Provided by: manpages-zh_1.5.1-3_all bug

NAME

       smb.conf - Samba組件的配置檔案

` SYNOPSIS
       smb.conf是Samba組件的配置檔案,包含Samba程式運行時的配置信
       息.smb.conf被設p成可由swat             (8)程式來配置和管理.本檔案包含了
       關於smb.conf的檔案格式和可能出現的選項的完整描z以供參考.

 FILE FORMAT
       本檔案由一系列段和選項構成.一茯q由一對方括號中的段名開始,直到下一-
       茯q名結束.包含在段中的選項按以下格式定義:

       W = 琯

       本檔案是基於文本行的.這就是說,每一茈H換行符結束的行描z了一-
       荈等(注釋,段名,或選項).

       段名和選項名是不區分大小寫的.

       只有選項設置中的第一茧斥馱~有意義.第一-
       茧斥鼠e後的空格會被忽略.段名和選項名的前後以及中間包含的空格是無關的.選項-
       e後的空格會被忽略.選項丰]含的空格會儤邧O留.

       所有以';'和'#'符開頭的行都會被忽略,就像只有空格的行那樣.

       按照UNIX上的慣例,以''符號結尾的行續下一行.(也就是說:''是續行符,如果一行寫不下,可以在行尾以''結束,在下一行繼續寫--譯注)

       等號後掘簹漪O字符串(無需引號)或者邏輯(可以是yes/no,1/0,或者true/false
       來表示).邏輯O不區分大小寫的.字符串h儤邧O留了輸入的大小寫.某些選項
       (例如create modes)的O數洩.

qyz SECTION DESCRIPTIONS
       配置檔案的每一段([global]段除外)描-
       z一項共享資源.段名就是共享名,段內的選項設置確定了該共享資源的屬性.

       三荅S殊段([global],[homes],[printers])將在後'special
       sections'單獨說明,以下的內容是普通段的說明.

       一茼@享資源由一蚗仵蚰媬和使用者對此目錄的操作權-
       的說明構成.另外,還列入了一些用於內部管理的選項.

       每一段定義了一項檔案服務(客戶端可以把它看作其本機檔案系統的延伸)或列印服務(客戶端可以通過它來使用伺服器提供的列印服務).

       段可以定義成guest服務類型,在這種情況下,客戶無需口令就可以訪問該資源.一-
       荅S定的UNIX系統下的guest account通常用來指定這種情況下的客戶訪問權.

       除了guest服務類型以外,其他類型的段定義的共享資源都需-
       n口令才能訪問.使用者名是由客戶端提供的.由於某些老的客戶端只提供口令,沒有使用者名,你需-
       n在共享定義中使用"user="選項來指定一茖洏峈怞C表,以便根據這-
       茖洏峈怞C表進行口令驗証.對於像Windos95/98和WindowsNT這樣的現代客戶端程式,這-
       蚇龠筋O不需n的.

       注意,對於資源的操作權還取決於主機系統賦予指定使用者或來訪者賬戶的權-
       .samba提供的服務權不能超出主機系統指定的權S圍.

       下悸漸傰d段定義了一項檔案服務,使用者擁有對/home/bar目錄進行寫操作的權-
       .這茼@享資源是通過共享名"foo"來訪問的.

       [foo]
            path = /home/bar
            read only = no

       下-
       悼傰d段定義了一項列印服務,此共享資源是只讀的,但是可以進行列印操作.也就是說,唯一允釭獐g操作只能是打開、寫入並關閉一-
       茼C印假脫機檔案.其中的guest
       ok選項定義意味著允野H預設的guest使用者(在別處定義的)權進行訪問.

       [aprinter]
            path = /usr/spool/public
            read only = yes
            printable = yes
            guest ok = yes

Sq SPECIAL SECTIONS
   [global]q
       這一段中定義的選項是伺服器的全局性設置,如果在其他段中沒有再對這些選項進行-
       奐s設置的話還可以作為它-
       怐犒w設選項.更多的說明請參'PARAMETERS'部分的內容.

   [homes]Hq
       如果配置檔案中包含名為'homes'的段,就可以建立客戶到自己在伺服器上的-
       茪H目錄的連接.

       當伺服器收到連接請求時,-
       漸在已定義的段中搜索,如果段名與被請求的共享資源名一-
       P,則該段的內容就被採用.如果沒有找到匹配的段,則被請求的資源就被當作是一-
       茖洏峈怞W,同時伺服器查看本地的口令檔案.如果該使用者名在口令檔案中存在且使用者給出了正確的口令,伺服器就會複製[homes]段的內容來生成一-
       茼@享資源(供該使用者訪問).

       對新建共享會做以下蚹鵅G

       共享名從'homes'改為查到的使用者名.

       如果沒有指定訪問路徑,則設置為該使用者的茪H目錄.

       如果n在[homes]段中定義訪問路徑path=,宏%S也章鴽A很有用.舉例如下:

       path = /data/pchome/%S

       如果你的PC 有與UNIX伺服器上茪H目錄不同的目錄,像上掖o樣的設置會很有用的.

       這是為大量使用者提供對他枅人目錄的訪問的一種快速簡潔的辦法.

       如果被請求訪問的共享資源名就是'homes',那麼,除了共享名不被改變為發出請求的使用者名外,其他處理過程和前-
       探ㄗ鴘犒L程是類似的.這種方式適合於不同使用者共享一台終端的情況.

       在[homes]段中可以定義所有普通段中可以使用的選項,可是有些選項更有意義.下-
       惇O一蚢磪峈滿B典型的[homes]段的例子:

       [homes]
            read only = no

       注意,很-
       n的一點是:如果在[homes]段中定義了允野Hguest賬戶訪問的話,任何人都可LfO而訪問所有賬戶的宿主目錄.也釵b某些特殊情況下,這正是想-
       n的結果,在這種情況下,你最好同時把[homes]段設置u.

       注意,自動的宿主目錄共享資源is標誌是從[global]段繼承來的,而不是[homes]段.這樣,當在[homes]段中設置browseable=no時,使用者就看不到單獨的'homes'共享,但可以看到自動的宿主目錄.

   [printers]C@]mq
       這一段很像[homes]段,不過是用於設置共享列表機的.

       如果在本配置檔案中存在[printers]段,使用者就可以連接到在主機上的printcap檔案
       中指定的任一列表機.

       當伺服器收到連接請求時,-
       漸在已定義的段中搜索,如果有段名與被請求的共享資源名一-
       P,則該段的內容就被採用.如果沒有找到匹配的段,且在配置檔案中存在[homes]段,則按照前-
       惟珨〞漱閬○B理.否則,被請求的資源就被當作是一-
       茼C表機名,伺服器在適當的printcap檔案中查找,檢驗被請求的共享資源名是否是有效的列表機共享名.如果共享名匹配,伺服器就會複製[printers]段的內容來生成一-
       茼@享列印服務.

       對新建共享的蚹鵅G

       共享名被設置為查找到的列表機名.

       如果未給出列表機名,則把列表機名設為前惇d找到的列表機名.

       如果該共享資源不允野Hguest-
       份進行訪問,且沒有給出使用者名,那麼使用者名就被設為前惇d找到的列表機名.

       注意,[printers]段必須設置為可列印,如果你不這樣設置,伺服器會拒絕裝載配置檔案.

       指定的典型路徑應該設為一-
       茪膝峈漸i寫假脫機目錄(spooling)並且設置sticky標誌.一-
       茖憳洩暨printers]段如下所示:

       [printers]
            path = /usr/spool/public
            guest ok = yes
            printable = yes

       上台列表機在printcap檔案中列出的所有別名都是伺服器相關的有效列表機名.如果你系統的列印子系統的工作方式不是這樣,你就必須設置一-
       荌郡rintcap檔案,其中包含一行或多行如下格式的設置:

       別名1|別名2|別名3|別名4...

       每荍O名必須是你的列印子系統可以接受的列表機名.在[global]段中指定這-
       虓s檔案作為你的printcap檔案.這荌郡rintcap檔案可以包含任何你-
       n的別名,而伺服器只識別在此檔案中列出的名字.這荍瑋N可以很方便的用於-
       制對本地列表機子集的訪問.

       順便提一下,printcap檔案中的別名用每-
       荌O錄第一項的任何部分來定義.記錄由換行進行分隔.如果一條記錄中有多-
       茬﹞,中間用"|"符號分隔.

