</screen>
The next step is to make certain that Samba is running using <command>ps ax | grep mbd</command>.
The <command>nmbd</command> daemon will provide the WINS name resolution service when the
- &smmb.conf; file <smbconfsection>[global]</smbconfsection> parameter <smbconfoption name="wins
+ &smb.conf; file <smbconfsection>[global]</smbconfsection> parameter <smbconfoption name="wins
support">Yes</smbconfoption> has been specified. Having validated that Samba is operational,
excute the following:
<screen>
+++ /dev/null
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="editreg.1">
-
-<refmeta>
- <refentrytitle>editreg</refentrytitle>
- <manvolnum>1</manvolnum>
-</refmeta>
-
-
-<refnamediv>
- <refname>editreg</refname>
- <refpurpose>A utility for printing and editing NT4 registry files
- </refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <cmdsynopsis>
- <command>editreg</command>
- <arg choice="opt">-v</arg>
- <arg choice="opt">-c file</arg>
- <arg choice="req">file</arg>
- </cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
-
- <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>7</manvolnum></citerefentry> suite.</para>
-
- <para><command>editreg</command> is a utility that
- can visualize windows registry files (currently only NT4) and apply
- so-called commandfiles to them.
- </para>
-</refsect1>
-
-
-<refsect1>
- <title>OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>registry_file</term>
- <listitem><para>Registry file to view or edit. </para></listitem>
- </varlistentry>
-
-
- <varlistentry>
- <term>-v,--verbose</term>
- <listitem><para>Increases verbosity of messages.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-c commandfile</term>
- <listitem><para>Read commands to execute on <filename>registry_file</filename> from <filename>commandfile</filename>. Currently not yet supported!
- </para></listitem>
- </varlistentry>
-
- &stdarg.help;
-
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>VERSION</title>
-
- <para>This man page is correct for version 3.0 of the Samba
- suite.</para>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.</para>
-
- <para>The editreg man page was written by Jelmer Vernooij. </para>
-</refsect1>
-
-</refentry>
without <constant>-r</constant> option set would yield output similar
to the following</para>
-<screen>
+<programlisting>
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
192.168.35.10 MINESET-TEST1 [DMVENGR]
192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
-</screen>
+</programlisting>
</refsect1>
</listitem>
</itemizedlist>
- <para>An example follows:</para>
-
- <programlisting>
+ <para>An example follows:
+<programlisting>
#
# Sample Samba lmhosts file.
#
192.9.200.1 TESTPC
192.9.200.20 NTSERVER#20
192.9.200.21 SAMBASERVER
- </programlisting>
+</programlisting>
+ </para>
<para>Contains three IP to NetBIOS name mappings. The first
and third will be returned for any queries for the names "TESTPC"
<para>Extract all network traffic from all samba log files:</para>
- <para><screen>
+ <para><programlisting>
<prompt>$</prompt> log2pcap < /var/log/* > trace.pcap
- </screen></para>
+ </programlisting></para>
<para>Convert to pcap using text2pcap:</para>
- <para><screen>
+ <para><programlisting>
<prompt>$</prompt> log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap
- </screen></para>
+ </programlisting></para>
</refsect1>
<refsect1>
<para>
Add a new group mapping entry:
-<screen>
+<programlisting>
net groupmap add {rid=int|sid=string} unixgroup=string \
[type={domain|local}] [ntgroup=string] [comment=string]
-</screen>
+</programlisting>
</para>
</refsect3>
<para>Update en existing group entry</para>
<para>
-<screen>
+<programlisting>
net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
[comment=string] [type={domain|local}]
-</screen>
+</programlisting>
</para>
</refsect3>
This option prints a list of user/uid pairs separated by
the ':' character.</para>
<para>Example: <command>pdbedit -L</command></para>
- <para><screen>
+ <para><programlisting>
sorce:500:Simo Sorce
samba:45:Test User
-</screen></para>
+</programlisting></para>
</listitem>
</varlistentry>
out the account fields in a descriptive format.</para>
<para>Example: <command>pdbedit -L -v</command></para>
- <para><screen>
+ <para><programlisting>
---------------
username: sorce
user ID/Group: 500/500
HomeDir Drive:
Logon Script:
Profile Path: \\BERSERKER\profile
-</screen></para>
+</programlisting></para>
</listitem>
</varlistentry>
<manvolnum>5</manvolnum></citerefentry> for details)</para>
<para>Example: <command>pdbedit -L -w</command></para>
- <screen>
+ <programlisting>
sorce:500:508818B733CE64BEAAD3B435B51404EE:
D2A2418EFC466A8A0F6B1DBB5C3DB80C:
[UX ]:LCT-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
BC281CE3F53B6A5146629CD4751D3490:
[UX ]:LCT-3BFA1E8D:
-</screen>
+</programlisting>
</listitem>
</varlistentry>
<para>
The file consists of sections and parameters. A section begins with the name of the section in square brackets
and continues until the next section begins. Sections contain parameters of the form:
-<screen>
+<programlisting>
<replaceable>name</replaceable> = <replaceable>value </replaceable>
-</screen>
+</programlisting>
</para>
<para>
<para>
If you decide to use a <emphasis>path =</emphasis> line in your [homes] section, it may be useful
to use the %S macro. For example:
-<screen>
+<programlisting>
<userinput moreinfo="none">path = /data/pchome/%S</userinput>
-</screen>
+</programlisting>
is useful if you have different home directories for your PCs than for UNIX access.
</para>
All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned.
If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file
consisting of one or more lines like this:
-<screen>
+<programlisting>
alias|alias|alias|alias...
-</screen>
-</para>
+</programlisting>
+ </para>
<para>
Each alias should be an acceptable printer name for your printing subsystem. In the [global] section,
type="integer"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- <description>
- <para>If a Samba server is a member of a Windows
- NT Domain (see the <smbconfoption name="security">domain</smbconfoption>
- parameter) then periodically a running smbd
- process will try and change the MACHINE ACCOUNT
- PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb
- </filename>. This parameter specifies how often this password
- will be changed, in seconds. The default is one week (expressed in
- seconds), the same as a Windows NT Domain member server.</para>
+ <description>
- <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>, and the <smbconfoption name="security">domain</smbconfoption> parameter.</para>
+ <para>
+ If a Samba server is a member of a Windows NT Domain (see the <smbconfoption
+ name="security">domain</smbconfoption> parameter) then periodically a running smbd process will try and change
+ the MACHINE ACCOUNT PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb
+ </filename>. This parameter specifies how often this password will be changed, in seconds. The default is one
+ week (expressed in seconds), the same as a Windows NT Domain member server.
+ </para>
+
+ <para>
+ See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>,
+ and the <smbconfoption name="security">domain</smbconfoption> parameter.
+ </para>
</description>
<value type="default">604800</value>
directories you might normally veto DOS/Windows users from seeing
(e.g. <filename moreinfo="none">.AppleDouble</filename>)</para>
-<para>Setting <smbconfoption name="delete veto files">yes</smbconfoption> allows these
+ <para>Setting <smbconfoption name="delete veto files">yes</smbconfoption> allows these
directories to be transparently deleted when the parent directory
is deleted (so long as the user has permissions to do so).</para>
</description>
<para>
An example of us of this parameter is:
-<screen>
+<programlisting>
hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
-</screen>
+</programlisting>
</para>
</description>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter prevents clients from seeing
- special files such as sockets, devices and fifo's in directory
- listings.
-</para>
+
+ <para>
+ This parameter prevents clients from seeing special files such as sockets, devices and
+ fifo's in directory listings.
+ </para>
+
</description>
<value type="default">no</value>
</samba:parameter>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter prevents clients from seeing
- the existance of files that cannot be written to. Defaults to off.
- Note that unwriteable directories are shown as usual.
-</para>
+ <para>
+ This parameter prevents clients from seeing the existance of files that cannot be written to.
+ Defaults to off. Note that unwriteable directories are shown as usual.
+ </para>
</description>
<value type="default">no</value>
</samba:parameter>
context="S"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is for those who want to directly map UNIX
- file names which cannot be represented on Windows/DOS. The mangling
- of names is not always what is needed. In particular you may have
+ <para>
+ This is for those who want to directly map UNIX file names which cannot be represented on
+ Windows/DOS. The mangling of names is not always what is needed. In particular you may have
documents with file extensions that differ between DOS and UNIX.
For example, under UNIX it is common to use <filename moreinfo="none">.html</filename>
for HTML files, whereas under Windows/DOS <filename moreinfo="none">.htm</filename>
- is more commonly used.</para>
+ is more commonly used.
