summaryrefslogtreecommitdiffstats
path: root/docs/manpages/smb.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'docs/manpages/smb.conf.5')
-rw-r--r--docs/manpages/smb.conf.5132
1 files changed, 117 insertions, 15 deletions
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index acd6398c877..7aff5f60814 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMB.CONF" "5" "02 May 2002" "" ""
+.TH "SMB.CONF" "5" "17 June 2002" "" ""
.SH NAME
smb.conf \- The configuration file for the Samba suite
.SH "SYNOPSIS"
@@ -360,6 +360,9 @@ the NetBIOS name of the client machine
the NetBIOS name of the server. This allows you
to change your config based on what the client calls you. Your
server can have a "dual personality".
+
+Note that this paramater is not available when Samba listens
+on port 445, as clients no longer send this information
.TP
\fB%M\fR
the Internet name of the client machine.
@@ -421,6 +424,18 @@ All of these options can be set separately for each service
.PP
The options are:
.TP
+\fBmangling method\fR
+controls the algorithm used for the generating
+the mangled names. Can take two different values, "hash" and
+"hash2". "hash" is the default and is the algorithm that has been
+used in Samba for many years. "hash2" is a newer and considered
+a better algorithm (generates less collisions) in the names.
+However, many Win32 applications store the
+mangled names and so changing to the new algorithm must not be done
+lightly as these applications may break unless reinstalled.
+New installations of Samba may set the default to hash2.
+Default \fBhash\fR.
+.TP
\fBmangle case = yes/no\fR
controls if names that have characters that
aren't of the "default" case are mangled. For example,
@@ -720,6 +735,9 @@ each parameter for details. Note that some are synonyms.
\fImangled stack\fR
.TP 0.2i
\(bu
+\fImangling method\fR
+.TP 0.2i
+\(bu
\fImap to guest\fR
.TP 0.2i
\(bu
@@ -1156,6 +1174,9 @@ each parameter for details. Note that some are synonyms.
\fIforce security mode\fR
.TP 0.2i
\(bu
+\fIforce unknown acl user\fR
+.TP 0.2i
+\(bu
\fIforce user\fR
.TP 0.2i
\(bu
@@ -1627,7 +1648,7 @@ Example: \fBannounce as = Win95\fR
\fBannounce version (G)\fR
This specifies the major and minor version numbers
that nmbd will use when announcing itself as a server. The default
-is 4.2. Do not change this parameter unless you have a specific
+is 4.5. Do not change this parameter unless you have a specific
need to set a Samba server to be a downlevel server.
Default: \fBannounce version = 4.5\fR
@@ -2974,6 +2995,28 @@ Default: \fBforce security mode = 0\fR
Example: \fBforce security mode = 700\fR
.TP
+\fBforce unknown acl user (S)\fR
+If this parameter is set, a Windows NT ACL that contains
+an unknown SID (security descriptor, or representation of a user or group id)
+as the owner or group owner of the file will be silently mapped into the
+current UNIX uid or gid of the currently connected user.
+
+This is designed to allow Windows NT clients to copy files and
+folders containing ACLs that were created locally on the client machine
+and contain users local to that machine only (no domain users) to be
+copied to a Samba server (usually with XCOPY /O) and have the unknown
+userid and groupid of the file owner map to the current connected user.
+This can only be fixed correctly when winbindd allows arbitrary mapping
+from any Windows NT SID to a UNIX uid or gid.
+
+Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+
+See also \fIforce group
+\fR
+Default: \fBFalse\fR
+
+Example: \fBforce unknown acl user = yes\fR
+.TP
\fBforce user (S)\fR
This specifies a UNIX user name that will be
assigned as the default user for all users connecting to this service.
@@ -3479,7 +3522,9 @@ The default is to use the stand LDAPS port 636.
See Also: ldap ssl
-Default : \fBldap port = 636\fR
+Default : \fBldap port = 636 ; if ldap ssl = on\fR
+
+Default : \fBldap port = 389 ; if ldap ssl = off\fR
.TP
\fBldap server (G)\fR
This parameter is only available if Samba has been
@@ -4069,7 +4114,7 @@ or whether non-DOS names should simply be ignored.
See the section on NAME MANGLING for details on how to control the mangling process.
-If mangling is used then the mangling algorithm is as follows:
+If mangling algorithm "hash" is used then the mangling algorithm is as follows:
.RS
.TP 0.2i
\(bu
@@ -4115,6 +4160,43 @@ in a directory share the same first five alphanumeric characters.
