Changeset 752 for trunk/server/docs/htmldocs/manpages/smb.conf.5.html
- Timestamp:
- Nov 29, 2012, 2:06:31 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
docs/htmldocs/manpages/smb.conf.5.html (modified) (348 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 746,748
- Property svn:mergeinfo changed
-
trunk/server/docs/htmldocs/manpages/smb.conf.5.html
r745 r752 227 227 2003R2 (<code class="constant">Win2K3</code>), and Windows 228 228 Vista (<code class="constant">Vista</code>). Anything else will be known as 229 <code class="constant">UNKNOWN</code>.</p></dd><dt><span class="term">%I</span></dt><dd><p>the IP address of the client machine.</p></dd><dt><span class="term">%i</span></dt><dd><p>the local IP address to which a client connected.</p></dd><dt><span class="term">%T</span></dt><dd><p>the current date and time.</p></dd><dt><span class="term">%D</span></dt><dd><p>name of the domain or workgroup of the current user.</p></dd><dt><span class="term">%w</span></dt><dd><p>the winbind separator.</p></dd><dt><span class="term">%$(<em class="replaceable"><code>envvar</code></em>)</span></dt><dd><p>the value of the environment variable 229 <code class="constant">UNKNOWN</code>.</p></dd><dt><span class="term">%I</span></dt><dd><p>the IP address of the client machine.</p><p>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses, 230 now it only contains IPv4 or IPv6 addresses.</p></dd><dt><span class="term">%i</span></dt><dd><p>the local IP address to which a client connected.</p><p>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses, 231 now it only contains IPv4 or IPv6 addresses.</p></dd><dt><span class="term">%T</span></dt><dd><p>the current date and time.</p></dd><dt><span class="term">%D</span></dt><dd><p>name of the domain or workgroup of the current user.</p></dd><dt><span class="term">%w</span></dt><dd><p>the winbind separator.</p></dd><dt><span class="term">%$(<em class="replaceable"><code>envvar</code></em>)</span></dt><dd><p>the value of the environment variable 230 232 <em class="replaceable"><code>envar</code></em>.</p></dd></dl></div><p> 231 233 The following substitutes apply only to some configuration options (only those that are … … 307 309 If the service is a guest service, a connection is made as the username given in the <code class="literal">guest account 308 310 =</code> for the service, irrespective of the supplied password. 309 </p></li></ol></div></div><div class="refsect1" title="REGISTRY-BASED CONFIGURATION"><a name="id3081 28"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p>311 </p></li></ol></div></div><div class="refsect1" title="REGISTRY-BASED CONFIGURATION"><a name="id308136"></a><h2>REGISTRY-BASED CONFIGURATION</h2><p> 310 312 Starting with Samba version 3.2.0, the capability to 311 313 store Samba configuration in the registry is available. … … 362 364 accessing the database file, circumventing the 363 365 server. 364 </p></div><div class="refsect1" title="EXPLANATION OF EACH PARAMETER"><a name="id3082 81"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section"><div class="titlepage"></div><div class="section" title="abort shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308291"></a>366 </p></div><div class="refsect1" title="EXPLANATION OF EACH PARAMETER"><a name="id308290"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="section"><div class="titlepage"></div><div class="section" title="abort shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308299"></a> 365 367 366 368 abort shutdown script (G) 367 </h3></div></div></div><a class="indexterm" name="id308 292"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that369 </h3></div></div></div><a class="indexterm" name="id308300"></a><a name="ABORTSHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that 368 370 should stop a shutdown procedure issued by the <a class="link" href="smb.conf.5.html#SHUTDOWNSCRIPT" target="_top">shutdown script</a>.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>, 369 371 right, this command will be run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">""</code> … … 371 373 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = <code class="literal">/sbin/shutdown -c</code> 372 374 </em></span> 373 </p></dd></dl></div></div><div class="section" title="access based share enum (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3083 65"></a>375 </p></dd></dl></div></div><div class="section" title="access based share enum (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308374"></a> 374 376 375 377 access based share enum (S) 376 </h3></div></div></div><a class="indexterm" name="id3083 66"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a378 </h3></div></div></div><a class="indexterm" name="id308375"></a><a name="ACCESSBASEDSHAREENUM"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for a 377 379 service, then the share hosted by the service will only be visible 378 380 to users who have read or write access to the share during share … … 383 385 computing enumeration access rights.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>access based share enum</code></em> = <code class="literal">no</code> 384 386 </em></span> 385 </p></dd></dl></div></div><div class="section" title="acl check permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3084 09"></a>387 </p></dd></dl></div></div><div class="section" title="acl check permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308418"></a> 386 388 387 389 acl check permissions (S) 388 </h3></div></div></div><a class="indexterm" name="id30841 0"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete"390 </h3></div></div></div><a class="indexterm" name="id308419"></a><a name="ACLCHECKPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls what <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>does on receiving a protocol request of "open for delete" 389 391 from a Windows client. If a Windows client doesn't have permissions to delete a file then they 390 392 expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by … … 406 408 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl check permissions</code></em> = <code class="literal">True</code> 407 409 </em></span> 408 </p></dd></dl></div></div><div class="section" title="acl compatibility (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id30848 0"></a>410 </p></dd></dl></div></div><div class="section" title="acl compatibility (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308489"></a> 409 411 410 412 acl compatibility (G) 411 </h3></div></div></div><a class="indexterm" name="id3084 82"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should413 </h3></div></div></div><a class="indexterm" name="id308490"></a><a name="ACLCOMPATIBILITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies what OS ACL semantics should 412 414 be compatible with. Possible values are <span class="emphasis"><em>winnt</em></span> for Windows NT 4, 413 415 <span class="emphasis"><em>win2k</em></span> for Windows 2000 and above and <span class="emphasis"><em>auto</em></span>. … … 418 420 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>acl compatibility</code></em> = <code class="literal">win2k</code> 419 421 </em></span> 420 </p></dd></dl></div></div><div class="section" title="acl group control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3085 48"></a>422 </p></dd></dl></div></div><div class="section" title="acl group control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308557"></a> 421 423 422 424 acl group control (S) 423 </h3></div></div></div><a class="indexterm" name="id3085 49"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>425 </h3></div></div></div><a class="indexterm" name="id308558"></a><a name="ACLGROUPCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p> 424 426 In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions 425 427 and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the … … 448 450 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl group control</code></em> = <code class="literal">no</code> 449 451 </em></span> 450 </p></dd></dl></div></div><div class="section" title="acl map full control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3086 29"></a>452 </p></dd></dl></div></div><div class="section" title="acl map full control (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id308638"></a> 451 453 452 454 acl map full control (S) 453 </h3></div></div></div><a class="indexterm" name="id30863 0"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p>455 </h3></div></div></div><a class="indexterm" name="id308639"></a><a name="ACLMAPFULLCONTROL"></a><div class="variablelist"><dl><dt></dt><dd><p> 454 456 This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum 455 457 allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX … … 459 461 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>acl map full control</code></em> = <code class="literal">True</code> 460 462 </em></span> 461 </p></dd></dl></div></div><div class="section" title="add group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3086 77"></a>463 </p></dd></dl></div></div><div class="section" title="add group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308686"></a> 462 464 463 465 add group script (G) 464 </h3></div></div></div><a class="indexterm" name="id3086 78"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>466 </h3></div></div></div><a class="indexterm" name="id308687"></a><a name="ADDGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 465 467 This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a new group is requested. It 466 468 will expand any <em class="parameter"><code>%g</code></em> to the group name passed. This script is only useful … … 472 474 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add group script</code></em> = <code class="literal">/usr/sbin/groupadd %g</code> 473 475 </em></span> 474 </p></dd></dl></div></div><div class="section" title="add machine script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3087 48"></a>476 </p></dd></dl></div></div><div class="section" title="add machine script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308756"></a> 475 477 476 478 add machine script (G) 477 </h3></div></div></div><a class="indexterm" name="id3087 49"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>479 </h3></div></div></div><a class="indexterm" name="id308758"></a><a name="ADDMACHINESCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 478 480 This is the full pathname to a script that will be run by 479 481 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a machine is … … 486 488 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = <code class="literal">/usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u</code> 487 489 </em></span> 488 </p></dd></dl></div></div><div class="section" title="add port command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id30882 0"></a>490 </p></dd></dl></div></div><div class="section" title="add port command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308829"></a> 489 491 490 492 add port command (G) 491 </h3></div></div></div><a class="indexterm" name="id3088 21"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports493 </h3></div></div></div><a class="indexterm" name="id308830"></a><a name="ADDPORTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>Samba 3.0.23 introduced support for adding printer ports 492 494 remotely using the Windows "Add Standard TCP/IP Port Wizard". 493 495 This option defines an external program to be executed when … … 498 500 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add port command</code></em> = <code class="literal">/etc/samba/scripts/addport.sh</code> 499 501 </em></span> 500 </p></dd></dl></div></div><div class="section" title="addprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id 265681"></a>502 </p></dd></dl></div></div><div class="section" title="addprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id308910"></a> 501 503 502 504 addprinter command (G) 503 </h3></div></div></div><a class="indexterm" name="id 265682"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing505 </h3></div></div></div><a class="indexterm" name="id308911"></a><a name="ADDPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing 504 506 support for Windows NT/2000 clients in Samba 2.2, The MS Add 505 507 Printer Wizard (APW) icon is now also available in the … … 532 534 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>addprinter command</code></em> = <code class="literal">/usr/bin/addprinter</code> 533 535 </em></span> 534 </p></dd></dl></div></div><div class="section" title="add share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309 147"></a>536 </p></dd></dl></div></div><div class="section" title="add share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309085"></a> 535 537 536 538 add share command (G) 537 </h3></div></div></div><a class="indexterm" name="id309 148"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>539 </h3></div></div></div><a class="indexterm" name="id309086"></a><a name="ADDSHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 538 540 Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server 539 541 Manager. The <em class="parameter"><code>add share command</code></em> is used to define an external program … … 567 569 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add share command</code></em> = <code class="literal">/usr/local/bin/addshare</code> 568 570 </em></span> 569 </p></dd></dl></div></div><div class="section" title="add user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309 323"></a>571 </p></dd></dl></div></div><div class="section" title="add user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309261"></a> 570 572 571 573 add user script (G) 572 </h3></div></div></div><a class="indexterm" name="id309 324"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>574 </h3></div></div></div><a class="indexterm" name="id309262"></a><a name="ADDUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 573 575 This is the full pathname to a script that will be run <span class="emphasis"><em>AS ROOT</em></span> by 574 576 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> … … 605 607 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = <code class="literal">/usr/local/samba/bin/add_user %u</code> 606 608 </em></span> 607 </p></dd></dl></div></div><div class="section" title="add user to group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309 511"></a>609 </p></dd></dl></div></div><div class="section" title="add user to group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309450"></a> 608 610 609 611 add user to group script (G) 610 </h3></div></div></div><a class="indexterm" name="id309 512"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>612 </h3></div></div></div><a class="indexterm" name="id309451"></a><a name="ADDUSERTOGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 611 613 Full path to the script that will be called when a user is added to a group using the Windows NT domain administration 612 614 tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> … … 620 622 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add user to group script</code></em> = <code class="literal">/usr/sbin/adduser %u %g</code> 621 623 </em></span> 622 </p></dd></dl></div></div><div class="section" title="administrative share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3095 95"></a>624 </p></dd></dl></div></div><div class="section" title="administrative share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309533"></a> 623 625 624 626 administrative share (S) 625 </h3></div></div></div><a class="indexterm" name="id3095 96"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for627 </h3></div></div></div><a class="indexterm" name="id309534"></a><a name="ADMINISTRATIVESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is set to <code class="constant">yes</code> for 626 628 a share, then the share will be an administrative share. The Administrative 627 629 Shares are the default network shares created by all Windows NT-based … … 630 632 information about this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>administrative share</code></em> = <code class="literal">no</code> 631 633 </em></span> 632 </p></dd></dl></div></div><div class="section" title="admin users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309 648"></a>634 </p></dd></dl></div></div><div class="section" title="admin users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309586"></a> 633 635 634 636 admin users (S) 635 </h3></div></div></div><a class="indexterm" name="id309 649"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted637 </h3></div></div></div><a class="indexterm" name="id309587"></a><a name="ADMINUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users who will be granted 636 638 administrative privileges on the share. This means that they 637 639 will do all file operations as the super-user (root).</p><p>You should use this option very carefully, as any user in … … 642 644 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = <code class="literal">jason</code> 643 645 </em></span> 644 </p></dd></dl></div></div><div class="section" title="afs share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309 716"></a>646 </p></dd></dl></div></div><div class="section" title="afs share (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309654"></a> 645 647 646 648 afs share (S) 647 </h3></div></div></div><a class="indexterm" name="id309 717"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled649 </h3></div></div></div><a class="indexterm" name="id309655"></a><a name="AFSSHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether special AFS features are enabled 648 650 for this share. If enabled, it assumes that the directory exported via 649 651 the <em class="parameter"><code>path</code></em> parameter is a local AFS import. The … … 652 654 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>afs share</code></em> = <code class="literal">no</code> 653 655 </em></span> 654 </p></dd></dl></div></div><div class="section" title="afs username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309 760"></a>656 </p></dd></dl></div></div><div class="section" title="afs username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309699"></a> 655 657 656 658 afs username map (G) 657 </h3></div></div></div><a class="indexterm" name="id3097 62"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might659 </h3></div></div></div><a class="indexterm" name="id309700"></a><a name="AFSUSERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>If you are using the fake kaserver AFS feature, you might 658 660 want to hand-craft the usernames you are creating tokens for. 659 661 For example this is necessary if you have users from several domain … … 665 667 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>afs username map</code></em> = <code class="literal">%u@afs.samba.org</code> 666 668 </em></span> 667 </p></dd></dl></div></div><div class="section" title="aio read size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309 819"></a>669 </p></dd></dl></div></div><div class="section" title="aio read size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309757"></a> 668 670 669 671 aio read size (S) 670 </h3></div></div></div><a class="indexterm" name="id309 820"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this672 </h3></div></div></div><a class="indexterm" name="id309758"></a><a name="AIOREADSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this 671 673 integer parameter is set to non-zero value, 672 674 Samba will read from file asynchronously when size of request is bigger … … 679 681 request size</code> 680 682 </em></span> 681 </p></dd></dl></div></div><div class="section" title="aio write behind (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3098 97"></a>683 </p></dd></dl></div></div><div class="section" title="aio write behind (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309836"></a> 682 684 683 685 aio write behind (S) 684 </h3></div></div></div><a class="indexterm" name="id3098 98"></a><a name="AIOWRITEBEHIND"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support,686 </h3></div></div></div><a class="indexterm" name="id309837"></a><a name="AIOWRITEBEHIND"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support, 685 687 Samba will not wait until write requests are finished before returning 686 688 the result to the client for files listed in this parameter. … … 697 699 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>aio write behind</code></em> = <code class="literal">/*.tmp/</code> 698 700 </em></span> 699 </p></dd></dl></div></div><div class="section" title="aio write size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3099 68"></a>701 </p></dd></dl></div></div><div class="section" title="aio write size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id309902"></a> 700 702 701 703 aio write size (S) 702 </h3></div></div></div><a class="indexterm" name="id3099 69"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this704 </h3></div></div></div><a class="indexterm" name="id309904"></a><a name="AIOWRITESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba has been built with asynchronous I/O support and this 703 705 integer parameter is set to non-zero value, 704 706 Samba will write to file asynchronously when size of request is bigger … … 711 713 request size</code> 712 714 </em></span> 713 </p></dd></dl></div></div><div class="section" title="algorithmic rid base (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 10046"></a>715 </p></dd></dl></div></div><div class="section" title="algorithmic rid base (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id309981"></a> 714 716 715 717 algorithmic rid base (G) 716 </h3></div></div></div><a class="indexterm" name="id3 10047"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its718 </h3></div></div></div><a class="indexterm" name="id309982"></a><a name="ALGORITHMICRIDBASE"></a><div class="variablelist"><dl><dt></dt><dd><p>This determines how Samba will use its 717 719 algorithmic mapping from uids/gid to the RIDs needed to construct 718 720 NT Security Identifiers. … … 729 731 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>algorithmic rid base</code></em> = <code class="literal">100000</code> 730 732 </em></span> 731 </p></dd></dl></div></div><div class="section" title="allocation roundup size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310 111"></a>733 </p></dd></dl></div></div><div class="section" title="allocation roundup size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310046"></a> 732 734 733 735 allocation roundup size (S) 734 </h3></div></div></div><a class="indexterm" name="id310 112"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the736 </h3></div></div></div><a class="indexterm" name="id310047"></a><a name="ALLOCATIONROUNDUPSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an administrator to tune the 735 737 allocation size reported to Windows clients. The default 736 738 size of 1Mb generally results in improved Windows client … … 744 746 # (to disable roundups)</code> 745 747 </em></span> 746 </p></dd></dl></div></div><div class="section" title="allow trusted domains (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310171"></a> 748 </p></dd></dl></div></div><div class="section" title="allow insecure wide links (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310110"></a> 749 750 allow insecure wide links (G) 751 </h3></div></div></div><a class="indexterm" name="id310111"></a><a name="ALLOWINSECUREWIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p> 752 In normal operation the option <a class="link" href="smb.conf.5.html#WIDELINKS" target="_top">wide links</a> 753 which allows the server to follow symlinks outside of a share path 754 is automatically disabled when <a class="link" href="smb.conf.5.html#UNIXEXTENSIONS" target="_top">unix extensions</a> 755 are enabled on a Samba server. This is done for security purposes 756 to prevent UNIX clients creating symlinks to areas of the server 757 file system that the administrator does not wish to export. 758 </p><p> 759 Setting <a class="link" href="smb.conf.5.html#ALLOWINSECUREWIDELINKS" target="_top">allow insecure wide links</a> to 760 true disables the link between these two parameters, removing 761 this protection and allowing a site to configure 762 the server to follow symlinks (by setting <a class="link" href="smb.conf.5.html#WIDELINKS" target="_top">wide links</a> 763 to "true") even when <a class="link" href="smb.conf.5.html#UNIXEXTENSIONS" target="_top">unix extensions</a> 764 is turned on. 765 </p><p> 766 If is not recommended to enable this option unless you 767 fully understand the implications of allowing the server to 768 follow symbolic links created by UNIX clients. For most 769 normal Samba configurations this would be considered a security 770 hole and setting this parameter is not recommended. 771 </p><p> 772 This option was added at the request of sites who had 773 deliberately set Samba up in this way and needed to continue 774 supporting this functionality without having to patch the 775 Samba code. 776 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow insecure wide links</code></em> = <code class="literal">no</code> 777 </em></span> 778 </p></dd></dl></div></div><div class="section" title="allow trusted domains (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310201"></a> 747 779 748 780 allow trusted domains (G) 749 </h3></div></div></div><a class="indexterm" name="id310 172"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p>781 </h3></div></div></div><a class="indexterm" name="id310202"></a><a name="ALLOWTRUSTEDDOMAINS"></a><div class="variablelist"><dl><dt></dt><dd><p> 750 782 This option only takes effect when the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> option is set to 751 783 <code class="constant">server</code>, <code class="constant">domain</code> or <code class="constant">ads</code>. … … 762 794 can make implementing a security boundary difficult.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>allow trusted domains</code></em> = <code class="literal">yes</code> 763 795 </em></span> 764 </p></dd></dl></div></div><div class="section" title="announce as (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3102 36"></a>796 </p></dd></dl></div></div><div class="section" title="announce as (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310265"></a> 765 797 766 798 announce as (G) 767 </h3></div></div></div><a class="indexterm" name="id3102 37"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse799 </h3></div></div></div><a class="indexterm" name="id310266"></a><a name="ANNOUNCEAS"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what type of server <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will announce itself as, to a network neighborhood browse 768 800 list. By default this is set to Windows NT. The valid options 769 801 are : "NT Server" (which can also be written as "NT"), … … 777 809 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce as</code></em> = <code class="literal">Win95</code> 778 810 </em></span> 779 </p></dd></dl></div></div><div class="section" title="announce version (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3103 00"></a>811 </p></dd></dl></div></div><div class="section" title="announce version (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310329"></a> 780 812 781 813 announce version (G) 782 </h3></div></div></div><a class="indexterm" name="id3103 01"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers814 </h3></div></div></div><a class="indexterm" name="id310330"></a><a name="ANNOUNCEVERSION"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the major and minor version numbers 783 815 that nmbd will use when announcing itself as a server. The default 784 816 is 4.9. Do not change this parameter unless you have a specific … … 787 819 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>announce version</code></em> = <code class="literal">2.0</code> 788 820 </em></span> 789 </p></dd></dl></div></div><div class="section" title="auth methods (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310355"></a> 821 </p></dd></dl></div></div><div class="section" title="async smb echo handler (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310384"></a> 822 823 async smb echo handler (G) 824 </h3></div></div></div><a class="indexterm" name="id310385"></a><a name="ASYNCSMBECHOHANDLER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should fork the 825 async smb echo handler. It can be beneficial if your file 826 system can block syscalls for a very long time. In some 827 circumstances, it prolongs the timeout that Windows uses to 828 determine whether a connection is dead. 829 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>async smb echo handler</code></em> = <code class="literal">no</code> 830 </em></span> 831 </p></dd></dl></div></div><div class="section" title="auth methods (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310423"></a> 790 832 791 833 auth methods (G) 792 </h3></div></div></div><a class="indexterm" name="id310 356"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p>834 </h3></div></div></div><a class="indexterm" name="id310424"></a><a name="AUTHMETHODS"></a><div class="variablelist"><dl><dt></dt><dd><p> 793 835 This option allows the administrator to chose what authentication methods <code class="literal">smbd</code> 794 836 will use when authenticating a user. This option defaults to sensible values based on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a>. … … 811 853 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>auth methods</code></em> = <code class="literal">guest sam winbind</code> 812 854 </em></span> 813 </p></dd></dl></div></div><div class="section" title="available (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310 450"></a>855 </p></dd></dl></div></div><div class="section" title="available (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310518"></a> 814 856 815 857 available (S) 816 </h3></div></div></div><a class="indexterm" name="id310 451"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If858 </h3></div></div></div><a class="indexterm" name="id310519"></a><a name="AVAILABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter lets you "turn off" a service. If 817 859 <em class="parameter"><code>available = no</code></em>, then <span class="emphasis"><em>ALL</em></span> 818 860 attempts to connect to the service will fail. Such failures are 819 861 logged.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>available</code></em> = <code class="literal">yes</code> 820 862 </em></span> 821 </p></dd></dl></div></div><div class="section" title="bind interfaces only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310 496"></a>863 </p></dd></dl></div></div><div class="section" title="bind interfaces only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id310564"></a> 822 864 823 865 bind interfaces only (G) 824 </h3></div></div></div><a class="indexterm" name="id310 497"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin866 </h3></div></div></div><a class="indexterm" name="id310565"></a><a name="BINDINTERFACESONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter allows the Samba admin 825 867 to limit what interfaces on a machine will serve SMB requests. It 826 868 affects file service <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p> … … 863 905 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>bind interfaces only</code></em> = <code class="literal">no</code> 864 906 </em></span> 865 </p></dd></dl></div></div><div class="section" title="blocking locks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310 793"></a>907 </p></dd></dl></div></div><div class="section" title="blocking locks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310861"></a> 866 908 867 909 blocking locks (S) 868 </h3></div></div></div><a class="indexterm" name="id310 794"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior910 </h3></div></div></div><a class="indexterm" name="id310862"></a><a name="BLOCKINGLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior 869 911 of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when given a request by a client 870 912 to obtain a byte range lock on a region of an open file, and the … … 877 919 cannot be obtained.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>blocking locks</code></em> = <code class="literal">yes</code> 878 920 </em></span> 879 </p></dd></dl></div></div><div class="section" title="block size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310 851"></a>921 </p></dd></dl></div></div><div class="section" title="block size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310919"></a> 880 922 881 923 block size (S) 882 </h3></div></div></div><a class="indexterm" name="id310 852"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free924 </h3></div></div></div><a class="indexterm" name="id310920"></a><a name="BLOCKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when reporting disk free 883 925 sizes. By default, this reports a disk block size of 1024 bytes. 884 926 </p><p>Changing this parameter may have some effect on the … … 894 936 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>block size</code></em> = <code class="literal">4096</code> 895 937 </em></span> 896 </p></dd></dl></div></div><div class="section" title="browsable"><div class="titlepage"><div><div><h3 class="title"><a name="id3109 23"></a>938 </p></dd></dl></div></div><div class="section" title="browsable"><div class="titlepage"><div><div><h3 class="title"><a name="id310991"></a> 897 939 898 940 <a name="BROWSABLE"></a>browsable 899 </h3></div></div></div><a class="indexterm" name="id3109 24"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" title="browseable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id310949"></a>941 </h3></div></div></div><a class="indexterm" name="id310992"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#BROWSEABLE">browseable</a>.</p></dd></dl></div></div><div class="section" title="browseable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311018"></a> 900 942 901 943 browseable (S) 902 </h3></div></div></div><a class="indexterm" name="id31 0950"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in944 </h3></div></div></div><a class="indexterm" name="id311019"></a><a name="BROWSEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether this share is seen in 903 945 the list of available shares in a net view and in the browse list.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browseable</code></em> = <code class="literal">yes</code> 904 946 </em></span> 905 </p></dd></dl></div></div><div class="section" title="browse list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 0987"></a>947 </p></dd></dl></div></div><div class="section" title="browse list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311055"></a> 906 948 907 949 browse list (G) 908 </h3></div></div></div><a class="indexterm" name="id31 0988"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to950 </h3></div></div></div><a class="indexterm" name="id311056"></a><a name="BROWSELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will serve a browse list to 909 951 a client doing a <code class="literal">NetServerEnum</code> call. Normally 910 952 set to <code class="constant">yes</code>. You should never need to change 911 953 this.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browse list</code></em> = <code class="literal">yes</code> 912 954 </em></span> 913 </p></dd></dl></div></div><div class="section" title="cache directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 040"></a>955 </p></dd></dl></div></div><div class="section" title="cache directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311108"></a> 914 956 915 957 cache directory (G) 916 </h3></div></div></div><a class="indexterm" name="id311 041"></a><a name="CACHEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the <em class="parameter"><code>lock directory</code></em>. Since Samba 3.4.0, it is958 </h3></div></div></div><a class="indexterm" name="id311109"></a><a name="CACHEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the <em class="parameter"><code>lock directory</code></em>. Since Samba 3.4.0, it is 917 959 possible to differentiate between TDB files with persistent data and 918 960 TDB files with non-persistent data using the … … 925 967 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cache directory</code></em> = <code class="literal">/var/run/samba/locks/cache</code> 926 968 </em></span> 927 </p></dd></dl></div></div><div class="section" title="casesignames"><div class="titlepage"><div><div><h3 class="title"><a name="id3111 14"></a>969 </p></dd></dl></div></div><div class="section" title="casesignames"><div class="titlepage"><div><div><h3 class="title"><a name="id311182"></a> 928 970 929 971 <a name="CASESIGNAMES"></a>casesignames 930 </h3></div></div></div><a class="indexterm" name="id3111 15"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" title="case sensitive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311140"></a>972 </h3></div></div></div><a class="indexterm" name="id311183"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CASESENSITIVE">case sensitive</a>.</p></dd></dl></div></div><div class="section" title="case sensitive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311208"></a> 931 973 932 974 case sensitive (S) 933 </h3></div></div></div><a class="indexterm" name="id311 141"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">no</code>934 </em></span> 935 </p></dd></dl></div></div><div class="section" title="change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 185"></a>975 </h3></div></div></div><a class="indexterm" name="id311209"></a><a name="CASESENSITIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the discussion in the section <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = <code class="literal">auto</code> 976 </em></span> 977 </p></dd></dl></div></div><div class="section" title="change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id311253"></a> 936 978 937 979 change notify (S) 938 </h3></div></div></div><a class="indexterm" name="id311 186"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply980 </h3></div></div></div><a class="indexterm" name="id311254"></a><a name="CHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should reply 939 981 to a client's file change notify requests. 940 982 </p><p>You should never need to change this parameter</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>change notify</code></em> = <code class="literal">yes</code> 941 983 </em></span> 942 </p></dd></dl></div></div><div class="section" title="change share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3112 26"></a>984 </p></dd></dl></div></div><div class="section" title="change share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311294"></a> 943 985 944 986 change share command (G) 945 </h3></div></div></div><a class="indexterm" name="id3112 27"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>987 </h3></div></div></div><a class="indexterm" name="id311295"></a><a name="CHANGESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 946 988 Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server 947 989 Manager. The <em class="parameter"><code>change share command</code></em> is used to define an external … … 978 1020 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>change share command</code></em> = <code class="literal">/usr/local/bin/changeshare</code> 979 1021 </em></span> 980 </p></dd></dl></div></div><div class="section" title="check password script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 395"></a>1022 </p></dd></dl></div></div><div class="section" title="check password script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311463"></a> 981 1023 982 1024 check password script (G) 983 </h3></div></div></div><a class="indexterm" name="id311 396"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password1025 </h3></div></div></div><a class="indexterm" name="id311464"></a><a name="CHECKPASSWORDSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to check password 984 1026 complexity. The password is sent to the program's standard input.</p><p>The program must return 0 on a good password, or any other value 985 1027 if the password is bad. … … 990 1032 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>check password script</code></em> = <code class="literal">/usr/local/sbin/crackcheck</code> 991 1033 </em></span> 992 </p></dd></dl></div></div><div class="section" title="client lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 463"></a>1034 </p></dd></dl></div></div><div class="section" title="client lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311531"></a> 993 1035 994 1036 client lanman auth (G) 995 </h3></div></div></div><a class="indexterm" name="id311 464"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client1037 </h3></div></div></div><a class="indexterm" name="id311532"></a><a name="CLIENTLANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba client 996 1038 tools will attempt to authenticate itself to servers using the 997 1039 weaker LANMAN password hash. If disabled, only server which support NT … … 1004 1046 attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code> 1005 1047 </em></span> 1006 </p></dd></dl></div></div><div class="section" title="client ldap sasl wrapping (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 533"></a>1048 </p></dd></dl></div></div><div class="section" title="client ldap sasl wrapping (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311601"></a> 1007 1049 1008 1050 client ldap sasl wrapping (G) 1009 </h3></div></div></div><a class="indexterm" name="id311 534"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p>1051 </h3></div></div></div><a class="indexterm" name="id311602"></a><a name="CLIENTLDAPSASLWRAPPING"></a><div class="variablelist"><dl><dt></dt><dd><p> 1010 1052 The <a class="link" href="smb.conf.5.html#CLIENTLDAPSASLWRAPPING" target="_top">client ldap sasl wrapping</a> defines whether 1011 1053 ldap traffic will be signed or signed and encrypted (sealed). … … 1035 1077 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ldap sasl wrapping</code></em> = <code class="literal">plain</code> 1036 1078 </em></span> 1037 </p></dd></dl></div></div><div class="section" title="client ntlmv2 auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 638"></a>1079 </p></dd></dl></div></div><div class="section" title="client ntlmv2 auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311707"></a> 1038 1080 1039 1081 client ntlmv2 auth (G) 1040 </h3></div></div></div><a class="indexterm" name="id311 640"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to1082 </h3></div></div></div><a class="indexterm" name="id311708"></a><a name="CLIENTNTLMV2AUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to 1041 1083 authenticate itself to servers using the NTLMv2 encrypted password 1042 1084 response.</p><p>If enabled, only an NTLMv2 and LMv2 response (both much more … … 1051 1093 not the weaker LM or NTLM.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ntlmv2 auth</code></em> = <code class="literal">yes</code> 1052 1094 </em></span> 1053 </p></dd></dl></div></div><div class="section" title="client plaintext auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3117 19"></a>1095 </p></dd></dl></div></div><div class="section" title="client plaintext auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311787"></a> 1054 1096 1055 1097 client plaintext auth (G) 1056 </h3></div></div></div><a class="indexterm" name="id3117 20"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext1098 </h3></div></div></div><a class="indexterm" name="id311788"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext 1057 1099 password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code> 1058 1100 </em></span> 1059 </p></dd></dl></div></div><div class="section" title="client schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 757"></a>1101 </p></dd></dl></div></div><div class="section" title="client schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311825"></a> 1060 1102 1061 1103 client schannel (G) 1062 </h3></div></div></div><a class="indexterm" name="id311 758"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>1104 </h3></div></div></div><a class="indexterm" name="id311826"></a><a name="CLIENTSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 1063 1105 This controls whether the client offers or even demands the use of the netlogon schannel. 1064 1106 <a class="link" href="smb.conf.5.html#CLIENTSCHANNEL" target="_top">client schannel = no</a> does not offer the schannel, … … 1070 1112 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = <code class="literal">yes</code> 1071 1113 </em></span> 1072 </p></dd></dl></div></div><div class="section" title="client signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 832"></a>1114 </p></dd></dl></div></div><div class="section" title="client signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311900"></a> 1073 1115 1074 1116 client signing (G) 1075 </h3></div></div></div><a class="indexterm" name="id311 833"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values1117 </h3></div></div></div><a class="indexterm" name="id311901"></a><a name="CLIENTSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values 1076 1118 are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span> 1077 1119 and <span class="emphasis"><em>disabled</em></span>. … … 1081 1123 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client signing</code></em> = <code class="literal">auto</code> 1082 1124 </em></span> 1083 </p></dd></dl></div></div><div class="section" title="client use spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311 884"></a>1125 </p></dd></dl></div></div><div class="section" title="client use spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id311952"></a> 1084 1126 1085 1127 client use spnego principal (G) 1086 </h3></div></div></div><a class="indexterm" name="id311 885"></a><a name="CLIENTUSESPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not1128 </h3></div></div></div><a class="indexterm" name="id311953"></a><a name="CLIENTUSESPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not 1087 1129 <a class="citerefentry" href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> and other samba components 1088 1130 acting as a client will attempt to use the server-supplied … … 1097 1139 supply this 'rfc4178 hint' principal on the server side.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego principal</code></em> = <code class="literal">no</code> 1098 1140 </em></span> 1099 </p></dd></dl></div></div><div class="section" title="client use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 1945"></a>1141 </p></dd></dl></div></div><div class="section" title="client use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312013"></a> 1100 1142 1101 1143 client use spnego (G) 1102 </h3></div></div></div><a class="indexterm" name="id31 1946"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try1144 </h3></div></div></div><a class="indexterm" name="id312014"></a><a name="CLIENTUSESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p> This variable controls whether Samba clients will try 1103 1145 to use Simple and Protected NEGOciation (as specified by rfc2478) with 1104 1146 supporting servers (including WindowsXP, Windows2000 and Samba … … 1106 1148 mechanism. This enables Kerberos authentication in particular.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client use spnego</code></em> = <code class="literal">yes</code> 1107 1149 </em></span> 1108 </p></dd></dl></div></div><div class="section" title="cluster addresses (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 1984"></a>1150 </p></dd></dl></div></div><div class="section" title="cluster addresses (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312052"></a> 1109 1151 1110 1152 cluster addresses (G) 1111 </h3></div></div></div><a class="indexterm" name="id31 1985"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses1153 </h3></div></div></div><a class="indexterm" name="id312053"></a><a name="CLUSTERADDRESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>With this parameter you can add additional addresses 1112 1154 nmbd will register with a WINS server. These addresses are not 1113 1155 necessarily present on all nodes simultaneously, but they will … … 1118 1160 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cluster addresses</code></em> = <code class="literal">10.0.0.1 10.0.0.2 10.0.0.3</code> 1119 1161 </em></span> 1120 </p></dd></dl></div></div><div class="section" title="clustering (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 038"></a>1162 </p></dd></dl></div></div><div class="section" title="clustering (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312106"></a> 1121 1163 1122 1164 clustering (G) 1123 </h3></div></div></div><a class="indexterm" name="id312 039"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact1165 </h3></div></div></div><a class="indexterm" name="id312107"></a><a name="CLUSTERING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should contact 1124 1166 ctdb for accessing its tdb files and use ctdb as a backend 1125 1167 for its messaging backend. … … 1128 1170 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>clustering</code></em> = <code class="literal">no</code> 1129 1171 </em></span> 1130 </p></dd></dl></div></div><div class="section" title="comment (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 085"></a>1172 </p></dd></dl></div></div><div class="section" title="comment (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312153"></a> 1131 1173 1132 1174 comment (S) 1133 </h3></div></div></div><a class="indexterm" name="id312 086"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share1175 </h3></div></div></div><a class="indexterm" name="id312154"></a><a name="COMMENT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a text field that is seen next to a share 1134 1176 when a client does a queries the server, either via the network 1135 1177 neighborhood or via <code class="literal">net view</code> to list what shares … … 1140 1182 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = <code class="literal">Fred's Files</code> 1141 1183 </em></span> 1142 </p></dd></dl></div></div><div class="section" title="config backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 156"></a>1184 </p></dd></dl></div></div><div class="section" title="config backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312224"></a> 1143 1185 1144 1186 config backend (G) 1145 </h3></div></div></div><a class="indexterm" name="id312 157"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>1187 </h3></div></div></div><a class="indexterm" name="id312225"></a><a name="CONFIGBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p> 1146 1188 This controls the backend for storing the configuration. 1147 1189 Possible values are <span class="emphasis"><em>file</em></span> (the default) … … 1161 1203 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config backend</code></em> = <code class="literal">registry</code> 1162 1204 </em></span> 1163 </p></dd></dl></div></div><div class="section" title="config file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 239"></a>1205 </p></dd></dl></div></div><div class="section" title="config file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312308"></a> 1164 1206 1165 1207 config file (G) 1166 </h3></div></div></div><a class="indexterm" name="id312 240"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file1208 </h3></div></div></div><a class="indexterm" name="id312309"></a><a name="CONFIGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the config file 1167 1209 to use, instead of the default (usually <code class="filename">smb.conf</code>). 