+ </para>
- <para>So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename>
- you would use:</para>
+ <para>
+ So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename>
+ you would use:
+ </para>
-<para><smbconfoption name="mangled map">(*.html *.htm)</smbconfoption>.</para>
+ <para>
+ <smbconfoption name="mangled map">(*.html *.htm)</smbconfoption>.
+ </para>
- <para>One very useful case is to remove the annoying <filename moreinfo="none">;1
- </filename> off the ends of filenames on some CDROMs (only visible
- under some UNIXes). To do this use a map of (*;1 *;).</para>
+ <para>
+ One very useful case is to remove the annoying <filename moreinfo="none">;1</filename> off
+ the ends of filenames on some CDROMs (only visible under some UNIXes). To do this use a map of
+ (*;1 *;).
+ </para>
</description>
<value type="default"><comment>no mangled map</comment></value>
should be mapped to DOS-compatible names ("mangled") and made visible,
or whether non-DOS names should simply be ignored.</para>
-<para>See the section on <smbconfoption name="name mangling"/> for
+ <para>See the section on <smbconfoption name="name mangling"/> for
details on how to control the mangling process.</para>
<para>If mangling is used then the mangling algorithm is as follows:</para>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This controls whether the DOS archive attribute
+ <para>
+ This controls whether the DOS archive attribute
should be mapped to the UNIX owner execute bit. The DOS archive bit
is set when a file has been modified since its last backup. One
motivation for this option it to keep Samba/your PC from making
any file it touches from becoming executable under UNIX. This can
- be quite annoying for shared source code, documents, etc...</para>
+ be quite annoying for shared source code, documents, etc...
+ </para>
-<para>Note that this requires the <smbconfoption name="create mask"/>
- parameter to be set such that owner execute bit is not masked out
- (i.e. it must include 100). See the parameter <smbconfoption name="create mask"/> for details.</para>
+ <para>
+ Note that this requires the <smbconfoption name="create mask"/> parameter to be set such that owner
+ execute bit is not masked out (i.e. it must include 100). See the parameter
+ <smbconfoption name="create mask"/> for details.
+ </para>
</description>
<value type="default">yes</value>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This controls whether DOS style hidden files
- should be mapped to the UNIX world execute bit.</para>
+ <para>
+ This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
+ </para>
-<para>Note that this requires the <smbconfoption name="create mask"/>
- to be set such that the world execute bit is not masked out (i.e.
- it must include 001). See the parameter <smbconfoption name="create mask"/> for details.</para>
+ <para>
+ Note that this requires the <smbconfoption name="create mask"/> to be set such that the world execute
+ bit is not masked out (i.e. it must include 001). See the parameter <smbconfoption name="create mask"/>
+ for details.
+ </para>
</description>
<value type="boolean">no</value>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This controls whether DOS style system files
- should be mapped to the UNIX group execute bit.</para>
+ <para>
+ This controls whether DOS style system files should be mapped to the UNIX group execute bit.
+ </para>
-<para>Note that this requires the <smbconfoption name="create mask"/>
- to be set such that the group execute bit is not masked out (i.e.
- it must include 010). See the parameter <smbconfoption name="create mask"/>
- for details.</para>
- </description>
- <value type="default">no</value>
+ <para>
+ Note that this requires the <smbconfoption name="create mask"/> to be set such that the group
+ execute bit is not masked out (i.e. it must include 010). See the parameter
+ <smbconfoption name="create mask"/> for details.
+ </para>
+</description>
+<value type="default">no</value>
</samba:parameter>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para> This controls if new filenames are created
- with the case that the client passes, or if they are forced to
- be the <smbconfoption name="default case"/>.</para>
- <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for a fuller discussion.</para>
+ <para>
+ This controls if new filenames are created with the case that the client passes, or if
+ they are forced to be the <smbconfoption name="default case"/>.
+ </para>
+
+ <para>
+ See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for a fuller discussion.
+ </para>
</description>
<value type="default">yes</value>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>If this parameter is set Samba no longer attempts to
- map DOS attributes like SYSTEM, HIDDEN, ARCHIVE or READ-ONLY
- to UNIX permission bits (such as the <smbconfoption name="map hidden"/>. Instead, DOS attributes will be stored onto an extended
- attribute in the UNIX filesystem, associated with the file or directory.
- For this to operate correctly, the parameters <smbconfoption name="map hidden"/>, <smbconfoption name="map system"/>, <smbconfoption name="map archive"/> must be set to off.
- This parameter writes the DOS attributes as a string into the
- extended attribute named "user.DOSATTRIB". This extended attribute
- is explicitly hidden from smbd clients requesting an EA list.
- On Linux the filesystem must have been mounted with the mount
- option user_xattr in order for extended attributes to work, also
+ <para>
+ If this parameter is set Samba no longer attempts to map DOS attributes like SYSTEM, HIDDEN,
+ ARCHIVE or READ-ONLY to UNIX permission bits (such as the <smbconfoption name="map hidden"/>.
+ Instead, DOS attributes will be stored onto an extended attribute in the UNIX filesystem,
+ associated with the file or directory. For this to operate correctly, the parameters
+ <smbconfoption name="map hidden"/>, <smbconfoption name="map system"/>,
+ <smbconfoption name="map archive"/> must be set to off. This parameter writes the DOS
+ attributes as a string into the extended attribute named "user.DOSATTRIB". This extended attribute
+ is explicitly hidden from smbd clients requesting an EA list.i On Linux the filesystem must have
+ been mounted with the mount option user_xattr in order for extended attributes to work, also
extended attributes must be compiled into the Linux kernel.
</para>
</description>
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a list of files and directories that
- are neither visible nor accessible. Each entry in the list must
- be separated by a '/', which allows spaces to be included
- in the entry. '*' and '?' can be used to specify multiple files
- or directories as in DOS wildcards.</para>
+ <para>
+ This is a list of files and directories that are neither visible nor accessible. Each entry in
+ the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
+ can be used to specify multiple files or directories as in DOS wildcards.
+ </para>
- <para>Each entry must be a unix path, not a DOS path and
- must <emphasis>not</emphasis> include the unix directory
- separator '/'.</para>
+ <para>
+ Each entry must be a unix path, not a DOS path and must <emphasis>not</emphasis> include the
+ unix directory separator '/'.
+ </para>
-<para>Note that the <smbconfoption name="case sensitive"/> option
- is applicable in vetoing files.</para>
+ <para>
+ Note that the <smbconfoption name="case sensitive"/> option is applicable in vetoing files.
+ </para>
- <para>One feature of the veto files parameter that it
- is important to be aware of is Samba's behaviour when
- trying to delete a directory. If a directory that is
- to be deleted contains nothing but veto files this
- deletion will <emphasis>fail</emphasis> unless you also set
- the <smbconfoption name="delete veto files"/> parameter to
- <parameter moreinfo="none">yes</parameter>.</para>
+ <para>
+ One feature of the veto files parameter that it is important to be aware of is Samba's behaviour when
+ trying to delete a directory. If a directory that is to be deleted contains nothing but veto files this
+ deletion will <emphasis>fail</emphasis> unless you also set the <smbconfoption name="delete veto files"/>
+ parameter to <parameter moreinfo="none">yes</parameter>.
+ </para>
- <para>Setting this parameter will affect the performance
- of Samba, as it will be forced to check all files and directories
- for a match as they are scanned.</para>
+ <para>
+ Setting this parameter will affect the performance of Samba, as it will be forced to check all files
+ and directories for a match as they are scanned.
+ </para>
<para>
Examples of use include:
-<screen>
+<programlisting>
; Veto any files containing the word Security,
; any ending in .tmp, and any directory containing the
; word root.
; Veto the Apple specific files that a NetAtalk server
; creates.
veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
-</screen>
+</programlisting>
</para>
</description>
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only valid when the
- <smbconfoption name="oplocks"/>
+ <para>
+ This parameter is only valid when the <smbconfoption name="oplocks"/>
parameter is turned on for a share. It allows the Samba administrator
to selectively turn off the granting of oplocks on selected files that
match a wildcarded list, similar to the wildcarded list used in the
- <smbconfoption name="veto files"/>
- parameter.</para>
+ <smbconfoption name="veto files"/> parameter.
+ </para>
- <para>You might want to do this on files that you know will
- be heavily contended for by clients. A good example of this
- is in the NetBench SMB benchmark program, which causes heavy
- client contention for files ending in <filename moreinfo="none">.SEM</filename>.
