1 <?xml version="1.0" encoding="iso-8859-1"?>
2 <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
6 <refentrytitle>smbd</refentrytitle>
7 <manvolnum>8</manvolnum>
12 <refname>smbd</refname>
13 <refpurpose>server to provide SMB/CIFS services to clients</refpurpose>
18 <command>smbd</command>
19 <arg choice="opt">-D</arg>
20 <arg choice="opt">-F</arg>
21 <arg choice="opt">-S</arg>
22 <arg choice="opt">-i</arg>
23 <arg choice="opt">-h</arg>
24 <arg choice="opt">-V</arg>
25 <arg choice="opt">-b</arg>
26 <arg choice="opt">-d <debug level></arg>
27 <arg choice="opt">-l <log directory></arg>
28 <arg choice="opt">-p <port number(s)></arg>
29 <arg choice="opt">-O <socket option></arg>
30 <arg choice="opt">-s <configuration file></arg>
35 <title>DESCRIPTION</title>
36 <para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle>
37 <manvolnum>7</manvolnum></citerefentry> suite.</para>
39 <para><command>smbd</command> is the server daemon that
40 provides filesharing and printing services to Windows clients.
41 The server provides filespace and printer services to
42 clients using the SMB (or CIFS) protocol. This is compatible
43 with the LanManager protocol, and can service LanManager
44 clients. These include MSCLIENT 3.0 for DOS, Windows for
45 Workgroups, Windows 95/98/ME, Windows NT, Windows 2000,
46 OS/2, DAVE for Macintosh, and smbfs for Linux.</para>
48 <para>An extensive description of the services that the
49 server can provide is given in the man page for the
50 configuration file controlling the attributes of those
51 services (see <citerefentry><refentrytitle>smb.conf</refentrytitle>
52 <manvolnum>5</manvolnum></citerefentry>. This man page will not describe the
53 services, but will concentrate on the administrative aspects
54 of running the server.</para>
56 <para>Please note that there are significant security
57 implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle>
58 <manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before
59 proceeding with installation.</para>
61 <para>A session is created whenever a client requests one.
62 Each client gets a copy of the server for each session. This
63 copy then services all connections made by the client during
64 that session. When all connections from its client are closed,
65 the copy of the server for that client terminates.</para>
67 <para>The configuration file, and any files that it includes,
68 are automatically reloaded every minute, if they change. You
69 can force a reload by sending a SIGHUP to the server. Reloading
70 the configuration file will not affect connections to any service
71 that is already established. Either the user will have to
72 disconnect from the service, or <command>smbd</command> killed and restarted.</para>
76 <title>OPTIONS</title>
81 <listitem><para>If specified, this parameter causes
82 the server to operate as a daemon. That is, it detaches
83 itself and runs in the background, fielding requests
84 on the appropriate port. Operating the server as a
85 daemon is the recommended way of running <command>smbd</command> for
86 servers that provide more than casual use file and
87 print services. This switch is assumed if <command>smbd
88 </command> is executed on the command line of a shell.
94 <listitem><para>If specified, this parameter causes
95 the main <command>smbd</command> process to not daemonize,
96 i.e. double-fork and disassociate with the terminal.
97 Child processes are still created as normal to service
98 each connection request, but the main process does not
99 exit. This operation mode is suitable for running
100 <command>smbd</command> under process supervisors such
101 as <command>supervise</command> and <command>svscan</command>
102 from Daniel J. Bernstein's <command>daemontools</command>
103 package, or the AIX process monitor.
109 <listitem><para>If specified, this parameter causes
110 <command>smbd</command> to log to standard output rather
111 than a file.</para></listitem>
116 <listitem><para>If this parameter is specified it causes the
117 server to run "interactively", not as a daemon, even if the
118 server is executed on the command line of a shell. Setting this
119 parameter negates the implicit deamon mode when run from the
120 command line. <command>smbd</command> also logs to standard
121 output, as if the <command>-S</command> parameter had been
131 <listitem><para>Prints information about how
132 Samba was built.</para></listitem>
136 <term>-p <port number(s)></term>
137 <listitem><para><replaceable>port number(s)</replaceable> is a
138 space or comma-separated list of TCP ports smbd should listen on.
