summaryrefslogtreecommitdiffstats
path: root/docs/htmldocs/smb.conf.5.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/smb.conf.5.html')
-rw-r--r--docs/htmldocs/smb.conf.5.html18059
1 files changed, 0 insertions, 18059 deletions
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html
deleted file mode 100644
index 7c4ff0b3658..00000000000
--- a/docs/htmldocs/smb.conf.5.html
+++ /dev/null
@@ -1,18059 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->smb.conf</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="SMB.CONF"
->smb.conf</A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN5"
-></A
-><H2
->Name</H2
->smb.conf&nbsp;--&nbsp;The configuration file for the Samba suite</DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN8"
-></A
-><H2
->SYNOPSIS</H2
-><P
->The <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file is a configuration
- file for the Samba suite. <TT
-CLASS="FILENAME"
->smb.conf</TT
-> contains
- runtime configuration information for the Samba programs. The
- <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file is designed to be configured and
- administered by the <A
-HREF="swat.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->swat(8)</B
->
- </A
-> program. The complete description of the file format and
- possible parameters held within are here for reference purposes.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN16"
-></A
-><H2
->FILE FORMAT</H2
-><P
->The file consists of sections and parameters. A section
- begins with the name of the section in square brackets and continues
- until the next section begins. Sections contain parameters of the
- form</P
-><P
-><TT
-CLASS="REPLACEABLE"
-><I
->name</I
-></TT
-> = <TT
-CLASS="REPLACEABLE"
-><I
->value
- </I
-></TT
-></P
-><P
->The file is line-based - that is, each newline-terminated
- line represents either a comment, a section name or a parameter.</P
-><P
->Section and parameter names are not case sensitive.</P
-><P
->Only the first equals sign in a parameter is significant.
- Whitespace before or after the first equals sign is discarded.
- Leading, trailing and internal whitespace in section and parameter
- names is irrelevant. Leading and trailing whitespace in a parameter
- value is discarded. Internal whitespace within a parameter value
- is retained verbatim.</P
-><P
->Any line beginning with a semicolon (';') or a hash ('#')
- character is ignored, as are lines containing only whitespace.</P
-><P
->Any line ending in a '\' is continued
- on the next line in the customary UNIX fashion.</P
-><P
->The values following the equals sign in parameters are all
- either a string (no quotes needed) or a boolean, which may be given
- as yes/no, 0/1 or true/false. Case is not significant in boolean
- values, but is preserved in string values. Some items such as
- create modes are numeric.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN28"
-></A
-><H2
->SECTION DESCRIPTIONS</H2
-><P
->Each section in the configuration file (except for the
- [global] section) describes a shared resource (known
- as a "share"). The section name is the name of the
- shared resource and the parameters within the section define
- the shares attributes.</P
-><P
->There are three special sections, [global],
- [homes] and [printers], which are
- described under <I
-CLASS="EMPHASIS"
->special sections</I
->. The
- following notes apply to ordinary section descriptions.</P
-><P
->A share consists of a directory to which access is being
- given plus a description of the access rights which are granted
- to the user of the service. Some housekeeping options are
- also specifiable.</P
-><P
->Sections are either file share services (used by the
- client as an extension of their native file systems) or
- printable services (used by the client to access print services
- on the host running the server).</P
-><P
->Sections may be designated <I
-CLASS="EMPHASIS"
->guest</I
-> services,
- in which case no password is required to access them. A specified
- UNIX <I
-CLASS="EMPHASIS"
->guest account</I
-> is used to define access
- privileges in this case.</P
-><P
->Sections other than guest services will require a password
- to access them. The client provides the username. As older clients
- only provide passwords and not usernames, you may specify a list
- of usernames to check against the password using the "user="
- option in the share definition. For modern clients such as
- Windows 95/98/ME/NT/2000, this should not be necessary.</P
-><P
->Note that the access rights granted by the server are
- masked by the access rights granted to the specified or guest
- UNIX user by the host system. The server does not grant more
- access than the host system grants.</P
-><P
->The following sample section defines a file space share.
- The user has write access to the path <TT
-CLASS="FILENAME"
->/home/bar</TT
->.
- The share is accessed via the share name "foo":</P
-><PRE
-CLASS="SCREEN"
-> <TT
-CLASS="COMPUTEROUTPUT"
-> [foo]
- path = /home/bar
- writeable = true
- </TT
->
- </PRE
-><P
->The following sample section defines a printable share.
- The share is readonly, but printable. That is, the only write
- access permitted is via calls to open, write to and close a
- spool file. The <I
-CLASS="EMPHASIS"
->guest ok</I
-> parameter means
- access will be permitted as the default guest user (specified
- elsewhere):</P
-><PRE
-CLASS="SCREEN"
-> <TT
-CLASS="COMPUTEROUTPUT"
-> [aprinter]
- path = /usr/spool/public
- writeable = false
- printable = true
- guest ok = true
- </TT
->
- </PRE
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN48"
-></A
-><H2
->SPECIAL SECTIONS</H2
-><DIV
-CLASS="REFSECT2"
-><A
-NAME="AEN50"
-></A
-><H3
->The [global] section</H3
-><P
->parameters in this section apply to the server
- as a whole, or are defaults for sections which do not
- specifically define certain items. See the notes
- under PARAMETERS for more information.</P
-></DIV
-><DIV
-CLASS="REFSECT2"
-><A
-NAME="AEN53"
-></A
-><H3
->The [homes] section</H3
-><P
->If a section called homes is included in the
- configuration file, services connecting clients to their
- home directories can be created on the fly by the server.</P
-><P
->When the connection request is made, the existing
- sections are scanned. If a match is found, it is used. If no
- match is found, the requested section name is treated as a
- user name and looked up in the local password file. If the
- name exists and the correct password has been given, a share is
- created by cloning the [homes] section.</P
-><P
->Some modifications are then made to the newly
- created share:</P
-><P
-></P
-><UL
-><LI
-><P
->The share name is changed from homes to
- the located username.</P
-></LI
-><LI
-><P
->If no path was given, the path is set to
- the user's home directory.</P
-></LI
-></UL
-><P
->If you decide to use a <I
-CLASS="EMPHASIS"
->path=</I
-> line
- in your [homes] section then you may find it useful
- to use the %S macro. For example :</P
-><P
-><TT
-CLASS="USERINPUT"
-><B
->path=/data/pchome/%S</B
-></TT
-></P
-><P
->would be useful if you have different home directories
- for your PCs than for UNIX access.</P
-><P
->This is a fast and simple way to give a large number
- of clients access to their home directories with a minimum
- of fuss.</P
-><P
->A similar process occurs if the requested section
- name is "homes", except that the share name is not
- changed to that of the requesting user. This method of using
- the [homes] section works well if different users share
- a client PC.</P
-><P
->The [homes] section can specify all the parameters
- a normal service section can specify, though some make more sense
- than others. The following is a typical and suitable [homes]
- section:</P
-><PRE
-CLASS="SCREEN"
-> <TT
-CLASS="COMPUTEROUTPUT"
-> [homes]
- writeable = yes
- </TT
->
- </PRE
-><P
->An important point is that if guest access is specified
- in the [homes] section, all home directories will be
- visible to all clients <I
-CLASS="EMPHASIS"
->without a password</I
->.
- In the very unlikely event that this is actually desirable, it
- would be wise to also specify <I
-CLASS="EMPHASIS"
->read only
- access</I
->.</P
-><P
->Note that the <I
-CLASS="EMPHASIS"
->browseable</I
-> flag for
- auto home directories will be inherited from the global browseable
- flag, not the [homes] browseable flag. This is useful as
- it means setting browseable=no in the [homes] section
- will hide the [homes] share but make any auto home
- directories visible.</P
-></DIV
-><DIV
-CLASS="REFSECT2"
-><A
-NAME="AEN78"
-></A
-><H3
->The [printers] section</H3
-><P
->This section works like [homes],
- but for printers.</P
-><P
->If a [printers] section occurs in the
- configuration file, users are able to connect to any printer
- specified in the local host's printcap file.</P
-><P
->When a connection request is made, the existing sections
- are scanned. If a match is found, it is used. If no match is found,
- but a [homes] section exists, it is used as described
- above. Otherwise, the requested section name is treated as a
- printer name and the appropriate printcap file is scanned to see
- if the requested section name is a valid printer share name. If
- a match is found, a new printer share is created by cloning
- the [printers] section.</P
-><P
->A few modifications are then made to the newly created
- share:</P
-><P
-></P
-><UL
-><LI
-><P
->The share name is set to the located printer
- name</P
-></LI
-><LI
-><P
->If no printer name was given, the printer name
- is set to the located printer name</P
-></LI
-><LI
-><P
->If the share does not permit guest access and
- no username was given, the username is set to the located
- printer name.</P
-></LI
-></UL
-><P
->Note that the [printers] service MUST be
- printable - if you specify otherwise, the server will refuse
- to load the configuration file.</P
-><P
->Typically the path specified would be that of a
- world-writeable spool directory with the sticky bit set on
- it. A typical [printers] entry would look like
- this:</P
-><PRE
-CLASS="SCREEN"
-><TT
-CLASS="COMPUTEROUTPUT"
-> [printers]
- path = /usr/spool/public
- guest ok = yes
- printable = yes
- </TT
-></PRE
-><P
->All aliases given for a printer in the printcap file
- are legitimate printer names as far as the server is concerned.
- If your printing subsystem doesn't work like that, you will have
- to set up a pseudo-printcap. This is a file consisting of one or
- more lines like this:</P
-><PRE
-CLASS="SCREEN"
-> <TT
-CLASS="COMPUTEROUTPUT"
-> alias|alias|alias|alias...
- </TT
->
- </PRE
-><P
->Each alias should be an acceptable printer name for
- your printing subsystem. In the [global] section, specify
- the new file as your printcap. The server will then only recognize
- names found in your pseudo-printcap, which of course can contain
- whatever aliases you like. The same technique could be used
- simply to limit access to a subset of your local printers.</P
-><P
->An alias, by the way, is defined as any component of the
- first entry of a printcap record. Records are separated by newlines,
- components (if there are more than one) are separated by vertical
- bar symbols ('|').</P
-><P
->NOTE: On SYSV systems which use lpstat to determine what
- printers are defined on the system you may be able to use
- "printcap name = lpstat" to automatically obtain a list
- of printers. See the "printcap name" option
- for more details.</P
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN101"
-></A
-><H2
->PARAMETERS</H2
-><P
->parameters define the specific attributes of sections.</P
-><P
->Some parameters are specific to the [global] section
- (e.g., <I
-CLASS="EMPHASIS"
->security</I
->). Some parameters are usable
- in all sections (e.g., <I
-CLASS="EMPHASIS"
->create mode</I
->). All others
- are permissible only in normal sections. For the purposes of the
- following descriptions the [homes] and [printers]
- sections will be considered normal. The letter <I
-CLASS="EMPHASIS"
->G</I
->
- in parentheses indicates that a parameter is specific to the
- [global] section. The letter <I
-CLASS="EMPHASIS"
->S</I
->
- indicates that a parameter can be specified in a service specific
- section. Note that all <I
-CLASS="EMPHASIS"
->S</I
-> parameters can also be specified in
- the [global] section - in which case they will define
- the default behavior for all services.</P
-><P
->parameters are arranged here in alphabetical order - this may
- not create best bedfellows, but at least you can find them! Where
- there are synonyms, the preferred synonym is described, others refer
- to the preferred synonym.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN111"
-></A
-><H2
->VARIABLE SUBSTITUTIONS</H2
-><P
->Many of the strings that are settable in the config file
- can take substitutions. For example the option "path =
- /tmp/%u" would be interpreted as "path =
- /tmp/john" if the user connected with the username john.</P
-><P
->These substitutions are mostly noted in the descriptions below,
- but there are some general substitutions which apply whenever they
- might be relevant. These are:</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->%S</DT
-><DD
-><P
->the name of the current service, if any.</P
-></DD
-><DT
->%P</DT
-><DD
-><P
->the root directory of the current service,
- if any.</P
-></DD
-><DT
->%u</DT
-><DD
-><P
->user name of the current service, if any.</P
-></DD
-><DT
->%g</DT
-><DD
-><P
->primary group name of %u.</P
-></DD
-><DT
->%U</DT
-><DD
-><P
->session user name (the user name that the client
- wanted, not necessarily the same as the one they got).</P
-></DD
-><DT
->%G</DT
-><DD
-><P
->primary group name of %U.</P
-></DD
-><DT
->%H</DT
-><DD
-><P
->the home directory of the user given
- by %u.</P
-></DD
-><DT
->%v</DT
-><DD
-><P
->the Samba version.</P
-></DD
-><DT
->%h</DT
-><DD
-><P
->the Internet hostname that Samba is running
- on.</P
-></DD
-><DT
->%m</DT
-><DD
-><P
->the NetBIOS name of the client machine
- (very useful).</P
-></DD
-><DT
->%L</DT
-><DD
-><P
->the NetBIOS name of the server. This allows you
- to change your config based on what the client calls you. Your
- server can have a "dual personality".</P
-></DD
-><DT
->%M</DT
-><DD
-><P
->the Internet name of the client machine.
- </P
-></DD
-><DT
->%N</DT
-><DD
-><P
->the name of your NIS home directory server.
- This is obtained from your NIS auto.map entry. If you have
- not compiled Samba with the <I
-CLASS="EMPHASIS"
->--with-automount</I
->
- option then this value will be the same as %.</P
-></DD
-><DT
->%p</DT
-><DD
-><P
->the path of the service's home directory,
- obtained from your NIS auto.map entry. The NIS auto.map entry
- is split up as "%N:%p".</P
-></DD
-><DT
->%R</DT
-><DD
-><P
->the selected protocol level after
- protocol negotiation. It can be one of CORE, COREPLUS,
- LANMAN1, LANMAN2 or NT1.</P
-></DD
-><DT
->%d</DT
-><DD
-><P
->The process id of the current server
- process.</P
-></DD
-><DT
->%a</DT
-><DD
-><P
->the architecture of the remote
- machine. Only some are recognized, and those may not be
- 100% reliable. It currently recognizes Samba, WfWg,
- WinNT and Win95. Anything else will be known as
- "UNKNOWN". If it gets it wrong then sending a level
- 3 log to <A
-HREF="mailto:samba@samba.org"
-TARGET="_top"
->samba@samba.org
- </A
-> should allow it to be fixed.</P
-></DD
-><DT
->%I</DT
-><DD
-><P
->The IP address of the client machine.</P
-></DD
-><DT
->%T</DT
-><DD
-><P
->the current date and time.</P
-></DD
-><DT
->%$(<TT
-CLASS="REPLACEABLE"
-><I
->envvar</I
-></TT
->)</DT
-><DD
-><P
->The value of the environment variable
- <TT
-CLASS="REPLACEABLE"
-><I
->envar</I
-></TT
->.</P
-></DD
-></DL
-></DIV
-><P
->There are some quite creative things that can be done
- with these substitutions and other smb.conf options.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN201"
-></A
-><H2
->NAME MANGLING</H2
-><P
->Samba supports "name mangling" so that DOS and
- Windows clients can use files that don't conform to the 8.3 format.
- It can also be set to adjust the case of 8.3 format filenames.</P
-><P
->There are several options that control the way mangling is
- performed, and they are grouped here rather than listed separately.
- For the defaults look at the output of the testparm program. </P
-><P
->All of these options can be set separately for each service
- (or globally, of course). </P
-><P
->The options are: </P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->mangle case= yes/no</DT
-><DD
-><P
-> controls if names that have characters that
- aren't of the "default" case are mangled. For example,
- if this is yes then a name like "Mail" would be mangled.
- Default <I
-CLASS="EMPHASIS"
->no</I
->.</P
-></DD
-><DT
->case sensitive = yes/no</DT
-><DD
-><P
->controls whether filenames are case sensitive. If
- they aren't then Samba must do a filename search and match on passed
- names. Default <I
-CLASS="EMPHASIS"
->no</I
->.</P
-></DD
-><DT
->default case = upper/lower</DT
-><DD
-><P
->controls what the default case is for new
- filenames. Default <I
-CLASS="EMPHASIS"
->lower</I
->.</P
-></DD
-><DT
->preserve case = yes/no</DT
-><DD
-><P
->controls if new files are created with the
- case that the client passes, or if they are forced to be the
- "default" case. Default <I
-CLASS="EMPHASIS"
->yes</I
->.
- </P
-></DD
-><DT
->short preserve case = yes/no</DT
-><DD
-><P
->controls if new files which conform to 8.3 syntax,
- that is all in upper case and of suitable length, are created
- upper case, or if they are forced to be the "default"
- case. This option can be use with "preserve case = yes"
- to permit long filenames to retain their case, while short names
- are lowered. Default <I
-CLASS="EMPHASIS"
->yes</I
->.</P
-></DD
-></DL
-></DIV
-><P
->By default, Samba 2.2 has the same semantics as a Windows
- NT server, in that it is case insensitive but case preserving.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN234"
-></A
-><H2
->NOTE ABOUT USERNAME/PASSWORD VALIDATION</H2
-><P
->There are a number of ways in which a user can connect
- to a service. The server uses the following steps in determining
- if it will allow a connection to a specified service. If all the
- steps fail, then the connection request is rejected. However, if one of the
- steps succeeds, then the following steps are not checked.</P
-><P
->If the service is marked "guest only = yes" then
- steps 1 to 5 are skipped.</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->If the client has passed a username/password
- pair and that username/password pair is validated by the UNIX
- system's password programs then the connection is made as that
- username. Note that this includes the
- \\server\service%<TT
-CLASS="REPLACEABLE"
-><I
->username</I
-></TT
-> method of passing
- a username.</P
-></LI
-><LI
-><P
->If the client has previously registered a username
- with the system and now supplies a correct password for that
- username then the connection is allowed.</P
-></LI
-><LI
-><P
->The client's netbios name and any previously
- used user names are checked against the supplied password, if
- they match then the connection is allowed as the corresponding
- user.</P
-></LI
-><LI
-><P
->If the client has previously validated a
- username/password pair with the server and the client has passed
- the validation token then that username is used. </P
-></LI
-><LI
-><P
->If a "user = " field is given in the
- <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file for the service and the client
- has supplied a password, and that password matches (according to
- the UNIX system's password checking) with one of the usernames
- from the "user=" field then the connection is made as
- the username in the "user=" line. If one
- of the username in the "user=" list begins with a
- '@' then that name expands to a list of names in
- the group of the same name.</P
-></LI
-><LI
-><P
->If the service is a guest service then a
- connection is made as the username given in the "guest
- account =" for the service, irrespective of the
- supplied password.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN253"
-></A
-><H2
->COMPLETE LIST OF GLOBAL PARAMETERS</H2
-><P
->Here is a list of all global parameters. See the section of
- each parameter for details. Note that some are synonyms.</P
-><P
-></P
-><UL
-><LI
-><P
-><A
-HREF="#ADDUSERSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->add user script</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ADDPRINTERCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->addprinter command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ALLOWTRUSTEDDOMAINS"
-><TT
-CLASS="PARAMETER"
-><I
->allow trusted domains</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ANNOUNCEAS"
-><TT
-CLASS="PARAMETER"
-><I
->announce as</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ANNOUNCEVERSION"
-><TT
-CLASS="PARAMETER"
-><I
->announce version</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#AUTOSERVICES"
-><TT
-CLASS="PARAMETER"
-><I
->auto services</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#BINDINTERFACESONLY"
-><TT
-CLASS="PARAMETER"
-><I
->bind interfaces only</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#BROWSELIST"
-><TT
-CLASS="PARAMETER"
-><I
->browse list</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CHANGENOTIFYTIMEOUT"
-><TT
-CLASS="PARAMETER"
-><I
->change notify timeout</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CHARACTERSET"
-><TT
-CLASS="PARAMETER"
-><I
->character set</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CLIENTCODEPAGE"
-><TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CODEPAGEDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
->code page directory</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CODINGSYSTEM"
-><TT
-CLASS="PARAMETER"
-><I
->coding system</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CONFIGFILE"
-><TT
-CLASS="PARAMETER"
-><I
->config file</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEADTIME"
-><TT
-CLASS="PARAMETER"
-><I
->deadtime</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEBUGHIRESTIMESTAMP"
-><TT
-CLASS="PARAMETER"
-><I
->debug hires timestamp</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEBUGPID"
-><TT
-CLASS="PARAMETER"
-><I
->debug pid</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEBUGTIMESTAMP"
-><TT
-CLASS="PARAMETER"
-><I
->debug timestamp</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEBUGUID"
-><TT
-CLASS="PARAMETER"
-><I
->debug uid</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEBUGLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->debuglevel</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEFAULT"
-><TT
-CLASS="PARAMETER"
-><I
->default</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEFAULTSERVICE"
-><TT
-CLASS="PARAMETER"
-><I
->default service</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DELETEUSERSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->delete user script</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DELETEPRINTERCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->deleteprinter command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DFREECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->dfree command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DNSPROXY"
-><TT
-CLASS="PARAMETER"
-><I
->dns proxy</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOMAINADMINGROUP"
-><TT
-CLASS="PARAMETER"
-><I
->domain admin group</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOMAINADMINUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->domain admin users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOMAINGROUPS"
-><TT
-CLASS="PARAMETER"
-><I
->domain groups</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOMAINGUESTGROUP"
-><TT
-CLASS="PARAMETER"
-><I
->domain guest group</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOMAINGUESTUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->domain guest users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOMAINLOGONS"
-><TT
-CLASS="PARAMETER"
-><I
->domain logons</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOMAINMASTER"
-><TT
-CLASS="PARAMETER"
-><I
->domain master</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ENCRYPTPASSWORDS"
-><TT
-CLASS="PARAMETER"
-><I
->encrypt passwords</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ENHANCEDBROWSING"
-><TT
-CLASS="PARAMETER"
-><I
->enhanced browsing</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ENUMPORTSCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->enumports command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#GETWDCACHE"
-><TT
-CLASS="PARAMETER"
-><I
->getwd cache</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HIDELOCALUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->hide local users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HOMEDIRMAP"
-><TT
-CLASS="PARAMETER"
-><I
->homedir map</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HOSTMSDFS"
-><TT
-CLASS="PARAMETER"
-><I
->host msdfs</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HOSTSEQUIV"
-><TT
-CLASS="PARAMETER"
-><I
->hosts equiv</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#INTERFACES"
-><TT
-CLASS="PARAMETER"
-><I
->interfaces</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#KEEPALIVE"
-><TT
-CLASS="PARAMETER"
-><I
->keepalive</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#KERNELOPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->kernel oplocks</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LANMANAUTH"
-><TT
-CLASS="PARAMETER"
-><I
->lanman auth</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LMANNOUNCE"
-><TT
-CLASS="PARAMETER"
-><I
->lm announce</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LMINTERVAL"
-><TT
-CLASS="PARAMETER"
-><I
->lm interval</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOADPRINTERS"
-><TT
-CLASS="PARAMETER"
-><I
->load printers</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOCALMASTER"
-><TT
-CLASS="PARAMETER"
-><I
->local master</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOCKDIR"
-><TT
-CLASS="PARAMETER"
-><I
->lock dir</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOCKDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
->lock directory</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOGFILE"
-><TT
-CLASS="PARAMETER"
-><I
->log file</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOGLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->log level</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOGONDRIVE"
-><TT
-CLASS="PARAMETER"
-><I
->logon drive</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOGONHOME"
-><TT
-CLASS="PARAMETER"
-><I
->logon home</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOGONPATH"
-><TT
-CLASS="PARAMETER"
-><I
->logon path</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOGONSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->logon script</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LPQCACHETIME"
-><TT
-CLASS="PARAMETER"
-><I
->lpq cache time</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MACHINEPASSWORDTIMEOUT"
-><TT
-CLASS="PARAMETER"
-><I
->machine password timeout</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MANGLEDSTACK"
-><TT
-CLASS="PARAMETER"
-><I
->mangled stack</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAPTOGUEST"
-><TT
-CLASS="PARAMETER"
-><I
->map to guest</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXDISKSIZE"
-><TT
-CLASS="PARAMETER"
-><I
->max disk size</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXLOGSIZE"
-><TT
-CLASS="PARAMETER"
-><I
->max log size</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXMUX"
-><TT
-CLASS="PARAMETER"
-><I
->max mux</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXOPENFILES"
-><TT
-CLASS="PARAMETER"
-><I
->max open files</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXPROTOCOL"
-><TT
-CLASS="PARAMETER"
-><I
->max protocol</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXSMBDPROCESSES"
-><TT
-CLASS="PARAMETER"
-><I
->max smbd processes</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXTTL"
-><TT
-CLASS="PARAMETER"
-><I
->max ttl</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXWINSTTL"
-><TT
-CLASS="PARAMETER"
-><I
->max wins ttl</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXXMIT"
-><TT
-CLASS="PARAMETER"
-><I
->max xmit</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MESSAGECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->message command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MINPASSWDLENGTH"
-><TT
-CLASS="PARAMETER"
-><I
->min passwd length</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MINPASSWORDLENGTH"
-><TT
-CLASS="PARAMETER"
-><I
->min password length</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MINPROTOCOL"
-><TT
-CLASS="PARAMETER"
-><I
->min protocol</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MINWINSTTL"
-><TT
-CLASS="PARAMETER"
-><I
->min wins ttl</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NAMERESOLVEORDER"
-><TT
-CLASS="PARAMETER"
-><I
->name resolve order</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NETBIOSALIASES"
-><TT
-CLASS="PARAMETER"
-><I
->netbios aliases</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NETBIOSNAME"
-><TT
-CLASS="PARAMETER"
-><I
->netbios name</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NETBIOSSCOPE"
-><TT
-CLASS="PARAMETER"
-><I
->netbios scope</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NISHOMEDIR"
-><TT
-CLASS="PARAMETER"
-><I
->nis homedir</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NTACLSUPPORT"
-><TT
-CLASS="PARAMETER"
-><I
->nt acl support</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NTPIPESUPPORT"
-><TT
-CLASS="PARAMETER"
-><I
->nt pipe support</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NTSMBSUPPORT"
-><TT
-CLASS="PARAMETER"
-><I
->nt smb support</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#NULLPASSWORDS"
-><TT
-CLASS="PARAMETER"
-><I
->null passwords</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#OPLOCKBREAKWAITTIME"
-><TT
-CLASS="PARAMETER"
-><I
->oplock break wait time</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#OSLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->os level</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#OS2DRIVERMAP"
-><TT
-CLASS="PARAMETER"
-><I
->os2 driver map</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PANICACTION"
-><TT
-CLASS="PARAMETER"
-><I
->panic action</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PASSWDCHAT"
-><TT
-CLASS="PARAMETER"
-><I
->passwd chat</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PASSWDCHATDEBUG"
-><TT
-CLASS="PARAMETER"
-><I
->passwd chat debug</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PASSWDPROGRAM"
-><TT
-CLASS="PARAMETER"
-><I
->passwd program</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PASSWORDLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->password level</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PASSWORDSERVER"
-><TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PREFEREDMASTER"
-><TT
-CLASS="PARAMETER"
-><I
->prefered master</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PREFERREDMASTER"
-><TT
-CLASS="PARAMETER"
-><I
->preferred master</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRELOAD"
-><TT
-CLASS="PARAMETER"
-><I
->preload</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTCAP"
-><TT
-CLASS="PARAMETER"
-><I
->printcap</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTCAPNAME"
-><TT
-CLASS="PARAMETER"
-><I
->printcap name</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTERDRIVERFILE"
-><TT
-CLASS="PARAMETER"
-><I
->printer driver file</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PROTOCOL"
-><TT
-CLASS="PARAMETER"
-><I
->protocol</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#READBMPX"
-><TT
-CLASS="PARAMETER"
-><I
->read bmpx</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#READRAW"
-><TT
-CLASS="PARAMETER"
-><I
->read raw</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#READSIZE"
-><TT
-CLASS="PARAMETER"
-><I
->read size</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#REMOTEANNOUNCE"
-><TT
-CLASS="PARAMETER"
-><I
->remote announce</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#REMOTEBROWSESYNC"
-><TT
-CLASS="PARAMETER"
-><I
->remote browse sync</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#RESTRICTANONYMOUS"
-><TT
-CLASS="PARAMETER"
-><I
->restrict anonymous</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ROOT"
-><TT
-CLASS="PARAMETER"
-><I
->root</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ROOTDIR"
-><TT
-CLASS="PARAMETER"
-><I
->root dir</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ROOTDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
->root directory</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
->security</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SERVERSTRING"
-><TT
-CLASS="PARAMETER"
-><I
->server string</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SHOWADDPRINTERWIZARD"
-><TT
-CLASS="PARAMETER"
-><I
->show add printer wizard</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SMBPASSWDFILE"
-><TT
-CLASS="PARAMETER"
-><I
->smb passwd file</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SOCKETADDRESS"
-><TT
-CLASS="PARAMETER"
-><I
->socket address</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SOCKETOPTIONS"
-><TT
-CLASS="PARAMETER"
-><I
->socket options</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SOURCEENVIRONMENT"
-><TT
-CLASS="PARAMETER"
-><I
->source environment</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSL"
-><TT
-CLASS="PARAMETER"
-><I
->ssl</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLCACERTDIR"
-><TT
-CLASS="PARAMETER"
-><I
->ssl CA certDir</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLCACERTFILE"
-><TT
-CLASS="PARAMETER"
-><I
->ssl CA certFile</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLCIPHERS"
-><TT
-CLASS="PARAMETER"
-><I
->ssl ciphers</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLCLIENTCERT"
-><TT
-CLASS="PARAMETER"
-><I
->ssl client cert</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLCLIENTKEY"
-><TT
-CLASS="PARAMETER"
-><I
->ssl client key</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLCOMPATIBILITY"
-><TT
-CLASS="PARAMETER"
-><I
->ssl compatibility</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLHOSTS"
-><TT
-CLASS="PARAMETER"
-><I
->ssl hosts</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLHOSTSRESIGN"
-><TT
-CLASS="PARAMETER"
-><I
->ssl hosts resign</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLREQUIRECLIENTCERT"
-><TT
-CLASS="PARAMETER"
-><I
->ssl require clientcert</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLREQUIRESERVERCERT"
-><TT
-CLASS="PARAMETER"
-><I
->ssl require servercert</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLSERVERCERT"
-><TT
-CLASS="PARAMETER"
-><I
->ssl server cert</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLSERVERKEY"
-><TT
-CLASS="PARAMETER"
-><I
->ssl server key</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SSLVERSION"
-><TT
-CLASS="PARAMETER"
-><I
->ssl version</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#STATCACHE"
-><TT
-CLASS="PARAMETER"
-><I
->stat cache</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#STATCACHESIZE"
-><TT
-CLASS="PARAMETER"
-><I
->stat cache size</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#STRIPDOT"
-><TT
-CLASS="PARAMETER"
-><I
->strip dot</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SYSLOG"
-><TT
-CLASS="PARAMETER"
-><I
->syslog</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SYSLOGONLY"
-><TT
-CLASS="PARAMETER"
-><I
->syslog only</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#TEMPLATEHOMEDIR"
-><TT
-CLASS="PARAMETER"
-><I
->template homedir</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#TEMPLATESHELL"
-><TT
-CLASS="PARAMETER"
-><I
->template shell</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#TIMEOFFSET"
-><TT
-CLASS="PARAMETER"
-><I
->time offset</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#TIMESERVER"
-><TT
-CLASS="PARAMETER"
-><I
->time server</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#TIMESTAMPLOGS"
-><TT
-CLASS="PARAMETER"
-><I
->timestamp logs</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#TOTALPRINTJOBS"
-><TT
-CLASS="PARAMETER"
-><I
->total print jobs</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#UNIXPASSWORDSYNC"
-><TT
-CLASS="PARAMETER"
-><I
->unix password sync</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#UNIXREALNAME"
-><TT
-CLASS="PARAMETER"
-><I
->unix realname</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#UPDATEENCRYPTED"
-><TT
-CLASS="PARAMETER"
-><I
->update encrypted</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#USERHOSTS"
-><TT
-CLASS="PARAMETER"
-><I
->use rhosts</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#USERNAMELEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->username level</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#USERNAMEMAP"
-><TT
-CLASS="PARAMETER"
-><I
->username map</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#UTMPDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
->utmp directory</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#VALIDCHARS"
-><TT
-CLASS="PARAMETER"
-><I
->valid chars</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINBINDCACHETIME"
-><TT
-CLASS="PARAMETER"
-><I
->winbind cache time</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINBINDGID"
-><TT
-CLASS="PARAMETER"
-><I
->winbind gid</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINBINDSEPARATOR"
-><TT
-CLASS="PARAMETER"
-><I
->winbind separator</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINBINDUID"
-><TT
-CLASS="PARAMETER"
-><I
->winbind uid</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINSHOOK"
-><TT
-CLASS="PARAMETER"
-><I
->wins hook</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINSPROXY"
-><TT
-CLASS="PARAMETER"
-><I
->wins proxy</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINSSERVER"
-><TT
-CLASS="PARAMETER"
-><I
->wins server</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WINSSUPPORT"
-><TT
-CLASS="PARAMETER"
-><I
->wins support</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WORKGROUP"
-><TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WRITERAW"
-><TT
-CLASS="PARAMETER"
-><I
->write raw</I
-></TT
-></A
-></P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN893"
-></A
-><H2
->COMPLETE LIST OF SERVICE PARAMETERS</H2
-><P
->Here is a list of all service parameters. See the section on
- each parameter for details. Note that some are synonyms.</P
-><P
-></P
-><UL
-><LI
-><P
-><A
-HREF="#ADMINUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->admin users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ALLOWHOSTS"
-><TT
-CLASS="PARAMETER"
-><I
->allow hosts</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#AVAILABLE"
-><TT
-CLASS="PARAMETER"
-><I
->available</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#BLOCKINGLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->blocking locks</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#BROWSABLE"
-><TT
-CLASS="PARAMETER"
-><I
->browsable</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#BROWSEABLE"
-><TT
-CLASS="PARAMETER"
-><I
->browseable</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CASESENSITIVE"
-><TT
-CLASS="PARAMETER"
-><I
->case sensitive</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CASESIGNAMES"
-><TT
-CLASS="PARAMETER"
-><I
->casesignames</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#COMMENT"
-><TT
-CLASS="PARAMETER"
-><I
->comment</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#COPY"
-><TT
-CLASS="PARAMETER"
-><I
->copy</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CREATEMASK"
-><TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#CREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->create mode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DEFAULTCASE"
-><TT
-CLASS="PARAMETER"
-><I
->default case</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DELETEREADONLY"
-><TT
-CLASS="PARAMETER"
-><I
->delete readonly</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DELETEVETOFILES"
-><TT
-CLASS="PARAMETER"
-><I
->delete veto files</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DENYHOSTS"
-><TT
-CLASS="PARAMETER"
-><I
->deny hosts</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
->directory</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DIRECTORYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->directory mask</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->directory mode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DIRECTORYSECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->directory security mask</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DONTDESCEND"
-><TT
-CLASS="PARAMETER"
-><I
->dont descend</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOSFILEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->dos filemode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOSFILETIMERESOLUTION"
-><TT
-CLASS="PARAMETER"
-><I
->dos filetime resolution</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#DOSFILETIMES"
-><TT
-CLASS="PARAMETER"
-><I
->dos filetimes</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#EXEC"
-><TT
-CLASS="PARAMETER"
-><I
->exec</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FAKEDIRECTORYCREATETIMES"
-><TT
-CLASS="PARAMETER"
-><I
->fake directory create times</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FAKEOPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->fake oplocks</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FOLLOWSYMLINKS"
-><TT
-CLASS="PARAMETER"
-><I
->follow symlinks</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FORCECREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force create mode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FORCEDIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force directory mode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FORCEDIRECTORYSECURITYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force directory security mode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FORCEGROUP"
-><TT
-CLASS="PARAMETER"
-><I
->force group</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FORCESECURITYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force security mode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FORCEUSER"
-><TT
-CLASS="PARAMETER"
-><I
->force user</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#FSTYPE"
-><TT
-CLASS="PARAMETER"
-><I
->fstype</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#GROUP"
-><TT
-CLASS="PARAMETER"
-><I
->group</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#GUESTACCOUNT"
-><TT
-CLASS="PARAMETER"
-><I
->guest account</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#GUESTOK"
-><TT
-CLASS="PARAMETER"
-><I
->guest ok</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#GUESTONLY"
-><TT
-CLASS="PARAMETER"
-><I
->guest only</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HIDEDOTFILES"
-><TT
-CLASS="PARAMETER"
-><I
->hide dot files</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HIDEFILES"
-><TT
-CLASS="PARAMETER"
-><I
->hide files</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HOSTSALLOW"
-><TT
-CLASS="PARAMETER"
-><I
->hosts allow</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#HOSTSDENY"
-><TT
-CLASS="PARAMETER"
-><I
->hosts deny</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#INCLUDE"
-><TT
-CLASS="PARAMETER"
-><I
->include</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#INHERITPERMISSIONS"
-><TT
-CLASS="PARAMETER"
-><I
->inherit permissions</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#INVALIDUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->invalid users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LEVEL2OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->level2 oplocks</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LOCKING"
-><TT
-CLASS="PARAMETER"
-><I
->locking</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LPPAUSECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->lppause command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LPQCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->lpq command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LPRESUMECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->lpresume command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#LPRMCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->lprm command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAGICOUTPUT"
-><TT
-CLASS="PARAMETER"
-><I
->magic output</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAGICSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->magic script</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MANGLECASE"
-><TT
-CLASS="PARAMETER"
-><I
->mangle case</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MANGLEDMAP"
-><TT
-CLASS="PARAMETER"
-><I
->mangled map</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MANGLEDNAMES"
-><TT
-CLASS="PARAMETER"
-><I
->mangled names</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MANGLINGCHAR"
-><TT
-CLASS="PARAMETER"
-><I
->mangling char</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAPARCHIVE"
-><TT
-CLASS="PARAMETER"
-><I
->map archive</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAPHIDDEN"
-><TT
-CLASS="PARAMETER"
-><I
->map hidden</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAPSYSTEM"
-><TT
-CLASS="PARAMETER"
-><I
->map system</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXCONNECTIONS"
-><TT
-CLASS="PARAMETER"
-><I
->max connections</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MAXPRINTJOBS"
-><TT
-CLASS="PARAMETER"
-><I
->max print jobs</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MINPRINTSPACE"
-><TT
-CLASS="PARAMETER"
-><I
->min print space</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#MSDFSROOT"
-><TT
-CLASS="PARAMETER"
-><I
->msdfs root</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ONLYGUEST"
-><TT
-CLASS="PARAMETER"
-><I
->only guest</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ONLYUSER"
-><TT
-CLASS="PARAMETER"
-><I
->only user</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#OPLOCKCONTENTIONLIMIT"
-><TT
-CLASS="PARAMETER"
-><I
->oplock contention limit</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->oplocks</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PATH"
-><TT
-CLASS="PARAMETER"
-><I
->path</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#POSIXLOCKING"
-><TT
-CLASS="PARAMETER"
-><I
->posix locking</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#POSTEXEC"
-><TT
-CLASS="PARAMETER"
-><I
->postexec</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#POSTSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->postscript</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PREEXEC"
-><TT
-CLASS="PARAMETER"
-><I
->preexec</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PREEXECCLOSE"
-><TT
-CLASS="PARAMETER"
-><I
->preexec close</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRESERVECASE"
-><TT
-CLASS="PARAMETER"
-><I
->preserve case</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->print command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTOK"
-><TT
-CLASS="PARAMETER"
-><I
->print ok</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTABLE"
-><TT
-CLASS="PARAMETER"
-><I
->printable</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTER"
-><TT
-CLASS="PARAMETER"
-><I
->printer</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTERADMIN"
-><TT
-CLASS="PARAMETER"
-><I
->printer admin</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTERDRIVER"
-><TT
-CLASS="PARAMETER"
-><I
->printer driver</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTERDRIVERLOCATION"
-><TT
-CLASS="PARAMETER"
-><I
->printer driver location</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTERNAME"
-><TT
-CLASS="PARAMETER"
-><I
->printer name</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#PUBLIC"
-><TT
-CLASS="PARAMETER"
-><I
->public</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#QUEUEPAUSECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->queuepause command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#QUEUERESUMECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->queueresume command</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#READLIST"
-><TT
-CLASS="PARAMETER"
-><I
->read list</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#READONLY"
-><TT
-CLASS="PARAMETER"
-><I
->read only</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ROOTPOSTEXEC"
-><TT
-CLASS="PARAMETER"
-><I
->root postexec</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ROOTPREEXEC"
-><TT
-CLASS="PARAMETER"
-><I
->root preexec</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#ROOTPREEXECCLOSE"
-><TT
-CLASS="PARAMETER"
-><I
->root preexec close</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->security mask</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SETDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
->set directory</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SHAREMODES"
-><TT
-CLASS="PARAMETER"
-><I
->share modes</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SHORTPRESERVECASE"
-><TT
-CLASS="PARAMETER"
-><I
->short preserve case</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#STATUS"
-><TT
-CLASS="PARAMETER"
-><I
->status</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#STRICTLOCKING"
-><TT
-CLASS="PARAMETER"
-><I
->strict locking</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#STRICTSYNC"
-><TT
-CLASS="PARAMETER"
-><I
->strict sync</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#SYNCALWAYS"
-><TT
-CLASS="PARAMETER"
-><I
->sync always</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#USER"
-><TT
-CLASS="PARAMETER"
-><I
->user</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#USERNAME"
-><TT
-CLASS="PARAMETER"
-><I
->username</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#USERS"
-><TT
-CLASS="PARAMETER"
-><I
->users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#UTMP"
-><TT
-CLASS="PARAMETER"
-><I
->utmp</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#VALIDUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->valid users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#VETOFILES"
-><TT
-CLASS="PARAMETER"
-><I
->veto files</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#VETOOPLOCKFILES"
-><TT
-CLASS="PARAMETER"
-><I
->veto oplock files</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#VFSOBJECT"
-><TT
-CLASS="PARAMETER"
-><I
->vfs object</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#VFSOPTIONS"
-><TT
-CLASS="PARAMETER"
-><I
->vfs options</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#VOLUME"
-><TT
-CLASS="PARAMETER"
-><I
->volume</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WIDELINKS"
-><TT
-CLASS="PARAMETER"
-><I
->wide links</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WRITABLE"
-><TT
-CLASS="PARAMETER"
-><I
->writable</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WRITECACHESIZE"
-><TT
-CLASS="PARAMETER"
-><I
->write cache size</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WRITELIST"
-><TT
-CLASS="PARAMETER"
-><I
->write list</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WRITEOK"
-><TT
-CLASS="PARAMETER"
-><I
->write ok</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="#WRITEABLE"
-><TT
-CLASS="PARAMETER"
-><I
->writeable</I
-></TT
-></A
-></P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN1365"
-></A
-><H2
->EXPLANATION OF EACH PARAMETER</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><A
-NAME="ADDUSERSCRIPT"
-></A
->add user script (G)</DT
-><DD
-><P
->This is the full pathname to a script that will
- be run <I
-CLASS="EMPHASIS"
->AS ROOT</I
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)
- </A
-> under special circumstances described below.</P
-><P
->Normally, a Samba server requires that UNIX users are
- created for all users accessing files on this server. For sites
- that use Windows NT account databases as their primary user database
- creating these users and keeping the user list in sync with the
- Windows NT PDC is an onerous task. This option allows <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> to create the required UNIX users
- <I
-CLASS="EMPHASIS"
->ON DEMAND</I
-> when a user accesses the Samba server.</P
-><P
->In order to use this option, <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
->
- must be set to <TT
-CLASS="PARAMETER"
-><I
->security=server</I
-></TT
-> or <TT
-CLASS="PARAMETER"
-><I
-> security=domain</I
-></TT
-> and <TT
-CLASS="PARAMETER"
-><I
->add user script</I
-></TT
->
- must be set to a full pathname for a script that will create a UNIX
- user given one argument of <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
->, which expands into
- the UNIX user name to create.</P
-><P
->When the Windows user attempts to access the Samba server,
- at login (session setup in the SMB protocol) time, <A
-HREF="smbd.8.html"
-TARGET="_top"
-> smbd</A
-> contacts the <TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-> and
- attempts to authenticate the given user with the given password. If the
- authentication succeeds then <B
-CLASS="COMMAND"
->smbd</B
->
- attempts to find a UNIX user in the UNIX password database to map the
- Windows user into. If this lookup fails, and <TT
-CLASS="PARAMETER"
-><I
->add user script
- </I
-></TT
-> is set then <B
-CLASS="COMMAND"
->smbd</B
-> will
- call the specified script <I
-CLASS="EMPHASIS"
->AS ROOT</I
->, expanding
- any <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
-> argument to be the user name to create.</P
-><P
->If this script successfully creates the user then <B
-CLASS="COMMAND"
->smbd
- </B
-> will continue on as though the UNIX user
- already existed. In this way, UNIX users are dynamically created to
- match existing Windows NT accounts.</P
-><P
->See also <A
-HREF="#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
-> security</I
-></TT
-></A
->, <A
-HREF="#PASSWORDSERVER"
-> <TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-></A
->,
- <A
-HREF="#DELETEUSERSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->delete user
- script</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->add user script = &lt;empty string&gt;
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->add user script = /usr/local/samba/bin/add_user
- %u</B
-></P
-></DD
-><DT
-><A
-NAME="ADDPRINTERCOMMAND"
-></A
->addprinter command (G)</DT
-><DD
-><P
->With the introduction of MS-RPC based printing
- support for Windows NT/2000 clients in Samba 2.2, The MS Add
- Printer Wizard (APW) icon is now also available in the
- "Printers..." folder displayed a share listing. The APW
- allows for printers to be add remotely to a Samba or Windows
- NT/2000 print server.</P
-><P
->For a Samba host this means that the printer must be
- physically added to underlying printing system. The <TT
-CLASS="PARAMETER"
-><I
-> addprinter command</I
-></TT
-> defines a script to be run which
- will perform the necessary operations for adding the printer
- to the print system and to add the appropriate service definition
- to the <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file in order that it can be
- shared by <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
->
- </A
->.</P
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->addprinter command</I
-></TT
-> is
- automatically invoked with the following parameter (in
- order:</P
-><P
-></P
-><UL
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->printer name</I
-></TT
-></P
-></LI
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->share name</I
-></TT
-></P
-></LI
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->port name</I
-></TT
-></P
-></LI
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->driver name</I
-></TT
-></P
-></LI
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->location</I
-></TT
-></P
-></LI
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->Windows 9x driver location</I
-></TT
->
- </P
-></LI
-></UL
-><P
->All parameters are filled in from the PRINTER_INFO_2 structure sent
- by the Windows NT/2000 client with one exception. The "Windows 9x
- driver location" parameter is included for backwards compatibility
- only. The remaining fields in the structure are generated from answers
- to the APW questions.</P
-><P
->Once the <TT
-CLASS="PARAMETER"
-><I
->addprinter command</I
-></TT
-> has
- been executed, <B
-CLASS="COMMAND"
->smbd</B
-> will reparse the <TT
-CLASS="FILENAME"
-> smb.conf</TT
-> to determine if the share defined by the APW
- exists. If the sharename is still invalid, then <B
-CLASS="COMMAND"
->smbd
- </B
-> will return an ACCESS_DENIED error to the client.</P
-><P
->See also <A
-HREF="#DELETEPRINTERCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
-> deleteprinter command</I
-></TT
-></A
->, <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-></A
->,
- <A
-HREF="#SHOWADDPRINTERWIZARD"
-><TT
-CLASS="PARAMETER"
-><I
->show add
- printer wizard</I
-></TT
-></A
-></P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->addprinter command = /usr/bin/addprinter
- </B
-></P
-></DD
-><DT
-><A
-NAME="ADMINUSERS"
-></A
->admin users (S)</DT
-><DD
-><P
->This is a list of users who will be granted
- administrative privileges on the share. This means that they
- will do all file operations as the super-user (root).</P
-><P
->You should use this option very carefully, as any user in
- this list will be able to do anything they like on the share,
- irrespective of file permissions.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no admin users</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->admin users = jason</B
-></P
-></DD
-><DT
-><A
-NAME="ALLOWHOSTS"
-></A
->allow hosts (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#HOSTSALLOW"
-> <TT
-CLASS="PARAMETER"
-><I
->hosts allow</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="ALLOWTRUSTEDDOMAINS"
-></A
->allow trusted domains (G)</DT
-><DD
-><P
->This option only takes effect when the <A
-HREF="#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
->security</I
-></TT
-></A
-> option is set to
- <TT
-CLASS="CONSTANT"
->server</TT
-> or <TT
-CLASS="CONSTANT"
->domain</TT
->.