- To cause Samba not to grant oplocks on these files you would use
- the line (either in the [global] section or in the section for
- the particular NetBench share :</para>
+ <para>
+ You might want to do this on files that you know will be heavily contended
+ for by clients. A good example of this is in the NetBench SMB benchmark
+ program, which causes heavy client contention for files ending in
+ <filename moreinfo="none">.SEM</filename>. To cause Samba not to grant
+ oplocks on these files you would use the line (either in the [global]
+ section or in the section for the particular NetBench share.
+ </para>
<para>
An example of use is:
-<screen>
+<programlisting>
veto oplock files = /.*SEM/
-</screen>
+</programlisting>
</para>
</description>
<value type="default"><comment>No files are vetoed for oplock grants</comment></value>
<para> This parameter specifies whether a delete
operation in the ldapsam deletes the complete entry or only the attributes
specific to Samba.
-</para>
+ </para>
</description>
<value type="default">no</value>
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameters specifies the suffix that is
- used when storing idmap mappings. If this parameter
- is unset, the value of <smbconfoption name="ldap suffix"/>
- will be used instead. The suffix string is pre-pended to the
- <smbconfoption name="ldap suffix"/> string so use a partial DN.</para>
+ <para>
+ This parameters specifies the suffix that is used when storing idmap mappings. If this parameter
+ is unset, the value of <smbconfoption name="ldap suffix"/> will be used instead. The suffix
+ string is pre-pended to the <smbconfoption name="ldap suffix"/> string so use a partial DN.
+ </para>
</description>
<value type="default"></value>
<value type="example">ou=Idmap</value>
context="G"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only available if Samba has been
- configure to include the <command moreinfo="none">--with-ldapsam</command> option
- at compile time.</para>
+ <para>
+ This parameter is only available if Samba has been configure to include the
+ <command moreinfo="none">--with-ldapsam</command> option at compile time.
+ </para>
- <para>This option is used to control the tcp port number used to contact
- the <smbconfoption name="ldap server"/>.
- The default is to use the stand LDAPS port 636.</para>
+ <para>
+ This option is used to control the tcp port number used to contact the
+ <smbconfoption name="ldap server"/>. The default is to use the stand LDAPS port 636.
+ </para>
</description>
<related>ldap ssl</related>
<value type="default">636<comment>if ldap ssl = on</comment></value>
type="integer"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>When Samba is asked to write to a read-only LDAP
-replica, we are redirected to talk to the read-write master server.
-This server then replicates our changes back to the 'local' server,
-however the replication might take some seconds, especially over slow
-links. Certain client activities, particularly domain joins, can become
-confused by the 'success' that does not immediately change the LDAP
-back-end's data. </para>
- <para>This option simply causes Samba to wait a short time, to
-allow the LDAP server to catch up. If you have a particularly
-high-latency network, you may wish to time the LDAP replication with a
-network sniffer, and increase this value accordingly. Be aware that no
-checking is performed that the data has actually replicated.</para>
- <para>The value is specified in milliseconds, the maximum
-value is 5000 (5 seconds).</para>
+ <para>
+ When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server.
+ This server then replicates our changes back to the 'local' server, however the replication might take some seconds,
+ especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success'
+ that does not immediately change the LDAP back-end's data.
+ </para>
+
+ <para>
+ This option simply causes Samba to wait a short time, to allow the LDAP server to catch up. If you have a particularly
+ high-latency network, you may wish to time the LDAP replication with a network sniffer, and increase this value accordingly.
+ Be aware that no checking is performed that the data has actually replicated.
+ </para>
+
+ <para>
+ The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
+ </para>
</description>
<value type="default">1000</value>
</samba:parameter>
type="integer"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>When Samba connects to an ldap server that server
-may be down or unreachable. To prevent Samba from hanging whilst
-waiting for the connection this parameter specifies in seconds how
-long Samba should wait before failing the connect. The default is
-to only wait fifteen seconds for the ldap server to respond to the
-connect request.</para>
+ <para>
+ When Samba connects to an ldap server that servermay be down or unreachable. To prevent Samba from hanging whilst
+ waiting for the connection this parameter specifies in seconds how long Samba should wait before failing the
+ connect. The default is to only wait fifteen seconds for the ldap server to respond to the connect request.
+ </para>
</description>
<value type="default">15</value>
</samba:parameter>
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter specifies where users are added to the tree.
- If this parameter is unset, the value of <smbconfoption
- name="ldap suffix"/> will be used instead. The suffix string is pre-pended to the
- <smbconfoption name="ldap suffix"/> string so use a partial DN.</para>
+ <para>
+ This parameter specifies where users are added to the tree. If this parameter is unset,
+ the value of <smbconfoption name="ldap suffix"/> will be used instead. The suffix
+ string is pre-pended to the <smbconfoption name="ldap suffix"/> string so use a partial DN.
+ </para>
</description>
<value type="default"/>
type="enum"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This stands for <emphasis>client-side caching
- policy</emphasis>, and specifies how clients capable of offline
- caching will cache the files in the share. The valid values
- are: manual, documents, programs, disable.</para>
+ <para>
+ This stands for <emphasis>client-side caching policy</emphasis>, and specifies how clients capable of offline
+ caching will cache the files in the share. The valid values are: manual, documents, programs, disable.
+ </para>
- <para>These values correspond to those used on Windows servers.</para>
+ <para>
+ These values correspond to those used on Windows servers.
+ </para>
- <para>For example, shares containing roaming profiles can have
- offline caching disabled using <smbconfoption name="csc policy">disable</smbconfoption>.</para>
+ <para>
+ For example, shares containing roaming profiles can have offline caching disabled using
+ <smbconfoption name="csc policy">disable</smbconfoption>.
+ </para>
</description>
<value type="default">manual</value>
<value type="example">programs</value>
in case the lock could later be acquired. This behavior
is used to support PC database formats such as MS Access
and FoxPro.
-</para>
+ </para>
</description>
<value type="default">3</value>
</samba:parameter>
type="integer"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a tuning parameter added due to bugs in
- both Windows 9x and WinNT. If Samba responds to a client too
- quickly when that client issues an SMB that can cause an oplock
- break request, then the network client can fail and not respond
- to the break request. This tuning parameter (which is set in milliseconds)
- is the amount of time Samba will wait before sending an oplock break
- request to such (broken) clients.</para>
+ <para>
+ This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too
+ quickly when that client issues an SMB that can cause an oplock break request, then the network client can
+ fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount
+ of time Samba will wait before sending an oplock break request to such (broken) clients.
+ </para>
- <warning><para>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND
- UNDERSTOOD THE SAMBA OPLOCK CODE.</para></warning>
- </description>
- <value type="default">0</value>
+ <warning><para>
+ DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
+ </para></warning>
+</description>
+<value type="default">0</value>
</samba:parameter>
type="integer"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a <emphasis>very</emphasis> advanced
- <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> tuning option to
- improve the efficiency of the granting of oplocks under multiple
- client contention for the same file.</para>
+ <para>
+ This is a <emphasis>very</emphasis> advanced <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> tuning option to improve the efficiency of the
+ granting of oplocks under multiple client contention for the same file.
+ </para>
- <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested
- if the approximate number of clients contending for an oplock on the same file goes over this
+ <para>
+ In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested if the
+ approximate number of clients contending for an oplock on the same file goes over this
limit. This causes <command moreinfo="none">smbd</command> to behave in a similar
- way to Windows NT.</para>
+ way to Windows NT.
+ </para>
-<warning><para>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ
- AND UNDERSTOOD THE SAMBA OPLOCK CODE.</para></warning>
+ <warning><para>
+ DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
+ </para></warning>
</description>
<value type="default">2</value>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This boolean option tells <command moreinfo="none">smbd</command> whether to
+ <para>
+ This boolean option tells <command moreinfo="none">smbd</command> whether to
issue oplocks (opportunistic locks) to file open requests on this
share. The oplock code can dramatically (approx. 30% or more) improve
the speed of access to files on Samba servers. It allows the clients
to aggressively cache files locally and you may want to disable this
option for unreliable network environments (it is turned on by
default in Windows NT Servers). For more information see the file
- <filename moreinfo="none">Speed.txt</filename> in the Samba <filename moreinfo="none">docs/</filename>
- directory.</para>
+ <filename moreinfo="none">Speed.txt</filename> in the Samba
+ <filename moreinfo="none">docs/</filename> directory.
+ </para>
- <para>Oplocks may be selectively turned off on certain files with a
- share. See the <smbconfoption name="veto oplock files"/> parameter. On some systems
+ <para>
+ Oplocks may be selectively turned off on certain files with a share. See
+ the <smbconfoption name="veto oplock files"/> parameter. On some systems
oplocks are recognized by the underlying operating system. This
allows data synchronization between all access to oplocked files,
whether it be via Samba or NFS or a local UNIX process. See the
- <parameter moreinfo="none">kernel oplocks</parameter> parameter for details.</para>
+ <smbconfoption name="kernel oplocks"/> parameter for details.