139 The default value is taken from the <smbconfoption name="ports"/> parameter in &smb.conf;</para>
141 <para>The default ports are 139 (used for SMB over NetBIOS over TCP)
142 and port 445 (used for plain SMB over TCP).
154 <term><filename>/etc/inetd.conf</filename></term>
155 <listitem><para>If the server is to be run by the
156 <command>inetd</command> meta-daemon, this file
157 must contain suitable startup information for the
163 <term><filename>/etc/rc</filename></term>
164 <listitem><para>or whatever initialization script your
167 <para>If running the server as a daemon at startup,
168 this file will need to contain an appropriate startup
169 sequence for the server. </para></listitem>
173 <term><filename>/etc/services</filename></term>
174 <listitem><para>If running the server via the
175 meta-daemon <command>inetd</command>, this file
176 must contain a mapping of service name (e.g., netbios-ssn)
177 to service port (e.g., 139) and protocol type (e.g., tcp).
182 <term><filename>/usr/local/samba/lib/smb.conf</filename></term>
183 <listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
184 <manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems
185 install this file are <filename>/usr/samba/lib/smb.conf</filename>
186 and <filename>/etc/samba/smb.conf</filename>.</para>
188 <para>This file describes all the services the server
189 is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle>
190 <manvolnum>5</manvolnum></citerefentry> for more information.</para>
197 <title>LIMITATIONS</title>
198 <para>On some systems <command>smbd</command> cannot change uid back
199 to root after a setuid() call. Such systems are called
200 trapdoor uid systems. If you have such a system,
201 you will be unable to connect from a client (such as a PC) as
202 two different users at once. Attempts to connect the
203 second user will result in access denied or
208 <title>ENVIRONMENT VARIABLES</title>
212 <term><envar>PRINTER</envar></term>
213 <listitem><para>If no printer name is specified to
214 printable services, most systems will use the value of
215 this variable (or <constant>lp</constant> if this variable is
216 not defined) as the name of the printer to use. This
217 is not specific to the server, however.</para></listitem>
224 <title>PAM INTERACTION</title>
225 <para>Samba uses PAM for authentication (when presented with a plaintext
226 password), for account checking (is this account disabled?) and for
227 session management. The degree too which samba supports PAM is restricted
228 by the limitations of the SMB protocol and the <smbconfoption name="obey pam restrictions"/> <citerefentry><refentrytitle>smb.conf</refentrytitle>
229 <manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply:
233 <listitem><para><emphasis>Account Validation</emphasis>: All accesses to a
234 samba server are checked
235 against PAM to see if the account is vaild, not disabled and is permitted to
236 login at this time. This also applies to encrypted logins.
239 <listitem><para><emphasis>Session Management</emphasis>: When not using share
240 level secuirty, users must pass PAM's session checks before access
241 is granted. Note however, that this is bypassed in share level secuirty.
242 Note also that some older pam configuration files may need a line
243 added for session support.
249 <title>VERSION</title>
251 <para>This man page is correct for version 3.0 of
252 the Samba suite.</para>
256 <title>DIAGNOSTICS</title>
258 <para>Most diagnostics issued by the server are logged
259 in a specified log file. The log file name is specified
260 at compile time, but may be overridden on the command line.</para>
262 <para>The number and nature of diagnostics available depends
263 on the debug level used by the server. If you have problems, set
264 the debug level to 3 and peruse the log files.</para>
266 <para>Most messages are reasonably self-explanatory. Unfortunately,
267 at the time this man page was created, there are too many diagnostics
268 available in the source code to warrant describing each and every
269 diagnostic. At this stage your best bet is still to grep the
270 source code and inspect the conditions that gave rise to the
271 diagnostics you are seeing.</para>
275 <title>TDB FILES</title>
277 <para>Samba stores it's data in several TDB (Trivial Database) files, usually located in <filename>/var/lib/samba</filename>.</para>
280 (*) information persistent across restarts (but not
281 necessarily important to backup).
