Provided by:
manpages-zh_1.5.2-1_all 
NAME
smb.conf - Samba
SYNOPSIS
smb.confSamba,Samba .smb.confswat (8). smb.conf.
FILE FORMAT
.,.
=
.,(,,).
.
.....
';''#',.
UNIX,''.('',,'',--)
()(yes/no,1/0,true/false )... (create modes).
SECTION DESCRIPTIONS
([global]).,.
([global],[homes],[printers])'special sections',.
.,.
()().
guest,,.UNIXguest account.
guest,..,,"user=",.Windos95/98WindowsNT,.
,.samba.
,/home/bar."foo".
[foo]
path = /home/bar
read only = no
,,.,.guest okguest().
[aprinter]
path = /usr/spool/public
read only = yes
printable = yes
guest ok = yes
SPECIAL SECTIONS
[global]
,.'PARAMETERS'.
[homes]
'homes',.
,,,.,,.,[homes]().
'homes'.
,.
[homes]path=,%S.
path = /data/pchome/%S
PC UNIX,.
.
'homes',,,..
[homes],.[homes]
[homes]
read only = no
,[homes]guest,.,,,[homes].
,[global],[homes].,[homes]browseable=no,'homes',.
[printers]
[homes],.
[printers],printcap .
,,,.,[homes],.,,printcap,.,[printers].
.
,.
guest,,.
,[printers],,.
(spooling)sticky.[printers]
[printers]
path = /usr/spool/public
guest ok = yes
printable = yes
printcap.,printcap,
1|2|3|4...
.[global]printcap.printcap,..
,printcap..,"|".
Note
,SYSV,lpstat."printcap name = lpstat"."printcap name".
PARAMETERS
.
[global](),( ),.,[homes][printers].(G)[global],(S).,(S)[global],,.
,,.,,.
VARIABLE SUBSTITUTIONS
.,john,"path = /tmp/%u""path = /tmp/john".
,.
%U (.)
%G %U
%h Sambainternet
%m NetBIOS()
%L NetBIOS.,"".
Note that this parameter is not available when Samba listens on
port 445, as clients no longer send this information
%M internet
%R ,CORE,COREPLUS,LANMAN1,LANMAN2NT1.
%d samba.
%a .,100%.SambaWfWgWinNTWin95."UNKNOWN".samba-bugs@samba.org3bug.
%I IP.
%T .
%D Name of the domain or workgroup of the current user.
%$(envvar)
The value of the environment variable envar.
The following substitutes apply only to some configuration options(only
those that are used when a connection has been established):
%S
%P
%u
%g %u
%H %u
%N tNIS.auto.map.--with-auto-mountsamba,%L.
%p .NISauot.map.NISauot.map"%N:%p".
smb.conf.
NAME
Samba"",doswindows8.3.8.3.
,.testparm.
().
:
mangle case = yes/no
.,yes,"Mail".no.
case sensitive = yes/no
.,Samba.no.
default case = upper/lower
..
preserve case = yes/no
,.yes.
short preserve case = yes/no
8.3,."preserve case = yes",.yes.
,Samba3.0Windows NT,.
/ NOTE ABOUT USERNAME/PASSWORD VALIDATION
..,.,.
guest only = yes(security = share) ,1--5.
,unix,.,\\server\service%username.
,,.
netbios,,.
,,.
smb.conf"user = ",,UNIX,"user=","user="."user="@, .
guest,"guest account =",.
COMPLETE LIST OF GLOBAL PARAMETERS
,.,.
o abort shutdown script
o add group script
o add machine script
o addprinter command
o add share command
o add user script
o add user to group script
o afs username map
o algorithmic rid base
o allow trusted domains
o announce as
o announce version
o auth methods
o auto services
o bind interfaces only
o browse list
o change notify timeout
o change share command
o client lanman auth
o client ntlmv2 auth
o client plaintext auth
o client schannel
o client signing
o client use spnego
o config file
o deadtime
o debug hires timestamp
o debuglevel
o debug pid
o debug timestamp
o debug uid
o default
o default service
o delete group script
o deleteprinter command
o delete share command
o delete user from group script
o delete user script
o dfree command
o disable netbios
o disable spoolss
o display charset
o dns proxy
o domain logons
o domain master
o dos charset
o enable rid algorithm
o encrypt passwords
o enhanced browsing
o enumports command
o get quota command
o getwd cache
o guest account
o hide local users
o homedir map
o host msdfs
o hostname lookups
o hosts equiv
o idmap backend
o idmap gid
o idmap uid
o include
o interfaces
o keepalive
o kernel change notify
o kernel oplocks
o lanman auth
o large readwrite
o ldap admin dn
o ldap delete dn
o ldap filter
o ldap group suffix
o ldap idmap suffix
o ldap machine suffix
o ldap passwd sync
o ldap port
o ldap server
o ldap ssl
o ldap suffix
o ldap user suffix
o lm announce
o lm interval
o load printers
o local master
o lock dir
o lock directory
o lock spin count
o lock spin time
o log file
o log level
o logon drive
o logon home
o logon path
o logon script
o lpq cache time
o machine password timeout
o mangled stack
o mangle prefix
o mangling method
o map to guest
o max disk size
o max log size
o max mux
o max open files
o max protocol
o max smbd processes
o max ttl
o max wins ttl
o max xmit
o message command
o min passwd length
o min password length
o min protocol
o min wins ttl
o name cache timeout
o name resolve order
o netbios aliases
o netbios name
o netbios scope
o nis homedir
o ntlm auth
o nt pipe support
o nt status support
o null passwords
o obey pam restrictions
o oplock break wait time
o os2 driver map
o os level
o pam password change
o panic action
o paranoid server security
o passdb backend
o passwd chat
o passwd chat debug
o passwd program
o password level
o password server
o pid directory
o prefered master
o preferred master
o preload
o preload modules
o printcap
o private dir
o protocol
o read bmpx
o read raw
o read size
o realm
o remote announce
o remote browse sync
o restrict anonymous
o root
o root dir
o root directory
o security
o server schannel
o server signing
o server string
o set primary group script
o set quota command
o show add printer wizard
o shutdown script
o smb passwd file
o smb ports
o socket address
o socket options
o source environment
o stat cache
o syslog
o syslog only
o template homedir
o template primary group
o template shell
o time offset
o time server
o timestamp logs
o unicode
o unix charset
o unix extensions
o unix password sync
o update encrypted
o use mmap
o username level
o username map
o use spnego
o utmp
o utmp directory
o winbind cache time
o winbind enable local accounts
o winbind enum groups
o winbind enum users
o winbind gid
o winbind separator
o winbind trusted domains only
o winbind uid
o winbind use default domain
o wins hook
o wins partners
o wins proxy
o wins server
o wins support
o workgroup
o write raw
o wtmp directory
COMPLETE LIST OF SERVICE PARAMETERS
,.,.
o acl compatibility
o admin users
o afs share
o allow hosts
o available
o blocking locks
o block size
o browsable
o browseable
o case sensitive
o casesignames
o comment
o copy
o create mask
o create mode
o csc policy
o default case
o default devmode
o delete readonly
o delete veto files
o deny hosts
o directory
o directory mask
o directory mode
o directory security mask
o dont descend
o dos filemode
o dos filetime resolution
o dos filetimes
o exec
o fake directory create times
o fake oplocks
o follow symlinks
o force create mode
o force directory mode
o force directory security mode
o force group
o force security mode
o force user
o fstype
o group
o guest account
o guest ok
o guest only
o hide dot files
o hide files
o hide special files
o hide unreadable
o hide unwriteable files
o hosts allow
o hosts deny
o inherit acls
o inherit permissions
o invalid users
o level2 oplocks
o locking
o lppause command
o lpq command
o lpresume command
o lprm command
o magic output
o magic script
o mangle case
o mangled map
o mangled names
o mangling char
o map acl inherit
o map archive
o map hidden
o map system
o max connections
o max print jobs
o max reported print jobs
o min print space
o msdfs proxy
o msdfs root
o nt acl support
o only guest
o only user
o oplock contention limit
o oplocks
o path
o posix locking
o postexec
o preexec
o preexec close
o preserve case
o printable
o printcap name
o print command
o printer
o printer admin
o printer name
o printing
o print ok
o profile acls
o public
o queuepause command
o queueresume command
o read list
o read only
o root postexec
o root preexec
o root preexec close
o security mask
o set directory
o share modes
o short preserve case
o strict allocate
o strict locking
o strict sync
o sync always
o use client driver
o user
o username
o users
o use sendfile
o -valid
o valid users
o veto files
o veto oplock files
o vfs object
o vfs objects
o volume
o wide links
o writable
o writeable
o write cache size
o write list
o write ok
EXPLANATION OF EACH PARAMETER
abort shutdown script (G)
This parameter only exists in the HEAD cvs branch This a full
path name to a script called by smbd(8) that should stop a
shutdown procedure issued by the shutdown script.
This command will be run as user.
: None.
: abort shutdown script = /sbin/shutdown -c
acl compatibility (S)
This parameter specifies what OS ACL semantics should be
compatible with. Possible values are winnt for Windows NT 4,
win2k for Windows 2000 and above and auto. If you specify auto,
the value for this parameter will be based upon the version of
the client. There should be no reason to change this parameter
from the default.
: acl compatibility = Auto
: acl compatibility = win2k
add group script (G)
This is the full pathname to a script that will be run AS ROOT
by smbd(8) when a new group is requested. It will expand any %g
to the group name passed. This script is only useful for
installations using the Windows NT domain administration tools.
The script is free to create a group with an arbitrary name to
circumvent unix group name restrictions. In that case the script
must print the numeric gid of the created group on stdout.
add machine script (G)
This is the full pathname to a script that will be run by
smbd(8) when a machine is added to it's domain using the
administrator username and password method.
This option is only required when using sam back-ends tied to
the Unix uid method of RID calculation such as smbpasswd. This
option is only available in Samba 3.0.
: add machine script = <>
: add machine script = /usr/sbin/adduser -n -g machines -c
Machine -d /dev/null -s /bin/false %u
addprinter command (G)
With the introduction of MS-RPC based printing support for
Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard
(APW) icon is now also available in the "Printers..." folder
displayed a share listing. The APW allows for printers to be add
remotely to a Samba or Windows NT/2000 print server.
For a Samba host this means that the printer must be physically
added to the underlying printing system. The add printer command
defines a script to be run which will perform the necessary
operations for adding the printer to the print system and to add
the appropriate service definition to the smb.conf file in order
that it can be shared by smbd(8).
The addprinter command is automatically invoked with the
following parameter (in order):
printer name
share name
port name
driver name
location
Windows 9x driver location
All parameters are filled in from the PRINTER_INFO_2 structure
sent by the Windows NT/2000 client with one exception. The
"Windows 9x driver location" parameter is included for backwards
compatibility only. The remaining fields in the structure are
generated from answers to the APW questions.
Once the addprinter command has been executed, smbd will reparse
the smb.conf to determine if the share defined by the APW
exists. If the sharename is still invalid, then smbd will
return an ACCESS_DENIED error to the client.
The "add printer command" program can output a single line of
text, which Samba will set as the port the new printer is
connected to. If this line isn't output, Samba won't reload its
printer shares.
deleteprinter command, printing, show add printer wizard
: none
: addprinter command = /usr/bin/addprinter
add share command (G)
Samba 2.2.0 introduced the ability to dynamically add and delete
shares via the Windows NT 4.0 Server Manager. The add share
command is used to define an external program or script which
will add a new service definition to smb.conf. In order to
successfully execute the add share command, smbd requires that
the administrator be connected using a root account (i.e. uid ==
0).
When executed, smbd will automatically invoke the add share
command with four parameters.
configFile - the location of the global smb.conf file.
shareName - the name of the new share.
pathName - path to an **existing** directory on disk.
comment - comment string to associate with the new share.
This parameter is only used for add file shares. To add printer
shares, see the addprinter command.
change share command, delete share command.
: none
: add share command = /usr/local/bin/addshare
add user script (G)
,()smbd (8)root.
,sambaUNIX.Windows NT,NT.smbdUNIX.
,smbdsecurity=serversecurity=domain,add user
script%uunix,%uunix.
windowssamba,(SMB),smbd,.,smbdunixwindowsunix.,add user script
,smbdroot,%u.
,smbd.,UNIXNT.
security, password server, delete user script.
: add user script = <>
: add user script = /usr/local/samba/bin/add_user %u
add user to group script (G)
Full path to the script that will be called when a user is added
to a group using the Windows NT domain administration tools. It
will be run by smbd(8) AS ROOT. Any %g will be replaced with the
group name and any %u will be replaced with the user name.