+ </para>
</description>
<related>kernel oplocks</related>
context="S"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>The <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>
- daemon maintains an database of file locks obtained by SMB clients.
- The default behavior is to map this internal database to POSIX
- locks. This means that file locks obtained by SMB clients are
- consistent with those seen by POSIX compliant applications accessing
- the files via a non-SMB method (e.g. NFS or local file access).
- You should never need to disable this parameter.</para>
+ <para>
+ The <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>
+ daemon maintains an database of file locks obtained by SMB clients. The default behavior is
+ to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are
+ consistent with those seen by POSIX compliant applications accessing the files via a non-SMB
+ method (e.g. NFS or local file access). You should never need to disable this parameter.
+ </para>
</description>
<value type="default">yes</value>
</samba:parameter>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a boolean that controls the handling of
- file locking in the server. When this is set to <constant>yes</constant>,
- the server will check every read and write access for file locks, and
- deny access if locks exist. This can be slow on some systems.</para>
+ <para>
+ This is a boolean that controls the handling of file locking in the server. When this is set to <constant>yes</constant>,
+ the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on
+ some systems.
+ </para>
- <para>When strict locking is disabled, the server performs file
- lock checks only when the client explicitly asks for them.</para>
+ <para>
+ When strict locking is disabled, the server performs file lock checks only when the client explicitly asks for them.
+ </para>
- <para>Well-behaved clients always ask for lock checks when it
- is important. So in the vast majority of cases, <command moreinfo="none">strict
- locking = no</command> is acceptable.</para>
- </description>
- <value type="default">yes</value>
+ <para>
+ Well-behaved clients always ask for lock checks when it is important. So in the vast majority of cases,
+ <command moreinfo="none">strict locking = no</command> is acceptable.
+ </para>
+</description>
+<value type="default">yes</value>
</samba:parameter>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>Sometimes the timestamps in the log messages
- are needed with a resolution of higher that seconds, this
- boolean parameter adds microsecond resolution to the timestamp
- message header when turned on.</para>
+ <para>
+ Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this
+ boolean parameter adds microsecond resolution to the timestamp message header when turned on.
+ </para>
<para>
- Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an
- effect.</para>
+ Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an effect.
+ </para>
</description>
<value type="default">no</value>
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>When using only one log file for more then one forked
- <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>-process there may be hard to
- follow which process outputs which message. This boolean parameter
- is adds the process-id to the timestamp message headers in the
- logfile when turned on.</para>
+ <para>
+ When using only one log file for more then one forked <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>-process there may be hard to follow which process outputs which
+ message. This boolean parameter is adds the process-id to the timestamp message headers in the
+ logfile when turned on.
+ </para>
- <para>Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an
- effect.</para>
+ <para>
+ Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an effect.
+ </para>
</description>
<value type="default">no</value>
</samba:parameter>
type="boolean"
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- <synonym>timestamp logs</synonym>
+<synonym>timestamp logs</synonym>
<description>
- <para>Samba debug log messages are timestamped
- by default. If you are running at a high <smbconfoption name="debug level"/> these timestamps
- can be distracting. This boolean parameter allows timestamping
- to be turned off.</para>
+ <para>
+ Samba debug log messages are timestamped by default. If you are running at a high
+ <smbconfoption name="debug level"/> these timestamps can be distracting. This
+ boolean parameter allows timestamping to be turned off.
+ </para>
</description>
<value type="default">yes</value>
</samba:parameter>
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>Samba is sometimes run as root and sometime
- run as the connected user, this boolean parameter inserts the
- current euid, egid, uid and gid to the timestamp message headers
- in the log file if turned on.</para>
+ <para>
+ Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the
+ current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
+ </para>
- <para>Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an
- effect.</para>
+ <para>
+ Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an effect.
+ </para>
</description>
<value type="default">no</value>
</samba:parameter>
developer="1" advanced="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option allows you to override the name
- of the Samba log file (also known as the debug file).</para>
+ <para>
+ This option allows you to override the name of the Samba log file (also known as the debug file).
+ </para>
- <para>This option takes the standard substitutions, allowing
- you to have separate log files for each user or machine.</para>
+ <para>
+ This option takes the standard substitutions, allowing you to have separate log files for each user or machine.
+ </para>
</description>
<value type="example">/usr/local/samba/var/log.%m</value>
</samba:parameter>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>debuglevel</synonym>
<description>
- <para>The value of the parameter (a astring) allows
- the debug level (logging level) to be specified in the
- <filename moreinfo="none">smb.conf</filename> file. This parameter has been
- extended since the 2.2.x series, now it allow to specify the debug
- level for multiple debug classes. This is to give greater
- flexibility in the configuration of the system.</para>
+ <para>
+ The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
+ <filename moreinfo="none">smb.conf</filename> file. This parameter has been extended since the 2.2.x
+ series, now it allow to specify the debug level for multiple debug classes. This is to give greater
+ flexibility in the configuration of the system.
+ </para>
- <para>The default will be the log level specified on
- the command line or level zero if none was specified.</para>
+ <para>
+ The default will be the log level specified on the command line or level zero if none was specified.
+ </para>
</description>
<value type="example">3 passdb:5 auth:10 winbind:2</value>
developer="1" advanced="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option (an integer in kilobytes) specifies
- the max size the log file should grow to. Samba periodically checks
- the size and if it is exceeded it will rename the file, adding
- a <filename moreinfo="none">.old</filename> extension.</para>
+ <para>
+ This option (an integer in kilobytes) specifies the max size the log file should grow to.
+ Samba periodically checks the size and if it is exceeded it will rename the file, adding
+ a <filename moreinfo="none">.old</filename> extension.
+ </para>
-<para>A size of 0 means no limit.</para>
+ <para>A size of 0 means no limit.
+ </para>
</description>
<value type="default">5000</value>
<value type="default">1000</value>
developer="1" advanced="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter maps how Samba debug messages
- are logged onto the system syslog logging levels. Samba debug
- level zero maps onto syslog <constant>LOG_ERR</constant>, debug
- level one maps onto <constant>LOG_WARNING</constant>, debug level
- two maps onto <constant>LOG_NOTICE</constant>, debug level three
- maps onto LOG_INFO. All higher levels are mapped to <constant>
- LOG_DEBUG</constant>.</para>
+ <para>
+ This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
+ Samba debug level zero maps onto syslog <constant>LOG_ERR</constant>, debug level one maps onto
+ <constant>LOG_WARNING</constant>, debug level two maps onto <constant>LOG_NOTICE</constant>,
+ debug level three maps onto LOG_INFO. All higher levels are mapped to <constant>LOG_DEBUG</constant>.
+ </para>
- <para>This parameter sets the threshold for sending messages
- to syslog. Only messages with debug level less than this value
- will be sent to syslog.</para>
+ <para>
+ This parameter sets the threshold for sending messages to syslog. Only messages with debug
+ level less than this value will be sent to syslog.
+ </para>
</description>
<value type="default">1</value>
</samba:parameter>
developer="1" advanced="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>If this parameter is set then Samba debug
- messages are logged into the system syslog only, and not to
- the debug log files.</para>
+ <para>
+ If this parameter is set then Samba debug messages are logged into the system
+ syslog only, and not to the debug log files.
+ </para>
</description>
<value type="default">no</value>
</samba:parameter>
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is the full pathname to a script that will
- be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para>
+ <para>
+ This is the full pathname to a script that will be run <emphasis>AS ROOT</emphasis> by
+ <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>
+ under special circumstances described below.
+ </para>
- <para>Normally, a Samba server requires that UNIX users are
- created for all users accessing files on this server. For sites
- that use Windows NT account databases as their primary user database
- creating these users and keeping the user list in sync with the
- Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users
- <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para>
+ <para>
+ Normally, a Samba server requires that UNIX users are created for all users accessing
+ files on this server. For sites that use Windows NT account databases as their primary
+ user database creating these users and keeping the user list in sync with the Windows
+ NT PDC is an onerous task. This option allows smbd to create the required UNIX users
+ <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.
+ </para>
- <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter>
- and <parameter moreinfo="none">add user script</parameter>
- must be set to a full pathname for a script that will create a UNIX
- user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into
- the UNIX user name to create.</para>
+ <para>
+ In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to
+ <smbconfoption name="security">share</smbconfoption> and <smbconfoption name="add user script"/>
+ must be set to a full pathname for a script that will create a UNIX user given one argument of
+ <parameter moreinfo="none">%u</parameter>, which expands into the UNIX user name to create.