- If it is set to no, then attempts to connect to a resource from
- a domain or workgroup other than the one which smbd is running
- in will fail, even if that domain is trusted by the remote server
- doing the authentication.</P
-><P
->This is useful if you only want your Samba server to
- serve resources to users in the domain it is a member of. As
- an example, suppose that there are two domains DOMA and DOMB. DOMB
- is trusted by DOMA, which contains the Samba server. Under normal
- circumstances, a user with an account in DOMB can then access the
- resources of a UNIX account with the same account name on the
- Samba server even if they do not have an account in DOMA. This
- can make implementing a security boundary difficult.</P
-><P
->Default: <B
-CLASS="COMMAND"
->allow trusted domains = yes</B
-></P
-></DD
-><DT
-><A
-NAME="ANNOUNCEAS"
-></A
->announce as (G)</DT
-><DD
-><P
->This specifies what type of server
- <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd</B
-></A
->
- will announce itself as, to a network neighborhood browse
- list. By default this is set to Windows NT. The valid options
- are : "NT Server" (which can also be written as "NT"),
- "NT Workstation", "Win95" or "WfW" meaning Windows NT Server,
- Windows NT Workstation, Windows 95 and Windows for Workgroups
- respectively. Do not change this parameter unless you have a
- specific need to stop Samba appearing as an NT server as this
- may prevent Samba servers from participating as browser servers
- correctly.</P
-><P
->Default: <B
-CLASS="COMMAND"
->announce as = NT Server</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->announce as = Win95</B
-></P
-></DD
-><DT
-><A
-NAME="ANNOUNCEVERSION"
-></A
->annouce version (G)</DT
-><DD
-><P
->This specifies the major and minor version numbers
- that nmbd will use when announcing itself as a server. The default
- is 4.2. Do not change this parameter unless you have a specific
- need to set a Samba server to be a downlevel server.</P
-><P
->Default: <B
-CLASS="COMMAND"
->announce version = 4.2</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->announce version = 2.0</B
-></P
-></DD
-><DT
-><A
-NAME="AUTOSERVICES"
-></A
->auto services (G)</DT
-><DD
-><P
->This is a synonym for the <A
-HREF="#PRELOAD"
-> <TT
-CLASS="PARAMETER"
-><I
->preload</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="AVAILABLE"
-></A
->available (S)</DT
-><DD
-><P
->This parameter lets you "turn off" a service. If
- <TT
-CLASS="PARAMETER"
-><I
->available = no</I
-></TT
->, then <I
-CLASS="EMPHASIS"
->ALL</I
->
- attempts to connect to the service will fail. Such failures are
- logged.</P
-><P
->Default: <B
-CLASS="COMMAND"
->available = yes</B
-></P
-></DD
-><DT
-><A
-NAME="BINDINTERFACESONLY"
-></A
->bind interfaces only (G)</DT
-><DD
-><P
->This global parameter allows the Samba admin
- to limit what interfaces on a machine will serve smb requests. If
- affects file service <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> and
- name service <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> in slightly
- different ways.</P
-><P
->For name service it causes <B
-CLASS="COMMAND"
->nmbd</B
-> to bind
- to ports 137 and 138 on the interfaces listed in the <A
-HREF="#INTERFACES"
->interfaces</A
-> parameter. <B
-CLASS="COMMAND"
->nmbd
- </B
-> also binds to the "all addresses" interface (0.0.0.0)
- on ports 137 and 138 for the purposes of reading broadcast messages.
- If this option is not set then <B
-CLASS="COMMAND"
->nmbd</B
-> will service
- name requests on all of these sockets. If <TT
-CLASS="PARAMETER"
-><I
->bind interfaces
- only</I
-></TT
-> is set then <B
-CLASS="COMMAND"
->nmbd</B
-> will check the
- source address of any packets coming in on the broadcast sockets
- and discard any that don't match the broadcast addresses of the
- interfaces in the <TT
-CLASS="PARAMETER"
-><I
->interfaces</I
-></TT
-> parameter list.
- As unicast packets are received on the other sockets it allows
- <B
-CLASS="COMMAND"
->nmbd</B
-> to refuse to serve names to machines that
- send packets that arrive through any interfaces not listed in the
- <TT
-CLASS="PARAMETER"
-><I
->interfaces</I
-></TT
-> list. IP Source address spoofing
- does defeat this simple check, however so it must not be used
- seriously as a security feature for <B
-CLASS="COMMAND"
->nmbd</B
->.</P
-><P
->For file service it causes <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
->
- to bind only to the interface list given in the <A
-HREF="#INTERFACES"
-> interfaces</A
-> parameter. This restricts the networks that
- <B
-CLASS="COMMAND"
->smbd</B
-> will serve to packets coming in those
- interfaces. Note that you should not use this parameter for machines
- that are serving PPP or other intermittent or non-broadcast network
- interfaces as it will not cope with non-permanent interfaces.</P
-><P
->If <TT
-CLASS="PARAMETER"
-><I
->bind interfaces only</I
-></TT
-> is set then
- unless the network address <I
-CLASS="EMPHASIS"
->127.0.0.1</I
-> is added
- to the <TT
-CLASS="PARAMETER"
-><I
->interfaces</I
-></TT
-> parameter list <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)</B
-></A
->
- and <A
-HREF="swat.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->swat(8)</B
-></A
-> may
- not work as expected due to the reasons covered below.</P
-><P
->To change a users SMB password, the <B
-CLASS="COMMAND"
->smbpasswd</B
->
- by default connects to the <I
-CLASS="EMPHASIS"
->localhost - 127.0.0.1</I
->
- address as an SMB client to issue the password change request. If
- <TT
-CLASS="PARAMETER"
-><I
->bind interfaces only</I
-></TT
-> is set then unless the
- network address <I
-CLASS="EMPHASIS"
->127.0.0.1</I
-> is added to the
- <TT
-CLASS="PARAMETER"
-><I
->interfaces</I
-></TT
-> parameter list then <B
-CLASS="COMMAND"
-> smbpasswd</B
-> will fail to connect in it's default mode.
- <B
-CLASS="COMMAND"
->smbpasswd</B
-> can be forced to use the primary IP interface
- of the local host by using its <A
-HREF="smbpasswd.8.html#minusr"
-TARGET="_top"
-> <TT
-CLASS="PARAMETER"
-><I
->-r <TT
-CLASS="REPLACEABLE"
-><I
->remote machine</I
-></TT
-></I
-></TT
->
- </A
-> parameter, with <TT
-CLASS="REPLACEABLE"
-><I
->remote machine</I
-></TT
-> set
- to the IP name of the primary interface of the local host.</P
-><P
->The <B
-CLASS="COMMAND"
->swat</B
-> status page tries to connect with
- <B
-CLASS="COMMAND"
->smbd</B
-> and <B
-CLASS="COMMAND"
->nmbd</B
-> at the address
- <I
-CLASS="EMPHASIS"
->127.0.0.1</I
-> to determine if they are running.
- Not adding <I
-CLASS="EMPHASIS"
->127.0.0.1</I
-> will cause <B
-CLASS="COMMAND"
-> smbd</B
-> and <B
-CLASS="COMMAND"
->nmbd</B
-> to always show
- "not running" even if they really are. This can prevent <B
-CLASS="COMMAND"
-> swat</B
-> from starting/stopping/restarting <B
-CLASS="COMMAND"
->smbd</B
->
- and <B
-CLASS="COMMAND"
->nmbd</B
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->bind interfaces only = no</B
-></P
-></DD
-><DT
-><A
-NAME="BLOCKINGLOCKS"
-></A
->blocking locks (S)</DT
-><DD
-><P
->This parameter controls the behavior of <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> when given a request by a client
- to obtain a byte range lock on a region of an open file, and the
- request has a time limit associated with it.</P
-><P
->If this parameter is set and the lock range requested
- cannot be immediately satisfied, Samba 2.2 will internally
- queue the lock request, and periodically attempt to obtain
- the lock until the timeout period expires.</P
-><P
->If this parameter is set to <TT
-CLASS="CONSTANT"
->False</TT
->, then
- Samba 2.2 will behave as previous versions of Samba would and
- will fail the lock request immediately if the lock range
- cannot be obtained.</P
-><P
->Default: <B
-CLASS="COMMAND"
->blocking locks = yes</B
-></P
-></DD
-><DT
-><A
-NAME="BROWSABLE"
-></A
->browsable (S)</DT
-><DD
-><P
->See the <A
-HREF="#BROWSEABLE"
-><TT
-CLASS="PARAMETER"
-><I
-> browseable</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="BROWSELIST"
-></A
->browse list (G)</DT
-><DD
-><P
->This controls whether <A
-HREF="smbd.8.html"
-TARGET="_top"
-> <B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> will serve a browse list to
- a client doing a <B
-CLASS="COMMAND"
->NetServerEnum</B
-> call. Normally
- set to <TT
-CLASS="CONSTANT"
->true</TT
->. You should never need to change
- this.</P
-><P
->Default: <B
-CLASS="COMMAND"
->browse list = yes</B
-></P
-></DD
-><DT
-><A
-NAME="BROWSEABLE"
-></A
->browseable (S)</DT
-><DD
-><P
->This controls whether this share is seen in
- the list of available shares in a net view and in the browse list.</P
-><P
->Default: <B
-CLASS="COMMAND"
->browseable = yes</B
-></P
-></DD
-><DT
-><A
-NAME="CASESENSITIVE"
-></A
->case sensitive (S)</DT
-><DD
-><P
->See the discussion in the section <A
-HREF="#AEN201"
->NAME MANGLING</A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->case sensitive = no</B
-></P
-></DD
-><DT
-><A
-NAME="CASESIGNAMES"
-></A
->casesignames (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#CASESENSITIVE"
->case
- sensitive</A
->.</P
-></DD
-><DT
-><A
-NAME="CHANGENOTIFYTIMEOUT"
-></A
->change notify timeout (G)</DT
-><DD
-><P
->This SMB allows a client to tell a server to
- "watch" a particular directory for any changes and only reply to
- the SMB request when a change has occurred. Such constant scanning of
- a directory is expensive under UNIX, hence an <A
-HREF="smbd.8.html"
-TARGET="_top"
-> <B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> daemon only performs such a scan
- on each requested directory once every <TT
-CLASS="PARAMETER"
-><I
->change notify
- timeout</I
-></TT
-> seconds.</P
-><P
->Default: <B
-CLASS="COMMAND"
->change notify timeout = 60</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->change notify timeout = 300</B
-></P
-><P
->Would change the scan time to every 5 minutes.</P
-></DD
-><DT
-><A
-NAME="CHARACTERSET"
-></A
->character set (G)</DT
-><DD
-><P
->This allows a smbd to map incoming filenames
- from a DOS Code page (see the <A
-HREF="#CLIENTCODEPAGE"
->client
- code page</A
-> parameter) to several built in UNIX character sets.
- The built in code page translations are:</P
-><P
-></P
-><UL
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->ISO8859-1</TT
-> : Western European
- UNIX character set. The parameter <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
->
- <I
-CLASS="EMPHASIS"
->MUST</I
-> be set to code page 850 if the
- <TT
-CLASS="PARAMETER"
-><I
->character set</I
-></TT
-> parameter is set to
- <TT
-CLASS="CONSTANT"
->ISO8859-1</TT
-> in order for the conversion to the
- UNIX character set to be done correctly.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->ISO8859-2</TT
-> : Eastern European
- UNIX character set. The parameter <TT
-CLASS="PARAMETER"
-><I
->client code page
- </I
-></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
-> be set to code page 852 if
- the <TT
-CLASS="PARAMETER"
-><I
-> character set</I
-></TT
-> parameter is set
- to <TT
-CLASS="CONSTANT"
->ISO8859-2</TT
-> in order for the conversion
- to the UNIX character set to be done correctly. </P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->ISO8859-5</TT
-> : Russian Cyrillic
- UNIX character set. The parameter <TT
-CLASS="PARAMETER"
-><I
->client code page
- </I
-></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
-> be set to code page
- 866 if the <TT
-CLASS="PARAMETER"
-><I
->character set </I
-></TT
-> parameter is
- set to <TT
-CLASS="CONSTANT"
->ISO8859-5</TT
-> in order for the conversion
- to the UNIX character set to be done correctly. </P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->ISO8859-7</TT
-> : Greek UNIX
- character set. The parameter <TT
-CLASS="PARAMETER"
-><I
->client code page
- </I
-></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
-> be set to code page
- 737 if the <TT
-CLASS="PARAMETER"
-><I
->character set</I
-></TT
-> parameter is
- set to <TT
-CLASS="CONSTANT"
->ISO8859-7</TT
-> in order for the conversion
- to the UNIX character set to be done correctly.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->KOI8-R</TT
-> : Alternate mapping
- for Russian Cyrillic UNIX character set. The parameter
- <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
->
- be set to code page 866 if the <TT
-CLASS="PARAMETER"
-><I
->character set</I
-></TT
->
- parameter is set to <TT
-CLASS="CONSTANT"
->KOI8-R</TT
-> in order for the
- conversion to the UNIX character set to be done correctly.</P
-></LI
-></UL
-><P
-><I
-CLASS="EMPHASIS"
->BUG</I
->. These MSDOS code page to UNIX character
- set mappings should be dynamic, like the loading of MS DOS code pages,
- not static.</P
-><P
->Normally this parameter is not set, meaning no filename
- translation is done.</P
-><P
->Default: <B
-CLASS="COMMAND"
->character set = &lt;empty string&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->character set = ISO8859-1</B
-></P
-></DD
-><DT
-><A
-NAME="CLIENTCODEPAGE"
-></A
->client code page (G)</DT
-><DD
-><P
->This parameter specifies the DOS code page
- that the clients accessing Samba are using. To determine what code
- page a Windows or DOS client is using, open a DOS command prompt
- and type the command <B
-CLASS="COMMAND"
->chcp</B
->. This will output
- the code page. The default for USA MS-DOS, Windows 95, and
- Windows NT releases is code page 437. The default for western
- European releases of the above operating systems is code page 850.</P
-><P
->This parameter tells <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
->
- which of the <TT
-CLASS="FILENAME"
->codepage.<TT
-CLASS="REPLACEABLE"
-><I
->XXX</I
-></TT
->
- </TT
-> files to dynamically load on startup. These files,
- described more fully in the manual page <A
-HREF="make_smbcodepage.1.html"
-TARGET="_top"
-> <B
-CLASS="COMMAND"
->make_smbcodepage(1)</B
-></A
->, tell <B
-CLASS="COMMAND"
-> smbd</B
-> how to map lower to upper case characters to provide
- the case insensitivity of filenames that Windows clients expect.</P
-><P
->Samba currently ships with the following code page files :</P
-><P
-></P
-><UL
-><LI
-><P
->Code Page 437 - MS-DOS Latin US</P
-></LI
-><LI
-><P
->Code Page 737 - Windows '95 Greek</P
-></LI
-><LI
-><P
->Code Page 850 - MS-DOS Latin 1</P
-></LI
-><LI
-><P
->Code Page 852 - MS-DOS Latin 2</P
-></LI
-><LI
-><P
->Code Page 861 - MS-DOS Icelandic</P
-></LI
-><LI
-><P
->Code Page 866 - MS-DOS Cyrillic</P
-></LI
-><LI
-><P
->Code Page 932 - MS-DOS Japanese SJIS</P
-></LI
-><LI
-><P
->Code Page 936 - MS-DOS Simplified Chinese</P
-></LI
-><LI
-><P
->Code Page 949 - MS-DOS Korean Hangul</P
-></LI
-><LI
-><P
->Code Page 950 - MS-DOS Traditional Chinese</P
-></LI
-></UL
-><P
->Thus this parameter may have any of the values 437, 737, 850, 852,
- 861, 932, 936, 949, or 950. If you don't find the codepage you need,
- read the comments in one of the other codepage files and the
- <B
-CLASS="COMMAND"
->make_smbcodepage(1)</B
-> man page and write one. Please
- remember to donate it back to the Samba user community.</P
-><P
->This parameter co-operates with the <TT
-CLASS="PARAMETER"
-><I
->valid
- chars</I
-></TT
-> parameter in determining what characters are
- valid in filenames and how capitalization is done. If you set both
- this parameter and the <TT
-CLASS="PARAMETER"
-><I
->valid chars</I
-></TT
-> parameter
- the <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
-> parameter
- <I
-CLASS="EMPHASIS"
->MUST</I
-> be set before the <TT
-CLASS="PARAMETER"
-><I
->valid
- chars</I
-></TT
-> parameter in the <TT
-CLASS="FILENAME"
->smb.conf</TT
->
- file. The <TT
-CLASS="PARAMETER"
-><I
->valid chars</I
-></TT
-> string will then
- augment the character settings in the <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
->
- parameter.</P
-><P
->If not set, <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
-> defaults
- to 850.</P
-><P
->See also : <A
-HREF="#VALIDCHARS"
-><TT
-CLASS="PARAMETER"
-><I
->valid
- chars</I
-></TT
-></A
->, <A
-HREF="#CODEPAGEDIRECTORY"
-> <TT
-CLASS="PARAMETER"
-><I
->code page directory</I
-></TT
-></A
-></P
-><P
->Default: <B
-CLASS="COMMAND"
->client code page = 850</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->client code page = 936</B
-></P
-></DD
-><DT
-><A
-NAME="CODEPAGEDIRECTORY"
-></A
->code page directory (G)</DT
-><DD
-><P
->Define the location of the various client code page
- files.</P
-><P
->See also <A
-HREF="#CLIENTCODEPAGE"
-><TT
-CLASS="PARAMETER"
-><I
->client
- code page</I
-></TT
-></A
-></P
-><P
->Default: <B
-CLASS="COMMAND"
->code page directory = ${prefix}/lib/codepages
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->code page directory = /usr/share/samba/codepages
- </B
-></P
-></DD
-><DT
-><A
-NAME="CODINGSYSTEM"
-></A
->codingsystem (G)</DT
-><DD
-><P
->This parameter is used to determine how incoming
- Shift-JIS Japanese characters are mapped from the incoming <A
-HREF="#CLIENTCODEPAGE"
-><TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
->
- </A
-> used by the client, into file names in the UNIX filesystem.
- Only useful if <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
-> is set to
- 932 (Japanese Shift-JIS). The options are :</P
-><P
-></P
-><UL
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->SJIS</TT
-> - Shift-JIS. Does no
- conversion of the incoming filename.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->JIS8, J8BB, J8BH, J8@B,
- J8@J, J8@H </TT
-> - Convert from incoming Shift-JIS to eight
- bit JIS code with different shift-in, shift out codes.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->JIS7, J7BB, J7BH, J7@B, J7@J,
- J7@H </TT
-> - Convert from incoming Shift-JIS to seven bit
- JIS code with different shift-in, shift out codes.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->JUNET, JUBB, JUBH, JU@B, JU@J, JU@H </TT
->
- - Convert from incoming Shift-JIS to JUNET code with different shift-in,
- shift out codes.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->EUC</TT
-> - Convert an incoming
- Shift-JIS character to EUC code.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->HEX</TT
-> - Convert an incoming
- Shift-JIS character to a 3 byte hex representation, i.e.
- <TT
-CLASS="CONSTANT"
->:AB</TT
->.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->CAP</TT
-> - Convert an incoming
- Shift-JIS character to the 3 byte hex representation used by
- the Columbia AppleTalk Program (CAP), i.e. <TT
-CLASS="CONSTANT"
->:AB</TT
->.
- This is used for compatibility between Samba and CAP.</P
-></LI
-></UL
-><P
->Default: <B
-CLASS="COMMAND"
->coding system = &lt;empty value&gt;</B
->
- </P
-></DD
-><DT
-><A
-NAME="COMMENT"
-></A
->comment (S)</DT
-><DD
-><P
->This is a text field that is seen next to a share
- when a client does a queries the server, either via the network
- neighborhood or via <B
-CLASS="COMMAND"
->net view</B
-> to list what shares
- are available.</P
-><P
->If you want to set the string that is displayed next to the
- machine name then see the <A
-HREF="#SERVERSTRING"
-><TT
-CLASS="PARAMETER"
-><I
-> server string</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->No comment string</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->comment = Fred's Files</B
-></P
-></DD
-><DT
-><A
-NAME="CONFIGFILE"
-></A
->config file (G)</DT
-><DD
-><P
->This allows you to override the config file
- to use, instead of the default (usually <TT
-CLASS="FILENAME"
->smb.conf</TT
->).
- There is a chicken and egg problem here as this option is set
- in the config file!</P
-><P
->For this reason, if the name of the config file has changed
- when the parameters are loaded then it will reload them from
- the new config file.</P
-><P
->This option takes the usual substitutions, which can
- be very useful.</P
-><P
->If the config file doesn't exist then it won't be loaded
- (allowing you to special case the config files of just a few
- clients).</P
-><P
->Example: <B
-CLASS="COMMAND"
->config file = /usr/local/samba/lib/smb.conf.%m
- </B
-></P
-></DD
-><DT
-><A
-NAME="COPY"
-></A
->copy (S)</DT
-><DD
-><P
->This parameter allows you to "clone" service
- entries. The specified service is simply duplicated under the
- current service's name. Any parameters specified in the current
- section will override those in the section being copied.</P
-><P
->This feature lets you set up a 'template' service and
- create similar services easily. Note that the service being
- copied must occur earlier in the configuration file than the
- service doing the copying.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no value</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->copy = otherservice</B
-></P
-></DD
-><DT
-><A
-NAME="CREATEMASK"
-></A
->create mask (S)</DT
-><DD
-><P
->A synonym for this parameter is
- <A
-HREF="#CREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->create mode</I
-></TT
->
- </A
->.</P
-><P
->When a file is created, the necessary permissions are
- calculated according to the mapping from DOS modes to UNIX
- permissions, and the resulting UNIX mode is then bit-wise 'AND'ed
- with this parameter. This parameter may be thought of as a bit-wise
- MASK for the UNIX modes of a file. Any bit <I
-CLASS="EMPHASIS"
->not</I
->
- set here will be removed from the modes set on a file when it is
- created.</P
-><P
->The default value of this parameter removes the
- 'group' and 'other' write and execute bits from the UNIX modes.</P
-><P
->Following this Samba will bit-wise 'OR' the UNIX mode created
- from this parameter with the value of the <A
-HREF="#FORCECREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force create mode</I
-></TT
-></A
->
- parameter which is set to 000 by default.</P
-><P
->This parameter does not affect directory modes. See the
- parameter <A
-HREF="#DIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->directory mode
- </I
-></TT
-></A
-> for details.</P
-><P
->See also the <A
-HREF="#FORCECREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force
- create mode</I
-></TT
-></A
-> parameter for forcing particular mode
- bits to be set on created files. See also the <A
-HREF="#DIRECTORYMODE"
-> <TT
-CLASS="PARAMETER"
-><I
->directory mode"</I
-></TT
-></A
-> parameter for masking
- mode bits on created directories. See also the <A
-HREF="#INHERITPERMISSIONS"
-> <TT
-CLASS="PARAMETER"
-><I
->inherit permissions</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->create mask = 0744</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->create mask = 0775</B
-></P
-></DD
-><DT
-><A
-NAME="CREATEMODE"
-></A
->create mode (S)</DT
-><DD
-><P
->This is a synonym for <A
-HREF="#CREATEMASK"
-><TT
-CLASS="PARAMETER"
-><I
-> create mask</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="DEADTIME"
-></A
->deadtime (G)</DT
-><DD
-><P
->The value of the parameter (a decimal integer)
- represents the number of minutes of inactivity before a connection
- is considered dead, and it is disconnected. The deadtime only takes
- effect if the number of open files is zero.</P
-><P
->This is useful to stop a server's resources being
- exhausted by a large number of inactive connections.</P
-><P
->Most clients have an auto-reconnect feature when a
- connection is broken so in most cases this parameter should be
- transparent to users.</P
-><P
->Using this parameter with a timeout of a few minutes
- is recommended for most systems.</P
-><P
->A deadtime of zero indicates that no auto-disconnection
- should be performed.</P
-><P
->Default: <B
-CLASS="COMMAND"
->deadtime = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->deadtime = 15</B
-></P
-></DD
-><DT
-><A
-NAME="DEBUGHIRESTIMESTAMP"
-></A
->debug hires timestamp (G)</DT
-><DD
-><P
->Sometimes the timestamps in the log messages
- are needed with a resolution of higher that seconds, this
- boolean parameter adds microsecond resolution to the timestamp
- message header when turned on.</P
-><P
->Note that the parameter <A
-HREF="#DEBUGTIMESTAMP"
-><TT
-CLASS="PARAMETER"
-><I
-> debug timestamp</I
-></TT
-></A
-> must be on for this to have an
- effect.</P
-><P
->Default: <B
-CLASS="COMMAND"
->debug hires timestamp = no</B
-></P
-></DD
-><DT
-><A
-NAME="DEBUGPID"
-></A
->debug pid (G)</DT
-><DD
-><P
->When using only one log file for more then one
- forked smbd-process there may be hard to follow which process
- outputs which message. This boolean parameter is adds the process-id
- to the timestamp message headers in the logfile when turned on.</P
-><P
->Note that the parameter <A
-HREF="#DEBUGTIMESTAMP"
-><TT
-CLASS="PARAMETER"
-><I
-> debug timestamp</I
-></TT
-></A
-> must be on for this to have an
- effect.</P
-><P
->Default: <B
-CLASS="COMMAND"
->debug pid = no</B
-></P
-></DD
-><DT
-><A
-NAME="DEBUGTIMESTAMP"
-></A
->debug timestamp (G)</DT
-><DD
-><P
->Samba 2.2 debug log messages are timestamped
- by default. If you are running at a high <A
-HREF="#DEBUGLEVEL"
-> <TT
-CLASS="PARAMETER"
-><I
->debug level</I
-></TT
-></A
-> these timestamps
- can be distracting. This boolean parameter allows timestamping
- to be turned off.</P
-><P
->Default: <B
-CLASS="COMMAND"
->debug timestamp = yes</B
-></P
-></DD
-><DT
-><A
-NAME="DEBUGUID"
-></A
->debug uid (G)</DT
-><DD
-><P
->Samba is sometimes run as root and sometime
- run as the connected user, this boolean parameter inserts the
- current euid, egid, uid and gid to the timestamp message headers
- in the log file if turned on.</P
-><P
->Note that the parameter <A
-HREF="#DEBUGTIMESTAMP"
-><TT
-CLASS="PARAMETER"
-><I
-> debug timestamp</I
-></TT
-></A
-> must be on for this to have an
- effect.</P
-><P
->Default: <B
-CLASS="COMMAND"
->debug uid = no</B
-></P
-></DD
-><DT
-><A
-NAME="DEBUGLEVEL"
-></A
->debuglevel (G)</DT
-><DD
-><P
->The value of the parameter (an integer) allows
- the debug level (logging level) to be specified in the
- <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file. This is to give greater
- flexibility in the configuration of the system.</P
-><P
->The default will be the debug level specified on
- the command line or level zero if none was specified.</P
-><P
->Example: <B
-CLASS="COMMAND"
->debug level = 3</B
-></P
-></DD
-><DT
-><A
-NAME="DEFAULT"
-></A
->default (G)</DT
-><DD
-><P
->A synonym for <A
-HREF="#DEFAULTSERVICE"
-><TT
-CLASS="PARAMETER"
-><I
-> default service</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="DEFAULTCASE"
-></A
->default case (S)</DT
-><DD
-><P
->See the section on <A
-HREF="#AEN201"
-> NAME MANGLING</A
->. Also note the <A
-HREF="#SHORTPRESERVECASE"
-> <TT
-CLASS="PARAMETER"
-><I
->short preserve case"</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->default case = lower</B
-></P
-></DD
-><DT
-><A
-NAME="DEFAULTSERVICE"
-></A
->default service (G)</DT
-><DD
-><P
->This parameter specifies the name of a service
- which will be connected to if the service actually requested cannot
- be found. Note that the square brackets are <I
-CLASS="EMPHASIS"
->NOT</I
->
- given in the parameter value (see example below).</P
-><P
->There is no default value for this parameter. If this
- parameter is not given, attempting to connect to a nonexistent
- service results in an error.</P
-><P
->Typically the default service would be a <A
-HREF="#GUESTOK"
-> <TT
-CLASS="PARAMETER"
-><I
->guest ok</I
-></TT
-></A
->, <A
-HREF="#READONLY"
-> <TT
-CLASS="PARAMETER"
-><I
->read-only</I
-></TT
-></A
-> service.</P
-><P
->Also note that the apparent service name will be changed
- to equal that of the requested service, this is very useful as it
- allows you to use macros like <TT
-CLASS="PARAMETER"
-><I
->%S</I
-></TT
-> to make
- a wildcard service.</P
-><P
->Note also that any "_" characters in the name of the service
- used in the default service will get mapped to a "/". This allows for
- interesting things.</P
-><P
->Example:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->[global]
- default service = pub
-
-[pub]
- path = /%S
- </PRE
-></P
-></DD
-><DT
-><A
-NAME="DELETEREADONLY"
-></A
->delete readonly (S)</DT
-><DD
-><P
->This parameter allows readonly files to be deleted.
- This is not normal DOS semantics, but is allowed by UNIX.</P
-><P
->This option may be useful for running applications such
- as rcs, where UNIX file ownership prevents changing file
- permissions, and DOS semantics prevent deletion of a read only file.</P
-><P
->Default: <B
-CLASS="COMMAND"
->delete readonly = no</B
-></P
-></DD
-><DT
-><A
-NAME="DELETEUSERSCRIPT"
-></A
->delete user script (G)</DT
-><DD
-><P
->This is the full pathname to a script that will
- be run <I
-CLASS="EMPHASIS"
->AS ROOT</I
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
-> <B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> under special circumstances
- described below.</P
-><P
->Normally, a Samba server requires that UNIX users are
- created for all users accessing files on this server. For sites
- that use Windows NT account databases as their primary user database
- creating these users and keeping the user list in sync with the
- Windows NT PDC is an onerous task. This option allows <B
-CLASS="COMMAND"
-> smbd</B
-> to delete the required UNIX users <I
-CLASS="EMPHASIS"
->ON
- DEMAND</I
-> when a user accesses the Samba server and the
- Windows NT user no longer exists.</P
-><P
->In order to use this option, <B
-CLASS="COMMAND"
->smbd</B
-> must be
- set to <TT
-CLASS="PARAMETER"
-><I
->security=domain</I
-></TT
-> and <TT
-CLASS="PARAMETER"
-><I
->delete
- user script</I
-></TT
-> must be set to a full pathname for a script
- that will delete a UNIX user given one argument of <TT
-CLASS="PARAMETER"
-><I
->%u
- </I
-></TT
->, which expands into the UNIX user name to delete.