1168 1210 There is a chicken and egg problem here as this option is set … … 1174 1216 clients).</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>config file</code></em> = <code class="literal">/usr/local/samba/lib/smb.conf.%m</code> 1175 1217 </em></span> 1176 </p></dd></dl></div></div><div class="section" title="copy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3123 00"></a>1218 </p></dd></dl></div></div><div class="section" title="copy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312368"></a> 1177 1219 1178 1220 copy (S) 1179 </h3></div></div></div><a class="indexterm" name="id3123 01"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service1221 </h3></div></div></div><a class="indexterm" name="id312369"></a><a name="COPY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows you to "clone" service 1180 1222 entries. The specified service is simply duplicated under the 1181 1223 current service's name. Any parameters specified in the current … … 1187 1229 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>copy</code></em> = <code class="literal">otherservice</code> 1188 1230 </em></span> 1189 </p></dd></dl></div></div><div class="section" title="create krb5 conf (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 359"></a>1231 </p></dd></dl></div></div><div class="section" title="create krb5 conf (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312427"></a> 1190 1232 1191 1233 create krb5 conf (G) 1192 </h3></div></div></div><a class="indexterm" name="id312 360"></a><a name="CREATEKRB5CONF"></a><div class="variablelist"><dl><dt></dt><dd><p>1234 </h3></div></div></div><a class="indexterm" name="id312428"></a><a name="CREATEKRB5CONF"></a><div class="variablelist"><dl><dt></dt><dd><p> 1193 1235 Setting this paramter to <code class="literal">no</code> prevents 1194 1236 winbind from creating custom krb5.conf files. Winbind normally does … … 1203 1245 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>create krb5 conf</code></em> = <code class="literal">yes</code> 1204 1246 </em></span> 1205 </p></dd></dl></div></div><div class="section" title="create mode"><div class="titlepage"><div><div><h3 class="title"><a name="id3124 08"></a>1247 </p></dd></dl></div></div><div class="section" title="create mode"><div class="titlepage"><div><div><h3 class="title"><a name="id312476"></a> 1206 1248 1207 1249 <a name="CREATEMODE"></a>create mode 1208 </h3></div></div></div><a class="indexterm" name="id3124 09"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" title="create mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312435"></a>1250 </h3></div></div></div><a class="indexterm" name="id312478"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#CREATEMASK">create mask</a>.</p></dd></dl></div></div><div class="section" title="create mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312503"></a> 1209 1251 1210 1252 create mask (S) 1211 </h3></div></div></div><a class="indexterm" name="id312 436"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>1253 </h3></div></div></div><a class="indexterm" name="id312504"></a><a name="CREATEMASK"></a><div class="variablelist"><dl><dt></dt><dd><p> 1212 1254 When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to 1213 1255 UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may … … 1230 1272 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = <code class="literal">0775</code> 1231 1273 </em></span> 1232 </p></dd></dl></div></div><div class="section" title="csc policy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 543"></a>1274 </p></dd></dl></div></div><div class="section" title="csc policy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312611"></a> 1233 1275 1234 1276 csc policy (S) 1235 </h3></div></div></div><a class="indexterm" name="id312 544"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p>1277 </h3></div></div></div><a class="indexterm" name="id312612"></a><a name="CSCPOLICY"></a><div class="variablelist"><dl><dt></dt><dd><p> 1236 1278 This stands for <span class="emphasis"><em>client-side caching policy</em></span>, and specifies how clients capable of offline 1237 1279 caching will cache the files in the share. The valid values are: manual, documents, programs, disable. … … 1245 1287 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>csc policy</code></em> = <code class="literal">programs</code> 1246 1288 </em></span> 1247 </p></dd></dl></div></div><div class="section" title="ctdbd socket (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3126 15"></a>1289 </p></dd></dl></div></div><div class="section" title="ctdbd socket (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312683"></a> 1248 1290 1249 1291 ctdbd socket (G) 1250 </h3></div></div></div><a class="indexterm" name="id3126 16"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>,1292 </h3></div></div></div><a class="indexterm" name="id312684"></a><a name="CTDBDSOCKET"></a><div class="variablelist"><dl><dt></dt><dd><p>If you set <code class="literal">clustering=yes</code>, 1251 1293 you need to tell Samba where ctdbd listens on its unix domain 1252 1294 socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which … … 1256 1298 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ctdbd socket</code></em> = <code class="literal">/tmp/ctdb.socket</code> 1257 1299 </em></span> 1258 </p></dd></dl></div></div><div class="section" title="ctdb locktime warn threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 674"></a>1300 </p></dd></dl></div></div><div class="section" title="ctdb locktime warn threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312742"></a> 1259 1301 1260 1302 ctdb locktime warn threshold (G) 1261 </h3></div></div></div><a class="indexterm" name="id312 675"></a><a name="CTDBLOCKTIMEWARNTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>1303 </h3></div></div></div><a class="indexterm" name="id312743"></a><a name="CTDBLOCKTIMEWARNTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p> 1262 1304 In a cluster environment using Samba and ctdb it is critical 1263 1305 that locks on central ctdb-hosted databases like locking.tdb … … 1275 1317 </p><p>The default value of 0 disables this logging.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ctdb locktime warn threshold</code></em> = <code class="literal">0</code> 1276 1318 </em></span> 1277 </p></dd></dl></div></div><div class="section" title="ctdb timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3127 23"></a>1319 </p></dd></dl></div></div><div class="section" title="ctdb timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312791"></a> 1278 1320 1279 1321 ctdb timeout (G) 1280 </h3></div></div></div><a class="indexterm" name="id3127 24"></a><a name="CTDBTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a timeout in seconds for the1322 </h3></div></div></div><a class="indexterm" name="id312792"></a><a name="CTDBTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a timeout in seconds for the 1281 1323 connection between Samba and ctdb. It is only valid if you 1282 1324 have compiled Samba with clustering and if you have … … 1304 1346 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ctdb timeout</code></em> = <code class="literal">0</code> 1305 1347 </em></span> 1306 </p></dd></dl></div></div><div class="section" title="cups connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 791"></a>1348 </p></dd></dl></div></div><div class="section" title="cups connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312859"></a> 1307 1349 1308 1350 cups connection timeout (G) 1309 </h3></div></div></div><a class="indexterm" name="id312 792"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>1351 </h3></div></div></div><a class="indexterm" name="id312860"></a><a name="CUPSCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 1310 1352 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>. 1311 1353 </p><p> … … 1317 1359 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups connection timeout</code></em> = <code class="literal">60</code> 1318 1360 </em></span> 1319 </p></dd></dl></div></div><div class="section" title="cups encrypt (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312 859"></a>1361 </p></dd></dl></div></div><div class="section" title="cups encrypt (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id312927"></a> 1320 1362 1321 1363 cups encrypt (G) 1322 </h3></div></div></div><a class="indexterm" name="id312 860"></a><a name="CUPSENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>1364 </h3></div></div></div><a class="indexterm" name="id312928"></a><a name="CUPSENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 1323 1365 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> 1324 1366 is set to <code class="constant">cups</code> and if you use CUPS newer than … … 1333 1375 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>cups encrypt</code></em> = <code class="literal">"no"</code> 1334 1376 </em></span> 1335 </p></dd></dl></div></div><div class="section" title="cups options (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3129 22"></a>1377 </p></dd></dl></div></div><div class="section" title="cups options (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id312990"></a> 1336 1378 1337 1379 cups options (S) 1338 </h3></div></div></div><a class="indexterm" name="id3129 23"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>1380 </h3></div></div></div><a class="indexterm" name="id312991"></a><a name="CUPSOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1339 1381 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is 1340 1382 set to <code class="constant">cups</code>. Its value is a free form string of options … … 1358 1400 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups options</code></em> = <code class="literal">"raw media=a4"</code> 1359 1401 </em></span> 1360 </p></dd></dl></div></div><div class="section" title="cups server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3130 11"></a>1402 </p></dd></dl></div></div><div class="section" title="cups server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313079"></a> 1361 1403 1362 1404 cups server (G) 1363 </h3></div></div></div><a class="indexterm" name="id3130 12"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>1405 </h3></div></div></div><a class="indexterm" name="id313080"></a><a name="CUPSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p> 1364 1406 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">cups</code>. 1365 1407 </p><p> … … 1375 1417 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>cups server</code></em> = <code class="literal">mycupsserver:1631</code> 1376 1418 </em></span> 1377 </p></dd></dl></div></div><div class="section" title="deadtime (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3131 04"></a>1419 </p></dd></dl></div></div><div class="section" title="deadtime (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313172"></a> 1378 1420 1379 1421 deadtime (G) 1380 </h3></div></div></div><a class="indexterm" name="id3131 05"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer)1422 </h3></div></div></div><a class="indexterm" name="id313173"></a><a name="DEADTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a decimal integer) 1381 1423 represents the number of minutes of inactivity before a connection 1382 1424 is considered dead, and it is disconnected. The deadtime only takes … … 1390 1432 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deadtime</code></em> = <code class="literal">15</code> 1391 1433 </em></span> 1392 </p></dd></dl></div></div><div class="section" title="debug class (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313 174"></a>1434 </p></dd></dl></div></div><div class="section" title="debug class (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313242"></a> 1393 1435 1394 1436 debug class (G) 1395 </h3></div></div></div><a class="indexterm" name="id313 175"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p>1437 </h3></div></div></div><a class="indexterm" name="id313244"></a><a name="DEBUGCLASS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1396 1438 With this boolean parameter enabled, the debug class (DBGC_CLASS) 1397 1439 will be displayed in the debug header. … … 1401 1443 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug class</code></em> = <code class="literal">no</code> 1402 1444 </em></span> 1403 </p></dd></dl></div></div><div class="section" title="debug hires timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3132 24"></a>1445 </p></dd></dl></div></div><div class="section" title="debug hires timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313292"></a> 1404 1446 1405 1447 debug hires timestamp (G) 1406 </h3></div></div></div><a class="indexterm" name="id3132 25"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>1448 </h3></div></div></div><a class="indexterm" name="id313294"></a><a name="DEBUGHIRESTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 1407 1449 Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this 1408 1450 boolean parameter adds microsecond resolution to the timestamp message header when turned on. … … 1411 1453 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = <code class="literal">yes</code> 1412 1454 </em></span> 1413 </p></dd></dl></div></div><div class="section" title="debug pid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313 273"></a>1455 </p></dd></dl></div></div><div class="section" title="debug pid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313342"></a> 1414 1456 1415 1457 debug pid (G) 1416 </h3></div></div></div><a class="indexterm" name="id313 274"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p>1458 </h3></div></div></div><a class="indexterm" name="id313343"></a><a name="DEBUGPID"></a><div class="variablelist"><dl><dt></dt><dd><p> 1417 1459 When using only one log file for more then one forked <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>-process there may be hard to follow which process outputs which 1418 1460 message. This boolean parameter is adds the process-id to the timestamp message headers in the … … 1422 1464 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = <code class="literal">no</code> 1423 1465 </em></span> 1424 </p></dd></dl></div></div><div class="section" title="debug prefix timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3133 30"></a>1466 </p></dd></dl></div></div><div class="section" title="debug prefix timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313399"></a> 1425 1467 1426 1468 debug prefix timestamp (G) 1427 </h3></div></div></div><a class="indexterm" name="id313 332"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>1469 </h3></div></div></div><a class="indexterm" name="id313400"></a><a name="DEBUGPREFIXTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 1428 1470 With this option enabled, the timestamp message header is prefixed to the debug message without the 1429 1471 filename and function information that is included with the <a class="link" href="smb.conf.5.html#DEBUGTIMESTAMP" target="_top">debug timestamp</a> … … 1433 1475 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = <code class="literal">no</code> 1434 1476 </em></span> 1435 </p></dd></dl></div></div><div class="section" title="timestamp logs"><div class="titlepage"><div><div><h3 class="title"><a name="id313 387"></a>1477 </p></dd></dl></div></div><div class="section" title="timestamp logs"><div class="titlepage"><div><div><h3 class="title"><a name="id313456"></a> 1436 1478 1437 1479 <a name="TIMESTAMPLOGS"></a>timestamp logs 1438 </h3></div></div></div><a class="indexterm" name="id313 388"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" title="debug timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313414"></a>1480 </h3></div></div></div><a class="indexterm" name="id313457"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEBUGTIMESTAMP">debug timestamp</a>.</p></dd></dl></div></div><div class="section" title="debug timestamp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313482"></a> 1439 1481 1440 1482 debug timestamp (G) 1441 </h3></div></div></div><a class="indexterm" name="id3134 15"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p>1483 </h3></div></div></div><a class="indexterm" name="id313483"></a><a name="DEBUGTIMESTAMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 1442 1484 Samba debug log messages are timestamped by default. If you are running at a high 1443 1485 <a class="link" href="smb.conf.5.html#DEBUGLEVEL" target="_top">debug level</a> these timestamps can be distracting. This … … 1445 1487 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = <code class="literal">yes</code> 1446 1488 </em></span> 1447 </p></dd></dl></div></div><div class="section" title="debug uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313 460"></a>1489 </p></dd></dl></div></div><div class="section" title="debug uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313528"></a> 1448 1490 1449 1491 debug uid (G) 1450 </h3></div></div></div><a class="indexterm" name="id313 461"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p>1492 </h3></div></div></div><a class="indexterm" name="id313529"></a><a name="DEBUGUID"></a><div class="variablelist"><dl><dt></dt><dd><p> 1451 1493 Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the 1452 1494 current euid, egid, uid and gid to the timestamp message headers in the log file if turned on. … … 1455 1497 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = <code class="literal">no</code> 1456 1498 </em></span> 1457 </p></dd></dl></div></div><div class="section" title="dedicated keytab file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3135 09"></a>1499 </p></dd></dl></div></div><div class="section" title="dedicated keytab file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313577"></a> 1458 1500 1459 1501 dedicated keytab file (G) 1460 </h3></div></div></div><a class="indexterm" name="id3135 10"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>1502 </h3></div></div></div><a class="indexterm" name="id313578"></a><a name="DEDICATEDKEYTABFILE"></a><div class="variablelist"><dl><dt></dt><dd><p> 1461 1503 Specifies the path to the kerberos keytab file when 1462 1504 <a class="link" href="smb.conf.5.html#KERBEROSMETHOD" target="_top">kerberos method</a> is set to "dedicated … … 1466 1508 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dedicated keytab file</code></em> = <code class="literal">/usr/local/etc/krb5.keytab</code> 1467 1509 </em></span> 1468 </p></dd></dl></div></div><div class="section" title="default case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id313 568"></a>1510 </p></dd></dl></div></div><div class="section" title="default case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id313636"></a> 1469 1511 1470 1512 default case (S) 1471 </h3></div></div></div><a class="indexterm" name="id313 569"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>.1513 </h3></div></div></div><a class="indexterm" name="id313637"></a><a name="DEFAULTCASE"></a><div class="variablelist"><dl><dt></dt><dd><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. 1472 1514 Also note the <a class="link" href="smb.conf.5.html#SHORTPRESERVECASE" target="_top">short preserve case</a> parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = <code class="literal">lower</code> 1473 1515 </em></span> 1474 </p></dd></dl></div></div><div class="section" title="default devmode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3136 19"></a>1516 </p></dd></dl></div></div><div class="section" title="default devmode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id313687"></a> 1475 1517 1476 1518 default devmode (S) 1477 </h3></div></div></div><a class="indexterm" name="id3136 20"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services.1519 </h3></div></div></div><a class="indexterm" name="id313688"></a><a name="DEFAULTDEVMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only applicable to <a class="link" href="smb.conf.5.html#PRINTABLE" target="_top">printable</a> services. 1478 1520 When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba 1479 1521 server has a Device Mode which defines things such as paper size and … … 1498 1540 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = <code class="literal">yes</code> 1499 1541 </em></span> 1500 </p></dd></dl></div></div><div class="section" title="default"><div class="titlepage"><div><div><h3 class="title"><a name="id313 694"></a>1542 </p></dd></dl></div></div><div class="section" title="default"><div class="titlepage"><div><div><h3 class="title"><a name="id313762"></a> 1501 1543 1502 1544 <a name="DEFAULT"></a>default 1503 </h3></div></div></div><a class="indexterm" name="id313 695"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" title="default service (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313720"></a>1545 </h3></div></div></div><a class="indexterm" name="id313763"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DEFAULTSERVICE">default service</a>.</p></dd></dl></div></div><div class="section" title="default service (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313788"></a> 1504 1546 1505 1547 default service (G) 1506 </h3></div></div></div><a class="indexterm" name="id3137 21"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service1548 </h3></div></div></div><a class="indexterm" name="id313789"></a><a name="DEFAULTSERVICE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a service 1507 1549 which will be connected to if the service actually requested cannot 1508 1550 be found. Note that the square brackets are <span class="emphasis"><em>NOT</em></span> … … 1518 1560 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>default service</code></em> = <code class="literal">pub</code> 1519 1561 </em></span> 1520 </p></dd></dl></div></div><div class="section" title="defer sharing violations (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3138 13"></a>1562 </p></dd></dl></div></div><div class="section" title="defer sharing violations (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313882"></a> 1521 1563 1522 1564 defer sharing violations (G) 1523 </h3></div></div></div><a class="indexterm" name="id3138 14"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>1565 </h3></div></div></div><a class="indexterm" name="id313883"></a><a name="DEFERSHARINGVIOLATIONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1524 1566 Windows allows specifying how a file will be shared with 1525 1567 other processes when it is opened. Sharing violations occur when … … 1534 1576 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>defer sharing violations</code></em> = <code class="literal">True</code> 1535 1577 </em></span> 1536 </p></dd></dl></div></div><div class="section" title="delete group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313 862"></a>1578 </p></dd></dl></div></div><div class="section" title="delete group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313934"></a> 1537 1579 1538 1580 delete group script (G) 1539 </h3></div></div></div><a class="indexterm" name="id313 863"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will1581 </h3></div></div></div><a class="indexterm" name="id313935"></a><a name="DELETEGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will 1540 1582 be run <span class="emphasis"><em>AS ROOT</em></span> <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when a group is requested to be deleted. 1541 1583 It will expand any <em class="parameter"><code>%g</code></em> to the group name passed. … … 1543 1585 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete group script</code></em> = <code class="literal"></code> 1544 1586 </em></span> 1545 </p></dd></dl></div></div><div class="section" title="deleteprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3139 16"></a>1587 </p></dd></dl></div></div><div class="section" title="deleteprinter command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id313987"></a> 1546 1588 1547 1589 deleteprinter command (G) 1548 </h3></div></div></div><a class="indexterm" name="id3139 17"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer1590 </h3></div></div></div><a class="indexterm" name="id313988"></a><a name="DELETEPRINTERCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printer 1549 1591 support for Windows NT/2000 clients in Samba 2.2, it is now 1550 1592 possible to delete a printer at run time by issuing the … … 1564 1606 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>deleteprinter command</code></em> = <code class="literal">/usr/bin/removeprinter</code> 1565 1607 </em></span> 1566 </p></dd></dl></div></div><div class="section" title="delete readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 032"></a>1608 </p></dd></dl></div></div><div class="section" title="delete readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314104"></a> 1567 1609 1568 1610 delete readonly (S) 1569 </h3></div></div></div><a class="indexterm" name="id314 033"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted.1611 </h3></div></div></div><a class="indexterm" name="id314105"></a><a name="DELETEREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows readonly files to be deleted. 1570 1612 This is not normal DOS semantics, but is allowed by UNIX.</p><p>This option may be useful for running applications such 1571 1613 as rcs, where UNIX file ownership prevents changing file 1572 1614 permissions, and DOS semantics prevent deletion of a read only file.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete readonly</code></em> = <code class="literal">no</code> 1573 1615 </em></span> 1574 </p></dd></dl></div></div><div class="section" title="delete share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 075"></a>1616 </p></dd></dl></div></div><div class="section" title="delete share command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314147"></a> 1575 1617 1576 1618 delete share command (G) 1577 </h3></div></div></div><a class="indexterm" name="id314 076"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>1619 </h3></div></div></div><a class="indexterm" name="id314148"></a><a name="DELETESHARECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 1578 1620 Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server 1579 1621 Manager. The <em class="parameter"><code>delete share command</code></em> is used to define an external … … 1601 1643 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = <code class="literal">/usr/local/bin/delshare</code> 1602 1644 </em></span> 1603 </p></dd></dl></div></div><div class="section" title="delete user from group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3142 18"></a>1645 </p></dd></dl></div></div><div class="section" title="delete user from group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314290"></a> 1604 1646 1605 1647 delete user from group script (G) 1606 </h3></div></div></div><a class="indexterm" name="id3142 19"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when1648 </h3></div></div></div><a class="indexterm" name="id314291"></a><a name="DELETEUSERFROMGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Full path to the script that will be called when 1607 1649 a user is removed from a group using the Windows NT domain administration 1608 1650 tools. It will be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> <span class="emphasis"><em>AS ROOT</em></span>. … … 1613 1655 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user from group script</code></em> = <code class="literal">/usr/sbin/deluser %u %g</code> 1614 1656 </em></span> 1615 </p></dd></dl></div></div><div class="section" title="delete user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 292"></a>1657 </p></dd></dl></div></div><div class="section" title="delete user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314364"></a> 1616 1658 1617 1659 delete user script (G) 1618 </h3></div></div></div><a class="indexterm" name="id314 293"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will1660 </h3></div></div></div><a class="indexterm" name="id314365"></a><a name="DELETEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the full pathname to a script that will 1619 1661 be run by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when managing users 1620 1662 with remote RPC (NT) tools. … … 1625 1667 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>delete user script</code></em> = <code class="literal">/usr/local/samba/bin/del_user %u</code> 1626 1668 </em></span> 1627 </p></dd></dl></div></div><div class="section" title="delete veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 364"></a>1669 </p></dd></dl></div></div><div class="section" title="delete veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314437"></a> 1628 1670 1629 1671 delete veto files (S) 1630 </h3></div></div></div><a class="indexterm" name="id314 366"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to1672 </h3></div></div></div><a class="indexterm" name="id314438"></a><a name="DELETEVETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used when Samba is attempting to 1631 1673 delete a directory that contains one or more vetoed directories 1632 1674 (see the <a class="link" href="smb.conf.5.html#VETOFILES" target="_top">veto files</a> … … 1642 1684 is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = <code class="literal">no</code> 1643 1685 </em></span> 1644 </p></dd></dl></div></div><div class="section" title="dfree cache time (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 440"></a>1686 </p></dd></dl></div></div><div class="section" title="dfree cache time (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314512"></a> 1645 1687 1646 1688 dfree cache time (S) 1647 </h3></div></div></div><a class="indexterm" name="id314 441"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>1689 </h3></div></div></div><a class="indexterm" name="id314513"></a><a name="DFREECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p> 1648 1690 The <em class="parameter"><code>dfree cache time</code></em> should only be used on systems where a problem 1649 1691 occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur … … 1658 1700 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree cache time</code></em> = <code class="literal">dfree cache time = 60</code> 1659 1701 </em></span> 1660 </p></dd></dl></div></div><div class="section" title="dfree command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3145 06"></a>1702 </p></dd></dl></div></div><div class="section" title="dfree command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314578"></a> 1661 1703 1662 1704 dfree command (S) 1663 </h3></div></div></div><a class="indexterm" name="id3145 07"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>1705 </h3></div></div></div><a class="indexterm" name="id314579"></a><a name="DFREECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p> 1664 1706 The <em class="parameter"><code>dfree command</code></em> setting should only be used on systems where a 1665 1707 problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may … … 1699 1741 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dfree command</code></em> = <code class="literal">/usr/local/samba/bin/dfree</code> 1700 1742 </em></span> 1701 </p></dd></dl></div></div><div class="section" title="directory mode"><div class="titlepage"><div><div><h3 class="title"><a name="id3146 12"></a>1743 </p></dd></dl></div></div><div class="section" title="directory mode"><div class="titlepage"><div><div><h3 class="title"><a name="id314684"></a> 1702 1744 1703 1745 <a name="DIRECTORYMODE"></a>directory mode 1704 </h3></div></div></div><a class="indexterm" name="id3146 13"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" title="directory mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314638"></a>1746 </h3></div></div></div><a class="indexterm" name="id314685"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#DIRECTORYMASK">directory mask</a>.</p></dd></dl></div></div><div class="section" title="directory mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314710"></a> 1705 1747 1706 1748 directory mask (S) 1707 </h3></div></div></div><a class="indexterm" name="id314 639"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are1749 </h3></div></div></div><a class="indexterm" name="id314711"></a><a name="DIRECTORYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is the octal modes which are 1708 1750 used when converting DOS modes to UNIX modes when creating UNIX 1709 1751 directories.</p><p>When a directory is created, the necessary permissions are … … 1723 1765 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = <code class="literal">0775</code> 1724 1766 </em></span> 1725 </p></dd></dl></div></div><div class="section" title="directory name cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 732"></a>1767 </p></dd></dl></div></div><div class="section" title="directory name cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314804"></a> 1726 1768 1727 1769 directory name cache size (S) 1728 </h3></div></div></div><a class="indexterm" name="id314 733"></a><a name="DIRECTORYNAMECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>1770 </h3></div></div></div><a class="indexterm" name="id314805"></a><a name="DIRECTORYNAMECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p> 1729 1771 This parameter specifies the the size of the directory name cache. 1730 1772 It will be needed to turn this off for *BSD systems. 1731 1773 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory name cache size</code></em> = <code class="literal">100</code> 1732 1774 </em></span> 1733 </p></dd></dl></div></div><div class="section" title="directory security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 770"></a>1775 </p></dd></dl></div></div><div class="section" title="directory security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id314842"></a> 1734 1776 1735 1777 directory security mask (S) 1736 </h3></div></div></div><a class="indexterm" name="id314 771"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits1778 </h3></div></div></div><a class="indexterm" name="id314843"></a><a name="DIRECTORYSECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls what UNIX permission bits 1737 1779 will be set when a Windows NT client is manipulating the UNIX 1738 1780 permission on a directory using the native NT security dialog … … 1754 1796 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory security mask</code></em> = <code class="literal">0700</code> 1755 1797 </em></span> 1756 </p></dd></dl></div></div><div class="section" title="disable netbios (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314 858"></a>1798 </p></dd></dl></div></div><div class="section" title="disable netbios (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314930"></a> 1757 1799 1758 1800 disable netbios (G) 1759 </h3></div></div></div><a class="indexterm" name="id314 859"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support1801 </h3></div></div></div><a class="indexterm" name="id314931"></a><a name="DISABLENETBIOS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable netbios support 1760 1802 in Samba. Netbios is the only available form of browsing in 1761 1803 all windows versions except for 2000 and XP. </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Clients that only support netbios won't be able to … … 1763 1805 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable netbios</code></em> = <code class="literal">no</code> 1764 1806 </em></span> 1765 </p></dd></dl></div></div><div class="section" title="disable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3149 02"></a>1807 </p></dd></dl></div></div><div class="section" title="disable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id314974"></a> 1766 1808 1767 1809 disable spoolss (G) 1768 </h3></div></div></div><a class="indexterm" name="id3149 03"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support1810 </h3></div></div></div><a class="indexterm" name="id314975"></a><a name="DISABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Enabling this parameter will disable Samba's support 1769 1811 for the SPOOLSS set of MS-RPC's and will yield identical behavior 1770 1812 as Samba 2.0.x. Windows NT/2000 clients will downgrade to using … … 1778 1820 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>disable spoolss</code></em> = <code class="literal">no</code> 1779 1821 </em></span> 1780 </p></dd></dl></div></div><div class="section" title="display charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id 314947"></a>1822 </p></dd></dl></div></div><div class="section" title="display charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id265642"></a> 1781 1823 1782 1824 display charset (G) 1783 </h3></div></div></div><a class="indexterm" name="id 314948"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>1825 </h3></div></div></div><a class="indexterm" name="id265643"></a><a name="DISPLAYCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p> 1784 1826 Specifies the charset that samba will use to print messages to stdout and stderr. 1785 1827 The default value is "LOCALE", which means automatically set, depending on the … … 1790 1832 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = <code class="literal">UTF8</code> 1791 1833 </em></span> 1792 </p></dd></dl></div></div><div class="section" title="dmapi support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 009"></a>1834 </p></dd></dl></div></div><div class="section" title="dmapi support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315156"></a> 1793 1835 1794 1836 dmapi support (S) 1795 </h3></div></div></div><a class="indexterm" name="id315 010"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to1837 </h3></div></div></div><a class="indexterm" name="id315157"></a><a name="DMAPISUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should use DMAPI to 1796 1838 determine whether a file is offline or not. This would typically 1797 1839 be used in conjunction with a hierarchical storage system that … … 1808 1850 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dmapi support</code></em> = <code class="literal">no</code> 1809 1851 </em></span> 1810 </p></dd></dl></div></div><div class="section" title="dns proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 062"></a>1852 </p></dd></dl></div></div><div class="section" title="dns proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315208"></a> 1811 1853 1812 1854 dns proxy (G) 1813 </h3></div></div></div><a class="indexterm" name="id315 063"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and1855 </h3></div></div></div><a class="indexterm" name="id315209"></a><a name="DNSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> when acting as a WINS server and 1814 1856 finding that a NetBIOS name has not been registered, should treat the 1815 1857 NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server … … 1820 1862 action.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dns proxy</code></em> = <code class="literal">yes</code> 1821 1863 </em></span> 1822 </p></dd></dl></div></div><div class="section" title="domain logons (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 121"></a>1864 </p></dd></dl></div></div><div class="section" title="domain logons (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315268"></a> 1823 1865 1824 1866 domain logons (G) 1825 </h3></div></div></div><a class="indexterm" name="id315 122"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p>1867 </h3></div></div></div><a class="indexterm" name="id315269"></a><a name="DOMAINLOGONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 1826 1868 If set to <code class="constant">yes</code>, the Samba server will 1827 1869 provide the netlogon service for Windows 9X network logons for the … … 1833 1875 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain logons</code></em> = <code class="literal">no</code> 1834 1876 </em></span> 1835 </p></dd></dl></div></div><div class="section" title="domain master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 171"></a>1877 </p></dd></dl></div></div><div class="section" title="domain master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315318"></a> 1836 1878 1837 1879 domain master (G) 1838 </h3></div></div></div><a class="indexterm" name="id315 172"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>1880 </h3></div></div></div><a class="indexterm" name="id315319"></a><a name="DOMAINMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p> 1839 1881 Tell <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to enable 1840 1882 WAN-wide browse list collation. Setting this option causes <code class="literal">nmbd</code> to claim a … … 1862 1904 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = <code class="literal">auto</code> 1863 1905 </em></span> 1864 </p></dd></dl></div></div><div class="section" title="dont descend (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 338"></a>1906 </p></dd></dl></div></div><div class="section" title="dont descend (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315485"></a> 1865 1907 1866 1908 dont descend (S) 1867 </h3></div></div></div><a class="indexterm" name="id315 339"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems1909 </h3></div></div></div><a class="indexterm" name="id315486"></a><a name="DONTDESCEND"></a><div class="variablelist"><dl><dt></dt><dd><p>There are certain directories on some systems 1868 1910 (e.g., the <code class="filename">/proc</code> tree under Linux) that are either not 1869 1911 of interest to clients or are infinitely deep (recursive). This … … 1876 1918 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>dont descend</code></em> = <code class="literal">/proc,/dev</code> 1877 1919 </em></span> 1878 </p></dd></dl></div></div><div class="section" title="dos charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 412"></a>1920 </p></dd></dl></div></div><div class="section" title="dos charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315559"></a> 1879 1921 1880 1922 dos charset (G) 1881 </h3></div></div></div><a class="indexterm" name="id315 413"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has1923 </h3></div></div></div><a class="indexterm" name="id315560"></a><a name="DOSCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>DOS SMB clients assume the server has 1882 1924 the same charset as they do. This option specifies which 1883 1925 charset Samba should talk to DOS clients. 1884 1926 </p><p>The default depends on which charsets you have installed. 1885 1927 Samba tries to use charset 850 but falls back to ASCII in 1886 case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="dos filemode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 450"></a>1928 case it is not available. Run <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a> to check the default on your system.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="dos filemode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315597"></a> 1887 1929 1888 1930 dos filemode (S) 1889 </h3></div></div></div><a class="indexterm" name="id315 452"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide1931 </h3></div></div></div><a class="indexterm" name="id315598"></a><a name="DOSFILEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> The default behavior in Samba is to provide 1890 1932 UNIX-like behavior where only the owner of a file/directory is 1891 1933 able to change the permissions on it. However, this behavior … … 1904 1946 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filemode</code></em> = <code class="literal">no</code> 1905 1947 </em></span> 1906 </p></dd></dl></div></div><div class="section" title="dos filetime resolution (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 494"></a>1948 </p></dd></dl></div></div><div class="section" title="dos filetime resolution (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315641"></a> 1907 1949 1908 1950 dos filetime resolution (S) 1909 </h3></div></div></div><a class="indexterm" name="id315 495"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest1951 </h3></div></div></div><a class="indexterm" name="id315642"></a><a name="DOSFILETIMERESOLUTION"></a><div class="variablelist"><dl><dt></dt><dd><p>Under the DOS and Windows FAT filesystem, the finest 1910 1952 granularity on time resolution is two seconds. Setting this parameter 1911 1953 for a share causes Samba to round the reported time down to the … … 1922 1964 happy.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetime resolution</code></em> = <code class="literal">no</code> 1923 1965 </em></span> 1924 </p></dd></dl></div></div><div class="section" title="dos filetimes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 550"></a>1966 </p></dd></dl></div></div><div class="section" title="dos filetimes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315696"></a> 1925 1967 1926 1968 dos filetimes (S) 1927 </h3></div></div></div><a class="indexterm" name="id315 551"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a1969 </h3></div></div></div><a class="indexterm" name="id315698"></a><a name="DOSFILETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>Under DOS and Windows, if a user can write to a 1928 1970 file they can change the timestamp on it. Under POSIX semantics, 1929 1971 only the owner of the file or root may change the timestamp. By … … 1938 1980 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>dos filetimes</code></em> = <code class="literal">yes</code> 1939 1981 </em></span> 1940 </p></dd></dl></div></div><div class="section" title="ea support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 597"></a>1982 </p></dd></dl></div></div><div class="section" title="ea support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id315744"></a> 1941 1983 1942 1984 ea support (S) 1943 </h3></div></div></div><a class="indexterm" name="id315 598"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended1985 </h3></div></div></div><a class="indexterm" name="id315745"></a><a name="EASUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow clients to attempt to store OS/2 style Extended 1944 1986 attributes on a share. In order to enable this parameter the underlying filesystem exported by 1945 1987 the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the … … 1948 1990 extended attributes must be compiled into the Linux kernel.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ea support</code></em> = <code class="literal">no</code> 1949 1991 </em></span> 1950 </p></dd></dl></div></div><div class="section" title="enable asu support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 646"></a>1992 </p></dd></dl></div></div><div class="section" title="enable asu support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315797"></a> 1951 1993 1952 1994 enable asu support (G) 1953 </h3></div></div></div><a class="indexterm" name="id315 647"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product1995 </h3></div></div></div><a class="indexterm" name="id315798"></a><a name="ENABLEASUSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>Hosts running the "Advanced Server for Unix (ASU)" product 1954 1996 require some special accomodations such as creating a builtin [ADMIN$] 1955 1997 share that only supports IPC connections. The has been the default … … 1959 2001 an [ADMIN$] file share in smb.conf.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable asu support</code></em> = <code class="literal">no</code> 1960 2002 </em></span> 1961 </p></dd></dl></div></div><div class="section" title="enable core files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 687"></a>2003 </p></dd></dl></div></div><div class="section" title="enable core files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315842"></a> 1962 2004 1963 2005 enable core files (G) 1964 </h3></div></div></div><a class="indexterm" name="id315 688"></a><a name="ENABLECOREFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether core dumps should be written2006 </h3></div></div></div><a class="indexterm" name="id315843"></a><a name="ENABLECOREFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether core dumps should be written 1965 2007 on internal exits. Normally set to <code class="constant">yes</code>. 1966 2008 You should never need to change this. … … 1969 2011 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enable core files</code></em> = <code class="literal">no</code> 1970 2012 </em></span> 1971 </p></dd></dl></div></div><div class="section" title="enable privileges (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 743"></a>2013 </p></dd></dl></div></div><div class="section" title="enable privileges (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315903"></a> 1972 2014 1973 2015 enable privileges (G) 1974 </h3></div></div></div><a class="indexterm" name="id315 744"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p>1975 This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either2016 </h3></div></div></div><a class="indexterm" name="id315904"></a><a name="ENABLEPRIVILEGES"></a><div class="variablelist"><dl><dt></dt><dd><p> 2017 This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either 1976 2018 <code class="literal">net rpc rights</code> or one of the Windows user and group manager tools. This parameter is 1977 2019 enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to … … 1985 2027 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable privileges</code></em> = <code class="literal">yes</code> 1986 2028 </em></span> 1987 </p></dd></dl></div></div><div class="section" title="enable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315 797"></a>2029 </p></dd></dl></div></div><div class="section" title="enable spoolss (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id315961"></a> 1988 2030 1989 2031 enable spoolss (G) 1990 </h3></div></div></div><a class="indexterm" name="id315 798"></a><a name="ENABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#DISABLESPOOLSS" target="_top">disable spoolss</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable spoolss</code></em> = <code class="literal">yes</code>1991 </em></span> 1992 </p></dd></dl></div></div><div class="section" title="encrypt passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 5842"></a>2032 </h3></div></div></div><a class="indexterm" name="id315962"></a><a name="ENABLESPOOLSS"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#DISABLESPOOLSS" target="_top">disable spoolss</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enable spoolss</code></em> = <code class="literal">yes</code> 2033 </em></span> 2034 </p></dd></dl></div></div><div class="section" title="encrypt passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316013"></a> 1993 2035 1994 2036 encrypt passwords (G) 1995 </h3></div></div></div><a class="indexterm" name="id31 5843"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords2037 </h3></div></div></div><a class="indexterm" name="id316014"></a><a name="ENCRYPTPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls whether encrypted passwords 1996 2038 will be negotiated with the client. Note that Windows NT 4.0 SP3 and 1997 2039 above and also Windows 98 will by default expect encrypted passwords … … 2016 2058 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = <code class="literal">yes</code> 2017 2059 </em></span> 2018 </p></dd></dl></div></div><div class="section" title="enhanced browsing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 5940"></a>2060 </p></dd></dl></div></div><div class="section" title="enhanced browsing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316114"></a> 2019 2061 2020 2062 enhanced browsing (G) 2021 </h3></div></div></div><a class="indexterm" name="id31 5941"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to2063 </h3></div></div></div><a class="indexterm" name="id316115"></a><a name="ENHANCEDBROWSING"></a><div class="variablelist"><dl><dt></dt><dd><p>This option enables a couple of enhancements to 2022 2064 cross-subnet browse propagation that have been added in Samba 2023 2065 but which are not standard in Microsoft implementations. … … 2032 2074 cross-subnet browse propagation much more reliable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>enhanced browsing</code></em> = <code class="literal">yes</code> 2033 2075 </em></span> 2034 </p></dd></dl></div></div><div class="section" title="enumports command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 5998"></a>2076 </p></dd></dl></div></div><div class="section" title="enumports command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316171"></a> 2035 2077 2036 2078 enumports command (G) 2037 </h3></div></div></div><a class="indexterm" name="id31 5999"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign2079 </h3></div></div></div><a class="indexterm" name="id316172"></a><a name="ENUMPORTSCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The concept of a "port" is fairly foreign 2038 2080 to UNIX hosts. Under Windows NT/2000 print servers, a port 2039 2081 is associated with a port monitor and generally takes the form of … … 2052 2094 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>enumports command</code></em> = <code class="literal">/usr/bin/listports</code> 2053 2095 </em></span> 2054 </p></dd></dl></div></div><div class="section" title="eventlog list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 079"></a>2096 </p></dd></dl></div></div><div class="section" title="eventlog list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id316252"></a> 2055 2097 2056 2098 eventlog list (G) 2057 </h3></div></div></div><a class="indexterm" name="id316 080"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will2099 </h3></div></div></div><a class="indexterm" name="id316253"></a><a name="EVENTLOGLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of log names that Samba will 2058 2100 report to the Microsoft EventViewer utility. The listed 2059 2101 eventlogs will be associated with tdb file on disk in the … … 2068 2110 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>eventlog list</code></em> = <code class="literal">Security Application Syslog Apache</code> 2069 2111 </em></span> 2070 </p></dd></dl></div></div><div class="section" title="fake directory create times (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 154"></a>2112 </p></dd></dl></div></div><div class="section" title="fake directory create times (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316327"></a> 2071 2113 2072 2114 fake directory create times (S) 2073 </h3></div></div></div><a class="indexterm" name="id316 155"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create2115 </h3></div></div></div><a class="indexterm" name="id316328"></a><a name="FAKEDIRECTORYCREATETIMES"></a><div class="variablelist"><dl><dt></dt><dd><p>NTFS and Windows VFAT file systems keep a create 2074 2116 time for all files and directories. This is not the same as the 2075 2117 ctime - status change time - that Unix keeps, so Samba by default … … 2093 2135 will proceed as expected.