: add user to group script =
: add user to group script = /usr/sbin/adduser %u %g
admin users (S)
admin users..
,.
: admin users
: admin users = jason
afs share (S)
This parameter controls whether special AFS features are enabled
for this share. If enabled, it assumes that the directory
exported via the path parameter is a local AFS import. The
special AFS features include the attempt to hand-craft an AFS
token if you enabled --with-fake-kaserver in configure.
: afs share = no
: afs share = yes
afs username map (G)
If you are using the fake kaserver AFS feature, you might want
to hand-craft the usernames you are creating tokens for. For
example this is necessary if you have users from several domain
in your AFS Protection Database. One possible scheme to code
users as DOMAIN+User as it is done by winbind with the + as a
separator.
The mapped user name must contain the cell name to log into, so
without setting this parameter there will be no token.
: none
: afs username map = %u@afs.samba.org
algorithmic rid base (G)
This determines how Samba will use its algorithmic mapping from
uids/gid to the RIDs needed to construct NT Security
Identifiers.
Setting this option to a larger value could be useful to sites
transitioning from WinNT and Win2k, as existing user and group
rids would otherwise clash with sytem users etc.
All UIDs and GIDs must be able to be resolved into SIDs for the
correct operation of ACLs on the server. As such the algorithmic
mapping can't be 'turned off', but pushing it 'out of the way'
should resolve the issues. Users and groups can then be assigned
'low' RIDs in arbitary-rid supporting backends.
: algorithmic rid base = 1000
: algorithmic rid base = 100000
allow hosts (S)
hosts allow.
allow trusted domains (G)
securityserverdomain.no,smbd,.
.,DOMADOMB,DOMADOMB,sambaDOMA.,DOMBsambaUNIX.DOMA..
: allow trusted domains = yes
announce as (G)
nmbd(8) .windows NT."NT","NT Server","NT Server","NT
Workstation","Win95""WfW",Windows NT Server,Windows NT
Workstation,Windows 95Windows for Workgroups.sambawindows
NT,,samba.
: announce as = NT Server
: announce as = Win95
announce version (G)
nmbd.4.9samba,.
: announce version = 4.9
: announce version = 2.0
auth methods (G)
This option allows the administrator to chose what
authentication methods smbd will use when authenticating a user.
This option defaults to sensible values based on security. This
should be considered a developer option and used only in rare
circumstances. In the majority (if not all) of production
servers, the default setting should be adequate.
Each entry in the list attempts to authenticate the user in
turn, until the user authenticates. In practice only one method
will ever actually be able to complete the authentication.
Possible options include guest (anonymous access), sam (lookups
in local list of accounts based on netbios name or domain name),
winbind (relay authentication requests for remote users through
winbindd), ntdomain (pre-winbindd method of authentication for
remote domain users; deprecated in favour of winbind method),
trustdomain (authenticate trusted users by contacting the remote
DC directly from smbd; deprecated in favour of winbind method).
: auth methods = <>
: auth methods = guest sam winbind
auto services (G)
preload .
available (S)
.available = no,..
: available = yes
bind interfaces only (G)
samba.smbd(8)nmbd(8).
,nmbd 'interfaces'137138.,nmbd""(0.0.0.0)137138.,nmbd."bind
interfaces only",nmbd,interfaces.,nmbdinterfaces.IP,nmbd.
,smbd(8)'interfaces'.smbd .,PPP,.
bind interfaces only,127.0.0.1interfaces,smbpasswd(8)swat(8) ,:
SMB,smbpasswdsmblocalhost - 127.0.0.1,.bind interfaces
only,smbpasswd,127.0.0.1interfaces.,-r remote
machineip,smbpasswdip.
swat127.0.0.1smbd nmbd,.127.0.0.1,smbdnmbd . swat//smbd nmbd.
: bind interfaces only = no
blocking locks (S)
smbd(8), .
,,samba,,.
no,samba,.
: blocking locks = yes
block size (S)
This parameter controls the behavior of smbd(8) when reporting
disk free sizes. By default, this reports a disk block size of
1024 bytes.
Changing this parameter may have some effect on the efficiency
of client writes, this is not yet confirmed. This parameter was
added to allow advanced administrators to change it (usually to
a higher value) and test the effect it has on client write
performance without re-compiling the code. As this is an
experimental option it may be removed in a future release.
Changing this option does not change the disk free reporting
size, just the block size unit reported to the client.
browsable (S)
browseable
browseable (S)
net view.
: browseable = yes
browse list (G)
smbd(8)NetServerEnum.yes..
: browse list = yes
case sensitive (S)
NAME MANGLING.
: case sensitive = no
casesignames (S)
case sensitive .
change notify timeout (G)
samba,SMB.unix,,smbd(8)change notify timeout.
: change notify timeout = 60
: change notify timeout = 300
5.
change share command (G)
Samba 2.2.0 introduced the ability to dynamically add and delete
shares via the Windows NT 4.0 Server Manager. The change share
command is used to define an external program or script which
will modify an existing service definition in smb.conf. In order
to successfully execute the change share command, smbd requires
that the administrator be connected using a root account (i.e.
uid == 0).
When executed, smbd will automatically invoke the change share
command with four parameters.
configFile - the location of the global smb.conf file.
shareName - the name of the new share.
pathName - path to an **existing** directory on disk.
comment - comment string to associate with the new share.
This parameter is only used modify existing file shares
definitions. To modify printer shares, use the "Printers..."
folder as seen when browsing the Samba host.
add share command, delete share command.
: none
: change share command = /usr/local/bin/addshare
client lanman auth (G)
This parameter determines whether or not smbclient(8) and other
samba client tools will attempt to authenticate itself to
servers using the weaker LANMAN password hash. If disabled, only
server which support NT password hashes (e.g. Windows NT/2000,
Samba, etc... but not Windows 95/98) will be able to be
connected from the Samba client.
The LANMAN encrypted response is easily broken, due to it's
case-insensitive nature, and the choice of algorithm. Clients
without Windows 95/98 servers are advised to disable this
option.
Disabling this option will also disable the client plaintext
auth option
Likewise, if the client ntlmv2 auth parameter is enabled, then
only NTLMv2 logins will be attempted. Not all servers support
NTLMv2, and most will require special configuration to us it.
Default : client lanman auth = yes
client ntlmv2 auth (G)
This parameter determines whether or not smbclient(8) will
attempt to authenticate itself to servers using the NTLMv2
encrypted password response.
If enabled, only an NTLMv2 and LMv2 response (both much more
secure than earlier versions) will be sent. Many servers
(including NT4 < SP4, Win9x and Samba 2.2) are not compatible
with NTLMv2.
Similarly, if enabled, NTLMv1, client lanman auth and client
plaintext auth authentication will be disabled. This also
disables share-level authentication.
If disabled, an NTLM response (and possibly a LANMAN response)
will be sent by the client, depending on the value of client
lanman auth.
Note that some sites (particularly those following 'best
practice' security polices) only allow NTLMv2 responses, and not
the weaker LM or NTLM.
Default : client ntlmv2 auth = no
client plaintext auth (G)
Specifies whether a client should send a plaintext password if
the server does not support encrypted passwords.
: client plaintext auth = yes
client schannel (G)
This controls whether the client offers or even demands the use
of the netlogon schannel. client schannel = no does not offer
the schannel, server schannel = auto offers the schannel but
does not enforce it, and server schannel = yes denies access if
the server is not able to speak netlogon schannel.
: client schannel = auto
: client schannel = yes
client signing (G)
This controls whether the client offers or requires the server
it talks to to use SMB signing. Possible values are auto,
mandatory and disabled.
When set to auto, SMB signing is offered, but not enforced. When
set to mandatory, SMB signing is required and if set to
disabled, SMB signing is not offered either.
: client signing = auto
client use spnego (G)
This variable controls controls whether samba clients will try
to use Simple and Protected NEGOciation (as specified by
rfc2478) with WindowsXP and Windows2000 servers to agree upon an
authentication mechanism. SPNEGO client support for SMB Signing
is currently broken, so you might want to turn this option off
when operating with Windows 2003 domain controllers in
particular.
: client use spnego = yes
comment (S)
(net view).
server string .
: No comment string
: comment = Fred's Files
config file (G)
samba,(smb.conf).,!
,,.
.
,.()
: config file = /usr/local/samba/lib/smb.conf.%m
copy (S)
. ,.
'',.,.
: no value
: copy = otherservice
create mask (S)
create mode .
,dosunix..unix.,.
unix.
,sambaunixforce create mode,force create mode 000.
.directory mode .
force create mode.directory mode. inherit permissions parameter.
Note that this parameter does not apply to permissions set by
Windows NT/2000 ACL editors. If the administrator wishes to
enforce a mask on access control lists also, they need to set
the security mask.
: create mask = 0744
: create mask = 0775
create mode (S)
create mask .
csc policy (S)
This stands for client-side caching policy, and specifies how
clients capable of offline caching will cache the files in the
share. The valid values are: manual, documents, programs,
disable.
These values correspond to those used on Windows servers.
For example, shares containing roaming profiles can have offline
caching disabled using csc policy = disable.
: csc policy = manual
: csc policy = programs
deadtime (G)
(),..,.
.
,,
.
0..
: deadtime = 0
: deadtime = 15
debug hires timestamp (G)
,.
, debug timestamp.
: debug hires timestamp = no
debuglevel (G)
log level .
debug pid (G)
smbd(8)fork..
, debug timestamp .
: debug pid = no
debug timestamp (G)
samba.debug level,..
: debug timestamp = yes
debug uid (G)
sambaroot,.euid,egid,uidgid.
Note that the parameter must be on for this to have an effect.
, debug timestamp.
: debug uid = no
default (G)
default service .
default case (S)
"NAME MANGLING". short preserve case.
: default case = lower
default devmode (S)
This parameter is only applicable to printable services. When
smbd is serving Printer Drivers to Windows NT/2k/XP clients,
each printer on the Samba server has a Device Mode which defines
things such as paper size and orientation and duplex settings.
The device mode can only correctly be generated by the printer
driver itself (which can only be executed on a Win32 platform).
Because smbd is unable to execute the driver code to generate
the device mode, the default behavior is to set this field to
NULL.
Most problems with serving printer drivers to Windows NT/2k/XP
clients can be traced to a problem with the generated device
mode. Certain drivers will do things such as crashing the
client's Explorer.exe with a NULL devmode. However, other
printer drivers can cause the client's spooler service
(spoolsv.exe) to die if the devmode was not created by the
driver itself (i.e. smbd generates a default devmode).
This parameter should be used with care and tested with the
printer driver in question. It is better to leave the device
mode to NULL and let the Windows client set the correct values.
Because drivers do not do this all the time, setting default
devmode = yes will instruct smbd to generate a default one.
For more information on Windows NT/2k printing and Device Modes,
see the MSDN documentation.
: default devmode = no
default service (G)
.,().
. ,.
guest ok, read-only.
,%S.
, '_''/'. .
:
[global]
default service = pub
[pub]
path = /%S
delete group script (G)
This is the full pathname to a script that will be run AS ROOT
smbd(8) when a group is requested to be deleted. It will expand
any %g to the group name passed. This script is only useful for
installations using the Windows NT domain administration tools.
deleteprinter command (G)
With the introduction of MS-RPC based printer support for
Windows NT/2000 clients in Samba 2.2, it is now possible to
delete printer at run time by issuing the DeletePrinter() RPC
call.
For a Samba host this means that the printer must be physically
deleted from underlying printing system. The deleteprinter
command defines a script to be run which will perform the
necessary operations for removing the printer from the print
system and from smb.conf.
The deleteprinter command is automatically called with only one
parameter: "printer name".
Once the deleteprinter command has been executed, smbd will
reparse the smb.conf to associated printer no longer exists. If
the sharename is still valid, then smbd will return an
ACCESS_DENIED error to the client.
addprinter command, printing, show add printer wizard
: none
: deleteprinter command = /usr/bin/removeprinter
delete readonly (S)
,dos,unix.
rcs,,unix,dos.
: delete readonly = no
delete share command (G)
Samba 2.2.0 introduced the ability to dynamically add and delete
shares via the Windows NT 4.0 Server Manager. The delete share
command is used to define an external program or script which
will remove an existing service definition from smb.conf. In
order to successfully execute the delete share command, smbd
requires that the administrator be connected using a root
account (i.e. uid == 0).