- <I
-CLASS="EMPHASIS"
->NOTE</I
-> that this is different to the <A
-HREF="#ADDUSERSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->add user script</I
-></TT
-></A
->
- which will work with the <TT
-CLASS="PARAMETER"
-><I
->security=server</I
-></TT
-> option
- as well as <TT
-CLASS="PARAMETER"
-><I
->security=domain</I
-></TT
->. The reason for this
- is only when Samba is a domain member does it get the information
- on an attempted user logon that a user no longer exists. In the
- <TT
-CLASS="PARAMETER"
-><I
->security=server</I
-></TT
-> mode a missing user
- is treated the same as an invalid password logon attempt. Deleting
- the user in this circumstance would not be a good idea.</P
-><P
->When the Windows user attempts to access the Samba server,
- at <I
-CLASS="EMPHASIS"
->login</I
-> (session setup in the SMB protocol)
- time, <B
-CLASS="COMMAND"
->smbd</B
-> contacts the <A
-HREF="#PASSWORDSERVER"
-> <TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-></A
-> and attempts to authenticate
- the given user with the given password. If the authentication fails
- with the specific Domain error code meaning that the user no longer
- exists then <B
-CLASS="COMMAND"
->smbd</B
-> attempts to find a UNIX user in
- the UNIX password database that matches the Windows user account. If
- this lookup succeeds, and <TT
-CLASS="PARAMETER"
-><I
->delete user script</I
-></TT
-> is
- set then <B
-CLASS="COMMAND"
->smbd</B
-> will all the specified script
- <I
-CLASS="EMPHASIS"
->AS ROOT</I
->, expanding any <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
->
- argument to be the user name to delete.</P
-><P
->This script should delete the given UNIX username. In this way,
- UNIX users are dynamically deleted to match existing Windows NT
- accounts.</P
-><P
->See also <A
-HREF="#SECURITYEQUALSDOMAIN"
->security=domain</A
->,
- <A
-HREF="#PASSWORDSERVER"
-><TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
->
- </A
->, <A
-HREF="#ADDUSERSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->add user script</I
-></TT
->
- </A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->delete user script = &lt;empty string&gt;
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->delete user script = /usr/local/samba/bin/del_user
- %u</B
-></P
-></DD
-><DT
-><A
-NAME="DELETEPRINTERCOMMAND"
-></A
->deleteprinter command (G)</DT
-><DD
-><P
->With the introduction of MS-RPC based printer
- support for Windows NT/2000 clients in Samba 2.2, it is now
- possible to delete printer at run time by issuing the
- DeletePrinter() RPC call.</P
-><P
->For a Samba host this means that the printer must be
- physically deleted from underlying printing system. The <TT
-CLASS="PARAMETER"
-><I
-> deleteprinter command</I
-></TT
-> defines a script to be run which
- will perform the necessary operations for removing the printer
- from the print system and from <TT
-CLASS="FILENAME"
->smb.conf</TT
->.
- </P
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->deleteprinter command</I
-></TT
-> is
- automatically called with only one parameter: <TT
-CLASS="PARAMETER"
-><I
-> "printer name"</I
-></TT
->.</P
-><P
->Once the <TT
-CLASS="PARAMETER"
-><I
->deleteprinter command</I
-></TT
-> has
- been executed, <B
-CLASS="COMMAND"
->smbd</B
-> will reparse the <TT
-CLASS="FILENAME"
-> smb.conf</TT
-> to associated printer no longer exists.
- If the sharename is still valid, then <B
-CLASS="COMMAND"
->smbd
- </B
-> will return an ACCESS_DENIED error to the client.</P
-><P
->See also <A
-HREF="#ADDPRINTERCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
-> addprinter command</I
-></TT
-></A
->, <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-></A
->,
- <A
-HREF="#SHOWADDPRINTERWIZARD"
-><TT
-CLASS="PARAMETER"
-><I
->show add
- printer wizard</I
-></TT
-></A
-></P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->deleteprinter command = /usr/bin/removeprinter
- </B
-></P
-></DD
-><DT
-><A
-NAME="DELETEVETOFILES"
-></A
->delete veto files (S)</DT
-><DD
-><P
->This option is used when Samba is attempting to
- delete a directory that contains one or more vetoed directories
- (see the <A
-HREF="#VETOFILES"
-><TT
-CLASS="PARAMETER"
-><I
->veto files</I
-></TT
-></A
->
- option). If this option is set to False (the default) then if a vetoed
- directory contains any non-vetoed files or directories then the
- directory delete will fail. This is usually what you want.</P
-><P
->If this option is set to <TT
-CLASS="CONSTANT"
->True</TT
->, then Samba
- will attempt to recursively delete any files and directories within
- the vetoed directory. This can be useful for integration with file
- serving systems such as NetAtalk which create meta-files within
- directories you might normally veto DOS/Windows users from seeing
- (e.g. <TT
-CLASS="FILENAME"
->.AppleDouble</TT
->)</P
-><P
->Setting <B
-CLASS="COMMAND"
->delete veto files = yes</B
-> allows these
- directories to be transparently deleted when the parent directory
- is deleted (so long as the user has permissions to do so).</P
-><P
->See also the <A
-HREF="#VETOFILES"
-><TT
-CLASS="PARAMETER"
-><I
->veto
- files</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->delete veto files = no</B
-></P
-></DD
-><DT
-><A
-NAME="DENYHOSTS"
-></A
->deny hosts (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#HOSTSDENY"
-><TT
-CLASS="PARAMETER"
-><I
->hosts
- deny</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="DFREECOMMAND"
-></A
->dfree command (G)</DT
-><DD
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->dfree command</I
-></TT
-> setting should
- only be used on systems where a problem occurs with the internal
- disk space calculations. This has been known to happen with Ultrix,
- but may occur with other operating systems. The symptom that was
- seen was an error of "Abort Retry Ignore" at the end of each
- directory listing.</P
-><P
->This setting allows the replacement of the internal routines to
- calculate the total disk space and amount available with an external
- routine. The example below gives a possible script that might fulfill
- this function.</P
-><P
->The external program will be passed a single parameter indicating
- a directory in the filesystem being queried. This will typically consist
- of the string <TT
-CLASS="FILENAME"
->./</TT
->. The script should return two
- integers in ASCII. The first should be the total disk space in blocks,
- and the second should be the number of available blocks. An optional
- third return value can give the block size in bytes. The default
- blocksize is 1024 bytes.</P
-><P
->Note: Your script should <I
-CLASS="EMPHASIS"
->NOT</I
-> be setuid or
- setgid and should be owned by (and writeable only by) root!</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->By default internal routines for
- determining the disk capacity and remaining space will be used.
- </I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->dfree command = /usr/local/samba/bin/dfree
- </B
-></P
-><P
->Where the script dfree (which must be made executable) could be:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->
- #!/bin/sh
- df $1 | tail -1 | awk '{print $2" "$4}'
- </PRE
-></P
-><P
->or perhaps (on Sys V based systems):</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->
- #!/bin/sh
- /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
- </PRE
-></P
-><P
->Note that you may have to replace the command names
- with full path names on some systems.</P
-></DD
-><DT
-><A
-NAME="DIRECTORY"
-></A
->directory (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#PATH"
-><TT
-CLASS="PARAMETER"
-><I
->path
- </I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="DIRECTORYMASK"
-></A
->directory mask (S)</DT
-><DD
-><P
->This parameter is the octal modes which are
- used when converting DOS modes to UNIX modes when creating UNIX
- directories.</P
-><P
->When a directory is created, the necessary permissions are
- calculated according to the mapping from DOS modes to UNIX permissions,
- and the resulting UNIX mode is then bit-wise 'AND'ed with this
- parameter. This parameter may be thought of as a bit-wise MASK for
- the UNIX modes of a directory. Any bit <I
-CLASS="EMPHASIS"
->not</I
-> set
- here will be removed from the modes set on a directory when it is
- created.</P
-><P
->The default value of this parameter removes the 'group'
- and 'other' write bits from the UNIX mode, allowing only the
- user who owns the directory to modify it.</P
-><P
->Following this Samba will bit-wise 'OR' the UNIX mode
- created from this parameter with the value of the <A
-HREF="#FORCEDIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force directory mode
- </I
-></TT
-></A
-> parameter. This parameter is set to 000 by
- default (i.e. no extra mode bits are added).</P
-><P
->See the <A
-HREF="#FORCEDIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force
- directory mode</I
-></TT
-></A
-> parameter to cause particular mode
- bits to always be set on created directories.</P
-><P
->See also the <A
-HREF="#CREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->create mode
- </I
-></TT
-></A
-> parameter for masking mode bits on created files,
- and the <A
-HREF="#DIRECTORYSECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->directory
- security mask</I
-></TT
-></A
-> parameter.</P
-><P
->Also refer to the <A
-HREF="#INHERITPERMISSIONS"
-><TT
-CLASS="PARAMETER"
-><I
-> inherit permissions</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->directory mask = 0755</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->directory mask = 0775</B
-></P
-></DD
-><DT
-><A
-NAME="DIRECTORYMODE"
-></A
->directory mode (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#DIRECTORYMASK"
-><TT
-CLASS="PARAMETER"
-><I
-> directory mask</I
-></TT
-></A
-></P
-></DD
-><DT
-><A
-NAME="DIRECTORYSECURITYMASK"
-></A
->directory security mask (S)</DT
-><DD
-><P
->This parameter controls what UNIX permission bits
- can be modified when a Windows NT client is manipulating the UNIX
- permission on a directory using the native NT security dialog
- box.</P
-><P
->This parameter is applied as a mask (AND'ed with) to
- the changed permission bits, thus preventing any bits not in
- this mask from being modified. Essentially, zero bits in this
- mask may be treated as a set of bits the user is not allowed
- to change.</P
-><P
->If not set explicitly this parameter is set to the same
- value as the <A
-HREF="#DIRECTORYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->directory
- mask</I
-></TT
-></A
-> parameter. To allow a user to
- modify all the user/group/world permissions on a directory, set
- this parameter to 0777.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that users who can access the
- Samba server through other means can easily bypass this restriction,
- so it is primarily useful for standalone "appliance" systems.
- Administrators of most normal systems will probably want to set
- it to 0777.</P
-><P
->See also the <A
-HREF="#FORCEDIRECTORYSECURITYMODE"
-><TT
-CLASS="PARAMETER"
-><I
-> force directory security mode</I
-></TT
-></A
->, <A
-HREF="#SECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->security mask</I
-></TT
-></A
->,
- <A
-HREF="#FORCESECURITYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force security mode
- </I
-></TT
-></A
-> parameters.</P
-><P
->Default: <B
-CLASS="COMMAND"
->directory security mask = &lt;same as
- directory mask&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->directory security mask = 0777</B
-></P
-></DD
-><DT
-><A
-NAME="DNSPROXY"
-></A
->dns proxy (G)</DT
-><DD
-><P
->Specifies that <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
->
- when acting as a WINS server and finding that a NetBIOS name has not
- been registered, should treat the NetBIOS name word-for-word as a DNS
- name and do a lookup with the DNS server for that name on behalf of
- the name-querying client.</P
-><P
->Note that the maximum length for a NetBIOS name is 15
- characters, so the DNS name (or DNS alias) can likewise only be
- 15 characters, maximum.</P
-><P
-><B
-CLASS="COMMAND"
->nmbd</B
-> spawns a second copy of itself to do the
- DNS name lookup requests, as doing a name lookup is a blocking
- action.</P
-><P
->See also the parameter <A
-HREF="#WINSSUPPORT"
-><TT
-CLASS="PARAMETER"
-><I
-> wins support</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->dns proxy = yes</B
-></P
-></DD
-><DT
-><A
-NAME="DOMAINADMINGROUP"
-></A
->domain admin group (G)</DT
-><DD
-><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter
- that is part of the unfinished Samba NT Domain Controller Code. It may
- be removed in a later release. To work with the latest code builds
- that may have more support for Samba NT Domain Controller functionality
- please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by
- visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
-> http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINADMINUSERS"
-></A
->domain admin users (G)</DT
-><DD
-><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter
- that is part of the unfinished Samba NT Domain Controller Code. It may
- be removed in a later release. To work with the latest code builds
- that may have more support for Samba NT Domain Controller functionality
- please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by
- visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
-> http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINGROUPS"
-></A
->domain groups (G)</DT
-><DD
-><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter
- that is part of the unfinished Samba NT Domain Controller Code. It may
- be removed in a later release. To work with the latest code builds
- that may have more support for Samba NT Domain Controller functionality
- please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by
- visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
-> http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINGUESTGROUP"
-></A
->domain guest group (G)</DT
-><DD
-><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter
- that is part of the unfinished Samba NT Domain Controller Code. It may
- be removed in a later release. To work with the latest code builds
- that may have more support for Samba NT Domain Controller functionality
- please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by
- visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
-> http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINGUESTUSERS"
-></A
->domain guest users (G)</DT
-><DD
-><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter
- that is part of the unfinished Samba NT Domain Controller Code. It may
- be removed in a later release. To work with the latest code builds
- that may have more support for Samba NT Domain Controller functionality
- please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by
- visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
-> http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINLOGONS"
-></A
->domain logons (G)</DT
-><DD
-><P
->If set to true, the Samba server will serve
- Windows 95/98 Domain logons for the <A
-HREF="#WORKGROUP"
-> <TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-></A
-> it is in. Samba 2.2 also
- has limited capability to act as a domain controller for Windows
- NT 4 Domains. For more details on setting up this feature see
- the file DOMAINS.txt in the Samba documentation directory <TT
-CLASS="FILENAME"
->docs/
- </TT
-> shipped with the source code.</P
-><P
->Default: <B
-CLASS="COMMAND"
->domain logons = no</B
-></P
-></DD
-><DT
-><A
-NAME="DOMAINMASTER"
-></A
->domain master (G)</DT
-><DD
-><P
->Tell <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
-> nmbd(8)</B
-></A
-> to enable WAN-wide browse list
- collation. Setting this option causes <B
-CLASS="COMMAND"
->nmbd</B
-> to
- claim a special domain specific NetBIOS name that identifies
- it as a domain master browser for its given <A
-HREF="#WORKGROUP"
-> <TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-></A
->. Local master browsers
- in the same <TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-> on broadcast-isolated
- subnets will give this <B
-CLASS="COMMAND"
->nmbd</B
-> their local browse lists,
- and then ask <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->
- for a complete copy of the browse list for the whole wide area
- network. Browser clients will then contact their local master browser,
- and will receive the domain-wide browse list, instead of just the list
- for their broadcast-isolated subnet.</P
-><P
->Note that Windows NT Primary Domain Controllers expect to be
- able to claim this <TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-> specific special
- NetBIOS name that identifies them as domain master browsers for
- that <TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-> by default (i.e. there is no
- way to prevent a Windows NT PDC from attempting to do this). This
- means that if this parameter is set and <B
-CLASS="COMMAND"
->nmbd</B
-> claims
- the special name for a <TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-> before a Windows
- NT PDC is able to do so then cross subnet browsing will behave
- strangely and may fail.</P
-><P
->If <A
-HREF="#DOMAINLOGONS"
-><B
-CLASS="COMMAND"
->domain logons = yes</B
->
- </A
->, then the default behavior is to enable the <TT
-CLASS="PARAMETER"
-><I
->domain
- master</I
-></TT
-> parameter. If <TT
-CLASS="PARAMETER"
-><I
->domain logons</I
-></TT
-> is
- not enabled (the default setting), then neither will <TT
-CLASS="PARAMETER"
-><I
->domain
- master</I
-></TT
-> be enabled by default.</P
-><P
->Default: <B
-CLASS="COMMAND"
->domain master = auto</B
-></P
-></DD
-><DT
-><A
-NAME="DONTDESCEND"
-></A
->dont descend (S)</DT
-><DD
-><P
->There are certain directories on some systems
- (e.g., the <TT
-CLASS="FILENAME"
->/proc</TT
-> tree under Linux) that are either not
- of interest to clients or are infinitely deep (recursive). This
- parameter allows you to specify a comma-delimited list of directories
- that the server should always show as empty.</P
-><P
->Note that Samba can be very fussy about the exact format
- of the "dont descend" entries. For example you may need <TT
-CLASS="FILENAME"
-> ./proc</TT
-> instead of just <TT
-CLASS="FILENAME"
->/proc</TT
->.
- Experimentation is the best policy :-) </P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none (i.e., all directories are OK
- to descend)</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->dont descend = /proc,/dev</B
-></P
-></DD
-><DT
-><A
-NAME="DOSFILEMODE"
-></A
->dos filemode (S)</DT
-><DD
-><P
-> The default behavior in Samba is to provide
- UNIX-like behavor where only the owner of a file/directory is
- able to change the permissions on it. However, this behavior
- is often confusing to DOS/Windows users. Enabling this parameter
- allows a user who has write access to the file (by whatever
- means) to modify the permissions on it. Note that a user
- belonging to the group owning the file will not be allowed to
- change permissions if the group is only granted read access.
- Ownership of the file/directory is not changed, only the permissions
- are modified.</P
-><P
->Default: <B
-CLASS="COMMAND"
->dos filemode = no</B
-></P
-></DD
-><DT
-><A
-NAME="DOSFILETIMERESOLUTION"
-></A
->dos filetime resolution (S)</DT
-><DD
-><P
->Under the DOS and Windows FAT filesystem, the finest
- granularity on time resolution is two seconds. Setting this parameter
- for a share causes Samba to round the reported time down to the
- nearest two second boundary when a query call that requires one second
- resolution is made to <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
->
- </A
->.</P
-><P
->This option is mainly used as a compatibility option for Visual
- C++ when used against Samba shares. If oplocks are enabled on a
- share, Visual C++ uses two different time reading calls to check if a
- file has changed since it was last read. One of these calls uses a
- one-second granularity, the other uses a two second granularity. As
- the two second call rounds any odd second down, then if the file has a
- timestamp of an odd number of seconds then the two timestamps will not
- match and Visual C++ will keep reporting the file has changed. Setting
- this option causes the two timestamps to match, and Visual C++ is
- happy.</P
-><P
->Default: <B
-CLASS="COMMAND"
->dos filetime resolution = no</B
-></P
-></DD
-><DT
-><A
-NAME="DOSFILETIMES"
-></A
->dos filetimes (S)</DT
-><DD
-><P
->Under DOS and Windows, if a user can write to a
- file they can change the timestamp on it. Under POSIX semantics,
- only the owner of the file or root may change the timestamp. By
- default, Samba runs with POSIX semantics and refuses to change the
- timestamp on a file if the user <B
-CLASS="COMMAND"
->smbd</B
-> is acting
- on behalf of is not the file owner. Setting this option to <TT
-CLASS="CONSTANT"
-> True</TT
-> allows DOS semantics and smbd will change the file
- timestamp as DOS requires.</P
-><P
->Default: <B
-CLASS="COMMAND"
->dos filetimes = no</B
-></P
-></DD
-><DT
-><A
-NAME="ENCRYPTPASSWORDS"
-></A
->encrypt passwords (G)</DT
-><DD
-><P
->This boolean controls whether encrypted passwords
- will be negotiated with the client. Note that Windows NT 4.0 SP3 and
- above and also Windows 98 will by default expect encrypted passwords
- unless a registry entry is changed. To use encrypted passwords in
- Samba see the file ENCRYPTION.txt in the Samba documentation
- directory <TT
-CLASS="FILENAME"
->docs/</TT
-> shipped with the source code.</P
-><P
->In order for encrypted passwords to work correctly
- <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> must either
- have access to a local <A
-HREF="smbpasswd.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smbpasswd(5)
- </TT
-></A
-> file (see the <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
-> smbpasswd(8)</B
-></A
-> program for information on how to set up
- and maintain this file), or set the <A
-HREF="#SECURITY"
->security=[serve|domain]</A
-> parameter which
- causes <B
-CLASS="COMMAND"
->smbd</B
-> to authenticate against another
- server.</P
-><P
->Default: <B
-CLASS="COMMAND"
->encrypt passwords = no</B
-></P
-></DD
-><DT
-><A
-NAME="ENHANCEDBROWSING"
-></A
->enhanced browsing (G)</DT
-><DD
-><P
->This option enables a couple of enhancements to
- cross-subnet browse propogation that have been added in Samba
- but which are not standard in Microsoft implementations.
- <I
-CLASS="EMPHASIS"
->These enhancements are currently only available in
- the HEAD Samba CVS tree (not Samba 2.2.x).</I
-></P
-><P
->The first enhancement to browse propogation consists of a regular
- wildcard query to a Samba WINS server for all Domain Master Browsers,
- followed by a browse synchronisation with each of the returned
- DMBs. The second enhancement consists of a regular randomised browse
- synchronisation with all currently known DMBs.</P
-><P
->You may wish to disable this option if you have a problem with empty
- workgroups not disappearing from browse lists. Due to the restrictions
- of the browse protocols these enhancements can cause a empty workgroup
- to stay around forever which can be annoying.</P
-><P
->In general you should leave this option enabled as it makes
- cross-subnet browse propogation much more reliable.</P
-><P
->Default: <B
-CLASS="COMMAND"
->enhanced browsing = yes</B
-></P
-></DD
-><DT
-><A
-NAME="ENUMPORTSCOMMAND"
-></A
->enumports command (G)</DT
-><DD
-><P
->The concept of a "port" is fairly foreign
- to UNIX hosts. Under Windows NT/2000 print servers, a port
- is associated with a port monitor and generally takes the form of
- a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
- (i.e. LPD Port Monitor, etc...). By default, Samba has only one
- port defined--<TT
-CLASS="CONSTANT"
->"Samba Printer Port"</TT
->. Under
- Windows NT/2000, all printers must have a valid port name.
- If you wish to have a list of ports displayed (<B
-CLASS="COMMAND"
->smbd
- </B
-> does not use a port name for anything) other than
- the default <TT
-CLASS="CONSTANT"
->"Samba Printer Port"</TT
->, you
- can define <TT
-CLASS="PARAMETER"
-><I
->enumports command</I
-></TT
-> to point to
- a program which should generate a list of ports, one per line,
- to standard output. This listing will then be used in response
- to the level 1 and 2 EnumPorts() RPC.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no enumports command</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->enumports command = /usr/bin/listports
- </B
-></P
-></DD
-><DT
-><A
-NAME="EXEC"
-></A
->exec (S)</DT
-><DD
-><P
->This is a synonym for <A
-HREF="#PREEXEC"
-> <TT
-CLASS="PARAMETER"
-><I
->preexec</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="FAKEDIRECTORYCREATETIMES"
-></A
->fake directory create times (S)</DT
-><DD
-><P
->NTFS and Windows VFAT file systems keep a create
- time for all files and directories. This is not the same as the
- ctime - status change time - that Unix keeps, so Samba by default
- reports the earliest of the various times Unix does keep. Setting
- this parameter for a share causes Samba to always report midnight
- 1-1-1980 as the create time for directories.</P
-><P
->This option is mainly used as a compatibility option for
- Visual C++ when used against Samba shares. Visual C++ generated
- makefiles have the object directory as a dependency for each object
- file, and a make rule to create the directory. Also, when NMAKE
- compares timestamps it uses the creation time when examining a
- directory. Thus the object directory will be created if it does not
- exist, but once it does exist it will always have an earlier
- timestamp than the object files it contains.</P
-><P
->However, Unix time semantics mean that the create time
- reported by Samba will be updated whenever a file is created or
- or deleted in the directory. NMAKE finds all object files in
- the object directory. The timestamp of the last one built is then
- compared to the timestamp of the object dircetory. If the
- directory's timestamp if newer, then all object files
- will be rebuilt. Enabling this option
- ensures directories always predate their contents and an NMAKE build
- will proceed as expected.</P
-><P
->Default: <B
-CLASS="COMMAND"
->fake directory create times = no</B
-></P
-></DD
-><DT
-><A
-NAME="FAKEOPLOCKS"
-></A
->fake oplocks (S)</DT
-><DD
-><P
->Oplocks are the way that SMB clients get permission
- from a server to locally cache file operations. If a server grants
- an oplock (opportunistic lock) then the client is free to assume
- that it is the only one accessing the file and it will aggressively
- cache file data. With some oplock types the client may even cache
- file open/close operations. This can give enormous performance benefits.
- </P
-><P
->When you set <B
-CLASS="COMMAND"
->fake oplocks = yes</B
->, <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> will
- always grant oplock requests no matter how many clients are using
- the file.</P
-><P
->It is generally much better to use the real <A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->oplocks</I
-></TT
-></A
-> support rather
- than this parameter.</P
-><P
->If you enable this option on all read-only shares or
- shares that you know will only be accessed from one client at a
- time such as physically read-only media like CDROMs, you will see
- a big performance improvement on many operations. If you enable
- this option on shares where multiple clients may be accessing the
- files read-write at the same time you can get data corruption. Use
- this option carefully!</P
-><P
->Default: <B
-CLASS="COMMAND"
->fake oplocks = no</B
-></P
-></DD
-><DT
-><A
-NAME="FOLLOWSYMLINKS"
-></A
->follow symlinks (S)</DT
-><DD
-><P
->This parameter allows the Samba administrator
- to stop <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->
- from following symbolic links in a particular share. Setting this
- parameter to <TT
-CLASS="CONSTANT"
->no</TT
-> prevents any file or directory
- that is a symbolic link from being followed (the user will get an
- error). This option is very useful to stop users from adding a
- symbolic link to <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> in their home
- directory for instance. However it will slow filename lookups
- down slightly.</P
-><P
->This option is enabled (i.e. <B
-CLASS="COMMAND"
->smbd</B
-> will
- follow symbolic links) by default.</P
-><P
->Default: <B
-CLASS="COMMAND"
->follow symlinks = yes</B
-></P
-></DD
-><DT
-><A
-NAME="FORCECREATEMODE"
-></A
->force create mode (S)</DT
-><DD
-><P
->This parameter specifies a set of UNIX mode bit
- permissions that will <I
-CLASS="EMPHASIS"
->always</I
-> be set on a
- file created by Samba. This is done by bitwise 'OR'ing these bits onto
- the mode bits of a file that is being created or having its
- permissions changed. The default for this parameter is (in octal)
- 000. The modes in this parameter are bitwise 'OR'ed onto the file
- mode after the mask set in the <TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
->
- parameter is applied.</P
-><P
->See also the parameter <A
-HREF="#CREATEMASK"
-><TT
-CLASS="PARAMETER"
-><I
->create
- mask</I
-></TT
-></A
-> for details on masking mode bits on files.</P
-><P
->See also the <A
-HREF="#INHERITPERMISSIONS"
-><TT
-CLASS="PARAMETER"
-><I
->inherit
- permissions</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->force create mode = 000</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->force create mode = 0755</B
-></P
-><P
->would force all created files to have read and execute
- permissions set for 'group' and 'other' as well as the
- read/write/execute bits set for the 'user'.</P
-></DD
-><DT
-><A
-NAME="FORCEDIRECTORYMODE"
-></A
->force directory mode (S)</DT
-><DD
-><P
->This parameter specifies a set of UNIX mode bit
- permissions that will <I
-CLASS="EMPHASIS"
->always</I
-> be set on a directory
- created by Samba. This is done by bitwise 'OR'ing these bits onto the
- mode bits of a directory that is being created. The default for this
- parameter is (in octal) 0000 which will not add any extra permission
- bits to a created directory. This operation is done after the mode
- mask in the parameter <TT
-CLASS="PARAMETER"
-><I
->directory mask</I
-></TT
-> is
- applied.</P
-><P
->See also the parameter <A
-HREF="#DIRECTORYMASK"
-><TT
-CLASS="PARAMETER"
-><I
-> directory mask</I
-></TT
-></A
-> for details on masking mode bits
- on created directories.</P
-><P
->See also the <A
-HREF="#INHERITPERMISSIONS"
-><TT
-CLASS="PARAMETER"
-><I
-> inherit permissions</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->force directory mode = 000</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->force directory mode = 0755</B
-></P
-><P
->would force all created directories to have read and execute
- permissions set for 'group' and 'other' as well as the
- read/write/execute bits set for the 'user'.</P
-></DD
-><DT
-><A
-NAME="FORCEDIRECTORYSECURITYMODE"
-></A
->force directory
- security mode (S)</DT
-><DD
-><P
->This parameter controls what UNIX permission bits
- can be modified when a Windows NT client is manipulating the UNIX
- permission on a directory using the native NT security dialog box.</P
-><P
->This parameter is applied as a mask (OR'ed with) to the
- changed permission bits, thus forcing any bits in this mask that
- the user may have modified to be on. Essentially, one bits in this
- mask may be treated as a set of bits that, when modifying security
- on a directory, the user has always set to be 'on'.</P
-><P
->If not set explicitly this parameter is set to the same
- value as the <A
-HREF="#FORCEDIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force
- directory mode</I
-></TT
-></A
-> parameter. To allow
- a user to modify all the user/group/world permissions on a
- directory without restrictions, set this parameter to 000.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that users who can access the
- Samba server through other means can easily bypass this restriction,
- so it is primarily useful for standalone "appliance" systems.
- Administrators of most normal systems will probably want to set
- it to 0000.</P
-><P
->See also the <A
-HREF="#DIRECTORYSECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
-> directory security mask</I
-></TT
-></A
->, <A
-HREF="#SECURITYMASK"
-> <TT
-CLASS="PARAMETER"
-><I
->security mask</I
-></TT
-></A
->,
- <A
-HREF="#FORCESECURITYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force security mode
- </I
-></TT
-></A
-> parameters.</P
-><P
->Default: <B
-CLASS="COMMAND"
->force directory security mode = &lt;same as
- force directory mode&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->force directory security mode = 0</B
-></P
-></DD
-><DT
-><A
-NAME="FORCEGROUP"
-></A
->force group (S)</DT
-><DD
-><P
->This specifies a UNIX group name that will be
- assigned as the default primary group for all users connecting
- to this service. This is useful for sharing files by ensuring
- that all access to files on service will use the named group for
- their permissions checking. Thus, by assigning permissions for this
- group to the files and directories within this service the Samba
- administrator can restrict or allow sharing of these files.</P
-><P
->In Samba 2.0.5 and above this parameter has extended
- functionality in the following way. If the group name listed here
- has a '+' character prepended to it then the current user accessing
- the share only has the primary group default assigned to this group
- if they are already assigned as a member of that group. This allows
- an administrator to decide that only users who are already in a
- particular group will create files with group ownership set to that
- group. This gives a finer granularity of ownership assignment. For
- example, the setting <TT
-CLASS="FILENAME"
->force group = +sys</TT
-> means
- that only users who are already in group sys will have their default
- primary group assigned to sys when accessing this Samba share. All
- other users will retain their ordinary primary group.</P
-><P
->If the <A
-HREF="#FORCEUSER"
-><TT
-CLASS="PARAMETER"
-><I
->force user
- </I
-></TT
-></A
-> parameter is also set the group specified in
- <TT
-CLASS="PARAMETER"
-><I
->force group</I
-></TT
-> will override the primary group
- set in <TT
-CLASS="PARAMETER"
-><I
->force user</I
-></TT
->.</P
-><P
->See also <A
-HREF="#FORCEUSER"
-><TT
-CLASS="PARAMETER"
-><I
->force
- user</I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no forced group</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->force group = agroup</B
-></P
-></DD
-><DT
-><A
-NAME="FORCESECURITYMODE"
-></A
->force security mode (S)</DT
-><DD
-><P
->This parameter controls what UNIX permission
- bits can be modified when a Windows NT client is manipulating
- the UNIX permission on a file using the native NT security dialog
- box.</P
-><P
->This parameter is applied as a mask (OR'ed with) to the
- changed permission bits, thus forcing any bits in this mask that
- the user may have modified to be on. Essentially, one bits in this
- mask may be treated as a set of bits that, when modifying security
- on a file, the user has always set to be 'on'.</P
-><P
->If not set explicitly this parameter is set to the same
- value as the <A
-HREF="#FORCECREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force
- create mode</I
-></TT
-></A
-> parameter. To allow a user to
- modify all the user/group/world permissions on a file, with no
- restrictions set this parameter to 000.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that users who can access
- the Samba server through other means can easily bypass this restriction,
- so it is primarily useful for standalone "appliance" systems.
- Administrators of most normal systems will probably want to set
- it to 0000.</P
-><P
->See also the <A
-HREF="#FORCEDIRECTORYSECURITYMODE"
-><TT
-CLASS="PARAMETER"
-><I
-> force directory security mode</I
-></TT
-></A
->,
- <A
-HREF="#DIRECTORYSECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->directory security
- mask</I
-></TT
-></A
->, <A
-HREF="#SECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
-> security mask</I
-></TT
-></A
-> parameters.</P
-><P
->Default: <B
-CLASS="COMMAND"
->force security mode = &lt;same as force
- create mode&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->force security mode = 0</B
-></P
-></DD
-><DT
-><A
-NAME="FORCEUSER"
-></A
->force user (S)</DT
-><DD
-><P
->This specifies a UNIX user name that will be
- assigned as the default user for all users connecting to this service.
- This is useful for sharing files. You should also use it carefully
- as using it incorrectly can cause security problems.</P
-><P
->This user name only gets used once a connection is established.
- Thus clients still need to connect as a valid user and supply a
- valid password. Once connected, all file operations will be performed
- as the "forced user", no matter what username the client connected
- as. This can be very useful.</P
-><P
->In Samba 2.0.5 and above this parameter also causes the
- primary group of the forced user to be used as the primary group
- for all file activity. Prior to 2.0.5 the primary group was left
- as the primary group of the connecting user (this was a bug).</P
-><P
->See also <A
-HREF="#FORCEGROUP"
-><TT
-CLASS="PARAMETER"
-><I
->force group
- </I
-></TT
-></A
-></P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no forced user</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->force user = auser</B
-></P
-></DD
-><DT
-><A
-NAME="FSTYPE"
-></A
->fstype (S)</DT
-><DD
-><P
->This parameter allows the administrator to
- configure the string that specifies the type of filesystem a share
- is using that is reported by <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)
- </B
-></A
-> when a client queries the filesystem type
- for a share. The default type is <TT
-CLASS="CONSTANT"
->NTFS</TT
-> for
- compatibility with Windows NT but this can be changed to other
- strings such as <TT
-CLASS="CONSTANT"
->Samba</TT
-> or <TT
-CLASS="CONSTANT"
->FAT
- </TT
-> if required.</P
-><P
->Default: <B
-CLASS="COMMAND"
->fstype = NTFS</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->fstype = Samba</B
-></P
-></DD
-><DT
-><A
-NAME="GETWDCACHE"
-></A
->getwd cache (G)</DT
-><DD
-><P
->This is a tuning option. When this is enabled a
- caching algorithm will be used to reduce the time taken for getwd()
- calls. This can have a significant impact on performance, especially
- when the <A
-HREF="#WIDELINKS"
-><TT
-CLASS="PARAMETER"
-><I
->wide links</I
-></TT
->
- </A
->parameter is set to <TT
-CLASS="CONSTANT"
->False</TT
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->getwd cache = yes</B
-></P
-></DD
-><DT
-><A
-NAME="GROUP"
-></A
->group (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#FORCEGROUP"
-><TT
-CLASS="PARAMETER"
-><I
->force
- group</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="GUESTACCOUNT"
-></A
->guest account (S)</DT
-><DD
-><P
->This is a username which will be used for access
- to services which are specified as <A
-HREF="#GUESTOK"
-><TT
-CLASS="PARAMETER"
-><I
-> guest ok</I
-></TT
-></A
-> (see below). Whatever privileges this
- user has will be available to any client connecting to the guest service.
- Typically this user will exist in the password file, but will not
- have a valid login. The user account "ftp" is often a good choice
- for this parameter. If a username is specified in a given service,
- the specified username overrides this one.</P
-><P
->One some systems the default guest account "nobody" may not
- be able to print. Use another account in this case. You should test
- this by trying to log in as your guest user (perhaps by using the
- <B
-CLASS="COMMAND"
->su -</B
-> command) and trying to print using the
- system print command such as <B
-CLASS="COMMAND"
->lpr(1)</B
-> or <B
-CLASS="COMMAND"
-> lp(1)</B
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->specified at compile time, usually
- "nobody"</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->guest account = ftp</B
-></P
-></DD
-><DT
-><A
-NAME="GUESTOK"
-></A
->guest ok (S)</DT
-><DD
-><P
->If this parameter is <TT
-CLASS="CONSTANT"
->yes</TT
-> for
- a service, then no password is required to connect to the service.
- Privileges will be those of the <A
-HREF="#GUESTACCOUNT"
-><TT
-CLASS="PARAMETER"
-><I
-> guest account</I
-></TT
-></A
->.</P
-><P
->See the section below on <A
-HREF="#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
-> security</I
-></TT
-></A
-> for more information about this option.
- </P
-><P
->Default: <B
-CLASS="COMMAND"
->guest ok = no</B
-></P
-></DD
-><DT
-><A
-NAME="GUESTONLY"
-></A
->guest only (S)</DT
-><DD
-><P
->If this parameter is <TT
-CLASS="CONSTANT"
->yes</TT
-> for
- a service, then only guest connections to the service are permitted.
- This parameter will have no effect if <A
-HREF="#GUESTOK"
-> <TT
-CLASS="PARAMETER"
-><I
->guest ok</I
-></TT
-></A
-> is not set for the service.</P
-><P
->See the section below on <A
-HREF="#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
-> security</I
-></TT
-></A
-> for more information about this option.