              Note

              注意,在SYSV系統中,用lpstat可以確定系統中安裝了什麼樣的列表機.你可以設置"printcap
              name = lpstat"來自動獲得列表機列表.詳情參見"printcap  name"選項.

 PARAMETERS
       選項定義了每茯q的屬性.

       有些選項是在[global]段中設定的(比如有w特性的設置),有些可以用在任何段中的(比式
       ),剩下的就只能用在普通的段中了.在以下的描-
       z中,[homes]和[printers]段被看作是普通段.標記(G)表示此選項只能在[global]段中使用,標記(S)表示此選項可以在服務定義段中使用.注意,有(S)標記的選項也可以用在[global]段中,在這種情況下,這-
       蚇龠絨]置被當作所有其他段的預設設置.

       選項的詳細說明是按照字母順序排列的,這樣也酗ㄛO最好的分類方式,但至少保証你可以找得到他-
       .如果有多茼P義詞,那麼我怚u對瑪麊漕-
       荍@詳細說明,其他的同義詞都只指明參儘碩瑪麊瑪龠策W.

q VARIABLE SUBSTITUTIONS
       在配置檔案中可以用很多字符串進行替換.例如,當使用者以john的名稱建立連接後,選項"path
       = /tmp/%u"就被解釋成"path = /tmp/john".

       這些置換會在後悸煽yz中說明,這裏說明一些可以用在任何地方的通用置換.它-
       怓O:

       %U     對話使用者名(客戶端想n的使用者名不一定與取得的一P.)

       %G     %U的使用者組名

       %h     運行Samba的主機的internet主機名

       %m     客戶機的NetBIOS名(非常有用)

       %L     伺服器的NetBIOS名.這使得你可以根據調用的客戶端來改變你的配置,這樣你的伺服器就可以擁有"雙-
              帥性".

              Note  that this parameter is not available when Samba listens on
              port 445, as clients no longer send this information

       %M     客戶端的internet主機名

       %R     協議協商後選擇的協議,它可以是CORE,COREPLUS,LANMAN1,LANMAN2或NT1中的一種.

       %d     當前samba伺服器的進程號.

       %a     遠程主機的結構.現在只能認出來某些類型,並且不是100%可靠.目前支持的有Samba、WfWg、WinNT和Win95.任何其他的都被認作"UNKNOWN".如果出現錯誤就給samba-bugs@samba.org發一-
              3級的日誌以便袨_這羒ug.

       %I     客戶機的IP地址.

       %T     當前的日期和時間.

       %D     Name of the domain or workgroup of the current user.

       %$(envvar)
              The value of the environment variable envar.

       The following substitutes apply only to some configuration options(only
       those that are used when a connection has been established):

       %S     當前服務名

       %P     當前服務的根目錄

       %u     當前服務的使用者名

       %g     %u的使用者組名

       %H     %u所表示的使用者的宿主目錄

       %N     tNIS伺服器的名字.它從auto.map獲得.如果沒有用--with-auto-mount選項編譯samba,那麼它的-
              M%L相同.

       %p     使用者宿主目錄的路徑.它由NIS的auot.map得到.NIS的auot.map入口項被分為"%N:%p".

       靈活運用這些置換和其他的smb.conf選項可以做出非常有創造性的事情來.

NAME

       Samba支持"名稱蚰",這樣dos和windows客戶端就可以使用與8.3格式不一-
       P的檔案.也可以用來調整8.3格式檔名的大小寫.

       有一些選項可以控制名稱蚰羲滌鶡,下-
       捷陘丹C出來.對於預設情況請看testparm程式的輸出結果.

       所有這些選項都可以針對每茠A務項單獨設置(當然也可以設為全局變量).

       這些選項是:

       mangle case = yes/no
              作用是控制是否對不符合預設寫法的名稱進行-
              蚰.例如,如果設為yes,像"Mail"這樣的檔名就會被蚰.預設設置是no.

       case sensitive = yes/no
              控制檔名是否區分大小寫.如果不區分的話,Samba就必須在傳遞名稱時查找並匹配檔名.預設設置是no.

       default case = upper/lower
              控制新檔名大小寫預設.預設設置pg.

       preserve case = yes/no
              控制建新檔案時是否用客戶所提供的大小寫形式,或強制用預設形式.預設為yes.

       short preserve case = yes/no
              控制新建8.3格式的檔名時是全部用大寫及合適長度,還是強制用預設情況.它可以和上-
              悸"preserve                        case                       =
              yes"聯用以允釭衋犰W保持大小寫不變,而短檔名為小寫.本項的預設設置是yes.

       預設情況下,Samba3.0與Windows NT相同,就是不區分大小寫但保持大小寫形式.

W/NOTE ABOUT USERNAME/PASSWORD VALIDATION
       使用者有多種連接到服務項的方式.伺服器按照下-
       悸漕B驟來確定是否允釩廜麉定服務的連接.如果下-
       惆B驟全部失敗,則拒絕使用者的連接請求.如果某一步通過,餘下的檢驗就不再進行.

       如果被請求的服務項設置為guest                  only                   =
       yes,並且,服務運行在共享級安全模式(security          =          share)
       ,則跳過1--5步檢查.

       第一步:
          如果客戶端提供一對使用者名和口令,且這對使用者名和口令經unix系統口令程式檢驗為有效,那麼就以該使用者名建立連接.注意,這包括用\\server\service%username方式傳遞使用者名.

       第二步:
          如果客戶端事先在系統上注冊了一-
          茖洏峈怞W,並且提供了正確的口令,就允釩堨蒆s接.

       第三步:
          根據提供的口令檢查客戶端的netbios名及以前用過的使用者名,如匹配,就允野H該使用者名建立連接.

       第四步:
          如果客戶端以前有合法的使用者名和口令,並獲得了有效的令牌,就允野H該使用者名建立連接.

       第尹B:
          如果在smb.conf裏設置了"user        =         "字段,且客戶端提供了一-
          茪f令,口令經UNIX系統檢驗,並與"user="字段裏某一-
          茖洏峈怳t,那麼就允野H"user="裏匹配到的使用者名建立連接.如果"user="字段是以@開始,那麼該名字會展開為同名組裏的使用者名列表
          .

       第六步:
          如果這是一荋ㄗ捄鉚uest用的服務項,那麼連接以"guest            account
          ="裏給出的使用者名建立,而不考慮提供的口令.

C COMPLETE LIST OF GLOBAL PARAMETERS
       以下列出了所有的全局選項,各選項的詳細說明請參看後-
       悸漪衈閉q落.注意,有些選項的意義是相同的.