+ </para>
- <para>When the Windows user attempts to access the Samba server,
- at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and
- attempts to authenticate the given user with the given password. If the
- authentication succeeds then <command moreinfo="none">smbd</command>
- attempts to find a UNIX user in the UNIX password database to map the
- Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script
- </parameter> is set then <command moreinfo="none">smbd</command> will
- call the specified script <emphasis>AS ROOT</emphasis>, expanding
- any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para>
+ <para>
+ When the Windows user attempts to access the Samba server, at login (session setup in
+ the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> contacts the <smbconfoption name="password server"/>
+ and attempts to authenticate the given user with the given password. If the authentication
+ succeeds then <command moreinfo="none">smbd</command> attempts to find a UNIX user in the UNIX
+ password database to map the Windows user into. If this lookup fails, and
+ <smbconfoption name="add user script"/> is set then <command moreinfo="none">smbd</command> will
+ call the specified script <emphasis>AS ROOT</emphasis>, expanding any
+ <parameter moreinfo="none">%u</parameter> argument to be the user name to create.
+ </para>
- <para>If this script successfully creates the user then <command moreinfo="none">smbd
- </command> will continue on as though the UNIX user
- already existed. In this way, UNIX users are dynamically created to
- match existing Windows NT accounts.</para>
+ <para>
+ If this script successfully creates the user then <command moreinfo="none">smbd</command> will
+ continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to
+ match existing Windows NT accounts.
+ </para>
<para>
See also <smbconfoption name="security"/>, <smbconfoption name="password server"/>,
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>Full path to the script that will be called when
- a user is added to a group using the Windows NT domain administration
- tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>.
- Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and
+ <para>
+ Full path to the script that will be called when a user is added to a group using the Windows NT domain administration
+ tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>
+ <emphasis>AS ROOT</emphasis>. Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and
any <parameter moreinfo="none">%u</parameter> will be replaced with the user name.
</para>
- <para>Note that the <command>adduser</command> command used in the example below does
- not support the used syntax on all systems. </para>
+ <para>
+ Note that the <command>adduser</command> command used in the example below does
+ not support the used syntax on all systems.
+ </para>
</description>
<value type="default"></value>
This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.
</para>
- <warning>
- <para>
- Do not quote the value. Setting this as <quote>\\%N\profile\%U</quote>
- will break profile handling. Where the tdbsam or ldapsam passdb backend
- is used, at the time the user account is created the value configured
- for this parameter is written to the passdb backend and that value will
- over-ride the parameter value present in the smb.conf file. Any error
- present in the passdb backend account record must be editted using the
- appropriate tool (pdbedit on the command-line, or any other locally
- provided system tool.
- </para>
- </warning>
+ <warning><para>
+ Do not quote the value. Setting this as <quote>\\%N\profile\%U</quote>
+ will break profile handling. Where the tdbsam or ldapsam passdb backend
+ is used, at the time the user account is created the value configured
+ for this parameter is written to the passdb backend and that value will
+ over-ride the parameter value present in the smb.conf file. Any error
+ present in the passdb backend account record must be editted using the
+ appropriate tool (pdbedit on the command-line, or any other locally
+ provided system tool.
+ </para></warning>
<para>Note that this option is only useful if Samba is set up as a domain controller.</para>
<para>
An example of use is:
-<screen>
+<programlisting>
logon path = \\PROFILESERVER\PROFILE\%U
-</screen>
+</programlisting>
</para>
</description>
<value type="default">\\%N\%U\profile</value>
service specifies a <smbconfoption name="path"/> of <filename
moreinfo="none">/usr/local/samba/netlogon</filename>, and <smbconfoption name="logon
script">STARTUP.BAT</smbconfoption>, then the file that will be downloaded is:
- <screen>
+<programlisting>
/usr/local/samba/netlogon/STARTUP.BAT
- </screen>
+</programlisting>
</para>
<para>
The contents of the batch file are entirely your choice. A suggested command would be to add <command
moreinfo="none">NET TIME \\SERVER /SET /YES</command>, to force every machine to synchronize clocks with the
same time server. Another use would be to add <command moreinfo="none">NET USE U: \\SERVER\UTILS</command>
- for commonly used utilities, or <screen> <userinput>NET USE Q: \\SERVER\ISO9001_QA</userinput></screen> for
- example.
+ for commonly used utilities, or
+<programlisting>
+<userinput>NET USE Q: \\SERVER\ISO9001_QA</userinput>
+</programlisting>
+ for example.
</para>
<para>
/sbin/shutdown $3 $4 +$time $1 &
</programlisting>
-Shutdown does not return so we need to launch it in background.
-</para>
+ Shutdown does not return so we need to launch it in background.
+ </para>
+
</description>
<related>abort shutdown script</related>
<value type="default"></value>
the <parameter>path</parameter> parameter is a local AFS import. The
special AFS features include the attempt to hand-craft an AFS token
if you enabled --with-fake-kaserver in configure.
-</para>
+ </para>
</description>
<value type="default">no</value>
<para>Note: Your script should <emphasis>NOT</emphasis> be setuid or
setgid and should be owned by (and writeable only by) root!</para>
- <para>Where the script dfree (which must be made executable) could be:</para>
-
-<para><programlisting format="linespecific">
+ <para>Where the script dfree (which must be made executable) could be:
+<programlisting format="linespecific">
#!/bin/sh
df $1 | tail -1 | awk '{print $2" "$4}'
-</programlisting></para>
-
- <para>or perhaps (on Sys V based systems):</para>
+</programlisting>
+ </para>
-<para><programlisting format="linespecific">
+ <para>or perhaps (on Sys V based systems):
+<programlisting format="linespecific">
#!/bin/sh
/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
-</programlisting></para>
+</programlisting>
+ </para>
- <para>Note that you may have to replace the command names with full path names on some systems.</para>
+ <para>
+ Note that you may have to replace the command names with full path names on some systems.
+ </para>
</description>
<value type="default"><comment>By default internal routines for
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter allows the Samba administrator
- to stop <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> from following symbolic
- links in a particular share. Setting this
- parameter to <constant>no</constant> prevents any file or directory
- that is a symbolic link from being followed (the user will get an
- error). This option is very useful to stop users from adding a
- symbolic link to <filename moreinfo="none">/etc/passwd</filename> in their home
- directory for instance. However it will slow filename lookups
- down slightly.</para>
+ <para>
+ This parameter allows the Samba administrator to stop <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> from following symbolic links in a particular share. Setting this
+ parameter to <constant>no</constant> prevents any file or directory that is a symbolic link from being
+ followed (the user will get an error). This option is very useful to stop users from adding a symbolic
+ link to <filename moreinfo="none">/etc/passwd</filename> in their home directory for instance. However
+ it will slow filename lookups down slightly.
+ </para>
- <para>This option is enabled (i.e. <command moreinfo="none">smbd</command> will
- follow symbolic links) by default.</para>
+ <para>
+ This option is enabled (i.e. <command moreinfo="none">smbd</command> will follow symbolic links) by default.
+ </para>
</description>
<value type="default">yes</value>
</samba:parameter>
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter allows the administrator to
- configure the string that specifies the type of filesystem a share
- is using that is reported by <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> when a client queries the filesystem type
- for a share. The default type is <constant>NTFS</constant> for
- compatibility with Windows NT but this can be changed to other
- strings such as <constant>Samba</constant> or <constant>FAT
- </constant> if required.</para>
+ <para>
+ This parameter allows the administrator to configure the string that specifies the type of filesystem a share
+ is using that is reported by <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>
+ when a client queries the filesystem type for a share. The default type is <constant>NTFS</constant> for compatibility
+ with Windows NT but this can be changed to other strings such as <constant>Samba</constant> or <constant>FAT</constant>
+ if required.
+ </para>
</description>
<value type="default">NTFS</value>
<value type="example">Samba</value>
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>If <smbconfoption name="nis homedir"/> is <constant>yes</constant>,
- and <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> is also acting
- as a Win95/98 <parameter moreinfo="none">logon server</parameter> then this parameter
- specifies the NIS (or YP) map from which the server for the user's
- home directory should be extracted. At present, only the Sun
- auto.home map format is understood. The form of the map is:</para>
-
- <para><command moreinfo="none">username server:/some/file/system</command></para>
-
- <para>and the program will extract the servername from before
- the first ':'. There should probably be a better parsing system
- that copes with different map formats and also Amd (another
- automounter) maps.</para>
+ <para>
+ If <smbconfoption name="nis homedir"/> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> is also acting as a Win95/98 <parameter moreinfo="none">logon server</parameter>
+ then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted.
