                is limited by default to the global section.
    2424
    25                 It is also possible to dump a parametrical option.  Therfore
     25                It is also possible to dump a parametrical option.  Therefore
    2626                the option has to be separated by a colon from the
    2727                parametername.

  • trunk/server/docs/htmldocs/manpages/vfs_acl_tdb.8.html

    r745 r752  
    77        The ACL settings are stored in
    88        <code class="filename">$LOCKDIR/file_ntacls.tdb</code>.
    9         </p><p>Please note that this module is
    10         <span class="emphasis"><em>experimental</em></span>!
    11         </p><p>This module is stackable.</p></div><div class="refsect1" title="OPTIONS"><a name="id266845"></a><h2>OPTIONS</h2><p>
    12         There are no options for <code class="literal">vfs_acl_tdb</code>.
    13         </p></div><div class="refsect1" title="AUTHOR"><a name="id266861"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     9        </p><p>This module is stackable.</p></div><div class="refsect1" title="OPTIONS"><a name="id266837"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">acl_tdb:ignore system acls = [yes|no]</span></dt><dd><p>
     10                When set to <span class="emphasis"><em>yes</em></span>, a best effort mapping
     11                from/to the POSIX ACL layer will <span class="emphasis"><em>not</em></span> be
     12                done by this module. The default is <span class="emphasis"><em>no</em></span>,
     13                which means that Samba keeps setting and evaluating both the
     14                system ACLs and the NT ACLs. This is better if you need your
     15                system ACLs be set for local or NFS file access, too. If you only
     16                access the data via Samba you might set this to yes to achieve
     17                better NT ACL compatibility.
     18                </p></dd></dl></div></div><div class="refsect1" title="AUTHOR"><a name="id266876"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    1419        were created by Andrew Tridgell. Samba is now developed
    1520        by the Samba Team as an Open Source project similar

  • trunk/server/docs/htmldocs/manpages/vfs_acl_xattr.8.html

    r745 r752  
    1111        (e.g. <code class="literal">getfattr -n security.NTACL <code class="filename">filename</code>
    1212        </code>).
    13         </p><p>Please note that this module is
    14         <span class="emphasis"><em>experimental</em></span>!
    15         </p><p>This module is stackable.</p></div><div class="refsect1" title="OPTIONS"><a name="id266870"></a><h2>OPTIONS</h2><p>
    16         There are no options for <code class="literal">vfs_acl_xattr</code>.
    17         </p></div><div class="refsect1" title="AUTHOR"><a name="id266886"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     13        </p><p>This module is stackable.</p></div><div class="refsect1" title="OPTIONS"><a name="id266863"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">acl_xattr:ignore system acls = [yes|no]</span></dt><dd><p>
     14                When set to <span class="emphasis"><em>yes</em></span>, a best effort mapping
     15                from/to the POSIX ACL layer will <span class="emphasis"><em>not</em></span> be
     16                done by this module. The default is <span class="emphasis"><em>no</em></span>,
     17                which means that Samba keeps setting and evaluating both the
     18                system ACLs and the NT ACLs. This is better if you need your
     19                system ACLs be set for local or NFS file access, too. If you only
     20                access the data via Samba you might set this to yes to achieve
     21                better NT ACL compatibility.
     22                </p></dd></dl></div></div><div class="refsect1" title="AUTHOR"><a name="id265697"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    1823        were created by Andrew Tridgell. Samba is now developed
    1924        by the Samba Team as an Open Source project similar

  • trunk/server/docs/htmldocs/manpages/vfs_gpfs.8.html

    r745 r752  
    8787                by the underlying filesystem. This parameter should be enabled with
    8888                care as it might leave your system insecure.</p><p>Some filesystems allow chown as a) giving b) stealing. It is the latter
    89                 that is considered a risk.</p><p>Following is the behaviour of Samba for different values : </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">yes</code> - Enable chown if as supported by the under filesystem</p></li><li class="listitem"><p><code class="literal">no (default)</code> - Disable chown</p></li></ul></div></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id307172"></a><h2>EXAMPLES</h2><p>A GPFS mount can be exported via Samba as follows :</p><pre class="programlisting">
     89                that is considered a risk.</p><p>Following is the behaviour of Samba for different values : </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">yes</code> - Enable chown if as supported by the under filesystem</p></li><li class="listitem"><p><code class="literal">no (default)</code> - Disable chown</p></li></ul></div></dd><dt><span class="term">gpfs:syncio = [yes|no]</span></dt><dd><p>This parameter makes Samba open all files with O_SYNC.
     90                  This triggers optimizations in GPFS for workloads that
     91                  heavily share files.</p><p>Following is the behaviour of Samba for different
     92                  values:
     93                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">yes</code>Open files with O_SYNC
     94                </p></li><li class="listitem"><p><code class="literal">no (default)</code>Open files as
     95                    normal Samba would do
     96                </p></li></ul></div></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id307209"></a><h2>EXAMPLES</h2><p>A GPFS mount can be exported via Samba as follows :</p><pre class="programlisting">
    9097        <em class="parameter"><code>[samba_gpfs_share]</code></em>
    9198        <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = gpfs</a>
     