- </P
-><P
->Default: <B
-CLASS="COMMAND"
->guest only = no</B
-></P
-></DD
-><DT
-><A
-NAME="HIDEDOTFILES"
-></A
->hide dot files (S)</DT
-><DD
-><P
->This is a boolean parameter that controls whether
- files starting with a dot appear as hidden files.</P
-><P
->Default: <B
-CLASS="COMMAND"
->hide dot files = yes</B
-></P
-></DD
-><DT
-><A
-NAME="HIDEFILES"
-></A
->hide files(S)</DT
-><DD
-><P
->This is a list of files or directories that are not
- visible but are accessible. The DOS 'hidden' attribute is applied
- to any files or directories that match.</P
-><P
->Each entry in the list must be separated by a '/',
- which allows spaces to be included in the entry. '*'
- and '?' can be used to specify multiple files or directories
- as in DOS wildcards.</P
-><P
->Each entry must be a Unix path, not a DOS path and must
- not include the Unix directory separator '/'.</P
-><P
->Note that the case sensitivity option is applicable
- in hiding files.</P
-><P
->Setting this parameter will affect the performance of Samba,
- as it will be forced to check all files and directories for a match
- as they are scanned.</P
-><P
->See also <A
-HREF="#HIDEDOTFILES"
-><TT
-CLASS="PARAMETER"
-><I
->hide
- dot files</I
-></TT
-></A
->, <A
-HREF="#VETOFILES"
-><TT
-CLASS="PARAMETER"
-><I
-> veto files</I
-></TT
-></A
-> and <A
-HREF="#CASESENSITIVE"
-> <TT
-CLASS="PARAMETER"
-><I
->case sensitive</I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no file are hidden</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->hide files =
- /.*/DesktopFolderDB/TrashFor%m/resource.frk/</B
-></P
-><P
->The above example is based on files that the Macintosh
- SMB client (DAVE) available from <A
-HREF="http://www.thursby.com"
-TARGET="_top"
->
- Thursby</A
-> creates for internal use, and also still hides
- all files beginning with a dot.</P
-></DD
-><DT
-><A
-NAME="HIDELOCALUSERS"
-></A
->hide local users(G)</DT
-><DD
-><P
->This parameter toggles the hiding of local UNIX
- users (root, wheel, floppy, etc) from remote clients.</P
-><P
->Default: <B
-CLASS="COMMAND"
->hide local users = no</B
-></P
-></DD
-><DT
-><A
-NAME="HOMEDIRMAP"
-></A
->homedir map (G)</DT
-><DD
-><P
->If<A
-HREF="#NISHOMEDIR"
-><TT
-CLASS="PARAMETER"
-><I
->nis homedir
- </I
-></TT
-></A
-> is <TT
-CLASS="CONSTANT"
->True</TT
->, and <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> is also acting
- as a Win95/98 <TT
-CLASS="PARAMETER"
-><I
->logon server</I
-></TT
-> then this parameter
- specifies the NIS (or YP) map from which the server for the user's
- home directory should be extracted. At present, only the Sun
- auto.home map format is understood. The form of the map is:</P
-><P
-><B
-CLASS="COMMAND"
->username server:/some/file/system</B
-></P
-><P
->and the program will extract the servername from before
- the first ':'. There should probably be a better parsing system
- that copes with different map formats and also Amd (another
- automounter) maps.</P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE :</I
->A working NIS client is required on
- the system for this option to work.</P
-><P
->See also <A
-HREF="#NISHOMEDIR"
-><TT
-CLASS="PARAMETER"
-><I
->nis homedir</I
-></TT
->
- </A
->, <A
-HREF="#DOMAINLOGONS"
-><TT
-CLASS="PARAMETER"
-><I
->domain logons</I
-></TT
->
- </A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->homedir map = &lt;empty string&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->homedir map = amd.homedir</B
-></P
-></DD
-><DT
-><A
-NAME="HOSTMSDFS"
-></A
->host msdfs (G)</DT
-><DD
-><P
->This boolean parameter is only available
- if Samba has been configured and compiled with the <B
-CLASS="COMMAND"
-> --with-msdfs</B
-> option. If set to <TT
-CLASS="CONSTANT"
->yes</TT
->,
- Samba will act as a Dfs server, and allow Dfs-aware clients
- to browse Dfs trees hosted on the server.</P
-><P
->See also the <A
-HREF="#MSDFSROOT"
-><TT
-CLASS="PARAMETER"
-><I
-> msdfs root</I
-></TT
-></A
-> share level parameter. For
- more information on setting up a Dfs tree on Samba,
- refer to <A
-HREF="msdfs_setup.html"
-TARGET="_top"
->msdfs_setup.html</A
->.
- </P
-><P
->Default: <B
-CLASS="COMMAND"
->host msdfs = no</B
-></P
-></DD
-><DT
-><A
-NAME="HOSTSALLOW"
-></A
->hosts allow (S)</DT
-><DD
-><P
->A synonym for this parameter is <TT
-CLASS="PARAMETER"
-><I
->allow
- hosts</I
-></TT
->.</P
-><P
->This parameter is a comma, space, or tab delimited
- set of hosts which are permitted to access a service.</P
-><P
->If specified in the [global] section then it will
- apply to all services, regardless of whether the individual
- service has a different setting.</P
-><P
->You can specify the hosts by name or IP number. For
- example, you could restrict access to only the hosts on a
- Class C subnet with something like <B
-CLASS="COMMAND"
->allow hosts = 150.203.5.
- </B
->. The full syntax of the list is described in the man
- page <TT
-CLASS="FILENAME"
->hosts_access(5)</TT
->. Note that this man
- page may not be present on your system, so a brief description will
- be given here also.</P
-><P
->Note that the localhost address 127.0.0.1 will always
- be allowed access unless specifically denied by a <A
-HREF="#HOSTSDENY"
-><TT
-CLASS="PARAMETER"
-><I
->hosts deny</I
-></TT
-></A
-> option.</P
-><P
->You can also specify hosts by network/netmask pairs and
- by netgroup names if your system supports netgroups. The
- <I
-CLASS="EMPHASIS"
->EXCEPT</I
-> keyword can also be used to limit a
- wildcard list. The following examples may provide some help:</P
-><P
->Example 1: allow all IPs in 150.203.*.*; except one</P
-><P
-><B
-CLASS="COMMAND"
->hosts allow = 150.203. EXCEPT 150.203.6.66</B
-></P
-><P
->Example 2: allow hosts that match the given network/netmask</P
-><P
-><B
-CLASS="COMMAND"
->hosts allow = 150.203.15.0/255.255.255.0</B
-></P
-><P
->Example 3: allow a couple of hosts</P
-><P
-><B
-CLASS="COMMAND"
->hosts allow = lapland, arvidsjaur</B
-></P
-><P
->Example 4: allow only hosts in NIS netgroup "foonet", but
- deny access from one particular host</P
-><P
-><B
-CLASS="COMMAND"
->hosts allow = @foonet</B
-></P
-><P
-><B
-CLASS="COMMAND"
->hosts deny = pirate</B
-></P
-><P
->Note that access still requires suitable user-level passwords.</P
-><P
->See <A
-HREF="testparm.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->testparm(1)</B
->
- </A
-> for a way of testing your host access to see if it does
- what you expect.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none (i.e., all hosts permitted access)
- </I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->allow hosts = 150.203.5. myhost.mynet.edu.au
- </B
-></P
-></DD
-><DT
-><A
-NAME="HOSTSDENY"
-></A
->hosts deny (S)</DT
-><DD
-><P
->The opposite of <TT
-CLASS="PARAMETER"
-><I
->hosts allow</I
-></TT
->
- - hosts listed here are <I
-CLASS="EMPHASIS"
->NOT</I
-> permitted access to
- services unless the specific services have their own lists to override
- this one. Where the lists conflict, the <TT
-CLASS="PARAMETER"
-><I
->allow</I
-></TT
->
- list takes precedence.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none (i.e., no hosts specifically excluded)
- </I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->hosts deny = 150.203.4. badhost.mynet.edu.au
- </B
-></P
-></DD
-><DT
-><A
-NAME="HOSTSEQUIV"
-></A
->hosts equiv (G)</DT
-><DD
-><P
->If this global parameter is a non-null string,
- it specifies the name of a file to read for the names of hosts
- and users who will be allowed access without specifying a password.
- </P
-><P
->This is not be confused with <A
-HREF="#HOSTSALLOW"
-> <TT
-CLASS="PARAMETER"
-><I
->hosts allow</I
-></TT
-></A
-> which is about hosts
- access to services and is more useful for guest services. <TT
-CLASS="PARAMETER"
-><I
-> hosts equiv</I
-></TT
-> may be useful for NT clients which will
- not supply passwords to samba.</P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE :</I
-> The use of <TT
-CLASS="PARAMETER"
-><I
->hosts equiv
- </I
-></TT
-> can be a major security hole. This is because you are
- trusting the PC to supply the correct username. It is very easy to
- get a PC to supply a false username. I recommend that the
- <TT
-CLASS="PARAMETER"
-><I
->hosts equiv</I
-></TT
-> option be only used if you really
- know what you are doing, or perhaps on a home network where you trust
- your spouse and kids. And only if you <I
-CLASS="EMPHASIS"
->really</I
-> trust
- them :-).</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no host equivalences</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->hosts equiv = /etc/hosts.equiv</B
-></P
-></DD
-><DT
-><A
-NAME="INCLUDE"
-></A
->include (G)</DT
-><DD
-><P
->This allows you to include one config file
- inside another. The file is included literally, as though typed
- in place.</P
-><P
->It takes the standard substitutions, except <TT
-CLASS="PARAMETER"
-><I
->%u
- </I
-></TT
->, <TT
-CLASS="PARAMETER"
-><I
->%P</I
-></TT
-> and <TT
-CLASS="PARAMETER"
-><I
->%S</I
-></TT
->.
- </P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no file included</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->include = /usr/local/samba/lib/admin_smb.conf
- </B
-></P
-></DD
-><DT
-><A
-NAME="INHERITPERMISSIONS"
-></A
->inherit permissions (S)</DT
-><DD
-><P
->The permissions on new files and directories
- are normally governed by <A
-HREF="#CREATEMASK"
-><TT
-CLASS="PARAMETER"
-><I
-> create mask</I
-></TT
-></A
->, <A
-HREF="#DIRECTORYMASK"
-> <TT
-CLASS="PARAMETER"
-><I
->directory mask</I
-></TT
-></A
->, <A
-HREF="#FORCECREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force create mode</I
-></TT
->
- </A
-> and <A
-HREF="#FORCEDIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force
- directory mode</I
-></TT
-></A
-> but the boolean inherit
- permissions parameter overrides this.</P
-><P
->New directories inherit the mode of the parent directory,
- including bits such as setgid.</P
-><P
->New files inherit their read/write bits from the parent
- directory. Their execute bits continue to be determined by
- <A
-HREF="#MAPARCHIVE"
-><TT
-CLASS="PARAMETER"
-><I
->map archive</I
-></TT
->
- </A
->, <A
-HREF="#MAPHIDDEN"
-><TT
-CLASS="PARAMETER"
-><I
->map hidden</I
-></TT
->
- </A
-> and <A
-HREF="#MAPSYSTEM"
-><TT
-CLASS="PARAMETER"
-><I
->map system</I
-></TT
->
- </A
-> as usual.</P
-><P
->Note that the setuid bit is <I
-CLASS="EMPHASIS"
->never</I
-> set via
- inheritance (the code explicitly prohibits this).</P
-><P
->This can be particularly useful on large systems with
- many users, perhaps several thousand,to allow a single [homes]
- share to be used flexibly by each user.</P
-><P
->See also <A
-HREF="#CREATEMASK"
-><TT
-CLASS="PARAMETER"
-><I
->create mask
- </I
-></TT
-></A
->, <A
-HREF="#DIRECTORYMASK"
-><TT
-CLASS="PARAMETER"
-><I
-> directory mask</I
-></TT
-></A
->, <A
-HREF="#FORCECREATEMODE"
-> <TT
-CLASS="PARAMETER"
-><I
->force create mode</I
-></TT
-></A
-> and <A
-HREF="#FORCEDIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force directory mode</I
-></TT
->
- </A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->inherit permissions = no</B
-></P
-></DD
-><DT
-><A
-NAME="INTERFACES"
-></A
->interfaces (G)</DT
-><DD
-><P
->This option allows you to override the default
- network interfaces list that Samba will use for browsing, name
- registration and other NBT traffic. By default Samba will query
- the kernel for the list of all active interfaces and use any
- interfaces except 127.0.0.1 that are broadcast capable.</P
-><P
->The option takes a list of interface strings. Each string
- can be in any of the following forms:</P
-><P
-></P
-><UL
-><LI
-><P
->a network interface name (such as eth0).
- This may include shell-like wildcards so eth* will match
- any interface starting with the substring "eth"</P
-></LI
-><LI
-><P
->an IP address. In this case the netmask is
- determined from the list of interfaces obtained from the
- kernel</P
-></LI
-><LI
-><P
->an IP/mask pair. </P
-></LI
-><LI
-><P
->a broadcast/mask pair.</P
-></LI
-></UL
-><P
->The "mask" parameters can either be a bit length (such
- as 24 for a C class network) or a full netmask in dotted
- decimal form.</P
-><P
->The "IP" parameters above can either be a full dotted
- decimal IP address or a hostname which will be looked up via
- the OS's normal hostname resolution mechanisms.</P
-><P
->For example, the following line:</P
-><P
-><B
-CLASS="COMMAND"
->interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
- </B
-></P
-><P
->would configure three network interfaces corresponding
- to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10.
- The netmasks of the latter two interfaces would be set to 255.255.255.0.</P
-><P
->See also <A
-HREF="#BINDINTERFACESONLY"
-><TT
-CLASS="PARAMETER"
-><I
->bind
- interfaces only</I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->all active interfaces except 127.0.0.1
- that are broadcast capable</I
-></P
-></DD
-><DT
-><A
-NAME="INVALIDUSERS"
-></A
->invalid users (S)</DT
-><DD
-><P
->This is a list of users that should not be allowed
- to login to this service. This is really a <I
-CLASS="EMPHASIS"
->paranoid</I
->
- check to absolutely ensure an improper setting does not breach
- your security.</P
-><P
->A name starting with a '@' is interpreted as an NIS
- netgroup first (if your system supports NIS), and then as a UNIX
- group if the name was not found in the NIS netgroup database.</P
-><P
->A name starting with '+' is interpreted only
- by looking in the UNIX group database. A name starting with
- '&#38;' is interpreted only by looking in the NIS netgroup database
- (this requires NIS to be working on your system). The characters
- '+' and '&#38;' may be used at the start of the name in either order
- so the value <TT
-CLASS="PARAMETER"
-><I
->+&amp;group</I
-></TT
-> means check the
- UNIX group database, followed by the NIS netgroup database, and
- the value <TT
-CLASS="PARAMETER"
-><I
->&#38;+group"</I
-></TT
-> means check the NIS
- netgroup database, followed by the UNIX group database (the
- same as the '@' prefix).</P
-><P
->The current servicename is substituted for <TT
-CLASS="PARAMETER"
-><I
->%S</I
-></TT
->.
- This is useful in the [homes] section.</P
-><P
->See also <A
-HREF="#VALIDUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->valid users
- </I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no invalid users</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->invalid users = root fred admin @wheel
- </B
-></P
-></DD
-><DT
-><A
-NAME="KEEPALIVE"
-></A
->keepalive (G)</DT
-><DD
-><P
->The value of the parameter (an integer) represents
- the number of seconds between <TT
-CLASS="PARAMETER"
-><I
->keepalive</I
-></TT
->
- packets. If this parameter is zero, no keepalive packets will be
- sent. Keepalive packets, if sent, allow the server to tell whether
- a client is still present and responding.</P
-><P
->Keepalives should, in general, not be needed if the socket
- being used has the SO_KEEPALIVE attribute set on it (see <A
-HREF="#SOCKETOPTIONS"
-><TT
-CLASS="PARAMETER"
-><I
->socket options</I
-></TT
-></A
->).
- Basically you should only use this option if you strike difficulties.</P
-><P
->Default: <B
-CLASS="COMMAND"
->keepalive = 300</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->keepalive = 600</B
-></P
-></DD
-><DT
-><A
-NAME="KERNELOPLOCKS"
-></A
->kernel oplocks (G)</DT
-><DD
-><P
->For UNIXes that support kernel based <A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->oplocks</I
-></TT
-></A
->
- (currently only IRIX and the Linux 2.4 kernel), this parameter
- allows the use of them to be turned on or off.</P
-><P
->Kernel oplocks support allows Samba <TT
-CLASS="PARAMETER"
-><I
->oplocks
- </I
-></TT
-> to be broken whenever a local UNIX process or NFS operation
- accesses a file that <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
->
- </A
-> has oplocked. This allows complete data consistency between
- SMB/CIFS, NFS and local file access (and is a <I
-CLASS="EMPHASIS"
->very</I
->
- cool feature :-).</P
-><P
->This parameter defaults to <TT
-CLASS="CONSTANT"
->on</TT
-> on systems
- that have the support, and <TT
-CLASS="CONSTANT"
->off</TT
-> on systems that
- don't. You should never need to touch this parameter.</P
-><P
->See also the <A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->oplocks</I
-></TT
->
- </A
-> and <A
-HREF="#LEVEL2OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->level2 oplocks
- </I
-></TT
-></A
-> parameters.</P
-><P
->Default: <B
-CLASS="COMMAND"
->kernel oplocks = yes</B
-></P
-></DD
-><DT
-><A
-NAME="LANMANAUTH"
-></A
->lanman auth (G)</DT
-><DD
-><P
->This parameter determines whether or not smbd will
- attempt to authentication users using the LANMAN password hash.
- If disabled, only clients which support NT password hashes (e.g. Windows
- NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS
- network client) will be able to connect to the Samba host.</P
-><P
->Default : <B
-CLASS="COMMAND"
->lanman auth = yes</B
-></P
-></DD
-><DT
-><A
-NAME="LEVEL2OPLOCKS"
-></A
->level2 oplocks (S)</DT
-><DD
-><P
->This parameter controls whether Samba supports
- level2 (read-only) oplocks on a share.</P
-><P
->Level2, or read-only oplocks allow Windows NT clients
- that have an oplock on a file to downgrade from a read-write oplock
- to a read-only oplock once a second client opens the file (instead
- of releasing all oplocks on a second open, as in traditional,
- exclusive oplocks). This allows all openers of the file that
- support level2 oplocks to cache the file for read-ahead only (ie.
- they may not cache writes or lock requests) and increases performance
- for many accesses of files that are not commonly written (such as
- application .EXE files).</P
-><P
->Once one of the clients which have a read-only oplock
- writes to the file all clients are notified (no reply is needed
- or waited for) and told to break their oplocks to "none" and
- delete any read-ahead caches.</P
-><P
->It is recommended that this parameter be turned on
- to speed access to shared executables.</P
-><P
->For more discussions on level2 oplocks see the CIFS spec.</P
-><P
->Currently, if <A
-HREF="#KERNELOPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->kernel
- oplocks</I
-></TT
-></A
-> are supported then level2 oplocks are
- not granted (even if this parameter is set to <TT
-CLASS="CONSTANT"
->yes</TT
->).
- Note also, the <A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->oplocks</I
-></TT
->
- </A
-> parameter must be set to "true" on this share in order for
- this parameter to have any effect.</P
-><P
->See also the <A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->oplocks</I
-></TT
->
- </A
-> and <A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->kernel oplocks</I
-></TT
->
- </A
-> parameters.</P
-><P
->Default: <B
-CLASS="COMMAND"
->level2 oplocks = yes</B
-></P
-></DD
-><DT
-><A
-NAME="LMANNOUNCE"
-></A
->lm announce (G)</DT
-><DD
-><P
->This parameter determines if <A
-HREF="nmbd.8.html"
-TARGET="_top"
-> <B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
-> will produce Lanman announce
- broadcasts that are needed by OS/2 clients in order for them to see
- the Samba server in their browse list. This parameter can have three
- values, <TT
-CLASS="CONSTANT"
->true</TT
->, <TT
-CLASS="CONSTANT"
->false</TT
->, or
- <TT
-CLASS="CONSTANT"
->auto</TT
->. The default is <TT
-CLASS="CONSTANT"
->auto</TT
->.
- If set to <TT
-CLASS="CONSTANT"
->false</TT
-> Samba will never produce these
- broadcasts. If set to <TT
-CLASS="CONSTANT"
->true</TT
-> Samba will produce
- Lanman announce broadcasts at a frequency set by the parameter
- <TT
-CLASS="PARAMETER"
-><I
->lm interval</I
-></TT
->. If set to <TT
-CLASS="CONSTANT"
->auto</TT
->
- Samba will not send Lanman announce broadcasts by default but will
- listen for them. If it hears such a broadcast on the wire it will
- then start sending them at a frequency set by the parameter
- <TT
-CLASS="PARAMETER"
-><I
->lm interval</I
-></TT
->.</P
-><P
->See also <A
-HREF="#LMINTERVAL"
-><TT
-CLASS="PARAMETER"
-><I
->lm interval
- </I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->lm announce = auto</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->lm announce = yes</B
-></P
-></DD
-><DT
-><A
-NAME="LMINTERVAL"
-></A
->lm interval (G)</DT
-><DD
-><P
->If Samba is set to produce Lanman announce
- broadcasts needed by OS/2 clients (see the <A
-HREF="#LMANNOUNCE"
-> <TT
-CLASS="PARAMETER"
-><I
->lm announce</I
-></TT
-></A
-> parameter) then this
- parameter defines the frequency in seconds with which they will be
- made. If this is set to zero then no Lanman announcements will be
- made despite the setting of the <TT
-CLASS="PARAMETER"
-><I
->lm announce</I
-></TT
->
- parameter.</P
-><P
->See also <A
-HREF="#LMANNOUNCE"
-><TT
-CLASS="PARAMETER"
-><I
->lm
- announce</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->lm interval = 60</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->lm interval = 120</B
-></P
-></DD
-><DT
-><A
-NAME="LOADPRINTERS"
-></A
->load printers (G)</DT
-><DD
-><P
->A boolean variable that controls whether all
- printers in the printcap will be loaded for browsing by default.
- See the <A
-HREF="#AEN78"
->printers</A
-> section for
- more details.</P
-><P
->Default: <B
-CLASS="COMMAND"
->load printers = yes</B
-></P
-></DD
-><DT
-><A
-NAME="LOCALMASTER"
-></A
->local master (G)</DT
-><DD
-><P
->This option allows <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
-> nmbd(8)</B
-></A
-> to try and become a local master browser
- on a subnet. If set to <TT
-CLASS="CONSTANT"
->False</TT
-> then <B
-CLASS="COMMAND"
-> nmbd</B
-> will not attempt to become a local master browser
- on a subnet and will also lose in all browsing elections. By
- default this value is set to true. Setting this value to true doesn't
- mean that Samba will <I
-CLASS="EMPHASIS"
->become</I
-> the local master
- browser on a subnet, just that <B
-CLASS="COMMAND"
->nmbd</B
-> will <I
-CLASS="EMPHASIS"
-> participate</I
-> in elections for local master browser.</P
-><P
->Setting this value to False will cause <B
-CLASS="COMMAND"
->nmbd</B
->
- <I
-CLASS="EMPHASIS"
->never</I
-> to become a local master browser.</P
-><P
->Default: <B
-CLASS="COMMAND"
->local master = yes</B
-></P
-></DD
-><DT
-><A
-NAME="LOCKDIR"
-></A
->lock dir (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#LOCKDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
-> lock directory</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="LOCKDIRECTORY"
-></A
->lock directory (G)</DT
-><DD
-><P
->This option specifies the directory where lock
- files will be placed. The lock files are used to implement the
- <A
-HREF="#MAXCONNECTIONS"
-><TT
-CLASS="PARAMETER"
-><I
->max connections</I
-></TT
->
- </A
-> option.</P
-><P
->Default: <B
-CLASS="COMMAND"
->lock directory = ${prefix}/var/locks</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->lock directory = /var/run/samba/locks</B
->
- </P
-></DD
-><DT
-><A
-NAME="LOCKING"
-></A
->locking (S)</DT
-><DD
-><P
->This controls whether or not locking will be
- performed by the server in response to lock requests from the
- client.</P
-><P
->If <B
-CLASS="COMMAND"
->locking = no</B
->, all lock and unlock
- requests will appear to succeed and all lock queries will report
- that the file in question is available for locking.</P
-><P
->If <B
-CLASS="COMMAND"
->locking = yes</B
->, real locking will be performed
- by the server.</P
-><P
->This option <I
-CLASS="EMPHASIS"
->may</I
-> be useful for read-only
- filesystems which <I
-CLASS="EMPHASIS"
->may</I
-> not need locking (such as
- cdrom drives), although setting this parameter of <TT
-CLASS="CONSTANT"
->no</TT
->
- is not really recommended even in this case.</P
-><P
->Be careful about disabling locking either globally or in a
- specific service, as lack of locking may result in data corruption.
- You should never need to set this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->locking = yes</B
-></P
-></DD
-><DT
-><A
-NAME="LOGFILE"
-></A
->log file (G)</DT
-><DD
-><P
->This option allows you to override the name
- of the Samba log file (also known as the debug file).</P
-><P
->This option takes the standard substitutions, allowing
- you to have separate log files for each user or machine.</P
-><P
->Example: <B
-CLASS="COMMAND"
->log file = /usr/local/samba/var/log.%m
- </B
-></P
-></DD
-><DT
-><A
-NAME="LOGLEVEL"
-></A
->log level (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#DEBUGLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
-> debug level</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="LOGONDRIVE"
-></A
->logon drive (G)</DT
-><DD
-><P
->This parameter specifies the local path to
- which the home directory will be connected (see <A
-HREF="#LOGONHOME"
-><TT
-CLASS="PARAMETER"
-><I
->logon home</I
-></TT
-></A
->)
- and is only used by NT Workstations. </P
-><P
->Note that this option is only useful if Samba is set up as a
- logon server.</P
-><P
->Default: <B
-CLASS="COMMAND"
->logon drive = z:</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->logon drive = h:</B
-></P
-></DD
-><DT
-><A
-NAME="LOGONHOME"
-></A
->logon home (G)</DT
-><DD
-><P
->This parameter specifies the home directory
- location when a Win95/98 or NT Workstation logs into a Samba PDC.
- It allows you to do </P
-><P
-><TT
-CLASS="PROMPT"
->C:\&#62; </TT
-><TT
-CLASS="USERINPUT"
-><B
->NET USE H: /HOME</B
-></TT
->
- </P
-><P
->from a command prompt, for example.</P
-><P
->This option takes the standard substitutions, allowing
- you to have separate logon scripts for each user or machine.</P
-><P
->This parameter can be used with Win9X workstations to ensure
- that roaming profiles are stored in a subdirectory of the user's
- home directory. This is done in the following way:</P
-><P
-><B
-CLASS="COMMAND"
->logon home = \\%N\%U\profile</B
-></P
-><P
->This tells Samba to return the above string, with
- substitutions made when a client requests the info, generally
- in a NetUserGetInfo request. Win9X clients truncate the info to
- \\server\share when a user does <B
-CLASS="COMMAND"
->net use /home"</B
->
- but use the whole string when dealing with profiles.</P
-><P
->Note that in prior versions of Samba, the <A
-HREF="#LOGONPATH"
-> <TT
-CLASS="PARAMETER"
-><I
->logon path</I
-></TT
-></A
-> was returned rather than
- <TT
-CLASS="PARAMETER"
-><I
->logon home</I
-></TT
->. This broke <B
-CLASS="COMMAND"
->net use
- /home</B
-> but allowed profiles outside the home directory.
- The current implementation is correct, and can be used for
- profiles if you use the above trick.</P
-><P
->This option is only useful if Samba is set up as a logon
- server.</P
-><P
->Default: <B
-CLASS="COMMAND"
->logon home = "\\%N\%U"</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->logon home = "\\remote_smb_server\%U"</B
->
- </P
-></DD
-><DT
-><A
-NAME="LOGONPATH"
-></A
->logon path (G)</DT
-><DD
-><P
->This parameter specifies the home directory
- where roaming profiles (NTuser.dat etc files for Windows NT) are
- stored. Contrary to previous versions of these manual pages, it has
- nothing to do with Win 9X roaming profiles. To find out how to
- handle roaming profiles for Win 9X system, see the <A
-HREF="#LOGONHOME"
-> <TT
-CLASS="PARAMETER"
-><I
->logon home</I
-></TT
-></A
-> parameter.</P
-><P
->This option takes the standard substitutions, allowing you
- to have separate logon scripts for each user or machine. It also
- specifies the directory from which the "Application Data",
- (<TT
-CLASS="FILENAME"
->desktop</TT
->, <TT
-CLASS="FILENAME"
->start menu</TT
->,
- <TT
-CLASS="FILENAME"
->network neighborhood</TT
->, <TT
-CLASS="FILENAME"
->programs</TT
->
- and other folders, and their contents, are loaded and displayed on
- your Windows NT client.</P
-><P
->The share and the path must be readable by the user for
- the preferences and directories to be loaded onto the Windows NT
- client. The share must be writeable when the logs in for the first
- time, in order that the Windows NT client can create the NTuser.dat
- and other directories.</P
-><P
->Thereafter, the directories and any of the contents can,
- if required, be made read-only. It is not advisable that the
- NTuser.dat file be made read-only - rename it to NTuser.man to
- achieve the desired effect (a <I
-CLASS="EMPHASIS"
->MAN</I
->datory
- profile). </P
-><P
->Windows clients can sometimes maintain a connection to
- the [homes] share, even though there is no user logged in.
- Therefore, it is vital that the logon path does not include a
- reference to the homes share (i.e. setting this parameter to
- \%N\%U\profile_path will cause problems).</P
-><P
->This option takes the standard substitutions, allowing
- you to have separate logon scripts for each user or machine.</P
-><P
->Note that this option is only useful if Samba is set up
- as a logon server.</P
-><P
->Default: <B
-CLASS="COMMAND"
->logon path = \\%N\%U\profile</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->logon path = \\PROFILESERVER\PROFILE\%U</B
-></P
-></DD
-><DT
-><A
-NAME="LOGONSCRIPT"
-></A
->logon script (G)</DT
-><DD
-><P
->This parameter specifies the batch file (.bat) or
- NT command file (.cmd) to be downloaded and run on a machine when
- a user successfully logs in. The file must contain the DOS
- style cr/lf line endings. Using a DOS-style editor to create the
- file is recommended.</P
-><P
->The script must be a relative path to the [netlogon]
- service. If the [netlogon] service specifies a <A
-HREF="#PATH"
-> <TT
-CLASS="PARAMETER"
-><I
->path</I
-></TT
-></A
-> of <TT
-CLASS="FILENAME"
->/usr/local/samba/netlogon
- </TT
->, and <B
-CLASS="COMMAND"
->logon script = STARTUP.BAT</B
->, then
- the file that will be downloaded is:</P
-><P
-><TT
-CLASS="FILENAME"
->/usr/local/samba/netlogon/STARTUP.BAT</TT
-></P
-><P
->The contents of the batch file is entirely your choice. A
- suggested command would be to add <B
-CLASS="COMMAND"
->NET TIME \\SERVER /SET
- /YES</B
->, to force every machine to synchronize clocks with
- the same time server. Another use would be to add <B
-CLASS="COMMAND"
->NET USE
- U: \\SERVER\UTILS</B
-> for commonly used utilities, or <B
-CLASS="COMMAND"
-> NET USE Q: \\SERVER\ISO9001_QA</B
-> for example.</P
-><P
->Note that it is particularly important not to allow write
- access to the [netlogon] share, or to grant users write permission
- on the batch files in a secure environment, as this would allow
- the batch files to be arbitrarily modified and security to be
- breached.</P
-><P
->This option takes the standard substitutions, allowing you
- to have separate logon scripts for each user or machine.</P
-><P
->This option is only useful if Samba is set up as a logon
- server.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no logon script defined</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->logon script = scripts\%U.bat</B
-></P
-></DD
-><DT
-><A
-NAME="LPPAUSECOMMAND"
-></A
->lppause command (S)</DT
-><DD
-><P
->This parameter specifies the command to be
- executed on the server host in order to stop printing or spooling
- a specific print job.</P
-><P
->This command should be a program or script which takes
- a printer name and job number to pause the print job. One way
- of implementing this is by using job priorities, where jobs
- having a too low priority won't be sent to the printer.</P
-><P
->If a <TT
-CLASS="PARAMETER"
-><I
->%p</I
-></TT
-> is given then the printername
- is put in its place. A <TT
-CLASS="PARAMETER"
-><I
->%j</I
-></TT
-> is replaced with
- the job number (an integer). On HPUX (see <TT
-CLASS="PARAMETER"
-><I
->printing=hpux
- </I
-></TT
->), if the <TT
-CLASS="PARAMETER"
-><I
->-p%p</I
-></TT
-> option is added
- to the lpq command, the job will show up with the correct status, i.e.
- if the job priority is lower than the set fence priority it will
- have the PAUSED status, whereas if the priority is equal or higher it
- will have the SPOOLED or PRINTING status.</P
-><P
->Note that it is good practice to include the absolute path
- in the lppause command as the PATH may not be available to the server.</P
-><P
->See also the <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></A
-> parameter.</P
-><P
->Default: Currently no default value is given to
- this string, unless the value of the <TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
->
- parameter is <TT
-CLASS="CONSTANT"
->SYSV</TT
->, in which case the default is :</P
-><P
-><B
-CLASS="COMMAND"
->lp -i %p-%j -H hold</B
-></P
-><P
->or if the value of the <TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-> parameter
- is <TT
-CLASS="CONSTANT"
->SOFTQ</TT
->, then the default is:</P
-><P
-><B
-CLASS="COMMAND"
->qstat -s -j%j -h</B
-></P
-><P
->Example for HPUX: <B
-CLASS="COMMAND"
->lppause command = /usr/bin/lpalt
- %p-%j -p0</B
-></P
-></DD
-><DT
-><A
-NAME="LPQCACHETIME"
-></A
->lpq cache time (G)</DT
-><DD
-><P
->This controls how long lpq info will be cached
- for to prevent the <B
-CLASS="COMMAND"
->lpq</B
-> command being called too
- often. A separate cache is kept for each variation of the <B
-CLASS="COMMAND"
-> lpq</B
-> command used by the system, so if you use different
- <B
-CLASS="COMMAND"
->lpq</B
-> commands for different users then they won't
- share cache information.</P
-><P
->The cache files are stored in <TT
-CLASS="FILENAME"
->/tmp/lpq.xxxx</TT
->
- where xxxx is a hash of the <B
-CLASS="COMMAND"
->lpq</B
-> command in use.</P
-><P
->The default is 10 seconds, meaning that the cached results
- of a previous identical <B
-CLASS="COMMAND"
->lpq</B
-> command will be used
- if the cached data is less than 10 seconds old. A large value may
- be advisable if your <B
-CLASS="COMMAND"
->lpq</B
-> command is very slow.</P
-><P
->A value of 0 will disable caching completely.</P
-><P
->See also the <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->lpq cache time = 10</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->lpq cache time = 30</B
-></P
-></DD
-><DT
-><A
-NAME="LPQCOMMAND"
-></A
->lpq command (S)</DT
-><DD
-><P
->This parameter specifies the command to be
- executed on the server host in order to obtain <B
-CLASS="COMMAND"
->lpq
- </B
->-style printer status information.</P
-><P
->This command should be a program or script which
- takes a printer name as its only parameter and outputs printer
- status information.</P
-><P
->Currently eight styles of printer status information
- are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ.
- This covers most UNIX systems. You control which type is expected
- using the <TT
-CLASS="PARAMETER"
-><I
->printing =</I
-></TT
-> option.</P
-><P
->Some clients (notably Windows for Workgroups) may not
- correctly send the connection number for the printer they are
- requesting status information about. To get around this, the
- server reports on the first printer service connected to by the
- client. This only happens if the connection number sent is invalid.</P
-><P
->If a <TT
-CLASS="PARAMETER"
-><I
->%p</I
-></TT
-> is given then the printername
- is put in its place. Otherwise it is placed at the end of the
- command.</P
-><P
->Note that it is good practice to include the absolute path
- in the <TT
-CLASS="PARAMETER"
-><I
->lpq command</I
-></TT
-> as the <TT
-CLASS="ENVAR"
->$PATH
- </TT
-> may not be available to the server.</P
-><P
->See also the <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></A
-> parameter.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->depends on the setting of <TT
-CLASS="PARAMETER"
-><I
-> printing</I
-></TT
-></I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->lpq command = /usr/bin/lpq -P%p</B
-></P
-></DD
-><DT
-><A
-NAME="LPRESUMECOMMAND"
-></A
->lpresume command (S)</DT
-><DD
-><P
->This parameter specifies the command to be
- executed on the server host in order to restart or continue
- printing or spooling a specific print job.</P
-><P
->This command should be a program or script which takes
- a printer name and job number to resume the print job. See
- also the <A
-HREF="#LPPAUSECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->lppause command
- </I
-></TT
-></A
-> parameter.</P
-><P
->If a <TT
-CLASS="PARAMETER"
-><I
->%p</I
-></TT
-> is given then the printername
- is put in its place. A <TT
-CLASS="PARAMETER"
-><I
->%j</I
-></TT
-> is replaced with
- the job number (an integer).</P
-><P
->Note that it is good practice to include the absolute path
- in the <TT
-CLASS="PARAMETER"
-><I
->lpresume command</I
-></TT
-> as the PATH may not
- be available to the server.</P
-><P
->See also the <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></A
-> parameter.</P
-><P
->Default: Currently no default value is given
- to this string, unless the value of the <TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
->
- parameter is <TT
-CLASS="CONSTANT"
->SYSV</TT
->, in which case the default is :</P
-><P
-><B
-CLASS="COMMAND"
->lp -i %p-%j -H resume</B
-></P
-><P
->or if the value of the <TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-> parameter
- is <TT
-CLASS="CONSTANT"
->SOFTQ</TT
->, then the default is:</P
-><P
-><B
-CLASS="COMMAND"
->qstat -s -j%j -r</B
-></P
-><P
->Example for HPUX: <B
-CLASS="COMMAND"
->lpresume command = /usr/bin/lpalt
- %p-%j -p2</B
-></P
-></DD
-><DT
-><A
-NAME="LPRMCOMMAND"
-></A
->lprm command (S)</DT
-><DD
-><P
->This parameter specifies the command to be
- executed on the server host in order to delete a print job.</P
-><P
->This command should be a program or script which takes
- a printer name and job number, and deletes the print job.</P
-><P
->If a <TT
-CLASS="PARAMETER"
-><I
->%p</I
-></TT
-> is given then the printername
- is put in its place. A <TT
-CLASS="PARAMETER"
-><I
->%j</I
-></TT
-> is replaced with
- the job number (an integer).</P
-><P
->Note that it is good practice to include the absolute
- path in the <TT
-CLASS="PARAMETER"
-><I
->lprm command</I
-></TT
-> as the PATH may not be
- available to the server.</P
-><P
->See also the <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></A
-> parameter.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->depends on the setting of <TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></I
-></P
-><P
->Example 1: <B
-CLASS="COMMAND"
->lprm command = /usr/bin/lprm -P%p %j
- </B
-></P
-><P
->Example 2: <B
-CLASS="COMMAND"
->lprm command = /usr/bin/cancel %p-%j
- </B
-></P
-></DD
-><DT
-><A
-NAME="MACHINEPASSWORDTIMEOUT"
-></A
->machine password timeout (G)</DT
-><DD
-><P
->If a Samba server is a member of an Windows
- NT Domain (see the <A
-HREF="#SECURITYEQUALSDOMAIN"
->security=domain</A
->)
- parameter) then periodically a running <A
-HREF="smbd.8.html"
-TARGET="_top"
-> smbd(8)</A
-> process will try and change the MACHINE ACCOUNT
- PASSWORD stored in the TDB called <TT
-CLASS="FILENAME"
->private/secrets.tdb
- </TT
->. This parameter specifies how often this password
- will be changed, in seconds. The default is one week (expressed in
- seconds), the same as a Windows NT Domain member server.</P
-><P
->See also <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)
- </B
-></A
->, and the <A
-HREF="#SECURITYEQUALSDOMAIN"
-> security=domain</A
->) parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->machine password timeout = 604800</B
-></P
-></DD
-><DT
-><A
-NAME="MAGICOUTPUT"
-></A
->magic output (S)</DT
-><DD
-><P
->This parameter specifies the name of a file
- which will contain output created by a magic script (see the
- <A
-HREF="#MAGICSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->magic script</I
-></TT
-></A
->
- parameter below).</P
-><P
->Warning: If two clients use the same <TT
-CLASS="PARAMETER"
-><I
->magic script
- </I
-></TT
-> in the same directory the output file content
- is undefined.</P
-><P
->Default: <B
-CLASS="COMMAND"
->magic output = &lt;magic script name&gt;.out
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->magic output = myfile.txt</B
-></P
-></DD
-><DT
-><A
-NAME="MAGICSCRIPT"
-></A
->magic script (S)</DT
-><DD
-><P
->This parameter specifies the name of a file which,
- if opened, will be executed by the server when the file is closed.