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake directory create times</code></em> = <code class="literal">no</code> 2094 2136 </em></span> 2095 </p></dd></dl></div></div><div class="section" title="fake oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 213"></a>2137 </p></dd></dl></div></div><div class="section" title="fake oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316391"></a> 2096 2138 2097 2139 fake oplocks (S) 2098 </h3></div></div></div><a class="indexterm" name="id316 214"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission2140 </h3></div></div></div><a class="indexterm" name="id316392"></a><a name="FAKEOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>Oplocks are the way that SMB clients get permission 2099 2141 from a server to locally cache file operations. If a server grants 2100 2142 an oplock (opportunistic lock) then the client is free to assume … … 2112 2154 this option carefully!</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>fake oplocks</code></em> = <code class="literal">no</code> 2113 2155 </em></span> 2114 </p></dd></dl></div></div><div class="section" title="follow symlinks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 296"></a>2156 </p></dd></dl></div></div><div class="section" title="follow symlinks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316474"></a> 2115 2157 2116 2158 follow symlinks (S) 2117 </h3></div></div></div><a class="indexterm" name="id316 297"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>2159 </h3></div></div></div><a class="indexterm" name="id316475"></a><a name="FOLLOWSYMLINKS"></a><div class="variablelist"><dl><dt></dt><dd><p> 2118 2160 This parameter allows the Samba administrator to stop <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> from following symbolic links in a particular share. Setting this 2119 2161 parameter to <code class="constant">no</code> prevents any file or directory that is a symbolic link from being … … 2125 2167 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>follow symlinks</code></em> = <code class="literal">yes</code> 2126 2168 </em></span> 2127 </p></dd></dl></div></div><div class="section" title="force create mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 366"></a>2169 </p></dd></dl></div></div><div class="section" title="force create mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316544"></a> 2128 2170 2129 2171 force create mode (S) 2130 </h3></div></div></div><a class="indexterm" name="id316 367"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit2172 </h3></div></div></div><a class="indexterm" name="id316545"></a><a name="FORCECREATEMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit 2131 2173 permissions that will <span class="emphasis"><em>always</em></span> be set on a 2132 2174 file created by Samba. This is done by bitwise 'OR'ing these bits onto … … 2140 2182 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force create mode</code></em> = <code class="literal">0755</code> 2141 2183 </em></span> 2142 </p></dd></dl></div></div><div class="section" title="force directory mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 442"></a>2184 </p></dd></dl></div></div><div class="section" title="force directory mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316620"></a> 2143 2185 2144 2186 force directory mode (S) 2145 </h3></div></div></div><a class="indexterm" name="id316 443"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit2187 </h3></div></div></div><a class="indexterm" name="id316621"></a><a name="FORCEDIRECTORYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a set of UNIX mode bit 2146 2188 permissions that will <span class="emphasis"><em>always</em></span> be set on a directory 2147 2189 created by Samba. This is done by bitwise 'OR'ing these bits onto the … … 2156 2198 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory mode</code></em> = <code class="literal">0755</code> 2157 2199 </em></span> 2158 </p></dd></dl></div></div><div class="section" title="force directory security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 517"></a>2200 </p></dd></dl></div></div><div class="section" title="force directory security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316695"></a> 2159 2201 2160 2202 force directory security mode (S) 2161 </h3></div></div></div><a class="indexterm" name="id316 518"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>2203 </h3></div></div></div><a class="indexterm" name="id316696"></a><a name="FORCEDIRECTORYSECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> 2162 2204 This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating 2163 2205 the UNIX permission on a directory using the native NT security dialog box. … … 2180 2222 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force directory security mode</code></em> = <code class="literal">700</code> 2181 2223 </em></span> 2182 </p></dd></dl></div></div><div class="section" title="group"><div class="titlepage"><div><div><h3 class="title"><a name="id316 610"></a>2224 </p></dd></dl></div></div><div class="section" title="group"><div class="titlepage"><div><div><h3 class="title"><a name="id316788"></a> 2183 2225 2184 2226 <a name="GROUP"></a>group 2185 </h3></div></div></div><a class="indexterm" name="id316 611"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" title="force group (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316642"></a>2227 </h3></div></div></div><a class="indexterm" name="id316789"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#FORCEGROUP">force group</a>.</p></dd></dl></div></div><div class="section" title="force group (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316820"></a> 2186 2228 2187 2229 force group (S) 2188 </h3></div></div></div><a class="indexterm" name="id316 643"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be2230 </h3></div></div></div><a class="indexterm" name="id316821"></a><a name="FORCEGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX group name that will be 2189 2231 assigned as the default primary group for all users connecting 2190 2232 to this service. This is useful for sharing files by ensuring … … 2210 2252 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> = <code class="literal">agroup</code> 2211 2253 </em></span> 2212 </p></dd></dl></div></div><div class="section" title="force printername (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316 744"></a>2254 </p></dd></dl></div></div><div class="section" title="force printername (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id316922"></a> 2213 2255 2214 2256 force printername (S) 2215 </h3></div></div></div><a class="indexterm" name="id316 746"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later),2257 </h3></div></div></div><a class="indexterm" name="id316923"></a><a name="FORCEPRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>When printing from Windows NT (or later), 2216 2258 each printer in <code class="filename">smb.conf</code> has two 2217 2259 associated names which can be used by the client. The first … … 2236 2278 folder.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force printername</code></em> = <code class="literal">no</code> 2237 2279 </em></span> 2238 </p></dd></dl></div></div><div class="section" title="force security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 6824"></a>2280 </p></dd></dl></div></div><div class="section" title="force security mode (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317002"></a> 2239 2281 2240 2282 force security mode (S) 2241 </h3></div></div></div><a class="indexterm" name="id31 6825"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p>2283 </h3></div></div></div><a class="indexterm" name="id317003"></a><a name="FORCESECURITYMODE"></a><div class="variablelist"><dl><dt></dt><dd><p> 2242 2284 This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating 2243 2285 the UNIX permission on a file using the native NT security dialog box. … … 2259 2301 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force security mode</code></em> = <code class="literal">700</code> 2260 2302 </em></span> 2261 </p></dd></dl></div></div><div class="section" title="force unknown acl user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 6915"></a>2303 </p></dd></dl></div></div><div class="section" title="force unknown acl user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317093"></a> 2262 2304 2263 2305 force unknown acl user (S) 2264 </h3></div></div></div><a class="indexterm" name="id31 6916"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>2306 </h3></div></div></div><a class="indexterm" name="id317094"></a><a name="FORCEUNKNOWNACLUSER"></a><div class="variablelist"><dl><dt></dt><dd><p> 2265 2307 If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or 2266 2308 representation of a user or group id) as the owner or group owner of the file will be silently … … 2276 2318 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force unknown acl user</code></em> = <code class="literal">no</code> 2277 2319 </em></span> 2278 </p></dd></dl></div></div><div class="section" title="force user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 6969"></a>2320 </p></dd></dl></div></div><div class="section" title="force user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317147"></a> 2279 2321 2280 2322 force user (S) 2281 </h3></div></div></div><a class="indexterm" name="id31 6970"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be2323 </h3></div></div></div><a class="indexterm" name="id317148"></a><a name="FORCEUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies a UNIX user name that will be 2282 2324 assigned as the default user for all users connecting to this service. 2283 2325 This is useful for sharing files. You should also use it carefully … … 2293 2335 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>force user</code></em> = <code class="literal">auser</code> 2294 2336 </em></span> 2295 </p></dd></dl></div></div><div class="section" title="fstype (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317 039"></a>2337 </p></dd></dl></div></div><div class="section" title="fstype (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317217"></a> 2296 2338 2297 2339 fstype (S) 2298 </h3></div></div></div><a class="indexterm" name="id317 040"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p>2340 </h3></div></div></div><a class="indexterm" name="id317218"></a><a name="FSTYPE"></a><div class="variablelist"><dl><dt></dt><dd><p> 2299 2341 This parameter allows the administrator to configure the string that specifies the type of filesystem a share 2300 2342 is using that is reported by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> … … 2306 2348 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>fstype</code></em> = <code class="literal">Samba</code> 2307 2349 </em></span> 2308 </p></dd></dl></div></div><div class="section" title="get quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317 118"></a>2350 </p></dd></dl></div></div><div class="section" title="get quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317296"></a> 2309 2351 2310 2352 get quota command (G) 2311 </h3></div></div></div><a class="indexterm" name="id317 119"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used2353 </h3></div></div></div><a class="indexterm" name="id317297"></a><a name="GETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">get quota command</code> should only be used 2312 2354 whenever there is no operating system API available from the OS that 2313 2355 samba can use.</p><p>This option is only available you have compiled Samba with the … … 2322 2364 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>get quota command</code></em> = <code class="literal">/usr/local/sbin/query_quota</code> 2323 2365 </em></span> 2324 </p></dd></dl></div></div><div class="section" title="getwd cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317 294"></a>2366 </p></dd></dl></div></div><div class="section" title="getwd cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317472"></a> 2325 2367 2326 2368 getwd cache (G) 2327 </h3></div></div></div><a class="indexterm" name="id317 295"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a2369 </h3></div></div></div><a class="indexterm" name="id317473"></a><a name="GETWDCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a tuning option. When this is enabled a 2328 2370 caching algorithm will be used to reduce the time taken for getwd() 2329 2371 calls. This can have a significant impact on performance, especially 2330 2372 when the <a class="link" href="smb.conf.5.html#WIDESMBCONFOPTIONS" target="_top">wide smbconfoptions</a> parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = <code class="literal">yes</code> 2331 2373 </em></span> 2332 </p></dd></dl></div></div><div class="section" title="guest account (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317 352"></a>2374 </p></dd></dl></div></div><div class="section" title="guest account (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id317530"></a> 2333 2375 2334 2376 guest account (G) 2335 </h3></div></div></div><a class="indexterm" name="id317 353"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access2377 </h3></div></div></div><a class="indexterm" name="id317531"></a><a name="GUESTACCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a username which will be used for access 2336 2378 to services which are specified as <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> (see below). Whatever privileges this 2337 2379 user has will be available to any client connecting to the guest service. … … 2351 2393 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>guest account</code></em> = <code class="literal">ftp</code> 2352 2394 </em></span> 2353 </p></dd></dl></div></div><div class="section" title="public"><div class="titlepage"><div><div><h3 class="title"><a name="id317 451"></a>2395 </p></dd></dl></div></div><div class="section" title="public"><div class="titlepage"><div><div><h3 class="title"><a name="id317629"></a> 2354 2396 2355 2397 <a name="PUBLIC"></a>public 2356 </h3></div></div></div><a class="indexterm" name="id317 452"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" title="guest ok (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317482"></a>2398 </h3></div></div></div><a class="indexterm" name="id317630"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTOK">guest ok</a>.</p></dd></dl></div></div><div class="section" title="guest ok (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317660"></a> 2357 2399 2358 2400 guest ok (S) 2359 </h3></div></div></div><a class="indexterm" name="id317 483"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for2401 </h3></div></div></div><a class="indexterm" name="id317661"></a><a name="GUESTOK"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for 2360 2402 a service, then no password is required to connect to the service. 2361 2403 Privileges will be those of the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>.</p><p>This parameter nullifies the benefits of setting … … 2364 2406 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = <code class="literal">no</code> 2365 2407 </em></span> 2366 </p></dd></dl></div></div><div class="section" title="only guest"><div class="titlepage"><div><div><h3 class="title"><a name="id317 567"></a>2408 </p></dd></dl></div></div><div class="section" title="only guest"><div class="titlepage"><div><div><h3 class="title"><a name="id317745"></a> 2367 2409 2368 2410 <a name="ONLYGUEST"></a>only guest 2369 </h3></div></div></div><a class="indexterm" name="id317 568"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" title="guest only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317600"></a>2411 </h3></div></div></div><a class="indexterm" name="id317746"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#GUESTONLY">guest only</a>.</p></dd></dl></div></div><div class="section" title="guest only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317778"></a> 2370 2412 2371 2413 guest only (S) 2372 </h3></div></div></div><a class="indexterm" name="id317 601"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for2414 </h3></div></div></div><a class="indexterm" name="id317779"></a><a name="GUESTONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code> for 2373 2415 a service, then only guest connections to the service are permitted. 2374 2416 This parameter will have no effect if <a class="link" href="smb.conf.5.html#GUESTOK" target="_top">guest ok</a> is not set for the service.</p><p>See the section below on <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security</a> for more information about this option. 2375 2417 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = <code class="literal">no</code> 2376 2418 </em></span> 2377 </p></dd></dl></div></div><div class="section" title="hide dot files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317 669"></a>2419 </p></dd></dl></div></div><div class="section" title="hide dot files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317847"></a> 2378 2420 2379 2421 hide dot files (S) 2380 </h3></div></div></div><a class="indexterm" name="id317 670"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether2422 </h3></div></div></div><a class="indexterm" name="id317848"></a><a name="HIDEDOTFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls whether 2381 2423 files starting with a dot appear as hidden files.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide dot files</code></em> = <code class="literal">yes</code> 2382 2424 </em></span> 2383 </p></dd></dl></div></div><div class="section" title="hide files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317 710"></a>2425 </p></dd></dl></div></div><div class="section" title="hide files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317888"></a> 2384 2426 2385 2427 hide files (S) 2386 </h3></div></div></div><a class="indexterm" name="id317 711"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not2428 </h3></div></div></div><a class="indexterm" name="id317889"></a><a name="HIDEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of files or directories that are not 2387 2429 visible but are accessible. The DOS 'hidden' attribute is applied 2388 2430 to any files or directories that match.</p><p>Each entry in the list must be separated by a '/', … … 2406 2448 # no file are hidden</code> 2407 2449 </em></span> 2408 </p></dd></dl></div></div><div class="section" title="hide special files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317 789"></a>2450 </p></dd></dl></div></div><div class="section" title="hide special files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id317967"></a> 2409 2451 2410 2452 hide special files (S) 2411 </h3></div></div></div><a class="indexterm" name="id317 790"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>2453 </h3></div></div></div><a class="indexterm" name="id317968"></a><a name="HIDESPECIALFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 2412 2454 This parameter prevents clients from seeing special files such as sockets, devices and 2413 2455 fifo's in directory listings. 2414 2456 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide special files</code></em> = <code class="literal">no</code> 2415 2457 </em></span> 2416 </p></dd></dl></div></div><div class="section" title="hide unreadable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 7830"></a>2458 </p></dd></dl></div></div><div class="section" title="hide unreadable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318008"></a> 2417 2459 2418 2460 hide unreadable (S) 2419 </h3></div></div></div><a class="indexterm" name="id31 7831"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the2461 </h3></div></div></div><a class="indexterm" name="id318009"></a><a name="HIDEUNREADABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter prevents clients from seeing the 2420 2462 existance of files that cannot be read. Defaults to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unreadable</code></em> = <code class="literal">no</code> 2421 2463 </em></span> 2422 </p></dd></dl></div></div><div class="section" title="hide unwriteable files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 7872"></a>2464 </p></dd></dl></div></div><div class="section" title="hide unwriteable files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318050"></a> 2423 2465 2424 2466 hide unwriteable files (S) 2425 </h3></div></div></div><a class="indexterm" name="id31 7873"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>2467 </h3></div></div></div><a class="indexterm" name="id318051"></a><a name="HIDEUNWRITEABLEFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 2426 2468 This parameter prevents clients from seeing the existance of files that cannot be written to. 2427 2469 Defaults to off. Note that unwriteable directories are shown as usual. 2428 2470 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hide unwriteable files</code></em> = <code class="literal">no</code> 2429 2471 </em></span> 2430 </p></dd></dl></div></div><div class="section" title="homedir map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 7914"></a>2472 </p></dd></dl></div></div><div class="section" title="homedir map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318091"></a> 2431 2473 2432 2474 homedir map (G) 2433 </h3></div></div></div><a class="indexterm" name="id31 7915"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>2475 </h3></div></div></div><a class="indexterm" name="id318092"></a><a name="HOMEDIRMAP"></a><div class="variablelist"><dl><dt></dt><dd><p> 2434 2476 If <a class="link" href="smb.conf.5.html#NISHOMEDIR" target="_top">nis homedir</a> is <code class="constant">yes</code>, and <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting as a Win95/98 <em class="parameter"><code>logon server</code></em> 2435 2477 then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. … … 2446 2488 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>homedir map</code></em> = <code class="literal">amd.homedir</code> 2447 2489 </em></span> 2448 </p></dd></dl></div></div><div class="section" title="host msdfs (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318 020"></a>2490 </p></dd></dl></div></div><div class="section" title="host msdfs (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318198"></a> 2449 2491 2450 2492 host msdfs (G) 2451 </h3></div></div></div><a class="indexterm" name="id318 021"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p>2493 </h3></div></div></div><a class="indexterm" name="id318199"></a><a name="HOSTMSDFS"></a><div class="variablelist"><dl><dt></dt><dd><p> 2452 2494 If set to <code class="constant">yes</code>, Samba will act as a Dfs server, and allow Dfs-aware clients to browse 2453 2495 Dfs trees hosted on the server. … … 2457 2499 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = <code class="literal">yes</code> 2458 2500 </em></span> 2459 </p></dd></dl></div></div><div class="section" title="hostname lookups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318 082"></a>2501 </p></dd></dl></div></div><div class="section" title="hostname lookups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318260"></a> 2460 2502 2461 2503 hostname lookups (G) 2462 </h3></div></div></div><a class="indexterm" name="id318 083"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive)2504 </h3></div></div></div><a class="indexterm" name="id318261"></a><a name="HOSTNAMELOOKUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether samba should use (expensive) 2463 2505 hostname lookups or use the ip addresses instead. An example place 2464 2506 where hostname lookups are currently used is when checking … … 2468 2510 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = <code class="literal">yes</code> 2469 2511 </em></span> 2470 </p></dd></dl></div></div><div class="section" title="allow hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318 153"></a>2512 </p></dd></dl></div></div><div class="section" title="allow hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318331"></a> 2471 2513 2472 2514 <a name="ALLOWHOSTS"></a>allow hosts 2473 </h3></div></div></div><a class="indexterm" name="id318 154"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" title="hosts allow (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318185"></a>2515 </h3></div></div></div><a class="indexterm" name="id318332"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSALLOW">hosts allow</a>.</p></dd></dl></div></div><div class="section" title="hosts allow (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318363"></a> 2474 2516 2475 2517 hosts allow (S) 2476 </h3></div></div></div><a class="indexterm" name="id318 186"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited2518 </h3></div></div></div><a class="indexterm" name="id318364"></a><a name="HOSTSALLOW"></a><div class="variablelist"><dl><dt></dt><dd><p>A synonym for this parameter is <a class="link" href="smb.conf.5.html#ALLOWHOSTS" target="_top">allow hosts</a>.</p><p>This parameter is a comma, space, or tab delimited 2477 2519 set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will 2478 2520 apply to all services, regardless of whether the individual … … 2494 2536 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts allow</code></em> = <code class="literal">150.203.5. myhost.mynet.edu.au</code> 2495 2537 </em></span> 2496 </p></dd></dl></div></div><div class="section" title="deny hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318 373"></a>2538 </p></dd></dl></div></div><div class="section" title="deny hosts"><div class="titlepage"><div><div><h3 class="title"><a name="id318551"></a> 2497 2539 2498 2540 <a name="DENYHOSTS"></a>deny hosts 2499 </h3></div></div></div><a class="indexterm" name="id318 374"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" title="hosts deny (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318404"></a>2541 </h3></div></div></div><a class="indexterm" name="id318552"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#HOSTSDENY">hosts deny</a>.</p></dd></dl></div></div><div class="section" title="hosts deny (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id318582"></a> 2500 2542 2501 2543 hosts deny (S) 2502 </h3></div></div></div><a class="indexterm" name="id318 405"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em>2544 </h3></div></div></div><a class="indexterm" name="id318583"></a><a name="HOSTSDENY"></a><div class="variablelist"><dl><dt></dt><dd><p>The opposite of <em class="parameter"><code>hosts allow</code></em> 2503 2545 - hosts listed here are <span class="emphasis"><em>NOT</em></span> permitted access to 2504 2546 services unless the specific services have their own lists to override … … 2514 2556 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = <code class="literal">150.203.4. badhost.mynet.edu.au</code> 2515 2557 </em></span> 2516 </p></dd></dl></div></div><div class="section" title="idmap alloc config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318502"></a> 2517 2518 idmap alloc config (G) 2519 </h3></div></div></div><a class="indexterm" name="id318503"></a><a name="IDMAPALLOCCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p> 2520 The idmap alloc config prefix provides a means of managing settings 2521 for the backend defined by the <a class="link" href="smb.conf.5.html#IDMAPALLOCBACKEND" target="_top">idmap alloc backend</a> 2522 parameter. Refer to the man page for each idmap plugin regarding 2523 specific configuration details. 2524 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="idmap backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318542"></a> 2558 </p></dd></dl></div></div><div class="section" title="idmap backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318680"></a> 2525 2559 2526 2560 idmap backend (G) 2527 </h3></div></div></div><a class="indexterm" name="id318 543"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>2561 </h3></div></div></div><a class="indexterm" name="id318681"></a><a name="IDMAPBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p> 2528 2562 The idmap backend provides a plugin interface for Winbind to use 2529 2563 varying backends to store SID/uid/gid mapping tables. 2530 2564 </p><p> 2531 2565 This option specifies the default backend that is used when no special 2532 configuration set by <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> matches the 2533 specific request. 2534 </p><p> 2535 This default backend also specifies the place where winbind-generated 2536 idmap entries will be stored. So it is highly recommended that you 2537 specify a writable backend like <a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a> or <a class="citerefentry" href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a> as the idmap backend. The <a class="citerefentry" href="idmap_rid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_rid</span>(8)</span></a> and <a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a> backends are not writable and thus will generate 2538 unexpected results if set as idmap backend. 2539 </p><p> 2540 To use the rid and ad backends, please specify them via the 2541 <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> parameter, possibly also for the 2542 domain your machine is member of, specified by <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a>. 2543 </p><p>Examples of SID/uid/gid backends include tdb (<a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>), 2544 ldap (<a class="citerefentry" href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>), rid (<a class="citerefentry" href="idmap_rid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_rid</span>(8)</span></a>), 2545 and ad (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>). 2566 configuration set, but it is now deprecated in favour of the new 2567 spelling <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:BACKEND" target="_top">idmap config * : backend</a>. 2546 2568 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = <code class="literal">tdb</code> 2547 2569 </em></span> 2548 </p></dd></dl></div></div><div class="section" title="idmap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3187 07"></a>2570 </p></dd></dl></div></div><div class="section" title="idmap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318737"></a> 2549 2571 2550 2572 idmap cache time (G) 2551 </h3></div></div></div><a class="indexterm" name="id3187 08"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's2573 </h3></div></div></div><a class="indexterm" name="id318738"></a><a name="IDMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's 2552 2574 idmap interface will cache positive SID/uid/gid query results. 2553 2575 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = <code class="literal">604800 (one week)</code> 2554 2576 </em></span> 2555 </p></dd></dl></div></div><div class="section" title="idmap config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3187 48"></a>2577 </p></dd></dl></div></div><div class="section" title="idmap config (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318779"></a> 2556 2578 2557 2579 idmap config (G) 2558 </h3></div></div></div><a class="indexterm" name="id318749"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p> 2559 The idmap config prefix provides a means of managing each trusted 2560 domain separately. The idmap config prefix should be followed by the 2561 name of the domain, a colon, and a setting specific to the chosen 2562 backend. There are three options available for all domains: 2580 </h3></div></div></div><a class="indexterm" name="id318780"></a><a name="IDMAPCONFIG"></a><div class="variablelist"><dl><dt></dt><dd><p> 2581 ID mapping in Samba is the mapping between Windows SIDs and Unix user 2582 and group IDs. This is performed by Winbindd with a configurable plugin 2583 interface. Samba's ID mapping is configured by options starting with the 2584 <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> prefix. 2585 An idmap option consists of the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> 2586 prefix, followed by a domain name or the asterisk character (*), 2587 a colon, and the name of an idmap setting for the chosen domain. 2588 </p><p> 2589 The idmap configuration is hence divided into groups, one group 2590 for each domain to be configured, and one group with the the 2591 asterisk instead of a proper domain name, which speifies the 2592 default configuration that is used to catch all domains that do 2593 not have an explicit idmap configuration of their own. 2594 </p><p> 2595 There are three general options available: 2563 2596 </p><div class="variablelist"><dl><dt><span class="term">backend = backend_name</span></dt><dd><p> 2564 Specifies the name of the idmap plugin to use as the 2565 SID/uid/gid backend for this domain. 2597 This specifies the name of the idmap plugin to use as the 2598 SID/uid/gid backend for this domain. The standard backends are 2599 tdb 2600 (<a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>), 2601 tdb2 2602 (<a class="citerefentry" href="idmap_tdb2.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb2</span>(8)</span></a>), 2603 ldap 2604 (<a class="citerefentry" href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>), 2605 , 2606 rid 2607 (<a class="citerefentry" href="idmap_rid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_rid</span>(8)</span></a>), 2608 , 2609 hash 2610 (<a class="citerefentry" href="idmap_hash.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_hash</span>(8)</span></a>), 2611 , 2612 autorid 2613 (<a class="citerefentry" href="idmap_autorid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_autorid</span>(8)</span></a>), 2614 , 2615 ad 2616 (<a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>), 2617 , 2618 adex 2619 (<a class="citerefentry" href="idmap_adex.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_adex</span>(8)</span></a>), 2620 , 2621 and nss. 2622 (<a class="citerefentry" href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a>), 2623 The corresponding manual pages contain the details, but 2624 here is a summary. 2625 </p><p> 2626 The first three of these create mappings of their own using 2627 internal unixid counters and store the mappings in a database. 2628 These are suitable for use in the default idmap configuration. 2629 The rid and hash backends use a pure algorithmic calculation 2630 to determine the unixid for a SID. The autorid module is a 2631 mixture of the tdb and rid backend. It creates ranges for 2632 each domain encountered and then uses the rid algorithm for each 2633 of these automatically configured domains individually. 2634 The ad and adex 2635 backends both use unix IDs stored in Active Directory via 2636 the standard schema extensions. The nss backend reverses 2637 the standard winbindd setup and gets the unixids via names 2638 from nsswitch which can be useful in an ldap setup. 2566 2639 </p></dd><dt><span class="term">range = low - high</span></dt><dd><p> 2567 2640 Defines the available matching uid and gid range for which the 2568 backend is authoritative. Note that the range commonly2569 matches the allocation range due to the fact that the same2570 backend will store and retrieve SID/uid/gid mapping entries.2571 2641 backend is authoritative. For allocating backends, this also 2642 defines the start and the end of the range for allocating 2643 new unid IDs. 2644 </p><p> 2572 2645 winbind uses this parameter to find the backend that is 2573 authoritative for a unix ID to SID mapping, so it must be set 2574 for each individually configured domain, and it must be 2575 disjoint from the ranges set via <a class="link" href="smb.conf.5.html#IDMAPUID" target="_top">idmap uid</a> and <a class="link" href="smb.conf.5.html#IDMAPGID" target="_top">idmap gid</a>. 2646 authoritative for a unix ID to SID mapping, so it must be set 2647 for each individually configured domain and for the default 2648 configuration. The configured ranges must be mutually disjoint. 2649 </p></dd><dt><span class="term">read only = yes|no</span></dt><dd><p> 2650 This option can be used to turn the writing backends 2651 tdb, tdb2, and ldap into read only mode. This can be useful 2652 e.g. in cases where a pre-filled database exists that should 2653 not be extended automatically. 2576 2654 </p></dd></dl></div><p> 2577 The following example illustrates how to configure the <a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a> for the CORP domain and the2655 The following example illustrates how to configure the <a class="citerefentry" href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a> backend for the CORP domain and the 2578 2656 <a class="citerefentry" href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a> backend for all other 2579 2657 domains. This configuration assumes that the admin of CORP assigns … … 2582 2660 domains and for local groups for example. 2583 2661 </p><pre class="programlisting"> 2584 idmap backend = tdb 2585 idmap uid = 1000000-1999999 2586 idmap gid = 1000000-1999999 2662 idmap config * : backend = tdb 2663 idmap config * : range = 1000000-1999999 2587 2664 2588 2665 idmap config CORP : backend = ad 2589 2666 idmap config CORP : range = 1000-999999 2590 </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="winbind gid"><div class="titlepage"><div><div><h3 class="title"><a name="id31 8868"></a>2667 </pre><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="winbind gid"><div class="titlepage"><div><div><h3 class="title"><a name="id319002"></a> 2591 2668 2592 2669 <a name="WINBINDGID"></a>winbind gid 2593 </h3></div></div></div><a class="indexterm" name="id31 8869"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" title="idmap gid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id318899"></a>2670 </h3></div></div></div><a class="indexterm" name="id319003"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPGID">idmap gid</a>.</p></dd></dl></div></div><div class="section" title="idmap gid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319034"></a> 2594 2671 2595 2672 idmap gid (G) 2596 </h3></div></div></div><a class="indexterm" name="id318900"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p>The idmap gid parameter specifies the range of group ids 2597 that are allocated for the purpose of mapping UNX groups to NT group 2598 SIDs. This range of group ids should have no 2599 existing local or NIS groups within it as strange conflicts can 2600 occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a>, and 2601 <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> options. 2602 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal"></code> 2673 </h3></div></div></div><a class="indexterm" name="id319036"></a><a name="IDMAPGID"></a><div class="variablelist"><dl><dt></dt><dd><p> 2674 The idmap gid parameter specifies the range of group ids 2675 for the default idmap configuration. It is now deprecated 2676 in favour of <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:RANGE" target="_top">idmap config * : range</a>. 2677 </p><p>See the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal"></code> 2603 2678 </em></span> 2604 2679 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = <code class="literal">10000-20000</code> 2605 2680 </em></span> 2606 </p></dd></dl></div></div><div class="section" title="idmap negative cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id31 8983"></a>2681 </p></dd></dl></div></div><div class="section" title="idmap negative cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319118"></a> 2607 2682 2608 2683 idmap negative cache time (G) 2609 </h3></div></div></div><a class="indexterm" name="id31 8984"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's2684 </h3></div></div></div><a class="indexterm" name="id319120"></a><a name="IDMAPNEGATIVECACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of seconds that Winbind's 2610 2685 idmap interface will cache negative SID/uid/gid query results. 2611 2686 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = <code class="literal">120</code> 2612 2687 </em></span> 2613 </p></dd></dl></div></div><div class="section" title="winbind uid"><div class="titlepage"><div><div><h3 class="title"><a name="id319 026"></a>2688 </p></dd></dl></div></div><div class="section" title="winbind uid"><div class="titlepage"><div><div><h3 class="title"><a name="id319161"></a> 2614 2689 2615 2690 <a name="WINBINDUID"></a>winbind uid 2616 </h3></div></div></div><a class="indexterm" name="id319 027"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" title="idmap uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319057"></a>2691 </h3></div></div></div><a class="indexterm" name="id319162"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#IDMAPUID">idmap uid</a>.</p></dd></dl></div></div><div class="section" title="idmap uid (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319193"></a> 2617 2692 2618 2693 idmap uid (G) 2619 </h3></div></div></div><a class="indexterm" name="id319058"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p> 2620 The idmap uid parameter specifies the range of user ids that are 2621 allocated for use in mapping UNIX users to NT user SIDs. This 2622 range of ids should have no existing local 2623 or NIS users within it as strange conflicts can occur otherwise.</p><p>See also the <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a> and 2624 <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> options. 2625 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal"></code> 2694 </h3></div></div></div><a class="indexterm" name="id319194"></a><a name="IDMAPUID"></a><div class="variablelist"><dl><dt></dt><dd><p> 2695 The idmap uid parameter specifies the range of user ids for 2696 the default idmap configuration. It is now deprecated in favour 2697 of <a class="link" href="smb.conf.5.html#IDMAPCONFIG*:RANGE" target="_top">idmap config * : range</a>. 2698 </p><p>See the <a class="link" href="smb.conf.5.html#IDMAPCONFIG" target="_top">idmap config</a> option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal"></code> 2626 2699 </em></span> 2627 2700 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = <code class="literal">10000-20000</code> 2628 2701 </em></span> 2629 </p></dd></dl></div></div><div class="section" title="include (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 139"></a>2702 </p></dd></dl></div></div><div class="section" title="include (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319274"></a> 2630 2703 2631 2704 include (G) 2632 </h3></div></div></div><a class="indexterm" name="id319 140"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p>2705 </h3></div></div></div><a class="indexterm" name="id319276"></a><a name="INCLUDE"></a><div class="variablelist"><dl><dt></dt><dd><p> 2633 2706 This allows you to include one config file inside another. The file is included literally, as though typed 2634 2707 in place. … … 2648 2721 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>include</code></em> = <code class="literal">/usr/local/samba/lib/admin_smb.conf</code> 2649 2722 </em></span> 2650 </p></dd></dl></div></div><div class="section" title="inherit acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 236"></a>2723 </p></dd></dl></div></div><div class="section" title="inherit acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319371"></a> 2651 2724 2652 2725 inherit acls (S) 2653 </h3></div></div></div><a class="indexterm" name="id319 237"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls2726 </h3></div></div></div><a class="indexterm" name="id319372"></a><a name="INHERITACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter can be used to ensure that if default acls 2654 2727 exist on parent directories, they are always honored when creating a 2655 2728 new file or subdirectory in these parent directories. The default … … 2664 2737 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit acls</code></em> = <code class="literal">no</code> 2665 2738 </em></span> 2666 </p></dd></dl></div></div><div class="section" title="inherit owner (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 282"></a>2739 </p></dd></dl></div></div><div class="section" title="inherit owner (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319417"></a> 2667 2740 2668 2741 inherit owner (S) 2669 </h3></div></div></div><a class="indexterm" name="id319 283"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories2742 </h3></div></div></div><a class="indexterm" name="id319418"></a><a name="INHERITOWNER"></a><div class="variablelist"><dl><dt></dt><dd><p>The ownership of new files and directories 2670 2743 is normally governed by effective uid of the connected user. 2671 2744 This option allows the Samba administrator to specify that … … 2676 2749 roaming profile directory are actually owner by the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit owner</code></em> = <code class="literal">no</code> 2677 2750 </em></span> 2678 </p></dd></dl></div></div><div class="section" title="inherit permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 330"></a>2751 </p></dd></dl></div></div><div class="section" title="inherit permissions (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319465"></a> 2679 2752 2680 2753 inherit permissions (S) 2681 </h3></div></div></div><a class="indexterm" name="id319 331"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>2754 </h3></div></div></div><a class="indexterm" name="id319466"></a><a name="INHERITPERMISSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p> 2682 2755 The permissions on new files and directories are normally governed by <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a>, 2683 2756 <a class="link" href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a>, <a class="link" href="smb.conf.5.html#FORCECREATEMODE" target="_top">force create mode</a> and <a class="link" href="smb.conf.5.html#FORCEDIRECTORYMODE" target="_top">force directory mode</a> but the boolean inherit permissions parameter overrides this. … … 2691 2764 share to be used flexibly by each user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>inherit permissions</code></em> = <code class="literal">no</code> 2692 2765 </em></span> 2693 </p></dd></dl></div></div><div class="section" title="init logon delayed hosts (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 468"></a>2766 </p></dd></dl></div></div><div class="section" title="init logon delayed hosts (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319603"></a> 2694 2767 2695 2768 init logon delayed hosts (G) 2696 </h3></div></div></div><a class="indexterm" name="id319 469"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p>2769 </h3></div></div></div><a class="indexterm" name="id319604"></a><a name="INITLOGONDELAYEDHOSTS"></a><div class="variablelist"><dl><dt></dt><dd><p> 2697 2770 This parameter takes a list of host names, addresses or networks for 2698 2771 which the initial samlogon reply should be delayed (so other DCs get … … 2705 2778 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>init logon delayed hosts</code></em> = <code class="literal">150.203.5. myhost.mynet.de</code> 2706 2779 </em></span> 2707 </p></dd></dl></div></div><div class="section" title="init logon delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 541"></a>2780 </p></dd></dl></div></div><div class="section" title="init logon delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319677"></a> 2708 2781 2709 2782 init logon delay (G) 2710 </h3></div></div></div><a class="indexterm" name="id319 542"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>2783 </h3></div></div></div><a class="indexterm" name="id319678"></a><a name="INITLOGONDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p> 2711 2784 This parameter specifies a delay in milliseconds for the hosts configured 2712 2785 for delayed initial samlogon with … … 2714 2787 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>init logon delay</code></em> = <code class="literal">100</code> 2715 2788 </em></span> 2716 </p></dd></dl></div></div><div class="section" title="interfaces (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 594"></a>2789 </p></dd></dl></div></div><div class="section" title="interfaces (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319729"></a> 2717 2790 2718 2791 interfaces (G) 2719 </h3></div></div></div><a class="indexterm" name="id319 595"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default2792 </h3></div></div></div><a class="indexterm" name="id319730"></a><a name="INTERFACES"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to override the default 2720 2793 network interfaces list that Samba will use for browsing, name 2721 2794 registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query … … 2741 2814 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>interfaces</code></em> = <code class="literal">eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</code> 2742 2815 </em></span> 2743 </p></dd></dl></div></div><div class="section" title="invalid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 699"></a>2816 </p></dd></dl></div></div><div class="section" title="invalid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id319835"></a> 2744 2817 2745 2818 invalid users (S) 2746 </h3></div></div></div><a class="indexterm" name="id319 700"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed2819 </h3></div></div></div><a class="indexterm" name="id319836"></a><a name="INVALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of users that should not be allowed 2747 2820 to login to this service. This is really a <span class="emphasis"><em>paranoid</em></span> 2748 2821 check to absolutely ensure an improper setting does not breach … … 2764 2837 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>invalid users</code></em> = <code class="literal">root fred admin @wheel</code> 2765 2838 </em></span> 2766 </p></dd></dl></div></div><div class="section" title="iprint server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319 800"></a>2839 </p></dd></dl></div></div><div class="section" title="iprint server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id319936"></a> 2767 2840 2768 2841 iprint server (G) 2769 </h3></div></div></div><a class="indexterm" name="id319 801"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>2842 </h3></div></div></div><a class="indexterm" name="id319937"></a><a name="IPRINTSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p> 2770 2843 This parameter is only applicable if <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing</a> is set to <code class="constant">iprint</code>. 