+ At present, only the Sun auto.home map format is understood. The form of the map is:
+<programlisting>
+<command moreinfo="none">username server:/some/file/system</command>
+</programlisting>
+ and the program will extract the servername from before the first ':'. There should probably be a better parsing system
+ that copes with different map formats and also Amd (another automounter) maps.
+ </para>
- <note><para>A working NIS client is required on
- the system for this option to work.</para></note>
+ <note><para>
+ A working NIS client is required on the system for this option to work.
+ </para></note>
</description>
<related>nis homedir</related>
<related>domain logons</related>
hide="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This allows you to include one config file
- inside another. The file is included literally, as though typed
- in place.</para>
+ <para>
+ This allows you to include one config file inside another. The file is included literally, as though typed
+ in place.
+ </para>
- <para>It takes the standard substitutions, except <parameter moreinfo="none">%u
- </parameter>, <parameter moreinfo="none">%P</parameter> and <parameter moreinfo="none">%S</parameter>.
-</para>
+ <para>
+ It takes the standard substitutions, except <parameter moreinfo="none">%u</parameter>,
+ <parameter moreinfo="none">%P</parameter> and <parameter moreinfo="none">%S</parameter>.
+ </para>
</description>
<value type="default"></value>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter specifies the name of a file
- which will contain output created by a magic script (see the
+ This parameter specifies the name of a file which will contain output created by a magic script (see the
<smbconfoption name="magic script"/> parameter below).
</para>
-<warning><para>If two clients use the same <parameter moreinfo="none">magic script
- </parameter> in the same directory the output file content
- is undefined.</para></warning>
+ <warning><para>If two clients use the same <parameter moreinfo="none">magic script
+ </parameter> in the same directory the output file content is undefined.
+ </para></warning>
</description>
<value type="default"><magic script name>.out</value>
deliver the message somehow. How this is to be done is
up to your imagination.</para>
- <para>An example is:</para>
-
- <para><command moreinfo="none">message command = csh -c 'xedit %s;rm %s' &</command>
+ <para>An example is:
+<programlisting>
+<command moreinfo="none">message command = csh -c 'xedit %s;rm %s' &</command>
+</programlisting>
</para>
<para>This delivers the message using <command moreinfo="none">xedit</command>, then
takes your fancy. Please let us know of any really interesting
ideas you have.</para>
- <para>Here's a way of sending the messages as mail to root:</para>
-
- <para><command moreinfo="none">message command = /bin/mail -s 'message from %f on
- %m' root < %s; rm %s</command></para>
+ <para>
+ Here's a way of sending the messages as mail to root:
+<programlisting>
+<command moreinfo="none">message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s</command>
+</programlisting>
+ </para>
<para>If you don't have a message command then the message
won't be delivered and Samba will tell the sender there was
and carries on regardless, saying that the message was delivered.
</para>
- <para>If you want to silently delete it then try:</para>
-
- <para><command moreinfo="none">message command = rm %s</command></para>
+ <para>
+ If you want to silently delete it then try:
+<programlisting>
+<command moreinfo="none">message command = rm %s</command>
+</programlisting>
+ </para>
+
</description>
<value type="default"></value>
<value type="example">csh -c 'xedit %s; rm %s' &</value>
system command to be called when either <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> or <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> crashes. This is usually used to
-draw attention to the fact that a problem occurred.</para>
+ draw attention to the fact that a problem occurred.
+ </para>
</description>
<value type="default"></value>
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option specifies the directory where pid
- files will be placed. </para>
+ <para>
+ This option specifies the directory where pid files will be placed.
+ </para>
</description>
<value type="default">${prefix}/var/locks</value>
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This boolean option controls whether a non-zero
- return code from <smbconfoption name="preexec"/> should close the service being connected to.</para>
+ <para>
+ This boolean option controls whether a non-zero return code from <smbconfoption name="preexec"/>
+ should close the service being connected to.
+ </para>
</description>
<value type="default">no</value>
type="list"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option allows you to setup <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <para>
+ This option allows you to setup <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>to periodically announce itself
- to arbitrary IP addresses with an arbitrary workgroup name.</para>
+ to arbitrary IP addresses with an arbitrary workgroup name.
+ </para>
- <para>This is useful if you want your Samba server to appear
- in a remote workgroup for which the normal browse propagation
- rules don't work. The remote workgroup can be anywhere that you
- can send IP packets to.</para>
+ <para>
+ This is useful if you want your Samba server to appear in a remote workgroup for
+ which the normal browse propagation rules don't work. The remote workgroup can be
+ anywhere that you can send IP packets to.
+ </para>
- <para>For example:</para>
+ <para>
+ For example:
+<programlisting>
+<command moreinfo="none">remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF</command>
+</programlisting>
+ the above line would cause <command moreinfo="none">nmbd</command> to announce itself
+ to the two given IP addresses using the given workgroup names. If you leave out the
+ workgroup name then the one given in the <smbconfoption name="workgroup"/> parameter
+ is used instead.
+ </para>
- <para><command moreinfo="none">remote announce = 192.168.2.255/SERVERS
- 192.168.4.255/STAFF</command></para>
-
- <para>the above line would cause <command moreinfo="none">nmbd</command> to announce itself
- to the two given IP addresses using the given workgroup names.
- If you leave out the workgroup name then the one given in
- the <smbconfoption name="workgroup"/> parameter is used instead.</para>
-
- <para>The IP addresses you choose would normally be the broadcast
- addresses of the remote networks, but can also be the IP addresses
- of known browse masters if your network config is that stable.</para>
+ <para>
+ The IP addresses you choose would normally be the broadcast addresses of the remote
+ networks, but can also be the IP addresses of known browse masters if your network
+ config is that stable.
+ </para>
<para>See <smbconfoption name="NetworkBrowsing"/>.</para>
</description>
type="list"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option allows you to setup <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <para>
+ This option allows you to setup <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> to periodically request
synchronization of browse lists with the master browser of a Samba
server that is on a remote segment. This option will allow you to
gain browse lists for multiple workgroups across routed networks. This
- is done in a manner that does not work with any non-Samba servers.</para>
+ is done in a manner that does not work with any non-Samba servers.
+ </para>
- <para>This is useful if you want your Samba server and all local
+ <para>
+ This is useful if you want your Samba server and all local
clients to appear in a remote workgroup for which the normal browse
propagation rules don't work. The remote workgroup can be anywhere
- that you can send IP packets to.</para>
+ that you can send IP packets to.
+ </para>
- <para>For example:</para>
-
- <para><command moreinfo="none">remote browse sync = 192.168.2.255 192.168.4.255</command></para>
-
- <para>the above line would cause <command moreinfo="none">nmbd</command> to request
+ <para>
+ For example:
+<programlisting>
+<command moreinfo="none">remote browse sync = 192.168.2.255 192.168.4.255</command>
+</programlisting>
+ the above line would cause <command moreinfo="none">nmbd</command> to request
the master browser on the specified subnets or addresses to
- synchronize their browse lists with the local server.</para>
+ synchronize their browse lists with the local server.
+ </para>
- <para>The IP addresses you choose would normally be the broadcast
+ <para>
+ The IP addresses you choose would normally be the broadcast
addresses of the remote networks, but can also be the IP addresses
of known browse masters if your network config is that stable. If
a machine IP address is given Samba makes NO attempt to validate
that the remote machine is available, is listening, nor that it
- is in fact the browse master on its segment.</para>
+ is in fact the browse master on its segment.
+ </para>
</description>
<value type="default"></value>
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is the same as the <parameter moreinfo="none">postexec</parameter>
- parameter except that the command is run as root. This
- is useful for unmounting filesystems
- (such as CDROMs) after a connection is closed.</para>
+ <para>
+ This is the same as the <parameter moreinfo="none">postexec</parameter>
+ parameter except that the command is run as root. This is useful for
+ unmounting filesystems (such as CDROMs) after a connection is closed.
+ </para>
</description>
<related>postexec</related>
advanced="1" wizard="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is the same as the <parameter moreinfo="none">preexec</parameter>
- parameter except that the command is run as root. This
- is useful for mounting filesystems (such as CDROMs) when a
- connection is opened.</para>
+ <para>
+ This is the same as the <parameter moreinfo="none">preexec</parameter>
+ parameter except that the command is run as root. This is useful for
+ mounting filesystems (such as CDROMs) when a connection is opened.
+ </para>
</description>
<related>preexec</related>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>If <command moreinfo="none">set directory = no</command>, then
- users of the service may not use the setdir command to change
- directory.</para>
+ <para>
+ If <command moreinfo="none">set directory = no</command>, then users of the
+ service may not use the setdir command to change directory.