    93100        <a class="link" href="smb.conf.5.html#NFS4:MODE" target="_top">nfs4: mode = special</a>
    94101        <a class="link" href="smb.conf.5.html#NFS4:ACEDUP" target="_top">nfs4: acedup = merge</a>
    95 </pre></div><div class="refsect1" title="CAVEATS"><a name="id307325"></a><h2>CAVEATS</h2><p>
     102</pre></div><div class="refsect1" title="CAVEATS"><a name="id307362"></a><h2>CAVEATS</h2><p>
    96103        Depending on the version of gpfs, the <code class="literal">libgpfs_gpl</code>
    97104        library or the <code class="literal">libgpfs</code> library is needed at
     
    106113        is required , which is a symlink to <code class="literal">gpfs.h</code> in
    107114        gpfs versions newer than 3.2.1 PTF8.
    108         </p></div><div class="refsect1" title="VERSION"><a name="id307379"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
    109         </p></div><div class="refsect1" title="AUTHOR"><a name="id307389"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     115        </p></div><div class="refsect1" title="VERSION"><a name="id307417"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
     116        </p></div><div class="refsect1" title="AUTHOR"><a name="id307426"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    110117        were created by Andrew Tridgell. Samba is now developed
    111118        by the Samba Team as an Open Source project similar

  • trunk/server/docs/htmldocs/manpages/vfs_readonly.8.html

    r745 r752  
    33        as read only for all clients connecting within the configured
    44        time period. Clients connecting during this time will be denied
    5         write access to all files in the share, irrespective of ther
     5        write access to all files in the share, irrespective of their
    66        actual access privileges.</p><p>This module is stackable.</p></div><div class="refsect1" title="OPTIONS"><a name="id266829"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">readonly:period = BEGIN, END</span></dt><dd><p>Only mark the share as read only if the client
    77                connection was made between the times marked by the

  • trunk/server/docs/htmldocs/manpages/vfs_shadow_copy2.8.html

    r745 r752  
    5353        <em class="parameter"><code>[homes]</code></em>
    5454        <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = shadow_copy2</a>
    55         <a class="link" href="smb.conf.5.html#SHADOW:SNAPDIR" target="_top">shadow:snapdir = /data/snaphots</a>
     55        <a class="link" href="smb.conf.5.html#SHADOW:SNAPDIR" target="_top">shadow:snapdir = /data/snapshots</a>
    5656        <a class="link" href="smb.conf.5.html#SHADOW:BASEDIR" target="_top">shadow:basedir = /data/home</a>
    5757        <a class="link" href="smb.conf.5.html#SHADOW:SORT" target="_top">shadow:sort = desc</a>

