From 0381e1741f55a5691275f8df62da9fcc8818db3d Mon Sep 17 00:00:00 2001 From: bubulle Date: Wed, 28 May 2008 03:56:49 +0000 Subject: Load samba-3.2.0rc1 into branches/samba/upstream-3.2. git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream-3.2@1898 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/manpages/eventlogadm.8.html | 12 +- docs/htmldocs/manpages/findsmb.1.html | 30 +- docs/htmldocs/manpages/idmap_ad.8.html | 8 +- docs/htmldocs/manpages/idmap_ldap.8.html | 10 +- docs/htmldocs/manpages/idmap_nss.8.html | 6 +- docs/htmldocs/manpages/idmap_rid.8.html | 8 +- docs/htmldocs/manpages/idmap_tdb.8.html | 10 +- docs/htmldocs/manpages/index.html | 138 +- docs/htmldocs/manpages/ldb.3.html | 12 +- docs/htmldocs/manpages/ldbadd.1.html | 12 +- docs/htmldocs/manpages/ldbdel.1.html | 12 +- docs/htmldocs/manpages/ldbedit.1.html | 12 +- docs/htmldocs/manpages/ldbmodify.1.html | 12 +- docs/htmldocs/manpages/ldbsearch.1.html | 12 +- docs/htmldocs/manpages/libsmbclient.7.html | 16 +- docs/htmldocs/manpages/lmhosts.5.html | 12 +- docs/htmldocs/manpages/log2pcap.1.html | 10 +- docs/htmldocs/manpages/mount.cifs.8.html | 94 +- docs/htmldocs/manpages/net.8.html | 192 +- docs/htmldocs/manpages/nmbd.8.html | 44 +- docs/htmldocs/manpages/nmblookup.1.html | 24 +- docs/htmldocs/manpages/ntlm_auth.1.html | 52 +- docs/htmldocs/manpages/pam_winbind.7.html | 6 +- docs/htmldocs/manpages/pdbedit.8.html | 14 +- docs/htmldocs/manpages/profiles.1.html | 10 +- docs/htmldocs/manpages/rpcclient.1.html | 26 +- docs/htmldocs/manpages/samba.7.html | 90 +- docs/htmldocs/manpages/smb.conf.5.html | 2918 ++++++++++++++++------- docs/htmldocs/manpages/smbcacls.1.html | 21 +- docs/htmldocs/manpages/smbclient.1.html | 38 +- docs/htmldocs/manpages/smbcontrol.1.html | 12 +- docs/htmldocs/manpages/smbcquotas.1.html | 10 +- docs/htmldocs/manpages/smbd.8.html | 42 +- docs/htmldocs/manpages/smbget.1.html | 12 +- docs/htmldocs/manpages/smbgetrc.5.html | 12 +- docs/htmldocs/manpages/smbmnt.8.html | 24 - docs/htmldocs/manpages/smbmount.8.html | 110 - docs/htmldocs/manpages/smbpasswd.5.html | 14 +- docs/htmldocs/manpages/smbpasswd.8.html | 28 +- docs/htmldocs/manpages/smbsh.1.html | 24 +- docs/htmldocs/manpages/smbspool.8.html | 8 +- docs/htmldocs/manpages/smbstatus.1.html | 14 +- docs/htmldocs/manpages/smbtar.1.html | 22 +- docs/htmldocs/manpages/smbtree.1.html | 12 +- docs/htmldocs/manpages/smbumount.8.html | 17 - docs/htmldocs/manpages/swat.8.html | 26 +- docs/htmldocs/manpages/tdbbackup.8.html | 8 +- docs/htmldocs/manpages/tdbdump.8.html | 4 +- docs/htmldocs/manpages/tdbtool.8.html | 12 +- docs/htmldocs/manpages/testparm.1.html | 26 +- docs/htmldocs/manpages/umount.cifs.8.html | 18 +- docs/htmldocs/manpages/vfs_audit.8.html | 22 +- docs/htmldocs/manpages/vfs_cacheprime.8.html | 18 +- docs/htmldocs/manpages/vfs_cap.8.html | 16 +- docs/htmldocs/manpages/vfs_catia.8.html | 14 +- docs/htmldocs/manpages/vfs_commit.8.html | 20 +- docs/htmldocs/manpages/vfs_default_quota.8.html | 18 +- docs/htmldocs/manpages/vfs_extd_audit.8.html | 16 +- docs/htmldocs/manpages/vfs_fake_perms.8.html | 14 +- docs/htmldocs/manpages/vfs_full_audit.8.html | 34 +- docs/htmldocs/manpages/vfs_gpfs.8.html | 22 +- docs/htmldocs/manpages/vfs_netatalk.8.html | 14 +- docs/htmldocs/manpages/vfs_notify_fam.8.html | 12 +- docs/htmldocs/manpages/vfs_prealloc.8.html | 20 +- docs/htmldocs/manpages/vfs_readahead.8.html | 14 +- docs/htmldocs/manpages/vfs_readonly.8.html | 22 +- docs/htmldocs/manpages/vfs_recycle.8.html | 18 +- docs/htmldocs/manpages/vfs_shadow_copy.8.html | 18 +- docs/htmldocs/manpages/vfs_xattr_tdb.8.html | 12 + docs/htmldocs/manpages/vfstest.1.html | 12 +- docs/htmldocs/manpages/wbinfo.1.html | 43 +- docs/htmldocs/manpages/winbindd.8.html | 62 +- 72 files changed, 2901 insertions(+), 1856 deletions(-) delete mode 100644 docs/htmldocs/manpages/smbmnt.8.html delete mode 100644 docs/htmldocs/manpages/smbmount.8.html delete mode 100644 docs/htmldocs/manpages/smbumount.8.html create mode 100644 docs/htmldocs/manpages/vfs_xattr_tdb.8.html (limited to 'docs/htmldocs/manpages') diff --git a/docs/htmldocs/manpages/eventlogadm.8.html b/docs/htmldocs/manpages/eventlogadm.8.html index f9c6cf859b..2a0ff30ab8 100644 --- a/docs/htmldocs/manpages/eventlogadm.8.html +++ b/docs/htmldocs/manpages/eventlogadm.8.html @@ -1,4 +1,4 @@ -eventlogadm

