diff options
Diffstat (limited to 'docs-xml/smbdotconf/protocol')
32 files changed, 680 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml new file mode 100644 index 00000000000..69162617596 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml @@ -0,0 +1,30 @@ +<samba:parameter name="acl check permissions" + context="S" + type="boolean" + advanced="1" wizard="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls what <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>does on receiving a protocol request of "open for delete" + from a Windows client. If a Windows client doesn't have permissions to delete a file then they + expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by + actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a + delete request by unsetting the "delete on close" bit Samba cannot delete the file immediately + on "open for delete" request as we cannot restore such a deleted file. With this parameter set to + true (the default) then smbd checks the file system permissions directly on "open for delete" and denies the + request without actually deleting the file if the file system permissions would seem to deny it. + This is not perfect, as it's possible a user could have deleted a file without Samba being able to + check the permissions correctly, but it is close enough to Windows semantics for mostly correct + behaviour. Samba will correctly check POSIX ACL semantics in this case. + </para> + <para>If this parameter is set to "false" Samba doesn't check permissions on "open for delete" + and allows the open. If the user doesn't have permission to delete the file this will only be + discovered at close time, which is too late for the Windows user tools to display an error message + to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing + on a Windows explorer refersh. This is an extremely advanced protocol option which should not + need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version + with slightly different semantics was introduced in 3.0.20. That older version is not documented here. + </para> +</description> +<value type="default">True</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml new file mode 100644 index 00000000000..c38ac3cfbfa --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml @@ -0,0 +1,17 @@ +<samba:parameter name="acl map full control" + context="S" + type="boolean" + advanced="1" wizard="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum + allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX + ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any + POSIX ACE entry of "rwx" will be returned as the specific Windows ACL bits representing read, write and + execute. + </para> +</description> +<value type="default">True</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/announceas.xml b/docs-xml/smbdotconf/protocol/announceas.xml new file mode 100644 index 00000000000..88914961941 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/announceas.xml @@ -0,0 +1,21 @@ +<samba:parameter name="announce as" + context="G" + type="string" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse + list. By default this is set to Windows NT. The valid options + are : "NT Server" (which can also be written as "NT"), + "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, + Windows NT Workstation, Windows 95 and Windows for Workgroups + respectively. Do not change this parameter unless you have a + specific need to stop Samba appearing as an NT server as this + may prevent Samba servers from participating as browser servers + correctly.</para> +</description> + +<value type="default">NT Server</value> +<value type="example">Win95</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/announceversion.xml b/docs-xml/smbdotconf/protocol/announceversion.xml new file mode 100644 index 00000000000..ecdcd4c7349 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/announceversion.xml @@ -0,0 +1,14 @@ +<samba:parameter name="announce version" + context="G" + developer="1" + type="string" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This specifies the major and minor version numbers + that nmbd will use when announcing itself as a server. The default + is 4.9. Do not change this parameter unless you have a specific + need to set a Samba server to be a downlevel server.</para> +</description> +<value type="default">4.9</value> +<value type="example">2.0</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientusespnego.xml b/docs-xml/smbdotconf/protocol/clientusespnego.xml new file mode 100644 index 00000000000..c688a656f4f --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientusespnego.xml @@ -0,0 +1,15 @@ +<samba:parameter name="client use spnego" + context="G" + type="boolean" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> This variable controls whether Samba clients will try + to use Simple and Protected NEGOciation (as specified by rfc2478) with + supporting servers (including WindowsXP, Windows2000 and Samba + 3.0) to agree upon an authentication + mechanism. This enables Kerberos authentication in particular.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/defersharingviolations.xml b/docs-xml/smbdotconf/protocol/defersharingviolations.xml new file mode 100644 index 00000000000..f54916c7765 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/defersharingviolations.xml @@ -0,0 +1,26 @@ +<samba:parameter name="defer sharing violations" + context="G" + type="boolean" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + Windows allows specifying how a file will be shared with + other processes when it is opened. Sharing violations occur when + a file is opened by a different process using options that violate + the share settings specified by other processes. This parameter causes + smbd to act as a Windows server does, and defer returning a "sharing + violation" error message for up to one second, allowing the client + to close the file causing the violation in the meantime. + </para> + + <para>UNIX by default does not have this behaviour.