When executed, smbd will automatically invoke the delete share
command with two parameters.
configFile - the location of the global smb.conf file.
shareName - the name of the existing service.
This parameter is only used to remove file shares. To delete
printer shares, see the deleteprinter command.
add share command, change share command.
: none
: delete share command = /usr/local/bin/delshare
delete user from group script (G)
Full path to the script that will be called when a user is
removed from a group using the Windows NT domain administration
tools. It will be run by smbd(8) AS ROOT. Any %g will be
replaced with the group name and any %u will be replaced with
the user name.
: delete user from group script =
: delete user from group script = /usr/sbin/deluser %u %g
delete user script (G)
RPC(NT)fBsmbd(8)root.
'User Manager for Domains' rpcclient
unix
: delete user script = <>
: delete user script = /usr/local/samba/bin/del_user %u
delete veto files (S)
samba(veto files). no(),,..
yes,Samba.NetAtalk,Dos/windows(e.g. .AppleDouble).
delete veto files = yes .
veto files .
: delete veto files = no
deny hosts (S)
hosts deny .
dfree command (G)
dfree command.Ultrix,."Abort Retry Ignore".
..
,./.ascii.(),..1024.
:root,root,(setuid or setgid)!
: .
: dfree command = /usr/local/samba/bin/dfree
dfree.
#!/bin/sh
df $1 | tail -1 | awk '{print $2" "$4}'
Sys V:
#!/bin/sh
/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
.
directory (S)
path .
directory mask (S)
8UNIXdosunix
,dosunix,.unix.unix
,,.
Sambaforce directory mode,000().
Note that this parameter does not apply to permissions set by
Windows NT/2000 ACL editors. If the administrator wishes to
enforce a mask on access control lists also, they need to set
the directory security mask.
,force directory mode.
create mode directory security mask.
Also refer to the inherit permissions parameter.
: directory mask = 0755
: directory mask = 0775
directory mode (S)
directory mask
directory security mask (S)
NTNTunix.
,.,0.
,directory mask.user/group/world,0777.
,samba,.0777.
force directory security mode, security mask, force security
mode
: directory security mask = 0777
: directory security mask = 0700
disable netbios (G)
Enabling this parameter will disable netbios support in Samba.
Netbios is the only available form of browsing in all windows
versions except for 2000 and XP.
Note that clients that only support netbios won't be able to see
your samba server when netbios support is disabled.
: disable netbios = no
: disable netbios = yes
disable spoolss (G)
Enabling this parameter will disable Samba's support for the
SPOOLSS set of MS-RPC's and will yield identical behavior as
Samba 2.0.x. Windows NT/2000 clients will downgrade to using
Lanman style printing commands. Windows 9x/ME will be uneffected
by the However, this will also disable the ability to upload
printer drivers to a Samba server via the Windows NT Add Printer
Wizard or by using the NT printer properties dialog window. It
will also disable the capability of Windows NT/2000 clients to
download print drivers from the Samba host upon demand. Be very
careful about enabling this
See also use client driver
Default : disable spoolss = no
display charset (G)
Specifies the charset that samba will use to print messages to
stdout and stderr and SWAT will use. Should generally be the
same as the unix charset.
: display charset = ASCII
: display charset = UTF8
dns proxy (G)
nmbd(8)WINSNetBIOS,DNSNetBIOS,DNS.
,NetBISO15,DNS(DNS)15.
nmbd DNS,.
wins support
: dns proxy = yes
domain logons (G)
yes,SambaworkgroupWindows 95/98 .Samba 2.2Windows NT 4 Samba
Samba-PDC-HOWTO
: domain logons = no
domain master (G)
smbd(8).,nmbdNetBIOS.nmbd,smbd(8) .,,.
,windows NTNetBIOS(,Windows NT). ,nmbd Windows NT,,.
If domain logons = yes , then the default behavior is to enable
the domain master If domain logons is not enabled (the default
setting), then neither will domain master be enabled by default.
: domain master = auto
dont descend (S)
(linux/proc),(),().,.
,Samba'dont descend'../proc/proc..
: none (,)
: dont descend = /proc,/dev
dos charset (G)
DOS SMB clients assume the server has the same charset as they
do. This option specifies which charset Samba should talk to DOS
clients.
The default depends on which charsets you have installed. Samba
tries to use charset 850 but falls back to ASCII in case it is
not available. Run testparm(1) to check the default on your
system.
dos filemode (S)
The default behavior in Samba is to provide UNIX-like behavior
where only the owner of a file/directory is able to change the
permissions on it. However, this behavior is often confusing to
DOS/Windows users. Enabling this parameter allows a user who has
write access to the file (by whatever means) to modify the
permissions on it. Note that a user belonging to the group
owning the file will not be allowed to change permissions if the
group is only granted read access. Ownership of the
file/directory is not changed, only the permissions are
modified.
: dos filemode = no
dos filetime resolution (S)
DOSWindows FAT,2,smbd(8)1Samba2
Visual C++Samba.(oplocks),Visual C++.1,2.2,,Visual C++,Visual
C++.,Visual C++.
: dos filetime resolution = no
dos filetimes (S)
DOSWindows,,.POSIX,root.,SambaPOSIX,smbd,. yes,smbd(8)DOS,DOS.
: dos filetimes = no
enable rid algorithm (G)
This option is used to control whether or not smbd in Samba 3.0
should fallback to the algorithm used by Samba 2.2 to generate
user and group RIDs. The longterm development goal is to remove
the algorithmic mappings of RIDs altogether, but this has proved
to be difficult. This parameter is mainly provided so that
developers can turn the algorithm on and off and see what
breaks. This parameter should not be disabled by non-developers
because certain features in Samba will fail to work without it.
: enable rid algorithm = <yes>
encrypt passwords (G)
.,NT4.0 SP3 WINDOWS 98,.,Samba HOWTO Collection "User Database"
, smbd(8)smbpasswd(5)(,smbpasswd(8)),,security=
[server|domain|ads],smbd.
: encrypt passwords = yes
enhanced browsing (G)
This option enables a couple of enhancements to cross-subnet
browse propagation that have been added in Samba but which are
not standard in Microsoft implementations.
The first enhancement to browse propagation consists of a
regular wildcard query to a Samba WINS server for all Domain
Master Browsers, followed by a browse synchronization with each
of the returned DMBs. The second enhancement consists of a
regular randomised browse synchronization with all currently
known DMBs.
You may wish to disable this option if you have a problem with
empty workgroups not disappearing from browse lists. Due to the
restrictions of the browse protocols these enhancements can
cause a empty workgroup to stay around forever which can be
annoying.
In general you should leave this option enabled as it makes
cross-subnet browse propagation much more reliable.
: enhanced browsing = yes
enumports command (G)
The concept of a "port" is fairly foreign to UNIX hosts. Under
Windows NT/2000 print servers, a port is associated with a port
monitor and generally takes the form of a local port (i.e.
LPT1:, COM1:, FILE:) or a remote port (i.e. LPD Port Monitor,
etc...). By default, Samba has only one port defined--"Samba
Printer Port". Under Windows NT/2000, all printers must have a
valid port name. If you wish to have a list of ports displayed
(smbd does not use a port name for anything) other than the
default "Samba Printer Port", you can define enumports command
to point to a program which should generate a list of ports, one
per line, to standard output. This listing will then be used in
response to the level 1 and 2 EnumPorts() RPC.
: no enumports command
: enumports command = /usr/bin/listports
exec (S)
preexec
fake directory create times (S)
NTFSWindows VFAT. UNIX--ctime. , , SambaUNIX(/). , Samba,
1980.01.01.
Visual C++Samba.Visual C++makefiles, . . , NMAKE, . , ,.
UNIX,Samba. NMAKE(), .,NMAKE.
: fake directory create times = no
fake oplocks (S)
oplocks, SMB. oplock(opportunistic lock), , , . oplocks. .
fake oplocks = yes,smbd(8)oplock, .
, oplocks.
(: CDROM),(: ). . , , . .
: fake oplocks = no
follow symlinks (S)
Sambasmbd(8). no().: /etc/passwd. (, ). , .
(, smbd)
: follow symlinks = yes
force create mode (S)
UNIX, Samba, , , ., 000,create mask, , .
create mask
inherit permissions .
: force create mode = 000
: force create mode = 0755
, "/()". //.
force directory mode (S)
UNIX, Samba, , , ., 000,directory mask,, .
directory mask
inherit permissions.
: force directory mode = 000
: force directory mode = 0755
, "/()". //.
force directory security mode (S)
NTNTunix.
('or'),.,,0'on'.
,force directory mode.user/group/world,0000.
,samba,.0000.
directory security mask, security mask, force security mode
: force directory security mode = 0
: force directory security mode = 700
force group (S)
UNIX, "". . , , Samba.
samba 2.0.5.'+',,.,,.,force group = +sys,syssamba..
force user,force group force user. If the force user parameter
is also set the group specified in force group will override the
primary group set in force user.
force user.
: no forced group
: force group = agroup
force security mode (S)
NTNTunix.
('or'),.,,0'on'.
,force create mode.user/group/world,000.
,samba,.0000.
force directory security mode, directory security mask,
security mask
: force security mode = 0
: force security mode = 700
force user (S)
UNIX, . ()., .
. , . , , .
samba 2.0.5.2.0.5(bug)
force group
: no forced user
: force user = auser
fstype (S)
, , smbd(8). Windows NTNTFS, ,,,SambaFAT.
: fstype = NTFS
: fstype = Samba
get quota command (G)
The get quota command should only be used whenever there is no
operating system API available from the OS that samba can use.
This parameter should specify the path to a script that queries
the quota information for the specified user/group for the
partition that the specified directory is on.
Such a script should take 3 arguments:
directory
type of query
uid of user or gid of group
The type of query can be one of :
1 - user quotas
2 - user default quotas (uid = -1)
3 - group quotas
4 - group default quotas (gid = -1)
This script should print its output according to the following
format:
Line 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 =
quotas enabled and enforced)
Line 2 - number of currently used blocks
Line 3 - the softlimit number of blocks
Line 4 - the hardlimit number of blocks
Line 5 - currently used number of inodes
Line 6 - the softlimit number of inodes
Line 7 - the hardlimit number of inodes
Line 8(optional) - the number of bytes in a block(default is
1024)
set quota command
: get quota command =
: get quota command = /usr/local/sbin/query_quota
getwd cache (G)
. , "getwd()". , wide linksno.
: getwd cache = yes
group (S)
force group
guest account (G,S)
(,), , fI guest ok. "(guest)". , passwd, ."ftp",.:,.
,"nobody".,(ftp),(su -),,lpr(1)lp(1).
%Samba
: "nobody"
: guest account = ftp
guest ok (S)
yes, , , guest account.
restrict anonymous = 2
security
: guest ok = no
guest only (S)
yes, , (guest), , .guest ok, .
security
: guest only = no
hide dot files (S)
. "."(UNIX, ".").
: hide dot files = yes
hide files (S)
..DOS"".
"/".DOS"*""?"
UNIX,DOS,,UNIX"/".
:.
Samba,.
hide dot files, veto files case sensitive.
:
: hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
Thursby,MacintoshSMB(DAVE),,".".
hide local users (G)
This parameter toggles the hiding of local UNIX users (root,
wheel, floppy, etc) from remote clients.
: hide local users = no
hide special files (S)
This parameter prevents clients from seeing special files such
as sockets, devices and fifo's in directory listings.
: hide special files = no
hide unreadable (S)
This parameter prevents clients from seeing the existance of
files that cannot be read. Defaults to off.
: hide unreadable = no
hide unwriteable files (S)
This parameter prevents clients from seeing the existance of
files that cannot be written to. Defaults to off. Note that
unwriteable directories are shown as usual.
: hide unwriteable = no
homedir map (G)
nis homedir yes,, smbd(8)win95/98,,NIS(YP)..,Sunauto.home.:
username server:/some/file/system
":".,,Amd().
NIS
nis homedir , domain logons .
: homedir map = <>
: homedir map = amd.homedir
host msdfs (G)
If set to yes, Samba will act as a Dfs server, and allow Dfs-
aware clients to browse Dfs trees hosted on the server.
msdfs root share level For more information on setting up a
Dfs tree on Samba, refer to ???.
: host msdfs = no
hostname lookups (G)
Specifies whether samba should use (expensive) hostname lookups
or use the ip addresses instead. An example place where hostname
lookups are currently used is when checking the hosts deny and
hosts allow.
: hostname lookups = yes
: hostname lookups = no
hosts allow (S)
allow hosts .
,tab..
[global],.
ip., allow hosts = 150.203.5. c.hosts_access(5).,.