2771 2844 </p><p> … … 2776 2849 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>iprint server</code></em> = <code class="literal">MYCUPSSERVER</code> 2777 2850 </em></span> 2778 </p></dd></dl></div></div><div class="section" title="keepalive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 19882"></a>2851 </p></dd></dl></div></div><div class="section" title="keepalive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320018"></a> 2779 2852 2780 2853 keepalive (G) 2781 </h3></div></div></div><a class="indexterm" name="id3 19884"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents2854 </h3></div></div></div><a class="indexterm" name="id320019"></a><a name="KEEPALIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (an integer) represents 2782 2855 the number of seconds between <em class="parameter"><code>keepalive</code></em> 2783 2856 packets. If this parameter is zero, no keepalive packets will be … … 2789 2862 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = <code class="literal">600</code> 2790 2863 </em></span> 2791 </p></dd></dl></div></div><div class="section" title="kerberos method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 19964"></a>2864 </p></dd></dl></div></div><div class="section" title="kerberos method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320100"></a> 2792 2865 2793 2866 kerberos method (G) 2794 </h3></div></div></div><a class="indexterm" name="id3 19965"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p>2867 </h3></div></div></div><a class="indexterm" name="id320101"></a><a name="KERBEROSMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> 2795 2868 Controls how kerberos tickets are verified. 2796 2869 </p><p>Valid options are:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>secrets only - use only the secrets.tdb for … … 2809 2882 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kerberos method</code></em> = <code class="literal">secrets only</code> 2810 2883 </em></span> 2811 </p></dd></dl></div></div><div class="section" title="kernel change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 053"></a>2884 </p></dd></dl></div></div><div class="section" title="kernel change notify (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id320189"></a> 2812 2885 2813 2886 kernel change notify (S) 2814 </h3></div></div></div><a class="indexterm" name="id320 054"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the2887 </h3></div></div></div><a class="indexterm" name="id320190"></a><a name="KERNELCHANGENOTIFY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether Samba should ask the 2815 2888 kernel for change notifications in directories so that 2816 2889 SMB clients can refresh whenever the data on the server changes. … … 2819 2892 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = <code class="literal">yes</code> 2820 2893 </em></span> 2821 </p></dd></dl></div></div><div class="section" title="kernel oplocks (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 099"></a>2894 </p></dd></dl></div></div><div class="section" title="kernel oplocks (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320235"></a> 2822 2895 2823 2896 kernel oplocks (G) 2824 </h3></div></div></div><a class="indexterm" name="id320 100"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a>2897 </h3></div></div></div><a class="indexterm" name="id320236"></a><a name="KERNELOPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>For UNIXes that support kernel based <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a> 2825 2898 (currently only IRIX and the Linux 2.4 kernel), this parameter 2826 2899 allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks … … 2832 2905 You should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel oplocks</code></em> = <code class="literal">yes</code> 2833 2906 </em></span> 2834 </p></dd></dl></div></div><div class="section" title="lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 181"></a>2907 </p></dd></dl></div></div><div class="section" title="lanman auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320317"></a> 2835 2908 2836 2909 lanman auth (G) 2837 </h3></div></div></div><a class="indexterm" name="id320 182"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to2910 </h3></div></div></div><a class="indexterm" name="id320318"></a><a name="LANMANAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to 2838 2911 authenticate users or permit password changes 2839 2912 using the LANMAN password hash. If disabled, only clients which support NT … … 2857 2930 special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code> 2858 2931 </em></span> 2859 </p></dd></dl></div></div><div class="section" title="large readwrite (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 276"></a>2932 </p></dd></dl></div></div><div class="section" title="large readwrite (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320412"></a> 2860 2933 2861 2934 large readwrite (G) 2862 </h3></div></div></div><a class="indexterm" name="id320 277"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not2935 </h3></div></div></div><a class="indexterm" name="id320413"></a><a name="LARGEREADWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not 2863 2936 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> supports the new 64k 2864 2937 streaming read and write variant SMB requests introduced with … … 2869 2942 tested as some other Samba code paths.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>large readwrite</code></em> = <code class="literal">yes</code> 2870 2943 </em></span> 2871 </p></dd></dl></div></div><div class="section" title="ldap admin dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 328"></a>2944 </p></dd></dl></div></div><div class="section" title="ldap admin dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320464"></a> 2872 2945 2873 2946 ldap admin dn (G) 2874 </h3></div></div></div><a class="indexterm" name="id320 329"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p>2947 </h3></div></div></div><a class="indexterm" name="id320465"></a><a name="LDAPADMINDN"></a><div class="variablelist"><dl><dt></dt><dd><p> 2875 2948 The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> defines the Distinguished Name (DN) name used by Samba to contact 2876 2949 the ldap server when retreiving user account information. The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> is used … … 2880 2953 </p><p> 2881 2954 The <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a> requires a fully specified DN. The <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> is not appended to the <a class="link" href="smb.conf.5.html#LDAPADMINDN" target="_top">ldap admin dn</a>. 2882 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="ldap connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 431"></a>2955 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="ldap connection timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320566"></a> 2883 2956 2884 2957 ldap connection timeout (G) 2885 </h3></div></div></div><a class="indexterm" name="id320 432"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>2958 </h3></div></div></div><a class="indexterm" name="id320567"></a><a name="LDAPCONNECTIONTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 2886 2959 This parameter tells the LDAP library calls which timeout in seconds 2887 2960 they should honor during initial connection establishments to LDAP servers. … … 2895 2968 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap connection timeout</code></em> = <code class="literal">2</code> 2896 2969 </em></span> 2897 </p></dd></dl></div></div><div class="section" title="ldap debug level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 489"></a>2970 </p></dd></dl></div></div><div class="section" title="ldap debug level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320625"></a> 2898 2971 2899 2972 ldap debug level (G) 2900 </h3></div></div></div><a class="indexterm" name="id320 490"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>2973 </h3></div></div></div><a class="indexterm" name="id320626"></a><a name="LDAPDEBUGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 2901 2974 This parameter controls the debug level of the LDAP library 2902 2975 calls. In the case of OpenLDAP, it is the same … … 2915 2988 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug level</code></em> = <code class="literal">1</code> 2916 2989 </em></span> 2917 </p></dd></dl></div></div><div class="section" title="ldap debug threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 573"></a>2990 </p></dd></dl></div></div><div class="section" title="ldap debug threshold (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320708"></a> 2918 2991 2919 2992 ldap debug threshold (G) 2920 </h3></div></div></div><a class="indexterm" name="id320 574"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p>2993 </h3></div></div></div><a class="indexterm" name="id320710"></a><a name="LDAPDEBUGTHRESHOLD"></a><div class="variablelist"><dl><dt></dt><dd><p> 2921 2994 This parameter controls the Samba debug level at which 2922 2995 the ldap library debug output is … … 2927 3000 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap debug threshold</code></em> = <code class="literal">5</code> 2928 3001 </em></span> 2929 </p></dd></dl></div></div><div class="section" title="ldap delete dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 638"></a>3002 </p></dd></dl></div></div><div class="section" title="ldap delete dn (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320773"></a> 2930 3003 2931 3004 ldap delete dn (G) 2932 </h3></div></div></div><a class="indexterm" name="id320 639"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete3005 </h3></div></div></div><a class="indexterm" name="id320774"></a><a name="LDAPDELETEDN"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter specifies whether a delete 2933 3006 operation in the ldapsam deletes the complete entry or only the attributes 2934 3007 specific to Samba. 2935 3008 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap delete dn</code></em> = <code class="literal">no</code> 2936 3009 </em></span> 2937 </p></dd></dl></div></div><div class="section" title="ldap deref (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 680"></a>3010 </p></dd></dl></div></div><div class="section" title="ldap deref (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320815"></a> 2938 3011 2939 3012 ldap deref (G) 2940 </h3></div></div></div><a class="indexterm" name="id320 681"></a><a name="LDAPDEREF"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether Samba should tell the LDAP library3013 </h3></div></div></div><a class="indexterm" name="id320816"></a><a name="LDAPDEREF"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether Samba should tell the LDAP library 2941 3014 to use a certain alias dereferencing method. The default is 2942 3015 <span class="emphasis"><em>auto</em></span>, which means that the default setting of the … … 2949 3022 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap deref</code></em> = <code class="literal">searching</code> 2950 3023 </em></span> 2951 </p></dd></dl></div></div><div class="section" title="ldap follow referral (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 757"></a>3024 </p></dd></dl></div></div><div class="section" title="ldap follow referral (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320893"></a> 2952 3025 2953 3026 ldap follow referral (G) 2954 </h3></div></div></div><a class="indexterm" name="id320 758"></a><a name="LDAPFOLLOWREFERRAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether to follow LDAP referrals or not when3027 </h3></div></div></div><a class="indexterm" name="id320894"></a><a name="LDAPFOLLOWREFERRAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls whether to follow LDAP referrals or not when 2955 3028 searching for entries in the LDAP database. Possible values are 2956 3029 <span class="emphasis"><em>on</em></span> to enable following referrals, … … 2963 3036 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap follow referral</code></em> = <code class="literal">off</code> 2964 3037 </em></span> 2965 </p></dd></dl></div></div><div class="section" title="ldap group suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320 828"></a>3038 </p></dd></dl></div></div><div class="section" title="ldap group suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id320964"></a> 2966 3039 2967 3040 ldap group suffix (G) 2968 </h3></div></div></div><a class="indexterm" name="id320 829"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is3041 </h3></div></div></div><a class="indexterm" name="id320965"></a><a name="LDAPGROUPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the suffix that is 2969 3042 used for groups when these are added to the LDAP directory. 2970 3043 If this parameter is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the … … 2973 3046 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = <code class="literal">ou=Groups</code> 2974 3047 </em></span> 2975 </p></dd></dl></div></div><div class="section" title="ldap idmap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 0908"></a>3048 </p></dd></dl></div></div><div class="section" title="ldap idmap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321044"></a> 2976 3049 2977 3050 ldap idmap suffix (G) 2978 </h3></div></div></div><a class="indexterm" name="id32 0909"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>3051 </h3></div></div></div><a class="indexterm" name="id321045"></a><a name="LDAPIDMAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 2979 3052 This parameters specifies the suffix that is used when storing idmap mappings. If this parameter 2980 3053 is unset, the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix … … 2984 3057 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = <code class="literal">ou=Idmap</code> 2985 3058 </em></span> 2986 </p></dd></dl></div></div><div class="section" title="ldap machine suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 0987"></a>3059 </p></dd></dl></div></div><div class="section" title="ldap machine suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321123"></a> 2987 3060 2988 3061 ldap machine suffix (G) 2989 </h3></div></div></div><a class="indexterm" name="id32 0988"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>3062 </h3></div></div></div><a class="indexterm" name="id321124"></a><a name="LDAPMACHINESUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 2990 3063 It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of 2991 3064 <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix string is pre-pended to the … … 2995 3068 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = <code class="literal">ou=Computers</code> 2996 3069 </em></span> 2997 </p></dd></dl></div></div><div class="section" title="ldap page size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 066"></a>3070 </p></dd></dl></div></div><div class="section" title="ldap page size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321202"></a> 2998 3071 2999 3072 ldap page size (G) 3000 </h3></div></div></div><a class="indexterm" name="id321 067"></a><a name="LDAPPAGESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>3073 </h3></div></div></div><a class="indexterm" name="id321203"></a><a name="LDAPPAGESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3001 3074 This parameter specifies the number of entries per page. 3002 3075 </p><p>If the LDAP server supports paged results, clients can … … 3007 3080 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap page size</code></em> = <code class="literal">512</code> 3008 3081 </em></span> 3009 </p></dd></dl></div></div><div class="section" title="ldap passwd sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 129"></a>3082 </p></dd></dl></div></div><div class="section" title="ldap passwd sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321265"></a> 3010 3083 3011 3084 ldap passwd sync (G) 3012 </h3></div></div></div><a class="indexterm" name="id321 130"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>3085 </h3></div></div></div><a class="indexterm" name="id321266"></a><a name="LDAPPASSWDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p> 3013 3086 This option is used to define whether or not Samba should sync the LDAP password with the NT 3014 3087 and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password … … 3021 3094 the LDAP password and let the LDAP server do the rest.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap passwd sync</code></em> = <code class="literal">no</code> 3022 3095 </em></span> 3023 </p></dd></dl></div></div><div class="section" title="ldap replication sleep (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 224"></a>3096 </p></dd></dl></div></div><div class="section" title="ldap replication sleep (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321360"></a> 3024 3097 3025 3098 ldap replication sleep (G) 3026 </h3></div></div></div><a class="indexterm" name="id321 226"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p>3099 </h3></div></div></div><a class="indexterm" name="id321361"></a><a name="LDAPREPLICATIONSLEEP"></a><div class="variablelist"><dl><dt></dt><dd><p> 3027 3100 When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server. 3028 3101 This server then replicates our changes back to the 'local' server, however the replication might take some seconds, … … 3037 3110 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = <code class="literal">1000</code> 3038 3111 </em></span> 3039 </p></dd></dl></div></div><div class="section" title="ldapsam:editposix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 280"></a>3112 </p></dd></dl></div></div><div class="section" title="ldapsam:editposix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321416"></a> 3040 3113 3041 3114 ldapsam:editposix (G) 3042 </h3></div></div></div><a class="indexterm" name="id321 281"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p>3115 </h3></div></div></div><a class="indexterm" name="id321417"></a><a name="LDAPSAM:EDITPOSIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 3043 3116 Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller 3044 3117 eliminating the need to set up custom scripts to add and manage the posix users and groups. This option … … 3118 3191 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = <code class="literal">no</code> 3119 3192 </em></span> 3120 </p></dd></dl></div></div><div class="section" title="ldapsam:trusted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 385"></a>3193 </p></dd></dl></div></div><div class="section" title="ldapsam:trusted (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321521"></a> 3121 3194 3122 3195 ldapsam:trusted (G) 3123 </h3></div></div></div><a class="indexterm" name="id321 386"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>3196 </h3></div></div></div><a class="indexterm" name="id321522"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p> 3124 3197 By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to 3125 3198 access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group … … 3139 3212 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:trusted</code></em> = <code class="literal">no</code> 3140 3213 </em></span> 3141 </p></dd></dl></div></div><div class="section" title="ldap ssl ads (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 460"></a>3214 </p></dd></dl></div></div><div class="section" title="ldap ssl ads (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321595"></a> 3142 3215 3143 3216 ldap ssl ads (G) 3144 </h3></div></div></div><a class="indexterm" name="id321 461"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should3217 </h3></div></div></div><a class="indexterm" name="id321596"></a><a name="LDAPSSLADS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should 3145 3218 use SSL when connecting to the ldap server using 3146 3219 <span class="emphasis"><em>ads</em></span> methods. … … 3152 3225 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl ads</code></em> = <code class="literal">no</code> 3153 3226 </em></span> 3154 </p></dd></dl></div></div><div class="section" title="ldap ssl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 542"></a>3227 </p></dd></dl></div></div><div class="section" title="ldap ssl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321677"></a> 3155 3228 3156 3229 ldap ssl (G) 3157 </h3></div></div></div><a class="indexterm" name="id321 543"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should3230 </h3></div></div></div><a class="indexterm" name="id321678"></a><a name="LDAPSSL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used to define whether or not Samba should 3158 3231 use SSL when connecting to the ldap server 3159 3232 This is <span class="emphasis"><em>NOT</em></span> related to … … 3180 3253 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = <code class="literal">start tls</code> 3181 3254 </em></span> 3182 </p></dd></dl></div></div><div class="section" title="ldap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 726"></a>3255 </p></dd></dl></div></div><div class="section" title="ldap suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321862"></a> 3183 3256 3184 3257 ldap suffix (G) 3185 </h3></div></div></div><a class="indexterm" name="id321 727"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>3258 </h3></div></div></div><a class="indexterm" name="id321863"></a><a name="LDAPSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p> 3186 3259 The ldap suffix will be appended to the values specified for the <a class="link" href="smb.conf.5.html#LDAPUSERSUFFIX" target="_top">ldap user suffix</a>, 3187 3260 <a class="link" href="smb.conf.5.html#LDAPGROUPSUFFIX" target="_top">ldap group suffix</a>, <a class="link" href="smb.conf.5.html#LDAPMACHINESUFFIX" target="_top">ldap machine suffix</a>, and the … … 3192 3265 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = <code class="literal">dc=samba,dc=org</code> 3193 3266 </em></span> 3194 </p></dd></dl></div></div><div class="section" title="ldap timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321 842"></a>3267 </p></dd></dl></div></div><div class="section" title="ldap timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id321978"></a> 3195 3268 3196 3269 ldap timeout (G) 3197 </h3></div></div></div><a class="indexterm" name="id321 843"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>3270 </h3></div></div></div><a class="indexterm" name="id321979"></a><a name="LDAPTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3198 3271 This parameter defines the number of seconds that Samba should use as timeout for LDAP operations. 3199 3272 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap timeout</code></em> = <code class="literal">15</code> 3200 3273 </em></span> 3201 </p></dd></dl></div></div><div class="section" title="ldap user suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 1882"></a>3274 </p></dd></dl></div></div><div class="section" title="ldap user suffix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322018"></a> 3202 3275 3203 3276 ldap user suffix (G) 3204 </h3></div></div></div><a class="indexterm" name="id32 1883"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p>3277 </h3></div></div></div><a class="indexterm" name="id322019"></a><a name="LDAPUSERSUFFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> 3205 3278 This parameter specifies where users are added to the tree. If this parameter is unset, 3206 3279 the value of <a class="link" href="smb.conf.5.html#LDAPSUFFIX" target="_top">ldap suffix</a> will be used instead. The suffix … … 3210 3283 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = <code class="literal">ou=people</code> 3211 3284 </em></span> 3212 </p></dd></dl></div></div><div class="section" title="level2 oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 1961"></a>3285 </p></dd></dl></div></div><div class="section" title="level2 oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id322097"></a> 3213 3286 3214 3287 level2 oplocks (S) 3215 </h3></div></div></div><a class="indexterm" name="id32 1962"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports3288 </h3></div></div></div><a class="indexterm" name="id322098"></a><a name="LEVEL2OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether Samba supports 3216 3289 level2 (read-only) oplocks on a share.</p><p>Level2, or read-only oplocks allow Windows NT clients 3217 3290 that have an oplock on a file to downgrade from a read-write oplock … … 3233 3306 this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = <code class="literal">yes</code> 3234 3307 </em></span> 3235 </p></dd></dl></div></div><div class="section" title="lm announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 056"></a>3308 </p></dd></dl></div></div><div class="section" title="lm announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322192"></a> 3236 3309 3237 3310 lm announce (G) 3238 </h3></div></div></div><a class="indexterm" name="id322 058"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce3311 </h3></div></div></div><a class="indexterm" name="id322193"></a><a name="LMANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will produce Lanman announce 3239 3312 broadcasts that are needed by OS/2 clients in order for them to see 3240 3313 the Samba server in their browse list. This parameter can have three … … 3252 3325 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = <code class="literal">yes</code> 3253 3326 </em></span> 3254 </p></dd></dl></div></div><div class="section" title="lm interval (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 172"></a>3327 </p></dd></dl></div></div><div class="section" title="lm interval (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322307"></a> 3255 3328 3256 3329 lm interval (G) 3257 </h3></div></div></div><a class="indexterm" name="id322 173"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce3330 </h3></div></div></div><a class="indexterm" name="id322308"></a><a name="LMINTERVAL"></a><div class="variablelist"><dl><dt></dt><dd><p>If Samba is set to produce Lanman announce 3258 3331 broadcasts needed by OS/2 clients (see the 3259 3332 <a class="link" href="smb.conf.5.html#LMANNOUNCE" target="_top">lm announce</a> parameter) then this … … 3265 3338 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = <code class="literal">120</code> 3266 3339 </em></span> 3267 </p></dd></dl></div></div><div class="section" title="load printers (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 253"></a>3340 </p></dd></dl></div></div><div class="section" title="load printers (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322388"></a> 3268 3341 3269 3342 load printers (G) 3270 </h3></div></div></div><a class="indexterm" name="id322 254"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all3343 </h3></div></div></div><a class="indexterm" name="id322390"></a><a name="LOADPRINTERS"></a><div class="variablelist"><dl><dt></dt><dd><p>A boolean variable that controls whether all 3271 3344 printers in the printcap will be loaded for browsing by default. 3272 3345 See the <a class="link" href="smb.conf.5.html#PRINTERS" target="_top">printers</a> section for 3273 3346 more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = <code class="literal">yes</code> 3274 3347 </em></span> 3275 </p></dd></dl></div></div><div class="section" title="local master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 307"></a>3348 </p></dd></dl></div></div><div class="section" title="local master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322442"></a> 3276 3349 3277 3350 local master (G) 3278 </h3></div></div></div><a class="indexterm" name="id322 308"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser3351 </h3></div></div></div><a class="indexterm" name="id322443"></a><a name="LOCALMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to try and become a local master browser 3279 3352 on a subnet. If set to <code class="constant">no</code> then <code class="literal"> 3280 3353 nmbd</code> will not attempt to become a local master browser … … 3286 3359 master browser.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>local master</code></em> = <code class="literal">yes</code> 3287 3360 </em></span> 3288 </p></dd></dl></div></div><div class="section" title="lock dir"><div class="titlepage"><div><div><h3 class="title"><a name="id322 403"></a>3361 </p></dd></dl></div></div><div class="section" title="lock dir"><div class="titlepage"><div><div><h3 class="title"><a name="id322539"></a> 3289 3362 3290 3363 <a name="LOCKDIR"></a>lock dir 3291 </h3></div></div></div><a class="indexterm" name="id322 404"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" title="lock directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322434"></a>3364 </h3></div></div></div><a class="indexterm" name="id322540"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOCKDIRECTORY">lock directory</a>.</p></dd></dl></div></div><div class="section" title="lock directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322570"></a> 3292 3365 3293 3366 lock directory (G) 3294 </h3></div></div></div><a class="indexterm" name="id322 436"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock3367 </h3></div></div></div><a class="indexterm" name="id322571"></a><a name="LOCKDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the directory where lock 3295 3368 files will be placed. The lock files are used to implement the 3296 3369 <a class="link" href="smb.conf.5.html#MAXCONNECTIONS" target="_top">max connections</a> option. … … 3302 3375 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = <code class="literal">/var/run/samba/locks</code> 3303 3376 </em></span> 3304 </p></dd></dl></div></div><div class="section" title="locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 509"></a>3377 </p></dd></dl></div></div><div class="section" title="locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id322644"></a> 3305 3378 3306 3379 locking (S) 3307 </h3></div></div></div><a class="indexterm" name="id322 510"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be3380 </h3></div></div></div><a class="indexterm" name="id322645"></a><a name="LOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether or not locking will be 3308 3381 performed by the server in response to lock requests from the 3309 3382 client.</p><p>If <code class="literal">locking = no</code>, all lock and unlock … … 3315 3388 is not really recommended even in this case.</p><p>Be careful about disabling locking either globally or in a 3316 3389 specific service, as lack of locking may result in data corruption. 3317 You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="lock spin count (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 578"></a>3390 You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="lock spin count (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322713"></a> 3318 3391 3319 3392 lock spin count (G) 3320 </h3></div></div></div><a class="indexterm" name="id322 579"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.3393 </h3></div></div></div><a class="indexterm" name="id322714"></a><a name="LOCKSPINCOUNT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24. 3321 3394 The functionality it contolled is now controlled by the parameter 3322 3395 <a class="link" href="smb.conf.5.html#LOCKSPINTIME" target="_top">lock spin time</a>. 3323 3396 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = <code class="literal">0</code> 3324 3397 </em></span> 3325 </p></dd></dl></div></div><div class="section" title="lock spin time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 631"></a>3398 </p></dd></dl></div></div><div class="section" title="lock spin time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322766"></a> 3326 3399 3327 3400 lock spin time (G) 3328 </h3></div></div></div><a class="indexterm" name="id322 632"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in milliseconds that smbd should3401 </h3></div></div></div><a class="indexterm" name="id322767"></a><a name="LOCKSPINTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>The time in milliseconds that smbd should 3329 3402 keep waiting to see if a failed lock request can 3330 3403 be granted. This parameter has changed in default … … 3334 3407 to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = <code class="literal">200</code> 3335 3408 </em></span> 3336 </p></dd></dl></div></div><div class="section" title="log file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322 685"></a>3409 </p></dd></dl></div></div><div class="section" title="log file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322820"></a> 3337 3410 3338 3411 log file (G) 3339 </h3></div></div></div><a class="indexterm" name="id322 686"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>3412 </h3></div></div></div><a class="indexterm" name="id322821"></a><a name="LOGFILE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3340 3413 This option allows you to override the name of the Samba log file (also known as the debug file). 3341 3414 </p><p> … … 3343 3416 </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log file</code></em> = <code class="literal">/usr/local/samba/var/log.%m</code> 3344 3417 </em></span> 3345 </p></dd></dl></div></div><div class="section" title="debuglevel"><div class="titlepage"><div><div><h3 class="title"><a name="id322 735"></a>3418 </p></dd></dl></div></div><div class="section" title="debuglevel"><div class="titlepage"><div><div><h3 class="title"><a name="id322870"></a> 3346 3419 3347 3420 <a name="DEBUGLEVEL"></a>debuglevel 3348 </h3></div></div></div><a class="indexterm" name="id322 736"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" title="log level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322766"></a>3421 </h3></div></div></div><a class="indexterm" name="id322872"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#LOGLEVEL">log level</a>.</p></dd></dl></div></div><div class="section" title="log level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id322901"></a> 3349 3422 3350 3423 log level (G) 3351 </h3></div></div></div><a class="indexterm" name="id322 767"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>3424 </h3></div></div></div><a class="indexterm" name="id322902"></a><a name="LOGLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 3352 3425 The value of the parameter (a astring) allows the debug level (logging level) to be specified in the 3353 3426 <code class="filename">smb.conf</code> file. … … 3360 3433 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>log level</code></em> = <code class="literal">3 passdb:5 auth:10 winbind:2</code> 3361 3434 </em></span> 3362 </p></dd></dl></div></div><div class="section" title="logon drive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 2995"></a>3435 </p></dd></dl></div></div><div class="section" title="logon drive (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323130"></a> 3363 3436 3364 3437 logon drive (G) 3365 </h3></div></div></div><a class="indexterm" name="id32 2996"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>3438 </h3></div></div></div><a class="indexterm" name="id323131"></a><a name="LOGONDRIVE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3366 3439 This parameter specifies the local path to which the home directory will be 3367 3440 connected (see <a class="link" href="smb.conf.5.html#LOGONHOME" target="_top">logon home</a>) and is only used by NT … … 3373 3446 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon drive</code></em> = <code class="literal">h:</code> 3374 3447 </em></span> 3375 </p></dd></dl></div></div><div class="section" title="logon home (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323 068"></a>3448 </p></dd></dl></div></div><div class="section" title="logon home (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323203"></a> 3376 3449 3377 3450 logon home (G) 3378 </h3></div></div></div><a class="indexterm" name="id323 069"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p>3451 </h3></div></div></div><a class="indexterm" name="id323204"></a><a name="LOGONHOME"></a><div class="variablelist"><dl><dt></dt><dd><p> 3379 3452 This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. 3380 3453 It allows you to do … … 3407 3480 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon home</code></em> = <code class="literal">\\remote_smb_server\%U</code> 3408 3481 </em></span> 3409 </p></dd></dl></div></div><div class="section" title="logon path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323 221"></a>3482 </p></dd></dl></div></div><div class="section" title="logon path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323356"></a> 3410 3483 3411 3484 logon path (G) 3412 </h3></div></div></div><a class="indexterm" name="id323 222"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>3485 </h3></div></div></div><a class="indexterm" name="id323357"></a><a name="LOGONPATH"></a><div class="variablelist"><dl><dt></dt><dd><p> 3413 3486 This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are 3414 3487 stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming … … 3454 3527 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>logon path</code></em> = <code class="literal">\\%N\%U\profile</code> 3455 3528 </em></span> 3456 </p></dd></dl></div></div><div class="section" title="logon script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323 372"></a>3529 </p></dd></dl></div></div><div class="section" title="logon script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323503"></a> 3457 3530 3458 3531 logon script (G) 3459 </h3></div></div></div><a class="indexterm" name="id323 373"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>3532 </h3></div></div></div><a class="indexterm" name="id323504"></a><a name="LOGONSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3460 3533 This parameter specifies the batch file (<code class="filename">.bat</code>) or NT command file 3461 3534 (<code class="filename">.cmd</code>) to be downloaded and run on a machine when a user successfully logs in. The file … … 3488 3561 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>logon script</code></em> = <code class="literal">scripts\%U.bat</code> 3489 3562 </em></span> 3490 </p></dd></dl></div></div><div class="section" title="log writeable files on exit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323 529"></a>3563 </p></dd></dl></div></div><div class="section" title="log writeable files on exit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323660"></a> 3491 3564 3492 3565 log writeable files on exit (G) 3493 </h3></div></div></div><a class="indexterm" name="id323 530"></a><a name="LOGWRITEABLEFILESONEXIT"></a><div class="variablelist"><dl><dt></dt><dd><p>3566 </h3></div></div></div><a class="indexterm" name="id323661"></a><a name="LOGWRITEABLEFILESONEXIT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3494 3567 When the network connection between a CIFS client and Samba 3495 3568 dies, Samba has no option but to simply shut down the server … … 3505 3578 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>log writeable files on exit</code></em> = <code class="literal">no</code> 3506 3579 </em></span> 3507 </p></dd></dl></div></div><div class="section" title="lppause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323 576"></a>3580 </p></dd></dl></div></div><div class="section" title="lppause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323707"></a> 3508 3581 3509 3582 lppause command (S) 3510 </h3></div></div></div><a class="indexterm" name="id323 577"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3583 </h3></div></div></div><a class="indexterm" name="id323708"></a><a name="LPPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3511 3584 executed on the server host in order to stop printing or spooling 3512 3585 a specific print job.</p><p>This command should be a program or script which takes … … 3532 3605 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p0</code> 3533 3606 </em></span> 3534 </p></dd></dl></div></div><div class="section" title="lpq cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323 712"></a>3607 </p></dd></dl></div></div><div class="section" title="lpq cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id323843"></a> 3535 3608 3536 3609 lpq cache time (G) 3537 </h3></div></div></div><a class="indexterm" name="id323 713"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached3610 </h3></div></div></div><a class="indexterm" name="id323844"></a><a name="LPQCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls how long lpq info will be cached 3538 3611 for to prevent the <code class="literal">lpq</code> command being called too 3539 3612 often. A separate cache is kept for each variation of the <code class="literal"> … … 3548 3621 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = <code class="literal">10</code> 3549 3622 </em></span> 3550 </p></dd></dl></div></div><div class="section" title="lpq command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323 823"></a>3623 </p></dd></dl></div></div><div class="section" title="lpq command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id323954"></a> 3551 3624 3552 3625 lpq command (S) 3553 </h3></div></div></div><a class="indexterm" name="id323 824"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3626 </h3></div></div></div><a class="indexterm" name="id323956"></a><a name="LPQCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3554 3627 executed on the server host in order to obtain <code class="literal">lpq 3555 3628 </code>-style printer status information.</p><p>This command should be a program or script which … … 3573 3646 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq command</code></em> = <code class="literal">/usr/bin/lpq -P%p</code> 3574 3647 </em></span> 3575 </p></dd></dl></div></div><div class="section" title="lpresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 3940"></a>3648 </p></dd></dl></div></div><div class="section" title="lpresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324071"></a> 3576 3649 3577 3650 lpresume command (S) 3578 </h3></div></div></div><a class="indexterm" name="id32 3941"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3651 </h3></div></div></div><a class="indexterm" name="id324072"></a><a name="LPRESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3579 3652 executed on the server host in order to restart or continue 3580 3653 printing or spooling a specific print job.</p><p>This command should be a program or script which takes … … 3589 3662 is <code class="constant">SOFTQ</code>, then the default is:</p><p><code class="literal">qstat -s -j%j -r</code></p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpresume command</code></em> = <code class="literal">/usr/bin/lpalt %p-%j -p2</code> 3590 3663 </em></span> 3591 </p></dd></dl></div></div><div class="section" title="lprm command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 083"></a>3664 </p></dd></dl></div></div><div class="section" title="lprm command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324215"></a> 3592 3665 3593 3666 lprm command (S) 3594 </h3></div></div></div><a class="indexterm" name="id324 084"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be3667 </h3></div></div></div><a class="indexterm" name="id324216"></a><a name="LPRMCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 3595 3668 executed on the server host in order to delete a print job.</p><p>This command should be a program or script which takes 3596 3669 a printer name and job number, and deletes the print job.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name … … 3609 3682 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lprm command</code></em> = <code class="literal"> determined by printing parameter</code> 3610 3683 </em></span> 3611 </p></dd></dl></div></div><div class="section" title="machine password timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 165"></a>3684 </p></dd></dl></div></div><div class="section" title="machine password timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324296"></a> 3612 3685 3613 3686 machine password timeout (G) 3614 </h3></div></div></div><a class="indexterm" name="id324 166"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>3687 </h3></div></div></div><a class="indexterm" name="id324297"></a><a name="MACHINEPASSWORDTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3615 3688 If a Samba server is a member of a Windows NT Domain (see the <a class="link" href="smb.conf.5.html#SECURITY" target="_top">security = domain</a> parameter) then periodically a running smbd process will try and change 3616 3689 the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb … … 3622 3695 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = <code class="literal">604800</code> 3623 3696 </em></span> 3624 </p></dd></dl></div></div><div class="section" title="magic output (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 249"></a>3697 </p></dd></dl></div></div><div class="section" title="magic output (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324380"></a> 3625 3698 3626 3699 magic output (S) 3627 </h3></div></div></div><a class="indexterm" name="id324 250"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p>3700 </h3></div></div></div><a class="indexterm" name="id324381"></a><a name="MAGICOUTPUT"></a><div class="variablelist"><dl><dt></dt><dd><p> 3628 3701 This parameter specifies the name of a file which will contain output created by a magic script (see the 3629 3702 <a class="link" href="smb.conf.5.html#MAGICSCRIPT" target="_top">magic script</a> parameter below). … … 3634 3707 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic output</code></em> = <code class="literal">myfile.txt</code> 3635 3708 </em></span> 3636 </p></dd></dl></div></div><div class="section" title="magic script (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 329"></a>3709 </p></dd></dl></div></div><div class="section" title="magic script (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324460"></a> 3637 3710 3638 3711 magic script (S) 3639 </h3></div></div></div><a class="indexterm" name="id324 330"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which,3712 </h3></div></div></div><a class="indexterm" name="id324461"></a><a name="MAGICSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the name of a file which, 3640 3713 if opened, will be executed by the server when the file is closed. 3641 3714 This allows a UNIX script to be sent to the Samba host and … … 3653 3726 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>magic script</code></em> = <code class="literal">user.csh</code> 3654 3727 </em></span> 3655 </p></dd></dl></div></div><div class="section" title="mangled names (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 427"></a>3728 </p></dd></dl></div></div><div class="section" title="mangled names (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324558"></a> 3656 3729 3657 3730 mangled names (S) 3658 </h3></div></div></div><a class="indexterm" name="id324 428"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX3731 </h3></div></div></div><a class="indexterm" name="id324559"></a><a name="MANGLEDNAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether non-DOS names under UNIX 3659 3732 should be mapped to DOS-compatible names ("mangled") and made visible, 3660 3733 or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a> for … … 3681 3754 do not change between sessions.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangled names</code></em> = <code class="literal">yes</code> 3682 3755 </em></span> 3683 </p></dd></dl></div></div><div class="section" title="mangle prefix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 546"></a>3756 </p></dd></dl></div></div><div class="section" title="mangle prefix (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324677"></a> 3684 3757 3685 3758 mangle prefix (G) 3686 </h3></div></div></div><a class="indexterm" name="id324 547"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix3759 </h3></div></div></div><a class="indexterm" name="id324678"></a><a name="MANGLEPREFIX"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the number of prefix 3687 3760 characters from the original name used when generating 3688 3761 the mangled names. A larger value will give a weaker … … 3694 3767 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangle prefix</code></em> = <code class="literal">4</code> 3695 3768 </em></span> 3696 </p></dd></dl></div></div><div class="section" title="mangling char (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 610"></a>3769 </p></dd></dl></div></div><div class="section" title="mangling char (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324741"></a> 3697 3770 3698 3771 mangling char (S) 3699 </h3></div></div></div><a class="indexterm" name="id324 611"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as3772 </h3></div></div></div><a class="indexterm" name="id324742"></a><a name="MANGLINGCHAR"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what character is used as 3700 3773 the <span class="emphasis"><em>magic</em></span> character in <a class="link" href="smb.conf.5.html#NAMEMANGLING" target="_top">name mangling</a>. The 3701 3774 default is a '~' but this may interfere with some software. Use this option to set … … 3704 3777 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = <code class="literal">^</code> 3705 3778 </em></span> 3706 </p></dd></dl></div></div><div class="section" title="mangling method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 684"></a>3779 </p></dd></dl></div></div><div class="section" title="mangling method (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id324815"></a> 3707 3780 3708 3781 mangling method (G) 3709 </h3></div></div></div><a class="indexterm" name="id324 685"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating3782 </h3></div></div></div><a class="indexterm" name="id324816"></a><a name="MANGLINGMETHOD"></a><div class="variablelist"><dl><dt></dt><dd><p> controls the algorithm used for the generating 3710 3783 the mangled names. Can take two different values, "hash" and 3711 3784 "hash2". "hash" is the algorithm that was used … … 3718 3791 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>mangling method</code></em> = <code class="literal">hash</code> 3719 3792 </em></span> 3720 </p></dd></dl></div></div><div class="section" title="map acl inherit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 746"></a>3793 </p></dd></dl></div></div><div class="section" title="map acl inherit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324877"></a> 3721 3794 3722 3795 map acl inherit (S) 3723 </h3></div></div></div><a class="indexterm" name="id324 747"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected'3796 </h3></div></div></div><a class="indexterm" name="id324878"></a><a name="MAPACLINHERIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map the 'inherit' and 'protected' 3724 3797 access control entry flags stored in Windows ACLs into an extended attribute 3725 3798 called user.SAMBA_PAI. This parameter only takes effect if Samba is being run … … 3729 3802 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map acl inherit</code></em> = <code class="literal">no</code> 3730 3803 </em></span> 3731 </p></dd></dl></div></div><div class="section" title="map archive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 798"></a>3804 </p></dd></dl></div></div><div class="section" title="map archive (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324930"></a> 3732 3805 3733 3806 map archive (S) 3734 </h3></div></div></div><a class="indexterm" name="id324 799"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p>3807 </h3></div></div></div><a class="indexterm" name="id324931"></a><a name="MAPARCHIVE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3735 3808 This controls whether the DOS archive attribute 3736 3809 should be mapped to the UNIX owner execute bit. The DOS archive bit … … 3745 3818 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = <code class="literal">yes</code> 3746 3819 </em></span> 3747 </p></dd></dl></div></div><div class="section" title="map hidden (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324 867"></a>3820 </p></dd></dl></div></div><div class="section" title="map hidden (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id324999"></a> 3748 3821 3749 3822 map hidden (S) 3750 </h3></div></div></div><a class="indexterm" name="id32 4868"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p>3823 </h3></div></div></div><a class="indexterm" name="id325000"></a><a name="MAPHIDDEN"></a><div class="variablelist"><dl><dt></dt><dd><p> 3751 3824 This controls whether DOS style hidden files should be mapped to the UNIX world execute bit. 3752 3825 </p><p> … … 3754 3827 bit is not masked out (i.e. it must include 001). See the parameter <a class="link" href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> 3755 3828 for details. 