       o  abort shutdown script

       o  add group script

       o  add machine script

       o  addprinter command

       o  add share command

       o  add user script

       o  add user to group script

       o  afs username map

       o  algorithmic rid base

       o  allow trusted domains

       o  announce as

       o  announce version

       o  auth methods

       o  auto services

       o  bind interfaces only

       o  browse list

       o  change notify timeout

       o  change share command

       o  client lanman auth

       o  client ntlmv2 auth

       o  client plaintext auth

       o  client schannel

       o  client signing

       o  client use spnego

       o  config file

       o  deadtime

       o  debug hires timestamp

       o  debuglevel

       o  debug pid

       o  debug timestamp

       o  debug uid

       o  default

       o  default service

       o  delete group script

       o  deleteprinter command

       o  delete share command

       o  delete user from group script

       o  delete user script

       o  dfree command

       o  disable netbios

       o  disable spoolss

       o  display charset

       o  dns proxy

       o  domain logons

       o  domain master

       o  dos charset

       o  enable rid algorithm

       o  encrypt passwords

       o  enhanced browsing

       o  enumports command

       o  get quota command

       o  getwd cache

       o  guest account

       o  hide local users

       o  homedir map

       o  host msdfs

       o  hostname lookups

       o  hosts equiv

       o  idmap backend

       o  idmap gid

       o  idmap uid

       o  include

       o  interfaces

       o  keepalive

       o  kernel change notify

       o  kernel oplocks

       o  lanman auth

       o  large readwrite

       o  ldap admin dn

       o  ldap delete dn

       o  ldap filter

       o  ldap group suffix

       o  ldap idmap suffix

       o  ldap machine suffix

       o  ldap passwd sync

       o  ldap port

       o  ldap server

       o  ldap ssl

       o  ldap suffix

       o  ldap user suffix

       o  lm announce

       o  lm interval

       o  load printers

       o  local master

       o  lock dir

       o  lock directory

       o  lock spin count

       o  lock spin time

       o  log file

       o  log level

       o  logon drive

       o  logon home

       o  logon path

       o  logon script

       o  lpq cache time

       o  machine password timeout

       o  mangled stack

       o  mangle prefix

       o  mangling method

       o  map to guest

       o  max disk size

       o  max log size

       o  max mux

       o  max open files

       o  max protocol

       o  max smbd processes

       o  max ttl

       o  max wins ttl

       o  max xmit

       o  message command

       o  min passwd length

       o  min password length

       o  min protocol

       o  min wins ttl

       o  name cache timeout

       o  name resolve order

       o  netbios aliases

       o  netbios name

       o  netbios scope

       o  nis homedir

       o  ntlm auth

       o  nt pipe support

       o  nt status support

       o  null passwords

       o  obey pam restrictions

       o  oplock break wait time

       o  os2 driver map

       o  os level

       o  pam password change

       o  panic action

       o  paranoid server security

       o  passdb backend

       o  passwd chat

       o  passwd chat debug

       o  passwd program

       o  password level

       o  password server

       o  pid directory

       o  prefered master

       o  preferred master

       o  preload

       o  preload modules

       o  printcap

       o  private dir

       o  protocol

       o  read bmpx

       o  read raw

       o  read size

       o  realm

       o  remote announce

       o  remote browse sync

       o  restrict anonymous

       o  root

       o  root dir

       o  root directory

       o  security

       o  server schannel

       o  server signing

       o  server string

       o  set primary group script

       o  set quota command

       o  show add printer wizard

       o  shutdown script

       o  smb passwd file

       o  smb ports

       o  socket address

       o  socket options

       o  source environment

       o  stat cache

       o  syslog

       o  syslog only

       o  template homedir

       o  template primary group

       o  template shell

       o  time offset

       o  time server

       o  timestamp logs

       o  unicode

       o  unix charset

       o  unix extensions

       o  unix password sync

       o  update encrypted

       o  use mmap

       o  username level

       o  username map

       o  use spnego

       o  utmp

       o  utmp directory

       o  winbind cache time

       o  winbind enable local accounts

       o  winbind enum groups

       o  winbind enum users

       o  winbind gid

       o  winbind separator

       o  winbind trusted domains only

       o  winbind uid

       o  winbind use default domain

       o  wins hook

       o  wins partners

       o  wins proxy

       o  wins server

       o  wins support

       o  workgroup

       o  write raw

       o  wtmp directory

AC COMPLETE LIST OF SERVICE PARAMETERS
       以下列出了所有關於服務項的選項,各選項的詳細說明請參見後-
       悸漪衈閉q落.注意,有些選項的意義是相同的.

       o  acl compatibility

       o  admin users

       o  afs share

       o  allow hosts

       o  available

       o  blocking locks

       o  block size

       o  browsable

       o  browseable

       o  case sensitive

       o  casesignames

       o  comment

       o  copy

       o  create mask

       o  create mode

       o  csc policy

       o  default case

       o  default devmode

       o  delete readonly

       o  delete veto files

       o  deny hosts

       o  directory

       o  directory mask

       o  directory mode

       o  directory security mask

       o  dont descend

       o  dos filemode

       o  dos filetime resolution

       o  dos filetimes

       o  exec

       o  fake directory create times

       o  fake oplocks

       o  follow symlinks

       o  force create mode

       o  force directory mode

       o  force directory security mode

       o  force group

       o  force security mode

       o  force user

       o  fstype

       o  group

       o  guest account

       o  guest ok

       o  guest only

       o  hide dot files

       o  hide files

       o  hide special files

       o  hide unreadable

       o  hide unwriteable files

       o  hosts allow

       o  hosts deny

       o  inherit acls

       o  inherit permissions

       o  invalid users

       o  level2 oplocks

       o  locking

       o  lppause command

       o  lpq command

       o  lpresume command

       o  lprm command

       o  magic output

       o  magic script

       o  mangle case

       o  mangled map

       o  mangled names

       o  mangling char

       o  map acl inherit

       o  map archive

       o  map hidden

       o  map system

       o  max connections

       o  max print jobs

       o  max reported print jobs

       o  min print space

       o  msdfs proxy

       o  msdfs root

       o  nt acl support

       o  only guest

       o  only user

       o  oplock contention limit

       o  oplocks

       o  path

       o  posix locking

       o  postexec

       o  preexec

       o  preexec close

       o  preserve case

       o  printable

       o  printcap name

       o  print command

       o  printer

       o  printer admin

       o  printer name

       o  printing

       o  print ok

       o  profile acls

       o  public

       o  queuepause command

       o  queueresume command

       o  read list

       o  read only

       o  root postexec

       o  root preexec

       o  root preexec close

       o  security mask

       o  set directory

       o  share modes

       o  short preserve case

       o  strict allocate

       o  strict locking

       o  strict sync

       o  sync always

       o  use client driver

       o  user

       o  username

       o  users

       o  use sendfile

       o  -valid

       o  valid users

       o  veto files

       o  veto oplock files

       o  vfs object

       o  vfs objects

       o  volume

       o  wide links

       o  writable

       o  writeable

       o  write cache size

       o  write list

       o  write ok

C@  EXPLANATION OF EACH PARAMETER
       abort shutdown script (G)
              This parameter only exists in the HEAD cvs branch  This  a  full
              path  name  to  a  script  called  by smbd(8) that should stop a
              shutdown procedure issued by the shutdown script.

              This command will be run as user.

              預設設置: None.

              示例: abort shutdown script = /sbin/shutdown -c

       acl compatibility (S)
              This  parameter  specifies  what  OS  ACL  semantics  should  be
              compatible  with.  Possible  values  are winnt for Windows NT 4,
              win2k for Windows 2000 and above and auto. If you specify  auto,
              the  value  for this parameter will be based upon the version of
              the client. There should be no reason to change  this  parameter
              from the default.

              預設設置: acl compatibility = Auto

              示例: acl compatibility = win2k

       add group script (G)
              This  is  the full pathname to a script that will be run AS ROOT
              by smbd(8) when a new group is requested. It will expand any  %g
              to  the  group  name  passed.  This  script  is  only useful for
              installations using the Windows NT domain administration  tools.
              The  script  is free to create a group with an arbitrary name to
              circumvent unix group name restrictions. In that case the script
              must print the numeric gid of the created group on stdout.

       add machine script (G)
              This  is  the  full  pathname  to  a  script that will be run by
              smbd(8) when a  machine  is  added  to  it's  domain  using  the
              administrator username and password method.

              This  option  is  only required when using sam back-ends tied to
              the Unix uid method of RID calculation such as  smbpasswd.  This
              option is only available in Samba 3.0.

              預設設置: add machine script = <>

              示例:  add  machine script = /usr/sbin/adduser -n -g machines -c
              Machine -d /dev/null -s /bin/false %u

       addprinter command (G)
              With the introduction  of  MS-RPC  based  printing  support  for
              Windows  NT/2000 clients in Samba 2.2, The MS Add Printer Wizard
              (APW) icon is now also available  in  the  "Printers..."  folder
              displayed a share listing. The APW allows for printers to be add
              remotely to a Samba or Windows NT/2000 print server.

              For a Samba host this means that the printer must be  physically
              added to the underlying printing system. The add printer command
              defines a script to be run  which  will  perform  the  necessary
              operations for adding the printer to the print system and to add
              the appropriate service definition to the smb.conf file in order
              that it can be shared by smbd(8).

              The   addprinter  command  is  automatically  invoked  with  the
              following parameter (in order):

              printer name

              share name

              port name

              driver name

              location

              Windows 9x driver location

              All parameters are filled in from the  PRINTER_INFO_2  structure
              sent  by  the  Windows  NT/2000  client  with one exception. The
              "Windows 9x driver location" parameter is included for backwards
              compatibility  only.  The  remaining fields in the structure are
              generated from answers to the APW questions.

              Once the addprinter command has been executed, smbd will reparse
              the   smb.conf  to  determine  if  the  share defined by the APW
              exists. If the sharename  is  still  invalid,  then  smbd   will
              return an ACCESS_DENIED error to the client.

              The  "add  printer  command" program can output a single line of
              text, which Samba will set  as  the  port  the  new  printer  is
              connected  to. If this line isn't output, Samba won't reload its
              printer shares.