127.0.0.1 ,hosts deny .
/.,.EXCEPT(...).
Example 1: 150.203.*.* IP
hosts allow = 150.203. EXCEPT 150.203.6.66
Example 2: /IP
hosts allow = 150.203.15.0/255.255.255.0
Example 3:
hosts allow = lapland, arvidsjaur
Example 4: NIS"foonet",
hosts allow = @foonet
hosts deny = pirate
,.
testparm(1) .
: none (,)
: allow hosts = 150.203.5. myhost.mynet.edu.au
hosts deny (S)
hosts allow.,.,allow.
: none ()
: hosts deny = 150.203.4. badhost.mynet.edu.au
hosts equiv (G)
,..
hosts allow ,,. hosts equivsambaNT.
:hosts equiv .PC.PC.hosts equiv,(). :-)
: no host equivalences
: hosts equiv = /etc/hosts.equiv
idmap backend (G)
The purpose of the idmap backend parameter is to allow idmap to
NOT use the local idmap tdb file to obtain SID to UID / GID
mappings, but instead to obtain them from a common LDAP backend.
This way all domain members and controllers will have the same
UID and GID to SID mappings. This avoids the risk of UID / GID
inconsistencies across UNIX / Linux systems that are sharing
information over protocols other than SMB/CIFS (ie: NFS).
: idmap backend = <>
: idmap backend = ldap:ldap://ldapslave.example.com
idmap gid (G)
The idmap gid parameter specifies the range of group ids that
are allocated for the purpose of mapping UNX groups to NT group
SIDs. This range of group ids should have no existing local or
NIS groups within it as strange conflicts can occur otherwise.
The availability of an idmap gid range is essential for correct
operation of all group mapping.
: idmap gid = <>
: idmap gid = 10000-20000
idmap uid (G)
The idmap uid parameter specifies the range of user ids that are
allocated for use in mapping UNIX users to NT user SIDs. This
range of ids should have no existing local or NIS users within
it as strange conflicts can occur otherwise.
: idmap uid = <>
: idmap uid = 10000-20000
include (G)
.,.
,%u , %P %S.
:
: include = /usr/local/samba/lib/admin_smb.conf
inherit acls (S)
This parameter can be used to ensure that if default acls exist
on parent directories, they are always honored when creating a
subdirectory. The default behavior is to use the mode specified
when creating the directory. Enabling this option sets the mode
to 0777, thus guaranteeing that default directory acls are
propagated.
: inherit acls = no
inherit permissions (S)
The permissions on new files and directories are normally
governed by create mask, directory mask, force create mode and
force directory mode but the boolean inherit permissions
parameter overrides this.
New directories inherit the mode of the parent directory,
including bits such as setgid.
New files inherit their read/write bits from the parent
directory. Their execute bits continue to be determined by map
archive , map hidden and map system as usual.
Note that the setuid bit is never set via inheritance (the code
explicitly prohibits this).
This can be particularly useful on large systems with many
users, perhaps several thousand, to allow a single [homes] share
to be used flexibly by each user.
create mask , directory mask, force create mode and force
directory mode .
: inherit permissions = no
interfaces (G)
Samba,NBT. Samba127.0.0.1 .
, :
(eth0).shelleth*"eth".
IP.,.
IP/.
/.
"mask"(C24).
"IP"IP.
,:
interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
,eth0IP192.168.2.10 192.168.3.10255.255.255.0
bind interfaces only.
: 127.0.0.1 that are broadcast capable
invalid users (S)
.(paranoid),.
@NIS(NIS),NIS,UNIX.
+UNIX,&NIX(NIS).'+''&',,,+&groupUNIX,NIS,&+group,NIX,UNIX.(@).
%S,[homes].
valid users .
:
: invalid users = root fred admin @wheel
keepalive (G)
,keepalive.0,.
,socketSO_KEEPALIVE(socket options),.,,.
: keepalive = 300
: keepalive = 600
kernel change notify (G)
This parameter specifies whether Samba should ask the kernel for
change notifications in directories so that SMB clients can
refresh whenever the data on the server changes.
This parameter is only usd when your kernel supports change
notification to user programs, using the F_NOTIFY fcntl.
: Yes
kernel oplocks (G)
oplocks(opportunistic lock)UNIX(IRIX Linux2.4),.
UNIXNFS()smbd(8)oplocks .SMB/CIFS,NFS.(cool :-)
,on(),,Off()..
oplocks level2 oplocks .
: kernel oplocks = yes
lanman auth (G)
This parameter determines whether or not smbd(8) will attempt to
authenticate users using the LANMAN password hash. If disabled,
only clients which support NT password hashes (e.g. Windows
NT/2000 clients, smbclient, etc... but not Windows 95/98 or the
MS DOS network client) will be able to connect to the Samba
host.
The LANMAN encrypted response is easily broken, due to it's
case-insensitive nature, and the choice of algorithm. Servers
without Windows 95/98 or MS DOS clients are advised to disable
this option.
Unlike the encypt passwords option, this parameter cannot alter
client behaviour, and the LANMAN response will still be sent
over the network. See the client lanman auth to disable this for
Samba's clients (such as smbclient)
If this option, and ntlm auth are both disabled, then only
NTLMv2 logins will be permited. Not all clients support NTLMv2,
and most will require special configuration to us it.
Default : lanman auth = yes
large readwrite (G)
This parameter determines whether or not smbd(8) supports the
new 64k streaming read and write varient SMB requests introduced
with Windows 2000. Note that due to Windows 2000 client
redirector bugs this requires Samba to be running on a 64-bit
capable operating system such as IRIX, Solaris or a Linux 2.4
kernel. Can improve performance by 10% with Windows 2000
clients. Defaults to on. Not as tested as some other Samba code
paths.
: large readwrite = yes
ldap admin dn (G)
The ldap admin dn defines the Distinguished Name (DN) name used
by Samba to contact the ldap server when retreiving user account
information. The ldap admin dn is used in conjunction with the
admin dn password stored in the private/secrets.tdb file. See
the smbpasswd(8) man page for more information on how to
accmplish this.
ldap delete dn (G)
This parameter specifies whether a delete operation in the
ldapsam deletes the complete entry or only the attributes
specific to Samba.
: ldap delete dn = no
ldap filter (G)
RFC2254LDAPsambaAccount uid .
: ldap filter = (&(uid=%u)(objectclass=sambaAccount))
ldap group suffix (G)
This parameters specifies the suffix that is used for groups
when these are added to the LDAP directory. If this parameter is
unset, the value of ldap suffix will be used instead.
: none
: dc=samba,ou=Groups
ldap idmap suffix (G)
This parameters specifies the suffix that is used when storing
idmap mappings. If this parameter is unset, the value of ldap
suffix will be used instead.
: none
: ou=Idmap,dc=samba,dc=org
ldap machine suffix (G)
It specifies where machines should be added to the ldap tree.
: none
ldap passwd sync (G)
This option is used to define whether or not Samba should sync
the LDAP password with the NT and LM hashes for normal accounts
(NOT for workstation, server or domain trusts) on a password
change via SAMBA.
The ldap passwd sync can be set to one of three values:
Yes = Try to update the LDAP, NT and LM passwords and update the
pwdLastSet time.
No = Update NT and LM passwords and update the pwdLastSet time.
Only = Only update the LDAP password and let the LDAP server do
the rest.
: ldap passwd sync = no
ldap port (G)
"--with-ldap".
LDAPtcpLDAP636
: ldap ssl
Default : ldap port = 636 ; ldap ssl = on
Default : ldap port = 389 ; ldap ssl = off
ldap server (G)
"--with-ldapsam".
ldapFQDN
Default : ldap server = localhost
ldap ssl (G)
This option is used to define whether or not Samba should use
SSL when connecting to the ldap server This is NOT related to
Samba's previous SSL support which was enabled by specifying the
--with-ssl option to the configure script.
The ldap ssl can be set to one of three values:
Off = Never use SSL when querying the directory.
Start_tls = Use the LDAPv3 StartTLS extended operation (RFC2830)
for communicating with the directory server.
On = Use SSL on the ldaps port when contacting the ldap server.
Only available when the backwards-compatiblity --with-ldapsam
option is specified to configure. See passdb backend
Default : ldap ssl = start_tls
ldap suffix (G)
ldap user suffixldap machine suffixldapbase dn
: none
ldap user suffix (G)
This parameter specifies where users are added to the tree. If
this parameter is not specified, the value from ldap suffix.
: none
level2 oplocks (S)
Samba()oplocks
2,oplocksWindows
NToplocks,oplocksoplocks(oplocksoplocks).2oplocks(,),(.exe).
oplocks,(), told to break their oplocks to "none",read-ahead
caches.
2oplocksCIFS.
,kernel oplocks,2oplocks(yes).,oplocks yes.
oplocks kernel oplocks
: level2 oplocks = yes
lm announce (G)
nmbd(8)"Lanman",OS/2Samba.3:yesnoauto.auto.no,Samba.yes,Sambalm
interval.auto,Samba,.,,lm interval.
lm interval.
: lm announce = auto
: lm announce = yes
lm interval (G)
Samba"LanmanOS/2,lm announce.,."0",lm announce,"Lanman".
lm announce.
: lm interval = 60
: lm interval = 120
load printers (G)
"printcap"Samba,."printers".
: load printers = yes
local master (G)
nmbd(8).no, nmbd.,yes.yes,become ,become .
no nmbd
: local master = yes
lock dir (G)
lock directory .
lock directory (G)
"".max connections.
: lock directory = ${prefix}/var/locks
: lock directory = /var/run/samba/locks
locking (S)
,"".
locking = no ,..
locking = yes
,:CDROM.,no.
,,.,.
: locking = yes
lock spin count (G)
This parameter controls the number of times that smbd should
attempt to gain a byte range lock on the behalf of a client
request. Experiments have shown that Windows 2k servers do not
reply with a failure if the lock could not be immediately
granted, but try a few more times in case the lock could later
be aquired. This behavior is used to support PC database formats
such as MS Access and FoxPro.
: lock spin count = 3
lock spin time (G)
The time in microseconds that smbd should pause before
attempting to gain a failed lock. See lock spin count for more
details.
: lock spin time = 10
log file (G)
Samba).
,.
: log file = /usr/local/samba/var/log.%m
log level (G)
()smb.conf().This parameter has been extended since the 2.2.x
series, now it allow to specify the debug level for multiple
debug classes. .
,,.
: log level = 3 passdb:5 auth:10 winbind:2
logon drive (G)
,,(logon home).
:Samba.
: logon drive = z:
: logon drive = h:
logon home (G)
Win95/98Win NTSamba PDC,.,(DOS):
C:\> NET USE H: /HOME
,.
This parameter can be used with Win9X workstations to ensure
that roaming profiles are stored in a subdirectory of the user's
home directory. This is done in the following way:
logon home = \%NUrofile
This tells Samba to return the above string, with substitutions
made when a client requests the info, generally in a
NetUserGetInfo request. Win9X clients truncate the info to
\\server\share when a user does net use /home but use the whole
string when dealing with profiles.
Note that in prior versions of Samba, the logon path was
returned rather than logon home. This broke net use /home but
allowed profiles outside the home directory. The current
implementation is correct, and can be used for profiles if you
use the above trick.
,Sambalogon server.
: logon home = "\%NU"
: logon home = "\remote_smb_serverU"
logon path (G)
roaming profile(WindowsNTNTuser.dat ).Contrary to previous
versions of these manual pages, it has nothing to do with Win 9X
roaming profiles. To find out how to handle roaming profiles for
Win 9X system, see the logon home parameter.
,.Windows NT""(,,).
,,Windows NT.,Windows NTNTuser.dat.
,.NTuser.dat,NTuser.man((MANdatory)user.dat).
Windows[homes].,logon pathhomes(,\\%N\HOMES\profile_path).
,.
,Sambalogon server.
: logon path = \\%N\%U\profile
: logon path = \\PROFILESERVER\PROFILE\%U
logon script (G)
,,,.batNT.cmd.DOS/CR/LF,,DOS.
[netlogon],,[netlogon]path/usr/local/samba/netlogon,logon script
= STARTUP.BAT, :
/usr/local/samba/netlogon/STARTUP.BAT
,.:NET TIME \SERVER /SET /YES,:NET USE U:\\SERVER\"" :
NET USE Q:\SERVERISO9001_QA
:,[netlogon],.,.
,.
,Samba.
: no logon script defined
: logon script = scriptsU.bat
lppause command (S)
.
.,.