- This allows a UNIX script to be sent to the Samba host and
- executed on behalf of the connected user.</P
-><P
->Scripts executed in this way will be deleted upon
- completion assuming that the user has the appripriate level
- of priviledge and the ile permissions allow the deletion.</P
-><P
->If the script generates output, output will be sent to
- the file specified by the <A
-HREF="#MAGICOUTPUT"
-><TT
-CLASS="PARAMETER"
-><I
-> magic output</I
-></TT
-></A
-> parameter (see above).</P
-><P
->Note that some shells are unable to interpret scripts
- containing CR/LF instead of CR as
- the end-of-line marker. Magic scripts must be executable
- <I
-CLASS="EMPHASIS"
->as is</I
-> on the host, which for some hosts and
- some shells will require filtering at the DOS end.</P
-><P
->Magic scripts are <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> and
- should <I
-CLASS="EMPHASIS"
->NOT</I
-> be relied upon.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->None. Magic scripts disabled.</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->magic script = user.csh</B
-></P
-></DD
-><DT
-><A
-NAME="MANGLECASE"
-></A
->mangle case (S)</DT
-><DD
-><P
->See the section on <A
-HREF="#AEN201"
-> NAME MANGLING</A
-></P
-><P
->Default: <B
-CLASS="COMMAND"
->mangle case = no</B
-></P
-></DD
-><DT
-><A
-NAME="MANGLEDMAP"
-></A
->mangled map (S)</DT
-><DD
-><P
->This is for those who want to directly map UNIX
- file names which can not be represented on Windows/DOS. The mangling
- of names is not always what is needed. In particular you may have
- documents with file extensions that differ between DOS and UNIX.
- For example, under UNIX it is common to use <TT
-CLASS="FILENAME"
->.html</TT
->
- for HTML files, whereas under Windows/DOS <TT
-CLASS="FILENAME"
->.htm</TT
->
- is more commonly used.</P
-><P
->So to map <TT
-CLASS="FILENAME"
->html</TT
-> to <TT
-CLASS="FILENAME"
->htm</TT
->
- you would use:</P
-><P
-><B
-CLASS="COMMAND"
->mangled map = (*.html *.htm)</B
-></P
-><P
->One very useful case is to remove the annoying <TT
-CLASS="FILENAME"
->;1
- </TT
-> off the ends of filenames on some CDROMS (only visible
- under some UNIXes). To do this use a map of (*;1 *;).</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no mangled map</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->mangled map = (*;1 *;)</B
-></P
-></DD
-><DT
-><A
-NAME="MANGLEDNAMES"
-></A
->mangled names (S)</DT
-><DD
-><P
->This controls whether non-DOS names under UNIX
- should be mapped to DOS-compatible names ("mangled") and made visible,
- or whether non-DOS names should simply be ignored.</P
-><P
->See the section on <A
-HREF="#AEN201"
-> NAME MANGLING</A
-> for details on how to control the mangling process.</P
-><P
->If mangling is used then the mangling algorithm is as follows:</P
-><P
-></P
-><UL
-><LI
-><P
->The first (up to) five alphanumeric characters
- before the rightmost dot of the filename are preserved, forced
- to upper case, and appear as the first (up to) five characters
- of the mangled name.</P
-></LI
-><LI
-><P
->A tilde "~" is appended to the first part of the mangled
- name, followed by a two-character unique sequence, based on the
- original root name (i.e., the original filename minus its final
- extension). The final extension is included in the hash calculation
- only if it contains any upper case characters or is longer than three
- characters.</P
-><P
->Note that the character to use may be specified using
- the <A
-HREF="#MANGLINGCHAR"
-><TT
-CLASS="PARAMETER"
-><I
->mangling char</I
-></TT
->
- </A
-> option, if you don't like '~'.</P
-></LI
-><LI
-><P
->The first three alphanumeric characters of the final
- extension are preserved, forced to upper case and appear as the
- extension of the mangled name. The final extension is defined as that
- part of the original filename after the rightmost dot. If there are no
- dots in the filename, the mangled name will have no extension (except
- in the case of "hidden files" - see below).</P
-></LI
-><LI
-><P
->Files whose UNIX name begins with a dot will be
- presented as DOS hidden files. The mangled name will be created as
- for other filenames, but with the leading dot removed and "___" as
- its extension regardless of actual original extension (that's three
- underscores).</P
-></LI
-></UL
-><P
->The two-digit hash value consists of upper case
- alphanumeric characters.</P
-><P
->This algorithm can cause name collisions only if files
- in a directory share the same first five alphanumeric characters.
- The probability of such a clash is 1/1300.</P
-><P
->The name mangling (if enabled) allows a file to be
- copied between UNIX directories from Windows/DOS while retaining
- the long UNIX filename. UNIX files can be renamed to a new extension
- from Windows/DOS and will retain the same basename. Mangled names
- do not change between sessions.</P
-><P
->Default: <B
-CLASS="COMMAND"
->mangled names = yes</B
-></P
-></DD
-><DT
-><A
-NAME="MANGLEDSTACK"
-></A
->mangled stack (G)</DT
-><DD
-><P
->This parameter controls the number of mangled names
- that should be cached in the Samba server <A
-HREF="smbd.8.html"
-TARGET="_top"
-> smbd(8)</A
->.</P
-><P
->This stack is a list of recently mangled base names
- (extensions are only maintained if they are longer than 3 characters
- or contains upper case characters).</P
-><P
->The larger this value, the more likely it is that mangled
- names can be successfully converted to correct long UNIX names.
- However, large stack sizes will slow most directory access. Smaller
- stacks save memory in the server (each stack element costs 256 bytes).
- </P
-><P
->It is not possible to absolutely guarantee correct long
- file names, so be prepared for some surprises!</P
-><P
->Default: <B
-CLASS="COMMAND"
->mangled stack = 50</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->mangled stack = 100</B
-></P
-></DD
-><DT
-><A
-NAME="MANGLINGCHAR"
-></A
->mangling char (S)</DT
-><DD
-><P
->This controls what character is used as
- the <I
-CLASS="EMPHASIS"
->magic</I
-> character in <A
-HREF="#AEN201"
->name mangling</A
->. The default is a '~'
- but this may interfere with some software. Use this option to set
- it to whatever you prefer.</P
-><P
->Default: <B
-CLASS="COMMAND"
->mangling char = ~</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->mangling char = ^</B
-></P
-></DD
-><DT
-><A
-NAME="MAPARCHIVE"
-></A
->map archive (S)</DT
-><DD
-><P
->This controls whether the DOS archive attribute
- should be mapped to the UNIX owner execute bit. The DOS archive bit
- is set when a file has been modified since its last backup. One
- motivation for this option it to keep Samba/your PC from making
- any file it touches from becoming executable under UNIX. This can
- be quite annoying for shared source code, documents, etc...</P
-><P
->Note that this requires the <TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
->
- parameter to be set such that owner execute bit is not masked out
- (i.e. it must include 100). See the parameter <A
-HREF="#CREATEMASK"
-> <TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
-></A
-> for details.</P
-><P
->Default: <B
-CLASS="COMMAND"
->map archive = yes</B
-></P
-></DD
-><DT
-><A
-NAME="MAPHIDDEN"
-></A
->map hidden (S)</DT
-><DD
-><P
->This controls whether DOS style hidden files
- should be mapped to the UNIX world execute bit.</P
-><P
->Note that this requires the <TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
->
- to be set such that the world execute bit is not masked out (i.e.
- it must include 001). See the parameter <A
-HREF="#CREATEMASK"
-> <TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
-></A
-> for details.</P
-><P
->Default: <B
-CLASS="COMMAND"
->map hidden = no</B
-></P
-></DD
-><DT
-><A
-NAME="MAPSYSTEM"
-></A
->map system (S)</DT
-><DD
-><P
->This controls whether DOS style system files
- should be mapped to the UNIX group execute bit.</P
-><P
->Note that this requires the <TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
->
- to be set such that the group execute bit is not masked out (i.e.
- it must include 010). See the parameter <A
-HREF="#CREATEMASK"
-> <TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
-></A
-> for details.</P
-><P
->Default: <B
-CLASS="COMMAND"
->map system = no</B
-></P
-></DD
-><DT
-><A
-NAME="MAPTOGUEST"
-></A
->map to guest (G)</DT
-><DD
-><P
->This parameter is only useful in <A
-HREF="#SECURITY"
-> security</A
-> modes other than <TT
-CLASS="PARAMETER"
-><I
->security=share</I
-></TT
->
- - i.e. <TT
-CLASS="CONSTANT"
->user</TT
->, <TT
-CLASS="CONSTANT"
->server</TT
->,
- and <TT
-CLASS="CONSTANT"
->domain</TT
->.</P
-><P
->This parameter can take three different values, which tell
- <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> what to do with user
- login requests that don't match a valid UNIX user in some way.</P
-><P
->The three settings are :</P
-><P
-></P
-><UL
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->Never</TT
-> - Means user login
- requests with an invalid password are rejected. This is the
- default.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->Bad User</TT
-> - Means user
- logins with an invalid password are rejected, unless the username
- does not exist, in which case it is treated as a guest login and
- mapped into the <A
-HREF="#GUESTACCOUNT"
-><TT
-CLASS="PARAMETER"
-><I
-> guest account</I
-></TT
-></A
->.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->Bad Password</TT
-> - Means user logins
- with an invalid password are treated as a guest login and mapped
- into the <A
-HREF="#GUESTACCOUNT"
->guest account</A
->. Note that
- this can cause problems as it means that any user incorrectly typing
- their password will be silently logged on as "guest" - and
- will not know the reason they cannot access files they think
- they should - there will have been no message given to them
- that they got their password wrong. Helpdesk services will
- <I
-CLASS="EMPHASIS"
->hate</I
-> you if you set the <TT
-CLASS="PARAMETER"
-><I
->map to
- guest</I
-></TT
-> parameter this way :-).</P
-></LI
-></UL
-><P
->Note that this parameter is needed to set up "Guest"
- share services when using <TT
-CLASS="PARAMETER"
-><I
->security</I
-></TT
-> modes other than
- share. This is because in these modes the name of the resource being
- requested is <I
-CLASS="EMPHASIS"
->not</I
-> sent to the server until after
- the server has successfully authenticated the client so the server
- cannot make authentication decisions at the correct time (connection
- to the share) for "Guest" shares.</P
-><P
->For people familiar with the older Samba releases, this
- parameter maps to the old compile-time setting of the <TT
-CLASS="CONSTANT"
-> GUEST_SESSSETUP</TT
-> value in local.h.</P
-><P
->Default: <B
-CLASS="COMMAND"
->map to guest = Never</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->map to guest = Bad User</B
-></P
-></DD
-><DT
-><A
-NAME="MAXCONNECTIONS"
-></A
->max connections (S)</DT
-><DD
-><P
->This option allows the number of simultaneous
- connections to a service to be limited. If <TT
-CLASS="PARAMETER"
-><I
->max connections
- </I
-></TT
-> is greater than 0 then connections will be refused if
- this number of connections to the service are already open. A value
- of zero mean an unlimited number of connections may be made.</P
-><P
->Record lock files are used to implement this feature. The
- lock files will be stored in the directory specified by the <A
-HREF="#LOCKDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
->lock directory</I
-></TT
-></A
->
- option.</P
-><P
->Default: <B
-CLASS="COMMAND"
->max connections = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->max connections = 10</B
-></P
-></DD
-><DT
-><A
-NAME="MAXDISKSIZE"
-></A
->max disk size (G)</DT
-><DD
-><P
->This option allows you to put an upper limit
- on the apparent size of disks. If you set this option to 100
- then all shares will appear to be not larger than 100 MB in
- size.</P
-><P
->Note that this option does not limit the amount of
- data you can put on the disk. In the above case you could still
- store much more than 100 MB on the disk, but if a client ever asks
- for the amount of free disk space or the total disk size then the
- result will be bounded by the amount specified in <TT
-CLASS="PARAMETER"
-><I
->max
- disk size</I
-></TT
->.</P
-><P
->This option is primarily useful to work around bugs
- in some pieces of software that can't handle very large disks,
- particularly disks over 1GB in size.</P
-><P
->A <TT
-CLASS="PARAMETER"
-><I
->max disk size</I
-></TT
-> of 0 means no limit.</P
-><P
->Default: <B
-CLASS="COMMAND"
->max disk size = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->max disk size = 1000</B
-></P
-></DD
-><DT
-><A
-NAME="MAXLOGSIZE"
-></A
->max log size (G)</DT
-><DD
-><P
->This option (an integer in kilobytes) specifies
- the max size the log file should grow to. Samba periodically checks
- the size and if it is exceeded it will rename the file, adding
- a <TT
-CLASS="FILENAME"
->.old</TT
-> extension.</P
-><P
->A size of 0 means no limit.</P
-><P
->Default: <B
-CLASS="COMMAND"
->max log size = 5000</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->max log size = 1000</B
-></P
-></DD
-><DT
-><A
-NAME="MAXMUX"
-></A
->max mux (G)</DT
-><DD
-><P
->This option controls the maximum number of
- outstanding simultaneous SMB operations that samba tells the client
- it will allow. You should never need to set this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->max mux = 50</B
-></P
-></DD
-><DT
-><A
-NAME="MAXOPENFILES"
-></A
->max open files (G)</DT
-><DD
-><P
->This parameter limits the maximum number of
- open files that one <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> file
- serving process may have open for a client at any one time. The
- default for this parameter is set very high (10,000) as Samba uses
- only one bit per unopened file.</P
-><P
->The limit of the number of open files is usually set
- by the UNIX per-process file descriptor limit rather than
- this parameter so you should never need to touch this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->max open files = 10000</B
-></P
-></DD
-><DT
-><A
-NAME="MAXPRINTJOBS"
-></A
->max print jobs (S)</DT
-><DD
-><P
->This parameter limits the maximum number of
- jobs allowable in a Samba printer queue at any given moment.
- If this number is exceeded, <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
-> smbd(8)</B
-></A
-> will remote "Out of Space" to the client.
- See all <A
-HREF="#TOTALPRINTJOBS"
-><TT
-CLASS="PARAMETER"
-><I
->total
- print jobs</I
-></TT
-></A
->.
- </P
-><P
->Default: <B
-CLASS="COMMAND"
->max print jobs = 1000</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->max print jobs = 5000</B
-></P
-></DD
-><DT
-><A
-NAME="MAXPROTOCOL"
-></A
->max protocol (G)</DT
-><DD
-><P
->The value of the parameter (a string) is the highest
- protocol level that will be supported by the server.</P
-><P
->Possible values are :</P
-><P
-></P
-><UL
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->CORE</TT
->: Earliest version. No
- concept of user names.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->COREPLUS</TT
->: Slight improvements on
- CORE for efficiency.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->LANMAN1</TT
->: First <I
-CLASS="EMPHASIS"
-> modern</I
-> version of the protocol. Long filename
- support.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->LANMAN2</TT
->: Updates to Lanman1 protocol.
- </P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->NT1</TT
->: Current up to date version of
- the protocol. Used by Windows NT. Known as CIFS.</P
-></LI
-></UL
-><P
->Normally this option should not be set as the automatic
- negotiation phase in the SMB protocol takes care of choosing
- the appropriate protocol.</P
-><P
->See also <A
-HREF="#MINPROTOCOL"
-><TT
-CLASS="PARAMETER"
-><I
->min
- protocol</I
-></TT
-></A
-></P
-><P
->Default: <B
-CLASS="COMMAND"
->max protocol = NT1</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->max protocol = LANMAN1</B
-></P
-></DD
-><DT
-><A
-NAME="MAXSMBDPROCESSES"
-></A
->max smbd processes (G)</DT
-><DD
-><P
->This parameter limits the maximum number of
- <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->
- processes concurrently running on a system and is intended
- as a stop gap to prevent degrading service to clients in the event
- that the server has insufficient resources to handle more than this
- number of connections. Remember that under normal operating
- conditions, each user will have an smbd associated with him or her
- to handle connections to all shares from a given host.
- </P
-><P
->Default: <B
-CLASS="COMMAND"
->max smbd processes = 0</B
-> ## no limit</P
-><P
->Example: <B
-CLASS="COMMAND"
->max smbd processes = 1000</B
-></P
-></DD
-><DT
-><A
-NAME="MAXTTL"
-></A
->max ttl (G)</DT
-><DD
-><P
->This option tells <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
->
- what the default 'time to live' of NetBIOS names should be (in seconds)
- when <B
-CLASS="COMMAND"
->nmbd</B
-> is requesting a name using either a
- broadcast packet or from a WINS server. You should never need to
- change this parameter. The default is 3 days.</P
-><P
->Default: <B
-CLASS="COMMAND"
->max ttl = 259200</B
-></P
-></DD
-><DT
-><A
-NAME="MAXWINSTTL"
-></A
->max wins ttl (G)</DT
-><DD
-><P
->This option tells <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)
- </A
-> when acting as a WINS server (<A
-HREF="#WINSSUPPORT"
-> <TT
-CLASS="PARAMETER"
-><I
->wins support=yes</I
-></TT
-></A
->) what the maximum
- 'time to live' of NetBIOS names that <B
-CLASS="COMMAND"
->nmbd</B
->
- will grant will be (in seconds). You should never need to change this
- parameter. The default is 6 days (518400 seconds).</P
-><P
->See also the <A
-HREF="#MINWINSTTL"
-><TT
-CLASS="PARAMETER"
-><I
->min
- wins ttl"</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->max wins ttl = 518400</B
-></P
-></DD
-><DT
-><A
-NAME="MAXXMIT"
-></A
->max xmit (G)</DT
-><DD
-><P
->This option controls the maximum packet size
- that will be negotiated by Samba. The default is 65535, which
- is the maximum. In some cases you may find you get better performance
- with a smaller value. A value below 2048 is likely to cause problems.
- </P
-><P
->Default: <B
-CLASS="COMMAND"
->max xmit = 65535</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->max xmit = 8192</B
-></P
-></DD
-><DT
-><A
-NAME="MESSAGECOMMAND"
-></A
->message command (G)</DT
-><DD
-><P
->This specifies what command to run when the
- server receives a WinPopup style message.</P
-><P
->This would normally be a command that would
- deliver the message somehow. How this is to be done is
- up to your imagination.</P
-><P
->An example is:</P
-><P
-><B
-CLASS="COMMAND"
->message command = csh -c 'xedit %s;rm %s' &#38;</B
->
- </P
-><P
->This delivers the message using <B
-CLASS="COMMAND"
->xedit</B
->, then
- removes it afterwards. <I
-CLASS="EMPHASIS"
->NOTE THAT IT IS VERY IMPORTANT
- THAT THIS COMMAND RETURN IMMEDIATELY</I
->. That's why I
- have the '&#38;' on the end. If it doesn't return immediately then
- your PCs may freeze when sending messages (they should recover
- after 30secs, hopefully).</P
-><P
->All messages are delivered as the global guest user.
- The command takes the standard substitutions, although <TT
-CLASS="PARAMETER"
-><I
-> %u</I
-></TT
-> won't work (<TT
-CLASS="PARAMETER"
-><I
->%U</I
-></TT
-> may be better
- in this case).</P
-><P
->Apart from the standard substitutions, some additional
- ones apply. In particular:</P
-><P
-></P
-><UL
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->%s</I
-></TT
-> = the filename containing
- the message.</P
-></LI
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->%t</I
-></TT
-> = the destination that
- the message was sent to (probably the server name).</P
-></LI
-><LI
-><P
-><TT
-CLASS="PARAMETER"
-><I
->%f</I
-></TT
-> = who the message
- is from.</P
-></LI
-></UL
-><P
->You could make this command send mail, or whatever else
- takes your fancy. Please let us know of any really interesting
- ideas you have.</P
-><P
->Here's a way of sending the messages as mail to root:</P
-><P
-><B
-CLASS="COMMAND"
->message command = /bin/mail -s 'message from %f on
- %m' root &lt; %s; rm %s</B
-></P
-><P
->If you don't have a message command then the message
- won't be delivered and Samba will tell the sender there was
- an error. Unfortunately WfWg totally ignores the error code
- and carries on regardless, saying that the message was delivered.
- </P
-><P
->If you want to silently delete it then try:</P
-><P
-><B
-CLASS="COMMAND"
->message command = rm %s</B
-></P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no message command</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->message command = csh -c 'xedit %s;
- rm %s' &#38;</B
-></P
-></DD
-><DT
-><A
-NAME="MINPASSWDLENGTH"
-></A
->min passwd length (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#MINPASSWORDLENGTH"
-> <TT
-CLASS="PARAMETER"
-><I
->min password length</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="MINPASSWORDLENGTH"
-></A
->min password length (G)</DT
-><DD
-><P
->This option sets the minimum length in characters
- of a plaintext password that <B
-CLASS="COMMAND"
->smbd</B
-> will accept when performing
- UNIX password changing.</P
-><P
->See also <A
-HREF="#UNIXPASSWORDSYNC"
-><TT
-CLASS="PARAMETER"
-><I
->unix
- password sync</I
-></TT
-></A
->, <A
-HREF="#PASSWDPROGRAM"
-> <TT
-CLASS="PARAMETER"
-><I
->passwd program</I
-></TT
-></A
-> and <A
-HREF="#PASSWDCHATDEBUG"
-><TT
-CLASS="PARAMETER"
-><I
->passwd chat debug</I
-></TT
->
- </A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->min password length = 5</B
-></P
-></DD
-><DT
-><A
-NAME="MINPRINTSPACE"
-></A
->min print space (S)</DT
-><DD
-><P
->This sets the minimum amount of free disk
- space that must be available before a user will be able to spool
- a print job. It is specified in kilobytes. The default is 0, which
- means a user can always spool a print job.</P
-><P
->See also the <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->min print space = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->min print space = 2000</B
-></P
-></DD
-><DT
-><A
-NAME="MINPROTOCOL"
-></A
->min protocol (G)</DT
-><DD
-><P
->The value of the parameter (a string) is the
- lowest SMB protocol dialect than Samba will support. Please refer
- to the <A
-HREF="#MAXPROTOCOL"
-><TT
-CLASS="PARAMETER"
-><I
->max protocol</I
-></TT
-></A
->
- parameter for a list of valid protocol names and a brief description
- of each. You may also wish to refer to the C source code in
- <TT
-CLASS="FILENAME"
->source/smbd/negprot.c</TT
-> for a listing of known protocol
- dialects supported by clients.</P
-><P
->If you are viewing this parameter as a security measure, you should
- also refer to the <A
-HREF="#LANMANAUTH"
-><TT
-CLASS="PARAMETER"
-><I
->lanman
- auth</I
-></TT
-></A
-> parameter. Otherwise, you should never need
- to change this parameter.</P
-><P
->Default : <B
-CLASS="COMMAND"
->min protocol = CORE</B
-></P
-><P
->Example : <B
-CLASS="COMMAND"
->min protocol = NT1</B
-> # disable DOS
- clients</P
-></DD
-><DT
-><A
-NAME="MINWINSTTL"
-></A
->min wins ttl (G)</DT
-><DD
-><P
->This option tells <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
->
- when acting as a WINS server (<A
-HREF="#WINSSUPPORT"
-><TT
-CLASS="PARAMETER"
-><I
-> wins support = yes</I
-></TT
-></A
->) what the minimum 'time to live'
- of NetBIOS names that <B
-CLASS="COMMAND"
->nmbd</B
-> will grant will be (in
- seconds). You should never need to change this parameter. The default
- is 6 hours (21600 seconds).</P
-><P
->Default: <B
-CLASS="COMMAND"
->min wins ttl = 21600</B
-></P
-></DD
-><DT
-><A
-NAME="MSDFSROOT"
-></A
->msdfs root (S)</DT
-><DD
-><P
->This boolean parameter is only available if
- Samba is configured and compiled with the <B
-CLASS="COMMAND"
-> --with-msdfs</B
-> option. If set to <TT
-CLASS="CONSTANT"
->yes&#62;</TT
->,
- Samba treats the share as a Dfs root and allows clients to browse
- the distributed file system tree rooted at the share directory.
- Dfs links are specified in the share directory by symbolic
- links of the form <TT
-CLASS="FILENAME"
->msdfs:serverA\shareA,serverB\shareB
- </TT
-> and so on. For more information on setting up a Dfs tree
- on Samba, refer to <A
-HREF="msdfs_setup.html"
-TARGET="_top"
->msdfs_setup.html
- </A
->.</P
-><P
->See also <A
-HREF="#HOSTMSDFS"
-><TT
-CLASS="PARAMETER"
-><I
->host msdfs
- </I
-></TT
-></A
-></P
-><P
->Default: <B
-CLASS="COMMAND"
->msdfs root = no</B
-></P
-></DD
-><DT
-><A
-NAME="NAMERESOLVEORDER"
-></A
->name resolve order (G)</DT
-><DD
-><P
->This option is used by the programs in the Samba
- suite to determine what naming services to use and in what order
- to resolve host names to IP addresses. The option takes a space
- separated string of name resolution options.</P
-><P
->The options are :"lmhosts", "host", "wins" and "bcast". They
- cause names to be resolved as follows :</P
-><P
-></P
-><UL
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->lmhosts</TT
-> : Lookup an IP
- address in the Samba lmhosts file. If the line in lmhosts has
- no name type attached to the NetBIOS name (see the <A
-HREF="lmhosts.5.html"
-TARGET="_top"
->lmhosts(5)</A
-> for details) then
- any name type matches for lookup.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->host</TT
-> : Do a standard host
- name to IP address resolution, using the system <TT
-CLASS="FILENAME"
->/etc/hosts
- </TT
->, NIS, or DNS lookups. This method of name resolution
- is operating system depended for instance on IRIX or Solaris this
- may be controlled by the <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
->
- file). Note that this method is only used if the NetBIOS name
- type being queried is the 0x20 (server) name type, otherwise
- it is ignored.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->wins</TT
-> : Query a name with
- the IP address listed in the <A
-HREF="#WINSSERVER"
-><TT
-CLASS="PARAMETER"
-><I
-> wins server</I
-></TT
-></A
-> parameter. If no WINS server has
- been specified this method will be ignored.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->bcast</TT
-> : Do a broadcast on
- each of the known local interfaces listed in the <A
-HREF="#INTERFACES"
-><TT
-CLASS="PARAMETER"
-><I
->interfaces</I
-></TT
-></A
->
- parameter. This is the least reliable of the name resolution
- methods as it depends on the target host being on a locally
- connected subnet.</P
-></LI
-></UL
-><P
->Default: <B
-CLASS="COMMAND"
->name resolve order = lmhosts host wins bcast
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->name resolve order = lmhosts bcast host
- </B
-></P
-><P
->This will cause the local lmhosts file to be examined
- first, followed by a broadcast attempt, followed by a normal
- system hostname lookup.</P
-></DD
-><DT
-><A
-NAME="NETBIOSALIASES"
-></A
->netbios aliases (G)</DT
-><DD
-><P
->This is a list of NetBIOS names that <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> will advertise as additional
- names by which the Samba server is known. This allows one machine
- to appear in browse lists under multiple names. If a machine is
- acting as a browse server or logon server none
- of these names will be advertised as either browse server or logon
- servers, only the primary name of the machine will be advertised
- with these capabilities.</P
-><P
->See also <A
-HREF="#NETBIOSNAME"
-><TT
-CLASS="PARAMETER"
-><I
->netbios
- name</I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->empty string (no additional names)</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->netbios aliases = TEST TEST1 TEST2</B
-></P
-></DD
-><DT
-><A
-NAME="NETBIOSNAME"
-></A
->netbios name (G)</DT
-><DD
-><P
->This sets the NetBIOS name by which a Samba
- server is known. By default it is the same as the first component
- of the host's DNS name. If a machine is a browse server or
- logon server this name (or the first component
- of the hosts DNS name) will be the name that these services are
- advertised under.</P
-><P
->See also <A
-HREF="#NETBIOSALIASES"
-><TT
-CLASS="PARAMETER"
-><I
->netbios
- aliases</I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->machine DNS name</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->netbios name = MYNAME</B
-></P
-></DD
-><DT
-><A
-NAME="NETBIOSSCOPE"
-></A
->netbios scope (G)</DT
-><DD
-><P
->This sets the NetBIOS scope that Samba will
- operate under. This should not be set unless every machine
- on your LAN also sets this value.</P
-></DD
-><DT
-><A
-NAME="NISHOMEDIR"
-></A
->nis homedir (G)</DT
-><DD
-><P
->Get the home share server from a NIS map. For
- UNIX systems that use an automounter, the user's home directory
- will often be mounted on a workstation on demand from a remote
- server. </P
-><P
->When the Samba logon server is not the actual home directory
- server, but is mounting the home directories via NFS then two
- network hops would be required to access the users home directory
- if the logon server told the client to use itself as the SMB server
- for home directories (one over SMB and one over NFS). This can
- be very slow.</P
-><P
->This option allows Samba to return the home share as
- being on a different server to the logon server and as
- long as a Samba daemon is running on the home directory server,
- it will be mounted on the Samba client directly from the directory
- server. When Samba is returning the home share to the client, it
- will consult the NIS map specified in <A
-HREF="#HOMEDIRMAP"
-> <TT
-CLASS="PARAMETER"
-><I
->homedir map</I
-></TT
-></A
-> and return the server
- listed there.</P
-><P
->Note that for this option to work there must be a working
- NIS system and the Samba server with this option must also
- be a logon server.</P
-><P
->Default: <B
-CLASS="COMMAND"
->nis homedir = no</B
-></P
-></DD
-><DT
-><A
-NAME="NTACLSUPPORT"
-></A
->nt acl support (G)</DT
-><DD
-><P
->This boolean parameter controls whether
- <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> will attempt to map
- UNIX permissions into Windows NT access control lists.</P
-><P
->Default: <B
-CLASS="COMMAND"
->nt acl support = yes</B
-></P
-></DD
-><DT
-><A
-NAME="NTPIPESUPPORT"
-></A
->nt pipe support (G)</DT
-><DD
-><P
->This boolean parameter controls whether
- <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> will allow Windows NT
- clients to connect to the NT SMB specific <TT
-CLASS="CONSTANT"
->IPC$</TT
->
- pipes. This is a developer debugging option and can be left
- alone.</P
-><P
->Default: <B
-CLASS="COMMAND"
->nt pipe support = yes</B
-></P
-></DD
-><DT
-><A
-NAME="NTSMBSUPPORT"
-></A
->nt smb support (G)</DT
-><DD
-><P
->This boolean parameter controls whether <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> will negotiate NT specific SMB
- support with Windows NT clients. Although this is a developer
- debugging option and should be left alone, benchmarking has discovered
- that Windows NT clients give faster performance with this option
- set to <TT
-CLASS="CONSTANT"
->no</TT
->. This is still being investigated.
- If this option is set to <TT
-CLASS="CONSTANT"
->no</TT
-> then Samba offers
- exactly the same SMB calls that versions prior to Samba 2.0 offered.
- This information may be of use if any users are having problems
- with NT SMB support.</P
-><P
->You should not need to ever disable this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->nt smb support = yes</B
-></P
-></DD
-><DT
-><A
-NAME="NULLPASSWORDS"
-></A
->null passwords (G)</DT
-><DD
-><P
->Allow or disallow client access to accounts
- that have null passwords. </P
-><P
->See also <A
-HREF="smbpasswd.5.html"
-TARGET="_top"
->smbpasswd (5)</A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->null passwords = no</B
-></P
-></DD
-><DT
-><A
-NAME="ONLYUSER"
-></A
->only user (S)</DT
-><DD
-><P
->This is a boolean option that controls whether
- connections with usernames not in the <TT
-CLASS="PARAMETER"
-><I
->user</I
-></TT
->
- list will be allowed. By default this option is disabled so that a
- client can supply a username to be used by the server. Enabling
- this parameter will force the server to only user the login
- names from the <TT
-CLASS="PARAMETER"
-><I
->user</I
-></TT
-> list and is only really
- useful in <A
-HREF="#SECURITYEQUALSSHARE"
->shave level</A
->
- security.</P
-><P
->Note that this also means Samba won't try to deduce
- usernames from the service name. This can be annoying for
- the [homes] section. To get around this you could use <B
-CLASS="COMMAND"
->user =
- %S</B
-> which means your <TT
-CLASS="PARAMETER"
-><I
->user</I
-></TT
-> list
- will be just the service name, which for home directories is the
- name of the user.</P
-><P
->See also the <A
-HREF="#USER"
-><TT
-CLASS="PARAMETER"
-><I
->user</I
-></TT
->
- </A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->only user = no</B
-></P
-></DD
-><DT
-><A
-NAME="OLELOCKINGCOMPATIBILITY"
-></A
->ole locking compatibility (G)</DT
-><DD
-><P
->This parameter allows an administrator to turn
- off the byte range lock manipulation that is done within Samba to
- give compatibility for OLE applications. Windows OLE applications
- use byte range locking as a form of inter-process communication, by
- locking ranges of bytes around the 2^32 region of a file range. This
- can cause certain UNIX lock managers to crash or otherwise cause
- problems. Setting this parameter to <TT
-CLASS="CONSTANT"
->no</TT
-> means you
- trust your UNIX lock manager to handle such cases correctly.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ole locking compatibility = yes</B
-></P
-></DD
-><DT
-><A
-NAME="ONLYGUEST"
-></A
->only guest (S)</DT
-><DD
-><P
->A synonym for <A
-HREF="#GUESTONLY"
-><TT
-CLASS="PARAMETER"
-><I
-> guest only</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="OPLOCKBREAKWAITTIME"
-></A
->oplock break wait time (G)</DT
-><DD
-><P
->This is a tuning parameter added due to bugs in
- both Windows 9x and WinNT. If Samba responds to a client too
- quickly when that client issues an SMB that can cause an oplock
- break request, then the network client can fail and not respond
- to the break request. This tuning parameter (which is set in milliseconds)
- is the amount of time Samba will wait before sending an oplock break
- request to such (broken) clients.</P
-><P
-><I
-CLASS="EMPHASIS"
->DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ
- AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->oplock break wait time = 0</B
-></P
-></DD
-><DT
-><A
-NAME="OPLOCKCONTENTIONLIMIT"
-></A
->oplock contention limit (S)</DT
-><DD
-><P
->This is a <I
-CLASS="EMPHASIS"
->very</I
-> advanced
- <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> tuning option to
- improve the efficiency of the granting of oplocks under multiple
- client contention for the same file.</P
-><P
->In brief it specifies a number, which causes smbd not to
- grant an oplock even when requested if the approximate number of
- clients contending for an oplock on the same file goes over this
- limit. This causes <B
-CLASS="COMMAND"
->smbd</B
-> to behave in a similar
- way to Windows NT.</P
-><P
-><I
-CLASS="EMPHASIS"
->DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ
- AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->oplock contention limit = 2</B
-></P
-></DD
-><DT
-><A
-NAME="OPLOCKS"
-></A
->oplocks (S)</DT
-><DD
-><P
->This boolean option tells smbd whether to
- issue oplocks (opportunistic locks) to file open requests on this
- share. The oplock code can dramatically (approx. 30% or more) improve
- the speed of access to files on Samba servers. It allows the clients
- to aggressively cache files locally and you may want to disable this
- option for unreliable network environments (it is turned on by
- default in Windows NT Servers). For more information see the file
- <TT
-CLASS="FILENAME"
->Speed.txt</TT
-> in the Samba <TT
-CLASS="FILENAME"
->docs/</TT
->
- directory.</P
-><P
->Oplocks may be selectively turned off on certain files with a
- share. See the <A
-HREF="#VETOOPLOCKFILES"
-><TT
-CLASS="PARAMETER"
-><I
-> veto oplock files</I
-></TT
-></A
-> parameter. On some systems
- oplocks are recognized by the underlying operating system. This
- allows data synchronization between all access to oplocked files,
- whether it be via Samba or NFS or a local UNIX process. See the
- <TT
-CLASS="PARAMETER"
-><I
->kernel oplocks</I
-></TT
-> parameter for details.</P
-><P
->See also the <A
-HREF="#KERNELOPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->kernel
- oplocks</I
-></TT
-></A
-> and <A
-HREF="#LEVEL2OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
-> level2 oplocks</I
-></TT
-></A
-> parameters.</P
-><P
->Default: <B
-CLASS="COMMAND"
->oplocks = yes</B
-></P
-></DD
-><DT
-><A
-NAME="OSLEVEL"
-></A
->os level (G)</DT
-><DD
-><P
->This integer value controls what level Samba
- advertises itself as for browse elections. The value of this
- parameter determines whether <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
->
- has a chance of becoming a local master browser for the <TT
-CLASS="PARAMETER"
-><I
-> WORKGROUP</I
-></TT
-> in the local broadcast area.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->By default, Samba will win
- a local master browsing election over all Microsoft operating
- systems except a Windows NT 4.0/2000 Domain Controller. This
- means that a misconfigured Samba host can effectively isolate
- a subnet for browsing purposes. See <TT
-CLASS="FILENAME"
->BROWSING.txt
- </TT
-> in the Samba <TT
-CLASS="FILENAME"
->docs/</TT
-> directory
- for details.</P
-><P
->Default: <B
-CLASS="COMMAND"
->os level = 20</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->os level = 65 </B
-></P
-></DD
-><DT
-><A
-NAME="OS2DRIVERMAP"
-></A
->os2 driver map (G)</DT
-><DD
-><P
->The parameter is used to define the absolute
- path to a file containing a mapping of Windows NT printer driver
- names to OS/2 printer driver names. The format is:</P
-><P
->&lt;nt driver name&gt; = &lt;os2 driver
- name&gt;.&lt;device name&gt;</P
-><P
->For example, a valid entry using the HP LaserJet 5
- printer driver woudl appear as <B
-CLASS="COMMAND"
->HP LaserJet 5L = LASERJET.HP
- LaserJet 5L</B
->.</P
-><P
->The need for the file is due to the printer driver namespace
- problem described in the <A
-HREF="printer_driver2.html"
-TARGET="_top"
->Samba
- Printing HOWTO</A
->. For more details on OS/2 clients, please
- refer to the <A
-HREF="OS2-Client-HOWTO.html"
-TARGET="_top"
->OS2-Client-HOWTO
- </A
-> containing in the Samba documentation.</P
-><P
->Default: <B
-CLASS="COMMAND"
->os2 driver map = &lt;empty string&gt;
- </B
-></P
-></DD
-><DT
-><A
-NAME="PANICACTION"
-></A
->panic action (G)</DT
-><DD
-><P
->This is a Samba developer option that allows a
- system command to be called when either <A
-HREF="smbd.8.html"
-TARGET="_top"
-> smbd(8)</A
-> or <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
->
- crashes. This is usually used to draw attention to the fact that
- a problem occurred.</P
-><P
->Default: <B
-CLASS="COMMAND"
->panic action = &lt;empty string&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->panic action = "/bin/sleep 90000"</B
-></P
-></DD
-><DT
-><A
-NAME="PASSWDCHAT"
-></A
->passwd chat (G)</DT
-><DD
-><P
->This string controls the <I
-CLASS="EMPHASIS"
->"chat"</I
->
- conversation that takes places between <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> and the local password changing
- program to change the users password. The string describes a
- sequence of response-receive pairs that <A
-HREF="smbd.8.html"
-TARGET="_top"
-> smbd(8)</A
-> uses to determine what to send to the
- <A
-HREF="#PASSWDPROGRAM"
-><TT
-CLASS="PARAMETER"
-><I
->passwd program</I
-></TT
->
- </A
-> and what to expect back. If the expected output is not
- received then the password is not changed.</P
-><P
->This chat sequence is often quite site specific, depending
- on what local methods are used for password control (such as NIS
- etc).</P
-><P
->The string can contain the macros <TT
-CLASS="PARAMETER"
-><I
->%o</I
-></TT
->
- and <TT
-CLASS="PARAMETER"
-><I
->%n</I
-></TT
-> which are substituted for the old
- and new passwords respectively. It can also contain the standard
- macros <TT
-CLASS="CONSTANT"
->\n</TT
->, <TT
-CLASS="CONSTANT"
->\r</TT
->, <TT
-CLASS="CONSTANT"
-> \t</TT
-> and <TT
-CLASS="CONSTANT"
->%s</TT
-> to give line-feed,
- carriage-return, tab and space.</P
-><P
->The string can also contain a '*' which matches
- any sequence of characters.</P
-><P
->Double quotes can be used to collect strings with spaces
- in them into a single string.</P
-><P
->If the send string in any part of the chat sequence
- is a fullstop ".", then no string is sent. Similarly,
- if the expect string is a fullstop then no string is expected.</P
-><P
->Note that if the <A
-HREF="#UNIXPASSWORDSYNC"
-><TT
-CLASS="PARAMETER"
-><I
->unix
- password sync</I
-></TT
-></A
-> parameter is set to true, then this
- sequence is called <I
-CLASS="EMPHASIS"
->AS ROOT</I
-> when the SMB password
- in the smbpasswd file is being changed, without access to the old
- password cleartext. In this case the old password cleartext is set
- to "" (the empty string).</P
-><P
->See also <A
-HREF="#UNIXPASSWORDSYNC"
-><TT
-CLASS="PARAMETER"
-><I
->unix password
- sync</I
-></TT
-></A
->, <A
-HREF="#PASSWDPROGRAM"
-><TT
-CLASS="PARAMETER"
-><I
-> passwd program</I
-></TT
-></A
-> and <A
-HREF="#PASSWDCHATDEBUG"
-> <TT
-CLASS="PARAMETER"
-><I
->passwd chat debug</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->passwd chat = *new*password* %n\n
- *new*password* %n\n *changed*</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->passwd chat = "*Enter OLD password*" %o\n
- "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password
- changed*"</B
-></P
-></DD
-><DT
-><A
-NAME="PASSWDCHATDEBUG"
-></A
->passwd chat debug (G)</DT
-><DD
-><P
->This boolean specifies if the passwd chat script
- parameter is run in <I
-CLASS="EMPHASIS"
->debug</I
-> mode. In this mode the
- strings passed to and received from the passwd chat are printed
- in the <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> log with a
- <A
-HREF="#DEBUGLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->debug level</I
-></TT
-></A
->
- of 100. This is a dangerous option as it will allow plaintext passwords
- to be seen in the <B
-CLASS="COMMAND"
->smbd</B
-> log. It is available to help
- Samba admins debug their <TT
-CLASS="PARAMETER"
-><I
->passwd chat</I
-></TT
-> scripts
- when calling the <TT
-CLASS="PARAMETER"
-><I
->passwd program</I
-></TT
-> and should
- be turned off after this has been done. This parameter is off by
- default.</P
-><P
->See also &#60;<A
-HREF="#PASSWDCHAT"
-><TT
-CLASS="PARAMETER"
-><I
->passwd chat</I
-></TT
->
- </A
->, <A
-HREF="#PASSWDPROGRAM"
-><TT
-CLASS="PARAMETER"
-><I
->passwd program</I
-></TT
->
- </A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->passwd chat debug = no</B
-></P
-></DD
-><DT
-><A
-NAME="PASSWDPROGRAM"
-></A
->passwd program (G)</DT
-><DD
-><P
->The name of a program that can be used to set
- UNIX user passwords. Any occurrences of <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
->
- will be replaced with the user name. The user name is checked for
- existence before calling the password changing program.</P
-><P
->Also note that many passwd programs insist in <I
-CLASS="EMPHASIS"
->reasonable
- </I
-> passwords, such as a minimum length, or the inclusion
- of mixed case chars and digits. This can pose a problem as some clients
- (such as Windows for Workgroups) uppercase the password before sending
- it.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that if the <TT
-CLASS="PARAMETER"
-><I
->unix
- password sync</I
-></TT
-> parameter is set to <TT
-CLASS="CONSTANT"
->True
- </TT
-> then this program is called <I
-CLASS="EMPHASIS"
->AS ROOT</I
->
- before the SMB password in the <A
-HREF="smbpasswd.5.html"
-TARGET="_top"
->smbpasswd(5)
- </A
-> file is changed. If this UNIX password change fails, then
- <B
-CLASS="COMMAND"
->smbd</B
-> will fail to change the SMB password also
- (this is by design).</P
-><P
->If the <TT
-CLASS="PARAMETER"
-><I
->unix password sync</I
-></TT
-> parameter
- is set this parameter <I
-CLASS="EMPHASIS"
->MUST USE ABSOLUTE PATHS</I
->
- for <I
-CLASS="EMPHASIS"
->ALL</I
-> programs called, and must be examined
- for security implications. Note that by default <TT
-CLASS="PARAMETER"
-><I
->unix
- password sync</I
-></TT
-> is set to <TT
-CLASS="CONSTANT"
->False</TT
->.</P
-><P
->See also <A
-HREF="#UNIXPASSWORDSYNC"
-><TT
-CLASS="PARAMETER"
-><I
->unix
- password sync</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->passwd program = /bin/passwd</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->passwd program = /sbin/npasswd %u</B
->
- </P
-></DD
-><DT
-><A
-NAME="PASSWORDLEVEL"
-></A
->password level (G)</DT
-><DD
-><P
->Some client/server combinations have difficulty
- with mixed-case passwords. One offending client is Windows for
- Workgroups, which for some reason forces passwords to upper
- case when using the LANMAN1 protocol, but leaves them alone when
- using COREPLUS! Another problem child is the Windows 95/98
- family of operating systems. These clients upper case clear
- text passwords even when NT LM 0.12 selected by the protocol
- negotiation request/response.</P
-><P
->This parameter defines the maximum number of characters
- that may be upper case in passwords.</P
-><P
->For example, say the password given was "FRED". If <TT
-CLASS="PARAMETER"
-><I
-> password level</I
-></TT
-> is set to 1, the following combinations
- would be tried if "FRED" failed:</P
-><P
->"Fred", "fred", "fRed", "frEd","freD"</P
-><P
->If <TT
-CLASS="PARAMETER"
-><I
->password level</I
-></TT
-> was set to 2,
- the following combinations would also be tried: </P
-><P
->"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</P
-><P
->And so on.</P
-><P
->The higher value this parameter is set to the more likely
- it is that a mixed case password will be matched against a single
- case password. However, you should be aware that use of this
- parameter reduces security and increases the time taken to
- process a new connection.</P
-><P
->A value of zero will cause only two attempts to be
- made - the password as is and the password in all-lower case.</P
-><P
->Default: <B
-CLASS="COMMAND"
->password level = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->password level = 4</B
-></P
-></DD
-><DT
-><A
-NAME="PASSWORDSERVER"
-></A
->password server (G)</DT
-><DD
-><P
->By specifying the name of another SMB server (such
- as a WinNT box) with this option, and using <B
-CLASS="COMMAND"
->security = domain
- </B
-> or <B
-CLASS="COMMAND"
->security = server</B
-> you can get Samba
- to do all its username/password validation via a remote server.</P
-><P
->This option sets the name of the password server to use.