  • trunk/server/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html

    r745 r752  
    1616        several drawbacks. The protocol version 2 is a try to solve the
    1717        problems version 1 had while at the same time adding new features.
     18        With the release of Samba 3.6.0, the module will run protocol version 2
     19        by default.
    1820        </p></div><div class="refsect1" title="Protocol version 1 documentation"><a name="id266829"></a><h2>Protocol version 1 documentation</h2><p><code class="literal">vfs_smb_traffic_analyzer</code> protocol version 1 is aware
    1921                of the following VFS operations:</p><table border="0" summary="Simple list" class="simplelist"><tr><td>write</td></tr><tr><td>pwrite</td></tr><tr><td>read</td></tr><tr><td>pread</td></tr></table><p><code class="literal">vfs_smb_traffic_analyzer</code> sends the following data
    20         in a fixed format seperated by a comma through either an internet or a
     22        in a fixed format separated by a comma through either an internet or a
    2123        unix domain socket:</p><pre class="programlisting">
    2224        BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
    2325        </pre><p>Description of the records:
    2426
    25         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">BYTES</code> - the length in bytes of the VFS operation</p></li><li class="listitem"><p><code class="literal">USER</code> - the user who initiated the operation</p></li><li class="listitem"><p><code class="literal">DOMAIN</code> - the domain of the user</p></li><li class="listitem"><p><code class="literal">READ/WRITE</code> - either "W" for a write operation or "R" for read</p></li><li class="listitem"><p><code class="literal">SHARE</code> - the name of the share on which the VFS operation occured</p></li><li class="listitem"><p><code class="literal">FILENAME</code> - the name of the file that was used by the VFS operation</p></li><li class="listitem"><p><code class="literal">TIMESTAMP</code> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured</p></li></ul></div><p>
     27        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">BYTES</code> - the length in bytes of the VFS operation</p></li><li class="listitem"><p><code class="literal">USER</code> - the user who initiated the operation</p></li><li class="listitem"><p><code class="literal">DOMAIN</code> - the domain of the user</p></li><li class="listitem"><p><code class="literal">READ/WRITE</code> - either "W" for a write operation or "R" for read</p></li><li class="listitem"><p><code class="literal">SHARE</code> - the name of the share on which the VFS operation occurred</p></li><li class="listitem"><p><code class="literal">FILENAME</code> - the name of the file that was used by the VFS operation</p></li><li class="listitem"><p><code class="literal">TIMESTAMP</code> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occurred</p></li><li class="listitem"><p><code class="literal">IP</code> - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.</p></li></ul></div><p>
    2628
    27         </p><p>This module is stackable.</p></div><div class="refsect1" title="Drawbacks of protocol version 1"><a name="id265752"></a><h2>Drawbacks of protocol version 1</h2><p>Several drawbacks have been seen with protocol version 1 over time.</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
     29        </p><p>This module is stackable.</p></div><div class="refsect1" title="Drawbacks of protocol version 1"><a name="id265760"></a><h2>Drawbacks of protocol version 1</h2><p>Several drawbacks have been seen with protocol version 1 over time.</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
    2830                        <code class="literal">Problematic parsing - </code>
    2931                        Protocol version 1 uses hyphen and comma to seperate blocks of data. Once there is a
     
    4042                        Protocol version 1 is fixed on it's version, making it unable to introduce new
    4143                        features or bugfixes through compatible sub-releases.
    42                 </p></li></ul></div></div><div class="refsect1" title="Version 2 of the protocol"><a name="id265817"></a><h2>Version 2 of the protocol</h2><p>Protocol version 2 is an approach to solve the problems introduced with protcol v1.
     44                </p></li></ul></div></div><div class="refsect1" title="Version 2 of the protocol"><a name="id265826"></a><h2>Version 2 of the protocol</h2><p>Protocol version 2 is an approach to solve the problems introduced with protcol v1.
    4345        From the users perspective, the following changes are most prominent among other enhancements:
    4446        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
     
    5052                the receiver may run with a different sub-release number than the module. However, as
    5153                long as both run on the V2.x protocol, the receiver will not crash, even if the module
    52                 uses features only implemented in the newer subrelease. Ultimativly, if the module uses
     54                uses features only implemented in the newer subrelease. If the module uses
    5355                a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
    5456                ignoring the functionality. Of course it is best to have both the receiver and the module
     
    6466                </p></li></ul></div><p>
    6567                To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS).
    66         </p></div><div class="refsect1" title="OPTIONS with protocol V1 and V2.x"><a name="id265873"></a><h2>OPTIONS with protocol V1 and V2.x</h2><div class="variablelist"><dl><dt><span class="term">smb_traffic_analyzer:mode = STRING</span></dt><dd><p>If STRING matches to "unix_domain_socket", the module will
     68        </p></div><div class="refsect1" title="OPTIONS with protocol V1 and V2.x"><a name="id265881"></a><h2>OPTIONS with protocol V1 and V2.x</h2><div class="variablelist"><dl><dt><span class="term">smb_traffic_analyzer:mode = STRING</span></dt><dd><p>If STRING matches to "unix_domain_socket", the module will
    6769                use a unix domain socket located at /var/tmp/stadsocket, if
    6870                STRING contains an different string or is not defined, the module will
     
    7981                will be mapped to a single user, leading to a total
    8082                anonymization of user related data. In version 2.x of the
    81                 protocol, the users SID will also be anonymized.</p></dd><dt><span class="term">smb_traffic_analyzer:protocol_version = STRING</span></dt><dd><p>If STRING matches to V1 or is not given at all, the module
    82                 will use version 1 of the protocol. If STRING matches to "V2"
    83                 the module will use version 2 of the protocol.
    84                 </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id265974"></a><h2>EXAMPLES</h2><p>Running protocol V2 on share "example_share", using an internet socket.</p><pre class="programlisting">
     83                protocol, the users SID will also be anonymized.</p></dd><dt><span class="term">smb_traffic_analyzer:protocol_version = STRING</span></dt><dd><p>If STRING matches to V1, the module will use version 1 of the
     84                protocol. If STRING is not given, the module will use version 2 of the
     85                protocol, which is the default.
     86                </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id265980"></a><h2>EXAMPLES</h2><p>Running protocol V2 on share "example_share", using an internet socket.</p><pre class="programlisting">
    8587        <em class="parameter"><code>[example_share]</code></em>
    8688        <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a>
    8789        <a class="link" href="smb.conf.5.html#VFS_OBJECTS" target="_top">vfs_objects = smb_traffic_analyzer</a>
    88         <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:PROTOCOL_VERSION" target="_top">smb_traffic_analyzer:protocol_version = V2</a>
    8990        <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:HOST" target="_top">smb_traffic_analyzer:host = examplehost</a>
    9091        <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:PORT" target="_top">smb_traffic_analyzer:port = 3491</a>