%p,%j().HPUX(printing=hpux ),lpq-
p%p,,,,'PAUSED',,,'SPOOLED''PRINTING'.
,,PATH.
printing parameter.
: ,printingSYSV,, :
lp -i %p-%j -H hold
printingsoftq,:
qstat -s -j%j -h
HPUX: lppause command = /usr/bin/lpalt %p-%j -p0
lpq cache time (G)
lpq,lpq.lpq,lpq,.
/tmp/lpq.xxxx,xxxxlpq.
10,lpq10.lpq,.
0.
printing .
: lpq cache time = 10
: lpq cache time = 30
lpq command (S)
lpq.
.
:CUPS, BSD,AIX,LPRNG,PLP,SYSV,HPUX,QNXSOFTQ.UNIX.printing =.
(Windows for Workgroups).,..
%p,..
,PATH,lpq command. CUPSlpq commandsmbd
printing .
: printing
: lpq command = /usr/bin/lpq -P%p
lpresume command (S)
.
.lppause command
%p,.%j, .
,PATH,lpresume command
printing .
: printing SYSV,
lp -i %p-%j -H resume
printing SOFTQ, :
qstat -s -j%j -r
HPUX: lpresume command = /usr/bin/lpalt %p-%j -p2
lprm command (S)
.
,.
%p,.%j,.
,PATH,lprm command.
printing .
: printing
1: lprm command = /usr/bin/lprm -P%p %j
2: lprm command = /usr/bin/cancel %p-%j
machine password timeout (G)
sambaWindows
NT(security=domain),smbdprivate/secrets.tdbTDBMACHINE ACCOUNT
PASSWORD.(),NT.
smbpasswd(8), security = domain .
: machine password timeout = 604800
magic output (S)
magic,magic script.
:magic script,.
: magic output = <magic script name>.out
: magic output = myfile.txt
magic script (S)
,,,.UNIXsamba,.
,.
,magic output().
,CR/LFCR.magic,shelldos.
magic,.
: magic script.
: magic script = user.csh
mangle case (S)
NAME MANGLING.
: mangle case = no
mangled map (S)
Windows/DOSunix.,DOSUNIX,,HTMLUNIX.html,Windows/DOS.htm.
html htm :
mangled map = (*.html *.htm)
CDROM;1(UNIX).(*;1 *;).
: mangled map
: mangled map = (*;1 *;)
mangled names (S)
UNIXDOSDOS("mangled"),DOS.
NAME MANGLING.
,
,.
"~",,.,.
,'~',mangling char.
,,.'.'.'.',("hidden files" - ).
unix,DOS."___",("___").
.
,,1/1300.
unixunixWindows/DOS.Windows/DOSunix..
: mangled names = yes
mangled stack (G)
,Sambasmbd(8).
(3).
,unix.,(256).
,.
: mangled stack = 50
: mangled stack = 100
mangle prefix (G)
controls the number of prefix characters from the original name
used when generating the mangled names. A larger value will give
a weaker hash and therefore more name collisions. The minimum
value is 1 and the maximum value is 6.
mangle prefix is effective only when mangling method is hash2.
: mangle prefix = 1
: mangle prefix = 4
mangling char (S)
name manglingmagic.'~',..
: mangling char = ~
: mangling char = ^
mangling method (G)
controls the algorithm used for the generating the mangled
names. Can take two different values, "hash" and "hash2". "hash"
is the default and is the algorithm that has been used in Samba
for many years. "hash2" is a newer and considered a better
algorithm (generates less collisions) in the names. However,
many Win32 applications store the mangled names and so changing
to the new algorithm must not be done lightly as these
applications may break unless reinstalled.
: mangling method = hash2
: mangling method = hash
map acl inherit (S)
This boolean parameter controls whether smbd(8) will attempt to
map the 'inherit' and 'protected' access control entry flags
stored in Windows ACLs into an extended attribute called
user.SAMBA_PAI. This parameter only takes effect if Samba is
being run on a platform that supports extended attributes (Linux
and IRIX so far) and allows the Windows 2000 ACL editor to
correctly use inheritance with the Samba POSIX ACL mapping code.
: map acl inherit = no
map archive (S)
DOSUNIX.DOS.SambaPCUNIX
create mask[u4E2D](100).create mask.
: map archive = yes
map hidden (S)
DOSUNIX.
create mask(001).create mask.
: map hidden = no
map system (S)
DOSUNIX.
create mask(010).create mask.
: map system = no
map to guest (G)
(security=share),,(user, server, domain).
,,smbd(8).
:
Never - ..
Bad User - ,,guest account.
Bad Password - ,guest.,,"",,. Helpdesk services will hate you if
you set the map to guest parameter this way :-).
,"Guest".,,"Guest".
,local.hGUEST_SESSSETUP.
: map to guest = Never
: map to guest = Bad User
max connections (S)
.max connections0,,.0.
,.lock directory.
: max connections = 0
: max connections = 10
max disk size (G)
.100,100M.
.,100M,, max disk size.
,1G.
0.
: max disk size = 0
: max disk size = 1000
max log size (G)
(kB).samba,.old.
0.
: max log size = 5000
: max log size = 1000
max mux (G)
SMB..
: max mux = 50
max open files (G)
smbd(8).(10,000),.
UNIX,.
: max open files = 10000
max print jobs (S)
This parameter limits the maximum number of jobs allowable in a
Samba printer queue at any given moment. If this number is
exceeded, smbd(8) will remote "Out of Space" to the client. See
all total print jobs.
: max print jobs = 1000
: max print jobs = 5000
max protocol (G)
,.
:
CORE: ,.
COREPLUS: CORE.
LANMAN1: ,.
LANMAN2: LANMAN1.
NT1: Windows NT,CIFS.
,,SMB.
min protocol
: max protocol = NT1
: max protocol = LANMAN1
max reported print jobs (S)
This parameter limits the maximum number of jobs displayed in a
port monitor for Samba printer queue at any given moment. If
this number is exceeded, the excess jobs will not be shown. A
value of zero means there is no limit on the number of print
jobs reported. See all total print jobs and max print jobs
parameters.
: max reported print jobs = 0
: max reported print jobs = 1000
max smbd processes (G)
This parameter limits the maximum number of smbd(8) processes
concurrently running on a system and is intended as a stopgap to
prevent degrading service to clients in the event that the
server has insufficient resources to handle more than this
number of connections. Remember that under normal operating
conditions, each user will have an smbd(8) associated with him
or her to handle connections to all shares from a given host.
: max smbd processes = 0 ## no limit
: max smbd processes = 1000
max ttl (G)
nmbd(8) WINS,NetBIOS('time to live', ).,3.
: max ttl = 259200
max wins ttl (G)
smbd(8)WINS(wins support =true),nmbdNetBIOS('time to
live',).,6(518400).
min wins ttl .
: max wins ttl = 518400
max xmit (G)
samba.65535,..2048.
: max xmit = 65535
: max xmit = 8192
message command (G)
WinPopup.
.
:
message command = csh -c 'xedit %s;rm %s' &
xedit,..'&'.,(30).
.,%u(%U).
,,:
%s =
%t = ().
%f = .
..
root
message command = /bin/mail -s 'message from %f on %m' root <
%s; rm %s
,,Samba.WfWg(Windows for Workgrups),.
message command = rm %s
: message command
: message command = csh -c 'xedit %s; rm %s' &
min passwd length (G)
min password length .
min password length (G)
UNIXsmbd.
unix password sync, passwd program passwd chat debug .
: min password length = 5
min print space (S)
.kB .0,.
printing
: min print space = 0
: min print space = 2000
min protocol (G)
The value of the parameter (a string) is the lowest SMB protocol
dialect than Samba will support. Please refer to the max
protocol parameter for a list of valid protocol names and a
brief description of each. You may also wish to refer to the C
source code in source/smbd/negprot.c for a listing of known
protocol dialects supported by clients.
If you are viewing this parameter as a security measure, you
should also refer to the lanman auth Otherwise, you should
never need to change this
Default : min protocol = CORE
Example : min protocol = NT1 # disable DOS clients
min wins ttl (G)
nmbd(8)WINS(wins support = yes),NetBIOS().,6(21600)
: min wins ttl = 21600
msdfs proxy (S)
This parameter indicates that the share is a stand-in for
another CIFS share whose location is specified by the value of
the When clients attempt to connect to this share, they are
redirected to the proxied share using the SMB-Dfs protocol.
Only Dfs roots can act as proxy shares. Take a look at the msdfs
root and host msdfs options to find out how to set up a Dfs root
share.
: msdfs proxy = \\otherserver\someshare
msdfs root (S)
If set to yes, Samba treats the share as a Dfs root and allows
clients to browse the distributed file system tree rooted at the
share directory. Dfs links are specified in the share directory
by symbolic links of the form
msdfs:serverA\\shareA,serverB\\shareB and so on. For more
information on setting up a Dfs tree on Samba, refer to ???.
host msdfs
: msdfs root = no
name cache timeout (G)
Specifies the number of seconds it takes before entries in
samba's hostname resolve cache time out. If the timeout is set
to 0. the caching is disabled.
: name cache timeout = 660
: name cache timeout = 0
name resolve order (G)
sambaIP.netbios.
"lmhosts","host","wins""bcast".
lmhosts : sambalmhostsIP.lmhostsNetBIOS(lmhosts (5)),.
host :
IP,/etc/hosts,NISDNS.,IRIXSolaris/etc/nsswitch.conf.NetBIOS0x20()0x1c(),._ldap._tcp.domain
SRV RRDNS
wins : wins serverIP.WINS,.
bcast : interfaces.,.
: name resolve order = lmhosts host wins bcast
: name resolve order = lmhosts bcast host
lmhosts,,.
When Samba is functioning in ADS security mode (security = ads)
it is advised to use following settings for name resolve order:
name resolve order = wins bcast
DC lookups will still be done via DNS, but fallbacks to netbios
names will not inundate your DNS servers with needless querys
for DOMAIN<0x1c> lookups.
netbios aliases (G)
NetBIOSnmbd.., ,.
netbios name
: ()
: netbios aliases = TEST TEST1 TEST2
netbios name (G)
sambaNetBIOS.DNS.(DNS),.
netbios aliases
: machine DNS name
: netbios name = MYNAME
netbios scope (G)
This sets the NetBIOS scope that Samba will operate under. This
should not be set unless every machine on your LAN also sets
this value.
nis homedir (G)
NIS.UNIX,.
sambaNFS,SMB,(SMB,NFS)..
Sambasamba,samba.samba,homedir mapNIS.
NIS,samba
: nis homedir = no
nt acl support (S)
smbd(8)UNIXNT.2.2.2
: nt acl support = yes
ntlm auth (G)
This parameter determines whether or not smbd(8) will attempt to
authenticate users using the NTLM encrypted password response.
If disabled, either the lanman password hash or an NTLMv2
response will need to be sent by the client.
If this option, and lanman auth are both disabled, then only
NTLMv2 logins will be permited. Not all clients support NTLMv2,
and most will require special configuration to us it.
Default : ntlm auth = yes
nt pipe support (G)
smbd(8)Windows NTNTSMBIPC$.,.
: nt pipe support = yes
nt status support (G)
This boolean parameter controls whether smbd(8) will negotiate
NT specific status support with Windows NT/2k/XP clients. This
is a developer debugging option and should be left alone. If
this option is set to no then Samba offers exactly the same DOS
error codes that versions prior to Samba 2.2.3 reported.
You should not need to ever disable this
: nt status support = yes
null passwords (G)
Allow or disallow client access to accounts that have null
passwords. .
smbpasswd(5).
: null passwords = no
obey pam restrictions (G)
When Samba 3.0 is configured to enable PAM support (i.e. --with-
pam), this parameter will control whether or not Samba should
obey PAM's account and session management directives. The
default behavior is to use PAM for clear text authentication
only and to ignore any account or session management. Note that
Samba always ignores PAM for authentication in the case of
encrypt passwords = yes. The reason is that PAM modules cannot
support the challenge/response authentication mechanism needed
in the presence of SMB password encryption.
: obey pam restrictions = no
only guest (S)
guest only.
only user (S)
user.,.user
samba.[homes].user = %S,user,.
user
: only user = no
oplock break wait time (G)
Windows 9xWinNT.oplock(oplock break
request)SMB,samba,.()sambaoplock.
sambaoplock,
: oplock break wait time = 0
oplock contention limit (S)
smbd(8),oplocks.
,smbd(8)oplock.smbdWindows NT.
sambaoplock,!