- It must be a NetBIOS name, so if the machine's NetBIOS name is
- different from its Internet name then you may have to add its NetBIOS
- name to the lmhosts file which is stored in the same directory
- as the <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file.</P
-><P
->The name of the password server is looked up using the
- parameter <A
-HREF="#NAMERESOLVEORDER"
-><TT
-CLASS="PARAMETER"
-><I
->name
- resolve order</I
-></TT
-></A
-> and so may resolved
- by any method and order described in that parameter.</P
-><P
->The password server much be a machine capable of using
- the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
- user level security mode.</P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> Using a password server
- means your UNIX box (running Samba) is only as secure as your
- password server. <I
-CLASS="EMPHASIS"
->DO NOT CHOOSE A PASSWORD SERVER THAT
- YOU DON'T COMPLETELY TRUST</I
->.</P
-><P
->Never point a Samba server at itself for password
- serving. This will cause a loop and could lock up your Samba
- server!</P
-><P
->The name of the password server takes the standard
- substitutions, but probably the only useful one is <TT
-CLASS="PARAMETER"
-><I
->%m
- </I
-></TT
->, which means the Samba server will use the incoming
- client as the password server. If you use this then you better
- trust your clients, and you had better restrict them with hosts allow!</P
-><P
->If the <TT
-CLASS="PARAMETER"
-><I
->security</I
-></TT
-> parameter is set to
- <TT
-CLASS="CONSTANT"
->domain</TT
->, then the list of machines in this
- option must be a list of Primary or Backup Domain controllers for the
- Domain or the character '*', as the Samba server is effectively
- in that domain, and will use cryptographically authenticated RPC calls
- to authenticate the user logging on. The advantage of using <B
-CLASS="COMMAND"
-> security = domain</B
-> is that if you list several hosts in the
- <TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-> option then <B
-CLASS="COMMAND"
->smbd
- </B
-> will try each in turn till it finds one that responds. This
- is useful in case your primary server goes down.</P
-><P
->If the <TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-> option is set
- to the character '*', then Samba will attempt to auto-locate the
- Primary or Backup Domain controllers to authenticate against by
- doing a query for the name <TT
-CLASS="CONSTANT"
->WORKGROUP&lt;1C&gt;</TT
->
- and then contacting each server returned in the list of IP
- addresses from the name resolution source. </P
-><P
->If the <TT
-CLASS="PARAMETER"
-><I
->security</I
-></TT
-> parameter is
- set to <TT
-CLASS="CONSTANT"
->server</TT
->, then there are different
- restrictions that <B
-CLASS="COMMAND"
->security = domain</B
-> doesn't
- suffer from:</P
-><P
-></P
-><UL
-><LI
-><P
->You may list several password servers in
- the <TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-> parameter, however if an
- <B
-CLASS="COMMAND"
->smbd</B
-> makes a connection to a password server,
- and then the password server fails, no more users will be able
- to be authenticated from this <B
-CLASS="COMMAND"
->smbd</B
->. This is a
- restriction of the SMB/CIFS protocol when in <B
-CLASS="COMMAND"
->security=server
- </B
-> mode and cannot be fixed in Samba.</P
-></LI
-><LI
-><P
->If you are using a Windows NT server as your
- password server then you will have to ensure that your users
- are able to login from the Samba server, as when in <B
-CLASS="COMMAND"
-> security=server</B
-> mode the network logon will appear to
- come from there rather than from the users workstation.</P
-></LI
-></UL
-><P
->See also the <A
-HREF="#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
->security
- </I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->password server = &lt;empty string&gt;</B
->
- </P
-><P
->Example: <B
-CLASS="COMMAND"
->password server = NT-PDC, NT-BDC1, NT-BDC2
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->password server = *</B
-></P
-></DD
-><DT
-><A
-NAME="PATH"
-></A
->path (S)</DT
-><DD
-><P
->This parameter specifies a directory to which
- the user of the service is to be given access. In the case of
- printable services, this is where print data will spool prior to
- being submitted to the host for printing.</P
-><P
->For a printable service offering guest access, the service
- should be readonly and the path should be world-writeable and
- have the sticky bit set. This is not mandatory of course, but
- you probably won't get the results you expect if you do
- otherwise.</P
-><P
->Any occurrences of <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
-> in the path
- will be replaced with the UNIX username that the client is using
- on this connection. Any occurrences of <TT
-CLASS="PARAMETER"
-><I
->%m</I
-></TT
->
- will be replaced by the NetBIOS name of the machine they are
- connecting from. These replacements are very useful for setting
- up pseudo home directories for users.</P
-><P
->Note that this path will be based on <A
-HREF="#ROOTDIR"
-> <TT
-CLASS="PARAMETER"
-><I
->root dir</I
-></TT
-></A
-> if one was specified.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->path = /home/fred</B
-></P
-></DD
-><DT
-><A
-NAME="POSIXLOCKING"
-></A
->posix locking (S)</DT
-><DD
-><P
->The <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->
- daemon maintains an database of file locks obtained by SMB clients.
- The default behavior is to map this internal database to POSIX
- locks. This means that file locks obtained by SMB clients are
- consistent with those seen by POSIX compliant applications accessing
- the files via a non-SMB method (e.g. NFS or local file access).
- You should never need to disable this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->posix locking = yes</B
-></P
-></DD
-><DT
-><A
-NAME="POSTEXEC"
-></A
->postexec (S)</DT
-><DD
-><P
->This option specifies a command to be run
- whenever the service is disconnected. It takes the usual
- substitutions. The command may be run as the root on some
- systems.</P
-><P
->An interesting example may be do unmount server
- resources:</P
-><P
-><B
-CLASS="COMMAND"
->postexec = /etc/umount /cdrom</B
-></P
-><P
->See also <A
-HREF="#PREEXEC"
-><TT
-CLASS="PARAMETER"
-><I
->preexec</I
-></TT
->
- </A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none (no command executed)</I
->
- </P
-><P
->Example: <B
-CLASS="COMMAND"
->postexec = echo \"%u disconnected from %S
- from %m (%I)\" &gt;&gt; /tmp/log</B
-></P
-></DD
-><DT
-><A
-NAME="POSTSCRIPT"
-></A
->postscript (S)</DT
-><DD
-><P
->This parameter forces a printer to interpret
- the print files as postscript. This is done by adding a <TT
-CLASS="CONSTANT"
->%!
- </TT
-> to the start of print output.</P
-><P
->This is most useful when you have lots of PCs that persist
- in putting a control-D at the start of print jobs, which then
- confuses your printer.</P
-><P
->Default: <B
-CLASS="COMMAND"
->postscript = no</B
-></P
-></DD
-><DT
-><A
-NAME="PREEXEC"
-></A
->preexec (S)</DT
-><DD
-><P
->This option specifies a command to be run whenever
- the service is connected to. It takes the usual substitutions.</P
-><P
->An interesting example is to send the users a welcome
- message every time they log in. Maybe a message of the day? Here
- is an example:</P
-><P
-><B
-CLASS="COMMAND"
->preexec = csh -c 'echo \"Welcome to %S!\" |
- /usr/local/samba/bin/smbclient -M %m -I %I' &#38; </B
-></P
-><P
->Of course, this could get annoying after a while :-)</P
-><P
->See also <A
-HREF="#PREEXECCLOSE"
-><TT
-CLASS="PARAMETER"
-><I
->preexec close
- </I
-></TT
-></A
-> and <A
-HREF="#POSTEXEC"
-><TT
-CLASS="PARAMETER"
-><I
->postexec
- </I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none (no command executed)</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->preexec = echo \"%u connected to %S from %m
- (%I)\" &gt;&gt; /tmp/log</B
-></P
-></DD
-><DT
-><A
-NAME="PREEXECCLOSE"
-></A
->preexec close (S)</DT
-><DD
-><P
->This boolean option controls whether a non-zero
- return code from <A
-HREF="#PREEXEC"
-><TT
-CLASS="PARAMETER"
-><I
->preexec
- </I
-></TT
-></A
-> should close the service being connected to.</P
-><P
->Default: <B
-CLASS="COMMAND"
->preexec close = no</B
-></P
-></DD
-><DT
-><A
-NAME="PREFERREDMASTER"
-></A
->preferred master (G)</DT
-><DD
-><P
->This boolean parameter controls if <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> is a preferred master browser
- for its workgroup.</P
-><P
->If this is set to true, on startup, <B
-CLASS="COMMAND"
->nmbd</B
->
- will force an election, and it will have a slight advantage in
- winning the election. It is recommended that this parameter is
- used in conjunction with <B
-CLASS="COMMAND"
-><A
-HREF="#DOMAINMASTER"
-><TT
-CLASS="PARAMETER"
-><I
-> domain master</I
-></TT
-></A
-> = yes</B
->, so that <B
-CLASS="COMMAND"
-> nmbd</B
-> can guarantee becoming a domain master.</P
-><P
->Use this option with caution, because if there are several
- hosts (whether Samba servers, Windows 95 or NT) that are preferred
- master browsers on the same subnet, they will each periodically
- and continuously attempt to become the local master browser.
- This will result in unnecessary broadcast traffic and reduced browsing
- capabilities.</P
-><P
->See also <A
-HREF="#OSLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->os level</I
-></TT
->
- </A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->preferred master = auto</B
-></P
-></DD
-><DT
-><A
-NAME="PREFEREDMASTER"
-></A
->prefered master (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#PREFERREDMASTER"
-><TT
-CLASS="PARAMETER"
-><I
-> preferred master</I
-></TT
-></A
-> for people who cannot spell :-).</P
-></DD
-><DT
-><A
-NAME="PRELOAD"
-></A
->preload</DT
-><DD
-><P
->This is a list of services that you want to be
- automatically added to the browse lists. This is most useful
- for homes and printers services that would otherwise not be
- visible.</P
-><P
->Note that if you just want all printers in your
- printcap file loaded then the <A
-HREF="#LOADPRINTERS"
-> <TT
-CLASS="PARAMETER"
-><I
->load printers</I
-></TT
-></A
-> option is easier.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no preloaded services</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->preload = fred lp colorlp</B
-></P
-></DD
-><DT
-><A
-NAME="PRESERVECASE"
-></A
->preserve case (S)</DT
-><DD
-><P
-> This controls if new filenames are created
- with the case that the client passes, or if they are forced to
- be the <A
-HREF="#DEFAULTCASE"
-><TT
-CLASS="PARAMETER"
-><I
->default case
- </I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->preserve case = yes</B
-></P
-><P
->See the section on <A
-HREF="#AEN201"
->NAME
- MANGLING</A
-> for a fuller discussion.</P
-></DD
-><DT
-><A
-NAME="PRINTCOMMAND"
-></A
->print command (S)</DT
-><DD
-><P
->After a print job has finished spooling to
- a service, this command will be used via a <B
-CLASS="COMMAND"
->system()</B
->
- call to process the spool file. Typically the command specified will
- submit the spool file to the host's printing subsystem, but there
- is no requirement that this be the case. The server will not remove
- the spool file, so whatever command you specify should remove the
- spool file when it has been processed, otherwise you will need to
- manually remove old spool files.</P
-><P
->The print command is simply a text string. It will be used
- verbatim, with two exceptions: All occurrences of <TT
-CLASS="PARAMETER"
-><I
->%s
- </I
-></TT
-> and <TT
-CLASS="PARAMETER"
-><I
->%f</I
-></TT
-> will be replaced by the
- appropriate spool file name, and all occurrences of <TT
-CLASS="PARAMETER"
-><I
->%p
- </I
-></TT
-> will be replaced by the appropriate printer name. The
- spool file name is generated automatically by the server, the printer
- name is discussed below.</P
-><P
->The print command <I
-CLASS="EMPHASIS"
->MUST</I
-> contain at least
- one occurrence of <TT
-CLASS="PARAMETER"
-><I
->%s</I
-></TT
-> or <TT
-CLASS="PARAMETER"
-><I
->%f
- </I
-></TT
-> - the <TT
-CLASS="PARAMETER"
-><I
->%p</I
-></TT
-> is optional. At the time
- a job is submitted, if no printer name is supplied the <TT
-CLASS="PARAMETER"
-><I
->%p
- </I
-></TT
-> will be silently removed from the printer command.</P
-><P
->If specified in the [global] section, the print command given
- will be used for any printable service that does not have its own
- print command specified.</P
-><P
->If there is neither a specified print command for a
- printable service nor a global print command, spool files will
- be created but not processed and (most importantly) not removed.</P
-><P
->Note that printing may fail on some UNIXes from the
- <TT
-CLASS="CONSTANT"
->nobody</TT
-> account. If this happens then create
- an alternative guest account that can print and set the <A
-HREF="#GUESTACCOUNT"
-><TT
-CLASS="PARAMETER"
-><I
->guest account</I
-></TT
-></A
->
- in the [global] section.</P
-><P
->You can form quite complex print commands by realizing
- that they are just passed to a shell. For example the following
- will log a print job, print the file, then remove it. Note that
- ';' is the usual separator for command in shell scripts.</P
-><P
-><B
-CLASS="COMMAND"
->print command = echo Printing %s &gt;&gt;
- /tmp/print.log; lpr -P %p %s; rm %s</B
-></P
-><P
->You may have to vary this command considerably depending
- on how you normally print files on your system. The default for
- the parameter varies depending on the setting of the <A
-HREF="#PRINTING"
-> <TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-></A
-> parameter.</P
-><P
->Default: For <B
-CLASS="COMMAND"
->printing= BSD, AIX, QNX, LPRNG
- or PLP :</B
-></P
-><P
-><B
-CLASS="COMMAND"
->print command = lpr -r -P%p %s</B
-></P
-><P
->For <B
-CLASS="COMMAND"
->printing= SYS or HPUX :</B
-></P
-><P
-><B
-CLASS="COMMAND"
->print command = lp -c -d%p %s; rm %s</B
-></P
-><P
->For <B
-CLASS="COMMAND"
->printing=SOFTQ :</B
-></P
-><P
-><B
-CLASS="COMMAND"
->print command = lp -d%p -s %s; rm %s</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->print command = /usr/local/samba/bin/myprintscript
- %p %s</B
-></P
-></DD
-><DT
-><A
-NAME="PRINTOK"
-></A
->print ok (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#PRINTABLE"
-> <TT
-CLASS="PARAMETER"
-><I
->printable</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="PRINTABLE"
-></A
->printable (S)</DT
-><DD
-><P
->If this parameter is <TT
-CLASS="CONSTANT"
->yes</TT
->, then
- clients may open, write to and submit spool files on the directory
- specified for the service. </P
-><P
->Note that a printable service will ALWAYS allow writing
- to the service path (user privileges permitting) via the spooling
- of print data. The <A
-HREF="#WRITEABLE"
-><TT
-CLASS="PARAMETER"
-><I
->writeable
- </I
-></TT
-></A
-> parameter controls only non-printing access to
- the resource.</P
-><P
->Default: <B
-CLASS="COMMAND"
->printable = no</B
-></P
-></DD
-><DT
-><A
-NAME="PRINTCAP"
-></A
->printcap (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#PRINTCAPNAME"
-><TT
-CLASS="PARAMETER"
-><I
-> printcap name</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="PRINTCAPNAME"
-></A
->printcap name (G)</DT
-><DD
-><P
->This parameter may be used to override the
- compiled-in default printcap name used by the server (usually <TT
-CLASS="FILENAME"
-> /etc/printcap</TT
->). See the discussion of the <A
-HREF="#AEN78"
->[printers]</A
-> section above for reasons
- why you might want to do this.</P
-><P
->On System V systems that use <B
-CLASS="COMMAND"
->lpstat</B
-> to
- list available printers you can use <B
-CLASS="COMMAND"
->printcap name = lpstat
- </B
-> to automatically obtain lists of available printers. This
- is the default for systems that define SYSV at configure time in
- Samba (this includes most System V based systems). If <TT
-CLASS="PARAMETER"
-><I
-> printcap name</I
-></TT
-> is set to <B
-CLASS="COMMAND"
->lpstat</B
-> on
- these systems then Samba will launch <B
-CLASS="COMMAND"
->lpstat -v</B
-> and
- attempt to parse the output to obtain a printer list.</P
-><P
->A minimal printcap file would look something like this:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
-> print1|My Printer 1
- print2|My Printer 2
- print3|My Printer 3
- print4|My Printer 4
- print5|My Printer 5
- </PRE
-></P
-><P
->where the '|' separates aliases of a printer. The fact
- that the second alias has a space in it gives a hint to Samba
- that it's a comment.</P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE</I
->: Under AIX the default printcap
- name is <TT
-CLASS="FILENAME"
->/etc/qconfig</TT
->. Samba will assume the
- file is in AIX <TT
-CLASS="FILENAME"
->qconfig</TT
-> format if the string
- <TT
-CLASS="FILENAME"
->qconfig</TT
-> appears in the printcap filename.</P
-><P
->Default: <B
-CLASS="COMMAND"
->printcap name = /etc/printcap</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->printcap name = /etc/myprintcap</B
-></P
-></DD
-><DT
-><A
-NAME="PRINTERADMIN"
-></A
->printer admin (S)</DT
-><DD
-><P
->This is a list of users that can do anything to
- printers via the remote administration interfaces offered by MS-RPC
- (usually using a NT workstation). Note that the root user always
- has admin rights.</P
-><P
->Default: <B
-CLASS="COMMAND"
->printer admin = &lt;empty string&gt;</B
->
- </P
-><P
->Example: <B
-CLASS="COMMAND"
->printer admin = admin, @staff</B
-></P
-></DD
-><DT
-><A
-NAME="PRINTERDRIVER"
-></A
->printer driver (S)</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->This is a depreciated
- parameter and will be removed in the next major release
- following version 2.2. Please see the instructions in
- <TT
-CLASS="FILENAME"
->PRINTER_DRIVER2.txt</TT
-> in the <TT
-CLASS="FILENAME"
->docs
- </TT
-> of the Samba distribution for more information
- on the new method of loading printer drivers onto a Samba server.
- </P
-><P
->This option allows you to control the string
- that clients receive when they ask the server for the printer driver
- associated with a printer. If you are using Windows95 or Windows NT
- then you can use this to automate the setup of printers on your
- system.</P
-><P
->You need to set this parameter to the exact string (case
- sensitive) that describes the appropriate printer driver for your
- system. If you don't know the exact string to use then you should
- first try with no <A
-HREF="#PRINTERDRIVER"
-><TT
-CLASS="PARAMETER"
-><I
-> printer driver</I
-></TT
-></A
-> option set and the client will
- give you a list of printer drivers. The appropriate strings are
- shown in a scroll box after you have chosen the printer manufacturer.</P
-><P
->See also <A
-HREF="#PRINTERDRIVERFILE"
-><TT
-CLASS="PARAMETER"
-><I
->printer
- driver file</I
-></TT
-></A
->.</P
-><P
->Example: <B
-CLASS="COMMAND"
->printer driver = HP LaserJet 4L</B
-></P
-></DD
-><DT
-><A
-NAME="PRINTERDRIVERFILE"
-></A
->printer driver file (G)</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->This is a depreciated
- parameter and will be removed in the next major release
- following version 2.2. Please see the instructions in
- <TT
-CLASS="FILENAME"
->PRINTER_DRIVER2.txt</TT
-> in the <TT
-CLASS="FILENAME"
->docs
- </TT
-> of the Samba distribution for more information
- on the new method of loading printer drivers onto a Samba server.
- </P
-><P
->This parameter tells Samba where the printer driver
- definition file, used when serving drivers to Windows 95 clients, is
- to be found. If this is not set, the default is :</P
-><P
-><TT
-CLASS="FILENAME"
-><TT
-CLASS="REPLACEABLE"
-><I
->SAMBA_INSTALL_DIRECTORY</I
-></TT
->
- /lib/printers.def</TT
-></P
-><P
->This file is created from Windows 95 <TT
-CLASS="FILENAME"
->msprint.inf
- </TT
-> files found on the Windows 95 client system. For more
- details on setting up serving of printer drivers to Windows 95
- clients, see the documentation file in the <TT
-CLASS="FILENAME"
->docs/</TT
->
- directory, <TT
-CLASS="FILENAME"
->PRINTER_DRIVER.txt</TT
->.</P
-><P
->See also <A
-HREF="#PRINTERDRIVERLOCATION"
-><TT
-CLASS="PARAMETER"
-><I
-> printer driver location</I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->None (set in compile).</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->printer driver file =
- /usr/local/samba/printers/drivers.def</B
-></P
-></DD
-><DT
-><A
-NAME="PRINTERDRIVERLOCATION"
-></A
->printer driver location (S)</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->This is a depreciated
- parameter and will be removed in the next major release
- following version 2.2. Please see the instructions in
- <TT
-CLASS="FILENAME"
->PRINTER_DRIVER2.txt</TT
-> in the <TT
-CLASS="FILENAME"
->docs
- </TT
-> of the Samba distribution for more information
- on the new method of loading printer drivers onto a Samba server.
- </P
-><P
->This parameter tells clients of a particular printer
- share where to find the printer driver files for the automatic
- installation of drivers for Windows 95 machines. If Samba is set up
- to serve printer drivers to Windows 95 machines, this should be set to</P
-><P
-><B
-CLASS="COMMAND"
->\\MACHINE\PRINTER$</B
-></P
-><P
->Where MACHINE is the NetBIOS name of your Samba server,
- and PRINTER$ is a share you set up for serving printer driver
- files. For more details on setting this up see the documentation
- file in the <TT
-CLASS="FILENAME"
->docs/</TT
-> directory, <TT
-CLASS="FILENAME"
-> PRINTER_DRIVER.txt</TT
->.</P
-><P
->See also <A
-HREF="#PRINTERDRIVERFILE"
-><TT
-CLASS="PARAMETER"
-><I
-> printer driver file</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->none</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->printer driver location = \\MACHINE\PRINTER$
- </B
-></P
-></DD
-><DT
-><A
-NAME="PRINTERNAME"
-></A
->printer name (S)</DT
-><DD
-><P
->This parameter specifies the name of the printer
- to which print jobs spooled through a printable service will be sent.</P
-><P
->If specified in the [global] section, the printer
- name given will be used for any printable service that does
- not have its own printer name specified.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none (but may be <TT
-CLASS="CONSTANT"
->lp</TT
->
- on many systems)</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->printer name = laserwriter</B
-></P
-></DD
-><DT
-><A
-NAME="PRINTER"
-></A
->printer (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#PRINTERNAME"
-><TT
-CLASS="PARAMETER"
-><I
-> printer name</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="PRINTING"
-></A
->printing (S)</DT
-><DD
-><P
->This parameters controls how printer status
- information is interpreted on your system. It also affects the
- default values for the <TT
-CLASS="PARAMETER"
-><I
->print command</I
-></TT
->,
- <TT
-CLASS="PARAMETER"
-><I
->lpq command</I
-></TT
->, <TT
-CLASS="PARAMETER"
-><I
->lppause command
- </I
-></TT
->, <TT
-CLASS="PARAMETER"
-><I
->lpresume command</I
-></TT
->, and
- <TT
-CLASS="PARAMETER"
-><I
->lprm command</I
-></TT
-> if specified in the
- [global]f&#62; section.</P
-><P
->Currently eight printing styles are supported. They are
- <TT
-CLASS="CONSTANT"
->BSD</TT
->, <TT
-CLASS="CONSTANT"
->AIX</TT
->,
- <TT
-CLASS="CONSTANT"
->LPRNG</TT
->, <TT
-CLASS="CONSTANT"
->PLP</TT
->,
- <TT
-CLASS="CONSTANT"
->SYSV</TT
->, <TT
-CLASS="CONSTANT"
->HPUX</TT
->,
- <TT
-CLASS="CONSTANT"
->QNX</TT
->, <TT
-CLASS="CONSTANT"
->SOFTQ</TT
->,
- and <TT
-CLASS="CONSTANT"
->CUPS</TT
->.</P
-><P
->To see what the defaults are for the other print
- commands when using the various options use the <A
-HREF="testparm.1.html"
-TARGET="_top"
->testparm(1)</A
-> program.</P
-><P
->This option can be set on a per printer basis</P
-><P
->See also the discussion in the <A
-HREF="#AEN78"
-> [printers]</A
-> section.</P
-></DD
-><DT
-><A
-NAME="PROTOCOL"
-></A
->protocol (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#MAXPROTOCOL"
-> <TT
-CLASS="PARAMETER"
-><I
->max protocol</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="PUBLIC"
-></A
->public (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#GUESTOK"
-><TT
-CLASS="PARAMETER"
-><I
->guest
- ok</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="QUEUEPAUSECOMMAND"
-></A
->queuepause command (S)</DT
-><DD
-><P
->This parameter specifies the command to be
- executed on the server host in order to pause the printerqueue.</P
-><P
->This command should be a program or script which takes
- a printer name as its only parameter and stops the printerqueue,
- such that no longer jobs are submitted to the printer.</P
-><P
->This command is not supported by Windows for Workgroups,
- but can be issued from the Printer's window under Windows 95
- and NT.</P
-><P
->If a <TT
-CLASS="PARAMETER"
-><I
->%p</I
-></TT
-> is given then the printername
- is put in its place. Otherwise it is placed at the end of the command.
- </P
-><P
->Note that it is good practice to include the absolute
- path in the command as the PATH may not be available to the
- server.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->depends on the setting of <TT
-CLASS="PARAMETER"
-><I
->printing
- </I
-></TT
-></I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->queuepause command = disable %p</B
-></P
-></DD
-><DT
-><A
-NAME="QUEUERESUMECOMMAND"
-></A
->queueresume command (S)</DT
-><DD
-><P
->This parameter specifies the command to be
- executed on the server host in order to resume the printerqueue. It
- is the command to undo the behavior that is caused by the
- previous parameter (<A
-HREF="#QUEUEPAUSECOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
-> queuepause command</I
-></TT
-></A
->).</P
-><P
->This command should be a program or script which takes
- a printer name as its only parameter and resumes the printerqueue,
- such that queued jobs are resubmitted to the printer.</P
-><P
->This command is not supported by Windows for Workgroups,
- but can be issued from the Printer's window under Windows 95
- and NT.</P
-><P
->If a <TT
-CLASS="PARAMETER"
-><I
->%p</I
-></TT
-> is given then the printername
- is put in its place. Otherwise it is placed at the end of the
- command.</P
-><P
->Note that it is good practice to include the absolute
- path in the command as the PATH may not be available to the
- server.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->depends on the setting of <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-></A
-></I
->
- </P
-><P
->Example: <B
-CLASS="COMMAND"
->queuepause command = enable %p
- </B
-></P
-></DD
-><DT
-><A
-NAME="READBMPX"
-></A
->read bmpx (G)</DT
-><DD
-><P
->This boolean parameter controls whether <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> will support the "Read
- Block Multiplex" SMB. This is now rarely used and defaults to
- <TT
-CLASS="CONSTANT"
->no</TT
->. You should never need to set this
- parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->read bmpx = no</B
-></P
-></DD
-><DT
-><A
-NAME="READLIST"
-></A
->read list (S)</DT
-><DD
-><P
->This is a list of users that are given read-only
- access to a service. If the connecting user is in this list then
- they will not be given write access, no matter what the <A
-HREF="#WRITEABLE"
-><TT
-CLASS="PARAMETER"
-><I
->writeable</I
-></TT
-></A
->
- option is set to. The list can include group names using the
- syntax described in the <A
-HREF="#INVALIDUSERS"
-><TT
-CLASS="PARAMETER"
-><I
-> invalid users</I
-></TT
-></A
-> parameter.</P
-><P
->See also the <A
-HREF="#WRITELIST"
-><TT
-CLASS="PARAMETER"
-><I
-> write list</I
-></TT
-></A
-> parameter and the <A
-HREF="#INVALIDUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->invalid users</I
-></TT
->
- </A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->read list = &lt;empty string&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->read list = mary, @students</B
-></P
-></DD
-><DT
-><A
-NAME="READONLY"
-></A
->read only (S)</DT
-><DD
-><P
->Note that this is an inverted synonym for <A
-HREF="#WRITEABLE"
-><TT
-CLASS="PARAMETER"
-><I
->writeable</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="READRAW"
-></A
->read raw (G)</DT
-><DD
-><P
->This parameter controls whether or not the server
- will support the raw read SMB requests when transferring data
- to clients.</P
-><P
->If enabled, raw reads allow reads of 65535 bytes in
- one packet. This typically provides a major performance benefit.
- </P
-><P
->However, some clients either negotiate the allowable
- block size incorrectly or are incapable of supporting larger block
- sizes, and for these clients you may need to disable raw reads.</P
-><P
->In general this parameter should be viewed as a system tuning
- tool and left severely alone. See also <A
-HREF="#WRITERAW"
-> <TT
-CLASS="PARAMETER"
-><I
->write raw</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->read raw = yes</B
-></P
-></DD
-><DT
-><A
-NAME="READSIZE"
-></A
->read size (G)</DT
-><DD
-><P
->The option <TT
-CLASS="PARAMETER"
-><I
->read size</I
-></TT
->
- affects the overlap of disk reads/writes with network reads/writes.
- If the amount of data being transferred in several of the SMB
- commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger
- than this value then the server begins writing the data before it
- has received the whole packet from the network, or in the case of
- SMBreadbraw, it begins writing to the network before all the data
- has been read from disk.</P
-><P
->This overlapping works best when the speeds of disk and
- network access are similar, having very little effect when the
- speed of one is much greater than the other.</P
-><P
->The default value is 16384, but very little experimentation
- has been done yet to determine the optimal value, and it is likely
- that the best value will vary greatly between systems anyway.
- A value over 65536 is pointless and will cause you to allocate
- memory unnecessarily.</P
-><P
->Default: <B
-CLASS="COMMAND"
->read size = 16384</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->read size = 8192</B
-></P
-></DD
-><DT
-><A
-NAME="REMOTEANNOUNCE"
-></A
->remote announce (G)</DT
-><DD
-><P
->This option allows you to setup <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> to periodically announce itself
- to arbitrary IP addresses with an arbitrary workgroup name.</P
-><P
->This is useful if you want your Samba server to appear
- in a remote workgroup for which the normal browse propagation
- rules don't work. The remote workgroup can be anywhere that you
- can send IP packets to.</P
-><P
->For example:</P
-><P
-><B
-CLASS="COMMAND"
->remote announce = 192.168.2.255/SERVERS
- 192.168.4.255/STAFF</B
-></P
-><P
->the above line would cause nmbd to announce itself
- to the two given IP addresses using the given workgroup names.