3756 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="map readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 4922"></a>3829 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="map readonly (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325053"></a> 3757 3830 3758 3831 map readonly (S) 3759 </h3></div></div></div><a class="indexterm" name="id32 4923"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>3832 </h3></div></div></div><a class="indexterm" name="id325054"></a><a name="MAPREADONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 3760 3833 This controls how the DOS read only attribute should be mapped from a UNIX filesystem. 3761 3834 </p><p> … … 3782 3855 </p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map readonly</code></em> = <code class="literal">yes</code> 3783 3856 </em></span> 3784 </p></dd></dl></div></div><div class="section" title="map system (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 064"></a>3857 </p></dd></dl></div></div><div class="section" title="map system (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325195"></a> 3785 3858 3786 3859 map system (S) 3787 </h3></div></div></div><a class="indexterm" name="id325 065"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p>3860 </h3></div></div></div><a class="indexterm" name="id325196"></a><a name="MAPSYSTEM"></a><div class="variablelist"><dl><dt></dt><dd><p> 3788 3861 This controls whether DOS style system files should be mapped to the UNIX group execute bit. 3789 3862 </p><p> … … 3793 3866 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = <code class="literal">no</code> 3794 3867 </em></span> 3795 </p></dd></dl></div></div><div class="section" title="map to guest (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 130"></a>3868 </p></dd></dl></div></div><div class="section" title="map to guest (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325262"></a> 3796 3869 3797 3870 map to guest (G) 3798 </h3></div></div></div><a class="indexterm" name="id325 131"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY =3871 </h3></div></div></div><a class="indexterm" name="id325263"></a><a name="MAPTOGUEST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only useful in <a class="link" href="smb.conf.5.html#SECURITY" target="_top">SECURITY = 3799 3872 security</a> modes other than <em class="parameter"><code>security = share</code></em> 3800 3873 and <em class="parameter"><code>security = server</code></em> … … 3838 3911 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>map to guest</code></em> = <code class="literal">Bad User</code> 3839 3912 </em></span> 3840 </p></dd></dl></div></div><div class="section" title="map untrusted to domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 346"></a>3913 </p></dd></dl></div></div><div class="section" title="map untrusted to domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325478"></a> 3841 3914 3842 3915 map untrusted to domain (G) 3843 </h3></div></div></div><a class="indexterm" name="id325 347"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>3916 </h3></div></div></div><a class="indexterm" name="id325479"></a><a name="MAPUNTRUSTEDTODOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p> 3844 3917 If a client connects to smbd using an untrusted domain name, such as 3845 3918 BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before … … 3859 3932 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map untrusted to domain</code></em> = <code class="literal">no</code> 3860 3933 </em></span> 3861 </p></dd></dl></div></div><div class="section" title="max connections (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 404"></a>3934 </p></dd></dl></div></div><div class="section" title="max connections (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325536"></a> 3862 3935 3863 3936 max connections (S) 3864 </h3></div></div></div><a class="indexterm" name="id325 405"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited.3937 </h3></div></div></div><a class="indexterm" name="id325537"></a><a name="MAXCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the number of simultaneous connections to a service to be limited. 3865 3938 If <em class="parameter"><code>max connections</code></em> is greater than 0 then connections 3866 3939 will be refused if this number of connections to the service are already open. A value … … 3870 3943 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = <code class="literal">10</code> 3871 3944 </em></span> 3872 </p></dd></dl></div></div><div class="section" title="max disk size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 486"></a>3945 </p></dd></dl></div></div><div class="section" title="max disk size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325617"></a> 3873 3946 3874 3947 max disk size (G) 3875 </h3></div></div></div><a class="indexterm" name="id325 487"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit3948 </h3></div></div></div><a class="indexterm" name="id325618"></a><a name="MAXDISKSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to put an upper limit 3876 3949 on the apparent size of disks. If you set this option to 100 3877 3950 then all shares will appear to be not larger than 100 MB in … … 3887 3960 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max disk size</code></em> = <code class="literal">1000</code> 3888 3961 </em></span> 3889 </p></dd></dl></div></div><div class="section" title="max log size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 571"></a>3962 </p></dd></dl></div></div><div class="section" title="max log size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325702"></a> 3890 3963 3891 3964 max log size (G) 3892 </h3></div></div></div><a class="indexterm" name="id325 572"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>3965 </h3></div></div></div><a class="indexterm" name="id325703"></a><a name="MAXLOGSIZE"></a><div class="variablelist"><dl><dt></dt><dd><p> 3893 3966 This option (an integer in kilobytes) specifies the max size the log file should grow to. 3894 3967 Samba periodically checks the size and if it is exceeded it will rename the file, adding … … 3899 3972 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max log size</code></em> = <code class="literal">1000</code> 3900 3973 </em></span> 3901 </p></dd></dl></div></div><div class="section" title="max mux (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 639"></a>3974 </p></dd></dl></div></div><div class="section" title="max mux (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325771"></a> 3902 3975 3903 3976 max mux (G) 3904 </h3></div></div></div><a class="indexterm" name="id325 640"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of3977 </h3></div></div></div><a class="indexterm" name="id325772"></a><a name="MAXMUX"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of 3905 3978 outstanding simultaneous SMB operations that Samba tells the client 3906 3979 it will allow. You should never need to set this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max mux</code></em> = <code class="literal">50</code> 3907 3980 </em></span> 3908 </p></dd></dl></div></div><div class="section" title="max open files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 681"></a>3981 </p></dd></dl></div></div><div class="section" title="max open files (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325812"></a> 3909 3982 3910 3983 max open files (G) 3911 </h3></div></div></div><a class="indexterm" name="id325 682"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of3984 </h3></div></div></div><a class="indexterm" name="id325813"></a><a name="MAXOPENFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of 3912 3985 open files that one <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> file 3913 3986 serving process may have open for a client at any one time. The … … 3920 3993 this parameter so you should never need to touch this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max open files</code></em> = <code class="literal">16404</code> 3921 3994 </em></span> 3922 </p></dd></dl></div></div><div class="section" title="max print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325 738"></a>3995 </p></dd></dl></div></div><div class="section" title="max print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id325869"></a> 3923 3996 3924 3997 max print jobs (S) 3925 </h3></div></div></div><a class="indexterm" name="id325 739"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of3998 </h3></div></div></div><a class="indexterm" name="id325870"></a><a name="MAXPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of 3926 3999 jobs allowable in a Samba printer queue at any given moment. 3927 4000 If this number is exceeded, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will remote "Out of Space" to the client. … … 3930 4003 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max print jobs</code></em> = <code class="literal">5000</code> 3931 4004 </em></span> 3932 </p></dd></dl></div></div><div class="section" title="protocol"><div class="titlepage"><div><div><h3 class="title"><a name="id325 806"></a>4005 </p></dd></dl></div></div><div class="section" title="protocol"><div class="titlepage"><div><div><h3 class="title"><a name="id325937"></a> 3933 4006 3934 4007 <a name="PROTOCOL"></a>protocol 3935 </h3></div></div></div><a class="indexterm" name="id325 807"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" title="max protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325838"></a>4008 </h3></div></div></div><a class="indexterm" name="id325938"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#MAXPROTOCOL">max protocol</a>.</p></dd></dl></div></div><div class="section" title="max protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id325969"></a> 3936 4009 3937 4010 max protocol (G) 3938 </h3></div></div></div><a class="indexterm" name="id325 839"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest4011 </h3></div></div></div><a class="indexterm" name="id325970"></a><a name="MAXPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the highest 3939 4012 protocol level that will be supported by the server.</p><p>Possible values are :</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">CORE</code>: Earliest version. No 3940 4013 concept of user names.</p></li><li class="listitem"><p><code class="constant">COREPLUS</code>: Slight improvements on … … 3950 4023 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max protocol</code></em> = <code class="literal">LANMAN1</code> 3951 4024 </em></span> 3952 </p></dd></dl></div></div><div class="section" title="max reported print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 5967"></a>4025 </p></dd></dl></div></div><div class="section" title="max reported print jobs (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326099"></a> 3953 4026 3954 4027 max reported print jobs (S) 3955 </h3></div></div></div><a class="indexterm" name="id32 5968"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p>4028 </h3></div></div></div><a class="indexterm" name="id326100"></a><a name="MAXREPORTEDPRINTJOBS"></a><div class="variablelist"><dl><dt></dt><dd><p> 3956 4029 This parameter limits the maximum number of jobs displayed in a port monitor for 3957 4030 Samba printer queue at any given moment. If this number is exceeded, the excess … … 3962 4035 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max reported print jobs</code></em> = <code class="literal">1000</code> 3963 4036 </em></span> 3964 </p></dd></dl></div></div><div class="section" title="max smbd processes (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 026"></a>4037 </p></dd></dl></div></div><div class="section" title="max smbd processes (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326158"></a> 3965 4038 3966 4039 max smbd processes (G) 3967 </h3></div></div></div><a class="indexterm" name="id326 027"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended4040 </h3></div></div></div><a class="indexterm" name="id326159"></a><a name="MAXSMBDPROCESSES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the maximum number of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes concurrently running on a system and is intended 3968 4041 as a stopgap to prevent degrading service to clients in the event that the server has insufficient 3969 4042 resources to handle more than this number of connections. Remember that under normal operating … … 3973 4046 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max smbd processes</code></em> = <code class="literal">1000</code> 3974 4047 </em></span> 3975 </p></dd></dl></div></div><div class="section" title="max stat cache size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 103"></a>4048 </p></dd></dl></div></div><div class="section" title="max stat cache size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326235"></a> 3976 4049 3977 4050 max stat cache size (G) 3978 </h3></div></div></div><a class="indexterm" name="id326 104"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any4051 </h3></div></div></div><a class="indexterm" name="id326236"></a><a name="MAXSTATCACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter limits the size in memory of any 3979 4052 <em class="parameter"><code>stat cache</code></em> being used 3980 4053 to speed up case insensitive name mappings. It represents 3981 4054 the number of kilobyte (1024) units the stat cache can use. 3982 4055 A value of zero, meaning unlimited, is not advisable due to 3983 increased memory us eage. You should not need to change this4056 increased memory usage. You should not need to change this 3984 4057 parameter. 3985 4058 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">256</code> … … 3987 4060 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max stat cache size</code></em> = <code class="literal">100</code> 3988 4061 </em></span> 3989 </p></dd></dl></div></div><div class="section" title="max ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 169"></a>4062 </p></dd></dl></div></div><div class="section" title="max ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326301"></a> 3990 4063 3991 4064 max ttl (G) 3992 </h3></div></div></div><a class="indexterm" name="id326 170"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live'4065 </h3></div></div></div><a class="indexterm" name="id326302"></a><a name="MAXTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> what the default 'time to live' 3993 4066 of NetBIOS names should be (in seconds) when <code class="literal">nmbd</code> is 3994 4067 requesting a name using either a broadcast packet or from a WINS server. You should 3995 4068 never need to change this parameter. The default is 3 days.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max ttl</code></em> = <code class="literal">259200</code> 3996 4069 </em></span> 3997 </p></dd></dl></div></div><div class="section" title="max wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 226"></a>4070 </p></dd></dl></div></div><div class="section" title="max wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326358"></a> 3998 4071 3999 4072 max wins ttl (G) 4000 </h3></div></div></div><a class="indexterm" name="id326 227"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server4073 </h3></div></div></div><a class="indexterm" name="id326359"></a><a name="MAXWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server 4001 4074 (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the maximum 4002 4075 'time to live' of NetBIOS names that <code class="literal">nmbd</code> … … 4004 4077 parameter. The default is 6 days (518400 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max wins ttl</code></em> = <code class="literal">518400</code> 4005 4078 </em></span> 4006 </p></dd></dl></div></div><div class="section" title="max xmit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 295"></a>4079 </p></dd></dl></div></div><div class="section" title="max xmit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326426"></a> 4007 4080 4008 4081 max xmit (G) 4009 </h3></div></div></div><a class="indexterm" name="id326 296"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size4082 </h3></div></div></div><a class="indexterm" name="id326428"></a><a name="MAXXMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum packet size 4010 4083 that will be negotiated by Samba. The default is 16644, which 4011 4084 matches the behavior of Windows 2000. A value below 2048 is likely to cause problems. … … 4015 4088 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max xmit</code></em> = <code class="literal">8192</code> 4016 4089 </em></span> 4017 </p></dd></dl></div></div><div class="section" title="message command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 354"></a>4090 </p></dd></dl></div></div><div class="section" title="message command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326486"></a> 4018 4091 4019 4092 message command (G) 4020 </h3></div></div></div><a class="indexterm" name="id326 355"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the4093 </h3></div></div></div><a class="indexterm" name="id326488"></a><a name="MESSAGECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies what command to run when the 4021 4094 server receives a WinPopup style message.</p><p>This would normally be a command that would 4022 4095 deliver the message somehow. How this is to be done is … … 4057 4130 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>message command</code></em> = <code class="literal">csh -c 'xedit %s; rm %s' &</code> 4058 4131 </em></span> 4059 </p></dd></dl></div></div><div class="section" title="min print space (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 547"></a>4132 </p></dd></dl></div></div><div class="section" title="min print space (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326678"></a> 4060 4133 4061 4134 min print space (S) 4062 </h3></div></div></div><a class="indexterm" name="id326 548"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk4135 </h3></div></div></div><a class="indexterm" name="id326679"></a><a name="MINPRINTSPACE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the minimum amount of free disk 4063 4136 space that must be available before a user will be able to spool 4064 4137 a print job. It is specified in kilobytes. The default is 0, which … … 4067 4140 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min print space</code></em> = <code class="literal">2000</code> 4068 4141 </em></span> 4069 </p></dd></dl></div></div><div class="section" title="min protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 606"></a>4142 </p></dd></dl></div></div><div class="section" title="min protocol (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326738"></a> 4070 4143 4071 4144 min protocol (G) 4072 </h3></div></div></div><a class="indexterm" name="id326 607"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the4145 </h3></div></div></div><a class="indexterm" name="id326739"></a><a name="MINPROTOCOL"></a><div class="variablelist"><dl><dt></dt><dd><p>The value of the parameter (a string) is the 4073 4146 lowest SMB protocol dialect than Samba will support. Please refer 4074 4147 to the <a class="link" href="smb.conf.5.html#MAXPROTOCOL" target="_top">max protocol</a> … … 4082 4155 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = <code class="literal">NT1</code> 4083 4156 </em></span> 4084 </p></dd></dl></div></div><div class="section" title="min receivefile size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 699"></a>4157 </p></dd></dl></div></div><div class="section" title="min receivefile size (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326831"></a> 4085 4158 4086 4159 min receivefile size (G) 4087 </h3></div></div></div><a class="indexterm" name="id326 700"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming4160 </h3></div></div></div><a class="indexterm" name="id326832"></a><a name="MINRECEIVEFILESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option changes the behavior of <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when processing SMBwriteX calls. Any incoming 4088 4161 SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will 4089 4162 be passed to any underlying kernel recvfile or splice system call (if there is no such … … 4094 4167 nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</p><p>Note this option will have NO EFFECT if set on a SMB signed connection.</p><p>The default is zero, which diables this option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min receivefile size</code></em> = <code class="literal">0</code> 4095 4168 </em></span> 4096 </p></dd></dl></div></div><div class="section" title="min wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 761"></a>4169 </p></dd></dl></div></div><div class="section" title="min wins ttl (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id326892"></a> 4097 4170 4098 4171 min wins ttl (G) 4099 </h3></div></div></div><a class="indexterm" name="id326 762"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>4172 </h3></div></div></div><a class="indexterm" name="id326894"></a><a name="MINWINSTTL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option tells <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> 4100 4173 when acting as a WINS server (<a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = yes</a>) what the minimum 'time to live' 4101 4174 of NetBIOS names that <code class="literal">nmbd</code> will grant will be (in … … 4103 4176 is 6 hours (21600 seconds).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min wins ttl</code></em> = <code class="literal">21600</code> 4104 4177 </em></span> 4105 </p></dd></dl></div></div><div class="section" title="msdfs proxy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326 828"></a>4178 </p></dd></dl></div></div><div class="section" title="msdfs proxy (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id326960"></a> 4106 4179 4107 4180 msdfs proxy (S) 4108 </h3></div></div></div><a class="indexterm" name="id326 829"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a4181 </h3></div></div></div><a class="indexterm" name="id326961"></a><a name="MSDFSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter indicates that the share is a 4109 4182 stand-in for another CIFS share whose location is specified by 4110 4183 the value of the parameter. When clients attempt to connect to … … 4114 4187 options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = <code class="literal">\otherserver\someshare</code> 4115 4188 </em></span> 4116 </p></dd></dl></div></div><div class="section" title="msdfs root (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 6901"></a>4189 </p></dd></dl></div></div><div class="section" title="msdfs root (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id327033"></a> 4117 4190 4118 4191 msdfs root (S) 4119 </h3></div></div></div><a class="indexterm" name="id32 6902"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the4192 </h3></div></div></div><a class="indexterm" name="id327034"></a><a name="MSDFSROOT"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to <code class="constant">yes</code>, Samba treats the 4120 4193 share as a Dfs root and allows clients to browse the 4121 4194 distributed file system tree rooted at the share directory. … … 4125 4198 Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>msdfs root</code></em> = <code class="literal">no</code> 4126 4199 </em></span> 4127 </p></dd></dl></div></div><div class="section" title="multicast dns register (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 6954"></a>4200 </p></dd></dl></div></div><div class="section" title="multicast dns register (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327086"></a> 4128 4201 4129 4202 multicast dns register (G) 4130 </h3></div></div></div><a class="indexterm" name="id32 6955"></a><a name="MULTICASTDNSREGISTER"></a><div class="variablelist"><dl><dt></dt><dd><p>If compiled with proper support for it, Samba will4203 </h3></div></div></div><a class="indexterm" name="id327087"></a><a name="MULTICASTDNSREGISTER"></a><div class="variablelist"><dl><dt></dt><dd><p>If compiled with proper support for it, Samba will 4131 4204 announce itself with multicast DNS services like for example 4132 4205 provided by the Avahi daemon.</p><p>This parameter allows disabling Samba to register 4133 4206 itself.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>multicast dns register</code></em> = <code class="literal">yes</code> 4134 4207 </em></span> 4135 </p></dd></dl></div></div><div class="section" title="name cache timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 000"></a>4208 </p></dd></dl></div></div><div class="section" title="name cache timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327132"></a> 4136 4209 4137 4210 name cache timeout (G) 4138 </h3></div></div></div><a class="indexterm" name="id327 001"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before4211 </h3></div></div></div><a class="indexterm" name="id327133"></a><a name="NAMECACHETIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the number of seconds it takes before 4139 4212 entries in samba's hostname resolve cache time out. If 4140 4213 the timeout is set to 0. the caching is disabled. … … 4143 4216 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name cache timeout</code></em> = <code class="literal">0</code> 4144 4217 </em></span> 4145 </p></dd></dl></div></div><div class="section" title="name resolve order (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 059"></a>4218 </p></dd></dl></div></div><div class="section" title="name resolve order (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327190"></a> 4146 4219 4147 4220 name resolve order (G) 4148 </h3></div></div></div><a class="indexterm" name="id327 060"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba4221 </h3></div></div></div><a class="indexterm" name="id327191"></a><a name="NAMERESOLVEORDER"></a><div class="variablelist"><dl><dt></dt><dd><p>This option is used by the programs in the Samba 4149 4222 suite to determine what naming services to use and in what order 4150 4223 to resolve host names to IP addresses. Its main purpose to is to … … 4173 4246 system hostname lookup.</p><p>When Samba is functioning in ADS security mode (<code class="literal">security = ads</code>) 4174 4247 it is advised to use following settings for <em class="parameter"><code>name resolve order</code></em>:</p><p><code class="literal">name resolve order = wins bcast</code></p><p>DC lookups will still be done via DNS, but fallbacks to netbios names will 4175 not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts host winsbcast</code>4248 not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts wins host bcast</code> 4176 4249 </em></span> 4177 4250 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>name resolve order</code></em> = <code class="literal">lmhosts bcast host</code> 4178 4251 </em></span> 4179 </p></dd></dl></div></div><div class="section" title="netbios aliases (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327241"></a> 4252 </p></dd></dl></div></div><div class="section" title="ncalrpc dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327373"></a> 4253 4254 ncalrpc dir (G) 4255 </h3></div></div></div><a class="indexterm" name="id327374"></a><a name="NCALRPCDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This directory will hold a series of named pipes to allow RPC over inter-process communication. </p>. 4256 <p>This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP. Additionally a sub-directory 'np' has restricted permissions, and allows a trusted communication channel between Samba processes</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ncalrpc dir</code></em> = <code class="literal">${prefix}/var/ncalrpc</code> 4257 </em></span> 4258 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ncalrpc dir</code></em> = <code class="literal">/var/run/samba/ncalrpc</code> 4259 </em></span> 4260 </p></dd></dl></div></div><div class="section" title="netbios aliases (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327437"></a> 4180 4261 4181 4262 netbios aliases (G) 4182 </h3></div></div></div><a class="indexterm" name="id327 242"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will4263 </h3></div></div></div><a class="indexterm" name="id327438"></a><a name="NETBIOSALIASES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of NetBIOS names that nmbd will 4183 4264 advertise as additional names by which the Samba server is known. This allows one machine 4184 4265 to appear in browse lists under multiple names. If a machine is acting as a browse server … … 4190 4271 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios aliases</code></em> = <code class="literal">TEST TEST1 TEST2</code> 4191 4272 </em></span> 4192 </p></dd></dl></div></div><div class="section" title="netbios name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 303"></a>4273 </p></dd></dl></div></div><div class="section" title="netbios name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327499"></a> 4193 4274 4194 4275 netbios name (G) 4195 </h3></div></div></div><a class="indexterm" name="id327 304"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>4276 </h3></div></div></div><a class="indexterm" name="id327500"></a><a name="NETBIOSNAME"></a><div class="variablelist"><dl><dt></dt><dd><p> 4196 4277 This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component 4197 4278 of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of … … 4206 4287 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>netbios name</code></em> = <code class="literal">MYNAME</code> 4207 4288 </em></span> 4208 </p></dd></dl></div></div><div class="section" title="netbios scope (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 379"></a>4289 </p></dd></dl></div></div><div class="section" title="netbios scope (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327574"></a> 4209 4290 4210 4291 netbios scope (G) 4211 </h3></div></div></div><a class="indexterm" name="id327 380"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will4292 </h3></div></div></div><a class="indexterm" name="id327575"></a><a name="NETBIOSSCOPE"></a><div class="variablelist"><dl><dt></dt><dd><p>This sets the NetBIOS scope that Samba will 4212 4293 operate under. This should not be set unless every machine 4213 4294 on your LAN also sets this value.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>netbios scope</code></em> = <code class="literal"></code> 4214 4295 </em></span> 4215 </p></dd></dl></div></div><div class="section" title="nis homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 420"></a>4296 </p></dd></dl></div></div><div class="section" title="nis homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327615"></a> 4216 4297 4217 4298 nis homedir (G) 4218 </h3></div></div></div><a class="indexterm" name="id327 421"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For4299 </h3></div></div></div><a class="indexterm" name="id327616"></a><a name="NISHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>Get the home share server from a NIS map. For 4219 4300 UNIX systems that use an automounter, the user's home directory 4220 4301 will often be mounted on a workstation on demand from a remote … … 4235 4316 be a logon server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nis homedir</code></em> = <code class="literal">no</code> 4236 4317 </em></span> 4237 </p></dd></dl></div></div><div class="section" title="nmbd bind explicit broadcast (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 490"></a>4318 </p></dd></dl></div></div><div class="section" title="nmbd bind explicit broadcast (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327686"></a> 4238 4319 4239 4320 nmbd bind explicit broadcast (G) 4240 </h3></div></div></div><a class="indexterm" name="id327 492"></a><a name="NMBDBINDEXPLICITBROADCAST"></a><div class="variablelist"><dl><dt></dt><dd><p>4321 </h3></div></div></div><a class="indexterm" name="id327687"></a><a name="NMBDBINDEXPLICITBROADCAST"></a><div class="variablelist"><dl><dt></dt><dd><p> 4241 4322 This option causes <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to explicitly bind to the 4242 4323 broadcast address of the local subnets. This is needed to make nmbd … … 4245 4326 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nmbd bind explicit broadcast</code></em> = <code class="literal">yes</code> 4246 4327 </em></span> 4247 </p></dd></dl></div></div><div class="section" title="nt acl support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 553"></a>4328 </p></dd></dl></div></div><div class="section" title="nt acl support (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id327749"></a> 4248 4329 4249 4330 nt acl support (S) 4250 </h3></div></div></div><a class="indexterm" name="id327 554"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map4331 </h3></div></div></div><a class="indexterm" name="id327750"></a><a name="NTACLSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to map 4251 4332 UNIX permissions into Windows NT access control lists. The UNIX 4252 4333 permissions considered are the the traditional UNIX owner and … … 4255 4336 releases prior to 2.2.2.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt acl support</code></em> = <code class="literal">yes</code> 4256 4337 </em></span> 4257 </p></dd></dl></div></div><div class="section" title="ntlm auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 605"></a>4338 </p></dd></dl></div></div><div class="section" title="ntlm auth (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327800"></a> 4258 4339 4259 4340 ntlm auth (G) 4260 </h3></div></div></div><a class="indexterm" name="id327 606"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to4341 </h3></div></div></div><a class="indexterm" name="id327802"></a><a name="NTLMAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will attempt to 4261 4342 authenticate users using the NTLM encrypted password response. 4262 4343 If disabled, either the lanman password hash or an NTLMv2 response … … 4266 4347 special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ntlm auth</code></em> = <code class="literal">yes</code> 4267 4348 </em></span> 4268 </p></dd></dl></div></div><div class="section" title="nt pipe support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 665"></a>4349 </p></dd></dl></div></div><div class="section" title="nt pipe support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327861"></a> 4269 4350 4270 4351 nt pipe support (G) 4271 </h3></div></div></div><a class="indexterm" name="id327 666"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether4352 </h3></div></div></div><a class="indexterm" name="id327862"></a><a name="NTPIPESUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether 4272 4353 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will allow Windows NT 4273 4354 clients to connect to the NT SMB specific <code class="constant">IPC$</code> … … 4275 4356 alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt pipe support</code></em> = <code class="literal">yes</code> 4276 4357 </em></span> 4277 </p></dd></dl></div></div><div class="section" title="nt status support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 718"></a>4358 </p></dd></dl></div></div><div class="section" title="nt status support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327914"></a> 4278 4359 4279 4360 nt status support (G) 4280 </h3></div></div></div><a class="indexterm" name="id327 719"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status4361 </h3></div></div></div><a class="indexterm" name="id327915"></a><a name="NTSTATUSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will negotiate NT specific status 4281 4362 support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. 4282 4363 If this option is set to <code class="constant">no</code> then Samba offers … … 4284 4365 reported.</p><p>You should not need to ever disable this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>nt status support</code></em> = <code class="literal">yes</code> 4285 4366 </em></span> 4286 </p></dd></dl></div></div><div class="section" title="null passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327 776"></a>4367 </p></dd></dl></div></div><div class="section" title="null passwords (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id327972"></a> 4287 4368 4288 4369 null passwords (G) 4289 </h3></div></div></div><a class="indexterm" name="id327 777"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code>4290 </em></span> 4291 </p></dd></dl></div></div><div class="section" title="obey pam restrictions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 7828"></a>4370 </h3></div></div></div><a class="indexterm" name="id327973"></a><a name="NULLPASSWORDS"></a><div class="variablelist"><dl><dt></dt><dd><p>Allow or disallow client access to accounts that have null passwords. </p><p>See also <a class="citerefentry" href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>null passwords</code></em> = <code class="literal">no</code> 4371 </em></span> 4372 </p></dd></dl></div></div><div class="section" title="obey pam restrictions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328024"></a> 4292 4373 4293 4374 obey pam restrictions (G) 4294 </h3></div></div></div><a class="indexterm" name="id32 7829"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support4375 </h3></div></div></div><a class="indexterm" name="id328025"></a><a name="OBEYPAMRESTRICTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba 3.0 is configured to enable PAM support 4295 4376 (i.e. --with-pam), this parameter will control whether or not Samba 4296 4377 should obey PAM's account and session management directives. The … … 4302 4383 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>obey pam restrictions</code></em> = <code class="literal">no</code> 4303 4384 </em></span> 4304 </p></dd></dl></div></div><div class="section" title="only user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 7885"></a>4385 </p></dd></dl></div></div><div class="section" title="only user (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328081"></a> 4305 4386 4306 4387 only user (S) 4307 </h3></div></div></div><a class="indexterm" name="id32 7886"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether4388 </h3></div></div></div><a class="indexterm" name="id328082"></a><a name="ONLYUSER"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean option that controls whether 4308 4389 connections with usernames not in the <em class="parameter"><code>user</code></em> 4309 4390 list will be allowed. By default this option is disabled so that a … … 4318 4399 name of the user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>only user</code></em> = <code class="literal">no</code> 4319 4400 </em></span> 4320 </p></dd></dl></div></div><div class="section" title="oplock break wait time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 7968"></a>4401 </p></dd></dl></div></div><div class="section" title="oplock break wait time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328164"></a> 4321 4402 4322 4403 oplock break wait time (G) 4323 </h3></div></div></div><a class="indexterm" name="id32 7969"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p>4404 </h3></div></div></div><a class="indexterm" name="id328165"></a><a name="OPLOCKBREAKWAITTIME"></a><div class="variablelist"><dl><dt></dt><dd><p> 4324 4405 This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too 4325 4406 quickly when that client issues an SMB that can cause an oplock break request, then the network client can … … 4330 4411 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock break wait time</code></em> = <code class="literal">0</code> 4331 4412 </em></span> 4332 </p></dd></dl></div></div><div class="section" title="oplock contention limit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 017"></a>4413 </p></dd></dl></div></div><div class="section" title="oplock contention limit (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328213"></a> 4333 4414 4334 4415 oplock contention limit (S) 4335 </h3></div></div></div><a class="indexterm" name="id328 018"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p>4416 </h3></div></div></div><a class="indexterm" name="id328214"></a><a name="OPLOCKCONTENTIONLIMIT"></a><div class="variablelist"><dl><dt></dt><dd><p> 4336 4417 This is a <span class="emphasis"><em>very</em></span> advanced <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> tuning option to improve the efficiency of the 4337 4418 granting of oplocks under multiple client contention for the same file. … … 4345 4426 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplock contention limit</code></em> = <code class="literal">2</code> 4346 4427 </em></span> 4347 </p></dd></dl></div></div><div class="section" title="oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 095"></a>4428 </p></dd></dl></div></div><div class="section" title="oplocks (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id328291"></a> 4348 4429 4349 4430 oplocks (S) 4350 </h3></div></div></div><a class="indexterm" name="id328 096"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p>4431 </h3></div></div></div><a class="indexterm" name="id328292"></a><a name="OPLOCKS"></a><div class="variablelist"><dl><dt></dt><dd><p> 4351 4432 This boolean option tells <code class="literal">smbd</code> whether to 4352 4433 issue oplocks (opportunistic locks) to file open requests on this … … 4365 4446 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = <code class="literal">yes</code> 4366 4447 </em></span> 4367 </p></dd></dl></div></div><div class="section" title="os2 driver map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 172"></a>4448 </p></dd></dl></div></div><div class="section" title="os2 driver map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328368"></a> 4368 4449 4369 4450 os2 driver map (G) 4370 </h3></div></div></div><a class="indexterm" name="id328 173"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute4451 </h3></div></div></div><a class="indexterm" name="id328369"></a><a name="OS2DRIVERMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>The parameter is used to define the absolute 4371 4452 path to a file containing a mapping of Windows NT printer driver 4372 4453 names to OS/2 printer driver names. The format is:</p><p><nt driver name> = <os2 driver name>.<device name></p><p>For example, a valid entry using the HP LaserJet 5 … … 4378 4459 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>os2 driver map</code></em> = <code class="literal"></code> 4379 4460 </em></span> 4380 </p></dd></dl></div></div><div class="section" title="os level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 232"></a>4461 </p></dd></dl></div></div><div class="section" title="os level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328428"></a> 4381 4462 4382 4463 os level (G) 4383 </h3></div></div></div><a class="indexterm" name="id328 233"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>4464 </h3></div></div></div><a class="indexterm" name="id328429"></a><a name="OSLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 4384 4465 This integer value controls what level Samba advertises itself as for browse elections. The value of this 4385 4466 parameter determines whether <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="link" href="smb.conf.5.html#WORKGROUP" target="_top">workgroup</a> in the local broadcast area. … … 4397 4478 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>os level</code></em> = <code class="literal">65</code> 4398 4479 </em></span> 4399 </p></dd></dl></div></div><div class="section" title="pam password change (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 326"></a>4480 </p></dd></dl></div></div><div class="section" title="pam password change (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328522"></a> 4400 4481 4401 4482 pam password change (G) 4402 </h3></div></div></div><a class="indexterm" name="id328 327"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2,4483 </h3></div></div></div><a class="indexterm" name="id328523"></a><a name="PAMPASSWORDCHANGE"></a><div class="variablelist"><dl><dt></dt><dd><p>With the addition of better PAM support in Samba 2.2, 4403 4484 this parameter, it is possible to use PAM's password change control 4404 4485 flag for Samba. If enabled, then PAM will be used for password … … 4408 4489 <a class="link" href="smb.conf.5.html#PASSWDCHAT" target="_top">passwd chat</a> parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = <code class="literal">no</code> 4409 4490 </em></span> 4410 </p></dd></dl></div></div><div class="section" title="panic action (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 393"></a>4491 </p></dd></dl></div></div><div class="section" title="panic action (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328589"></a> 4411 4492 4412 4493 panic action (G) 4413 </h3></div></div></div><a class="indexterm" name="id328 394"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a4494 </h3></div></div></div><a class="indexterm" name="id328590"></a><a name="PANICACTION"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a Samba developer option that allows a 4414 4495 system command to be called when either <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> or <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> crashes. This is usually used to 4415 4496 draw attention to the fact that a problem occurred. … … 4418 4499 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>panic action</code></em> = <code class="literal">"/bin/sleep 90000"</code> 4419 4500 </em></span> 4420 </p></dd></dl></div></div><div class="section" title="paranoid server security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 467"></a>4501 </p></dd></dl></div></div><div class="section" title="paranoid server security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328662"></a> 4421 4502 4422 4503 paranoid server security (G) 4423 </h3></div></div></div><a class="indexterm" name="id328 468"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest4504 </h3></div></div></div><a class="indexterm" name="id328663"></a><a name="PARANOIDSERVERSECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>Some version of NT 4.x allow non-guest 4424 4505 users with a bad passowrd. When this option is enabled, samba will not 4425 4506 use a broken NT 4.x server as password server, but instead complain … … 4429 4510 bad logon to the remote server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>paranoid server security</code></em> = <code class="literal">yes</code> 4430 4511 </em></span> 4431 </p></dd></dl></div></div><div class="section" title="passdb backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 515"></a>4512 </p></dd></dl></div></div><div class="section" title="passdb backend (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328710"></a> 4432 4513 4433 4514 passdb backend (G) 4434 </h3></div></div></div><a class="indexterm" name="id328 516"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend4515 </h3></div></div></div><a class="indexterm" name="id328711"></a><a name="PASSDBBACKEND"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows the administrator to chose which backend 4435 4516 will be used for storing user and possibly group information. This allows 4436 4517 you to swap between different storage mechanisms without recompile. </p><p>The parameter value is divided into two parts, the backend's name, and a 'location' … … 4467 4548 </pre><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb backend</code></em> = <code class="literal">tdbsam</code> 4468 4549 </em></span> 4469 </p></dd></dl></div></div><div class="section" title="passdb expand explicit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 658"></a>4550 </p></dd></dl></div></div><div class="section" title="passdb expand explicit (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328854"></a> 4470 4551 4471 4552 passdb expand explicit (G) 4472 </h3></div></div></div><a class="indexterm" name="id328 659"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p>4553 </h3></div></div></div><a class="indexterm" name="id328855"></a><a name="PASSDBEXPANDEXPLICIT"></a><div class="variablelist"><dl><dt></dt><dd><p> 4473 4554 This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We 4474 4555 used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable … … 4476 4557 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passdb expand explicit</code></em> = <code class="literal">no</code> 4477 4558 </em></span> 4478 </p></dd></dl></div></div><div class="section" title="passwd chat debug (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 701"></a>4559 </p></dd></dl></div></div><div class="section" title="passwd chat debug (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328897"></a> 4479 4560 4480 4561 passwd chat debug (G) 4481 </h3></div></div></div><a class="indexterm" name="id328 702"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script4562 </h3></div></div></div><a class="indexterm" name="id328898"></a><a name="PASSWDCHATDEBUG"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean specifies if the passwd chat script 4482 4563 parameter is run in <span class="emphasis"><em>debug</em></span> mode. In this mode the 4483 4564 strings passed to and received from the passwd chat are printed … … 4492 4573 parameter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = <code class="literal">no</code> 4493 4574 </em></span> 4494 </p></dd></dl></div></div><div class="section" title="passwd chat timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328 798"></a>4575 </p></dd></dl></div></div><div class="section" title="passwd chat timeout (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id328993"></a> 4495 4576 4496 4577 passwd chat timeout (G) 4497 </h3></div></div></div><a class="indexterm" name="id328 799"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial4578 </h3></div></div></div><a class="indexterm" name="id328994"></a><a name="PASSWDCHATTIMEOUT"></a><div class="variablelist"><dl><dt></dt><dd><p>This integer specifies the number of seconds smbd will wait for an initial 4498 4579 answer from a passwd chat script being run. Once the initial answer is received 4499 4580 the subsequent answers must be received in one tenth of this time. The default it 4500 4581 two seconds.