The probability of such a clash is 1/1300.
.PP
.PP
+If mangling algorithm "hash2" is used then the mangling algorithm is as follows:
+.PP
+.RS
+.TP 0.2i
+\(bu
+The first alphanumeric character
+before the rightmost dot of the filename is preserved, forced
+to upper case, and appears as the first character of the mangled name.
+.TP 0.2i
+\(bu
+A base63 hash of 5 characters is generated and the
+first 4 characters of that hash are appended to the first character.
+.TP 0.2i
+\(bu
+A tilde "~" is appended to the first part of the mangled
+name, followed by the final character of the base36 hash of the name.
+
+Note that the character to use may be specified using
+the \fImangling char\fR
+option, if you don't like '~'.
+.TP 0.2i
+\(bu
+The first three alphanumeric characters of the final
+extension are preserved, forced to upper case and appear as the
+extension of the mangled name. The final extension is defined as that
+part of the original filename after the rightmost dot. If there are no
+dots in the filename, the mangled name will have no extension (except
+in the case of "hidden files" - see below).
+.TP 0.2i
+\(bu
+Files whose UNIX name begins with a dot will be
+presented as DOS hidden files. The mangled name will be created as
+for other filenames, but with the leading dot removed and "___" as
+its extension regardless of actual original extension (that's three
+underscores).
+.RE
+.PP
The name mangling (if enabled) allows a file to be
copied between UNIX directories from Windows/DOS while retaining
the long UNIX filename. UNIX files can be renamed to a new extension
@@ -4155,6 +4237,21 @@ Default: \fBmangling char = ~\fR
Example: \fBmangling char = ^\fR
.TP
+\fBmangling mathod(G)\fR
+controls the algorithm used for the generating
+the mangled names. Can take two different values, "hash" and
+"hash2". "hash" is the default and is the algorithm that has been
+used in Samba for many years. "hash2" is a newer and considered
+a better algorithm (generates less collisions) in the names.
+However, many Win32 applications store the mangled names and so
+changing to the new algorithm must not be done
+lightly as these applications may break unless reinstalled.
+New installations of Samba may set the default to hash2.
+
+Default: \fBmangling method = hash\fR
+
+Example: \fBmangling method = hash2\fR
+.TP
\fBmap archive (S)\fR
This controls whether the DOS archive attribute
should be mapped to the UNIX owner execute bit. The DOS archive bit
@@ -6614,9 +6711,11 @@ always>\fR parameter.
Default: \fBstrict sync = no\fR
.TP
\fBstrip dot (G)\fR
-This is a boolean that controls whether to
-strip trailing dots off UNIX filenames. This helps with some
-CDROMs that have filenames ending in a single dot.
+This parameter is now unused in Samba (2.2.5 and above).
+It used strip trailing dots off UNIX filenames but was not correctly implmented.
+In Samba 2.2.5 and above UNIX filenames ending in a dot are invalid Windows long
+filenames (as they are in Windows NT and above) and are mangled to 8.3 before
+being returned to a client.
Default: \fBstrip dot = no\fR
.TP
@@ -7271,15 +7370,18 @@ Default: \fBwinbind uid = <empty string>
\fR
Example: \fBwinbind uid = 10000-20000\fR
.TP
-\fBwinbind use default domain (G)\fR
-This option controls whether or not smbd
-should lookup 'username' as 'DOMAIN\\username' when winbindd is
-running on a system. This is most useful when used in conjunction
-with pam_winbind.so to prevent a Windows user from having to enter
-commands like "ssh 'DOMAIN\\username@hostname'". This option is disabled
-by default, thus requiring that the DOMAIN\\username format be used.
+\fBwinbind use default domain\fR
+.TP
+\fBwinbind use default domain\fR
+This parameter specifies whether the winbindd(8)
+daemon should operate on users without domain component in their username.
+Users without a domain component are treated as is part of the winbindd server's
+own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail
+function in a way much closer to the way they would in a native unix system.
-Default: \fBwinbind use default domain = no\fR
+Default: \fBwinbind use default domain = <falseg>
+\fR
+Example: \fBwinbind use default domain = true\fR
.TP
\fBwins hook (G)\fR
When Samba is running as a WINS server this
generated by cgit (git 2.34.1) at 2025-09-13 04:58:07 +0000