+ </para>
- <para>The <command moreinfo="none">setdir</command> command is only implemented
+ <para>
+ The <command moreinfo="none">setdir</command> command is only implemented
in the Digital Pathworks client. See the Pathworks documentation
- for details.</para>
+ for details.
+ </para>
</description>
<value type="default">no</value>
type="boolean"
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- <description>
- <para>This boolean parameter is only available if
- Samba has been configured and compiled with the option <command moreinfo="none">
- --with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt
- to add utmp or utmpx records (depending on the UNIX system) whenever a
- connection is made to a Samba server. Sites may use this to record the
- user connecting to a Samba share.</para>
+<description>
+ <para>
+ This boolean parameter is only available if Samba has been configured and compiled
+ with the option <command moreinfo="none">--with-utmp</command>. If set to
+ <constant>yes</constant> then Samba will attempt to add utmp or utmpx records
+ (depending on the UNIX system) whenever a connection is made to a Samba server.
+ Sites may use this to record the user connecting to a Samba share.
+ </para>
- <para>Due to the requirements of the utmp record, we
- are required to create a unique identifier for the
- incoming user. Enabling this option creates an n^2
- algorithm to find this number. This may impede
- performance on large installations. </para>
+ <para>
+ Due to the requirements of the utmp record, we are required to create a unique
+ identifier for the incoming user. Enabling this option creates an n^2 algorithm
+ to find this number. This may impede performance on large installations.
+ </para>
</description>
<related>utmp directory</related>
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only available if Samba has
- been configured and compiled with the option <command moreinfo="none">
- --with-utmp</command>. It specifies a directory pathname that is
- used to store the wtmp or wtmpx files (depending on the UNIX system) that
- record user connections to a Samba server. The difference with
- the utmp directory is the fact that user info is kept after a user
- has logged out.</para>
+ <para>
+ This parameter is only available if Samba has been configured and compiled with the option <command moreinfo="none">
+ --with-utmp</command>. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on
+ the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact
+ that user info is kept after a user has logged out.
+ </para>
-<para>
- By default this is
- not set, meaning the system will use whatever utmp file the
- native system is set to use (usually
- <filename moreinfo="none">/var/run/wtmp</filename> on Linux).</para>
+ <para>
+ By default this is not set, meaning the system will use whatever utmp file the native system is set to use (usually
+ <filename moreinfo="none">/var/run/wtmp</filename> on Linux).
+ </para>
</description>
<related>utmp</related>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter is only applicable if <smbconfoption name="printing"/> is
+ This parameter is only applicable if <smbconfoption name="printing"/> is
set to <constant>cups</constant>. Its value is a free form string of options
passed directly to the cups library.
</para>
- <para>You can pass any generic print option known to CUPS (as listed
+ <para>
+ You can pass any generic print option known to CUPS (as listed
in the CUPS "Software Users' Manual"). You can also pass any printer
specific option (as listed in "lpoptions -d printername -l")
- valid for the target queue.</para>
+ valid for the target queue.
+ </para>
- <para>You should set this parameter to <constant>raw</constant> if your CUPS server
+ <para>
+ You should set this parameter to <constant>raw</constant> if your CUPS server
<filename>error_log</filename> file contains messages such as
"Unsupported format 'application/octet-stream'" when printing from a Windows client
through Samba. It is no longer necessary to enable
print="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only applicable if <smbconfoption name="printing"/> is set to <constant>cups</constant>.
+ <para>
+ This parameter is only applicable if <smbconfoption name="printing"/> is set to <constant>cups</constant>.
</para>
- <para>If set, this option overrides the ServerName option in the CUPS
- <filename>client.conf</filename>. This is necessary if you have virtual
- samba servers that connect to different CUPS daemons.</para>
+ <para>
+ If set, this option overrides the ServerName option in the CUPS <filename>client.conf</filename>. This is
+ necessary if you have virtual samba servers that connect to different CUPS daemons.
+ </para>
</description>
<value type="default">""</value>
been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none">
smb.conf</filename> to associated printer no longer exists.
If the sharename is still valid, then <command moreinfo="none">smbd
-</command> will return an ACCESS_DENIED error to the client.</para>
+ </command> will return an ACCESS_DENIED error to the client.</para>
</description>
<related>addprinter command</related>
can define <parameter moreinfo="none">enumports command</parameter> to point to
a program which should generate a list of ports, one per line,
to standard output. This listing will then be used in response
- to the level 1 and 2 EnumPorts() RPC.</para>
+ to the level 1 and 2 EnumPorts() RPC.</para>
</description>
<value type="default"></value>
<para>A boolean variable that controls whether all
printers in the printcap will be loaded for browsing by default.
See the <smbconfoption name="printers"/> section for
- more details.</para>
+ more details.</para>
</description>
<value type="default">yes</value>
<related>printing</related>
<value type="default"><comment>Currently no default value is given to
- this string, unless the value of the <parameter moreinfo="none">printing</parameter>
- parameter is <constant>SYSV</constant>, in which case the default is : <command moreinfo="none">lp -i %p-%j -H hold</command> or if the value of the <parameter moreinfo="none">printing</parameter> parameter is <constant>SOFTQ</constant>, then the default is: <command moreinfo="none">qstat -s -j%j -h</command>. </comment></value>
+ this string, unless the value of the <smbconfoption name="printing"/>
+ parameter is <constant>SYSV</constant>, in which case the default is :
+ <command moreinfo="none">lp -i %p-%j -H hold</command> or if the value of the
+ <parameter moreinfo="none">printing</parameter> parameter is
+ <constant>SOFTQ</constant>, then the default is:
+ <command moreinfo="none">qstat -s -j%j -h</command>. </comment></value>
<value type="example">/usr/bin/lpalt %p-%j -p0</value>
</samba:parameter>
<para><command moreinfo="none">lp -i %p-%j -H resume</command></para>
<para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter
- is <constant>SOFTQ</constant>, then the default is:</para>
+ is <constant>SOFTQ</constant>, then the default is:</para>
<para><command moreinfo="none">qstat -s -j%j -r</command></para>
</description>
<para>
Examples of use are:
-<screen>
+<programlisting>
lprm command = /usr/bin/lprm -P%p %j
or
lprm command = /usr/bin/cancel %p-%j
-</screen>
+</programlisting>
</para>
</description>
print="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter limits the maximum number of
- jobs displayed in a port monitor for Samba printer queue at any given
- moment. If this number is exceeded, the excess jobs will not be shown.
- A value of zero means there is no limit on the number of print
- jobs reported.</para>
+ <para>
+ This parameter limits the maximum number of jobs displayed in a port monitor for
+ Samba printer queue at any given moment. If this number is exceeded, the excess
+ jobs will not be shown. A value of zero means there is no limit on the number of
+ print jobs reported.
+ </para>
</description>
<related>max print jobs</related>
LaserJet 5L</command>.</para>
<para>
- The need for the file is due to the printer driver namespace problem described in <link
- linkend="classicalprinting">the chapter on Classical Printing in the book Samba3-HOWTO</link>. For more
- details on OS/2 clients, please refer to <link linkend="Other-Clients"/>.
- </para>
+ The need for the file is due to the printer driver namespace problem described in <link
+ linkend="classicalprinting">the chapter on Classical Printing in the book Samba3-HOWTO</link>. For more
+ details on OS/2 clients, please refer to <link linkend="Other-Clients"/>.
+ </para>
</description>
<value type="default"/>
</samba:parameter>
packs do security ACL checking on the owner and ability to write of the
profile directory stored on a local workstation when copied from a Samba
share.
-</para>
+ </para>
-<para>When not in domain mode with winbindd then the security info copied
+ <para>
+ When not in domain mode with winbindd then the security info copied
onto the local workstation has no meaning to the logged in user (SID) on
that workstation so the profile storing fails. Adding this parameter
onto a share used for profile storage changes two things about the
BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
every returned ACL. This will allow any Windows 2000 or XP workstation
- user to access the profile.</para>
+ user to access the profile.
+ </para>
- <para>Note that if you have multiple users logging
+ <para>
+ Note that if you have multiple users logging
on to a workstation then in order to prevent them from being able to access
each others profiles you must remove the "Bypass traverse checking" advanced
user right. This will prevent access to other users profile directories as
the top level profile directory (named after the user) is created by the
workstation profile code and has an ACL restricting entry to the directory
tree to the owning user.
-</para>
+ </para>
</description>
<value type="default">no</value>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This option only takes effect when the <smbconfoption name="security"/> option is set to
+ This option only takes effect when the <smbconfoption name="security"/> option is set to
<constant>server</constant>,<constant>domain</constant> or <constant>ads</constant>.