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat timeout</code></em> = <code class="literal">2</code> 4501 4582 </em></span> 4502 </p></dd></dl></div></div><div class="section" title="passwd chat (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id32 8840"></a>4583 </p></dd></dl></div></div><div class="section" title="passwd chat (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329036"></a> 4503 4584 4504 4585 passwd chat (G) 4505 </h3></div></div></div><a class="indexterm" name="id32 8841"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span>4586 </h3></div></div></div><a class="indexterm" name="id329037"></a><a name="PASSWDCHAT"></a><div class="variablelist"><dl><dt></dt><dd><p>This string controls the <span class="emphasis"><em>"chat"</em></span> 4506 4587 conversation that takes places between <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and the local password changing 4507 4588 program to change the user's password. The string describes a … … 4534 4615 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd chat</code></em> = <code class="literal">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</code> 4535 4616 </em></span> 4536 </p></dd></dl></div></div><div class="section" title="passwd program (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329 024"></a>4617 </p></dd></dl></div></div><div class="section" title="passwd program (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329219"></a> 4537 4618 4538 4619 passwd program (G) 4539 </h3></div></div></div><a class="indexterm" name="id329 025"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set4620 </h3></div></div></div><a class="indexterm" name="id329220"></a><a name="PASSWDPROGRAM"></a><div class="variablelist"><dl><dt></dt><dd><p>The name of a program that can be used to set 4540 4621 UNIX user passwords. Any occurrences of <em class="parameter"><code>%u</code></em> 4541 4622 will be replaced with the user name. The user name is checked for … … 4558 4639 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>passwd program</code></em> = <code class="literal">/bin/passwd %u</code> 4559 4640 </em></span> 4560 </p></dd></dl></div></div><div class="section" title="password level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329 150"></a>4641 </p></dd></dl></div></div><div class="section" title="password level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329346"></a> 4561 4642 4562 4643 password level (G) 4563 </h3></div></div></div><a class="indexterm" name="id329 151"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty4644 </h3></div></div></div><a class="indexterm" name="id329347"></a><a name="PASSWORDLEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Some client/server combinations have difficulty 4564 4645 with mixed-case passwords. One offending client is Windows for 4565 4646 Workgroups, which for some reason forces passwords to upper … … 4568 4649 family of operating systems. These clients upper case clear 4569 4650 text passwords even when NT LM 0.12 selected by the protocol 4570 negotiation request/response.</p><p>This parameter defines the maximum number of characters4651 negotiation request/response.</p><p>This deprecated parameter defines the maximum number of characters 4571 4652 that may be upper case in passwords.</p><p>For example, say the password given was "FRED". If <em class="parameter"><code> 4572 4653 password level</code></em> is set to 1, the following combinations … … 4583 4664 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = <code class="literal">4</code> 4584 4665 </em></span> 4585 </p></dd></dl></div></div><div class="section" title="password server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329 273"></a>4666 </p></dd></dl></div></div><div class="section" title="password server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329468"></a> 4586 4667 4587 4668 password server (G) 4588 </h3></div></div></div><a class="indexterm" name="id329 274"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server4669 </h3></div></div></div><a class="indexterm" name="id329469"></a><a name="PASSWORDSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>By specifying the name of another SMB server 4589 4670 or Active Directory domain controller with this option, 4590 4671 and using <code class="literal">security = [ads|domain|server]</code> 4591 4672 it is possible to get Samba 4592 to do all its username/password validation using a specific remote server.</p><p>This option sets the name or IP address of the password server to use. 4593 New syntax has been added to support defining the port to use when connecting 4594 to the server the case of an ADS realm. To define a port other than the 4595 default LDAP port of 389, add the port number using a colon after the 4596 name or IP address (e.g. 192.168.1.100:389). If you do not specify a port, 4597 Samba will use the standard LDAP port of tcp/389. Note that port numbers 4598 have no effect on password servers for Windows NT 4.0 domains or netbios 4599 connections.</p><p>If parameter is a name, it is looked up using the 4600 parameter <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order</a> and so may resolved 4601 by any method and order described in that parameter.</p><p>The password server must be a machine capable of using 4602 the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 4603 user level security mode.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Using a password server means your UNIX box (running 4604 Samba) is only as secure as your password server. <span class="emphasis"><em>DO NOT 4605 CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</em></span>. 4606 </p></div><p>Never point a Samba server at itself for password serving. 4607 This will cause a loop and could lock up your Samba server!</p><p>The name of the password server takes the standard 4608 substitutions, but probably the only useful one is <em class="parameter"><code>%m 4609 </code></em>, which means the Samba server will use the incoming 4610 client as the password server. If you use this then you better 4611 trust your clients, and you had better restrict them with hosts allow!</p><p>If the <em class="parameter"><code>security</code></em> parameter is set to 4612 <code class="constant">domain</code> or <code class="constant">ads</code>, then the list of machines in this 4613 option must be a list of Primary or Backup Domain controllers for the 4614 Domain or the character '*', as the Samba server is effectively 4615 in that domain, and will use cryptographically authenticated RPC calls 4616 to authenticate the user logging on. The advantage of using <code class="literal"> 4617 security = domain</code> is that if you list several hosts in the 4618 <em class="parameter"><code>password server</code></em> option then <code class="literal">smbd 4619 </code> will try each in turn till it finds one that responds. This 4620 is useful in case your primary server goes down.</p><p>If the <em class="parameter"><code>password server</code></em> option is set 4621 to the character '*', then Samba will attempt to auto-locate the 4622 Primary or Backup Domain controllers to authenticate against by 4623 doing a query for the name <code class="constant">WORKGROUP<1C></code> 4624 and then contacting each server returned in the list of IP 4625 addresses from the name resolution source. </p><p>If the list of servers contains both names/IP's and the '*' 4673 to do all its username/password validation using a specific remote server.</p><p>If the <em class="parameter"><code>security</code></em> parameter is set to 4674 <code class="constant">domain</code> or <code class="constant">ads</code>, then this option 4675 <span class="emphasis"><em>should not</em></span> be used, as the default '*' indicates to Samba 4676 to determine the best DC to contact dynamically, just as all other hosts in an 4677 AD domain do. This allows the domain to be maintained without modification to 4678 the smb.conf file. The cryptograpic protection on the authenticated RPC calls 4679 used to verify passwords ensures that this default is safe.</p><p><span class="emphasis"><em>It is strongly recommended that you use the 4680 default of '*'</em></span>, however if in your particular 4681 environment you have reason to specify a particular DC list, then 4682 the list of machines in this option must be a list of names or IP 4683 addresses of Domain controllers for the Domain. If you use the 4684 default of '*', or list several hosts in the <em class="parameter"><code>password server</code></em> option then <code class="literal">smbd </code> will try each in turn till it 4685 finds one that responds. This is useful in case your primary 4686 server goes down.</p><p>If the list of servers contains both names/IP's and the '*' 4626 4687 character, the list is treated as a list of preferred 4627 4688 domain controllers, but an auto lookup of all remaining DC's 4628 4689 will be added to the list as well. Samba will not attempt to optimize 4629 this list by locating the closest DC.</p><p>If the <em class="parameter"><code>security</code></em> parameter is4630 set to <code class="constant">server</code>, then there are different4631 restrictions that <code class="literal">security = domain</code> doesn't4632 s uffer from:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may list several password servers in4690 this list by locating the closest DC.</p><p>If parameter is a name, it is looked up using the 4691 parameter <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order</a> and so may resolved 4692 by any method and order described in that parameter.</p><p>If the <em class="parameter"><code>security</code></em> parameter is 4693 set to <code class="constant">server</code>, these additional restrictions apply:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may list several password servers in 4633 4694 the <em class="parameter"><code>password server</code></em> parameter, however if an 4634 4695 <code class="literal">smbd</code> makes a connection to a password server, … … 4636 4697 to be authenticated from this <code class="literal">smbd</code>. This is a 4637 4698 restriction of the SMB/CIFS protocol when in <code class="literal">security = server 4638 </code> mode and cannot be fixed in Samba.</p></li><li class="listitem"><p>If you are using a Windows NT server as your 4639 password server then you will have to ensure that your users 4699 </code> mode and cannot be fixed in Samba.</p></li><li class="listitem"><p>You will have to ensure that your users 4640 4700 are able to login from the Samba server, as when in <code class="literal"> 4641 4701 security = server</code> mode the network logon will appear to 4642 come from there rather than from the users workstation.</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">*</code> 4702 come from the Samba server rather than from the users workstation.</p></li><li class="listitem"><p>The client must not select NTLMv2 authentication.</p></li><li class="listitem"><p>The password server must be a machine capable of using 4703 the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 4704 user level security mode.</p></li><li class="listitem"><p>Using a password server means your UNIX box (running 4705 Samba) is only as secure as (a host masqurading as) your password server. <span class="emphasis"><em>DO NOT 4706 CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</em></span>. 4707 </p></li><li class="listitem"><p>Never point a Samba server at itself for password serving. 4708 This will cause a loop and could lock up your Samba server!</p></li><li class="listitem"><p>The name of the password server takes the standard 4709 substitutions, but probably the only useful one is <em class="parameter"><code>%m 4710 </code></em>, which means the Samba server will use the incoming 4711 client as the password server. If you use this then you better 4712 trust your clients, and you had better restrict them with hosts allow!</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">*</code> 4643 4713 </em></span> 4644 4714 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">NT-PDC, NT-BDC1, NT-BDC2, *</code> … … 4646 4716 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password server</code></em> = <code class="literal">windc.mydomain.com:389 192.168.1.101 *</code> 4647 4717 </em></span> 4648 </p></dd></dl></div></div><div class="section" title="directory"><div class="titlepage"><div><div><h3 class="title"><a name="id329 538"></a>4718 </p></dd></dl></div></div><div class="section" title="directory"><div class="titlepage"><div><div><h3 class="title"><a name="id329728"></a> 4649 4719 4650 4720 <a name="DIRECTORY"></a>directory 4651 </h3></div></div></div><a class="indexterm" name="id329 539"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" title="path (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329568"></a>4721 </h3></div></div></div><a class="indexterm" name="id329729"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PATH">path</a>.</p></dd></dl></div></div><div class="section" title="path (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329759"></a> 4652 4722 4653 4723 path (S) 4654 </h3></div></div></div><a class="indexterm" name="id329 570"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which4724 </h3></div></div></div><a class="indexterm" name="id329760"></a><a name="PATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a directory to which 4655 4725 the user of the service is to be given access. In the case of 4656 4726 printable services, this is where print data will spool prior to … … 4669 4739 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = <code class="literal">/home/fred</code> 4670 4740 </em></span> 4671 </p></dd></dl></div></div><div class="section" title="perfcount module (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329 666"></a>4741 </p></dd></dl></div></div><div class="section" title="perfcount module (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329856"></a> 4672 4742 4673 4743 perfcount module (G) 4674 </h3></div></div></div><a class="indexterm" name="id329 667"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB4744 </h3></div></div></div><a class="indexterm" name="id329857"></a><a name="PERFCOUNTMODULE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the perfcount backend to be used when monitoring SMB 4675 4745 operations. Only one perfcount module may be used, and it must implement all of the 4676 4746 apis contained in the smb_perfcount_handler structure defined in smb.h. 4677 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="pid directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329 696"></a>4747 </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="pid directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id329887"></a> 4678 4748 4679 4749 pid directory (G) 4680 </h3></div></div></div><a class="indexterm" name="id329 697"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>4750 </h3></div></div></div><a class="indexterm" name="id329888"></a><a name="PIDDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p> 4681 4751 This option specifies the directory where pid files will be placed. 4682 4752 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">${prefix}/var/locks</code> … … 4684 4754 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>pid directory</code></em> = <code class="literal">pid directory = /var/run/</code> 4685 4755 </em></span> 4686 </p></dd></dl></div></div><div class="section" title="posix locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329 754"></a>4756 </p></dd></dl></div></div><div class="section" title="posix locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329944"></a> 4687 4757 4688 4758 posix locking (S) 4689 </h3></div></div></div><a class="indexterm" name="id329 755"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>4759 </h3></div></div></div><a class="indexterm" name="id329945"></a><a name="POSIXLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p> 4690 4760 The <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> 4691 4761 daemon maintains an database of file locks obtained by SMB clients. The default behavior is … … 4696 4766 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>posix locking</code></em> = <code class="literal">yes</code> 4697 4767 </em></span> 4698 </p></dd></dl></div></div><div class="section" title="postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 29806"></a>4768 </p></dd></dl></div></div><div class="section" title="postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330001"></a> 4699 4769 4700 4770 postexec (S) 4701 </h3></div></div></div><a class="indexterm" name="id3 29807"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run4771 </h3></div></div></div><a class="indexterm" name="id330002"></a><a name="POSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run 4702 4772 whenever the service is disconnected. It takes the usual 4703 4773 substitutions. The command may be run as the root on some … … 4707 4777 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>postexec</code></em> = <code class="literal">echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log</code> 4708 4778 </em></span> 4709 </p></dd></dl></div></div><div class="section" title="preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 29876"></a>4779 </p></dd></dl></div></div><div class="section" title="preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330070"></a> 4710 4780 4711 4781 preexec close (S) 4712 </h3></div></div></div><a class="indexterm" name="id3 29877"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>4782 </h3></div></div></div><a class="indexterm" name="id330072"></a><a name="PREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p> 4713 4783 This boolean option controls whether a non-zero return code from <a class="link" href="smb.conf.5.html#PREEXEC" target="_top">preexec</a> 4714 4784 should close the service being connected to. 4715 4785 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = <code class="literal">no</code> 4716 4786 </em></span> 4717 </p></dd></dl></div></div><div class="section" title="exec"><div class="titlepage"><div><div><h3 class="title"><a name="id3 29929"></a>4787 </p></dd></dl></div></div><div class="section" title="exec"><div class="titlepage"><div><div><h3 class="title"><a name="id330123"></a> 4718 4788 4719 4789 <a name="EXEC"></a>exec 4720 </h3></div></div></div><a class="indexterm" name="id3 29930"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" title="preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id329960"></a>4790 </h3></div></div></div><a class="indexterm" name="id330124"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREEXEC">preexec</a>.</p></dd></dl></div></div><div class="section" title="preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330154"></a> 4721 4791 4722 4792 preexec (S) 4723 </h3></div></div></div><a class="indexterm" name="id3 29961"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever4793 </h3></div></div></div><a class="indexterm" name="id330156"></a><a name="PREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies a command to be run whenever 4724 4794 the service is connected to. It takes the usual substitutions.</p><p>An interesting example is to send the users a welcome 4725 4795 message every time they log in. Maybe a message of the day? Here … … 4733 4803 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = <code class="literal">echo \"%u connected to %S from %m (%I)\" >> /tmp/log</code> 4734 4804 </em></span> 4735 </p></dd></dl></div></div><div class="section" title="prefered master"><div class="titlepage"><div><div><h3 class="title"><a name="id330 061"></a>4805 </p></dd></dl></div></div><div class="section" title="prefered master"><div class="titlepage"><div><div><h3 class="title"><a name="id330256"></a> 4736 4806 4737 4807 <a name="PREFEREDMASTER"></a>prefered master 4738 </h3></div></div></div><a class="indexterm" name="id330 062"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" title="preferred master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330093"></a>4808 </h3></div></div></div><a class="indexterm" name="id330257"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PREFERREDMASTER">preferred master</a>.</p></dd></dl></div></div><div class="section" title="preferred master (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330288"></a> 4739 4809 4740 4810 preferred master (G) 4741 </h3></div></div></div><a class="indexterm" name="id330 094"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p>4811 </h3></div></div></div><a class="indexterm" name="id330289"></a><a name="PREFERREDMASTER"></a><div class="variablelist"><dl><dt></dt><dd><p> 4742 4812 This boolean parameter controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> is a preferred master browser for its workgroup. 4743 4813 </p><p> … … 4753 4823 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preferred master</code></em> = <code class="literal">auto</code> 4754 4824 </em></span> 4755 </p></dd></dl></div></div><div class="section" title="preload modules (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330 180"></a>4825 </p></dd></dl></div></div><div class="section" title="preload modules (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330374"></a> 4756 4826 4757 4827 preload modules (G) 4758 </h3></div></div></div><a class="indexterm" name="id330 181"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should4828 </h3></div></div></div><a class="indexterm" name="id330375"></a><a name="PRELOADMODULES"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of paths to modules that should 4759 4829 be loaded into smbd before a client connects. This improves 4760 4830 the speed of smbd when reacting to new connections somewhat. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal"></code> … … 4762 4832 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload modules</code></em> = <code class="literal">/usr/lib/samba/passdb/mysql.so</code> 4763 4833 </em></span> 4764 </p></dd></dl></div></div><div class="section" title="auto services"><div class="titlepage"><div><div><h3 class="title"><a name="id330 238"></a>4834 </p></dd></dl></div></div><div class="section" title="auto services"><div class="titlepage"><div><div><h3 class="title"><a name="id330433"></a> 4765 4835 4766 4836 <a name="AUTOSERVICES"></a>auto services 4767 </h3></div></div></div><a class="indexterm" name="id330 239"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" title="preload (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330270"></a>4837 </h3></div></div></div><a class="indexterm" name="id330434"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRELOAD">preload</a>.</p></dd></dl></div></div><div class="section" title="preload (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330464"></a> 4768 4838 4769 4839 preload (G) 4770 </h3></div></div></div><a class="indexterm" name="id330 271"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be4840 </h3></div></div></div><a class="indexterm" name="id330465"></a><a name="PRELOAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a list of services that you want to be 4771 4841 automatically added to the browse lists. This is most useful 4772 4842 for homes and printers services that would otherwise not be … … 4779 4849 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = <code class="literal">fred lp colorlp</code> 4780 4850 </em></span> 4781 </p></dd></dl></div></div><div class="section" title="preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330 343"></a>4851 </p></dd></dl></div></div><div class="section" title="preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330537"></a> 4782 4852 4783 4853 preserve case (S) 4784 </h3></div></div></div><a class="indexterm" name="id330 344"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>4854 </h3></div></div></div><a class="indexterm" name="id330538"></a><a name="PRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p> 4785 4855 This controls if new filenames are created with the case that the client passes, or if 4786 4856 they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>. … … 4789 4859 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preserve case</code></em> = <code class="literal">yes</code> 4790 4860 </em></span> 4791 </p></dd></dl></div></div><div class="section" title="print ok"><div class="titlepage"><div><div><h3 class="title"><a name="id330 407"></a>4861 </p></dd></dl></div></div><div class="section" title="print ok"><div class="titlepage"><div><div><h3 class="title"><a name="id330601"></a> 4792 4862 4793 4863 <a name="PRINTOK"></a>print ok 4794 </h3></div></div></div><a class="indexterm" name="id330 408"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" title="printable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330438"></a>4864 </h3></div></div></div><a class="indexterm" name="id330602"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTABLE">printable</a>.</p></dd></dl></div></div><div class="section" title="printable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330632"></a> 4795 4865 4796 4866 printable (S) 4797 </h3></div></div></div><a class="indexterm" name="id330 439"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then4867 </h3></div></div></div><a class="indexterm" name="id330633"></a><a name="PRINTABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, then 4798 4868 clients may open, write to and submit spool files on the directory 4799 4869 specified for the service. </p><p>Note that a printable service will ALWAYS allow writing … … 4802 4872 the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = <code class="literal">no</code> 4803 4873 </em></span> 4804 </p></dd></dl></div></div><div class="section" title="printcap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330 499"></a>4874 </p></dd></dl></div></div><div class="section" title="printcap cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330692"></a> 4805 4875 4806 4876 printcap cache time (G) 4807 </h3></div></div></div><a class="indexterm" name="id330 500"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing4877 </h3></div></div></div><a class="indexterm" name="id330694"></a><a name="PRINTCAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the number of seconds before the printing 4808 4878 subsystem is again asked for the known printers. 4809 4879 </p><p>Setting this parameter to 0 disables any rescanning for new … … 4813 4883 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = <code class="literal">600</code> 4814 4884 </em></span> 4815 </p></dd></dl></div></div><div class="section" title="printcap"><div class="titlepage"><div><div><h3 class="title"><a name="id330 562"></a>4885 </p></dd></dl></div></div><div class="section" title="printcap"><div class="titlepage"><div><div><h3 class="title"><a name="id330756"></a> 4816 4886 4817 4887 <a name="PRINTCAP"></a>printcap 4818 </h3></div></div></div><a class="indexterm" name="id330 563"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" title="printcap name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330594"></a>4888 </h3></div></div></div><a class="indexterm" name="id330757"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTCAPNAME">printcap name</a>.</p></dd></dl></div></div><div class="section" title="printcap name (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id330788"></a> 4819 4889 4820 4890 printcap name (G) 4821 </h3></div></div></div><a class="indexterm" name="id330 595"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>4891 </h3></div></div></div><a class="indexterm" name="id330789"></a><a name="PRINTCAPNAME"></a><div class="variablelist"><dl><dt></dt><dd><p> 4822 4892 This parameter may be used to override the compiled-in default printcap name used by the server (usually 4823 4893 <code class="filename"> /etc/printcap</code>). See the discussion of the <a class="link" href="#PRINTERSSECT" title="The [printers] section">[printers]</a> section above for reasons why you might want to do this. … … 4854 4924 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap name</code></em> = <code class="literal">/etc/myprintcap</code> 4855 4925 </em></span> 4856 </p></dd></dl></div></div><div class="section" title="print command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330 766"></a>4926 </p></dd></dl></div></div><div class="section" title="print command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id330959"></a> 4857 4927 4858 4928 print command (S) 4859 </h3></div></div></div><a class="indexterm" name="id330 767"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to4929 </h3></div></div></div><a class="indexterm" name="id330960"></a><a name="PRINTCOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>After a print job has finished spooling to 4860 4930 a service, this command will be used via a <code class="literal">system()</code> 4861 4931 call to process the spool file. Typically the command specified will … … 4899 4969 set print command will be ignored.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>print command</code></em> = <code class="literal">/usr/local/samba/bin/myprintscript %p %s</code> 4900 4970 </em></span> 4901 </p></dd></dl></div></div><div class="section" title="printer admin (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 008"></a>4971 </p></dd></dl></div></div><div class="section" title="printer admin (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331202"></a> 4902 4972 4903 4973 printer admin (S) 4904 </h3></div></div></div><a class="indexterm" name="id331 010"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p>4974 </h3></div></div></div><a class="indexterm" name="id331204"></a><a name="PRINTERADMIN"></a><div class="variablelist"><dl><dt></dt><dd><p> 4905 4975 This lists users who can do anything to printers 4906 4976 via the remote administration interfaces offered … … 4918 4988 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer admin</code></em> = <code class="literal">admin, @staff</code> 4919 4989 </em></span> 4920 </p></dd></dl></div></div><div class="section" title="printer"><div class="titlepage"><div><div><h3 class="title"><a name="id331 072"></a>4990 </p></dd></dl></div></div><div class="section" title="printer"><div class="titlepage"><div><div><h3 class="title"><a name="id331266"></a> 4921 4991 4922 4992 <a name="PRINTER"></a>printer 4923 </h3></div></div></div><a class="indexterm" name="id331 073"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" title="printer name (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331103"></a>4993 </h3></div></div></div><a class="indexterm" name="id331267"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#PRINTERNAME">printer name</a>.</p></dd></dl></div></div><div class="section" title="printer name (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331297"></a> 4924 4994 4925 4995 printer name (S) 4926 </h3></div></div></div><a class="indexterm" name="id331 104"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>4996 </h3></div></div></div><a class="indexterm" name="id331298"></a><a name="PRINTERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p> 4927 4997 This parameter specifies the name of the printer to which print jobs spooled through a printable service 4928 4998 will be sent. … … 4937 5007 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = <code class="literal">laserwriter</code> 4938 5008 </em></span> 4939 </p></dd></dl></div></div><div class="section" title="printing (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 187"></a>5009 </p></dd></dl></div></div><div class="section" title="printing (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331381"></a> 4940 5010 4941 5011 printing (S) 4942 </h3></div></div></div><a class="indexterm" name="id331 188"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is5012 </h3></div></div></div><a class="indexterm" name="id331382"></a><a name="PRINTING"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters controls how printer status information is 4943 5013 interpreted on your system. It also affects the default values for 4944 5014 the <em class="parameter"><code>print command</code></em>, <em class="parameter"><code>lpq command</code></em>, <em class="parameter"><code>lppause command </code></em>, <em class="parameter"><code>lpresume command</code></em>, and <em class="parameter"><code>lprm command</code></em> if specified in the … … 4957 5027 <code class="literal">testparm -v.</code></code> 4958 5028 </em></span> 4959 </p></dd></dl></div></div><div class="section" title="printjob username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 333"></a>5029 </p></dd></dl></div></div><div class="section" title="printjob username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331527"></a> 4960 5030 4961 5031 printjob username (S) 4962 </h3></div></div></div><a class="indexterm" name="id331 334"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be5032 </h3></div></div></div><a class="indexterm" name="id331528"></a><a name="PRINTJOBUSERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies which user information will be 4963 5033 passed to the printing system. Usually, the username is sent, 4964 5034 but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%U</code> … … 4966 5036 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = <code class="literal">%D\%U</code> 4967 5037 </em></span> 4968 </p></dd></dl></div></div><div class="section" title="print notify backchannel (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 392"></a>5038 </p></dd></dl></div></div><div class="section" title="print notify backchannel (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331586"></a> 4969 5039 4970 5040 print notify backchannel (S) 4971 </h3></div></div></div><a class="indexterm" name="id331 393"></a><a name="PRINTNOTIFYBACKCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Windows print clients can update print queue status by expecting5041 </h3></div></div></div><a class="indexterm" name="id331587"></a><a name="PRINTNOTIFYBACKCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>Windows print clients can update print queue status by expecting 4972 5042 the server to open a backchannel SMB connection to them. Due to 4973 5043 client firewall settings this can cause considerable timeouts … … 4980 5050 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>print notify backchannel</code></em> = <code class="literal">yes</code> 4981 5051 </em></span> 4982 </p></dd></dl></div></div><div class="section" title="private dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 444"></a>5052 </p></dd></dl></div></div><div class="section" title="private dir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id331638"></a> 4983 5053 4984 5054 private dir (G) 4985 </h3></div></div></div><a class="indexterm" name="id331 445"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory5055 </h3></div></div></div><a class="indexterm" name="id331639"></a><a name="PRIVATEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameters defines the directory 4986 5056 smbd will use for storing such files as <code class="filename">smbpasswd</code> 4987 5057 and <code class="filename">secrets.tdb</code>. 4988 5058 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>private dir</code></em> = <code class="literal">${prefix}/private</code> 4989 5059 </em></span> 4990 </p></dd></dl></div></div><div class="section" title="profile acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 497"></a>5060 </p></dd></dl></div></div><div class="section" title="profile acls (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331691"></a> 4991 5061 4992 5062 profile acls (S) 4993 </h3></div></div></div><a class="indexterm" name="id331 498"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p>5063 </h3></div></div></div><a class="indexterm" name="id331692"></a><a name="PROFILEACLS"></a><div class="variablelist"><dl><dt></dt><dd><p> 4994 5064 This boolean parameter was added to fix the problems that people have been 4995 5065 having with storing user profiles on Samba shares from Windows 2000 or … … 5017 5087 workstation profile code and has an ACL restricting entry to the directory 5018 5088 tree to the owning user. 5089 </p><p> 5090 Note that this parameter should be set to yes on dedicated profile shares only. 5091 On other shares, it might cause incorrect file ownerships. 5019 5092 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>profile acls</code></em> = <code class="literal">no</code> 5020 5093 </em></span> 5021 </p></dd></dl></div></div><div class="section" title="queuepause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 557"></a>5094 </p></dd></dl></div></div><div class="section" title="queuepause command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331761"></a> 5022 5095 5023 5096 queuepause command (S) 5024 </h3></div></div></div><a class="indexterm" name="id331 558"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be5097 </h3></div></div></div><a class="indexterm" name="id331762"></a><a name="QUEUEPAUSECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 5025 5098 executed on the server host in order to pause the printer queue.</p><p>This command should be a program or script which takes 5026 5099 a printer name as its only parameter and stops the printer queue, … … 5033 5106 server.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queuepause command</code></em> = <code class="literal">disable %p</code> 5034 5107 </em></span> 5035 </p></dd></dl></div></div><div class="section" title="queueresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 628"></a>5108 </p></dd></dl></div></div><div class="section" title="queueresume command (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331832"></a> 5036 5109 5037 5110 queueresume command (S) 5038 </h3></div></div></div><a class="indexterm" name="id331 629"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be5111 </h3></div></div></div><a class="indexterm" name="id331833"></a><a name="QUEUERESUMECOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the command to be 5039 5112 executed on the server host in order to resume the printer queue. It 5040 5113 is the command to undo the behavior that is caused by the … … 5051 5124 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>queueresume command</code></em> = <code class="literal">enable %p</code> 5052 5125 </em></span> 5053 </p></dd></dl></div></div><div class="section" title="read list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331 722"></a>5126 </p></dd></dl></div></div><div class="section" title="read list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id331926"></a> 5054 5127 5055 5128 read list (S) 5056 </h3></div></div></div><a class="indexterm" name="id331 723"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>5129 </h3></div></div></div><a class="indexterm" name="id331927"></a><a name="READLIST"></a><div class="variablelist"><dl><dt></dt><dd><p> 5057 5130 This is a list of users that are given read-only access to a service. If the connecting user is in this list 5058 5131 then they will not be given write access, no matter what the <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a> option is set … … 5064 5137 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = <code class="literal">mary, @students</code> 5065 5138 </em></span> 5066 </p></dd></dl></div></div><div class="section" title="read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 1816"></a>5139 </p></dd></dl></div></div><div class="section" title="read only (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332020"></a> 5067 5140 5068 5141 read only (S) 5069 </h3></div></div></div><a class="indexterm" name="id33 1817"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users5142 </h3></div></div></div><a class="indexterm" name="id332021"></a><a name="READONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>An inverted synonym is <a class="link" href="smb.conf.5.html#WRITEABLE" target="_top">writeable</a>.</p><p>If this parameter is <code class="constant">yes</code>, then users 5070 5143 of a service may not create or modify files in the service's 5071 5144 directory.</p><p>Note that a printable service (<code class="literal">printable = yes</code>) … … 5073 5146 (user privileges permitting), but only via spooling operations.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read only</code></em> = <code class="literal">yes</code> 5074 5147 </em></span> 5075 </p></dd></dl></div></div><div class="section" title="read raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 1888"></a>5148 </p></dd></dl></div></div><div class="section" title="read raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332092"></a> 5076 5149 5077 5150 read raw (G) 5078 </h3></div></div></div><a class="indexterm" name="id33 1890"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server5151 </h3></div></div></div><a class="indexterm" name="id332094"></a><a name="READRAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server 5079 5152 will support the raw read SMB requests when transferring data 5080 5153 to clients.</p><p>If enabled, raw reads allow reads of 65535 bytes in … … 5085 5158 tool and left severely alone.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read raw</code></em> = <code class="literal">yes</code> 5086 5159 </em></span> 5087 </p></dd></dl></div></div><div class="section" title="realm (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 1944"></a>5160 </p></dd></dl></div></div><div class="section" title="realm (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332148"></a> 5088 5161 5089 5162 realm (G) 5090 </h3></div></div></div><a class="indexterm" name="id33 1945"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is5163 </h3></div></div></div><a class="indexterm" name="id332149"></a><a name="REALM"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the kerberos realm to use. The realm is 5091 5164 used as the ADS equivalent of the NT4 <code class="literal">domain</code>. It 5092 5165 is usually set to the DNS name of the kerberos server. … … 5095 5168 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>realm</code></em> = <code class="literal">mysambabox.mycompany.com</code> 5096 5169 </em></span> 5097 </p></dd></dl></div></div><div class="section" title="registry shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 006"></a>5170 </p></dd></dl></div></div><div class="section" title="registry shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332211"></a> 5098 5171 5099 5172 registry shares (G) 5100 </h3></div></div></div><a class="indexterm" name="id332 007"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>5173 </h3></div></div></div><a class="indexterm" name="id332212"></a><a name="REGISTRYSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p> 5101 5174 This turns on or off support for share definitions read from 5102 5175 registry. Shares defined in <span class="emphasis"><em>smb.conf</em></span> take … … 5113 5186 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>registry shares</code></em> = <code class="literal">yes</code> 5114 5187 </em></span> 5115 </p></dd></dl></div></div><div class="section" title="remote announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 089"></a>5188 </p></dd></dl></div></div><div class="section" title="remote announce (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332294"></a> 5116 5189 5117 5190 remote announce (G) 5118 </h3></div></div></div><a class="indexterm" name="id332 090"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p>5191 </h3></div></div></div><a class="indexterm" name="id332295"></a><a name="REMOTEANNOUNCE"></a><div class="variablelist"><dl><dt></dt><dd><p> 5119 5192 This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically announce itself 5120 5193 to arbitrary IP addresses with an arbitrary workgroup name. … … 5140 5213 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote announce</code></em> = <code class="literal"></code> 5141 5214 </em></span> 5142 </p></dd></dl></div></div><div class="section" title="remote browse sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 186"></a>5215 </p></dd></dl></div></div><div class="section" title="remote browse sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332390"></a> 5143 5216 5144 5217 remote browse sync (G) 5145 </h3></div></div></div><a class="indexterm" name="id332 187"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>5218 </h3></div></div></div><a class="indexterm" name="id332391"></a><a name="REMOTEBROWSESYNC"></a><div class="variablelist"><dl><dt></dt><dd><p> 5146 5219 This option allows you to setup <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> to periodically request 5147 5220 synchronization of browse lists with the master browser of a Samba … … 5175 5248 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>remote browse sync</code></em> = <code class="literal"></code> 5176 5249 </em></span> 5177 </p></dd></dl></div></div><div class="section" title="rename user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 290"></a>5250 </p></dd></dl></div></div><div class="section" title="rename user script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332490"></a> 5178 5251 5179 5252 rename user script (G) 5180 </h3></div></div></div><a class="indexterm" name="id332 291"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>5253 </h3></div></div></div><a class="indexterm" name="id332491"></a><a name="RENAMEUSERSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p> 5181 5254 This is the full pathname to a script that will be run as root by <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> under special circumstances described below. 5182 5255 </p><p> … … 5196 5269 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>rename user script</code></em> = <code class="literal">no</code> 5197 5270 </em></span> 5198 </p></dd></dl></div></div><div class="section" title="reset on zero vc (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 369"></a>5271 </p></dd></dl></div></div><div class="section" title="reset on zero vc (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332569"></a> 5199 5272 5200 5273 reset on zero vc (G) 5201 </h3></div></div></div><a class="indexterm" name="id332 370"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p>5274 </h3></div></div></div><a class="indexterm" name="id332570"></a><a name="RESETONZEROVC"></a><div class="variablelist"><dl><dt></dt><dd><p> 5202 5275 This boolean option controls whether an incoming session setup 5203 5276 should kill other connections coming from the same IP. This matches … … 5218 5291 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>reset on zero vc</code></em> = <code class="literal">no</code> 5219 5292 </em></span> 5220 </p></dd></dl></div></div><div class="section" title="restrict anonymous (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 415"></a>5293 </p></dd></dl></div></div><div class="section" title="restrict anonymous (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332616"></a> 5221 5294 5222 5295 restrict anonymous (G) 5223 </h3></div></div></div><a class="indexterm" name="id332 416"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and5296 </h3></div></div></div><a class="indexterm" name="id332617"></a><a name="RESTRICTANONYMOUS"></a><div class="variablelist"><dl><dt></dt><dd><p>The setting of this parameter determines whether user and 5224 5297 group list information is returned for an anonymous connection. 5225 5298 and mirrors the effects of the … … 5244 5317 </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = <code class="literal">0</code> 5245 5318 </em></span> 5246 </p></dd></dl></div></div><div class="section" title="root"><div class="titlepage"><div><div><h3 class="title"><a name="id332 488"></a>5319 </p></dd></dl></div></div><div class="section" title="root"><div class="titlepage"><div><div><h3 class="title"><a name="id332693"></a> 5247 5320 5248 5321 <a name="ROOT"></a>root 5249 </h3></div></div></div><a class="indexterm" name="id332 490"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root dir"><div class="titlepage"><div><div><h3 class="title"><a name="id332521"></a>5322 </h3></div></div></div><a class="indexterm" name="id332694"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root dir"><div class="titlepage"><div><div><h3 class="title"><a name="id332725"></a> 5250 5323 5251 5324 <a name="ROOTDIR"></a>root dir 5252 </h3></div></div></div><a class="indexterm" name="id332 522"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332552"></a>5325 </h3></div></div></div><a class="indexterm" name="id332726"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#ROOTDIRECTORY">root directory</a>.</p></dd></dl></div></div><div class="section" title="root directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id332756"></a> 5253 5326 5254 5327 root directory (G) 5255 </h3></div></div></div><a class="indexterm" name="id332 553"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e.5328 </h3></div></div></div><a class="indexterm" name="id332757"></a><a name="ROOTDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>The server will <code class="literal">chroot()</code> (i.e. 5256 5329 Change its root directory) to this directory on startup. This is 5257 5330 not strictly necessary for secure operation. Even without it the … … 5276 5349 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>root directory</code></em> = <code class="literal">/homes/smb</code> 5277 5350 </em></span> 5278 </p></dd></dl></div></div><div class="section" title="root postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 664"></a>5351 </p></dd></dl></div></div><div class="section" title="root postexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332869"></a> 5279 5352 5280 5353 root postexec (S) 5281 </h3></div></div></div><a class="indexterm" name="id332 665"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>5354 </h3></div></div></div><a class="indexterm" name="id332870"></a><a name="ROOTPOSTEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p> 5282 5355 This is the same as the <em class="parameter"><code>postexec</code></em> 5283 5356 parameter except that the command is run as root. This is useful for … … 5285 5358 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root postexec</code></em> = <code class="literal"></code> 5286 5359 </em></span> 5287 </p></dd></dl></div></div><div class="section" title="root preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 711"></a>5360 </p></dd></dl></div></div><div class="section" title="root preexec close (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332916"></a> 5288 5361 5289 5362 root preexec close (S) 5290 </h3></div></div></div><a class="indexterm" name="id332 712"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close5363 </h3></div></div></div><a class="indexterm" name="id332917"></a><a name="ROOTPREEXECCLOSE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is the same as the <em class="parameter"><code>preexec close 5291 5364 </code></em> parameter except that the command is run as root.