: oplock contention limit = 2
oplocks (S)
smbdoplocks().oplocksamba(approx.30% ).,(Windows NT).samba
docs/Speed.txt.
oplocks. veto oplock files .oplocks.oplocked,sambaNFSUNIX.kernel
oplocks.
kernel oplocks level2 oplocks parameters.
: oplocks = yes
os2 driver map (G)
The parameter is used to define the absolute path to a file
containing a mapping of Windows NT printer driver names to OS/2
printer driver names. The format is:
<nt driver name> = <os2 driver name>.<device name>
For example, a valid entry using the HP LaserJet 5 printer
driver would appear as HP LaserJet 5L = LASERJET.HP LaserJet 5L.
The need for the file is due to the printer driver namespace
problem described in ???. For more details on OS/2 clients,
please refer to ???.
: os2 driver map = <>
os level (G)
Samba. nmbd(8 WORKGROUP.
: SambaM$Windows NT4.0/2000 SambaSamba docs/ BROWSING.txt
: os level = 20
: os level = 65
pam password change (G)
With the addition of better PAM support in Samba 2.2, this
parameter, it is possible to use PAM's password change control
flag for Samba. If enabled, then PAM will be used for password
changes when requested by an SMB client instead of the program
listed in passwd program. It should be possible to enable this
without changing your passwd chat parameter for most setups.
: pam password change = no
panic action (G)
sambasmbd(8)smbd(8)..
: panic action = <>
: panic action = "/bin/sleep 90000"
paranoid server security (G)
Some version of NT 4.x allow non-guest users with a bad
passowrd. When this option is enabled, samba will not use a
broken NT 4.x server as password server, but instead complain to
the logs and exit.
Disabling this option prevents Samba from making this check,
which involves deliberatly attempting a bad logon to the remote
server.
: paranoid server security = yes
passdb backend (G)
This option allows the administrator to chose which backends to
retrieve and store passwords with. This allows (for example)
both smbpasswd and tdbsam to be used without a recompile.
Multiple backends can be specified, separated by spaces. The
backends will be searched in the order they are specified. New
users are always added to the first backend specified.
This parameter is in two parts, the backend's name, and a
'location' string that has meaning only to that particular
backed. These are separated by a : character.
Available backends can include: .TP 3 o smbpasswd - The default
smbpasswd backend. Takes a path to the smbpasswd file as an
optional argument. .TP o tdbsam - The TDB based password storage
backend. Takes a path to the TDB as an optional argument
(defaults to passdb.tdb in the private dir directory. .TP o
ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an
optional argument (defaults to ldap://localhost) LDAP
connections should be secured where possible. This may be done
using either Start-TLS (see ldap ssl) or by specifying ldaps://
in the URL argument. .TP o nisplussam - The NIS+ based passdb
backend. Takes name NIS domain as an optional argument. Only
works with sun NIS+ servers. .TP o mysql - The MySQL based
passdb backend. Takes an identifier as argument. Read the Samba
HOWTO Collection for configuration details. .LP
: passdb backend = smbpasswd
: passdb backend = tdbsam:/etc/samba/private/passdb.tdb
smbpasswd:/etc/samba/smbpasswd
: passdb backend = ldapsam:ldaps://ldap.example.com
: passdb backend = mysql:my_plugin_args tdbsam
passwd chat (G)
smbd(8)"chat".,smbd(8)passwd program..
chat(NIS).
unix password syncyessmbpasswdSMBroot. rootNIS/YP passwdNIS
%nchat\\n, \\r, \\t \\s tabchat'*'
".",.,".",.
pam password changeyeschatPAMPAM\n
unix password sync, passwd program , passwd chat debug pam
password change.
: passwd chat = *new*password* %n\n *new*password* %n\n
*changed*
: passwd chat = "*Enter OLD password*" %o\n "*Enter NEW
password*" %n\n "*Reenter NEW password*" %n\n "*Password
changed*"
passwd chat debug (G)
debug.,debug level100smbd(8).smbd ,.Sambapasswd programpasswd
chat ,.pam password change.
passwd chat , pam password change , passwd program .
: passwd chat debug = no
passwd program (G)
UNIX.%u..
,.(WfWg),.
unix password syncyes,smbpasswdSMBroot.,smbdSMB,.
unix password sync,,.unix password sync no.
unix password sync.
: passwd program = /bin/passwd
: passwd program = /sbin/npasswd %u
password level (G)
/.WfWg,LANMAN1.COREPLUS! Windows95/98 : NTLM0.12
.
,"FRED". password level1,"FRED"
"Fred", "fred", "fRed", "frEd","freD"
password level2,
"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..
.,,.
0 - ,.
: password level = 0
: password level = 4
password server (G)
SMB,security = [ads|domain|server],samba/.
IP. ADS realmLDAP 389ip(192.168.1.100:389)SambaLDAPtcp/389.
WindowsNT4.0 netbios
name resolve order
"LM1.2X002""LM NT 0.12",.
UNIX(Samba)..
Samba,Samba,.
,%m,Samba.,
securitydomainads,Domain'*'.'*'sambaRPC. security =
domain,password server,smbd ,.
password server'*',sambaWORKGROUP<1C>IP.
IP'*'DCSambaDC
securityserver,security = domain
password server,smbd,.security = server SMB/CIFS,Samba.
Windows NT,Samba. security = server,,.
security
: password server = <>
: password server = NT-PDC, NT-BDC1, NT-BDC2, *
: password server = windc.mydomain.com:389 192.168.1.101 *
: password server = *
path (S)
.,. This parameter specifies a directory to which the user of
the service is to be given access. In the case of printable
services, this is where print data will spool prior to being
submitted to the host for printing.
,,(s).,.
%uUNIX%mNetBIOS.,.
root dir().
:
: path = /home/fred
pid directory (G)
This option specifies the directory where pid files will be
placed.
: pid directory = ${prefix}/var/locks
: pid directory = /var/run/
posix locking (S)
The smbd(8) daemon maintains an database of file locks obtained
by SMB clients. The default behavior is to map this internal
database to POSIX locks. This means that file locks obtained by
SMB clients are consistent with those seen by POSIX compliant
applications accessing the files via a non-SMB method (e.g. NFS
or local file access). You should never need to disable this
: posix locking = yes
postexec (S)
..root.
postexec = /etc/umount /cdrom
preexec.
: ()
: postexec = echo
preexec (S)
..
()
preexec = csh -c 'echo
,:-)
preexec close postexec .
: ()
: preexec = echo
preexec close (S)
preexec .
: preexec close = no
prefered master (G)
preferred master :-)
preferred master (G)
nmbd(8).
yes,nmbd,. domain master = yes,nmbd.
,(SambaWindows95NT),,.
os level.
: preferred master = auto
preload (G)
.homesprinters,.
,printcap,load printers.
: no preloaded services
: preload = fred lp colorlp
preload modules (G)
This is a list of paths to modules that should be loaded into
smbd before a client connects. This improves the speed of smbd
when reacting to new connections somewhat.
: preload modules =
: preload modules = /usr/lib/samba/passdb/mysql.so+++
preserve case (S)
,default case .
: preserve case = yes
NAME MANGLING.
printable (S)
yes,.
().read only.
: printable = no
printcap (G)
printcap name .
printcap name (S)
printcap(/etc/printcap).[printers],.
To use the CUPS printing interface set printcap name = cups .
This should be supplemented by an addtional setting printing =
cups in the [global] section. printcap name = cups will use the
"dummy" printcap created by CUPS, as specified in your CUPS
configuration file.
lpstatSystem V,printcap name = lpstat .sambaSYSV(System
V).printcap namelpstat,sambalpstat -v.
printcap
print1|My Printer 1
print2|My Printer 2
print3|My Printer 3
print4|My Printer 4
print5|My Printer 5
'|'.Samba.
AIXprintcap/etc/qconfig. qconfigSambaAIX qconfig
: printcap name = /etc/printcap
: printcap name = /etc/myprintcap
print command (S)
,system().,.,,.
%s, %f -
%p -
%J -
%c -
%z -()
%s%f,%p.,,%p.
[global],,.
,().
UNIXnobody.[global]guest account.
shell.,,.';'shell.
print command = echo Printing %s >> /tmp/print.log; lpr -P %p
%s; rm %s
.,printing.
: printing = BSD, AIX, QNX, LPRNG PLP :
print command = lpr -r -P%p %s
printing = SYSV HPUX :
print command = lp -c -d%p %s; rm %s
printing = SOFTQ :
print command = lp -d%p -s %s; rm %s
printing = CUPS :
Samba libcups, printcap=cupsCUPS API-orawSystemVlp -c -d%p -o
raw; rm %s.printing = cups, Sambalibcups
: print command = /usr/local/samba/bin/myprintscript %p %s
printer (S)
printer name
printer admin (S)
This is a list of users that can do anything to printers via the
remote administration interfaces offered by MS-RPC (usually
using a NT workstation). Note that the root user always has
admin rights.
: printer admin = <>
: printer admin = admin, @staff
printer name (S)
.
[global],.
: ( lp )
: printer name = laserwriter
printing (S)
,[global]print command,lpq command,lppause command,lpresume
commandlprm command
,BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ, CUPS
,testparm(1).
.
[printers]
print ok (S)
printable
private dir (G)
This parameters defines the directory smbd will use for storing
such files as smbpasswd and secrets.tdb.
Default :private dir = ${prefix}/private
profile acls (S)
This boolean parameter controls whether smbd(8) This boolean
parameter was added to fix the problems that people have been
having with storing user profiles on Samba shares from Windows
2000 or Windows XP clients. New versions of Windows 2000 or
Windows XP service packs do security ACL checking on the owner
and ability to write of the profile directory stored on a local
workstation when copied from a Samba share.
When not in domain mode with winbindd then the security info
copied onto the local workstation has no meaning to the logged
in user (SID) on that workstation so the profile storing fails.
Adding this parameter onto a share used for profile storage
changes two things about the returned Windows ACL. Firstly it
changes the owner and group owner of all reported files and
directories to be BUILTIN\\Administrators, BUILTIN\\Users
respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly it adds
an ACE entry of "Full Control" to the SID BUILTIN\\Users to
every returned ACL. This will allow any Windows 2000 or XP
workstation user to access the profile.
Note that if you have multiple users logging on to a workstation
then in order to prevent them from being able to access each
others profiles you must remove the "Bypass traverse checking"
advanced user right. This will prevent access to other users
profile directories as the top level profile directory (named
after the user) is created by the workstation profile code and
has an ACL restricting entry to the directory tree to the owning
user.
: profile acls = no
protocol (G)
max protocol
public (S)
guest ok
queuepause command (S)
.
,,.
Windows for Workgroups,Windows 95NT.
%p..
,,PATH.
: printing
: queuepause command = disable %p
queueresume command (S)
.( queuepause command).
,,.
Windows for Workgroups,Windows 95NT.
%p..
,,PATH.
: printing
: queuepause command = enable %p
read bmpx (G)
smbd(8)""(Read Block Multiplex)SMB.,no..
: read bmpx = no
read list (S)
.,,read only. invalid users .
write list invalid users
: read list = <>
: read list = mary, @students
read only (S)
writeable .
yes,
(printable = yes) ().
: read only = yes
read raw (G)
SMB.
,65535 65535..
,(),,.
,.write raw.
: read raw = yes
read size (G)
//.SMB(SMBwrite,SMBwriteXSMBreadbraw),SMBreadbraw,.
,,,.
16384,,,.65536,.
: read size = 16384
: read size = 8192
realm (G)
This option specifies the kerberos realm to use. The realm is
used as the ADS equivalent of the NT4 domain. It is usually set
to the DNS name of the kerberos server.
: realm =
: realm = mysambabox.mycompany.com
remote announce (G)
nmbd(8)IP.
samba,.IP.
:
remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF
nmbd IP.IP,workgroup.
IP,IP.
: remote announce = <>
remote browse sync (G)
nmbd(8)(remote segment)Samba..Samba
This is useful if you want your Samba server and all local
clients to appear in a remote workgroup for which the normal
browse propagation rules don't work. The remote workgroup can be
anywhere that you can send IP packets to.
:
remote browse sync = 192.168.2.255 192.168.4.255
nmbd
IP,IP.IP,, samba
: remote browse sync = <>
restrict anonymous (G)
Windows2000
NTHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous
012Windows2000/XPSambaM$
The security advantage of using restrict anonymous = 1 is
dubious, as user and group list information can be obtained
using other means.
The security advantage of using restrict anonymous = 2 is
removed by setting guest ok = yes on any share.