If it is set to no, then attempts to connect to a resource from
a domain or workgroup other than the one which smbd is running
basic="1" advanced="1" wizard="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
+
<para>
- This option allows the administrator to chose what authentication methods <command
- moreinfo="none">smbd</command> will use when authenticating a user. This option defaults to sensible values
- based on <smbconfoption name="security"/>. This should be considered a developer option and used only in rare
- circumstances. In the majority (if not all) of production servers, the default setting should be adequate.
- </para>
+ This option allows the administrator to chose what authentication methods <command moreinfo="none">smbd</command>
+ will use when authenticating a user. This option defaults to sensible values based on <smbconfoption name="security"/>.
+ This should be considered a developer option and used only in rare circumstances. In the majority (if not all)
+ of production servers, the default setting should be adequate.
+ </para>
- <para>Each entry in the list attempts to authenticate the user in turn, until
+ <para>
+ Each entry in the list attempts to authenticate the user in turn, until
the user authenticates. In practice only one method will ever actually
be able to complete the authentication.
</para>
- <para>Possible options include <constant>guest</constant> (anonymous access),
+ <para>
+ Possible options include <constant>guest</constant> (anonymous access),
<constant>sam</constant> (lookups in local list of accounts based on netbios
name or domain name), <constant>winbind</constant> (relay authentication requests
for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd
method of authentication for remote domain users; deprecated in favour of winbind method),
<constant>trustdomain</constant> (authenticate trusted users by contacting the
- remote DC directly from smbd; deprecated in favour of winbind method).</para>
+ remote DC directly from smbd; deprecated in favour of winbind method).
+ </para>
+
</description>
<value type="default"/>
<value type="example">guest sam winbind</value>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This controls whether the client offers or even
- demands the use of the netlogon schannel.
- <parameter>client schannel = no</parameter> does not
- offer the schannel, <parameter>client schannel =
- auto</parameter> offers the schannel but does not
- enforce it, and <parameter>client schannel =
- yes</parameter> denies access if the server is not
- able to speak netlogon schannel. </para>
+ <para>
+ This controls whether the client offers or even demands the use of the netlogon schannel.
+ <smbconfoption name="client schannel">no</smbconfoption> does not offer the schannel,
+ <smbconfoption name="client schannel">auto</smbconfoption> offers the schannel but does not
+ enforce it, and <smbconfoption name="client schannel">yes</smbconfoption> denies access
+ if the server is not able to speak netlogon schannel.
+ </para>
</description>
<value type="default">auto</value>
<value type="example">yes</value>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>If this parameter is set, a Windows NT ACL that contains an unknown
- SID (security descriptor, or representation of a user or group
- id) as the owner or group owner of the file will be silently
- mapped into the current UNIX uid or gid of the currently
- connected user.</para>
+ <para>
+ If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or
+ representation of a user or group id) as the owner or group owner of the file will be silently
+ mapped into the current UNIX uid or gid of the currently connected user.
+ </para>
- <para>This is designed to allow Windows NT clients to copy files and
- folders containing ACLs that were created locally on the client
- machine and contain users local to that machine only (no domain
- users) to be copied to a Samba server (usually with XCOPY /O)
- and have the unknown userid and groupid of the file owner map to
- the current connected user. This can only be fixed correctly
- when winbindd allows arbitrary mapping from any Windows NT SID
- to a UNIX uid or gid.</para>
+ <para>
+ This is designed to allow Windows NT clients to copy files and folders containing ACLs that were
+ created locally on the client machine and contain users local to that machine only (no domain
+ users) to be copied to a Samba server (usually with XCOPY /O) and have the unknown userid and
+ groupid of the file owner map to the current connected user. This can only be fixed correctly
+ when winbindd allows arbitrary mapping from any Windows NT SID to a UNIX uid or gid.
+ </para>
- <para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED
- error.</para>
+ <para>
+ Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+ </para>
</description>
<value type="default">no</value>
</para>
Examples of use are:
-<screen>
+<programlisting>
passdb backend = tdbsam:/etc/samba/private/passdb.tdb \
smbpasswd:/etc/samba/smbpasswd
or
passdb backend = mysql:my_plugin_args tdbsam
-</screen>
+</programlisting>
</description>
<value type="default">smbpasswd</value>
<para>The setting of this parameter determines whether user and
group list information is returned for an anonymous connection.
and mirrors the effects of the
-<screen>
+<programlisting>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\LSA\RestrictAnonymous
-</screen>
+</programlisting>
registry key in Windows 2000 and Windows NT. When set to 0, user
and group list information is returned to anyone who asks. When set
to 1, only an authenticated user can retrive user and
<para>This option sets the path to the encrypted smbpasswd file. By
default the path to the smbpasswd file is compiled into Samba.</para>
- <para>
- An example of use is:
-<screen>
+ <para>
+ An example of use is:
+<programlisting>
smb passwd file = /etc/samba/smbpasswd
-</screen>
- </para>
+</programlisting>
+ </para>
</description>
<value type="default">${prefix}/private/smbpasswd</value>
guest = *
</programlisting></para>
- <para>Note that the remapping is applied to all occurrences
+ <para>
+ Note that the remapping is applied to all occurrences
of usernames. Thus if you connect to \\server\fred and <constant>
fred</constant> is remapped to <constant>mary</constant> then you
will actually be connecting to \\server\mary and will need to
supply a password suitable for <constant>mary</constant> not
<constant>fred</constant>. The only exception to this is the
- username passed to the <smbconfoption name="password server"/> (if you have one). The password
- server will receive whatever username the client supplies without
- modification.</para>
+ username passed to the <smbconfoption name="password server"/>
+ (if you have one). The password server will receive whatever
+ username the client supplies without modification.
+ </para>
<para>Also note that no reverse mapping is done. The main effect
this has is with printing. Users who have been mapped may have
after the user has been successfully authenticated.
</para>
- <para>
- An example of use is:
-<screen>
+ <para>
+ An example of use is:
+<programlisting>
username map = /usr/local/samba/lib/users.map
-</screen>
- </para>
+</programlisting>
+ </para>
</description>
<value type="default"><comment>no username map</comment></value>
type="list"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a list of users that should be allowed
- to login to this service. Names starting with '@', '+' and '&'
- are interpreted using the same rules as described in the
- <parameter moreinfo="none">invalid users</parameter> parameter.</para>
+ <para>
+ This is a list of users that should be allowed to login to this service. Names starting with
+ '@', '+' and '&' are interpreted using the same rules as described in the
+ <parameter moreinfo="none">invalid users</parameter> parameter.
+ </para>
- <para>If this is empty (the default) then any user can login.
- If a username is in both this list and the <parameter moreinfo="none">invalid
- users</parameter> list then access is denied for that user.</para>
+ <para>
+ If this is empty (the default) then any user can login. If a username is in both this list
+ and the <parameter moreinfo="none">invalid users</parameter> list then access is denied
+ for that user.
+ </para>
- <para>The current servicename is substituted for <parameter moreinfo="none">%S
- </parameter>. This is useful in the [homes] section.</para>
+ <para>
+ The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
+ This is useful in the [homes] section.
+ </para>
</description>
<related>invalid users</related>
type="list"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a list of users that are given read-write
- access to a service. If the connecting user is in this list then
- they will be given write access, no matter what the <smbconfoption name="read only"/>
- option is set to. The list can include group names using the
- @group syntax.</para>
+ <para>
+ This is a list of users that are given read-write access to a service. If the
+ connecting user is in this list then they will be given write access, no matter
+ what the <smbconfoption name="read only"/> option is set to. The list can
+ include group names using the @group syntax.
+ </para>
- <para>Note that if a user is in both the read list and the
- write list then they will be given write access.</para>
+ <para>
+ Note that if a user is in both the read list and the write list then they will be
+ given write access.
+ </para>
-<para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in
- Samba 3.0. This is by design.</para>
+ <para>
+ By design, this parameter will not work with the
+ <smbconfoption name="security">share</smbconfoption> in Samba 3.0.
+ </para>
</description>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>If this parameter is <constant>yes</constant>, and the <constant>sendfile()</constant> system call is supported by the underlying operating system, then some SMB read calls (mainly ReadAndX
- and ReadRaw) will use the more efficient sendfile system call for files that
+ <para>If this parameter is <constant>yes</constant>, and the <constant>sendfile()</constant>
+ system call is supported by the underlying operating system, then some SMB read calls
+ (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
are exclusively oplocked. This may make more efficient use of the system CPU's
and cause Samba to be faster. Samba automatically turns this off for clients
that use protocol levels lower than NT LM 0.12 and when it detects a client is