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec close</code></em> = <code class="literal">no</code> 5292 5365 </em></span> 5293 </p></dd></dl></div></div><div class="section" title="root preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332 758"></a>5366 </p></dd></dl></div></div><div class="section" title="root preexec (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id332963"></a> 5294 5367 5295 5368 root preexec (S) 5296 </h3></div></div></div><a class="indexterm" name="id332 760"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p>5369 </h3></div></div></div><a class="indexterm" name="id332964"></a><a name="ROOTPREEXEC"></a><div class="variablelist"><dl><dt></dt><dd><p> 5297 5370 This is the same as the <em class="parameter"><code>preexec</code></em> 5298 5371 parameter except that the command is run as root. This is useful for … … 5300 5373 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>root preexec</code></em> = <code class="literal"></code> 5301 5374 </em></span> 5302 </p></dd></dl></div></div><div class="section" title="rpc_server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 2806"></a>5375 </p></dd></dl></div></div><div class="section" title="rpc_server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333010"></a> 5303 5376 5304 5377 rpc_server (G) 5305 </h3></div></div></div><a class="indexterm" name="id33 2807"></a><a name="RPC_SERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>5378 </h3></div></div></div><a class="indexterm" name="id333011"></a><a name="RPC_SERVER"></a><div class="variablelist"><dl><dt></dt><dd><p> 5306 5379 Defines what kind of rpc server to use for a named pipe. 5307 5380 The rpc_server prefix must be followed by the pipe name, and a value. … … 5330 5403 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>rpc_server</code></em> = <code class="literal">none</code> 5331 5404 </em></span> 5332 </p></dd></dl></div></div><div class="section" title="security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 2905"></a>5405 </p></dd></dl></div></div><div class="section" title="security mask (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id333109"></a> 5333 5406 5334 5407 security mask (S) 5335 </h3></div></div></div><a class="indexterm" name="id33 2906"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p>5408 </h3></div></div></div><a class="indexterm" name="id333110"></a><a name="SECURITYMASK"></a><div class="variablelist"><dl><dt></dt><dd><p> 5336 5409 This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the 5337 5410 UNIX permission on a file using the native NT security dialog box. … … 5352 5425 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security mask</code></em> = <code class="literal">0770</code> 5353 5426 </em></span> 5354 </p></dd></dl></div></div><div class="section" title="security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333 001"></a>5427 </p></dd></dl></div></div><div class="section" title="security (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333205"></a> 5355 5428 5356 5429 security (G) 5357 </h3></div></div></div><a class="indexterm" name="id333 002"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to5430 </h3></div></div></div><a class="indexterm" name="id333206"></a><a name="SECURITY"></a><div class="variablelist"><dl><dt></dt><dd><p>This option affects how clients respond to 5358 5431 Samba and is one of the most important settings in the <code class="filename"> 5359 5432 smb.conf</code> file.</p><p>The option sets the "security mode bit" in replies to … … 5362 5435 information to the server.</p><p>The default is <code class="literal">security = user</code>, as this is 5363 5436 the most common setting needed when talking to Windows 98 and 5364 Windows NT.</p><p>The alternatives are <code class="literal">security = share</code>,5365 <code class="literal">security = server</code> or <code class="literal">security = domain5366 </code> .</p><p>In versions of Samba prior to 2.0.0, the default was5437 Windows NT.</p><p>The alternatives are 5438 <code class="literal">security = ads</code> or <code class="literal">security = domain 5439 </code>, which support joining Samba to a Windows domain, along with <code class="literal">security = share</code> and <code class="literal">security = server</code>, both of which are deprecated.</p><p>In versions of Samba prior to 2.0.0, the default was 5367 5440 <code class="literal">security = share</code> mainly because that was 5368 the only option at one stage.</p><p>There is a bug in WfWg that has relevance to this 5369 setting. When in user or server level security a WfWg client 5370 will totally ignore the username and password you type in the "connect 5371 drive" dialog box. This makes it very difficult (if not impossible) 5372 to connect to a Samba service as anyone except the user that 5373 you are logged into WfWg as.</p><p>If your PCs use usernames that are the same as their 5374 usernames on the UNIX machine then you will want to use 5375 <code class="literal">security = user</code>. If you mostly use usernames 5376 that don't exist on the UNIX box then use <code class="literal">security = 5377 share</code>.</p><p>You should also use <code class="literal">security = share</code> if you 5441 the only option at one stage.</p><p>You should use <code class="literal">security = user</code> and 5442 <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> if you 5378 5443 want to mainly setup shares without a password (guest shares). This 5379 is commonly used for a shared printer server. It is more difficult 5380 to setup guest shares with <code class="literal">security = user</code>, see 5381 the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details.</p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em> 5444 is commonly used for a shared printer server. </p><p>It is possible to use <code class="literal">smbd</code> in a <span class="emphasis"><em> 5382 5445 hybrid mode</em></span> where it is offers both user and share 5383 level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server, they 5446 level security under different <a class="link" href="smb.conf.5.html#NETBIOSALIASES" target="_top">NetBIOS aliases</a>. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba. 5447 With user-level security a client must first "log-on" with a 5448 valid username and password (which can be mapped using the <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> 5449 parameter). Encrypted passwords (see the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter) can also 5450 be used in this security mode. Parameters such as <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> and <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> if set are then applied and 5451 may change the UNIX user to use on this connection, but only after 5452 the user has been successfully authenticated.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being 5453 requested is <span class="emphasis"><em>not</em></span> sent to the server until after 5454 the server has successfully authenticated the client. This is why 5455 guest shares don't work in user level security without allowing 5456 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. 5457 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a class="citerefentry" href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this 5458 machine into a Windows NT Domain. It expects the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> 5459 parameter to be set to <code class="constant">yes</code>. In this 5460 mode Samba will try to validate the username/password by passing 5461 it to a Windows NT Primary or Backup Domain Controller, in exactly 5462 the same way that a Windows NT Server would do.</p><p><span class="emphasis"><em>Note</em></span> that a valid UNIX user must still 5463 exist as well as the account on the Domain Controller to allow 5464 Samba to have a valid UNIX account to map file access to.</p><p><span class="emphasis"><em>Note</em></span> that from the client's point 5465 of view <code class="literal">security = domain</code> is the same 5466 as <code class="literal">security = user</code>. It only 5467 affects how the server deals with the authentication, 5468 it does not in any way affect what the client sees.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being 5469 requested is <span class="emphasis"><em>not</em></span> sent to the server until after 5470 the server has successfully authenticated the client. This is why 5471 guest shares don't work in user level security without allowing 5472 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. 5473 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"> 5474 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> parameter and 5475 the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This option is deprecated as it is incompatible with SMB2</p></div><p>When clients connect to a share level security server, they 5384 5476 need not log onto the server with a valid username and password before 5385 5477 attempting to connect to a shared resource (although modern clients … … 5416 5508 in share-level security as to which UNIX username will eventually 5417 5509 be used in granting access.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"> 5418 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba 3.0. 5419 With user-level security a client must first "log-on" with a 5420 valid username and password (which can be mapped using the <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> 5421 parameter). Encrypted passwords (see the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter) can also 5422 be used in this security mode. Parameters such as <a class="link" href="smb.conf.5.html#USER" target="_top">user</a> and <a class="link" href="smb.conf.5.html#GUESTONLY" target="_top">guest only</a> if set are then applied and 5423 may change the UNIX user to use on this connection, but only after 5424 the user has been successfully authenticated.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being 5425 requested is <span class="emphasis"><em>not</em></span> sent to the server until after 5426 the server has successfully authenticated the client. This is why 5427 guest shares don't work in user level security without allowing 5428 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. 5429 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a class="citerefentry" href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this 5430 machine into a Windows NT Domain. It expects the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> 5431 parameter to be set to <code class="constant">yes</code>. In this 5432 mode Samba will try to validate the username/password by passing 5433 it to a Windows NT Primary or Backup Domain Controller, in exactly 5434 the same way that a Windows NT Server would do.</p><p><span class="emphasis"><em>Note</em></span> that a valid UNIX user must still 5435 exist as well as the account on the Domain Controller to allow 5436 Samba to have a valid UNIX account to map file access to.</p><p><span class="emphasis"><em>Note</em></span> that from the client's point 5437 of view <code class="literal">security = domain</code> is the same 5438 as <code class="literal">security = user</code>. It only 5439 affects how the server deals with the authentication, 5440 it does not in any way affect what the client sees.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being 5441 requested is <span class="emphasis"><em>not</em></span> sent to the server until after 5442 the server has successfully authenticated the client. This is why 5443 guest shares don't work in user level security without allowing 5444 the server to automatically map unknown users into the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. 5445 See the <a class="link" href="smb.conf.5.html#MAPTOGUEST" target="_top">map to guest</a> parameter for details on doing this.</p><p>See also the section <a class="link" href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION"> 5446 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="link" href="smb.conf.5.html#PASSWORDSERVER" target="_top">password server</a> parameter and 5447 the <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p> 5448 In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an 5510 NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p> 5511 In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an 5449 5512 NT box. If this fails it will revert to <code class="literal">security = user</code>. It expects the 5450 5513 <a class="link" href="smb.conf.5.html#ENCRYPTEDPASSWORDS" target="_top">encrypted passwords</a> parameter to be set to <code class="constant">yes</code>, unless the remote … … 5455 5518 significant pitfalls since it is more vulnerable to 5456 5519 man-in-the-middle attacks and server impersonation. In particular, 5457 this mode of operation can cause significant resource consu ption on5520 this mode of operation can cause significant resource consumption on 5458 5521 the PDC, as it must maintain an active connection for the duration 5459 5522 of the user's session. Furthermore, if this connection is lost, 5460 there is no way to reestablish it, and fu ther authentications to the5523 there is no way to reestablish it, and further authentications to the 5461 5524 Samba server may fail (from a single client, till it disconnects). 5525 </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>If the client selects NTLMv2 authentication, then this mode of operation <span class="emphasis"><em>will fail</em></span> 5462 5526 </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>From the client's point of 5463 5527 view, <code class="literal">security = server</code> is the 5464 5528 same as <code class="literal">security = user</code>. It 5465 5529 only affects how the server deals with the authentication, it does 5466 not in any way affect what the client sees.</p></div>< p><span class="emphasis"><em>Note</em></span> that the name of the resource being5530 not in any way affect what the client sees.</p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This option is deprecated, and may be removed in future</p></div><p><span class="emphasis"><em>Note</em></span> that the name of the resource being 5467 5531 requested is <span class="emphasis"><em>not</em></span> sent to the server until after 5468 5532 the server has successfully authenticated the client. This is why … … 5479 5543 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>security</code></em> = <code class="literal">DOMAIN</code> 5480 5544 </em></span> 5481 </p></dd></dl></div></div><div class="section" title="send spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333 789"></a>5545 </p></dd></dl></div></div><div class="section" title="send spnego principal (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id333989"></a> 5482 5546 5483 5547 send spnego principal (G) 5484 </h3></div></div></div><a class="indexterm" name="id333 790"></a><a name="SENDSPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not5548 </h3></div></div></div><a class="indexterm" name="id333990"></a><a name="SENDSPNEGOPRINCIPAL"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines whether or not 5485 5549 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will send the 5486 5550 server-supplied principal sometimes given in the SPNEGO … … 5495 5559 this value in all circumstances. </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>send spnego principal</code></em> = <code class="literal">no</code> 5496 5560 </em></span> 5497 </p></dd></dl></div></div><div class="section" title="server schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 3854"></a>5561 </p></dd></dl></div></div><div class="section" title="server schannel (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334054"></a> 5498 5562 5499 5563 server schannel (G) 5500 </h3></div></div></div><a class="indexterm" name="id33 3855"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p>5564 </h3></div></div></div><a class="indexterm" name="id334055"></a><a name="SERVERSCHANNEL"></a><div class="variablelist"><dl><dt></dt><dd><p> 5501 5565 This controls whether the server offers or even demands the use of the netlogon schannel. 5502 5566 <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = no</a> does not offer the schannel, <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = auto</a> offers the schannel but does not enforce it, and <a class="link" href="smb.conf.5.html#SERVERSCHANNEL" target="_top">server schannel = yes</a> denies access if the client is not able to speak netlogon schannel. … … 5509 5573 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server schannel</code></em> = <code class="literal">yes</code> 5510 5574 </em></span> 5511 </p></dd></dl></div></div><div class="section" title="server signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 3962"></a>5575 </p></dd></dl></div></div><div class="section" title="server signing (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334161"></a> 5512 5576 5513 5577 server signing (G) 5514 </h3></div></div></div><a class="indexterm" name="id33 3963"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values5578 </h3></div></div></div><a class="indexterm" name="id334162"></a><a name="SERVERSIGNING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls whether the client is allowed or required to use SMB signing. Possible values 5515 5579 are <span class="emphasis"><em>auto</em></span>, <span class="emphasis"><em>mandatory</em></span> 5516 5580 and <span class="emphasis"><em>disabled</em></span>. … … 5519 5583 to disabled, SMB signing is not offered either.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>server signing</code></em> = <code class="literal">Disabled</code> 5520 5584 </em></span> 5521 </p></dd></dl></div></div><div class="section" title="server string (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 019"></a>5585 </p></dd></dl></div></div><div class="section" title="server string (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334218"></a> 5522 5586 5523 5587 server string (G) 5524 </h3></div></div></div><a class="indexterm" name="id334 020"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print5588 </h3></div></div></div><a class="indexterm" name="id334220"></a><a name="SERVERSTRING"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what string will show up in the printer comment box in print 5525 5589 manager and next to the IPC connection in <code class="literal">net view</code>. It 5526 5590 can be any string that you wish to show to your users.</p><p>It also sets what will appear in browse lists next … … 5531 5595 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>server string</code></em> = <code class="literal">University of GNUs Samba Server</code> 5532 5596 </em></span> 5533 </p></dd></dl></div></div><div class="section" title="set directory (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 106"></a>5597 </p></dd></dl></div></div><div class="section" title="set directory (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334305"></a> 5534 5598 5535 5599 set directory (S) 5536 </h3></div></div></div><a class="indexterm" name="id334 107"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>5600 </h3></div></div></div><a class="indexterm" name="id334306"></a><a name="SETDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p> 5537 5601 If <code class="literal">set directory = no</code>, then users of the 5538 5602 service may not use the setdir command to change directory. … … 5543 5607 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>set directory</code></em> = <code class="literal">no</code> 5544 5608 </em></span> 5545 </p></dd></dl></div></div><div class="section" title="set primary group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 163"></a>5609 </p></dd></dl></div></div><div class="section" title="set primary group script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334363"></a> 5546 5610 5547 5611 set primary group script (G) 5548 </h3></div></div></div><a class="indexterm" name="id334 164"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a5612 </h3></div></div></div><a class="indexterm" name="id334364"></a><a name="SETPRIMARYGROUPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>Thanks to the Posix subsystem in NT a Windows User has a 5549 5613 primary group in addition to the auxiliary groups. This script 5550 5614 sets the primary group in the unix userdatase when an … … 5558 5622 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set primary group script</code></em> = <code class="literal">/usr/sbin/usermod -g '%g' '%u'</code> 5559 5623 </em></span> 5560 </p></dd></dl></div></div><div class="section" title="set quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 240"></a>5624 </p></dd></dl></div></div><div class="section" title="set quota command (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334440"></a> 5561 5625 5562 5626 set quota command (G) 5563 </h3></div></div></div><a class="indexterm" name="id334 241"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used5627 </h3></div></div></div><a class="indexterm" name="id334441"></a><a name="SETQUOTACOMMAND"></a><div class="variablelist"><dl><dt></dt><dd><p>The <code class="literal">set quota command</code> should only be used 5564 5628 whenever there is no operating system API available from the OS that 5565 5629 samba can use.</p><p>This option is only available if Samba was configured with the argument <code class="literal">--with-sys-quotas</code> or … … 5571 5635 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>set quota command</code></em> = <code class="literal">/usr/local/sbin/set_quota</code> 5572 5636 </em></span> 5573 </p></dd></dl></div></div><div class="section" title="share:fake_fscaps (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 394"></a>5637 </p></dd></dl></div></div><div class="section" title="share:fake_fscaps (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334594"></a> 5574 5638 5575 5639 share:fake_fscaps (G) 5576 </h3></div></div></div><a class="indexterm" name="id334 395"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p>5640 </h3></div></div></div><a class="indexterm" name="id334595"></a><a name="SHARE:FAKE_FSCAPS"></a><div class="variablelist"><dl><dt></dt><dd><p> 5577 5641 This is needed to support some special application that makes 5578 5642 QFSINFO calls to check whether we set the SPARSE_FILES bit … … 5584 5648 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share:fake_fscaps</code></em> = <code class="literal">0</code> 5585 5649 </em></span> 5586 </p></dd></dl></div></div><div class="section" title="share modes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 450"></a>5650 </p></dd></dl></div></div><div class="section" title="share modes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334650"></a> 5587 5651 5588 5652 share modes (S) 5589 </h3></div></div></div><a class="indexterm" name="id334 451"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of5653 </h3></div></div></div><a class="indexterm" name="id334651"></a><a name="SHAREMODES"></a><div class="variablelist"><dl><dt></dt><dd><p>This enables or disables the honoring of 5590 5654 the <em class="parameter"><code>share modes</code></em> during a file open. These 5591 5655 modes are used by clients to gain exclusive read or write access … … 5599 5663 off as many Windows applications will break if you do so.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>share modes</code></em> = <code class="literal">yes</code> 5600 5664 </em></span> 5601 </p></dd></dl></div></div><div class="section" title="short preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 520"></a>5665 </p></dd></dl></div></div><div class="section" title="short preserve case (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id334720"></a> 5602 5666 5603 5667 short preserve case (S) 5604 </h3></div></div></div><a class="indexterm" name="id334 522"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p>5668 </h3></div></div></div><a class="indexterm" name="id334721"></a><a name="SHORTPRESERVECASE"></a><div class="variablelist"><dl><dt></dt><dd><p> 5605 5669 This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of 5606 5670 suitable length, are created upper case, or if they are forced to be the <a class="link" href="smb.conf.5.html#DEFAULTCASE" target="_top">default case</a>. … … 5609 5673 </p><p>See the section on <a class="link" href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = <code class="literal">yes</code> 5610 5674 </em></span> 5611 </p></dd></dl></div></div><div class="section" title="show add printer wizard (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 594"></a>5675 </p></dd></dl></div></div><div class="section" title="show add printer wizard (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334794"></a> 5612 5676 5613 5677 show add printer wizard (G) 5614 </h3></div></div></div><a class="indexterm" name="id334 595"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support5678 </h3></div></div></div><a class="indexterm" name="id334795"></a><a name="SHOWADDPRINTERWIZARD"></a><div class="variablelist"><dl><dt></dt><dd><p>With the introduction of MS-RPC based printing support 5615 5679 for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 5616 5680 appear on Samba hosts in the share listing. Normally this folder will … … 5630 5694 administrative privilege on an individual printer.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>show add printer wizard</code></em> = <code class="literal">yes</code> 5631 5695 </em></span> 5632 </p></dd></dl></div></div><div class="section" title="shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334 667"></a>5696 </p></dd></dl></div></div><div class="section" title="shutdown script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id334866"></a> 5633 5697 5634 5698 shutdown script (G) 5635 </h3></div></div></div><a class="indexterm" name="id334 668"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by5699 </h3></div></div></div><a class="indexterm" name="id334868"></a><a name="SHUTDOWNSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This a full path name to a script called by 5636 5700 <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that should 5637 5701 start a shutdown procedure.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>, … … 5659 5723 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>shutdown script</code></em> = <code class="literal">/usr/local/samba/sbin/shutdown %m %t %r %f</code> 5660 5724 </em></span> 5661 </p></dd></dl></div></div><div class="section" title="smb2 max credits (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 4813"></a>5725 </p></dd></dl></div></div><div class="section" title="smb2 max credits (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335013"></a> 5662 5726 5663 5727 smb2 max credits (G) 5664 </h3></div></div></div><a class="indexterm" name="id33 4814"></a><a name="SMB2MAXCREDITS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of outstanding simultaneous SMB2 operations5728 </h3></div></div></div><a class="indexterm" name="id335014"></a><a name="SMB2MAXCREDITS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum number of outstanding simultaneous SMB2 operations 5665 5729 that Samba tells the client it will allow. This is similar to the <a class="link" href="smb.conf.5.html#MAXMUX" target="_top">max mux</a> 5666 5730 parameter for SMB1. You should never need to set this parameter. 5667 </p><p>The default is 128 credits, which is the same as a Windows SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max credits</code></em> = <code class="literal">128</code>5668 </em></span> 5669 </p></dd></dl></div></div><div class="section" title="smb2 max read (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 4871"></a>5731 </p><p>The default is 8192 credits, which is the same as a Windows 2008R2 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max credits</code></em> = <code class="literal">8192</code> 5732 </em></span> 5733 </p></dd></dl></div></div><div class="section" title="smb2 max read (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335070"></a> 5670 5734 5671 5735 smb2 max read (G) 5672 </h3></div></div></div><a class="indexterm" name="id33 4872"></a><a name="SMB2MAXREAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest5736 </h3></div></div></div><a class="indexterm" name="id335071"></a><a name="SMB2MAXREAD"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest 5673 5737 size that may be returned by a single SMB2 read call. 5674 </p><p>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max read</code></em> = <code class="literal">1048576</code>5675 </em></span> 5676 </p></dd></dl></div></div><div class="section" title="smb2 max trans (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 4924"></a>5738 </p><p>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max read</code></em> = <code class="literal">65536</code> 5739 </em></span> 5740 </p></dd></dl></div></div><div class="section" title="smb2 max trans (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335124"></a> 5677 5741 5678 5742 smb2 max trans (G) 5679 </h3></div></div></div><a class="indexterm" name="id33 4925"></a><a name="SMB2MAXTRANS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest5743 </h3></div></div></div><a class="indexterm" name="id335125"></a><a name="SMB2MAXTRANS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest 5680 5744 size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls. 5681 </p><p>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max trans</code></em> = <code class="literal">1048576</code>5682 </em></span> 5683 </p></dd></dl></div></div><div class="section" title="smb2 max write (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 4979"></a>5745 </p><p>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max trans</code></em> = <code class="literal">65536</code> 5746 </em></span> 5747 </p></dd></dl></div></div><div class="section" title="smb2 max write (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335179"></a> 5684 5748 5685 5749 smb2 max write (G) 5686 </h3></div></div></div><a class="indexterm" name="id33 4980"></a><a name="SMB2MAXWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest5750 </h3></div></div></div><a class="indexterm" name="id335180"></a><a name="SMB2MAXWRITE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option specifies the protocol value that <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will return to a client, informing the client of the largest 5687 5751 size that may be sent to the server by a single SMB2 write call. 5688 </p><p>The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max write</code></em> = <code class="literal">1048576</code>5689 </em></span> 5690 </p></dd></dl></div></div><div class="section" title="smb encrypt (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 033"></a>5752 </p><p>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb2 max write</code></em> = <code class="literal">65536</code> 5753 </em></span> 5754 </p></dd></dl></div></div><div class="section" title="smb encrypt (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335233"></a> 5691 5755 5692 5756 smb encrypt (S) 5693 </h3></div></div></div><a class="indexterm" name="id335 034"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an5757 </h3></div></div></div><a class="indexterm" name="id335234"></a><a name="SMBENCRYPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a new feature introduced with Samba 3.2 and above. It is an 5694 5758 extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions. 5695 5759 SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt … … 5719 5783 to disabled, SMB encryption can not be negotiated.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb encrypt</code></em> = <code class="literal">auto</code> 5720 5784 </em></span> 5721 </p></dd></dl></div></div><div class="section" title="smb passwd file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 124"></a>5785 </p></dd></dl></div></div><div class="section" title="smb passwd file (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335324"></a> 5722 5786 5723 5787 smb passwd file (G) 5724 </h3></div></div></div><a class="indexterm" name="id335 125"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By5788 </h3></div></div></div><a class="indexterm" name="id335325"></a><a name="SMBPASSWDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>This option sets the path to the encrypted smbpasswd file. By 5725 5789 default the path to the smbpasswd file is compiled into Samba.</p><p> 5726 5790 An example of use is: … … 5730 5794 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb passwd file</code></em> = <code class="literal">${prefix}/private/smbpasswd</code> 5731 5795 </em></span> 5732 </p></dd></dl></div></div><div class="section" title="smb ports (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 176"></a>5796 </p></dd></dl></div></div><div class="section" title="smb ports (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335376"></a> 5733 5797 5734 5798 smb ports (G) 5735 </h3></div></div></div><a class="indexterm" name="id335 177"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code>5736 </em></span> 5737 </p></dd></dl></div></div><div class="section" title="socket address (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 217"></a>5799 </h3></div></div></div><a class="indexterm" name="id335377"></a><a name="SMBPORTS"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies which ports the server should listen on for SMB traffic.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>smb ports</code></em> = <code class="literal">445 139</code> 5800 </em></span> 5801 </p></dd></dl></div></div><div class="section" title="socket address (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335416"></a> 5738 5802 5739 5803 socket address (G) 5740 </h3></div></div></div><a class="indexterm" name="id335 218"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what5804 </h3></div></div></div><a class="indexterm" name="id335417"></a><a name="SOCKETADDRESS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to control what 5741 5805 address Samba will listen for connections on. This is used to 5742 5806 support multiple virtual interfaces on the one server, each … … 5747 5811 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket address</code></em> = <code class="literal">192.168.2.20</code> 5748 5812 </em></span> 5749 </p></dd></dl></div></div><div class="section" title="socket options (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 283"></a>5813 </p></dd></dl></div></div><div class="section" title="socket options (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335482"></a> 5750 5814 5751 5815 socket options (G) 5752 </h3></div></div></div><a class="indexterm" name="id335 284"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options5816 </h3></div></div></div><a class="indexterm" name="id335483"></a><a name="SOCKETOPTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option allows you to set socket options 5753 5817 to be used when talking with the client.</p><p>Socket options are controls on the networking layer 5754 5818 of the operating systems which allow the connection to be … … 5778 5842 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>socket options</code></em> = <code class="literal">IPTOS_LOWDELAY</code> 5779 5843 </em></span> 5780 </p></dd></dl></div></div><div class="section" title="stat cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 475"></a>5844 </p></dd></dl></div></div><div class="section" title="stat cache (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335675"></a> 5781 5845 5782 5846 stat cache (G) 5783 </h3></div></div></div><a class="indexterm" name="id335 476"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to5847 </h3></div></div></div><a class="indexterm" name="id335676"></a><a name="STATCACHE"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will use a cache in order to 5784 5848 speed up case insensitive name mappings. You should never need 5785 5849 to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>stat cache</code></em> = <code class="literal">yes</code> 5786 5850 </em></span> 5787 </p></dd></dl></div></div><div class="section" title="state directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 525"></a>5851 </p></dd></dl></div></div><div class="section" title="state directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id335725"></a> 5788 5852 5789 5853 state directory (G) 5790 </h3></div></div></div><a class="indexterm" name="id335 526"></a><a name="STATEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the5854 </h3></div></div></div><a class="indexterm" name="id335726"></a><a name="STATEDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>Usually, most of the TDB files are stored in the 5791 5855 <em class="parameter"><code>lock directory</code></em>. Since 5792 5856 Samba 3.4.0, it is possible to differentiate between TDB files … … 5800 5864 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>state directory</code></em> = <code class="literal">/var/run/samba/locks/state</code> 5801 5865 </em></span> 5802 </p></dd></dl></div></div><div class="section" title="store dos attributes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 607"></a>5866 </p></dd></dl></div></div><div class="section" title="store dos attributes (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335807"></a> 5803 5867 5804 5868 store dos attributes (S) 5805 </h3></div></div></div><a class="indexterm" name="id335 608"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p>5869 </h3></div></div></div><a class="indexterm" name="id335808"></a><a name="STOREDOSATTRIBUTES"></a><div class="variablelist"><dl><dt></dt><dd><p> 5806 5870 If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or 5807 5871 READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such … … 5822 5886 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>store dos attributes</code></em> = <code class="literal">no</code> 5823 5887 </em></span> 5824 </p></dd></dl></div></div><div class="section" title="strict allocate (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 731"></a>5888 </p></dd></dl></div></div><div class="section" title="strict allocate (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335923"></a> 5825 5889 5826 5890 strict allocate (S) 5827 </h3></div></div></div><a class="indexterm" name="id335 732"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of5891 </h3></div></div></div><a class="indexterm" name="id335924"></a><a name="STRICTALLOCATE"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls the handling of 5828 5892 disk space allocation in the server. When this is set to <code class="constant">yes</code> 5829 5893 the server will change from UNIX behaviour of not committing real … … 5831 5895 of actually forcing the disk system to allocate real storage blocks 5832 5896 when a file is created or extended to be a given size. In UNIX 5833 terminology this means that Samba will stop creating sparse files. 5834 Modern UNIX filesystems now support extents and so in Samba 3.6.0 we 5835 have changed this parameter to default to "yes". On older filesystems 5836 without extents you might want to turn this parameter to "no". 5837 </p><p>When you have an extent based filesystem it's likely that we can make 5897 terminology this means that Samba will stop creating sparse files.</p><p>This option is really desgined for file systems that support 5898 fast allocation of large numbers of blocks such as extent-based file systems. 5899 On file systems that don't support extents (most notably ext3) this can 5900 make Samba slower. When you work with large files over >100MB on file 5901 systems without extents you may even run into problems with clients 5902 running into timeouts.</p><p>When you have an extent based filesystem it's likely that we can make 5838 5903 use of unwritten extents which allows Samba to allocate even large amounts 5839 5904 of space very fast and you will not see any timeout problems caused by … … 5847 5912 performance and risk to let clients run into timeouts when creating large 5848 5913 files. Examples are ext3, ZFS, HFS+ and most others, so be aware if you 5849 leave the default setting on those filesystems.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">yes</code>5850 </em></span> 5851 </p></dd></dl></div></div><div class="section" title="strict locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335 795"></a>5914 activate this setting on those filesystems.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict allocate</code></em> = <code class="literal">no</code> 5915 </em></span> 5916 </p></dd></dl></div></div><div class="section" title="strict locking (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id335994"></a> 5852 5917 5853 5918 strict locking (S) 5854 </h3></div></div></div><a class="indexterm" name="id335 796"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p>5919 </h3></div></div></div><a class="indexterm" name="id335995"></a><a name="STRICTLOCKING"></a><div class="variablelist"><dl><dt></dt><dd><p> 5855 5920 This is an enumerated type that controls the handling of file locking in the server. When this is set to <code class="constant">yes</code>, 5856 5921 the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on … … 5868 5933 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict locking</code></em> = <code class="literal">Auto</code> 5869 5934 </em></span> 5870 </p></dd></dl></div></div><div class="section" title="strict sync (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 5868"></a>5935 </p></dd></dl></div></div><div class="section" title="strict sync (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336066"></a> 5871 5936 5872 5937 strict sync (S) 5873 </h3></div></div></div><a class="indexterm" name="id33 5869"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer5938 </h3></div></div></div><a class="indexterm" name="id336067"></a><a name="STRICTSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>Many Windows applications (including the Windows 98 explorer 5874 5939 shell) seem to confuse flushing buffer contents to disk with doing 5875 5940 a sync to disk. Under UNIX, a sync call forces the process to be … … 5885 5950 reported with the new Windows98 explorer shell file copies.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>strict sync</code></em> = <code class="literal">no</code> 5886 5951 </em></span> 5887 </p></dd></dl></div></div><div class="section" title="svcctl list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 5926"></a>5952 </p></dd></dl></div></div><div class="section" title="svcctl list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336124"></a> 5888 5953 5889 5954 svcctl list (G) 5890 </h3></div></div></div><a class="indexterm" name="id33 5927"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd5955 </h3></div></div></div><a class="indexterm" name="id336125"></a><a name="SVCCTLLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This option defines a list of init scripts that smbd 5891 5956 will use for starting and stopping Unix services via the Win32 5892 5957 ServiceControl API. This allows Windows administrators to … … 5901 5966 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>svcctl list</code></em> = <code class="literal">cups postfix portmap httpd</code> 5902 5967 </em></span> 5903 </p></dd></dl></div></div><div class="section" title="sync always (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 006"></a>5968 </p></dd></dl></div></div><div class="section" title="sync always (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336204"></a> 5904 5969 5905 5970 sync always (S) 5906 </h3></div></div></div><a class="indexterm" name="id336 007"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls5971 </h3></div></div></div><a class="indexterm" name="id336205"></a><a name="SYNCALWAYS"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean parameter that controls 5907 5972 whether writes will always be written to stable storage before 5908 5973 the write call returns. If this is <code class="constant">no</code> then the server will be … … 5915 5980 any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>sync always</code></em> = <code class="literal">no</code> 5916 5981 </em></span> 5917 </p></dd></dl></div></div><div class="section" title="syslog only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 072"></a>5982 </p></dd></dl></div></div><div class="section" title="syslog only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336271"></a> 5918 5983 5919 5984 syslog only (G) 5920 </h3></div></div></div><a class="indexterm" name="id336 074"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>5985 </h3></div></div></div><a class="indexterm" name="id336272"></a><a name="SYSLOGONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 5921 5986 If this parameter is set then Samba debug messages are logged into the system 5922 5987 syslog only, and not to the debug log files. There still will be some … … 5924 5989 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog only</code></em> = <code class="literal">no</code> 5925 5990 </em></span> 5926 </p></dd></dl></div></div><div class="section" title="syslog (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 118"></a>5991 </p></dd></dl></div></div><div class="section" title="syslog (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336316"></a> 5927 5992 5928 5993 syslog (G) 5929 </h3></div></div></div><a class="indexterm" name="id336 119"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p>5994 </h3></div></div></div><a class="indexterm" name="id336317"></a><a name="SYSLOG"></a><div class="variablelist"><dl><dt></dt><dd><p> 5930 5995 This parameter maps how Samba debug messages are logged onto the system syslog logging levels. 5931 5996 Samba debug level zero maps onto syslog <code class="constant">LOG_ERR</code>, debug level one maps onto … … 5938 6003 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>syslog</code></em> = <code class="literal">1</code> 5939 6004 </em></span> 5940 </p></dd></dl></div></div><div class="section" title="template homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 185"></a>6005 </p></dd></dl></div></div><div class="section" title="template homedir (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336383"></a> 5941 6006 5942 6007 template homedir (G) 5943 </h3></div></div></div><a class="indexterm" name="id336 186"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT6008 </h3></div></div></div><a class="indexterm" name="id336384"></a><a name="TEMPLATEHOMEDIR"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT 5944 6009 user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this 5945 6010 parameter to fill in the home directory for that user. If the … … 5949 6014 is substituted with the user's Windows NT user name.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>template homedir</code></em> = <code class="literal">/home/%D/%U</code> 5950 6015 </em></span> 5951 </p></dd></dl></div></div><div class="section" title="template shell (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 247"></a>6016 </p></dd></dl></div></div><div class="section" title="template shell (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336445"></a> 5952 6017 5953 6018 template shell (G) 5954 </h3></div></div></div><a class="indexterm" name="id336 248"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT6019 </h3></div></div></div><a class="indexterm" name="id336446"></a><a name="TEMPLATESHELL"></a><div class="variablelist"><dl><dt></dt><dd><p>When filling out the user information for a Windows NT 5955 6020 user, the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon uses this 5956 parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="time offset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 284"></a>6021 parameter to fill in the login shell for that user.</p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="time offset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336482"></a> 5957 6022 5958 6023 time offset (G) 5959 </h3></div></div></div><a class="indexterm" name="id336 285"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a setting in minutes to add6024 </h3></div></div></div><a class="indexterm" name="id336483"></a><a name="TIMEOFFSET"></a><div class="variablelist"><dl><dt></dt><dd><p>This deprecated parameter is a setting in minutes to add 5960 6025 to the normal GMT to local time conversion. This is useful if 5961 6026 you are serving a lot of PCs that have incorrect daylight 5962 saving time handling.</p>< p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code>6027 saving time handling.</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This option is deprecated, and will be removed in the next major release</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">0</code> 5963 6028 </em></span> 5964 6029 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>time offset</code></em> = <code class="literal">60</code> 5965 6030 </em></span> 5966 </p></dd></dl></div></div><div class="section" title="time server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 343"></a>6031 </p></dd></dl></div></div><div class="section" title="time server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336547"></a> 5967 6032 5968 6033 time server (G) 5969 </h3></div></div></div><a class="indexterm" name="id336 344"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows6034 </h3></div></div></div><a class="indexterm" name="id336548"></a><a name="TIMESERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter determines if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> advertises itself as a time server to Windows 5970 6035 clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>time server</code></em> = <code class="literal">no</code> 5971 6036 </em></span> 5972 </p></dd></dl></div></div><div class="section" title="unix charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 393"></a>6037 </p></dd></dl></div></div><div class="section" title="unix charset (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336596"></a> 5973 6038 5974 6039 unix charset (G) 5975 </h3></div></div></div><a class="indexterm" name="id336 394"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine6040 </h3></div></div></div><a class="indexterm" name="id336597"></a><a name="UNIXCHARSET"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies the charset the unix machine 5976 6041 Samba runs on uses. Samba needs to know this in order to be able to 5977 6042 convert text to the charsets other SMB clients use. … … 5982 6047 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>unix charset</code></em> = <code class="literal">ASCII</code> 5983 6048 </em></span> 5984 </p></dd></dl></div></div><div class="section" title="unix extensions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 456"></a>6049 </p></dd></dl></div></div><div class="section" title="unix extensions (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336659"></a> 5985 6050 5986 6051 unix extensions (G) 5987 </h3></div></div></div><a class="indexterm" name="id336 457"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba6052 </h3></div></div></div><a class="indexterm" name="id336660"></a><a name="UNIXEXTENSIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba 5988 6053 implements the CIFS UNIX extensions, as defined by HP. 5989 6054 These extensions enable Samba to better serve UNIX CIFS clients … … 5993 6058 Note if this parameter is turned on, the <a class="link" href="smb.conf.5.html#WIDELINKS" target="_top">wide links</a> 5994 6059 parameter will automatically be disabled. 6060 </p><p> 6061 See the parameter <a class="link" href="smb.conf.5.html#ALLOWINSECUREWIDELINKS" target="_top">allow insecure wide links</a> 6062 if you wish to change this coupling between the two parameters. 5995 6063 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix extensions</code></em> = <code class="literal">yes</code> 5996 6064 </em></span> 5997 </p></dd></dl></div></div><div class="section" title="unix password sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 517"></a>6065 </p></dd></dl></div></div><div class="section" title="unix password sync (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336732"></a> 5998 6066 5999 6067 unix password sync (G) 6000 </h3></div></div></div><a class="indexterm" name="id336 518"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba6068 </h3></div></div></div><a class="indexterm" name="id336733"></a><a name="UNIXPASSWORDSYNC"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean parameter controls whether Samba 6001 6069 attempts to synchronize the UNIX password with the SMB password 6002 6070 when the encrypted SMB password in the smbpasswd file is changed. … … 6007 6075 access to the old password cleartext, only the new).