: restrict anonymous = 0
root (G)
root directory"
root dir (G)
root directory" .
root directory (G)
chroot()() .,.,.(wide links)"..".
root directory,"/",,.root directory,.,root directory.
/etc/passwd,,.,.
: root directory = /
: root directory = /homes/smb
root postexec (S)
postexec,root.,.
postexec.
: root postexec = <>
root preexec (S)
preexec,root.,.
preexec preexec close .
: root preexec = <>
root preexec close (S)
preexec close ,root.
preexec preexec close.
: root preexec close = no
security (G)
smb.conf,Samba.
""smbd(8) .().
security = user,Windows 98Windows NT.
security = share, security = server security = domain .
2.0.0Samba, security = share
WfWg,,WfWg"connect drive".WfWgSamba.
UNIX,security = user.UNIXsecurity = share.
()security=share..security=userguest,map to guest.
smbd(hybrid),NetBIOS aliases.
.
SECURITY = SHARE
,(WIN95/95NTsecurity = share ,).,().
smbd UNIX, security = share .
,,smbdUNIX.
UNIX
guest only,guest account.
,( - username map).
logon (SessionSetup SMB)SMB.
.
NetBIOS.
user.
guest only,.UNIX.
guest only,guest account,,.
,UNIX.
NOTE ABOUT USERNAME/PASSWORD VALIDATION.
SECURITY = USER samba2.0/3.0.,(username map)"".(encrypted
passwords).userguest only,UNIX,.
,,.guest account,.map to guest.
NOTE ABOUT USERNAME/PASSWORD VALIDATION.
SECURITY = DOMAIN
net(8)Windows NT,.encrypted
passwordsyes.Samba/WindowsNTWindowsNT
,UNIXSambaUNIX
,,security=domainsecurity=user. ..
,,.guest account,.map to guest
NOTE ABOUT USERNAME/PASSWORD VALIDATION .
password server parameter encrypted passwords
SECURITY = SERVER
Samba/SMB,NT,.security = user,encrypted passwords
yes,sambaUNIX,smbpasswd.Samba HOWTO Collection User Database
This mode of operation has significant pitfalls, due to the fact
that is activly initiates a man-in-the-middle attack on the
remote SMB server. In particular, this mode of operation can
cause significant resource consuption on the PDC, as it must
maintain an active connection for the duration of the user's
session. Furthermore, if this connection is lost, there is no
way to reestablish it, and futher authenticaions to the Samba
server may fail. (From a single client, till it disconnects).
,,security=serversecurity=user...
,,.guest account,. map to guest.
NOTE ABOUT USERNAME/PASSWORD VALIDATION .
password server parameter encrypted passwords
SECURITY = ADS
In this mode, Samba will act as a domain member in an ADS realm.
To operate in this mode, the machine running Samba will need to
have Kerberos installed and configured and Samba will need to be
joined to the ADS realm using the net utility.
Note that this mode does NOT make Samba operate as a Active
Directory Domain Controller.
Read the chapter about Domain Membership in the HOWTO for
details.
ads server parameter, the realm paramter encrypted passwords
: security = USER
: security = DOMAIN
security mask (S)
NTNTUNIX. This parameter controls what UNIX permission bits can
be modified when a Windows NT client is manipulating the UNIX
permission on a file using the native NT security dialog box.
'',.0. This parameter is applied as a mask (AND'ed with) to the
changed permission bits, thus preventing any bits not in this
mask from being modified. Essentially, zero bits in this mask
may be treated as a set of bits the user is not allowed to
change.
,0777user/group/world.
,Samba,.0777.
force directory security mode, directory security mask, force
security mode .
: security mask = 0777
: security mask = 0770
server schannel (G)
This controls whether the server offers or even demands the use
of the netlogon schannel. server schannel = no does not offer
the schannel, server schannel = auto offers the schannel but
does not enforce it, and server schannel = yes denies access if
the client is not able to speak netlogon schannel. This is only
the case for Windows NT4 before SP4.
Please note that with this set to no you will have to apply the
WindowsXP requireSignOrSeal-Registry patch found in the
docs/Registry subdirectory.
: server schannel = auto
: server schannel = yes
server signing (G)
This controls whether the server offers or requires the client
it talks to to use SMB signing. Possible values are auto,
mandatory and disabled.
When set to auto, SMB signing is offered, but not enforced. When
set to mandatory, SMB signing is required and if set to
disabled, SMB signing is not offered either.
: client signing = False
server string (G)
net view()IPC..
.
%v Samba
%h
: server string = Samba %v
: server string = University of GNUs Samba Server
set directory (S)
set directory = nosetdir.
setdirDigital Pathworks.Pathworks.
: set directory = no
set primary group script (G)
Thanks to the Posix subsystem in NT a Windows User has a primary
group in addition to the auxiliary groups. This script sets the
primary group in the unix userdatase when an administrator sets
the primary group from the windows user manager or when fetching
a SAM with net rpc vampire. %u will be replaced with the user
whose primary group is to be set. %g will be replaced with the
group to set.
: No default value
: set primary group script = /usr/sbin/usermod -g '%g' '%u'
set quota command (G)
The set quota command should only be used whenever there is no
operating system API available from the OS that samba can use.
This parameter should specify the path to a script that can set
quota for the specified arguments.
The specified script should take the following arguments:
1 - quota type .TP 3 o 1 - user quotas .TP o 2 - user default
quotas (uid = -1) .TP o 3 - group quotas .TP o 4 - group default
quotas (gid = -1) .LP
2 - id (uid for user, gid for group, -1 if N/A)
3 - quota state (0 = disable, 1 = enable, 2 = enable and
enforce)
4 - block softlimit
5 - block hardlimit
6 - inode softlimit
7 - inode hardlimit
8(optional) - block size, defaults to 1024
The script should output at least one line of data.
get quota command
: set quota command =
: set quota command = /usr/local/sbin/set_quota
share modes (S)
share modes..
UNIX,UNIX().
DENY_DOS, DENY_ALL, DENY_READ,DENY_WRITE, DENY_NONE DENY_FCB.
.
Windows
: share modes = yes
short preserve case (S)
8.3(),default case .preserve case = yes,
NAME MANGLING .
: short preserve case = yes
show add printer wizard (G)
With the introduction of MS-RPC based printing support for
Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
appear on Samba hosts in the share listing. Normally this folder
will contain an icon for the MS Add Printer Wizard (APW).
However, it is possible to disable this feature regardless of
the level of privilege of the connected user.
Under normal circumstances, the Windows NT/2000 client will open
a handle on the printer server with OpenPrinterEx() asking for
Administrator privileges. If the user does not have
administrative access on the print server (i.e is not root or a
member of the printer admin group), the OpenPrinterEx() call
fails and the client makes another open call with a request for
a lower privilege level. This should succeed, however the APW
icon will not be displayed.
Disabling the show add printer wizard parameter will always
cause the OpenPrinterEx() on the server to fail. Thus the APW
icon will never be displayed. Note :This does not prevent the
same user from having administrative privilege on an individual
printer.
addprinter command, deleteprinter command, printer admin
Default :show add printer wizard = yes
shutdown script (G)
This parameter only exists in the HEAD cvs branch This a full
path name to a script called by smbd(8) that should start a
shutdown procedure.
This command will be run as the user connected to the server.
%m %t %r %f parameters are expanded:
%m will be substituted with the shutdown message sent to the
server.
%t will be substituted with the number of seconds to wait before
effectively starting the shutdown procedure.
%r will be substituted with the switch -r. It means reboot after
shutdown for NT.
%f will be substituted with the switch -f. It means force the
shutdown even if applications do not respond for NT.
: None.
: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f
Shutdown script example:
#!/bin/bash
$time=0
let "time/60"
let "time++"
/sbin/shutdown $3 $4 +$time $1 &
Shutdown does not return so we need to launch it in background.
abort shutdown script.
smb passwd file (G)
smbpasswd.samba.
: smb passwd file = ${prefix}/private/smbpasswd
: smb passwd file = /etc/samba/smbpasswd
smb ports (G)
Specifies which ports the server should listen on for SMB
traffic.
: smb ports = 445 139
socket address (G)
samba..samba.
By default Samba will accept connections on any address.
: socket address = 192.168.2.20
socket options (G)
.
.
samba.samba,.(man setsockopt).
samba"Unknown socket option".includes.h.samba-bugs@samba.org.
,.
SO_KEEPALIVE
SO_REUSEADDR
SO_BROADCAST
TCP_NODELAY
IPTOS_LOWDELAY
IPTOS_THROUGHPUT
SO_SNDBUF *
SO_RCVBUF *
SO_SNDLOWAT *
SO_RCVLOWAT *
'*'.10,10.
"SOME_OPTION=VALUE"SO_SNDBUF=8192.,"=".
,
socket options = IPTOS_LOWDELAY
socket options = IPTOS_LOWDELAY TCP_NODELAY
,IPTOS_THROUGHPU.
samba.
: socket options = TCP_NODELAY
: socket options = IPTOS_LOWDELAY
source environment (G)
This parameter causes Samba to set environment variables as per
the content of the file named.
If the value of this parameter starts with a "|" character then
Samba will treat that value as a pipe command to open and will
set the environment variables from the output of the pipe.
The contents of the file or the output of the pipe should be
formatted as the output of the standard Unix env(1) command.
This is of the form:
Example environment entry:
SAMBA_NETBIOS_NAME = myhostname
: No default value
Examples: source environment = |/etc/smb.conf.sh
: source environment = /usr/local/smb_env_vars
stat cache (G)
smbd(8)..
: stat cache = yes
strict allocate (S)
This is a boolean that controls the handling of disk space
allocation in the server. When this is set to yes the server
will change from UNIX behaviour of not committing real disk
storage blocks when a file is extended to the Windows behaviour
of actually forcing the disk system to allocate real storage
blocks when a file is created or extended to be a given size. In
UNIX terminology this means that Samba will stop creating sparse
files. This can be slow on some systems.
When strict allocate is no the server does sparse disk block
allocation when a file is extended.
Setting this to yes can help Samba return out of quota messages
on systems that are restricting the disk quota of users.
: strict allocate = no
strict locking (S)
.yes,,..
strict locking,.
,strict locking = no.
: strict locking = no
strict sync (S)
Windows(Windows 98).UNIX,,.,.no ()smbd(8)
Windows.Samba,.,Windows98.
sync always
: strict sync = no
sync always (S)
.no().yesfsync() .strict syncyes.
strict sync
: sync always = no
syslog (G)
sambasyslog.0syslogLOG_ERR,1 LOG_WARNING,2LOG_NOTICE,3LOG_INFO.
LOG_DEBUG.
syslog.syslog.
: syslog = 1
syslog only (G)
sambasyslog,.
: syslog only = no
template homedir (G)
When filling out the user information for a Windows NT user, the
winbindd(8) daemon uses this parameter to fill in the home
directory for that user. If the string %D is present it is
substituted with the user's Windows NT domain name. If the
string %U is present it is substituted with the user's Windows
NT user name.
: template homedir = /home/%D/%U
template primary group (G)
This option defines the default primary group for each user
created by winbindd(8)'s local account management functions
(similar to the 'add user script').
: template primary group = nobody
template shell (G)
When filling out the user information for a Windows NT user, the
winbindd(8) daemon uses this parameter to fill in the login
shell for that user.
: template shell = /bin/false
time offset (G)
GMT..
: time offset = 0
: time offset = 60
time server (G)
nmbd(8) Windows.
: time server = no
timestamp logs (G)
debug timestamp .
unicode (G)
Specifies whether Samba should try to use unicode on the wire by
default. Note: This does NOT mean that samba will assume that
the unix machine uses unicode!
: unicode = yes
unix charset (G)
Specifies the charset the unix machine Samba runs on uses. Samba
needs to know this in order to be able to convert text to the
charsets other SMB clients use.
: unix charset = UTF8
: unix charset = ASCII
unix extensions (G)
This boolean parameter controls whether Samba implments the CIFS
UNIX extensions, as defined by HP. These extensions enable Samba
to better serve UNIX CIFS clients by supporting features such as
symbolic links, hard links, etc... These extensions require a
similarly enabled client, and are of no current use to Windows
clients.
: unix extensions = yes
unix password sync (G)
sambasmbpasswdSMBSMBUNIX.yesrootpasswd program - UNIXUNIX(SMB).
passwd program, passwd chat.
: unix password sync = no
update encrypted (G)
smbpasswd ().( UNIX)(SMB/ )smbpasswd. .smbpasswd ,no.
,yes encrypt passwordsno .