              參見  deleteprinter command, printing, show add printer wizard

              預設設置: none

              示例: addprinter command = /usr/bin/addprinter

       add share command (G)
              Samba 2.2.0 introduced the ability to dynamically add and delete
              shares  via  the  Windows  NT  4.0 Server Manager. The add share
              command is used to define an external program  or  script  which
              will  add  a  new  service  definition  to smb.conf. In order to
              successfully execute the add share command, smbd  requires  that
              the administrator be connected using a root account (i.e. uid ==
              0).

              When executed, smbd will  automatically  invoke  the  add  share
              command with four parameters.

              configFile - the location of the global smb.conf file.

              shareName - the name of the new share.

              pathName - path to an **existing** directory on disk.

              comment - comment string to associate with the new share.

              This  parameter is only used for add file shares. To add printer
              shares, see the addprinter command.

              參見 change share command, delete share command.

              預設設置: none

              示例: add share command = /usr/local/bin/addshare

       add user script (G)
              這蚇龠筍出一蚑Z本的完整檔案路徑,這蚑Z本將在特定環境下(下-
              惘雩埴虒挭)由smbd (8Hrootsmbdsecurity=server或者security=domain,並且add
              user
              script必須設為用%u參數來建立unix帳號的稿本檔案的全路徑,%u擴展成建立的unix帳號名.

              當windows使用者嘗試訪問samba伺服器時,在登陸時(建立SMB協議會話),smbdfOA嘗p系,並嘗試驗証使用者名和口令.如果成smbd就會根據unix的口令檔案試著將這-
              荑indows使用者映射成一荄nix使用者.如果查找失敗,但設置了add  user
              script             ,smbd就會以root的言鷜掍帠o蚑Z本,將%u擴展成該-
              n建立的使用者賬號.

              如果這蚑Z本執行成smbd就認為這-
              茖洏峈怳w經存在.用這種方式,可以動態建立UNIX使用者賬號並匹配已有的NT賬號.

              參見  security, password server, delete user script.

              預設設置: add user script = <>

              示例: add user script = /usr/local/samba/bin/add_user %u

       add user to group script (G)
              Full path to the script that will be called when a user is added
              to a group using the Windows NT domain administration tools.  It
              will be run by smbd(8) AS ROOT. Any %g will be replaced with the
              group name and any %u will be replaced with the user name.

              預設設置: add user to group script =

              示例: add user to group script = /usr/sbin/adduser %u %g

       admin users (S)
              admin
              users定義一組對共享有管理特權的使用者.就相當於這些使用者可以像超級使用者那樣操作所有的檔案.

              小心使用該選項,因為在這茼W單裏的使用者可以對共享資源作任何他-
              抪Q做的事.

              預設設置:S admin users

              示例: admin users = jason

       afs share (S)
              This parameter controls whether special AFS features are enabled
              for this share.  If  enabled,  it  assumes  that  the  directory
              exported  via  the  path  parameter  is  a local AFS import. The
              special AFS features include the attempt to  hand-craft  an  AFS
              token if you enabled --with-fake-kaserver in configure.

              預設設置: afs share = no

              示例: afs share = yes

       afs username map (G)
              If  you  are using the fake kaserver AFS feature, you might want
              to hand-craft the usernames you are  creating  tokens  for.  For
              example  this is necessary if you have users from several domain
              in your AFS Protection Database. One  possible  scheme  to  code
              users  as  DOMAIN+User  as it is done by winbind with the + as a
              separator.

              The mapped user name must contain the cell name to log into,  so
              without setting this parameter there will be no token.

              預設設置: none

              示例: afs username map = %u@afs.samba.org

       algorithmic rid base (G)
              This  determines how Samba will use its algorithmic mapping from
              uids/gid  to  the  RIDs  needed   to   construct   NT   Security
              Identifiers.

              Setting  this  option to a larger value could be useful to sites
              transitioning from WinNT and Win2k, as existing user  and  group
              rids would otherwise clash with sytem users etc.

              All  UIDs and GIDs must be able to be resolved into SIDs for the
              correct operation of ACLs on the server. As such the algorithmic
              mapping  can't  be 'turned off', but pushing it 'out of the way'
              should resolve the issues. Users and groups can then be assigned
              'low' RIDs in arbitary-rid supporting backends.

              預設設置: algorithmic rid base = 1000

              示例: algorithmic rid base = 100000

       allow hosts (S)
              和hosts allow同義.

       allow trusted domains (G)
              這-
              蚇龠等u在security選項被設成serverdomain模式時才有效果.如果設為no的話,嘗試聯接到smbd運行的域或工作組以外的資源時會失敗,即使那-
              荌鴐O由遠程伺服器驗証為可信的也不行.

              如果你只需n在域中對成提供服務資源的話這-
              蚇龠筋O非常有用的.舉例來說,假設有兩-
              荌鋻OMA和DOMB,DOMA已經向DOMB進行了委托,而samba伺服器位於DOMA中.在通常情況下,在DOMB中有賬號的使用者可以用同樣的samba伺服器賬號名訪問UNIX上的資源.而無須他在DOMA上有賬號.不過這樣就使安全界線更難分清了.

              預設設置: allow trusted domains = yes

       announce as (G)
              這蚇龠筒w義nmbd(8)      對網路鄰居聲稱的伺服器類型.預設為windows
              NT.可選項有"NT",它與"NT        Server"同義,"NT       Server","NT
              Workstation","Win95"或"WfW",它怳嬪O代表Windows NT Server,Windows
              NT          Workstation,Windows          95和Windows         for
              Workgroups.除非有特殊的需n不想讓samba以windows            NT的-
              份出現,一般不n改動這-
              蚇龠,因為這可能會影響samba作為瀏覽伺服器的正確性.

              預設設置: announce as = NT Server

              示例: announce as = Win95

       announce version (G)
              此選項定義nmbd用於聲明伺服器版本號的主版本號和次版本號.預設版本號的是4.9。除非有特殊的必-
              n想將samba設為低版本,一般不n改動這蚇龠.

              預設設置: announce version = 4.9

              示例: announce version = 2.0

       auth methods (G)
              This   option   allows   the   administrator   to   chose   what
              authentication methods smbd will use when authenticating a user.
              This  option defaults to sensible values based on security. This
              should be considered a developer option and used  only  in  rare
              circumstances.  In  the  majority  (if  not  all)  of production
              servers, the default setting should be adequate.

              Each entry in the list attempts  to  authenticate  the  user  in
              turn,  until the user authenticates. In practice only one method
              will ever actually be able to complete the authentication.

              Possible options include guest (anonymous access), sam  (lookups
              in local list of accounts based on netbios name or domain name),
              winbind (relay authentication requests for remote users  through
              winbindd),  ntdomain  (pre-winbindd method of authentication for
              remote domain users; deprecated in favour  of  winbind  method),
              trustdomain (authenticate trusted users by contacting the remote
              DC directly from smbd; deprecated in favour of winbind  method).

              預設設置: auth methods = <>

              示例: auth methods = guest sam winbind

       auto services (G)
              與 preload 同義.

       available (S)
              這蚇龠等i以用來關掉一茠A務項.如果available                     =
              no,那章儭茠A務的連接都會失敗.而這些失敗會被記錄下來.

              預設設置: available = yes

       bind interfaces only (G)
              這茈局選項允豚a管理制一台主機的某一-
              蚨蘢翿竣f用於響應請求.這會對於smbd(8)檔案服務和nmbd(8)名字服務造成些頃v響.

              對於名字服務,它將使nmbd
              綁定到'interfaces'選項裏列出的網路接口的137和138端口上.為了讀取廣播消息,nmbd也會綁定到"所有地址"接口(0.0.0.0)的137和138端口上.如果沒有設置這-
              蚇龠,nmbd將在所有的接口上響應名字服務請求.如果設置了"bind
              interfaces
              only",那麼nmbd將在廣播接口上檢查任何分組的源地址,丟棄任何不匹配interfaces選項所列接口之廣播地址的分組.當在其它接口上收到單播分組,此選項使nmbd拒絕對任何不是是interfaces選項所列接口來發送分組的主機的服務.IP源地址哄騙可以使這-
              蚋眾瑼瑰邠d失效,所以不n將nmbd安全弁鄍峏鬎Y肅場合.

              對於檔案服務,該選項使smbd(8)只在'interfaces'選項所列的網路接口上綁定.這就-
              制smbd
              只響應那些接口上發出的分組.注意,不應該在PPP和時斷時續的機器上或非廣播網路接口上使用這-
              蚇龠,因為它處理不了非永久連接的接口.