  • trunk/server/docs/htmldocs/manpages/wbinfo.1.html

    r745 r752  
    100100                </p></dd><dt><span class="term">-U|--uid-to-sid <em class="replaceable"><code>uid</code></em></span></dt><dd><p>Try to convert a UNIX user id to a Windows NT
    101101                SID.  If the uid specified does not refer to one within
    102                 the idmap uid range then the operation will fail. </p></dd><dt><span class="term">--verbose</span></dt><dd><p>
     102                the idmap range then the operation will fail. </p></dd><dt><span class="term">--verbose</span></dt><dd><p>
    103103                Print additional information about the query results.
    104104                </p></dd><dt><span class="term">-Y|--sid-to-gid <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Convert a SID to a UNIX group id.  If the SID

  • trunk/server/docs/htmldocs/manpages/winbindd.8.html

    r745 r752  
    66        service to <code class="literal">smbd</code>, <code class="literal">ntlm_auth</code>
    77        and the <code class="literal">pam_winbind.so</code> PAM module, by managing connections to
    8         domain controllers.  In this configuraiton the
    9         <a class="link" href="smb.conf.5.html#IDMAPUID" target="_top">idmap uid</a> and
    10         <a class="link" href="smb.conf.5.html#IDMAPGID" target="_top">idmap gid</a>
    11         parameters are not required. (This is known as `netlogon proxy only mode'.)</p><p> The Name Service Switch allows user
     8        domain controllers.  In this configuration the
     9        <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:RANGE" target="_top">idmap config * : range</a>
     10        parameter is not required. (This is known as `netlogon proxy only mode'.)</p><p> The Name Service Switch allows user
    1211        and system information to be obtained from different databases
    1312        services such as NIS or DNS.  The exact behaviour can be configured
     
    5655        WINS server.</p><pre class="programlisting">
    5756hosts:          files wins
    58 </pre></div><div class="refsect1" title="OPTIONS"><a name="id307077"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-D</span></dt><dd><p>If specified, this parameter causes
     57</pre></div><div class="refsect1" title="OPTIONS"><a name="id307067"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-D</span></dt><dd><p>If specified, this parameter causes
    5958                the server to operate as a daemon. That is, it detaches
    6059                itself and runs in the background on the appropriate port.
     
    114113                default behavior is to launch a child process that is responsible for
    115114                updating expired cache entries.
    116                 </p></dd></dl></div></div><div class="refsect1" title="NAME AND ID RESOLUTION"><a name="id307316"></a><h2>NAME AND ID RESOLUTION</h2><p>Users and groups on a Windows NT server are assigned
     115                </p></dd></dl></div></div><div class="refsect1" title="NAME AND ID RESOLUTION"><a name="id307306"></a><h2>NAME AND ID RESOLUTION</h2><p>Users and groups on a Windows NT server are assigned
    117116        a security id (SID) which is globally unique when the
    118117        user or group is created.  To convert the Windows NT user or group
     
    128127        store is deleted or corrupted, there is no way for winbindd to
    129128        determine which user and group ids correspond to Windows NT user
    130         and group rids. </p></div><div class="refsect1" title="CONFIGURATION"><a name="id307345"></a><h2>CONFIGURATION</h2><p>Configuration of the <code class="literal">winbindd</code> daemon
     129        and group rids. </p></div><div class="refsect1" title="CONFIGURATION"><a name="id307336"></a><h2>CONFIGURATION</h2><p>Configuration of the <code class="literal">winbindd</code> daemon
    131130        is done through configuration parameters in the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.  All parameters should be specified in the
    132131        [global] section of smb.conf. </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
    133132                <a class="link" href="smb.conf.5.html#WINBINDSEPARATOR" target="_top">winbind separator</a></p></li><li class="listitem"><p>
    134                 <a class="link" href="smb.conf.5.html#IDMAPUID" target="_top">idmap uid</a></p></li><li class="listitem"><p>
    135                 <a class="link" href="smb.conf.5.html#IDMAPGID" target="_top">idmap gid</a></p></li><li class="listitem"><p>
    136                 <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a></p></li><li class="listitem"><p>
     133                <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:RANGE" target="_top">idmap config * : range</a></p></li><li class="listitem"><p>
     134                <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:BACKEND" target="_top">idmap config * : backend</a></p></li><li class="listitem"><p>
    137135                <a class="link" href="smb.conf.5.html#WINBINDCACHETIME" target="_top">winbind cache time</a></p></li><li class="listitem"><p>
    138136                <a class="link" href="smb.conf.5.html#WINBINDENUMUSERS" target="_top">winbind enum users</a></p></li><li class="listitem"><p>
     