,smbd,(smbpasswd).
: update encrypted = no
use client driver (S)
This parameter applies only to Windows NT/2000 clients. It has
no effect on Windows 95/98/ME clients. When serving a printer to
Windows NT/2000 clients without first installing a valid printer
driver on the Samba host, the client will be required to install
a local printer driver. From this point on, the client will
treat the print as a local printer and not a network printer
connection. This is much the same behavior that will occur when
disable spoolss = yes.
The differentiating factor is that under normal circumstances,
the NT/2000 client will attempt to open the network printer
using MS-RPC. The problem is that because the client considers
the printer to be local, it will attempt to issue the
OpenPrinterEx() call requesting access rights associated with
the logged on user. If the user possesses local administator
rights but not root privilegde on the Samba host (often the
case), the OpenPrinterEx() call will fail. The result is that
the client will now display an "Access Denied; Unable to
connect" message in the printer queue window (even though jobs
may successfully be printed).
If this parameter is enabled for a printer, then any attempt to
open the printer with the PRINTER_ACCESS_ADMINISTER right is
mapped to PRINTER_ACCESS_USE instead. Thus allowing the
OpenPrinterEx() call to succeed. This parameter MUST not be able
enabled on a print share which has valid print driver installed
on the Samba server.
disable spoolss
: use client driver = no
use mmap (G)
This global parameter determines if the tdb internals of Samba
can depend on mmap working correctly on the running system.
Samba requires a coherent mmap/read-write system memory cache.
Currently only HPUX does not have such a coherent cache, and so
this parameter is set to no by default on HPUX. On all other
systems this parameter should be left alone. This parameter is
provided to help the Samba developers track down problems with
the tdb internal code.
: use mmap = yes
user (S)
username
username (S)
().
usernameCOREPLUS UNIXWfWg. ,\\server\share%user.
username,Samba username., . .
sambaUNIX.,Samba ., telnet., .
valid users .
'@'NIS(Samba ),UNIX .
'+'UNIX.
'&'NIS(Samba).
,.
NOTE ABOUT USERNAME/PASSWORD VALIDATION
: guestguest,.
:username = fred, mary, jack, jane, @users, @pcgroup
username level (G)
DOS,samba"" UNIX.,Samba,, UNIX.
0,.UNIX.,,.UNIXAstrangeUser .
: username level = 0
: username level = 5
username map (G)
..DOSWindowsUNIX..
.'='UNIX,.@group,UNIX.'*'.1023.
'='...
'#' ';'.
,'!',.'!'.
admin administratorUNIX root,
root = admin administrator
UNIX systemUNIXsys
sys = @system
.
NIS NETGROUP,/etc/group .
Windows.
tridge = "Andrew Tridgell"
windows"Andrew Tridgell"unix"tridge".
maryfredunixsys,guest.'!'Samba.
!sys = mary fred
guest = *
.\\server\fred fred mary,\\server\mary"mary fred., password
server()..
..,WfWg.
: no username map
: username map = /usr/local/samba/lib/users.map
users (S)
username .
use sendfile (S)
If this parameter is yes, and Samba was built with the --with-
sendfile-support option, and the underlying operating system
supports sendfile system call, then some SMB read calls (mainly
ReadAndX and ReadRaw) will use the more efficient sendfile
system call for files that are exclusively oplocked. This may
make more efficient use of the system CPU's and cause Samba to
be faster. This is off by default as it's effects are unknown as
yet.
: use sendfile = no
use spnego (G)
This variable controls controls whether samba will try to use
Simple and Protected NEGOciation (as specified by rfc2478) with
WindowsXP and Windows2000 clients to agree upon an
authentication mechanism. Unless further issues are discovered
with our SPNEGO implementation, there is no reason this should
ever be disabled.
: use spnego = yes
utmp (G)
This boolean parameter is only available if Samba has been
configured and compiled with the option --with-utmp. If set to
yes then Samba will attempt to add utmp or utmpx records
(depending on the UNIX system) whenever a connection is made to
a Samba server. Sites may use this to record the user connecting
to a Samba share.
Due to the requirements of the utmp record, we are required to
create a unique identifier for the incoming user. Enabling this
option creates an n^2 algorithm to find this number. This may
impede performance on large installations.
utmp directory
: utmp = no
utmp directory (G)
This parameter is only available if Samba has been configured
and compiled with the option --with-utmp. It specifies a
directory pathname that is used to store the utmp or utmpx files
(depending on the UNIX system) that record user connections to a
Samba server. utmp By default this is not set, meaning the
system will use whatever utmp file the native system is set to
use (usually /var/run/utmp on Linux).
: no utmp directory
: utmp directory = /var/run/utmp
-valid (S)
This parameter indicates whether a share is valid and thus can
be used. When this parameter is set to false, the share will be
in no way visible nor accessible.
This option should not be used by regular users but might be of
help to developers. Samba uses this option internally to mark
shares as deleted.
: True
valid users (S)
.'@','+''&'invalid users .
().invalid users,.
%S . [homes].
invalid users
: ()
: valid users = greg, @pcusers
veto files (S)
.'/',.DOS'*''?'.
UNIX,DOS, UNIX'/'.
case sensitive.
: Sambaveto filesdelete veto files yes.
Samba,.
hide files case sensitive.
: .
:
; 'Security'
; .tmp,'root'
veto files = /*Security*/*.tmp/*root*/
; NetAtalkApple
veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
veto oplock files (S)
oplocks.Sambaoplocks,,veto files .
: oplocks
.NetBench SMB,.SEM.Sambaoplocks,[global]NetBench
: veto oplock files = /*.SEM/
vfs object (S)
vfs objects .
vfs objects (S)
This parameter specifies the backend names which are used for
Samba VFS I/O operations. By default, normal disk I/O operations
are used but these can be overloaded with one or more VFS
objects.
: no value
: vfs objects = extd_audit recycle
volume (S)
...
:
wide links (S)
UNIX..
,samba.
: wide links = yes
winbind cache time (G)
This parameter specifies the number of seconds the winbindd(8)
daemon will cache user and group information before querying a
Windows NT server again.
: winbind cache type = 300
winbind enable local accounts (G)
This parameter controls whether or not winbindd will act as a
stand in replacement for the various account management hooks in
smb.conf (e.g. 'add user script'). If enabled, winbindd will
support the creation of local users and groups as another source
of UNIX account information available via getpwnam() or
getgrgid(), etc...
: winbind enable local accounts = yes
winbind enum groups (G)
On large installations using winbindd(8) it may be necessary to
suppress the enumeration of groups through the setgrent(),
getgrent() and endgrent() group of system calls. If the winbind
enum groups parameter is no, calls to the getgrent() system call
will not return any data.
Warning: Turning off group enumeration may cause some programs
to behave oddly.
: winbind enum groups = yes
winbind enum users (G)
On large installations using winbindd(8) it may be necessary to
suppress the enumeration of users through the setpwent(),
getpwent() and endpwent() group of system calls. If the winbind
enum users parameter is no, calls to the getpwent system call
will not return any data.
Warning: Turning off user enumeration may cause some programs to
behave oddly. For example, the finger program relies on having
access to the full user list when searching for matching
usernames.
: winbind enum users = yes
winbind gid (G)
This parameter is now an alias for idmap gid
The winbind gid parameter specifies the range of group ids that
are allocated by the winbindd(8) daemon. This range of group ids
should have no existing local or NIS groups within it as strange
conflicts can occur otherwise.
: winbind gid = <>
: winbind gid = 10000-20000
winbind separator (G)
This parameter allows an admin to define the character used when
listing a username of the form of DOMAIN \user. This parameter
is only applicable when using the pam_winbind.so and
nss_winbind.so modules for UNIX services.
Please note that setting this parameter to + causes problems
with group membership at least on glibc systems, as the
character + is used as a special character for NIS in
/etc/group.
: winbind separator = ''
: winbind separator = +
winbind trusted domains only (G)
This parameter is designed to allow Samba servers that are
members of a Samba controlled domain to use UNIX accounts
distributed vi NIS, rsync, or LDAP as the uid's for winbindd
users in the hosts primary domain. Therefore, the user
'SAMBA\user1' would be mapped to the account 'user1' in
/etc/passwd instead of allocating a new uid for him or her.
: winbind trusted domains only = <no>
winbind uid (G)
This parameter is now an alias for idmap uid
The winbind gid parameter specifies the range of user ids that
are allocated by the winbindd(8) daemon. This range of ids
should have no existing local or NIS users within it as strange
conflicts can occur otherwise.
: winbind uid = <>
: winbind uid = 10000-20000
winbind use default domain (G)
This parameter specifies whether the winbindd(8) daemon should
operate on users without domain component in their username.
Users without a domain component are treated as is part of the
winbindd server's own domain. While this does not benifit
Windows users, it makes SSH, FTP and e-mail function in a way
much closer to the way they would in a native unix system.
: winbind use default domain = <no>
: winbind use default domain = yes
wins hook (G)
SambaWINS,WINS.,DNS.
wins_hook operation name nametype ttl IP_list
opration(),"add""delete""refresh".,.,"refresh",,"add".
netbios.,.,,,.
2netbios.
TTL (time to live).
IP..
BINDDNSnsupdatesamba.
wins partners (G)
A space separated list of partners' IP addresses for WINS
replication. WINS partners are always defined as push/pull
partners as defining only one way WINS replication is
unreliable. WINS replication is currently experimental and
unreliable between samba servers.
: wins partners =
: wins partners = 192.168.0.1 172.16.1.2
wins proxy (G)
nmbd(8) .yes .
: wins proxy = no
wins server (G)
nmbdWINSIP(DNSIP(for preference)).WINS,IP.
,WINS
If you want to work in multiple namespaces, you can give every
wins server a 'tag'. For each tag, only one (working) server
will be queried for a name. The tag should be seperated from the
ip address by a colon.
,,SambaWINS.
:
: wins server = mary:192.9.200.1 fred:192.168.3.199
mary:192.168.2.61
For this example when querying a certain name, 192.19.200.1 will
be asked first and if that doesn't respond 192.168.2.61 . If
either of those doesn't know the name 192.168.3.199 will be
queried.
: wins server = 192.9.200.1 192.168.2.61
wins support (G)
nmbd(8)WINS.yes,nmbdWINS.WINSyes.
: wins support = no
workgroup (G)
Samba.security = domain.
: WORKGROUP
: workgroup = MYGROUP
writable (S)
writeable :-)
writeable (S)
read only .
write cache size (S)
If this integer parameter is set to non-zero value, Samba will
create an in-memory cache for each oplocked file (it does not do
this for non-oplocked files). All writes that the client does
not request to be flushed directly to disk will be stored in
this cache if possible. The cache is flushed onto disk when a
write comes in whose offset would not fit into the cache or when
the file is closed by the client. Reads for the file are also
served from this cache if the data is stored within it.
This cache allows Samba to batch client writes into a more
efficient write size for RAID disks (i.e. writes may be tuned to
be the RAID stripe size) and can improve performance on systems
where the disk subsystem is a bottleneck but there is free
memory for userspace programs.
The integer parameter specifies the size of this cache (per
oplocked file) in bytes.
: write cache size = 0
: write cache size = 262144
for a 256k cache size per file.
write list (S)
.,,read only.@group.
.
read list
: write list = <>
: write list = admin, root, @staff
write ok (S)
read only .
write raw (G)
SMB..
: write raw = yes
wtmp directory (G)
This parameter is only available if Samba has been configured
and compiled with the option --with-utmp. It specifies a
directory pathname that is used to store the wtmp or wtmpx files
(depending on the UNIX system) that record user connections to a
Samba server. The difference with the utmp directory is the fact
that user info is kept after a user has logged out.
utmp By default this is not set, meaning the system will use
whatever utmp file the native system is set to use (usually
/var/run/wtmp on Linux).
: no wtmp directory
: wtmp directory = /var/log/wtmp
WARNINGS
,., - .
,DOS,8. smbd(8),,.8.
[homes] [printers],...
VERSION
samba3.0
SEE ALSO
samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1),
nmblookup(1), testparm(1), testprns(1).
AUTHOR
sambaAndrew TridgellsambaSamba Team linux
samba Karl Auer YODL(ftp://ftp.ice.rug.nl/pub/unix)Jeremy Sllison
Samba2.0 Gerald Carter Samba2.2DocBook Alexander Bokovoy Samba
3.0DocBook XML4.2
[]
meaculpa <meaculpa@21cn.com>
[]
2000/12/08
linuxman:
http://cmpp.linuxforum.net
SMB.CONF(5)