              如果設置了bind                                        interfaces
              only,除非網路地址127.0.0.1被加到interfaces選項的列表中,否則smbpasswd(8)和swat(8)
              可能不會像我怍珒螫瑼漕獐豸u作,鴞]如下:

              為了改變使用者SMB口令,smbpasswd預設情況下會以smb客戶端的-
              份連接本地主機地址localhost                                    -
              127.0.0.1,發出更改口令請求.如果設置了bind             interfaces
              only,smbpasswd在預設情況下將會連接失敗,除非127.0.0.1已被加入到interfaces選項.另外,可以用-r
              remote
              machine選項指定本地主機的主網路接口ip地址,這樣smbpasswd就會強制使用本地的主ip地址.

              swat的狀態雇會在127.0.0.1嘗試連接smbdnmbd,以確定它-
              怓O否正在運行.如果不加入127.0.0.1,將會使smbdnmbd
              總表示沒有運行甚至實際情況並不是這樣.這就阻止了  swat啟動/停止/-
              垮珧smbdnmbd進程.

              預設設置: bind interfaces only = no

       blocking locks (S)
              此項控制在客戶為了在打開檔案處獲得一茼r節-
              S圍的鎖定而發出請求時smbd(8)的動作,同時            該請求會有一-
              蚖P之相關的時.

              如果設置了這蚇龠,鎖定-
              S圍請求不能立即滿足的話,samba將會在內部對請求進行排隊,並且周期性地嘗試獲得鎖定,直到超時.

              如果這蚇龠絨]置為no,samba就會同以前版本那樣,在鎖定-
              S圍無法獲得時立即使鎖定請求失敗.

              預設設置: blocking locks = yes

       block size (S)
              This parameter controls the behavior of smbd(8)  when  reporting
              disk  free  sizes. By default, this reports a disk block size of
              1024 bytes.

              Changing this parameter may have some effect on  the  efficiency
              of  client writes, this is not yet confirmed. This parameter was
              added to allow advanced administrators to change it (usually  to
              a  higher  value)  and  test  the  effect it has on client write
              performance  without  re-compiling  the  code.  As  this  is  an
              experimental option it may be removed in a future release.

              Changing  this  option  does  not change the disk free reporting
              size, just the block size unit reported to the client.

       browsable (S)
              與 browseable 同義。

       browseable (S)
              這蚇龠絞惆謢@享資源在可獲得共享列表、net
              view命令及瀏覽列表裏是否可見.

              預設設置: browseable = yes

       browse list (G)
              它控制smbd(8)是否執行一NetServerEnum調用來為客戶提供一-
              蚋s覽列表.正常情況它被設為yes.這蚇龠等i能永遠不需n改動.

              預設設置: browse list = yes

       case sensitive (S)
              參見NAME MANGLING段的討論.

              預設設置: case sensitive = no

       casesignames (S)
              與 case sensitive 同義.

       change notify timeout (G)
              samba允釩廕搷i訴伺服器監視某-
              荅S定目錄的任何變化,僅當有變化發生的時-
              啈^復SMB請求.這種連續不斷的掃描在unix系統上代價很高,因此,smbd(8)只在等待change
              notify timeout時間後才對每蚑虼D的目錄執行一次掃描.

              預設設置: change notify timeout = 60

              示例: change notify timeout = 300

              這將把掃描時間改為每5分鐘一次.

       change share command (G)
              Samba 2.2.0 introduced the ability to dynamically add and delete
              shares via the Windows NT 4.0 Server Manager. The  change  share
              command  is  used  to define an external program or script which
              will modify an existing service definition in smb.conf. In order
              to  successfully execute the change share command, smbd requires
              that the administrator be connected using a root  account  (i.e.
              uid == 0).

              When  executed,  smbd will automatically invoke the change share
              command with four parameters.

              configFile - the location of the global smb.conf file.

              shareName - the name of the new share.

              pathName - path to an **existing** directory on disk.

              comment - comment string to associate with the new share.

              This  parameter  is  only  used  modify  existing  file   shares
              definitions.  To  modify  printer  shares, use the "Printers..."
              folder as seen when browsing the Samba host.

              參見 add share command, delete share command.

              預設設置: none

              示例: change share command = /usr/local/bin/addshare

       client lanman auth (G)
              This parameter determines whether or not smbclient(8) and  other
              samba  client  tools  will  attempt  to  authenticate  itself to
              servers using the weaker LANMAN password hash. If disabled, only
              server  which  support NT password hashes (e.g. Windows NT/2000,
              Samba, etc...  but  not  Windows  95/98)  will  be  able  to  be
              connected from the Samba client.

              The  LANMAN  encrypted  response  is  easily broken, due to it's
              case-insensitive nature, and the choice  of  algorithm.  Clients
              without  Windows  95/98  servers  are  advised  to  disable this
              option.

              Disabling this option will also  disable  the  client  plaintext
              auth option

              Likewise,  if  the client ntlmv2 auth parameter is enabled, then
              only NTLMv2 logins will be attempted. Not  all  servers  support
              NTLMv2, and most will require special configuration to us it.

              Default : client lanman auth = yes

       client ntlmv2 auth (G)
              This  parameter  determines  whether  or  not  smbclient(8) will
              attempt to authenticate  itself  to  servers  using  the  NTLMv2
              encrypted password response.

              If  enabled,  only  an  NTLMv2 and LMv2 response (both much more
              secure  than  earlier  versions)  will  be  sent.  Many  servers
              (including  NT4  <  SP4, Win9x and Samba 2.2) are not compatible
              with NTLMv2.

              Similarly, if enabled, NTLMv1, client  lanman  auth  and  client
              plaintext  auth  authentication  will  be  disabled.  This  also
              disables share-level authentication.

              If disabled, an NTLM response (and possibly a  LANMAN  response)
              will  be  sent  by  the client, depending on the value of client
              lanman auth.

              Note  that  some  sites  (particularly  those  following   'best
              practice' security polices) only allow NTLMv2 responses, and not
              the weaker LM or NTLM.

              Default : client ntlmv2 auth = no

       client plaintext auth (G)
              Specifies whether a client should send a plaintext  password  if
              the server does not support encrypted passwords.

              預設設置: client plaintext auth = yes

       client schannel (G)
              This  controls whether the client offers or even demands the use
              of the netlogon schannel. client schannel = no  does  not  offer
              the  schannel,  server  schannel  = auto offers the schannel but
              does not enforce it, and server schannel = yes denies access  if
              the server is not able to speak netlogon schannel.

              預設設置: client schannel = auto

              示例: client schannel = yes

       client signing (G)
              This  controls  whether the client offers or requires the server
              it talks to to  use  SMB  signing.  Possible  values  are  auto,
              mandatory and disabled.

              When set to auto, SMB signing is offered, but not enforced. When
              set to  mandatory,  SMB  signing  is  required  and  if  set  to
              disabled, SMB signing is not offered either.

              預設設置: client signing = auto

       client use spnego (G)
              This  variable  controls controls whether samba clients will try
              to  use  Simple  and  Protected  NEGOciation  (as  specified  by
              rfc2478) with WindowsXP and Windows2000 servers to agree upon an
              authentication mechanism. SPNEGO client support for SMB  Signing
              is  currently  broken, so you might want to turn this option off
              when  operating  with  Windows  2003   domain   controllers   in
              particular.

              預設設置: client use spnego = yes

       comment (S)
              這是一段當客戶WF~(net
              view)察看伺服器上共享資源時顯示的說明文字.

              如果想設置機器名後的說明文字請參考  server string 命令.

              預設設置: No comment string

              示例: comment = Fred's Files

       config file (G)
              這可以使samba使用指定的配置檔案來替代預設的配置檔案,(通常是smb.conf).如果設置了這-
              蚇龠,會出現一茈有雞還是先有蛋的問題!

              由於這适因,如果在加載這蚇龠答漁-
              埽o現配置檔名變化了,就會從新的配置檔案裏奐s加載選項.

              這蚇龠筆@為常用的替換非常有用.

              如果這-
              荌t置檔案不存在,那麼就不會被加載.(允釦A特殊地處理少數客戶的配置檔案)

              示例: config file = /usr/local/samba/lib/smb.conf.%m

       copy (S)
              這使你可以克隆服務.
              指定的服務以當前服務的名字進行簡單的複製,當前服務裏定義的選項將替代被拷服務裏任何相應的選項.

              這荅S性允釩堨艉@-
              茠A務的'模版',可以很容易的生成相似的服務.注意,被拷貝的服務在配置檔案裏必須先於拷貝的服務出現.