</para> + + <para> + There should be no reason to turn off this parameter, as it is + designed to enable Samba to more correctly emulate Windows. + </para> +</description> + +<value type="default">True</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/disablenetbios.xml b/docs-xml/smbdotconf/protocol/disablenetbios.xml new file mode 100644 index 00000000000..e78cb8c4f7c --- /dev/null +++ b/docs-xml/smbdotconf/protocol/disablenetbios.xml @@ -0,0 +1,16 @@ +<samba:parameter name="disable netbios" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Enabling this parameter will disable netbios support + in Samba. Netbios is the only available form of browsing in + all windows versions except for 2000 and XP. </para> + + <note><para>Clients that only support netbios won't be able to + see your samba server when netbios support is disabled. + </para></note> +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/easupport.xml b/docs-xml/smbdotconf/protocol/easupport.xml new file mode 100644 index 00000000000..ba210fdac7e --- /dev/null +++ b/docs-xml/smbdotconf/protocol/easupport.xml @@ -0,0 +1,17 @@ +<samba:parameter name="ea support" + context="S" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will allow clients to attempt to store OS/2 style Extended + attributes on a share. In order to enable this parameter the underlying filesystem exported by + the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the + correct kernel patches). On Linux the filesystem must have been mounted with the mount + option user_xattr in order for extended attributes to work, also + extended attributes must be compiled into the Linux kernel.</para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/enableasusupport.xml b/docs-xml/smbdotconf/protocol/enableasusupport.xml new file mode 100644 index 00000000000..cd4f30fb8d6 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/enableasusupport.xml @@ -0,0 +1,17 @@ +<samba:parameter name="enable asu support" + context="G" + advanced="1" developer="1" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Hosts running the "Advanced Server for Unix (ASU)" product + require some special accomodations such as creating a builting [ADMIN$] + share that only supports IPC connections. The has been the default + behavior in smbd for many years. However, certain Microsoft applications + such as the Print Migrator tool require that the remote server support + an [ADMIN$} file share. Disabling this parameter allows for creating + an [ADMIN$] file share in smb.conf.</para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/eventloglist.xml b/docs-xml/smbdotconf/protocol/eventloglist.xml new file mode 100644 index 00000000000..e98559bc179 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/eventloglist.xml @@ -0,0 +1,22 @@ +<samba:parameter name="eventlog list" + type="string" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option defines a list of log names that Samba will + report to the Microsoft EventViewer utility. The listed + eventlogs will be associated with tdb file on disk in the + <filename>$(lockdir)/eventlog</filename>. + </para> + + <para> + The administrator must use an external process to parse the normal + Unix logs such as <filename>/var/log/messages</filename> + and write then entries to the eventlog tdb files. Refer to the + eventlogadm(8) utility for how to write eventlog entries. + </para> +</description> + +<value type="default"/> +<value type="example">Security Application Syslog Apache</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/largereadwrite.xml b/docs-xml/smbdotconf/protocol/largereadwrite.xml new file mode 100644 index 00000000000..12be741322e --- /dev/null +++ b/docs-xml/smbdotconf/protocol/largereadwrite.xml @@ -0,0 +1,18 @@ +<samba:parameter name="large readwrite" + context="G" + type="boolean" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter determines whether or not + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> supports the new 64k + streaming read and write varient SMB requests introduced with + Windows 2000. Note that due to Windows 2000 client redirector bugs + this requires Samba to be running on a 64-bit capable operating + system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve + performance by 10% with Windows 2000 clients. Defaults to on. Not as + tested as some other Samba code paths.</para> +</description> +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/mapaclinherit.xml b/docs-xml/smbdotconf/protocol/mapaclinherit.xml new file mode 100644 index 00000000000..ef0b4eb6d6e --- /dev/null +++ b/docs-xml/smbdotconf/protocol/mapaclinherit.xml @@ -0,0 +1,17 @@ +<samba:parameter name="map acl inherit" + context="S" + type="boolean" + advanced="1" wizard="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected' + access control entry flags stored in Windows ACLs into an extended attribute + called user.SAMBA_PAI. This parameter only takes effect if Samba is being run + on a platform that supports extended attributes (Linux and IRIX so far) and + allows the Windows 2000 ACL editor to correctly use inheritance with the Samba + POSIX ACL mapping code. + </para> +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxmux.xml b/docs-xml/smbdotconf/protocol/maxmux.xml new file mode 100644 index 00000000000..71998c974fc --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxmux.xml @@ -0,0 +1,13 @@ +<samba:parameter name="max mux" + context="G" + advanced="1" developer="1" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls the maximum number of + outstanding simultaneous SMB operations that Samba tells the client + it will allow. You should never need to set this parameter.