    145143                instead of LDAP to retrieve information from Domain
    146144                Controllers.
    147                 </p></li></ul></div></div><div class="refsect1" title="EXAMPLE SETUP"><a name="id307490"></a><h2>EXAMPLE SETUP</h2><p>
     145                </p></li></ul></div></div><div class="refsect1" title="EXAMPLE SETUP"><a name="id307470"></a><h2>EXAMPLE SETUP</h2><p>
    148146        To setup winbindd for user and group lookups plus
    149147        authentication from a domain controller use something like the
     
    186184        template shell = /bin/bash
    187185        template homedir = /home/%D/%U
    188         idmap uid = 10000-20000
    189         idmap gid = 10000-20000
     186        idmap config * : range = 10000-20000
    190187        workgroup = DOMAIN
    191188        security = domain
     
    196193        the DOMAIN+user syntax for the username. You may wish to use the
    197194        commands <code class="literal">getent passwd</code> and <code class="literal">getent group
    198         </code> to confirm the correct operation of winbindd.</p></div><div class="refsect1" title="NOTES"><a name="id307662"></a><h2>NOTES</h2><p>The following notes are useful when configuring and
     195        </code> to confirm the correct operation of winbindd.</p></div><div class="refsect1" title="NOTES"><a name="id307642"></a><h2>NOTES</h2><p>The following notes are useful when configuring and
    199196        running <code class="literal">winbindd</code>: </p><p><a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> must be running on the local machine
    200197        for <code class="literal">winbindd</code> to work. </p><p>PAM is really easy to misconfigure.  Make sure you know what
     
    203200        then in general the user and groups ids allocated by winbindd will not
    204201        be the same.  The user and group ids will only be valid for the local
    205         machine, unless a shared <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a> is configured.</p><p>If the the Windows NT SID to UNIX user and group id mapping
    206         file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" title="SIGNALS"><a name="id307718"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the
     202        machine, unless a shared <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:BACKEND" target="_top">idmap config * : backend</a> is configured.</p><p>If the the Windows NT SID to UNIX user and group id mapping
     203        file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" title="SIGNALS"><a name="id307698"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the
    207204        <code class="literal">winbindd</code> daemon. </p><div class="variablelist"><dl><dt><span class="term">SIGHUP</span></dt><dd><p>Reload the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file and
    208205                apply any parameter changes to the running
     
    212209                winbindd</code> to write status information to the winbind
    213210                log file.</p><p>Log files are stored in the filename specified by the
    214                 log file parameter.</p></dd></dl></div></div><div class="refsect1" title="FILES"><a name="id307776"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with
     211                log file parameter.</p></dd></dl></div></div><div class="refsect1" title="FILES"><a name="id307756"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with
    215212                the <code class="literal">winbindd</code> program.  For security reasons, the
    216213                winbind client will only attempt to connect to the winbindd daemon
     
    233230                This directory is by default <code class="filename">/usr/local/samba/var/locks
    234231                </code>. </p></dd><dt><span class="term">$LOCKDIR/winbindd_cache.tdb</span></dt><dd><p>Storage for cached user and group information.
    235                 </p></dd></dl></div></div><div class="refsect1" title="VERSION"><a name="id307908"></a><h2>VERSION</h2><p>This man page is correct for version 3 of
    236         the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id307918"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a class="citerefentry" href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" title="AUTHOR"><a name="id307973"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     232                </p></dd></dl></div></div><div class="refsect1" title="VERSION"><a name="id307888"></a><h2>VERSION</h2><p>This man page is correct for version 3 of
     233        the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id307898"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a class="citerefentry" href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" title="AUTHOR"><a name="id307953"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    237234        were created by Andrew Tridgell. Samba is now developed
    238235        by the Samba Team as an Open Source project similar
Note: See TracChangeset for help on using the changeset viewer.