              預設設置: no value

              示例: copy = otherservice

       create mask (S)
              與 create mode 同義.

              當生成一蚗仵蛌漁尕,需n知道從dos模式映射到unix下的檔案權-
              .最後的結果用這荌捊i行逐位的與運算得到.這-
              蚇龠等i以理解成unix下檔案的位掩碼.在生成檔案的時-
              ,任S陶]置的位將會從創建模式中去掉.

              這蚇龠答犒w設-
              O從unix的檔案創建模式中去掉組和其他使用者的寫和執行標誌位.

              根據這茬W則,samba將會把這蚇龠等穻赤滾nix檔案創建模式和由force
              create    mode設置的選項進行逐位的或運算,force    create    mode
              的預設選項是000.

              這蚇龠竣ㄦ|影響目錄創建模式.細節參見directory mode  .

              參考force                                                 create
              mode以進一步了解在創建檔案時設置的特殊位.關於創建目錄模式參見directory
              mode選項.參見 inherit permissions parameter.

              Note that this parameter does not apply to  permissions  set  by
              Windows  NT/2000  ACL  editors.  If  the administrator wishes to
              enforce a mask on access control lists also, they  need  to  set
              the security mask.

              預設設置: create mask = 0744

              示例: create mask = 0775

       create mode (S)
              與  create mask 同義.

       csc policy (S)
              This  stands  for  client-side caching policy, and specifies how
              clients capable of offline caching will cache the files  in  the
              share.  The  valid  values  are:  manual,  documents,  programs,
              disable.

              These values correspond to those used on Windows servers.

              For example, shares containing roaming profiles can have offline
              caching disabled using csc policy = disable.

              預設設置: csc policy = manual

              示例: csc policy = programs

       deadtime (G)
              這蚧(十進制整數)定義連接發呆超時,單位是分鐘.如果一-
              茬s接發超過了這荇伅●N會被斷開.如果有檔案被打開了,這-
              荇伅●N不起作用.

              這可以保護伺服器不被過多的發呆連接耗盡資源.

              多數客戶端有連接斷開後的自動奕s弁,所以大多數情況下,這-
              蚇龠給翵洏峈抸雩茯O透明的

              對多數系統建議使用較短的發呆超時的選項.

              發呆超時選項被設為0意味著不會自動斷開連接..

              預設設置: deadtime = 0

              示例: deadtime = 15

       debug hires timestamp (G)
              有些時埶O錄信息需n比秒更高層次的時間標識,用這-
              茈牯葆q選項可以向時間標識信息頭中加入以微秒級的頻率.

              注意n使用這蚇龠,必須打開 debug timestamp選項.

              預設設置: debug hires timestamp = no

       debuglevel (G)
              與  log level 同義.

       debug pid (G)
              為很多從smbd(8)fork出來的進程使用同一-
              荌O錄檔案時,很難精確地跟蹤信息是荈i程輸出的.用這-
              茈牯葆q選項向時間標識信息頭中自動添加進程號.

              注意n使用這蚇龠,必須打開 debug timestamp 選項.

              預設設置: debug pid = no

       debug timestamp (G)
              samba預設會給調試紀錄信息加上時間標識.如果運行的是高級別debug
              level的調試,這荇伅□陏悒i以被轉移.用這蚇龠等i以將時間標識關閉.

              預設設置: debug timestamp = yes

       debug uid (G)
              samba有時以root言鷞B行,而有時以已聯接的使用者來運行.使用這-
              茈牯葆q選項可以向記錄檔案的時間標識信息頭中自動插入當前的euid,egid,uid和gid標識.

              Note that the parameter  must be on for this to have an  effect.
              注意n使用這蚇龠,必須打開 debug timestamp選項.

              預設設置: debug uid = no

       default (G)
              與  default service 同義.

       default case (S)
              參見"NAME MANGLING"段. 也注意一下short preserve case選項.

              預設設置: default case = lower

       default devmode (S)
              This  parameter  is  only applicable to printable services. When
              smbd is serving Printer Drivers  to  Windows  NT/2k/XP  clients,
              each printer on the Samba server has a Device Mode which defines
              things such as paper size and orientation and  duplex  settings.
              The  device  mode can only correctly be generated by the printer
              driver itself (which can only be executed on a Win32  platform).
              Because  smbd  is  unable to execute the driver code to generate
              the device mode, the default behavior is to set  this  field  to
              NULL.

              Most  problems  with serving printer drivers to Windows NT/2k/XP
              clients can be traced to a problem  with  the  generated  device
              mode.  Certain  drivers  will  do  things  such  as crashing the
              client's  Explorer.exe  with  a  NULL  devmode.  However,  other
              printer   drivers   can   cause  the  client's  spooler  service
              (spoolsv.exe) to die if the  devmode  was  not  created  by  the
              driver itself (i.e. smbd generates a default devmode).

              This  parameter  should  be  used  with care and tested with the
              printer driver in question. It is better  to  leave  the  device
              mode  to NULL and let the Windows client set the correct values.
              Because drivers do not do this all  the  time,  setting  default
              devmode = yes will instruct smbd to generate a default one.

              For more information on Windows NT/2k printing and Device Modes,
              see the MSDN documentation.

              預設設置: default devmode = no

       default service (G)
              這蚇龠筒w義一虓礅定服務找不到時的預設服務.注意,在選項-
              S酗雓A號(看示例!).

              這蚇龠筐S有預設.                                  如果沒給出這-
              蚇龠答爾,對不存在的服務的請求將返回錯誤.

              預設服務一般是那些允許fIguest ok, read-only的服務.

              外在的服務名可能被替換成請求的服務名,這樣就可以用像%S這樣的宏來做一-
              茬q用的服務.

              注意在預設服務選項指定的服務名裏,            字符'_'被映射為'/'.
              這樣可能會出現有趣的事情.

              示例:

              [global]
                   default service = pub
              [pub]
                   path = /%S

       delete group script (G)
              This is the full pathname to a script that will be run  AS  ROOT
              smbd(8)  when a group is requested to be deleted. It will expand
              any %g to the group name passed. This script is only useful  for
              installations  using the Windows NT domain administration tools.

       deleteprinter command (G)
              With the  introduction  of  MS-RPC  based  printer  support  for
              Windows  NT/2000  clients  in  Samba  2.2, it is now possible to
              delete printer at run time by issuing  the  DeletePrinter()  RPC
              call.

              For  a Samba host this means that the printer must be physically
              deleted from  underlying  printing  system.  The   deleteprinter
              command  defines  a  script  to  be  run  which will perform the
              necessary operations for removing the  printer  from  the  print
              system and from smb.conf.

              The  deleteprinter command is automatically called with only one
              parameter:  "printer name".

              Once the deleteprinter command  has  been  executed,  smbd  will
              reparse the  smb.conf to associated printer no longer exists. If
              the  sharename  is  still  valid,  then  smbd   will  return  an
              ACCESS_DENIED error to the client.

              參見  addprinter command, printing, show add printer wizard

              預設設置: none

              示例: deleteprinter command = /usr/bin/removeprinter

       delete readonly (S)
              這蚇龠竣像刪除只讀檔案,這茈u讀不是通常dos裏的含義,而是unix中的.

              這-
              蚇龠給鴭鏎cs這樣的應用很有用,在這種情況下,unix檔案的屬主不允釦幭凗v-
              ,dos檔案只讀.

              預設設置: delete readonly = no

       delete share command (G)
              Samba 2.2.0 introduced the ability to dynamically add and delete
              shares  via  the Windows NT 4.0 Server Manager. The delete share
              command is used to define an external program  or  script  which
              will  remove  an  existing  service definition from smb.conf. In
              order to successfully execute the  delete  share  command,  smbd
              requires  that  the  administrator  be  connected  using  a root
              account (i.e. uid == 0).

              When executed, smbd will automatically invoke the  delete  share
              command with two parameters.

              configFile - the location of the global smb.conf file.

              shareName - the name of the existing service.

              This  parameter  is  only  used to remove file shares. To delete
              printer shares, see the deleteprinter command.

              參見 add share command, change share command.

              預設設置: none

              示例: delete share command = /usr/local/bin/delshare

       delete user from group script (G)
              Full path to the script that will  be  called  when  a  user  is
              removed  from a group using the Windows NT domain administration
              tools. It will be run  by  smbd(8)  AS  ROOT.  Any  %g  will  be
              replaced  with  the  group name and any %u will be replaced with
              the user name.