- If you leave out the workgroup name then the one given in
- the <A
-HREF="#WORKGROUP"
-><TT
-CLASS="PARAMETER"
-><I
->workgroup</I
-></TT
-></A
->
- parameter is used instead.</P
-><P
->The IP addresses you choose would normally be the broadcast
- addresses of the remote networks, but can also be the IP addresses
- of known browse masters if your network config is that stable.</P
-><P
->See the documentation file <TT
-CLASS="FILENAME"
->BROWSING.txt</TT
->
- in the <TT
-CLASS="FILENAME"
->docs/</TT
-> directory.</P
-><P
->Default: <B
-CLASS="COMMAND"
->remote announce = &lt;empty string&gt;
- </B
-></P
-></DD
-><DT
-><A
-NAME="REMOTEBROWSESYNC"
-></A
->remote browse sync (G)</DT
-><DD
-><P
->This option allows you to setup <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> to periodically request
- synchronization of browse lists with the master browser of a samba
- server that is on a remote segment. This option will allow you to
- gain browse lists for multiple workgroups across routed networks. This
- is done in a manner that does not work with any non-samba servers.</P
-><P
->This is useful if you want your Samba server and all local
- clients to appear in a remote workgroup for which the normal browse
- propagation rules don't work. The remote workgroup can be anywhere
- that you can send IP packets to.</P
-><P
->For example:</P
-><P
-><B
-CLASS="COMMAND"
->remote browse sync = 192.168.2.255 192.168.4.255
- </B
-></P
-><P
->the above line would cause <B
-CLASS="COMMAND"
->nmbd</B
-> to request
- the master browser on the specified subnets or addresses to
- synchronize their browse lists with the local server.</P
-><P
->The IP addresses you choose would normally be the broadcast
- addresses of the remote networks, but can also be the IP addresses
- of known browse masters if your network config is that stable. If
- a machine IP address is given Samba makes NO attempt to validate
- that the remote machine is available, is listening, nor that it
- is in fact the browse master on it's segment.</P
-><P
->Default: <B
-CLASS="COMMAND"
->remote browse sync = &lt;empty string&gt;
- </B
-></P
-></DD
-><DT
-><A
-NAME="RESTRICTANONYMOUS"
-></A
->restrict anonymous (G)</DT
-><DD
-><P
->This is a boolean parameter. If it is true, then
- anonymous access to the server will be restricted, namely in the
- case where the server is expecting the client to send a username,
- but it doesn't. Setting it to true will force these anonymous
- connections to be denied, and the client will be required to always
- supply a username and password when connecting. Use of this parameter
- is only recommended for homogeneous NT client environments.</P
-><P
->This parameter makes the use of macro expansions that rely
- on the username (%U, %G, etc) consistent. NT 4.0
- likes to use anonymous connections when refreshing the share list,
- and this is a way to work around that.</P
-><P
->When restrict anonymous is true, all anonymous connections
- are denied no matter what they are for. This can effect the ability
- of a machine to access the samba Primary Domain Controller to revalidate
- it's machine account after someone else has logged on the client
- interactively. The NT client will display a message saying that
- the machine's account in the domain doesn't exist or the password is
- bad. The best way to deal with this is to reboot NT client machines
- between interactive logons, using "Shutdown and Restart", rather
- than "Close all programs and logon as a different user".</P
-><P
->Default: <B
-CLASS="COMMAND"
->restrict anonymous = no</B
-></P
-></DD
-><DT
-><A
-NAME="ROOT"
-></A
->root (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#ROOTDIRECTORY"
-> <TT
-CLASS="PARAMETER"
-><I
->root directory"</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="ROOTDIR"
-></A
->root dir (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#ROOTDIRECTORY"
-> <TT
-CLASS="PARAMETER"
-><I
->root directory"</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="ROOTDIRECTORY"
-></A
->root directory (G)</DT
-><DD
-><P
->The server will <B
-CLASS="COMMAND"
->chroot()</B
-> (i.e.
- Change it's root directory) to this directory on startup. This is
- not strictly necessary for secure operation. Even without it the
- server will deny access to files not in one of the service entries.
- It may also check for, and deny access to, soft links to other
- parts of the filesystem, or attempts to use ".." in file names
- to access other directories (depending on the setting of the <A
-HREF="#WIDELINKS"
-><TT
-CLASS="PARAMETER"
-><I
->wide links</I
-></TT
-></A
->
- parameter).</P
-><P
->Adding a <TT
-CLASS="PARAMETER"
-><I
->root directory</I
-></TT
-> entry other
- than "/" adds an extra level of security, but at a price. It
- absolutely ensures that no access is given to files not in the
- sub-tree specified in the <TT
-CLASS="PARAMETER"
-><I
->root directory</I
-></TT
->
- option, <I
-CLASS="EMPHASIS"
->including</I
-> some files needed for
- complete operation of the server. To maintain full operability
- of the server you will need to mirror some system files
- into the <TT
-CLASS="PARAMETER"
-><I
->root directory</I
-></TT
-> tree. In particular
- you will need to mirror <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> (or a
- subset of it), and any binaries or configuration files needed for
- printing (if required). The set of files that must be mirrored is
- operating system dependent.</P
-><P
->Default: <B
-CLASS="COMMAND"
->root directory = /</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->root directory = /homes/smb</B
-></P
-></DD
-><DT
-><A
-NAME="ROOTPOSTEXEC"
-></A
->root postexec (S)</DT
-><DD
-><P
->This is the same as the <TT
-CLASS="PARAMETER"
-><I
->postexec</I
-></TT
->
- parameter except that the command is run as root. This
- is useful for unmounting filesystems
- (such as cdroms) after a connection is closed.</P
-><P
->See also <A
-HREF="#POSTEXEC"
-><TT
-CLASS="PARAMETER"
-><I
-> postexec</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->root postexec = &lt;empty string&gt;
- </B
-></P
-></DD
-><DT
-><A
-NAME="ROOTPREEXEC"
-></A
->root preexec (S)</DT
-><DD
-><P
->This is the same as the <TT
-CLASS="PARAMETER"
-><I
->preexec</I
-></TT
->
- parameter except that the command is run as root. This
- is useful for mounting filesystems (such as cdroms) after a
- connection is closed.</P
-><P
->See also <A
-HREF="#PREEXEC"
-><TT
-CLASS="PARAMETER"
-><I
-> preexec</I
-></TT
-></A
-> and <A
-HREF="#PREEXECCLOSE"
-> <TT
-CLASS="PARAMETER"
-><I
->preexec close</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->root preexec = &lt;empty string&gt;
- </B
-></P
-></DD
-><DT
-><A
-NAME="ROOTPREEXECCLOSE"
-></A
->root preexec close (S)</DT
-><DD
-><P
->This is the same as the <TT
-CLASS="PARAMETER"
-><I
->preexec close
- </I
-></TT
-> parameter except that the command is run as root.</P
-><P
->See also <A
-HREF="#PREEXEC"
-><TT
-CLASS="PARAMETER"
-><I
-> preexec</I
-></TT
-></A
-> and <A
-HREF="#PREEXECCLOSE"
-> <TT
-CLASS="PARAMETER"
-><I
->preexec close</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->root preexec close = no</B
-></P
-></DD
-><DT
-><A
-NAME="SECURITY"
-></A
->security (G)</DT
-><DD
-><P
->This option affects how clients respond to
- Samba and is one of the most important settings in the <TT
-CLASS="FILENAME"
-> smb.conf</TT
-> file.</P
-><P
->The option sets the "security mode bit" in replies to
- protocol negotiations with <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)
- </A
-> to turn share level security on or off. Clients decide
- based on this bit whether (and how) to transfer user and password
- information to the server.</P
-><P
->The default is <B
-CLASS="COMMAND"
->security = user</B
->, as this is
- the most common setting needed when talking to Windows 98 and
- Windows NT.</P
-><P
->The alternatives are <B
-CLASS="COMMAND"
->security = share</B
->,
- <B
-CLASS="COMMAND"
->security = server</B
-> or <B
-CLASS="COMMAND"
->security=domain
- </B
->.</P
-><P
->In versions of Samba prior to 2..0, the default was
- <B
-CLASS="COMMAND"
->security = share</B
-> mainly because that was
- the only option at one stage.</P
-><P
->There is a bug in WfWg that has relevance to this
- setting. When in user or server level security a WfWg client
- will totally ignore the password you type in the "connect
- drive" dialog box. This makes it very difficult (if not impossible)
- to connect to a Samba service as anyone except the user that
- you are logged into WfWg as.</P
-><P
->If your PCs use usernames that are the same as their
- usernames on the UNIX machine then you will want to use
- <B
-CLASS="COMMAND"
->security = user</B
->. If you mostly use usernames
- that don't exist on the UNIX box then use <B
-CLASS="COMMAND"
->security =
- share</B
->.</P
-><P
->You should also use <B
-CLASS="COMMAND"
->security = share</B
-> if you
- want to mainly setup shares without a password (guest shares). This
- is commonly used for a shared printer server. It is more difficult
- to setup guest shares with <B
-CLASS="COMMAND"
->security = user</B
->, see
- the <A
-HREF="#MAPTOGUEST"
-><TT
-CLASS="PARAMETER"
-><I
->map to guest</I
-></TT
->
- </A
->parameter for details.</P
-><P
->It is possible to use <B
-CLASS="COMMAND"
->smbd</B
-> in a <I
-CLASS="EMPHASIS"
-> hybrid mode</I
-> where it is offers both user and share
- level security under different <A
-HREF="#NETBIOSALIASES"
-> <TT
-CLASS="PARAMETER"
-><I
->NetBIOS aliases</I
-></TT
-></A
->. </P
-><P
->The different settings will now be explained.</P
-><P
-><A
-NAME="SECURITYEQUALSSHARE"
-></A
-><I
-CLASS="EMPHASIS"
->SECURITY = SHARE
- </I
-></P
-><P
->When clients connect to a share level security server then
- need not log onto the server with a valid username and password before
- attempting to connect to a shared resource (although modern clients
- such as Windows 95/98 and Windows NT will send a logon request with
- a username but no password when talking to a <B
-CLASS="COMMAND"
->security = share
- </B
-> server). Instead, the clients send authentication information
- (passwords) on a per-share basis, at the time they attempt to connect
- to that share.</P
-><P
->Note that <B
-CLASS="COMMAND"
->smbd</B
-> <I
-CLASS="EMPHASIS"
->ALWAYS</I
->
- uses a valid UNIX user to act on behalf of the client, even in
- <B
-CLASS="COMMAND"
->security = share</B
-> level security.</P
-><P
->As clients are not required to send a username to the server
- in share level security, <B
-CLASS="COMMAND"
->smbd</B
-> uses several
- techniques to determine the correct UNIX user to use on behalf
- of the client.</P
-><P
->A list of possible UNIX usernames to match with the given
- client password is constructed using the following methods :</P
-><P
-></P
-><UL
-><LI
-><P
->If the <A
-HREF="#GUESTONLY"
-><TT
-CLASS="PARAMETER"
-><I
->guest
- only</I
-></TT
-></A
-> parameter is set, then all the other
- stages are missed and only the <A
-HREF="#GUESTACCOUNT"
-> <TT
-CLASS="PARAMETER"
-><I
->guest account</I
-></TT
-></A
-> username is checked.
- </P
-></LI
-><LI
-><P
->Is a username is sent with the share connection
- request, then this username (after mapping - see <A
-HREF="#USERNAMEMAP"
-><TT
-CLASS="PARAMETER"
-><I
->username map</I
-></TT
-></A
->),
- is added as a potential username.</P
-></LI
-><LI
-><P
->If the client did a previous <I
-CLASS="EMPHASIS"
->logon
- </I
-> request (the SessionSetup SMB call) then the
- username sent in this SMB will be added as a potential username.
- </P
-></LI
-><LI
-><P
->The name of the service the client requested is
- added as a potential username.</P
-></LI
-><LI
-><P
->The NetBIOS name of the client is added to
- the list as a potential username.</P
-></LI
-><LI
-><P
->Any users on the <A
-HREF="#USER"
-><TT
-CLASS="PARAMETER"
-><I
-> user</I
-></TT
-></A
-> list are added as potential usernames.
- </P
-></LI
-></UL
-><P
->If the <TT
-CLASS="PARAMETER"
-><I
->guest only</I
-></TT
-> parameter is
- not set, then this list is then tried with the supplied password.
- The first user for whom the password matches will be used as the
- UNIX user.</P
-><P
->If the <TT
-CLASS="PARAMETER"
-><I
->guest only</I
-></TT
-> parameter is
- set, or no username can be determined then if the share is marked
- as available to the <TT
-CLASS="PARAMETER"
-><I
->guest account</I
-></TT
->, then this
- guest user will be used, otherwise access is denied.</P
-><P
->Note that it can be <I
-CLASS="EMPHASIS"
->very</I
-> confusing
- in share-level security as to which UNIX username will eventually
- be used in granting access.</P
-><P
->See also the section <A
-HREF="#AEN234"
-> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
->.</P
-><P
-><A
-NAME="SECURITYEQUALSUSER"
-></A
-><I
-CLASS="EMPHASIS"
->SECURIYT = USER
- </I
-></P
-><P
->This is the default security setting in Samba 2.2.
- With user-level security a client must first "log=on" with a
- valid username and password (which can be mapped using the <A
-HREF="#USERNAMEMAP"
-><TT
-CLASS="PARAMETER"
-><I
->username map</I
-></TT
-></A
->
- parameter). Encrypted passwords (see the <A
-HREF="#ENCRYPTPASSWORDS"
-> <TT
-CLASS="PARAMETER"
-><I
->encrypted passwords</I
-></TT
-></A
-> parameter) can also
- be used in this security mode. Parameters such as <A
-HREF="#USER"
-> <TT
-CLASS="PARAMETER"
-><I
->user</I
-></TT
-></A
-> and <A
-HREF="#GUESTONLY"
-> <TT
-CLASS="PARAMETER"
-><I
->guest only</I
-></TT
-></A
-> if set are then applied and
- may change the UNIX user to use on this connection, but only after
- the user has been successfully authenticated.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that the name of the resource being
- requested is <I
-CLASS="EMPHASIS"
->not</I
-> sent to the server until after
- the server has successfully authenticated the client. This is why
- guest shares don't work in user level security without allowing
- the server to automatically map unknown users into the <A
-HREF="#GUESTACCOUNT"
-><TT
-CLASS="PARAMETER"
-><I
->guest account</I
-></TT
-></A
->.
- See the <A
-HREF="#MAPTOGUEST"
-><TT
-CLASS="PARAMETER"
-><I
->map to guest</I
-></TT
->
- </A
-> parameter for details on doing this.</P
-><P
->See also the section <A
-HREF="#AEN234"
-> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
->.</P
-><P
-><A
-NAME="SECURITYEQUALSSERVER"
-></A
-><I
-CLASS="EMPHASIS"
->SECURITY = SERVER
- </I
-></P
-><P
->In this mode Samba will try to validate the username/password
- by passing it to another SMB server, such as an NT box. If this
- fails it will revert to <B
-CLASS="COMMAND"
->security = user</B
->, but note
- that if encrypted passwords have been negotiated then Samba cannot
- revert back to checking the UNIX password file, it must have a valid
- <TT
-CLASS="FILENAME"
->smbpasswd</TT
-> file to check users against. See the
- documentation file in the <TT
-CLASS="FILENAME"
->docs/</TT
-> directory
- <TT
-CLASS="FILENAME"
->ENCRYPTION.txt</TT
-> for details on how to set this
- up.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that from the clients point of
- view <B
-CLASS="COMMAND"
->security = server</B
-> is the same as <B
-CLASS="COMMAND"
-> security = user</B
->. It only affects how the server deals
- with the authentication, it does not in any way affect what the
- client sees.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that the name of the resource being
- requested is <I
-CLASS="EMPHASIS"
->not</I
-> sent to the server until after
- the server has successfully authenticated the client. This is why
- guest shares don't work in user level security without allowing
- the server to automatically map unknown users into the <A
-HREF="#GUESTACCOUNT"
-><TT
-CLASS="PARAMETER"
-><I
->guest account</I
-></TT
-></A
->.
- See the <A
-HREF="#MAPTOGUEST"
-><TT
-CLASS="PARAMETER"
-><I
->map to guest</I
-></TT
->
- </A
-> parameter for details on doing this.</P
-><P
->See also the section <A
-HREF="#AEN234"
-> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
->.</P
-><P
->See also the <A
-HREF="#PASSWORDSERVER"
-><TT
-CLASS="PARAMETER"
-><I
->password
- server</I
-></TT
-></A
-> parameter and the <A
-HREF="#ENCRYPTPASSWORDS"
-><TT
-CLASS="PARAMETER"
-><I
->encrypted passwords</I
-></TT
->
- </A
-> parameter.</P
-><P
-><A
-NAME="SECURITYEQUALSDOMAIN"
-></A
-><I
-CLASS="EMPHASIS"
->SECURITY = DOMAIN
- </I
-></P
-><P
->This mode will only work correctly if <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
->smbpasswd(8)</A
-> has been used to add this
- machine into a Windows NT Domain. It expects the <A
-HREF="#ENCRYPTPASSWORDS"
-><TT
-CLASS="PARAMETER"
-><I
->encrypted passwords</I
-></TT
->
- </A
-> parameter to be set to <TT
-CLASS="CONSTANT"
->true</TT
->. In this
- mode Samba will try to validate the username/password by passing
- it to a Windows NT Primary or Backup Domain Controller, in exactly
- the same way that a Windows NT Server would do.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that a valid UNIX user must still
- exist as well as the account on the Domain Controller to allow
- Samba to have a valid UNIX account to map file access to.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that from the clients point
- of view <B
-CLASS="COMMAND"
->security = domain</B
-> is the same as <B
-CLASS="COMMAND"
->security = user
- </B
->. It only affects how the server deals with the authentication,
- it does not in any way affect what the client sees.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that the name of the resource being
- requested is <I
-CLASS="EMPHASIS"
->not</I
-> sent to the server until after
- the server has successfully authenticated the client. This is why
- guest shares don't work in user level security without allowing
- the server to automatically map unknown users into the <A
-HREF="#GUESTACCOUNT"
-><TT
-CLASS="PARAMETER"
-><I
->guest account</I
-></TT
-></A
->.
- See the <A
-HREF="#MAPTOGUEST"
-><TT
-CLASS="PARAMETER"
-><I
->map to guest</I
-></TT
->
- </A
-> parameter for details on doing this.</P
-><P
-><I
-CLASS="EMPHASIS"
->BUG:</I
-> There is currently a bug in the
- implementation of <B
-CLASS="COMMAND"
->security = domain</B
-> with respect
- to multi-byte character set usernames. The communication with a
- Domain Controller must be done in UNICODE and Samba currently
- does not widen multi-byte user names to UNICODE correctly, thus
- a multi-byte username will not be recognized correctly at the
- Domain Controller. This issue will be addressed in a future release.</P
-><P
->See also the section <A
-HREF="#AEN234"
-> NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
->.</P
-><P
->See also the <A
-HREF="#PASSWORDSERVER"
-><TT
-CLASS="PARAMETER"
-><I
->password
- server</I
-></TT
-></A
-> parameter and the <A
-HREF="#ENCRYPTPASSWORDS"
-><TT
-CLASS="PARAMETER"
-><I
->encrypted passwords</I
-></TT
->
- </A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->security = USER</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->security = DOMAIN</B
-></P
-></DD
-><DT
-><A
-NAME="SECURITYMASK"
-></A
->security mask (S)</DT
-><DD
-><P
->This parameter controls what UNIX permission
- bits can be modified when a Windows NT client is manipulating
- the UNIX permission on a file using the native NT security
- dialog box.</P
-><P
->This parameter is applied as a mask (AND'ed with) to
- the changed permission bits, thus preventing any bits not in
- this mask from being modified. Essentially, zero bits in this
- mask may be treated as a set of bits the user is not allowed
- to change.</P
-><P
->If not set explicitly this parameter is set to the same
- value as the <A
-HREF="#CREATEMASK"
-><TT
-CLASS="PARAMETER"
-><I
->create mask
- </I
-></TT
-></A
-> parameter. To allow a user to modify all the
- user/group/world permissions on a file, set this parameter to
- 0777.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that users who can access the
- Samba server through other means can easily bypass this
- restriction, so it is primarily useful for standalone
- "appliance" systems. Administrators of most normal systems will
- probably want to set it to 0777.</P
-><P
->See also the <A
-HREF="#FORCEDIRECTORYSECURITYMODE"
-> <TT
-CLASS="PARAMETER"
-><I
->force directory security mode</I
-></TT
-></A
->,
- <A
-HREF="#DIRECTORYSECURITYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->directory
- security mask</I
-></TT
-></A
->, <A
-HREF="#FORCESECURITYMODE"
-> <TT
-CLASS="PARAMETER"
-><I
->force security mode</I
-></TT
-></A
-> parameters.</P
-><P
->Default: <B
-CLASS="COMMAND"
->security mask = &lt;same as create mask&gt;
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->security mask = 0777</B
-></P
-></DD
-><DT
-><A
-NAME="SERVERSTRING"
-></A
->server string (G)</DT
-><DD
-><P
->This controls what string will show up in the
- printer comment box in print manager and next to the IPC connection
- in <B
-CLASS="COMMAND"
->net view"</B
->. It can be any string that you wish
- to show to your users.</P
-><P
->It also sets what will appear in browse lists next
- to the machine name.</P
-><P
->A <TT
-CLASS="PARAMETER"
-><I
->%v</I
-></TT
-> will be replaced with the Samba
- version number.</P
-><P
->A <TT
-CLASS="PARAMETER"
-><I
->%h</I
-></TT
-> will be replaced with the
- hostname.</P
-><P
->Default: <B
-CLASS="COMMAND"
->server string = Samba %v</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->server string = University of GNUs Samba
- Server</B
-></P
-></DD
-><DT
-><A
-NAME="SETDIRECTORY"
-></A
->set directory (S)</DT
-><DD
-><P
->If <B
-CLASS="COMMAND"
->set directory = no</B
->, then
- users of the service may not use the setdir command to change
- directory.</P
-><P
->The <B
-CLASS="COMMAND"
->setdir</B
-> command is only implemented
- in the Digital Pathworks client. See the Pathworks documentation
- for details.</P
-><P
->Default: <B
-CLASS="COMMAND"
->set directory = no</B
-></P
-></DD
-><DT
-><A
-NAME="SHAREMODES"
-></A
->share modes (S)</DT
-><DD
-><P
->This enables or disables the honoring of
- the <TT
-CLASS="PARAMETER"
-><I
->share modes</I
-></TT
-> during a file open. These
- modes are used by clients to gain exclusive read or write access
- to a file.</P
-><P
->These open modes are not directly supported by UNIX, so
- they are simulated using shared memory, or lock files if your
- UNIX doesn't support shared memory (almost all do).</P
-><P
->The share modes that are enabled by this option are
- <TT
-CLASS="CONSTANT"
->DENY_DOS</TT
->, <TT
-CLASS="CONSTANT"
->DENY_ALL</TT
->,
- <TT
-CLASS="CONSTANT"
->DENY_READ</TT
->, <TT
-CLASS="CONSTANT"
->DENY_WRITE</TT
->,
- <TT
-CLASS="CONSTANT"
->DENY_NONE</TT
-> and <TT
-CLASS="CONSTANT"
->DENY_FCB</TT
->.
- </P
-><P
->This option gives full share compatibility and enabled
- by default.</P
-><P
->You should <I
-CLASS="EMPHASIS"
->NEVER</I
-> turn this parameter
- off as many Windows applications will break if you do so.</P
-><P
->Default: <B
-CLASS="COMMAND"
->share modes = yes</B
-></P
-></DD
-><DT
-><A
-NAME="SHORTPRESERVECASE"
-></A
->short preserve case (S)</DT
-><DD
-><P
->This boolean parameter controls if new files
- which conform to 8.3 syntax, that is all in upper case and of
- suitable length, are created upper case, or if they are forced
- to be the <A
-HREF="#DEFAULTCASE"
-><TT
-CLASS="PARAMETER"
-><I
->default case
- </I
-></TT
-></A
->. This option can be use with <A
-HREF="#PRESERVECASE"
-><B
-CLASS="COMMAND"
->preserve case = yes</B
->
- </A
-> to permit long filenames to retain their case, while short
- names are lowered. </P
-><P
->See the section on <A
-HREF="#AEN201"
-> NAME MANGLING</A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->short preserve case = yes</B
-></P
-></DD
-><DT
-><A
-NAME="SHOWADDPRINTERWIZARD"
-></A
->show add printer wizard (G)</DT
-><DD
-><P
->With the introduction of MS-RPC based printing support
- for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
- appear on Samba hosts in the share listing. Normally this folder will
- contain an icon for the MS Add Printer Wizard (APW). However, it is
- possible to disable this feature regardless of the level of privilege
- of the connected user.</P
-><P
->Under normal circumstances, the Windows NT/2000 client will
- open a handle on the printer server with OpenPrinterEx() asking for
- Administrator privileges. If the user does not have administrative
- access on the print server (i.e is not root or a member of the
- <TT
-CLASS="PARAMETER"
-><I
->printer admin</I
-></TT
-> group), the OpenPrinterEx()
- call fails and the clients another open call with a request for
- a lower privilege level. This should succeed, however the APW
- icon will not be displayed.</P
-><P
->Disabling the <TT
-CLASS="PARAMETER"
-><I
->show add printer wizard</I
-></TT
->
- parameter will always cause the OpenPrinterEx() on the server
- to fail. Thus the APW icon will never be displayed. <I
-CLASS="EMPHASIS"
-> Note :</I
->This does not prevent the same user from having
- administrative privilege on an individual printer.</P
-><P
->See also <A
-HREF="#ADDPRINTERCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->addprinter
- command</I
-></TT
-></A
->, <A
-HREF="#DELETEPRINTERCOMMAND"
-> <TT
-CLASS="PARAMETER"
-><I
->deleteprinter command</I
-></TT
-></A
->, <A
-HREF="#PRINTERADMIN"
-><TT
-CLASS="PARAMETER"
-><I
->printer admin</I
-></TT
-></A
-></P
-><P
->Default :<B
-CLASS="COMMAND"
->show add printer wizard = yes</B
-></P
-></DD
-><DT
-><A
-NAME="SMBPASSWDFILE"
-></A
->smb passwd file (G)</DT
-><DD
-><P
->This option sets the path to the encrypted
- smbpasswd file. By default the path to the smbpasswd file
- is compiled into Samba.</P
-><P
->Default: <B
-CLASS="COMMAND"
->smb passwd file = ${prefix}/private/smbpasswd
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->smb passwd file = /etc/samba/smbpasswd
- </B
-></P
-></DD
-><DT
-><A
-NAME="SOCKETADDRESS"
-></A
->socket address (G)</DT
-><DD
-><P
->This option allows you to control what
- address Samba will listen for connections on. This is used to
- support multiple virtual interfaces on the one server, each
- with a different configuration.</P
-><P
->By default samba will accept connections on any
- address.</P
-><P
->Example: <B
-CLASS="COMMAND"
->socket address = 192.168.2.20</B
->
- </P
-></DD
-><DT
-><A
-NAME="SOCKETOPTIONS"
-></A
->socket options (G)</DT
-><DD
-><P
->This option allows you to set socket options
- to be used when talking with the client.</P
-><P
->Socket options are controls on the networking layer
- of the operating systems which allow the connection to be
- tuned.</P
-><P
->This option will typically be used to tune your Samba
- server for optimal performance for your local network. There is
- no way that Samba can know what the optimal parameters are for
- your net, so you must experiment and choose them yourself. We
- strongly suggest you read the appropriate documentation for your
- operating system first (perhaps <B
-CLASS="COMMAND"
->man setsockopt</B
->
- will help).</P
-><P
->You may find that on some systems Samba will say
- "Unknown socket option" when you supply an option. This means you
- either incorrectly typed it or you need to add an include file
- to includes.h for your OS. If the latter is the case please
- send the patch to <A
-HREF="mailto:samba@samba.org"
-TARGET="_top"
-> samba@samba.org</A
->.</P
-><P
->Any of the supported socket options may be combined
- in any way you like, as long as your OS allows it.</P
-><P
->This is the list of socket options currently settable
- using this option:</P
-><P
-></P
-><UL
-><LI
-><P
->SO_KEEPALIVE</P
-></LI
-><LI
-><P
->SO_REUSEADDR</P
-></LI
-><LI
-><P
->SO_BROADCAST</P
-></LI
-><LI
-><P
->TCP_NODELAY</P
-></LI
-><LI
-><P
->IPTOS_LOWDELAY</P
-></LI
-><LI
-><P
->IPTOS_THROUGHPUT</P
-></LI
-><LI
-><P
->SO_SNDBUF *</P
-></LI
-><LI
-><P
->SO_RCVBUF *</P
-></LI
-><LI
-><P
->SO_SNDLOWAT *</P
-></LI
-><LI
-><P
->SO_RCVLOWAT *</P
-></LI
-></UL
-><P
->Those marked with a <I
-CLASS="EMPHASIS"
->'*'</I
-> take an integer
- argument. The others can optionally take a 1 or 0 argument to enable
- or disable the option, by default they will be enabled if you
- don't specify 1 or 0.</P
-><P
->To specify an argument use the syntax SOME_OPTION=VALUE
- for example <B
-CLASS="COMMAND"
->SO_SNDBUF=8192</B
->. Note that you must
- not have any spaces before or after the = sign.</P
-><P
->If you are on a local network then a sensible option
- might be</P
-><P
-><B
-CLASS="COMMAND"
->socket options = IPTOS_LOWDELAY</B
-></P
-><P
->If you have a local network then you could try:</P
-><P
-><B
-CLASS="COMMAND"
->socket options = IPTOS_LOWDELAY TCP_NODELAY</B
-></P
-><P
->If you are on a wide area network then perhaps try
- setting IPTOS_THROUGHPUT. </P
-><P
->Note that several of the options may cause your Samba
- server to fail completely. Use these options with caution!</P
-><P
->Default: <B
-CLASS="COMMAND"
->socket options = TCP_NODELAY</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->socket options = IPTOS_LOWDELAY</B
-></P
-></DD
-><DT
-><A
-NAME="SOURCEENVIRONMENT"
-></A
->source environment (G)</DT
-><DD
-><P
->This parameter causes Samba to set environment
- variables as per the content of the file named.</P
-><P
->If the value of this parameter starts with a "|" character
- then Samba will treat that value as a pipe command to open and
- will set the environment variables from the output of the pipe.</P
-><P
->The contents of the file or the output of the pipe should
- be formatted as the output of the standard Unix <B
-CLASS="COMMAND"
->env(1)
- </B
-> command. This is of the form :</P
-><P
->Example environment entry:</P
-><P
-><B
-CLASS="COMMAND"
->SAMBA_NETBIOS_NAME=myhostname</B
-></P
-><P
->Default: <I
-CLASS="EMPHASIS"
->No default value</I
-></P
-><P
->Examples: <B
-CLASS="COMMAND"
->source environment = |/etc/smb.conf.sh
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->source environment =
- /usr/local/smb_env_vars</B
-></P
-></DD
-><DT
-><A
-NAME="SSL"
-></A
->ssl (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This variable enables or disables the entire SSL mode. If
- it is set to <TT
-CLASS="CONSTANT"
->no</TT
->, the SSL enabled samba behaves
- exactly like the non-SSL samba. If set to <TT
-CLASS="CONSTANT"
->yes</TT
->,
- it depends on the variables <A
-HREF="#SSLHOSTS"
-><TT
-CLASS="PARAMETER"
-><I
-> ssl hosts</I
-></TT
-></A
-> and <A
-HREF="#SSLHOSTSRESIGN"
-> <TT
-CLASS="PARAMETER"
-><I
->ssl hosts resign</I
-></TT
-></A
-> whether an SSL
- connection will be required.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl=no</B
-></P
-></DD
-><DT
-><A
-NAME="SSLCACERTDIR"
-></A
->ssl CA certDir (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This variable defines where to look up the Certification
- Authorities. The given directory should contain one file for
- each CA that samba will trust. The file name must be the hash
- value over the "Distinguished Name" of the CA. How this directory
- is set up is explained later in this document. All files within the
- directory that don't fit into this naming scheme are ignored. You
- don't need this variable if you don't verify client certificates.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl CA certDir = /usr/local/ssl/certs
- </B
-></P
-></DD
-><DT
-><A
-NAME="SSLCACERTFILE"
-></A
->ssl CA certFile (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This variable is a second way to define the trusted CAs.
- The certificates of the trusted CAs are collected in one big
- file and this variable points to the file. You will probably
- only use one of the two ways to define your CAs. The first choice is
- preferable if you have many CAs or want to be flexible, the second
- is preferable if you only have one CA and want to keep things
- simple (you won't need to create the hashed file names). You
- don't need this variable if you don't verify client certificates.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
- </B
-></P
-></DD
-><DT
-><A
-NAME="SSLCIPHERS"
-></A
->ssl ciphers (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This variable defines the ciphers that should be offered
- during SSL negotiation. You should not set this variable unless
- you know what you are doing.</P
-></DD
-><DT
-><A
-NAME="SSLCLIENTCERT"
-></A
->ssl client cert (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->The certificate in this file is used by <A
-HREF="smbclient.1.html"
-TARGET="_top"
-> <B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
-> if it exists. It's needed
- if the server requires a client certificate.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl client cert = /usr/local/ssl/certs/smbclient.pem
- </B
-></P
-></DD
-><DT
-><A
-NAME="SSLCLIENTKEY"
-></A
->ssl client key (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This is the private key for <A
-HREF="smbclient.1.html"
-TARGET="_top"
-> <B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
->. It's only needed if the
- client should have a certificate. </P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl client key = /usr/local/ssl/private/smbclient.pem
- </B
-></P
-></DD
-><DT
-><A
-NAME="SSLCOMPATIBILITY"
-></A
->ssl compatibility (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This variable defines whether SSLeay should be configured
- for bug compatibility with other SSL implementations. This is
- probably not desirable because currently no clients with SSL
- implementations other than SSLeay exist.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl compatibility = no</B
-></P
-></DD
-><DT
-><A
-NAME="SSLHOSTS"
-></A
->ssl hosts (G)</DT
-><DD
-><P
->See <A
-HREF="#SSLHOSTSRESIGN"
-><TT
-CLASS="PARAMETER"
-><I
-> ssl hosts resign</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="SSLHOSTSRESIGN"
-></A
->ssl hosts resign (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->These two variables define whether samba will go
- into SSL mode or not. If none of them is defined, samba will
- allow only SSL connections. If the <A
-HREF="#SSLHOSTS"
-> <TT
-CLASS="PARAMETER"
-><I
->ssl hosts</I
-></TT
-></A
-> variable lists
- hosts (by IP-address, IP-address range, net group or name),
- only these hosts will be forced into SSL mode. If the <TT
-CLASS="PARAMETER"
-><I
-> ssl hosts resign</I
-></TT
-> variable lists hosts, only these
- hosts will NOT be forced into SSL mode. The syntax for these two
- variables is the same as for the <A
-HREF="#HOSTSALLOW"
-><TT
-CLASS="PARAMETER"
-><I
-> hosts allow</I
-></TT
-></A
-> and <A
-HREF="#HOSTSDENY"
-> <TT
-CLASS="PARAMETER"
-><I
->hosts deny</I
-></TT
-></A
-> pair of variables, only
- that the subject of the decision is different: It's not the access
- right but whether SSL is used or not. </P
-><P
->The example below requires SSL connections from all hosts
- outside the local net (which is 192.168.*.*).</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl hosts = &lt;empty string&gt;</B
-></P
-><P
-><B
-CLASS="COMMAND"
->ssl hosts resign = &lt;empty string&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->ssl hosts resign = 192.168.</B
-></P
-></DD
-><DT
-><A
-NAME="SSLREQUIRECLIENTCERT"
-></A
->ssl require clientcert (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->If this variable is set to <TT
-CLASS="CONSTANT"
->yes</TT
->, the
- server will not tolerate connections from clients that don't
- have a valid certificate. The directory/file given in <A
-HREF="#SSLCACERTDIR"
-><TT
-CLASS="PARAMETER"
-><I
->ssl CA certDir</I
-></TT
->
- </A
-> and <A
-HREF="#SSLCACERTFILE"
-><TT
-CLASS="PARAMETER"
-><I
->ssl CA certFile
- </I
-></TT
-></A
-> will be used to look up the CAs that issued
- the client's certificate. If the certificate can't be verified
- positively, the connection will be terminated. If this variable
- is set to <TT
-CLASS="CONSTANT"
->no</TT
->, clients don't need certificates.
- Contrary to web applications you really <I
-CLASS="EMPHASIS"
->should</I
->
- require client certificates. In the web environment the client's
- data is sensitive (credit card numbers) and the server must prove
- to be trustworthy. In a file server environment the server's data
- will be sensitive and the clients must prove to be trustworthy.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl require clientcert = no</B
-></P
-></DD
-><DT
-><A
-NAME="SSLREQUIRESERVERCERT"
-></A
->ssl require servercert (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->If this variable is set to <TT
-CLASS="CONSTANT"
->yes</TT
->, the
- <A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
->
- </A
-> will request a certificate from the server. Same as
- <A
-HREF="#SSLREQUIRECLIENTCERT"
-><TT
-CLASS="PARAMETER"
-><I
->ssl require
- clientcert</I
-></TT
-></A
-> for the server.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl require servercert = no</B
->
- </P
-></DD
-><DT
-><A
-NAME="SSLSERVERCERT"
-></A
->ssl server cert (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This is the file containing the server's certificate.
- The server <I
-CLASS="EMPHASIS"
->must</I
-> have a certificate. The
- file may also contain the server's private key. See later for
- how certificates and private keys are created.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl server cert = &lt;empty string&gt;
- </B
-></P
-></DD
-><DT
-><A
-NAME="SSLSERVERKEY"
-></A
->ssl server key (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This file contains the private key of the server. If
- this variable is not defined, the key is looked up in the
- certificate file (it may be appended to the certificate).
- The server <I
-CLASS="EMPHASIS"
->must</I
-> have a private key
- and the certificate <I
-CLASS="EMPHASIS"
->must</I
->
- match this private key.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl server key = &lt;empty string&gt;
- </B
-></P
-></DD
-><DT
-><A
-NAME="SSLVERSION"
-></A
->ssl version (G)</DT
-><DD
-><P
->This variable is part of SSL-enabled Samba. This
- is only available if the SSL libraries have been compiled on your
- system and the configure option <B
-CLASS="COMMAND"
->--with-ssl</B
-> was
- given at configure time.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that for export control reasons
- this code is <I
-CLASS="EMPHASIS"
->NOT</I
-> enabled by default in any
- current binary version of Samba.</P
-><P
->This enumeration variable defines the versions of the
- SSL protocol that will be used. <TT
-CLASS="CONSTANT"
->ssl2or3</TT
-> allows
- dynamic negotiation of SSL v2 or v3, <TT
-CLASS="CONSTANT"
->ssl2</TT
-> results
- in SSL v2, <TT
-CLASS="CONSTANT"
->ssl3</TT
-> results in SSL v3 and
- <TT
-CLASS="CONSTANT"
->tls1</TT
-> results in TLS v1. TLS (Transport Layer
- Security) is the new standard for SSL.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ssl version = "ssl2or3"</B
-></P
-></DD
-><DT
-><A
-NAME="STATCACHE"
-></A
->stat cache (G)</DT
-><DD
-><P
->This parameter determines if <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> will use a cache in order to
- speed up case insensitive name mappings. You should never need
- to change this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->stat cache = yes</B
-></P
-></DD
-><DT
-><A
-NAME="STATCACHESIZE"
-></A
->stat cache size (G)</DT
-><DD
-><P
->This parameter determines the number of
- entries in the <TT
-CLASS="PARAMETER"
-><I
->stat cache</I
-></TT
->. You should
- never need to change this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->stat cache size = 50</B
-></P
-></DD
-><DT
-><A
-NAME="STATUS"
-></A
->status (G)</DT
-><DD
-><P
->This enables or disables logging of connections
- to a status file that <A
-HREF="smbstatus.1.html"
-TARGET="_top"
->smbstatus(1)</A
->
- can read.</P
-><P
->With this disabled <B
-CLASS="COMMAND"
->smbstatus</B
-> won't be able
- to tell you what connections are active. You should never need to
- change this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->status = yes</B
-></P
-></DD
-><DT
-><A
-NAME="STRICTLOCKING"
-></A
->strict locking (S)</DT
-><DD
-><P
->This is a boolean that controls the handling of
- file locking in the server. When this is set to <TT
-CLASS="CONSTANT"
->yes</TT
->
- the server will check every read and write access for file locks, and
- deny access if locks exist. This can be slow on some systems.</P
-><P
->When strict locking is <TT
-CLASS="CONSTANT"
->no</TT
-> the server does file
- lock checks only when the client explicitly asks for them.</P
-><P
->Well behaved clients always ask for lock checks when it
- is important, so in the vast majority of cases <B
-CLASS="COMMAND"
->strict
- locking = no</B
-> is preferable.</P
-><P
->Default: <B
-CLASS="COMMAND"
->strict locking = no</B
-></P
-></DD
-><DT
-><A
-NAME="STRICTSYNC"
-></A
->strict sync (S)</DT
-><DD
-><P
->Many Windows applications (including the Windows
- 98 explorer shell) seem to confuse flushing buffer contents to
- disk with doing a sync to disk. Under UNIX, a sync call forces
- the process to be suspended until the kernel has ensured that
- all outstanding data in kernel disk buffers has been safely stored
- onto stable storage. This is very slow and should only be done
- rarely. Setting this parameter to <TT
-CLASS="CONSTANT"
->no</TT
-> (the
- default) means that smbd ignores the Windows applications requests for
- a sync call. There is only a possibility of losing data if the
- operating system itself that Samba is running on crashes, so there is
- little danger in this default setting. In addition, this fixes many
- performance problems that people have reported with the new Windows98
- explorer shell file copies.</P
-><P
->See also the <A
-HREF="#SYNCALWAYS"
-><TT
-CLASS="PARAMETER"
-><I
->sync
- always&#62;</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->strict sync = no</B
-></P
-></DD
-><DT
-><A
-NAME="STRIPDOT"
-></A
->strip dot (G)</DT
-><DD
-><P
->This is a boolean that controls whether to
- strip trailing dots off UNIX filenames. This helps with some
- CDROMs that have filenames ending in a single dot.</P
-><P
->Default: <B
-CLASS="COMMAND"
->strip dot = no</B
-></P
-></DD
-><DT
-><A
-NAME="SYNCALWAYS"
-></A
->sync always (S)</DT
-><DD
-><P
->This is a boolean parameter that controls
- whether writes will always be written to stable storage before
- the write call returns. If this is false then the server will be
- guided by the client's request in each write call (clients can
- set a bit indicating that a particular write should be synchronous).