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>unix password sync</code></em> = <code class="literal">no</code> 6008 6076 </em></span> 6009 </p></dd></dl></div></div><div class="section" title="use client driver (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 574"></a>6077 </p></dd></dl></div></div><div class="section" title="use client driver (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id336789"></a> 6010 6078 6011 6079 use client driver (S) 6012 </h3></div></div></div><a class="indexterm" name="id336 575"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/20006080 </h3></div></div></div><a class="indexterm" name="id336790"></a><a name="USECLIENTDRIVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter applies only to Windows NT/2000 6013 6081 clients. It has no effect on Windows 95/98/ME clients. When 6014 6082 serving a printer to Windows NT/2000 clients without first installing … … 6035 6103 server.</em></span></p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use client driver</code></em> = <code class="literal">no</code> 6036 6104 </em></span> 6037 </p></dd></dl></div></div><div class="section" title="use mmap (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 642"></a>6105 </p></dd></dl></div></div><div class="section" title="use mmap (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336857"></a> 6038 6106 6039 6107 use mmap (G) 6040 </h3></div></div></div><a class="indexterm" name="id336 643"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can6108 </h3></div></div></div><a class="indexterm" name="id336858"></a><a name="USEMMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>This global parameter determines if the tdb internals of Samba can 6041 6109 depend on mmap working correctly on the running system. Samba requires a coherent 6042 6110 mmap/read-write system memory cache. Currently only HPUX does not have such a … … 6047 6115 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use mmap</code></em> = <code class="literal">yes</code> 6048 6116 </em></span> 6049 </p></dd></dl></div></div><div class="section" title="username level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 690"></a>6117 </p></dd></dl></div></div><div class="section" title="username level (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336905"></a> 6050 6118 6051 6119 username level (G) 6052 </h3></div></div></div><a class="indexterm" name="id336 691"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at6120 </h3></div></div></div><a class="indexterm" name="id336906"></a><a name="USERNAMELEVEL"></a><div class="variablelist"><dl><dt></dt><dd><p>This option helps Samba to try and 'guess' at 6053 6121 the real UNIX username, as many DOS clients send an all-uppercase 6054 6122 username. By default Samba tries all lowercase, followed by the … … 6065 6133 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username level</code></em> = <code class="literal">5</code> 6066 6134 </em></span> 6067 </p></dd></dl></div></div><div class="section" title="username map cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336 763"></a>6135 </p></dd></dl></div></div><div class="section" title="username map cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id336979"></a> 6068 6136 6069 6137 username map cache time (G) 6070 </h3></div></div></div><a class="indexterm" name="id336 764"></a><a name="USERNAMEMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>6138 </h3></div></div></div><a class="indexterm" name="id336980"></a><a name="USERNAMEMAPCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p> 6071 6139 Mapping usernames with the <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> 6072 6140 or <a class="link" href="smb.conf.5.html#USERNAMEMAPSCRIPT" target="_top">username map script</a> … … 6085 6153 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map cache time</code></em> = <code class="literal">60</code> 6086 6154 </em></span> 6087 </p></dd></dl></div></div><div class="section" title="username map script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 6873"></a>6155 </p></dd></dl></div></div><div class="section" title="username map script (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337089"></a> 6088 6156 6089 6157 username map script (G) 6090 </h3></div></div></div><a class="indexterm" name="id33 6874"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the6158 </h3></div></div></div><a class="indexterm" name="id337090"></a><a name="USERNAMEMAPSCRIPT"></a><div class="variablelist"><dl><dt></dt><dd><p>This script is a mutually exclusive alternative to the 6091 6159 <a class="link" href="smb.conf.5.html#USERNAMEMAP" target="_top">username map</a> parameter. This parameter 6092 6160 specifies and external program or script that must accept a single … … 6099 6167 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username map script</code></em> = <code class="literal">/etc/samba/scripts/mapusers.sh</code> 6100 6168 </em></span> 6101 </p></dd></dl></div></div><div class="section" title="username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 6944"></a>6169 </p></dd></dl></div></div><div class="section" title="username map (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337160"></a> 6102 6170 6103 6171 username map (G) 6104 </h3></div></div></div><a class="indexterm" name="id33 6945"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p>6172 </h3></div></div></div><a class="indexterm" name="id337161"></a><a name="USERNAMEMAP"></a><div class="variablelist"><dl><dt></dt><dd><p> 6105 6173 This option allows you to specify a file containing a mapping of usernames from the clients to the server. 6106 6174 This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows … … 6186 6254 # no username map</code> 6187 6255 </em></span> 6188 </p></dd></dl></div></div><div class="section" title="user"><div class="titlepage"><div><div><h3 class="title"><a name="id337 186"></a>6256 </p></dd></dl></div></div><div class="section" title="user"><div class="titlepage"><div><div><h3 class="title"><a name="id337402"></a> 6189 6257 6190 6258 <a name="USER"></a>user 6191 </h3></div></div></div><a class="indexterm" name="id337 187"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="users"><div class="titlepage"><div><div><h3 class="title"><a name="id337217"></a>6259 </h3></div></div></div><a class="indexterm" name="id337403"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="users"><div class="titlepage"><div><div><h3 class="title"><a name="id337433"></a> 6192 6260 6193 6261 <a name="USERS"></a>users 6194 </h3></div></div></div><a class="indexterm" name="id337 218"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id337248"></a>6262 </h3></div></div></div><a class="indexterm" name="id337434"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#USERNAME">username</a>.</p></dd></dl></div></div><div class="section" title="username (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id337465"></a> 6195 6263 6196 6264 username (S) 6197 </h3></div></div></div><a class="indexterm" name="id337 250"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited6265 </h3></div></div></div><a class="indexterm" name="id337466"></a><a name="USERNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>Multiple users may be specified in a comma-delimited 6198 6266 list, in which case the supplied password will be tested against 6199 each username in turn (left to right).</p><p>The <em class="parameter"><code>username</code></em> line is needed only when6267 each username in turn (left to right).</p><p>The deprecated <em class="parameter"><code>username</code></em> line is needed only when 6200 6268 the PC is unable to supply its own username. This is the case 6201 6269 for the COREPLUS protocol or where your users have different WfWg … … 6233 6301 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>username</code></em> = <code class="literal">fred, mary, jack, jane, @users, @pcgroup</code> 6234 6302 </em></span> 6235 </p></dd></dl></div></div><div class="section" title="usershare allow guests (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337 395"></a>6303 </p></dd></dl></div></div><div class="section" title="usershare allow guests (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337611"></a> 6236 6304 6237 6305 usershare allow guests (G) 6238 </h3></div></div></div><a class="indexterm" name="id337 396"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed6306 </h3></div></div></div><a class="indexterm" name="id337612"></a><a name="USERSHAREALLOWGUESTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether user defined shares are allowed 6239 6307 to be accessed by non-authenticated users or not. It is the equivalent 6240 6308 of allowing people who can create a share the option of setting … … 6243 6311 is set to off.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare allow guests</code></em> = <code class="literal">no</code> 6244 6312 </em></span> 6245 </p></dd></dl></div></div><div class="section" title="usershare max shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337 444"></a>6313 </p></dd></dl></div></div><div class="section" title="usershare max shares (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337660"></a> 6246 6314 6247 6315 usershare max shares (G) 6248 </h3></div></div></div><a class="indexterm" name="id337 445"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares6316 </h3></div></div></div><a class="indexterm" name="id337661"></a><a name="USERSHAREMAXSHARES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of user defined shares 6249 6317 that are allowed to be created by users belonging to the group owning the 6250 6318 usershare directory. If set to zero (the default) user defined shares are ignored. 6251 6319 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare max shares</code></em> = <code class="literal">0</code> 6252 6320 </em></span> 6253 </p></dd></dl></div></div><div class="section" title="usershare owner only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337 486"></a>6321 </p></dd></dl></div></div><div class="section" title="usershare owner only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337702"></a> 6254 6322 6255 6323 usershare owner only (G) 6256 </h3></div></div></div><a class="indexterm" name="id337 487"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by6324 </h3></div></div></div><a class="indexterm" name="id337703"></a><a name="USERSHAREOWNERONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether the pathname exported by 6257 6325 a user defined shares must be owned by the user creating the 6258 6326 user defined share or not. If set to True (the default) then … … 6264 6332 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code> 6265 6333 </em></span> 6266 </p></dd></dl></div></div><div class="section" title="usershare path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337 530"></a>6334 </p></dd></dl></div></div><div class="section" title="usershare path (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337746"></a> 6267 6335 6268 6336 usershare path (G) 6269 </h3></div></div></div><a class="indexterm" name="id337 531"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the6337 </h3></div></div></div><a class="indexterm" name="id337747"></a><a name="USERSHAREPATH"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the absolute path of the directory on the 6270 6338 filesystem used to store the user defined share definition files. 6271 6339 This directory must be owned by root, and have no access for … … 6288 6356 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code> 6289 6357 </em></span> 6290 </p></dd></dl></div></div><div class="section" title="usershare prefix allow list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337 594"></a>6358 </p></dd></dl></div></div><div class="section" title="usershare prefix allow list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337810"></a> 6291 6359 6292 6360 usershare prefix allow list (G) 6293 </h3></div></div></div><a class="indexterm" name="id337 595"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames6361 </h3></div></div></div><a class="indexterm" name="id337811"></a><a name="USERSHAREPREFIXALLOWLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames 6294 6362 the root of which are allowed to be exported by user defined share definitions. 6295 6363 If the pathname to be exported doesn't start with one of the strings in this … … 6306 6374 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix allow list</code></em> = <code class="literal">/home /data /space</code> 6307 6375 </em></span> 6308 </p></dd></dl></div></div><div class="section" title="usershare prefix deny list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337 661"></a>6376 </p></dd></dl></div></div><div class="section" title="usershare prefix deny list (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337877"></a> 6309 6377 6310 6378 usershare prefix deny list (G) 6311 </h3></div></div></div><a class="indexterm" name="id337 662"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames6379 </h3></div></div></div><a class="indexterm" name="id337878"></a><a name="USERSHAREPREFIXDENYLIST"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies a list of absolute pathnames 6312 6380 the root of which are NOT allowed to be exported by user defined share definitions. 6313 6381 If the pathname exported starts with one of the strings in this … … 6325 6393 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare prefix deny list</code></em> = <code class="literal">/etc /dev /private</code> 6326 6394 </em></span> 6327 </p></dd></dl></div></div><div class="section" title="usershare template share (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337 728"></a>6395 </p></dd></dl></div></div><div class="section" title="usershare template share (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id337944"></a> 6328 6396 6329 6397 usershare template share (G) 6330 </h3></div></div></div><a class="indexterm" name="id337 729"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters6398 </h3></div></div></div><a class="indexterm" name="id337945"></a><a name="USERSHARETEMPLATESHARE"></a><div class="variablelist"><dl><dt></dt><dd><p>User defined shares only have limited possible parameters 6331 6399 such as path, guest ok, etc. This parameter allows usershares to 6332 6400 "cloned" from an existing share. If "usershare template share" … … 6343 6411 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>usershare template share</code></em> = <code class="literal">template_share</code> 6344 6412 </em></span> 6345 </p></dd></dl></div></div><div class="section" title="use sendfile (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 7795"></a>6413 </p></dd></dl></div></div><div class="section" title="use sendfile (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338011"></a> 6346 6414 6347 6415 use sendfile (S) 6348 </h3></div></div></div><a class="indexterm" name="id33 7796"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code>6416 </h3></div></div></div><a class="indexterm" name="id338012"></a><a name="USESENDFILE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this parameter is <code class="constant">yes</code>, and the <code class="constant">sendfile()</code> 6349 6417 system call is supported by the underlying operating system, then some SMB read calls 6350 6418 (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that … … 6355 6423 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use sendfile</code></em> = <code class="literal">false</code> 6356 6424 </em></span> 6357 </p></dd></dl></div></div><div class="section" title="use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 7847"></a>6425 </p></dd></dl></div></div><div class="section" title="use spnego (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338063"></a> 6358 6426 6359 6427 use spnego (G) 6360 </h3></div></div></div><a class="indexterm" name="id33 7848"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This variable controls controls whether samba will try6428 </h3></div></div></div><a class="indexterm" name="id338064"></a><a name="USESPNEGO"></a><div class="variablelist"><dl><dt></dt><dd><p>This deprecated variable controls controls whether samba will try 6361 6429 to use Simple and Protected NEGOciation (as specified by rfc2478) with 6362 6430 WindowsXP and Windows2000 clients to agree upon an authentication mechanism. … … 6366 6434 disabled.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>use spnego</code></em> = <code class="literal">yes</code> 6367 6435 </em></span> 6368 </p></dd></dl></div></div><div class="section" title="utmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 7894"></a>6436 </p></dd></dl></div></div><div class="section" title="utmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338110"></a> 6369 6437 6370 6438 utmp directory (G) 6371 </h3></div></div></div><a class="indexterm" name="id33 7895"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has6439 </h3></div></div></div><a class="indexterm" name="id338111"></a><a name="UTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is only available if Samba has 6372 6440 been configured and compiled with the option <code class="literal"> 6373 6441 --with-utmp</code>. It specifies a directory pathname that is … … 6381 6449 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>utmp directory</code></em> = <code class="literal">/var/run/utmp</code> 6382 6450 </em></span> 6383 </p></dd></dl></div></div><div class="section" title="utmp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 7967"></a>6451 </p></dd></dl></div></div><div class="section" title="utmp (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338183"></a> 6384 6452 6385 6453 utmp (G) 6386 </h3></div></div></div><a class="indexterm" name="id33 7968"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p>6454 </h3></div></div></div><a class="indexterm" name="id338184"></a><a name="UTMP"></a><div class="variablelist"><dl><dt></dt><dd><p> 6387 6455 This boolean parameter is only available if Samba has been configured and compiled 6388 6456 with the option <code class="literal">--with-utmp</code>. If set to … … 6396 6464 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>utmp</code></em> = <code class="literal">no</code> 6397 6465 </em></span> 6398 </p></dd></dl></div></div><div class="section" title="valid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 025"></a>6466 </p></dd></dl></div></div><div class="section" title="valid users (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338241"></a> 6399 6467 6400 6468 valid users (S) 6401 </h3></div></div></div><a class="indexterm" name="id338 026"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>6469 </h3></div></div></div><a class="indexterm" name="id338242"></a><a name="VALIDUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p> 6402 6470 This is a list of users that should be allowed to login to this service. Names starting with 6403 6471 '@', '+' and '&' are interpreted using the same rules as described in the … … 6415 6483 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>valid users</code></em> = <code class="literal">greg, @pcusers</code> 6416 6484 </em></span> 6417 </p></dd></dl></div></div><div class="section" title="-valid (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 111"></a>6485 </p></dd></dl></div></div><div class="section" title="-valid (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338327"></a> 6418 6486 6419 6487 -valid (S) 6420 </h3></div></div></div><a class="indexterm" name="id338 112"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is6488 </h3></div></div></div><a class="indexterm" name="id338328"></a><a name="-VALID"></a><div class="variablelist"><dl><dt></dt><dd><p> This parameter indicates whether a share is 6421 6489 valid and thus can be used. When this parameter is set to false, 6422 6490 the share will be in no way visible nor accessible. … … 6427 6495 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>-valid</code></em> = <code class="literal">yes</code> 6428 6496 </em></span> 6429 </p></dd></dl></div></div><div class="section" title="veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 157"></a>6497 </p></dd></dl></div></div><div class="section" title="veto files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338374"></a> 6430 6498 6431 6499 veto files (S) 6432 </h3></div></div></div><a class="indexterm" name="id338 158"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>6500 </h3></div></div></div><a class="indexterm" name="id338375"></a><a name="VETOFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 6433 6501 This is a list of files and directories that are neither visible nor accessible. Each entry in 6434 6502 the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' … … 6461 6529 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>veto files</code></em> = <code class="literal">No files or directories are vetoed.</code> 6462 6530 </em></span> 6463 </p></dd></dl></div></div><div class="section" title="veto oplock files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 264"></a>6531 </p></dd></dl></div></div><div class="section" title="veto oplock files (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338481"></a> 6464 6532 6465 6533 veto oplock files (S) 6466 </h3></div></div></div><a class="indexterm" name="id338 266"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p>6534 </h3></div></div></div><a class="indexterm" name="id338482"></a><a name="VETOOPLOCKFILES"></a><div class="variablelist"><dl><dt></dt><dd><p> 6467 6535 This parameter is only valid when the <a class="link" href="smb.conf.5.html#OPLOCKS" target="_top">oplocks</a> 6468 6536 parameter is turned on for a share. It allows the Samba administrator … … 6485 6553 # No files are vetoed for oplock grants</code> 6486 6554 </em></span> 6487 </p></dd></dl></div></div><div class="section" title="vfs object"><div class="titlepage"><div><div><h3 class="title"><a name="id338 350"></a>6555 </p></dd></dl></div></div><div class="section" title="vfs object"><div class="titlepage"><div><div><h3 class="title"><a name="id338567"></a> 6488 6556 6489 6557 <a name="VFSOBJECT"></a>vfs object 6490 </h3></div></div></div><a class="indexterm" name="id338 351"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" title="vfs objects (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338382"></a>6558 </h3></div></div></div><a class="indexterm" name="id338568"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#VFSOBJECTS">vfs objects</a>.</p></dd></dl></div></div><div class="section" title="vfs objects (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338598"></a> 6491 6559 6492 6560 vfs objects (S) 6493 </h3></div></div></div><a class="indexterm" name="id338 383"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which6561 </h3></div></div></div><a class="indexterm" name="id338599"></a><a name="VFSOBJECTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the backend names which 6494 6562 are used for Samba VFS I/O operations. By default, normal 6495 6563 disk I/O operations are used but these can be overloaded … … 6498 6566 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>vfs objects</code></em> = <code class="literal">extd_audit recycle</code> 6499 6567 </em></span> 6500 </p></dd></dl></div></div><div class="section" title="volume (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 440"></a>6568 </p></dd></dl></div></div><div class="section" title="volume (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338656"></a> 6501 6569 6502 6570 volume (S) 6503 </h3></div></div></div><a class="indexterm" name="id338 441"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label6571 </h3></div></div></div><a class="indexterm" name="id338658"></a><a name="VOLUME"></a><div class="variablelist"><dl><dt></dt><dd><p>This allows you to override the volume label 6504 6572 returned for a share. Useful for CDROMs with installation programs 6505 6573 that insist on a particular volume label.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>volume</code></em> = <code class="literal"> 6506 6574 # the name of the share</code> 6507 6575 </em></span> 6508 </p></dd></dl></div></div><div class="section" title="wide links (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 482"></a>6576 </p></dd></dl></div></div><div class="section" title="wide links (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id338698"></a> 6509 6577 6510 6578 wide links (S) 6511 </h3></div></div></div><a class="indexterm" name="id338 483"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links6579 </h3></div></div></div><a class="indexterm" name="id338699"></a><a name="WIDELINKS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not links 6512 6580 in the UNIX file system may be followed by the server. Links 6513 6581 that point to areas within the directory tree exported by the … … 6520 6588 disabled (with a message in the log file) if the 6521 6589 <a class="link" href="smb.conf.5.html#UNIXEXTENSIONS" target="_top">unix extensions</a> option is on. 6590 </p><p> 6591 See the parameter <a class="link" href="smb.conf.5.html#ALLOWINSECUREWIDELINKS" target="_top">allow insecure wide links</a> 6592 if you wish to change this coupling between the two parameters. 6522 6593 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wide links</code></em> = <code class="literal">no</code> 6523 6594 </em></span> 6524 </p></dd></dl></div></div><div class="section" title="winbind cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 542"></a>6595 </p></dd></dl></div></div><div class="section" title="winbind cache time (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338773"></a> 6525 6596 6526 6597 winbind cache time (G) 6527 </h3></div></div></div><a class="indexterm" name="id338 543"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of6598 </h3></div></div></div><a class="indexterm" name="id338774"></a><a name="WINBINDCACHETIME"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of 6528 6599 seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache 6529 6600 user and group information before querying a Windows NT server … … 6533 6604 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = <code class="literal">300</code> 6534 6605 </em></span> 6535 </p></dd></dl></div></div><div class="section" title="winbind enum groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 609"></a>6606 </p></dd></dl></div></div><div class="section" title="winbind enum groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338839"></a> 6536 6607 6537 6608 winbind enum groups (G) 6538 </h3></div></div></div><a class="indexterm" name="id338 610"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress6609 </h3></div></div></div><a class="indexterm" name="id338840"></a><a name="WINBINDENUMGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress 6539 6610 the enumeration of groups through the <code class="literal">setgrent()</code>, 6540 6611 <code class="literal">getgrent()</code> and … … 6544 6615 call will not return any data. </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Turning off group enumeration may cause some programs to behave oddly. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum groups</code></em> = <code class="literal">no</code> 6545 6616 </em></span> 6546 </p></dd></dl></div></div><div class="section" title="winbind enum users (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338 697"></a>6617 </p></dd></dl></div></div><div class="section" title="winbind enum users (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id338927"></a> 6547 6618 6548 6619 winbind enum users (G) 6549 </h3></div></div></div><a class="indexterm" name="id338 698"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be6620 </h3></div></div></div><a class="indexterm" name="id338928"></a><a name="WINBINDENUMUSERS"></a><div class="variablelist"><dl><dt></dt><dd><p>On large installations using <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be 6550 6621 necessary to suppress the enumeration of users through the <code class="literal">setpwent()</code>, 6551 6622 <code class="literal">getpwent()</code> and … … 6559 6630 usernames. </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind enum users</code></em> = <code class="literal">no</code> 6560 6631 </em></span> 6561 </p></dd></dl></div></div><div class="section" title="winbind expand groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 8786"></a>6632 </p></dd></dl></div></div><div class="section" title="winbind expand groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339016"></a> 6562 6633 6563 6634 winbind expand groups (G) 6564 </h3></div></div></div><a class="indexterm" name="id33 8787"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd6635 </h3></div></div></div><a class="indexterm" name="id339017"></a><a name="WINBINDEXPANDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>This option controls the maximum depth that winbindd 6565 6636 will traverse when flattening nested group memberships 6566 6637 of Windows domain groups. This is different from the … … 6574 6645 incoming NSS or authentication requests during this time.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind expand groups</code></em> = <code class="literal">1</code> 6575 6646 </em></span> 6576 </p></dd></dl></div></div><div class="section" title="winbind max clients (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 8848"></a>6647 </p></dd></dl></div></div><div class="section" title="winbind max clients (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339078"></a> 6577 6648 6578 6649 winbind max clients (G) 6579 </h3></div></div></div><a class="indexterm" name="id33 8849"></a><a name="WINBINDMAXCLIENTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of clients6650 </h3></div></div></div><a class="indexterm" name="id339079"></a><a name="WINBINDMAXCLIENTS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of clients 6580 6651 the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon can connect with. 6581 6652 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind max clients</code></em> = <code class="literal">200</code> 6582 6653 </em></span> 6583 </p></dd></dl></div></div><div class="section" title="winbind max domain connections (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 8897"></a>6654 </p></dd></dl></div></div><div class="section" title="winbind max domain connections (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339128"></a> 6584 6655 6585 6656 winbind max domain connections (G) 6586 </h3></div></div></div><a class="indexterm" name="id33 8898"></a><a name="WINBINDMAXDOMAINCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of simultaneous6657 </h3></div></div></div><a class="indexterm" name="id339129"></a><a name="WINBINDMAXDOMAINCONNECTIONS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the maximum number of simultaneous 6587 6658 connections that the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should open to the 6588 6659 domain controller of one domain. … … 6598 6669 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind max domain connections</code></em> = <code class="literal">10</code> 6599 6670 </em></span> 6600 </p></dd></dl></div></div><div class="section" title="winbind nested groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id33 8983"></a>6671 </p></dd></dl></div></div><div class="section" title="winbind nested groups (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339213"></a> 6601 6672 6602 6673 winbind nested groups (G) 6603 </h3></div></div></div><a class="indexterm" name="id33 8984"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested6674 </h3></div></div></div><a class="indexterm" name="id339214"></a><a name="WINBINDNESTEDGROUPS"></a><div class="variablelist"><dl><dt></dt><dd><p>If set to yes, this parameter activates the support for nested 6604 6675 groups. Nested groups are also called local groups or 6605 6676 aliases. They work like their counterparts in Windows: Nested … … 6609 6680 groups, you need to run nss_winbind.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind nested groups</code></em> = <code class="literal">yes</code> 6610 6681 </em></span> 6611 </p></dd></dl></div></div><div class="section" title="winbind normalize names (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 032"></a>6682 </p></dd></dl></div></div><div class="section" title="winbind normalize names (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339258"></a> 6612 6683 6613 6684 winbind normalize names (G) 6614 </h3></div></div></div><a class="indexterm" name="id339 033"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace6685 </h3></div></div></div><a class="indexterm" name="id339259"></a><a name="WINBINDNORMALIZENAMES"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether winbindd will replace 6615 6686 whitespace in user and group names with an underscore (_) character. 6616 6687 For example, whether the name "Space Kadet" should be … … 6632 6703 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind normalize names</code></em> = <code class="literal">yes</code> 6633 6704 </em></span> 6634 </p></dd></dl></div></div><div class="section" title="winbind nss info (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 101"></a>6705 </p></dd></dl></div></div><div class="section" title="winbind nss info (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339327"></a> 6635 6706 6636 6707 winbind nss info (G) 6637 </h3></div></div></div><a class="indexterm" name="id339 102"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name6708 </h3></div></div></div><a class="indexterm" name="id339328"></a><a name="WINBINDNSSINFO"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control how Winbind retrieves Name 6638 6709 Service Information to construct a user's home directory and login shell. 6639 6710 Currently the following settings are available: … … 6656 6727 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind nss info</code></em> = <code class="literal">sfu</code> 6657 6728 </em></span> 6658 </p></dd></dl></div></div><div class="section" title="winbind offline logon (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 208"></a>6729 </p></dd></dl></div></div><div class="section" title="winbind offline logon (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339434"></a> 6659 6730 6660 6731 winbind offline logon (G) 6661 </h3></div></div></div><a class="indexterm" name="id339 209"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should6732 </h3></div></div></div><a class="indexterm" name="id339435"></a><a name="WINBINDOFFLINELOGON"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should 6662 6733 allow to login with the <em class="parameter"><code>pam_winbind</code></em> 6663 6734 module using Cached Credentials. If enabled, winbindd will store user credentials … … 6667 6738 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind offline logon</code></em> = <code class="literal">true</code> 6668 6739 </em></span> 6669 </p></dd></dl></div></div><div class="section" title="winbind reconnect delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 274"></a>6740 </p></dd></dl></div></div><div class="section" title="winbind reconnect delay (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339500"></a> 6670 6741 6671 6742 winbind reconnect delay (G) 6672 </h3></div></div></div><a class="indexterm" name="id339 275"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of6743 </h3></div></div></div><a class="indexterm" name="id339501"></a><a name="WINBINDRECONNECTDELAY"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies the number of 6673 6744 seconds the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will wait between 6674 6745 attempts to contact a Domain controller for a domain that is 6675 6746 determined to be down or not contactable.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind reconnect delay</code></em> = <code class="literal">30</code> 6676 6747 </em></span> 6677 </p></dd></dl></div></div><div class="section" title="winbind refresh tickets (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 324"></a>6748 </p></dd></dl></div></div><div class="section" title="winbind refresh tickets (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339550"></a> 6678 6749 6679 6750 winbind refresh tickets (G) 6680 </h3></div></div></div><a class="indexterm" name="id339 325"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets6751 </h3></div></div></div><a class="indexterm" name="id339551"></a><a name="WINBINDREFRESHTICKETS"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is designed to control whether Winbind should refresh Kerberos Tickets 6681 6752 retrieved using the <em class="parameter"><code>pam_winbind</code></em> module. 6682 6753 … … 6685 6756 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind refresh tickets</code></em> = <code class="literal">true</code> 6686 6757 </em></span> 6687 </p></dd></dl></div></div><div class="section" title="winbind rpc only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 389"></a>6758 </p></dd></dl></div></div><div class="section" title="winbind rpc only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339615"></a> 6688 6759 6689 6760 winbind rpc only (G) 6690 </h3></div></div></div><a class="indexterm" name="id339 390"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>6761 </h3></div></div></div><a class="indexterm" name="id339616"></a><a name="WINBINDRPCONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 6691 6762 Setting this parameter to <code class="literal">yes</code> forces 6692 6763 winbindd to use RPC instead of LDAP to retrieve information from Domain … … 6694 6765 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind rpc only</code></em> = <code class="literal">no</code> 6695 6766 </em></span> 6696 </p></dd></dl></div></div><div class="section" title="winbind separator (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 436"></a>6767 </p></dd></dl></div></div><div class="section" title="winbind separator (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339662"></a> 6697 6768 6698 6769 winbind separator (G) 6699 </h3></div></div></div><a class="indexterm" name="id339 437"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character6770 </h3></div></div></div><a class="indexterm" name="id339664"></a><a name="WINBINDSEPARATOR"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter allows an admin to define the character 6700 6771 used when listing a username of the form of <em class="replaceable"><code>DOMAIN 6701 6772 </code></em>\<em class="replaceable"><code>user</code></em>. This parameter … … 6708 6779 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind separator</code></em> = <code class="literal">+</code> 6709 6780 </em></span> 6710 </p></dd></dl></div></div><div class="section" title="winbind trusted domains only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 519"></a>6781 </p></dd></dl></div></div><div class="section" title="winbind trusted domains only (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339745"></a> 6711 6782 6712 6783 winbind trusted domains only (G) 6713 </h3></div></div></div><a class="indexterm" name="id339 520"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p>6784 </h3></div></div></div><a class="indexterm" name="id339746"></a><a name="WINBINDTRUSTEDDOMAINSONLY"></a><div class="variablelist"><dl><dt></dt><dd><p> 6714 6785 This parameter is designed to allow Samba servers that are members 6715 6786 of a Samba controlled domain to use UNIX accounts distributed via NIS, … … 6722 6793 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = <code class="literal">no</code> 6723 6794 </em></span> 6724 </p></dd></dl></div></div><div class="section" title="winbind use default domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 580"></a>6795 </p></dd></dl></div></div><div class="section" title="winbind use default domain (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339807"></a> 6725 6796 6726 6797 winbind use default domain (G) 6727 </h3></div></div></div><a class="indexterm" name="id339 582"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the6798 </h3></div></div></div><a class="indexterm" name="id339808"></a><a name="WINBINDUSEDEFAULTDOMAIN"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter specifies whether the 6728 6799 <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon should operate on users 6729 6800 without domain component in their username. Users without a domain … … 6738 6809 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>winbind use default domain</code></em> = <code class="literal">yes</code> 6739 6810 </em></span> 6740 </p></dd></dl></div></div><div class="section" title="wins hook (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 655"></a>6811 </p></dd></dl></div></div><div class="section" title="wins hook (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339881"></a> 6741 6812 6742 6813 wins hook (G) 6743 </h3></div></div></div><a class="indexterm" name="id339 656"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this6814 </h3></div></div></div><a class="indexterm" name="id339882"></a><a name="WINSHOOK"></a><div class="variablelist"><dl><dt></dt><dd><p>When Samba is running as a WINS server this 6744 6815 allows you to call an external program for all changes to the 6745 6816 WINS database. The primary use for this option is to allow the … … 6762 6833 empty then the name should be deleted.</p></li></ul></div><p>An example script that calls the BIND dynamic DNS update 6763 6834 program <code class="literal">nsupdate</code> is provided in the examples 6764 directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="wins proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339 749"></a>6835 directory of the Samba source code. </p><p><span class="emphasis"><em>No default</em></span></p></dd></dl></div></div><div class="section" title="wins proxy (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id339976"></a> 6765 6836 6766 6837 wins proxy (G) 6767 </h3></div></div></div><a class="indexterm" name="id339 750"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name6838 </h3></div></div></div><a class="indexterm" name="id339977"></a><a name="WINSPROXY"></a><div class="variablelist"><dl><dt></dt><dd><p>This is a boolean that controls if <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> will respond to broadcast name 6768 6839 queries on behalf of other hosts. You may need to set this 6769 6840 to <code class="constant">yes</code> for some older clients.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins proxy</code></em> = <code class="literal">no</code> 6770 6841 </em></span> 6771 </p></dd></dl></div></div><div class="section" title="wins server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 39803"></a>6842 </p></dd></dl></div></div><div class="section" title="wins server (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340029"></a> 6772 6843 6773 6844 wins server (G) 6774 </h3></div></div></div><a class="indexterm" name="id3 39804"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP6845 </h3></div></div></div><a class="indexterm" name="id340030"></a><a name="WINSSERVER"></a><div class="variablelist"><dl><dt></dt><dd><p>This specifies the IP address (or DNS name: IP 6775 6846 address for preference) of the WINS server that <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> should register with. If you have a WINS server on 6776 6847 your network then you should set this to the WINS server's IP.</p><p>You should point this at your WINS server if you have a … … 6791 6862 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wins server</code></em> = <code class="literal">192.9.200.1 192.168.2.61</code> 6792 6863 </em></span> 6793 </p></dd></dl></div></div><div class="section" title="wins support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 39905"></a>6864 </p></dd></dl></div></div><div class="section" title="wins support (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340132"></a> 6794 6865 6795 6866 wins support (G) 6796 </h3></div></div></div><a class="indexterm" name="id3 39906"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should6867 </h3></div></div></div><a class="indexterm" name="id340133"></a><a name="WINSSUPPORT"></a><div class="variablelist"><dl><dt></dt><dd><p>This boolean controls if the <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> process in Samba will act as a WINS server. You should 6797 6868 not set this to <code class="constant">yes</code> unless you have a multi-subnetted network and 6798 6869 you wish a particular <code class="literal">nmbd</code> to be your WINS server. … … 6800 6871 on more than one machine in your network.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>wins support</code></em> = <code class="literal">no</code> 6801 6872 </em></span> 6802 </p></dd></dl></div></div><div class="section" title="workgroup (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id3 39972"></a>6873 </p></dd></dl></div></div><div class="section" title="workgroup (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340198"></a> 6803 6874 6804 6875 workgroup (G) 6805 </h3></div></div></div><a class="indexterm" name="id3 39973"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will6876 </h3></div></div></div><a class="indexterm" name="id340199"></a><a name="WORKGROUP"></a><div class="variablelist"><dl><dt></dt><dd><p>This controls what workgroup your server will 6806 6877 appear to be in when queried by clients. Note that this parameter 6807 6878 also controls the Domain name used with … … 6811 6882 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = <code class="literal">MYGROUP</code> 6812 6883 </em></span> 6813 </p></dd></dl></div></div><div class="section" title="writable"><div class="titlepage"><div><div><h3 class="title"><a name="id340 043"></a>6884 </p></dd></dl></div></div><div class="section" title="writable"><div class="titlepage"><div><div><h3 class="title"><a name="id340269"></a> 6814 6885 6815 6886 <a name="WRITABLE"></a>writable 6816 </h3></div></div></div><a class="indexterm" name="id340 044"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" title="writeable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340074"></a>6887 </h3></div></div></div><a class="indexterm" name="id340270"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter is a synonym for <a class="link" href="#WRITEABLE">writeable</a>.</p></dd></dl></div></div><div class="section" title="writeable (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340300"></a> 6817 6888 6818 6889 writeable (S) 6819 </h3></div></div></div><a class="indexterm" name="id340 075"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code>6820 </em></span> 6821 </p></dd></dl></div></div><div class="section" title="write cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340 125"></a>6890 </h3></div></div></div><a class="indexterm" name="id340301"></a><a name="WRITEABLE"></a><div class="variablelist"><dl><dt></dt><dd><p>Inverted synonym for <a class="link" href="smb.conf.5.html#READONLY" target="_top">read only</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>writeable</code></em> = <code class="literal">no</code> 6891 </em></span> 6892 </p></dd></dl></div></div><div class="section" title="write cache size (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340351"></a> 6822 6893 6823 6894 write cache size (S) 6824 </h3></div></div></div><a class="indexterm" name="id340 126"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value,6895 </h3></div></div></div><a class="indexterm" name="id340352"></a><a name="WRITECACHESIZE"></a><div class="variablelist"><dl><dt></dt><dd><p>If this integer parameter is set to non-zero value, 6825 6896 Samba will create an in-memory cache for each oplocked file 6826 6897 (it does <span class="emphasis"><em>not</em></span> do this for … … 6840 6911 # for a 256k cache size per file</code> 6841 6912 </em></span> 6842 </p></dd></dl></div></div><div class="section" title="write list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340 199"></a>6913 </p></dd></dl></div></div><div class="section" title="write list (S)"><div class="titlepage"><div><div><h3 class="title"><a name="id340425"></a> 6843 6914 6844 6915 write list (S) 6845 </h3></div></div></div><a class="indexterm" name="id340 200"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p>6916 </h3></div></div></div><a class="indexterm" name="id340426"></a><a name="WRITELIST"></a><div class="variablelist"><dl><dt></dt><dd><p> 6846 6917 This is a list of users that are given read-write access to a service. If the 6847 6918 connecting user is in this list then they will be given write access, no matter … … 6858 6929 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = <code class="literal">admin, root, @staff</code> 6859 6930 </em></span> 6860 </p></dd></dl></div></div><div class="section" title="write raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340 287"></a>6931 </p></dd></dl></div></div><div class="section" title="write raw (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340514"></a> 6861 6932 6862 6933 write raw (G) 6863 </h3></div></div></div><a class="indexterm" name="id340 288"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server6934 </h3></div></div></div><a class="indexterm" name="id340515"></a><a name="WRITERAW"></a><div class="variablelist"><dl><dt></dt><dd><p>This parameter controls whether or not the server 6864 6935 will support raw write SMB's when transferring data from clients. 6865 6936 You should never need to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write raw</code></em> = <code class="literal">yes</code> 6866 6937 </em></span> 6867 </p></dd></dl></div></div><div class="section" title="wtmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340 330"></a>6938 </p></dd></dl></div></div><div class="section" title="wtmp directory (G)"><div class="titlepage"><div><div><h3 class="title"><a name="id340556"></a> 6868 6939 6869 6940 wtmp directory (G) 6870 </h3></div></div></div><a class="indexterm" name="id340 331"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p>6941 </h3></div></div></div><a class="indexterm" name="id340557"></a><a name="WTMPDIRECTORY"></a><div class="variablelist"><dl><dt></dt><dd><p> 6871 6942 This parameter is only available if Samba has been configured and compiled with the option <code class="literal"> 6872 6943 --with-utmp</code>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on … … 6880 6951 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = <code class="literal">/var/log/wtmp</code> 6881 6952 </em></span> 6882 </p></dd></dl></div></div></div></div><div class="refsect1" title="WARNINGS"><a name="id340 408"></a><h2>WARNINGS</h2><p>6953 </p></dd></dl></div></div></div></div><div class="refsect1" title="WARNINGS"><a name="id340634"></a><h2>WARNINGS</h2><p> 6883 6954 Although the configuration file permits service names to contain spaces, your client software may not. 6884 6955 Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility. … … 6893 6964 care when designing these sections. In particular, ensure that the permissions on spool directories are 6894 6965 correct. 6895 </p></div><div class="refsect1" title="VERSION"><a name="id340 451"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id340462"></a><h2>SEE ALSO</h2><p>6896 <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id340 541"></a><h2>AUTHOR</h2><p>6966 </p></div><div class="refsect1" title="VERSION"><a name="id340677"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id340688"></a><h2>SEE ALSO</h2><p> 6967 <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id340767"></a><h2>AUTHOR</h2><p> 6897 6968 The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed 6898 6969 by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
Note:
See TracChangeset
for help on using the changeset viewer.