              預設設置: delete user from group script =

              示例: delete user from group script = /usr/sbin/deluser %u %g

       delete user script (G)
              它定義一茼b使用RPC(NT)工具管理使用者時,fBsmbd(8)以root-
              份運行的包括路徑的一蚑Z本.

              當遠程客戶使用'User   Manager   for   Domains'   或是  rpcclient
              從伺服器上刪除一茖洏峈怌仱鶡璁嗾犑@。

              這蚑Z本刪除給定的unix使用者。

              預設設置: delete user script = <>

              示例: delete user script = /usr/local/samba/bin/del_user %u

       delete veto files (S)
              這蚇龠等峏鏀amba試圖刪除一茤峖h-
              茈]含禁止檔案的目錄的情況(參見veto      files選項).      如果這-
              蚇龠絨]置為no(預設情況),那麼如果一-
              虒T止目錄裏包含了任何非禁止的檔案或目錄,刪除就會失敗.這通常正是你所希望的.

              如果這蚇龠絨Q設為了
              yes,Samba將試圖遞歸刪除在被禁止目錄裏的任何檔案和目錄.這對於整合像NetAtalk這樣的檔案服務系統很有用,它通常會在目錄裏生成Dos/windows使用者看不見的中間檔案(e.g.
              .AppleDouble).

              設置delete      veto      files      =      yes      使那些有權-
              的使用者可以在刪除父目錄的時堀z明的刪除子目錄.

              參見 veto files 選項.

              預設設置: delete veto files = no

       deny hosts (S)
              與 hosts deny 同義.

       dfree command (G)
              dfree        command只需在磁碟空間p算有問題的系統上使用.這茠韃-
              p算的問題僅在Ultrix系統上發生過,但在其他的作業系統上也有可能發生.發生這-
              荌暋D的現象是在每茈媬列表最後發生錯誤並提示"Abort         Retry
              Ignore".

              這茬]置允野峊~部程式代替內部程式來-
              p算總共的磁碟空間和可用的磁碟空間.下悸漕狺l給出了一荅鄑髡迅o-
              茈能的稿本.

              這茈~部程式的輸入是檔案系統裏一蚖愯-
              p算的目錄,典型的包括./字符串.以ascii碼返回兩蚞蒱.第一-
              茯O總共的磁碟空間(以塊為單位),第二茯O可用塊樹.可選的第三茠藀^-
              i以以字節為單位給出塊的大小.預設的塊的大小是1024字節.

              注意:這-
              蚑Z本應該屬主為rootu逗oot可寫,並鈺a有使用者標識位和組標識位(setuid
              or setgid)!

              預設設置:w]{peqMi.

              示例: dfree command = /usr/local/samba/bin/dfree

              如下這翂free稿本必須是可執行的.

              #!/bin/sh
              df $1 | tail -1 | awk '{print $2" "$4}'

              在Sys V一類的系統上可能是:

              #!/bin/sh
              /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'

              注意在特定的系統上可能需n給出相應的帶有全路徑的命令.

       directory (S)
              與 path 同義.

       directory mask (S)
              這-
              蚇龠筋O8進制的模式。用來控制在生成UNIX目錄時,將其從dos模式轉換為unix模式。

              當生成一虒纁|的時,必須指定的目錄權-
              從dos模式映射到unix模式,然後這茧痕G和這蚇龠絮i行逐位的與運算.這-
              蚇龠等i以理解成unix模式下的位掩碼.這-
              蚇龠註堨籉S陶]置的位在生成unix下的目錄時將會被去掉

              預設情況下,這蚇龠筆漜晥M其他使用者的寫權-
              位去掉,只允野媬的屬主對目錄進行蚹.

              Samba將把這蚇龠筒Mforce directory mode的選項進行逐位的或運算,這-
              蚇龠給w設時設置為000(也就是不加額外的制).

              Note that this parameter does not apply to  permissions  set  by
              Windows  NT/2000  ACL  editors.  If  the administrator wishes to
              enforce a mask on access control lists also, they  need  to  set
              the directory security mask.

              在生成目錄時如果需n設置特殊的模式位,參見force          directory
              mode選項.

              關於生成檔案時的模式位參見create mode  選項和directory  security
              mask選項.

              Also refer to the  inherit permissions parameter.

              預設設置: directory mask = 0755

              示例: directory mask = 0775

       directory mode (S)
              與  directory mask 同義。

       directory security mask (S)
              此選項控制了NT客戶在他的本地NT安全對話框中操縱unix目錄權時可以-
              蚹獶些權位.

              這蚇龠等H掩碼來實現改變權位,所以在蚹黈-
              n防止不在掩碼中涉及的那些位.實際上,在這-
              荓遢X中的位0可以使使用者無法改變任何東東.

              如果沒有明確設定的話,這蚇龠絲|用與directory    mask選項同樣的.-
              n允釣洏峈怞b目錄中可以蚹鴭狾釭滾ser/group/world權,可以把這-
              蚇龠絨]為0777.

             `N,能訪問samba伺服器的使用者通過其它方法也可以很容易地繞過這-
              制,所以對獨立工作的系統來說這-
              蚇龠筋O最根本最有用的.很多系統管理的管理都會把它設為預設的0777.

              參見   force  directory  security  mode,  security  mask,  force
              security mode  選項。

              預設設置: directory security mask = 0777

              示例: directory security mask = 0700

       disable netbios (G)
              Enabling this parameter will disable netbios support  in  Samba.
              Netbios  is  the  only available form of browsing in all windows
              versions except for 2000 and XP.

              Note that clients that only support netbios won't be able to see
              your samba server when netbios support is disabled.

              預設設置: disable netbios = no

              示例: disable netbios = yes

       disable spoolss (G)
              Enabling  this  parameter  will  disable Samba's support for the
              SPOOLSS set of MS-RPC's and will  yield  identical  behavior  as
              Samba  2.0.x.  Windows  NT/2000  clients will downgrade to using
              Lanman style printing commands. Windows 9x/ME will be uneffected
              by  the  選項。  However,  this will also disable the ability to
              upload printer drivers to a Samba server via the Windows NT  Add
              Printer  Wizard  or  by  using  the NT printer properties dialog
              window. It will also disable the capability of  Windows  NT/2000
              clients  to  download  print  drivers  from  the Samba host upon
              demand. Be very careful about enabling thisC

              See also use client driver

              Default : disable spoolss = no

       display charset (G)
              Specifies the charset that samba will use to print  messages  to
              stdout  and  stderr  and  SWAT will use. Should generally be the
              same as the unix charset.

              預設設置: display charset = ASCII

              示例: display charset = UTF8

       dns proxy (G)
              指定nmbd(8)像WINS伺服器那樣尋找沒有登記的NetBIOS名,像對待DNS名那樣逐字的對待NetBIOS名,向DNS伺服器查詢該名稱所代表的客戶端.

              注意,NetBISO名的最大長度是15-
              茼r符,所以DNS名(或DNS別名)同樣最多只能有15茼r符.

              nmbd           在做DNS名查詢的時埜N自里s一份,因為域名查詢是一-
              茠塞的動作.

              參見  wins support 。

              預設設置: dns proxy = yes

       domain logons (G)
              如果這蚇龠筋yes,Samba伺服器將為workgroup提供Windows       95/98
              登陸域服務.Samba  2.2只能實現Windows  NT   4   域中域控制器的有-
              弁遄C有關設置這茈能的更詳細信息參見Samba      文件中的Samba-PDC-
              HOWTO。

              預設設置: domain logons = no

       domain master (G)
              這蚇龠筆i訴smbd(8)收集廣域網內的瀏覽列表.設置這蚇龠筍,nmbd用一-
              荅S定的NetBIOS名向它的u@梩陏悒戌菑v是一-
              茈D控瀏覽器.在同一u@掑ㄕP子網中的本地主控瀏覽器將把自己的瀏覽列表傳給nmbd,然後向smbd(8)
              請求整蚨蘢穭W瀏覽列表的完整拷貝.客戶端將和他-
              怐漸誚a主控瀏覽器聯系,得到整荌-
              S圍內的瀏覽列表,而不只是子網上的列表.

              注意,windows                     NT主域控制器預設情況總是佔有這-
              茼bu@掑云滲S殊的NetBIOS名,宣稱自己是u@晡漸D域瀏覽器(也就是說,沒有什麼方法可以阻止一-
              紟indows   NT主域控制器這樣做).   這樣如果設置了這蚇龠,並且nmbd
              在Windows                                NT之前向u@晛驕暀F這-
              荅S殊的名字,那麼跨子網的瀏覽行為會變得奇怪,並且可能會失敗.