</para> +</description> + +<value type="default">50</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxprotocol.xml b/docs-xml/smbdotconf/protocol/maxprotocol.xml new file mode 100644 index 00000000000..e785909147d --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxprotocol.xml @@ -0,0 +1,48 @@ +<samba:parameter name="max protocol" + context="G" + type="enum" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The value of the parameter (a string) is the highest + protocol level that will be supported by the server.</para> + + <para>Possible values are :</para> + <itemizedlist> + <listitem> + <para><constant>CORE</constant>: Earliest version. No + concept of user names.</para> + </listitem> + + <listitem> + <para><constant>COREPLUS</constant>: Slight improvements on + CORE for efficiency.</para> + </listitem> + + <listitem> + <para><constant>LANMAN1</constant>: First <emphasis> + modern</emphasis> version of the protocol. Long filename + support.</para> + </listitem> + + <listitem> + <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para> + </listitem> + + <listitem> + <para><constant>NT1</constant>: Current up to date version of the protocol. + Used by Windows NT. Known as CIFS.</para> + </listitem> + </itemizedlist> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> +</description> + +<related>min protocol</related> +<synonym>protocol</synonym> + +<value type="default">NT1</value> +<value type="example">LANMAN1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxttl.xml b/docs-xml/smbdotconf/protocol/maxttl.xml new file mode 100644 index 00000000000..00f735d3a94 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxttl.xml @@ -0,0 +1,14 @@ +<samba:parameter name="max ttl" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> what the default 'time to live' + of NetBIOS names should be (in seconds) when <command moreinfo="none">nmbd</command> is + requesting a name using either a broadcast packet or from a WINS server. You should + never need to change this parameter. The default is 3 days.</para> +</description> +<value type="default">259200</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxwinsttl.xml b/docs-xml/smbdotconf/protocol/maxwinsttl.xml new file mode 100644 index 00000000000..09935cdd9b6 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxwinsttl.xml @@ -0,0 +1,17 @@ +<samba:parameter name="max wins ttl" + type="integer" + context="G" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server + (<smbconfoption name="wins support">yes</smbconfoption>) what the maximum + 'time to live' of NetBIOS names that <command moreinfo="none">nmbd</command> + will grant will be (in seconds). You should never need to change this + parameter. The default is 6 days (518400 seconds).</para> +</description> + +<related>min wins ttl</related> +<value type="default">518400</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxxmit.xml b/docs-xml/smbdotconf/protocol/maxxmit.xml new file mode 100644 index 00000000000..3804ae21e35 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxxmit.xml @@ -0,0 +1,16 @@ +<samba:parameter name="max xmit" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls the maximum packet size + that will be negotiated by Samba. The default is 16644, which + matches the behavior of Windows 2000. A value below 2048 is likely to cause problems. + You should never need to change this parameter from its default value. +</para> +</description> + +<value type="default">16644</value> +<value type="example">8192</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/minprotocol.xml b/docs-xml/smbdotconf/protocol/minprotocol.xml new file mode 100644 index 00000000000..0bec282467c --- /dev/null +++ b/docs-xml/smbdotconf/protocol/minprotocol.xml @@ -0,0 +1,22 @@ +<samba:parameter name="min protocol" + context="G" + type="string" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The value of the parameter (a string) is the + lowest SMB protocol dialect than Samba will support. Please refer + to the <smbconfoption name="max protocol"/> + parameter for a list of valid protocol names and a brief description + of each. You may also wish to refer to the C source code in + <filename moreinfo="none">source/smbd/negprot.c</filename> for a listing of known protocol + dialects supported by clients.</para> + + <para>If you are viewing this parameter as a security measure, you should + also refer to the <smbconfoption name="lanman auth"/> parameter. Otherwise, you should never need + to change this parameter.</para> +</description> + +<value type="default">CORE</value> +<value type="example">NT1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/minreceivefilesize.xml b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml new file mode 100644 index 00000000000..2df6c178db2 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml @@ -0,0 +1,22 @@ +<samba:parameter name="min receivefile size" + type="integer" + context="G" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> +<para>This option changes the behavior of <citerefentry><refentrytitle>smbd</refentrytitle> +<manvolnum>8</manvolnum></citerefentry> when processing SMBwriteX calls. Any incoming +SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will +be passed to any underlying kernel recvfile or splice system call (if there is no such +call Samba will emulate in user space). This allows zero-copy writes directly from network +socket buffers into the filesystem buffer cache, if available. It may improve performance +but user testing is recommended. If set to zero Samba processes SMBwriteX calls in the +normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be +nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</para> +<para>Note this option will have NO EFFECT if set on a SMB signed connection.</para> +<para>The default is zero, which diables this option.