285 <varlistentry><term>account_policy.tdb*</term>
287 <para>NT account policy settings such as pw expiration, etc...</para>
291 <varlistentry><term>brlock.tdb</term>
292 <listitem><para>byte range locks</para></listitem>
295 <varlistentry><term>browse.dat</term>
296 <listitem><para>browse lists</para></listitem>
299 <varlistentry><term>connections.tdb</term>
300 <listitem><para>share connections (used to enforce max connections, etc...)</para></listitem>
303 <varlistentry><term>gencache.tdb</term>
304 <listitem><para>generic caching db</para></listitem>
307 <varlistentry><term>group_mapping.tdb*</term>
308 <listitem><para>group mapping information</para></listitem>
311 <varlistentry><term>locking.tdb</term>
312 <listitem><para>share modes & oplocks</para></listitem>
315 <varlistentry><term>login_cache.tdb*</term>
316 <listitem><para>bad pw attempts</para></listitem>
319 <varlistentry><term>messages.tdb</term>
320 <listitem><para>Samba messaging system</para></listitem>
323 <varlistentry><term>netsamlogon_cache.tdb*</term>
324 <listitem><para>cache of user net_info_3 struct from net_samlogon() request (as a domain member)</para></listitem>
327 <varlistentry><term>ntdrivers.tdb*</term>
328 <listitem><para>installed printer drivers</para></listitem>
331 <varlistentry><term>ntforms.tdb*</term>
332 <listitem><para>installed printer forms</para></listitem>
335 <varlistentry><term>ntprinters.tdb*</term>
336 <listitem><para>installed printer information</para></listitem>
339 <varlistentry><term>printing/</term>
340 <listitem><para>directory containing tdb per print queue of cached lpq output</para></listitem>
343 <varlistentry><term>registry.tdb</term>
344 <listitem><para>Windows registry skeleton (connect via regedit.exe)</para></listitem>
347 <varlistentry><term>sessionid.tdb</term>
348 <listitem><para>session information (e.g. support for 'utmp = yes')</para></listitem>
351 <varlistentry><term>share_info.tdb*</term>
352 <listitem><para>share acls</para></listitem>
355 <varlistentry><term>winbindd_cache.tdb</term>
356 <listitem><para>winbindd's cache of user lists, etc...</para></listitem>
359 <varlistentry><term>winbindd_idmap.tdb*</term>
360 <listitem><para>winbindd's local idmap db</para></listitem>
363 <varlistentry><term>wins.dat*</term>
364 <listitem><para>wins database when 'wins support = yes'</para></listitem>
372 <title>SIGNALS</title>
374 <para>Sending the <command>smbd</command> a SIGHUP will cause it to
375 reload its <filename>smb.conf</filename> configuration
376 file within a short period of time.</para>
378 <para>To shut down a user's <command>smbd</command> process it is recommended
379 that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis>
380 be used, except as a last resort, as this may leave the shared
381 memory area in an inconsistent state. The safe way to terminate
382 an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for
383 it to die on its own.</para>
385 <para>The debug log level of <command>smbd</command> may be raised
386 or lowered using <citerefentry><refentrytitle>smbcontrol</refentrytitle>
387 <manvolnum>1</manvolnum></citerefentry> program (SIGUSR[1|2] signals are no longer
388 used since Samba 2.2). This is to allow transient problems to be diagnosed,
389 whilst still running at a normally low log level.</para>
391 <para>Note that as the signal handlers send a debug write,
392 they are not re-entrant in <command>smbd</command>. This you should wait until
393 <command>smbd</command> is in a state of waiting for an incoming SMB before
394 issuing them. It is possible to make the signal handlers safe
395 by un-blocking the signals before the select call and re-blocking
396 them after, however this would affect performance.</para>
400 <title>SEE ALSO</title>
401 <para><citerefentry><refentrytitle>hosts_access</refentrytitle>
402 <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>inetd</refentrytitle>
403 <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle>
404 <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
405 <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
406 <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
407 <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
408 <manvolnum>1</manvolnum></citerefentry>, and the
409 Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>.
410 In addition the CIFS (formerly SMB) specification is available
411 as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/">
412 http://samba.org/cifs/</ulink>.</para>
416 <title>AUTHOR</title>
418 <para>The original Samba software and related utilities
419 were created by Andrew Tridgell. Samba is now developed
420 by the Samba Team as an Open Source project similar
421 to the way the Linux kernel is developed.</para>
423 <para>The original Samba man pages were written by Karl Auer.
424 The man page sources were converted to YODL format (another
425 excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
426 ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
427 release by Jeremy Allison. The conversion to DocBook for
428 Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
429 Samba 3.0 was done by Alexander Bokovoy.</para>