- If this is true then every write will be followed by a <B
-CLASS="COMMAND"
->fsync()
- </B
-> call to ensure the data is written to disk. Note that
- the <TT
-CLASS="PARAMETER"
-><I
->strict sync</I
-></TT
-> parameter must be set to
- <TT
-CLASS="CONSTANT"
->yes</TT
-> in order for this parameter to have
- any affect.</P
-><P
->See also the <A
-HREF="#STRICTSYNC"
-><TT
-CLASS="PARAMETER"
-><I
->strict
- sync</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->sync always = no</B
-></P
-></DD
-><DT
-><A
-NAME="SYSLOG"
-></A
->syslog (G)</DT
-><DD
-><P
->This parameter maps how Samba debug messages
- are logged onto the system syslog logging levels. Samba debug
- level zero maps onto syslog <TT
-CLASS="CONSTANT"
->LOG_ERR</TT
->, debug
- level one maps onto <TT
-CLASS="CONSTANT"
->LOG_WARNING</TT
->, debug level
- two maps onto <TT
-CLASS="CONSTANT"
->LOG_NOTICE</TT
->, debug level three
- maps onto LOG_INFO. All higher levels are mapped to <TT
-CLASS="CONSTANT"
-> LOG_DEBUG</TT
->.</P
-><P
->This parameter sets the threshold for sending messages
- to syslog. Only messages with debug level less than this value
- will be sent to syslog.</P
-><P
->Default: <B
-CLASS="COMMAND"
->syslog = 1</B
-></P
-></DD
-><DT
-><A
-NAME="SYSLOGONLY"
-></A
->syslog only (G)</DT
-><DD
-><P
->If this parameter is set then Samba debug
- messages are logged into the system syslog only, and not to
- the debug log files.</P
-><P
->Default: <B
-CLASS="COMMAND"
->syslog only = no</B
-></P
-></DD
-><DT
-><A
-NAME="TEMPLATEHOMEDIR"
-></A
->template homedir (G)</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> this parameter is
- only available in Samba 3.0.</P
-><P
->When filling out the user information for a Windows NT
- user, the <A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
-> daemon
- uses this parameter to fill in the home directory for that user.
- If the string <TT
-CLASS="PARAMETER"
-><I
->%D</I
-></TT
-> is present it is substituted
- with the user's Windows NT domain name. If the string <TT
-CLASS="PARAMETER"
-><I
->%U
- </I
-></TT
-> is present it is substituted with the user's Windows
- NT user name.</P
-><P
->Default: <B
-CLASS="COMMAND"
->template homedir = /home/%D/%U</B
-></P
-></DD
-><DT
-><A
-NAME="TEMPLATESHELL"
-></A
->template shell (G)</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> this parameter is
- only available in Samba 3.0.</P
-><P
->When filling out the user information for a Windows NT
- user, the <A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
-> daemon
- uses this parameter to fill in the login shell for that user.</P
-><P
->Default: <B
-CLASS="COMMAND"
->template shell = /bin/false</B
-></P
-></DD
-><DT
-><A
-NAME="TIMEOFFSET"
-></A
->time offset (G)</DT
-><DD
-><P
->This parameter is a setting in minutes to add
- to the normal GMT to local time conversion. This is useful if
- you are serving a lot of PCs that have incorrect daylight
- saving time handling.</P
-><P
->Default: <B
-CLASS="COMMAND"
->time offset = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->time offset = 60</B
-></P
-></DD
-><DT
-><A
-NAME="TIMESERVER"
-></A
->time server (G)</DT
-><DD
-><P
->This parameter determines if <A
-HREF="nmbd.8.html"
-TARGET="_top"
->
- nmbd(8)</A
-> advertises itself as a time server to Windows
- clients.</P
-><P
->Default: <B
-CLASS="COMMAND"
->time server = no</B
-></P
-></DD
-><DT
-><A
-NAME="TIMESTAMPLOGS"
-></A
->timestamp logs (G)</DT
-><DD
-><P
->Synonym for <A
-HREF="#DEBUGTIMESTAMP"
-><TT
-CLASS="PARAMETER"
-><I
-> debug timestamp</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="TOTALPRINTJOBS"
-></A
->total print jobs (G)</DT
-><DD
-><P
->This parameter accepts an integer value which defines
- a limit on the maximum number of print jobs that will be accepted
- system wide at any given time. If a print job is submitted
- by a client which will exceed this number, then smbd will return an
- error indicating that no space is available on the server. The
- default value of 0 means that no such limit exists. This parameter
- can be used to prevent a server from exceeding its capacity and is
- designed as a printing throttle. See also
- <A
-HREF="#MAXPRINTJOBS"
-><TT
-CLASS="PARAMETER"
-><I
->max print jobs</I
-></TT
-></A
->.
- </P
-><P
->Default: <B
-CLASS="COMMAND"
->total print jobs = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->total print jobs = 5000</B
-></P
-></DD
-><DT
-><A
-NAME="UNIXPASSWORDSYNC"
-></A
->unix password sync (G)</DT
-><DD
-><P
->This boolean parameter controls whether Samba
- attempts to synchronize the UNIX password with the SMB password
- when the encrypted SMB password in the smbpasswd file is changed.
- If this is set to true the program specified in the <TT
-CLASS="PARAMETER"
-><I
->passwd
- program</I
-></TT
->parameter is called <I
-CLASS="EMPHASIS"
->AS ROOT</I
-> -
- to allow the new UNIX password to be set without access to the
- old UNIX password (as the SMB password has change code has no
- access to the old password cleartext, only the new).</P
-><P
->See also <A
-HREF="#PASSWDPROGRAM"
-><TT
-CLASS="PARAMETER"
-><I
->passwd
- program</I
-></TT
-></A
->, <A
-HREF="#PASSWDCHAT"
-><TT
-CLASS="PARAMETER"
-><I
-> passwd chat</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->unix password sync = no</B
-></P
-></DD
-><DT
-><A
-NAME="UNIXREALNAME"
-></A
->unix realname (G)</DT
-><DD
-><P
->This boolean parameter when set causes samba
- to supply the real name field from the unix password file to
- the client. This is useful for setting up mail clients and WWW
- browsers on systems used by more than one person.</P
-><P
->Default: <B
-CLASS="COMMAND"
->unix realname = yes</B
-></P
-></DD
-><DT
-><A
-NAME="UPDATEENCRYPTED"
-></A
->update encrypted (G)</DT
-><DD
-><P
->This boolean parameter allows a user logging
- on with a plaintext password to have their encrypted (hashed)
- password in the smbpasswd file to be updated automatically as
- they log on. This option allows a site to migrate from plaintext
- password authentication (users authenticate with plaintext
- password over the wire, and are checked against a UNIX account
- database) to encrypted password authentication (the SMB
- challenge/response authentication mechanism) without forcing
- all users to re-enter their passwords via smbpasswd at the time the
- change is made. This is a convenience option to allow the change over
- to encrypted passwords to be made over a longer period. Once all users
- have encrypted representations of their passwords in the smbpasswd
- file this parameter should be set to <TT
-CLASS="CONSTANT"
->no</TT
->.</P
-><P
->In order for this parameter to work correctly the <A
-HREF="#ENCRYPTPASSWORDS"
-><TT
-CLASS="PARAMETER"
-><I
->encrypt passwords</I
-></TT
->
- </A
-> parameter must be set to <TT
-CLASS="CONSTANT"
->no</TT
-> when
- this parameter is set to <TT
-CLASS="CONSTANT"
->yes</TT
->.</P
-><P
->Note that even when this parameter is set a user
- authenticating to <B
-CLASS="COMMAND"
->smbd</B
-> must still enter a valid
- password in order to connect correctly, and to update their hashed
- (smbpasswd) passwords.</P
-><P
->Default: <B
-CLASS="COMMAND"
->update encrypted = no</B
-></P
-></DD
-><DT
-><A
-NAME="USERHOSTS"
-></A
->use rhosts (G)</DT
-><DD
-><P
->If this global parameter is a true, it specifies
- that the UNIX users <TT
-CLASS="FILENAME"
->.rhosts</TT
-> file in their home directory
- will be read to find the names of hosts and users who will be allowed
- access without specifying a password.</P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> The use of <TT
-CLASS="PARAMETER"
-><I
->use rhosts
- </I
-></TT
-> can be a major security hole. This is because you are
- trusting the PC to supply the correct username. It is very easy to
- get a PC to supply a false username. I recommend that the <TT
-CLASS="PARAMETER"
-><I
-> use rhosts</I
-></TT
-> option be only used if you really know what
- you are doing.</P
-><P
->Default: <B
-CLASS="COMMAND"
->use rhosts = no</B
-></P
-></DD
-><DT
-><A
-NAME="USER"
-></A
->user (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#USERNAME"
-><TT
-CLASS="PARAMETER"
-><I
-> username</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="USERS"
-></A
->users (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#USERNAME"
-><TT
-CLASS="PARAMETER"
-><I
-> username</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="USERNAME"
-></A
->username (S)</DT
-><DD
-><P
->Multiple users may be specified in a comma-delimited
- list, in which case the supplied password will be tested against
- each username in turn (left to right).</P
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->username</I
-></TT
-> line is needed only when
- the PC is unable to supply its own username. This is the case
- for the COREPLUS protocol or where your users have different WfWg
- usernames to UNIX usernames. In both these cases you may also be
- better using the \\server\share%user syntax instead.</P
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->username</I
-></TT
-> line is not a great
- solution in many cases as it means Samba will try to validate
- the supplied password against each of the usernames in the
- <TT
-CLASS="PARAMETER"
-><I
->username</I
-></TT
-> line in turn. This is slow and
- a bad idea for lots of users in case of duplicate passwords.
- You may get timeouts or security breaches using this parameter
- unwisely.</P
-><P
->Samba relies on the underlying UNIX security. This
- parameter does not restrict who can login, it just offers hints
- to the Samba server as to what usernames might correspond to the
- supplied password. Users can login as whoever they please and
- they will be able to do no more damage than if they started a
- telnet session. The daemon runs as the user that they log in as,
- so they cannot do anything that user cannot do.</P
-><P
->To restrict a service to a particular set of users you
- can use the <A
-HREF="#VALIDUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->valid users
- </I
-></TT
-></A
-> parameter.</P
-><P
->If any of the usernames begin with a '@' then the name
- will be looked up first in the yp netgroups list (if Samba
- is compiled with netgroup support), followed by a lookup in
- the UNIX groups database and will expand to a list of all users
- in the group of that name.</P
-><P
->If any of the usernames begin with a '+' then the name
- will be looked up only in the UNIX groups database and will
- expand to a list of all users in the group of that name.</P
-><P
->If any of the usernames begin with a '&#38;'then the name
- will be looked up only in the yp netgroups database (if Samba
- is compiled with netgroup support) and will expand to a list
- of all users in the netgroup group of that name.</P
-><P
->Note that searching though a groups database can take
- quite some time, and some clients may time out during the
- search.</P
-><P
->See the section <A
-HREF="#AEN234"
->NOTE ABOUT
- USERNAME/PASSWORD VALIDATION</A
-> for more information on how
- this parameter determines access to the services.</P
-><P
->Default: <B
-CLASS="COMMAND"
->The guest account if a guest service,
- else &lt;empty string&gt;.</B
-></P
-><P
->Examples:<B
-CLASS="COMMAND"
->username = fred, mary, jack, jane,
- @users, @pcgroup</B
-></P
-></DD
-><DT
-><A
-NAME="USERNAMELEVEL"
-></A
->username level (G)</DT
-><DD
-><P
->This option helps Samba to try and 'guess' at
- the real UNIX username, as many DOS clients send an all-uppercase
- username. By default Samba tries all lowercase, followed by the
- username with the first letter capitalized, and fails if the
- username is not found on the UNIX machine.</P
-><P
->If this parameter is set to non-zero the behavior changes.
- This parameter is a number that specifies the number of uppercase
- combinations to try while trying to determine the UNIX user name. The
- higher the number the more combinations will be tried, but the slower
- the discovery of usernames will be. Use this parameter when you have
- strange usernames on your UNIX machine, such as <TT
-CLASS="CONSTANT"
->AstrangeUser
- </TT
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->username level = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->username level = 5</B
-></P
-></DD
-><DT
-><A
-NAME="USERNAMEMAP"
-></A
->username map (G)</DT
-><DD
-><P
->This option allows you to specify a file containing
- a mapping of usernames from the clients to the server. This can be
- used for several purposes. The most common is to map usernames
- that users use on DOS or Windows machines to those that the UNIX
- box uses. The other is to map multiple users to a single username
- so that they can more easily share files.</P
-><P
->The map file is parsed line by line. Each line should
- contain a single UNIX username on the left then a '=' followed
- by a list of usernames on the right. The list of usernames on the
- right may contain names of the form @group in which case they
- will match any UNIX username in that group. The special client
- name '*' is a wildcard and matches any name. Each line of the
- map file may be up to 1023 characters long.</P
-><P
->The file is processed on each line by taking the
- supplied username and comparing it with each username on the right
- hand side of the '=' signs. If the supplied name matches any of
- the names on the right hand side then it is replaced with the name
- on the left. Processing then continues with the next line.</P
-><P
->If any line begins with a '#' or a ';' then it is
- ignored</P
-><P
->If any line begins with an '!' then the processing
- will stop after that line if a mapping was done by the line.
- Otherwise mapping continues with every line being processed.
- Using '!' is most useful when you have a wildcard mapping line
- later in the file.</P
-><P
->For example to map from the name <TT
-CLASS="CONSTANT"
->admin</TT
->
- or <TT
-CLASS="CONSTANT"
->administrator</TT
-> to the UNIX name <TT
-CLASS="CONSTANT"
-> root</TT
-> you would use:</P
-><P
-><B
-CLASS="COMMAND"
->root = admin administrator</B
-></P
-><P
->Or to map anyone in the UNIX group <TT
-CLASS="CONSTANT"
->system</TT
->
- to the UNIX name <TT
-CLASS="CONSTANT"
->sys</TT
-> you would use:</P
-><P
-><B
-CLASS="COMMAND"
->sys = @system</B
-></P
-><P
->You can have as many mappings as you like in a username
- map file.</P
-><P
->If your system supports the NIS NETGROUP option then
- the netgroup database is checked before the <TT
-CLASS="FILENAME"
->/etc/group
- </TT
-> database for matching groups.</P
-><P
->You can map Windows usernames that have spaces in them
- by using double quotes around the name. For example:</P
-><P
-><B
-CLASS="COMMAND"
->tridge = "Andrew Tridgell"</B
-></P
-><P
->would map the windows username "Andrew Tridgell" to the
- unix username "tridge".</P
-><P
->The following example would map mary and fred to the
- unix user sys, and map the rest to guest. Note the use of the
- '!' to tell Samba to stop processing if it gets a match on
- that line.</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
-> !sys = mary fred
- guest = *
- </PRE
-></P
-><P
->Note that the remapping is applied to all occurrences
- of usernames. Thus if you connect to \\server\fred and <TT
-CLASS="CONSTANT"
-> fred</TT
-> is remapped to <TT
-CLASS="CONSTANT"
->mary</TT
-> then you
- will actually be connecting to \\server\mary and will need to
- supply a password suitable for <TT
-CLASS="CONSTANT"
->mary</TT
-> not
- <TT
-CLASS="CONSTANT"
->fred</TT
->. The only exception to this is the
- username passed to the <A
-HREF="#PASSWORDSERVER"
-><TT
-CLASS="PARAMETER"
-><I
-> password server</I
-></TT
-></A
-> (if you have one). The password
- server will receive whatever username the client supplies without
- modification.</P
-><P
->Also note that no reverse mapping is done. The main effect
- this has is with printing. Users who have been mapped may have
- trouble deleting print jobs as PrintManager under WfWg will think
- they don't own the print job.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no username map</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->username map = /usr/local/samba/lib/users.map
- </B
-></P
-></DD
-><DT
-><A
-NAME="UTMP"
-></A
->utmp (S)</DT
-><DD
-><P
->This boolean parameter is only available if
- Samba has been configured and compiled with the option <B
-CLASS="COMMAND"
-> --with-utmp</B
->. If set to True then Samba will attempt
- to add utmp or utmpx records (depending on the UNIX system) whenever a
- connection is made to a Samba server. Sites may use this to record the
- user connecting to a Samba share.</P
-><P
->See also the <A
-HREF="#UTMPDIRECTORY"
-><TT
-CLASS="PARAMETER"
-><I
-> utmp directory</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->utmp = no</B
-></P
-></DD
-><DT
-><A
-NAME="UTMPDIRECTORY"
-></A
->utmp directory(G)</DT
-><DD
-><P
->This parameter is only available if Samba has
- been configured and compiled with the option <B
-CLASS="COMMAND"
-> --with-utmp</B
->. It specifies a directory pathname that is
- used to store the utmp or utmpx files (depending on the UNIX system) that
- record user connections to a Samba server. See also the <A
-HREF="#UTMP"
-> <TT
-CLASS="PARAMETER"
-><I
->utmp</I
-></TT
-></A
-> parameter. By default this is
- not set, meaning the system will use whatever utmp file the
- native system is set to use (usually
- <TT
-CLASS="FILENAME"
->/var/run/utmp</TT
-> on Linux).</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->no utmp directory</I
-></P
-></DD
-><DT
-><A
-NAME="VALIDCHARS"
-></A
->valid chars (G)</DT
-><DD
-><P
->The option allows you to specify additional
- characters that should be considered valid by the server in
- filenames. This is particularly useful for national character
- sets, such as adding u-umlaut or a-ring.</P
-><P
->The option takes a list of characters in either integer
- or character form with spaces between them. If you give two
- characters with a colon between them then it will be taken as
- an lowercase:uppercase pair.</P
-><P
->If you have an editor capable of entering the characters
- into the config file then it is probably easiest to use this
- method. Otherwise you can specify the characters in octal,
- decimal or hexadecimal form using the usual C notation.</P
-><P
->For example to add the single character 'Z' to the charset
- (which is a pointless thing to do as it's already there) you could
- do one of the following</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
-> valid chars = Z
- valid chars = z:Z
- valid chars = 0132:0172
- </PRE
-></P
-><P
->The last two examples above actually add two characters,
- and alter the uppercase and lowercase mappings appropriately.</P
-><P
->Note that you <I
-CLASS="EMPHASIS"
->MUST</I
-> specify this parameter
- after the <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
-> parameter if you
- have both set. If <TT
-CLASS="PARAMETER"
-><I
->client code page</I
-></TT
-> is set after
- the <TT
-CLASS="PARAMETER"
-><I
->valid chars</I
-></TT
-> parameter the <TT
-CLASS="PARAMETER"
-><I
->valid
- chars</I
-></TT
-> settings will be overwritten.</P
-><P
->See also the <A
-HREF="#CLIENTCODEPAGE"
-><TT
-CLASS="PARAMETER"
-><I
->client
- code page</I
-></TT
-></A
-> parameter.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->Samba defaults to using a reasonable set
- of valid characters for English systems</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->valid chars = 0345:0305 0366:0326 0344:0304
- </B
-></P
-><P
->The above example allows filenames to have the Swedish
- characters in them.</P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> It is actually quite difficult to
- correctly produce a <TT
-CLASS="PARAMETER"
-><I
->valid chars</I
-></TT
-> line for
- a particular system. To automate the process <A
-HREF="mailto:tino@augsburg.net"
-TARGET="_top"
->tino@augsburg.net</A
-> has written
- a package called <B
-CLASS="COMMAND"
->validchars</B
-> which will automatically
- produce a complete <TT
-CLASS="PARAMETER"
-><I
->valid chars</I
-></TT
-> line for
- a given client system. Look in the <TT
-CLASS="FILENAME"
->examples/validchars/
- </TT
-> subdirectory of your Samba source code distribution
- for this package.</P
-></DD
-><DT
-><A
-NAME="VALIDUSERS"
-></A
->valid users (S)</DT
-><DD
-><P
->This is a list of users that should be allowed
- to login to this service. Names starting with '@', '+' and '&#38;'
- are interpreted using the same rules as described in the
- <TT
-CLASS="PARAMETER"
-><I
->invalid users</I
-></TT
-> parameter.</P
-><P
->If this is empty (the default) then any user can login.
- If a username is in both this list and the <TT
-CLASS="PARAMETER"
-><I
->invalid
- users</I
-></TT
-> list then access is denied for that user.</P
-><P
->The current servicename is substituted for <TT
-CLASS="PARAMETER"
-><I
->%S
- </I
-></TT
->. This is useful in the [homes] section.</P
-><P
->See also <A
-HREF="#INVALIDUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->invalid users
- </I
-></TT
-></A
-></P
-><P
->Default: <I
-CLASS="EMPHASIS"
->No valid users list (anyone can login)
- </I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->valid users = greg, @pcusers</B
-></P
-></DD
-><DT
-><A
-NAME="VETOFILES"
-></A
->veto files(S)</DT
-><DD
-><P
->This is a list of files and directories that
- are neither visible nor accessible. Each entry in the list must
- be separated by a '/', which allows spaces to be included
- in the entry. '*' and '?' can be used to specify multiple files
- or directories as in DOS wildcards.</P
-><P
->Each entry must be a unix path, not a DOS path and
- must <I
-CLASS="EMPHASIS"
->not</I
-> include the unix directory
- separator '/'.</P
-><P
->Note that the <TT
-CLASS="PARAMETER"
-><I
->case sensitive</I
-></TT
-> option
- is applicable in vetoing files.</P
-><P
->One feature of the veto files parameter that it is important
- to be aware of, is that if a directory contains nothing but files
- that match the veto files parameter (which means that Windows/DOS
- clients cannot ever see them) is deleted, the veto files within
- that directory <I
-CLASS="EMPHASIS"
->are automatically deleted</I
-> along
- with it, if the user has UNIX permissions to do so.</P
-><P
->Setting this parameter will affect the performance
- of Samba, as it will be forced to check all files and directories
- for a match as they are scanned.</P
-><P
->See also <A
-HREF="#HIDEFILES"
-><TT
-CLASS="PARAMETER"
-><I
->hide files
- </I
-></TT
-></A
-> and <A
-HREF="#CASESENSITIVE"
-><TT
-CLASS="PARAMETER"
-><I
-> case sensitive</I
-></TT
-></A
->.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->No files or directories are vetoed.
- </I
-></P
-><P
->Examples:<PRE
-CLASS="PROGRAMLISTING"
-> ; Veto any files containing the word Security,
- ; any ending in .tmp, and any directory containing the
- ; word root.
- veto files = /*Security*/*.tmp/*root*/
-
- ; Veto the Apple specific files that a NetAtalk server
- ; creates.
- veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
- </PRE
-></P
-></DD
-><DT
-><A
-NAME="VETOOPLOCKFILES"
-></A
->veto oplock files (S)</DT
-><DD
-><P
->This parameter is only valid when the <A
-HREF="#OPLOCKS"
-><TT
-CLASS="PARAMETER"
-><I
->oplocks</I
-></TT
-></A
->
- parameter is turned on for a share. It allows the Samba administrator
- to selectively turn off the granting of oplocks on selected files that
- match a wildcarded list, similar to the wildcarded list used in the
- <A
-HREF="#VETOFILES"
-><TT
-CLASS="PARAMETER"
-><I
->veto files</I
-></TT
-></A
->
- parameter.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->No files are vetoed for oplock
- grants</I
-></P
-><P
->You might want to do this on files that you know will
- be heavily contended for by clients. A good example of this
- is in the NetBench SMB benchmark program, which causes heavy
- client contention for files ending in <TT
-CLASS="FILENAME"
->.SEM</TT
->.
- To cause Samba not to grant oplocks on these files you would use
- the line (either in the [global] section or in the section for
- the particular NetBench share :</P
-><P
->Example: <B
-CLASS="COMMAND"
->veto oplock files = /*;.SEM/
- </B
-></P
-></DD
-><DT
-><A
-NAME="VFSOBJECT"
-></A
->vfs object (S)</DT
-><DD
-><P
->This parameter specifies a shared object file that
- is used for Samba VFS I/O operations. By default, normal
- disk I/O operations are used but these can be overloaded
- with a VFS object. The Samba VFS layer is new to Samba 2.2 and
- must be enabled at compile time with --with-vfs.</P
-><P
->Default : <I
-CLASS="EMPHASIS"
->no value</I
-></P
-></DD
-><DT
-><A
-NAME="VFSOPTIONS"
-></A
->vfs options (S)</DT
-><DD
-><P
->This parameter allows parameters to be passed
- to the vfs layer at initialisation time. The Samba VFS layer
- is new to Samba 2.2 and must be enabled at compile time
- with --with-vfs. See also <A
-HREF="#VFSOBJECT"
-><TT
-CLASS="PARAMETER"
-><I
-> vfs object</I
-></TT
-></A
->.</P
-><P
->Default : <I
-CLASS="EMPHASIS"
->no value</I
-></P
-></DD
-><DT
-><A
-NAME="VOLUME"
-></A
->volume (S)</DT
-><DD
-><P
-> This allows you to override the volume label
- returned for a share. Useful for CDROMs with installation programs
- that insist on a particular volume label.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->the name of the share</I
-></P
-></DD
-><DT
-><A
-NAME="WIDELINKS"
-></A
->wide links (S)</DT
-><DD
-><P
->This parameter controls whether or not links
- in the UNIX file system may be followed by the server. Links
- that point to areas within the directory tree exported by the
- server are always allowed; this parameter controls access only
- to areas that are outside the directory tree being exported.</P
-><P
->Note that setting this parameter can have a negative
- effect on your server performance due to the extra system calls
- that Samba has to do in order to perform the link checks.</P
-><P
->Default: <B
-CLASS="COMMAND"
->wide links = yes</B
-></P
-></DD
-><DT
-><A
-NAME="WINBINDCACHETIME"
-></A
->winbind cache time</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> this parameter is only
- available in Samba 3.0.</P
-><P
->This parameter specifies the number of seconds the
- <A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
-> daemon will cache
- user and group information before querying a Windows NT server
- again.</P
-><P
->Default: <B
-CLASS="COMMAND"
->winbind cache type = 15</B
-></P
-></DD
-><DT
-><A
-NAME="WINBINDGID"
-></A
->winbind gid</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> this parameter is only
- available in Samba 3.0.</P
-><P
->The winbind gid parameter specifies the range of group
- ids that are allocated by the <A
-HREF="winbindd.8.html"
-TARGET="_top"
-> winbindd(8)</A
-> daemon. This range of group ids should have no
- existing local or nis groups within it as strange conflicts can
- occur otherwise.</P
-><P
->Default: <B
-CLASS="COMMAND"
->winbind gid = &lt;empty string&gt;
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->winbind gid = 10000-20000</B
-></P
-></DD
-><DT
-><A
-NAME="WINBINDSEPARATOR"
-></A
->winbind separator</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> this parameter is only
- available in Samba 3.0.</P
-><P
->This parameter allows an admin to define the character
- used when listing a username of the form of <TT
-CLASS="REPLACEABLE"
-><I
->DOMAIN
- </I
-></TT
->\<TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
->. This parameter
- is only applicable when using the <TT
-CLASS="FILENAME"
->pam_winbind.so</TT
->
- and <TT
-CLASS="FILENAME"
->nss_winbind.so</TT
-> modules for UNIX services.
- </P
-><P
->Example: <B
-CLASS="COMMAND"
->winbind separator = \</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->winbind separator = +</B
-></P
-></DD
-><DT
-><A
-NAME="WINBINDUID"
-></A
->winbind uid</DT
-><DD
-><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-> this parameter is only
- available in Samba 3.0.</P
-><P
->The winbind gid parameter specifies the range of group
- ids that are allocated by the <A
-HREF="winbindd.8.html"
-TARGET="_top"
-> winbindd(8)</A
-> daemon. This range of ids should have no
- existing local or nis users within it as strange conflicts can
- occur otherwise.</P
-><P
->Default: <B
-CLASS="COMMAND"
->winbind uid = &lt;empty string&gt;
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->winbind uid = 10000-20000</B
-></P
-></DD
-><DT
-><A
-NAME="WINSHOOK"
-></A
->wins hook (G)</DT
-><DD
-><P
->When Samba is running as a WINS server this
- allows you to call an external program for all changes to the
- WINS database. The primary use for this option is to allow the
- dynamic update of external name resolution databases such as
- dynamic DNS.</P
-><P
->The wins hook parameter specifies the name of a script
- or executable that will be called as follows:</P
-><P
-><B
-CLASS="COMMAND"
->wins_hook operation name nametype ttl IP_list
- </B
-></P
-><P
-></P
-><UL
-><LI
-><P
->The first argument is the operation and is one
- of "add", "delete", or "refresh". In most cases the operation can
- be ignored as the rest of the parameters provide sufficient
- information. Note that "refresh" may sometimes be called when the
- name has not previously been added, in that case it should be treated
- as an add.</P
-></LI
-><LI
-><P
->The second argument is the netbios name. If the
- name is not a legal name then the wins hook is not called.
- Legal names contain only letters, digits, hyphens, underscores
- and periods.</P
-></LI
-><LI
-><P
->The third argument is the netbios name
- type as a 2 digit hexadecimal number. </P
-></LI
-><LI
-><P
->The fourth argument is the TTL (time to live)
- for the name in seconds.</P
-></LI
-><LI
-><P
->The fifth and subsequent arguments are the IP
- addresses currently registered for that name. If this list is
- empty then the name should be deleted.</P
-></LI
-></UL
-><P
->An example script that calls the BIND dynamic DNS update
- program <B
-CLASS="COMMAND"
->nsupdate</B
-> is provided in the examples
- directory of the Samba source code. </P
-></DD
-><DT
-><A
-NAME="WINSPROXY"
-></A
->wins proxy (G)</DT
-><DD
-><P
->This is a boolean that controls if <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> will respond to broadcast name
- queries on behalf of other hosts. You may need to set this
- to <TT
-CLASS="CONSTANT"
->yes</TT
-> for some older clients.</P
-><P
->Default: <B
-CLASS="COMMAND"
->wins proxy = no</B
-></P
-></DD
-><DT
-><A
-NAME="WINSSERVER"
-></A
->wins server (G)</DT
-><DD
-><P
->This specifies the IP address (or DNS name: IP
- address for preference) of the WINS server that <A
-HREF="nmbd.8.html"
-TARGET="_top"
-> nmbd(8)</A
-> should register with. If you have a WINS server on
- your network then you should set this to the WINS server's IP.</P
-><P
->You should point this at your WINS server if you have a
- multi-subnetted network.</P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE</I
->. You need to set up Samba to point
- to a WINS server if you have multiple subnets and wish cross-subnet
- browsing to work correctly.</P
-><P
->See the documentation file <TT
-CLASS="FILENAME"
->BROWSING.txt</TT
->
- in the docs/ directory of your Samba source distribution.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->not enabled</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->wins server = 192.9.200.1</B
-></P
-></DD
-><DT
-><A
-NAME="WINSSUPPORT"
-></A
->wins support (G)</DT
-><DD
-><P
->This boolean controls if the <A
-HREF="nmbd.8.html"
-TARGET="_top"
->
- nmbd(8)</A
-> process in Samba will act as a WINS server. You should
- not set this to true unless you have a multi-subnetted network and
- you wish a particular <B
-CLASS="COMMAND"
->nmbd</B
-> to be your WINS server.
- Note that you should <I
-CLASS="EMPHASIS"
->NEVER</I
-> set this to true
- on more than one machine in your network.</P
-><P
->Default: <B
-CLASS="COMMAND"
->wins support = no</B
-></P
-></DD
-><DT
-><A
-NAME="WORKGROUP"
-></A
->workgroup (G)</DT
-><DD
-><P
->This controls what workgroup your server will
- appear to be in when queried by clients. Note that this parameter
- also controls the Domain name used with the <A
-HREF="#SECURITYEQUALSDOMAIN"
-><B
-CLASS="COMMAND"
->security=domain</B
-></A
->
- setting.</P
-><P
->Default: <I
-CLASS="EMPHASIS"
->set at compile time to WORKGROUP</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->workgroup = MYGROUP</B
-></P
-></DD
-><DT
-><A
-NAME="WRITABLE"
-></A
->writable (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#WRITEABLE"
-><TT
-CLASS="PARAMETER"
-><I
-> writeable</I
-></TT
-></A
-> for people who can't spell :-).</P
-></DD
-><DT
-><A
-NAME="WRITECACHESIZE"
-></A
->write cache size (S)</DT
-><DD
-><P
->If this integer parameter is set to non-zero value,
- Samba will create an in-memory cache for each oplocked file
- (it does <I
-CLASS="EMPHASIS"
->not</I
-> do this for
- non-oplocked files). All writes that the client does not request
- to be flushed directly to disk will be stored in this cache if possible.
- The cache is flushed onto disk when a write comes in whose offset
- would not fit into the cache or when the file is closed by the client.
- Reads for the file are also served from this cache if the data is stored
- within it.</P
-><P
->This cache allows Samba to batch client writes into a more
- efficient write size for RAID disks (ie. writes may be tuned to
- be the RAID stripe size) and can improve performance on systems
- where the disk subsystem is a bottleneck but there is free
- memory for userspace programs.</P
-><P
->The integer parameter specifies the size of this cache
- (per oplocked file) in bytes.</P
-><P
->Default: <B
-CLASS="COMMAND"
->write cache size = 0</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->write cache size = 262144</B
-></P
-><P
->for a 256k cache size per file.</P
-></DD
-><DT
-><A
-NAME="WRITELIST"
-></A
->write list (S)</DT
-><DD
-><P
->This is a list of users that are given read-write
- access to a service. If the connecting user is in this list then
- they will be given write access, no matter what the <A
-HREF="#WRITEABLE"
-><TT
-CLASS="PARAMETER"
-><I
->writeable</I
-></TT
-></A
->
- option is set to. The list can include group names using the
- @group syntax.</P
-><P
->Note that if a user is in both the read list and the
- write list then they will be given write access.</P
-><P
->See also the <A
-HREF="#READLIST"
-><TT
-CLASS="PARAMETER"
-><I
->read list
- </I
-></TT
-></A
-> option.</P
-><P
->Default: <B
-CLASS="COMMAND"
->write list = &lt;empty string&gt;
- </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->write list = admin, root, @staff
- </B
-></P
-></DD
-><DT
-><A
-NAME="WRITEOK"
-></A
->write ok (S)</DT
-><DD
-><P
->Synonym for <A
-HREF="#WRITEABLE"
-><TT
-CLASS="PARAMETER"
-><I
-> writeable</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
-NAME="WRITERAW"
-></A
->write raw (G)</DT
-><DD
-><P
->This parameter controls whether or not the server
- will support raw writes SMB's when transferring data from clients.
- You should never need to change this parameter.</P
-><P
->Default: <B
-CLASS="COMMAND"
->write raw = yes</B
-></P
-></DD
-><DT
-><A
-NAME="WRITEABLE"
-></A
->writeable (S)</DT
-><DD
-><P
->An inverted synonym is <A
-HREF="#READONLY"
-> <TT
-CLASS="PARAMETER"
-><I
->read only</I
-></TT
-></A
->.</P
-><P
->If this parameter is <TT
-CLASS="CONSTANT"
->no</TT
->, then users
- of a service may not create or modify files in the service's
- directory.</P
-><P
->Note that a printable service (<B
-CLASS="COMMAND"
->printable = yes</B
->)
- will <I
-CLASS="EMPHASIS"
->ALWAYS</I
-> allow writing to the directory
- (user privileges permitting), but only via spooling operations.</P
-><P
->Default: <B
-CLASS="COMMAND"
->writeable = no</B
-></P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN5654"
-></A
-><H2
->WARNINGS</H2
-><P
->Although the configuration file permits service names
- to contain spaces, your client software may not. Spaces will
- be ignored in comparisons anyway, so it shouldn't be a
- problem - but be aware of the possibility.</P
-><P
->On a similar note, many clients - especially DOS clients -
- limit service names to eight characters. <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)
- </A
-> has no such limitation, but attempts to connect from such
- clients will fail if they truncate the service names. For this reason
- you should probably keep your service names down to eight characters
- in length.</P
-><P
->Use of the [homes] and [printers] special sections make life
- for an administrator easy, but the various combinations of default
- attributes can be tricky. Take extreme care when designing these
- sections. In particular, ensure that the permissions on spool
- directories are correct.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN5660"
-></A
-><H2
->VERSION</H2
-><P
->This man page is correct for version 2.2 of
- the Samba suite.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN5663"
-></A
-><H2
->SEE ALSO</H2
-><P
-><A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
->,
- <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)</B
-></A
->,
- <A
-HREF="swat.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->swat(8)</B
-></A
->,
- <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->,
- <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
->,
- <A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
->,
- <A
-HREF="nmblookup.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmblookup(1)</B
-></A
->,
- <A
-HREF="testparm.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->testparm(1)</B
-></A
->,
- <A
-HREF="testprns.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->testprns(1)</B
-></A
->
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN5683"
-></A
-><H2
->AUTHOR</H2
-><P
->The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.</P
-><P
->The original Samba man pages were written by Karl Auer.
- The man page sources were converted to YODL format (another
- excellent piece of Open Source software, available at
- <A
-HREF="ftp://ftp.icce.rug.nl/pub/unix/"
-TARGET="_top"
-> ftp://ftp.icce.rug.nl/pub/unix/</A
->) and updated for the Samba 2.0
- release by Jeremy Allison. The conversion to DocBook for
- Samba 2.2 was done by Gerald Carter</P
-></DIV
-></BODY
-></HTML
-> \ No newline at end of file
generated by cgit (git 2.34.1) at 2025-09-19 11:52:32 +0000