</para> +</description> + +<related>min receivefile size</related> +<value type="default">0</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/minwinsttl.xml b/docs-xml/smbdotconf/protocol/minwinsttl.xml new file mode 100644 index 00000000000..38fbd7b0ebb --- /dev/null +++ b/docs-xml/smbdotconf/protocol/minwinsttl.xml @@ -0,0 +1,16 @@ +<samba:parameter name="min wins ttl" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> + when acting as a WINS server (<smbconfoption name="wins support">yes</smbconfoption>) what the minimum 'time to live' + of NetBIOS names that <command moreinfo="none">nmbd</command> will grant will be (in + seconds). You should never need to change this parameter. The default + is 6 hours (21600 seconds).</para> +</description> + +<value type="default">21600</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml new file mode 100644 index 00000000000..9b1ad075b13 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml @@ -0,0 +1,70 @@ +<samba:parameter name="name resolve order" + context="G" + type="list" + advanced="1" wizard="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option is used by the programs in the Samba + suite to determine what naming services to use and in what order + to resolve host names to IP addresses. Its main purpose to is to + control how netbios name resolution is performed. The option takes a space + separated string of name resolution options.</para> + + <para>The options are: "lmhosts", "host", + "wins" and "bcast". They cause names to be + resolved as follows:</para> + + <itemizedlist> + <listitem> + <para> + <constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then + any name type matches for lookup. + </para> + </listitem> + + <listitem> + <para> + <constant>host</constant> : Do a standard host name to IP address resolution, using the system + <filename moreinfo="none">/etc/hosts </filename>, NIS, or DNS lookups. This method of name resolution is + operating system depended for instance on IRIX or Solaris this may be controlled by the <filename + moreinfo="none">/etc/nsswitch.conf</filename> file. Note that this method is used only if the NetBIOS name + type being queried is the 0x20 (server) name type or 0x1c (domain controllers). The latter case is only + useful for active directory domains and results in a DNS query for the SRV RR entry matching + _ldap._tcp.domain. + </para> + </listitem> + + <listitem> + <para><constant>wins</constant> : Query a name with + the IP address listed in the <smbconfoption name="WINSSERVER"><parameter moreinfo="none"> + wins server</parameter></smbconfoption> parameter. If no WINS server has + been specified this method will be ignored.</para> + </listitem> + + <listitem> + <para><constant>bcast</constant> : Do a broadcast on + each of the known local interfaces listed in the <smbconfoption name="interfaces"/> + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet.</para> + </listitem> +</itemizedlist> + + <para>The example below will cause the local lmhosts file to be examined + first, followed by a broadcast attempt, followed by a normal + system hostname lookup.</para> + + <para>When Samba is functioning in ADS security mode (<command moreinfo="none">security = ads</command>) + it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para> + + <para><command moreinfo="none">name resolve order = wins bcast</command></para> + + <para>DC lookups will still be done via DNS, but fallbacks to netbios names will + not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</para> + +</description> + +<value type="default">lmhosts host wins bcast</value> +<value type="example">lmhosts bcast host</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/ntaclsupport.xml b/docs-xml/smbdotconf/protocol/ntaclsupport.xml new file mode 100644 index 00000000000..1e9cedf931d --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntaclsupport.xml @@ -0,0 +1,17 @@ +<samba:parameter name="nt acl support" + context="S" + advanced="1" wizard="1" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will attempt to map + UNIX permissions into Windows NT access control lists. The UNIX + permissions considered are the the traditional UNIX owner and + group permissions, as well as POSIX ACLs set on any files or + directories. This parameter was formally a global parameter in + releases prior to 2.2.2.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/ntpipesupport.xml b/docs-xml/smbdotconf/protocol/ntpipesupport.xml new file mode 100644 index 00000000000..7c310846b2f --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntpipesupport.xml @@ -0,0 +1,16 @@ +<samba:parameter name="nt pipe support" + context="G" + advanced="1" developer="1" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will allow Windows NT + clients to connect to the NT SMB specific <constant>IPC$</constant> + pipes. This is a developer debugging option and can be left + alone.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/ntstatussupport.xml b/docs-xml/smbdotconf/protocol/ntstatussupport.xml new file mode 100644 index 00000000000..4dfc142e2e6 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntstatussupport.xml @@ -0,0 +1,18 @@ +<samba:parameter name="nt status support" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will negotiate NT specific status + support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. + If this option is set to <constant>no</constant> then Samba offers + exactly the same DOS error codes that versions prior to Samba 2.2.3 + reported.</para> + + <para>You should not need to ever disable this parameter.