              If  domain logons = yes , then the default behavior is to enable
              the domain master 選項。 If domain logons is  not  enabled  (the
              default  setting), then neither will domain master be enabled by
              default.

              預設設置: domain master = auto

       dont descend (S)
              有些系統上存在某些特殊的路徑(比如linux中的/proc),這些目錄不需-
              n(也不希望)客戶端關心,甚至可能具有無的層次深度(遞歸的).這-
              蚇龠竣像你指定一-
              茈捖r號分隔的列表,伺服器將把列表內包含的目錄始終顯示成空目錄.

              注意,Samba對'dont       descend'選項的輸入格式十分挑.例如他也-
              n求你輸入./proc而不是僅僅是/proc.實踐是最好的策略.

              預設設置: none (,)

              示例: dont descend = /proc,/dev

       dos charset (G)
              DOS SMB clients assume the server has the same charset  as  they
              do. This option specifies which charset Samba should talk to DOS
              clients.

              The default depends on which charsets you have installed.  Samba
              tries  to  use charset 850 but falls back to ASCII in case it is
              not available. Run testparm(1) to  check  the  default  on  your
              system.

       dos filemode (S)
              The  default  behavior in Samba is to provide UNIX-like behavior
              where only the owner of a file/directory is able to  change  the
              permissions  on it. However, this behavior is often confusing to
              DOS/Windows users. Enabling this parameter allows a user who has
              write  access  to  the  file  (by  whatever means) to modify the
              permissions on it. Note that  a  user  belonging  to  the  group
              owning the file will not be allowed to change permissions if the
              group  is  only  granted   read   access.   Ownership   of   the
              file/directory   is   not  changed,  only  the  permissions  are
              modified.

              預設設置: dos filemode = no

       dos filetime resolution (S)
              在DOS和Windows                             FAT檔案系統中,時間的-
              p量精度是2秒。對共享資源設置這蚇龠,可以使得在一-
              茼Vsmbd(8)的查詢需n1秒精度時,Samba把報告的時間精度-
              飢C到2秒左右。

              這蚇龠答漸Dn用於解決Visual
              C++與Samba的相容性問題.當共享檔案被鎖定時(oplocks選項被設置為允,Visual
              C++使用兩-
              茪ㄕP的讀取時間的函數調用來檢查檔案自從最後一次讀操作以來是否有改變.其中一-
              茖蝻洏1秒的時間尺度,而另一-
              茷h使用2秒的時間尺度.由於使用基於2秒的方法-
              n舍去任何的奇數秒,當檔案的時間記錄是奇數秒時,Visual
              C++的兩次函數調用結果就會不一P,Visual
              C++就會總是認為檔案被改變.設置這-
              蚇龠等i以使得兩次函數調用的結果一P,Visual
              C++會很高興的接受這一切.

              預設設置: dos filetime resolution = no

       dos filetimes (S)
              在DOS和Windows作業系統中,如果使用者對檔案進行寫操作,就會改變檔案的時間記錄.而在POSIX規則中,只有檔案的所有者和root才有改變檔案時間記錄的能力.預設的,Samba按照POSIX規則運行,如果smbd的使用者不是檔案的所有者,那麼他對檔案的操作不會改變檔案的時間記錄.如果設置這-
              蚇龠筋    yes,那麼smbd(8)就按照DOS的規則運行,並且按照DOS系統的-
              n求改變檔案的時間記錄.

              預設設置: dos filetimes = no

       enable rid algorithm (G)
              This  option is used to control whether or not smbd in Samba 3.0
              should fallback to the algorithm used by Samba 2.2  to  generate
              user  and group RIDs. The longterm development goal is to remove
              the algorithmic mappings of RIDs altogether, but this has proved
              to  be  difficult.  This  parameter  is  mainly provided so that
              developers can turn the  algorithm  on  and  off  and  see  what
              breaks.  This parameter should not be disabled by non-developers
              because certain features in Samba will fail to work without  it.

              預設設置: enable rid algorithm = <yes>

       encrypt passwords (G)
              這茈牯葦畏控制著是否與客戶端用加密口令進行交談.注意,NT4.0    SP3
              及以上還有WINDOWS
              98在預設情況下使用加密口令進行交談,除非改變了注冊表的相應健.想-
              n使用加密口令,清參鞍a  HOWTO  Collection中的   "User   Database"
              章節。

              想n使加密口令能正確的工作,
              smbd(8)必須能訪問本地的smbpasswd(5)檔案(如何正確設置和維護這-
              蚗仵,請參閱fBsmbpasswd(8)手冊),或者,設置選項security=
              [server|domain|ads],這樣設置將使得smbd依賴其它的伺服器來幫它鑒別口令.

              預設設置: encrypt passwords = yes

       enhanced browsing (G)
              This  option  enables  a  couple of enhancements to cross-subnet
              browse propagation that have been added in Samba but  which  are
              not standard in Microsoft implementations.

              The  first  enhancement  to  browse  propagation  consists  of a
              regular wildcard query to a Samba WINS  server  for  all  Domain
              Master  Browsers, followed by a browse synchronization with each
              of the returned DMBs.  The  second  enhancement  consists  of  a
              regular  randomised  browse  synchronization  with all currently
              known DMBs.

              You may wish to disable this option if you have a  problem  with
              empty  workgroups not disappearing from browse lists. Due to the
              restrictions of the  browse  protocols  these  enhancements  can
              cause  a  empty  workgroup  to  stay around forever which can be
              annoying.

              In general you should leave this  option  enabled  as  it  makes
              cross-subnet browse propagation much more reliable.

              預設設置: enhanced browsing = yes

       enumports command (G)
              The  concept  of a "port" is fairly foreign to UNIX hosts. Under
              Windows NT/2000 print servers, a port is associated with a  port
              monitor  and  generally  takes  the  form  of a local port (i.e.
              LPT1:, COM1:, FILE:) or a remote port (i.e.  LPD  Port  Monitor,
              etc...).  By  default,  Samba  has only one port defined--"Samba
              Printer Port". Under Windows NT/2000, all printers must  have  a
              valid  port  name. If you wish to have a list of ports displayed
              (smbd  does not use a port name for  anything)  other  than  the
              default  "Samba  Printer Port", you can define enumports command
              to point to a program which should generate a list of ports, one
              per  line, to standard output. This listing will then be used in
              response to the level 1 and 2 EnumPorts() RPC.

              預設設置: no enumports command

              示例: enumports command = /usr/bin/listports

       exec (S)
              與 preexec 同義。

       fake directory create times (S)
              NTFS和Windows VFAT檔案系統為每一蚗仵蚸M目錄保留一茬衎堮伅.  這-
              荇伅〝MUNIX下的狀態改變時間--ctime不同.    所以,   在預設狀態下,
              Samba將報告UNIX系統所保持的各種時間屬性中的最扛漕-
              荍@為(檔案/目錄)建立時間.          如果在一茼@享中設置了這蚇龠,
              將會使得Samba偽造一茈媬生成時間, 這荇伅●N是1980.01.01的午夜.

              這蚇龠答漸Dn用於解決Visual         C++與Samba的相容性問題.Visual
              C++生成makefiles檔案時,            包含目標檔案所依賴的目的目錄.
              包含建立目錄的規則.        同樣的,        當NMAKE比較時間屬性時,
              它檢查目錄建立時間.         目標目錄不存在的話,        會建立一-
              荂F如果存在,它的建立時間總是比它所包含的目標檔案的建立時間.

              UNIX的時間規則意味著只-
              n有檔案在共享目錄中建立或刪除,Samba將更新關於該目錄建立時間的報告.
              NMAKE將發現目錄中除了最後建立的檔案以外的所有目標檔案都過期了(與目錄的建立時間相比較),
              然後奐s編譯目標檔案.設置這蚇龠脹將保証目錄的建立時間扣韞伸-
              悸瑰仵,NMAKE就能夠正常工作.

              預設設置: fake directory create times = no

       fake oplocks (S)
              oplocks是這樣一蚇龠,   它允釩廕搹b本地緩存對伺服器的檔案操作.
              如果伺服器允okoportunistic    lock)操作,    客戶端可以簡單的認為,
              它自己是唯一的檔案訪問者,                    可以隨意的緩存檔案.
              有些oplocks類型甚至允魚w存檔案的打開和關閉操作.              這-
              蚞犑@換來性能上的巨大提升.