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml new file mode 100644 index 00000000000..1c6f0c9ebf5 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/profileacls.xml @@ -0,0 +1,41 @@ +<samba:parameter name="profile acls" + context="S" + type="boolean" + advanced="1" wizard="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This boolean parameter was added to fix the problems that people have been + having with storing user profiles on Samba shares from Windows 2000 or + Windows XP clients. New versions of Windows 2000 or Windows XP service + packs do security ACL checking on the owner and ability to write of the + profile directory stored on a local workstation when copied from a Samba + share. + </para> + + <para> + When not in domain mode with winbindd then the security info copied + onto the local workstation has no meaning to the logged in user (SID) on + that workstation so the profile storing fails. Adding this parameter + onto a share used for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and group owner + of all reported files and directories to be BUILTIN\\Administrators, + BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly + it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to + every returned ACL. This will allow any Windows 2000 or XP workstation + user to access the profile. + </para> + + <para> + Note that if you have multiple users logging + on to a workstation then in order to prevent them from being able to access + each others profiles you must remove the "Bypass traverse checking" advanced + user right. This will prevent access to other users profile directories as + the top level profile directory (named after the user) is created by the + workstation profile code and has an ACL restricting entry to the directory + tree to the owning user. + </para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/readraw.xml b/docs-xml/smbdotconf/protocol/readraw.xml new file mode 100644 index 00000000000..2ca23075ee9 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/readraw.xml @@ -0,0 +1,26 @@ +<samba:parameter name="read raw" + context="G" + type="boolean" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter controls whether or not the server + will support the raw read SMB requests when transferring data + to clients.</para> + + <para>If enabled, raw reads allow reads of 65535 bytes in + one packet. This typically provides a major performance benefit. + </para> + + <para>However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting larger block + sizes, and for these clients you may need to disable raw reads.</para> + +<para>In general this parameter should be viewed as a system tuning + tool and left severely alone.</para> +</description> + +<value type="default">yes</value> + +<related>write raw</related> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smbports.xml b/docs-xml/smbdotconf/protocol/smbports.xml new file mode 100644 index 00000000000..aaf4919db03 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smbports.xml @@ -0,0 +1,11 @@ +<samba:parameter name="smb ports" + context="G" + type="list" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which ports the server should listen on for SMB traffic.</para> +</description> + +<value type="default">445 139</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/svcctllist.xml b/docs-xml/smbdotconf/protocol/svcctllist.xml new file mode 100644 index 00000000000..660a2800886 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/svcctllist.xml @@ -0,0 +1,22 @@ +<samba:parameter name="svcctl list" + type="string" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option defines a list of init scripts that smbd + will use for starting and stopping Unix services via the Win32 + ServiceControl API. This allows Windows administrators to + utilize the MS Management Console plug-ins to manage a + Unix server running Samba.</para> + + <para>The administrator must create a directory + name <filename>svcctl</filename> in Samba's $(libdir) + and create symbolic links to the init scripts in + <filename>/etc/init.d/</filename>. The name of the links + must match the names given as part of the <parameter>svcctl list</parameter>. + </para> +</description> + +<value type="default"/> +<value type="example">cups postfix portmap httpd</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/timeserver.xml b/docs-xml/smbdotconf/protocol/timeserver.xml new file mode 100644 index 00000000000..93d89183b5a --- /dev/null +++ b/docs-xml/smbdotconf/protocol/timeserver.xml @@ -0,0 +1,13 @@ +<samba:parameter name="time server" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows +clients.</para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml new file mode 100644 index 00000000000..5b4a36a4015 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/unixextensions.xml @@ -0,0 +1,16 @@ +<samba:parameter name="unix extensions" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>This boolean parameter controls whether Samba + implments the CIFS UNIX extensions, as defined by HP. + These extensions enable Samba to better serve UNIX CIFS clients + by supporting features such as symbolic links, hard links, etc... + These extensions require a similarly enabled client, and are of + no current use to Windows clients.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/usespnego.xml b/docs-xml/smbdotconf/protocol/usespnego.xml new file mode 100644 index 00000000000..8fb559c1775 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/usespnego.xml @@ -0,0 +1,19 @@ +<samba:parameter name="use spnego" + context="G" + type="boolean" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This variable controls controls whether samba will try + to use Simple and Protected NEGOciation (as specified by rfc2478) with + WindowsXP and Windows2000 clients to agree upon an authentication mechanism. +</para> + +<para> + Unless further issues are discovered with our SPNEGO + implementation, there is no reason this should ever be + disabled.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/writeraw.xml b/docs-xml/smbdotconf/protocol/writeraw.xml new file mode 100644 index 00000000000..f299fa84836 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/writeraw.xml @@ -0,0 +1,13 @@ +<samba:parameter name="write raw" + context="G" + type="boolean" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter controls whether or not the server + will support raw write SMB's when transferring data from clients. + You should never need to change this parameter.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> |