Name

eventlogadm — push records into the Samba event log store

Synopsis

eventlogadm [-d] [-h] -o +eventlogadm

Name

eventlogadm — push records into the Samba event log store

Synopsis

eventlogadm [-d] [-h] -o addsource EVENTLOG SOURCENAME @@ -6,10 +6,10 @@

eventlogadm [-d] [-h] -o write EVENTLOG -

DESCRIPTION

This tool is part of the samba(1) suite.

eventlogadm is a filter that accepts +

DESCRIPTION

This tool is part of the samba(1) suite.

eventlogadm is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store. Windows client can then manipulate - these record using the usual administration tools.

OPTIONS

-d

+ these record using the usual administration tools.

OPTIONS

-d

The -d option causes eventlogadm to emit debugging information.

@@ -31,7 +31,7 @@ event log store named by EVENTLOG.

-h

Print usage information. -

EVENTLOG RECORD FORMAT

For the write operation, eventlogadm +

EVENTLOG RECORD FORMAT

For the write operation, eventlogadm expects to be able to read structured records from standard input. These records are a sequence of lines, with the record key and data separated by a colon character. Records are separated @@ -80,7 +80,7 @@ eventlog. There may be more than one string in a record.

  • DAT - This field should be left unset. -

    • EXAMPLES

    An example of the record format accepted by eventlogadm:

    +

    EXAMPLES

    An example of the record format accepted by eventlogadm:

     	LEN: 0
 	RS1: 1699505740
 	RCN: 0
@@ -103,7 +103,7 @@
 	tail -f /var/log/messages | \\
 		my_program_to_parse_into_eventlog_records | \\
 	      	eventlogadm SystemLogEvents
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/findsmb.1.html b/docs/htmldocs/manpages/findsmb.1.html index 84c97977b8..6f5b459d28 100644 --- a/docs/htmldocs/manpages/findsmb.1.html +++ b/docs/htmldocs/manpages/findsmb.1.html @@ -1,22 +1,22 @@ -findsmb

    Name

    findsmb — list info about machines that respond to SMB - name queries on a subnet

    Synopsis

    findsmb [subnet broadcast address]

    DESCRIPTION

    This perl script is part of the samba(7) +findsmb

    Name

    findsmb — list info about machines that respond to SMB + name queries on a subnet

    Synopsis

    findsmb [subnet broadcast address]

    DESCRIPTION

    This perl script is part of the samba(7) suite.

    findsmb is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests. - It uses nmblookup(1) - and smbclient(1) + It uses nmblookup(1) + and smbclient(1) to obtain this information. -

    OPTIONS

    -r

    Controls whether findsmb takes +

    OPTIONS

    -r

    Controls whether findsmb takes bugs in Windows95 into account when trying to find a Netbios name registered of the remote machine. This option is disabled by default because it is specific to Windows 95 and Windows 95 machines only. - If set, nmblookup(1) + If set, nmblookup(1) will be called with -B option.

    subnet broadcast address

    Without this option, findsmb will probe the subnet of the machine where - findsmb(1) + findsmb(1) is run. This value is passed to - nmblookup(1) - as part of the -B option.

    EXAMPLES

    The output of findsmb lists the following + nmblookup(1) + as part of the -B option.

    EXAMPLES

    The output of findsmb lists the following information for all machines that respond to the initial nmblookup for any name: IP address, NetBIOS name, Workgroup name, operating system, and SMB server version.

    There will be a '+' in front of the workgroup name for @@ -27,7 +27,7 @@ Windows 98 will not show any information about the operating system or server version.

    The command with -r option - must be run on a system without nmbd(8) running. + must be run on a system without nmbd(8) running. If nmbd is running on the system, you will only get the IP address and the DNS name of the machine. To @@ -48,15 +48,15 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION 192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] 192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] 192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] -

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    nmbd(8), - smbclient(1), and nmblookup(1) -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nmbd(8), + smbclient(1), and nmblookup(1) +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.

    diff --git a/docs/htmldocs/manpages/idmap_ad.8.html b/docs/htmldocs/manpages/idmap_ad.8.html index 14477cc5fc..c9a07d2bf7 100644 --- a/docs/htmldocs/manpages/idmap_ad.8.html +++ b/docs/htmldocs/manpages/idmap_ad.8.html @@ -1,10 +1,10 @@ -idmap_ad

    Name

    idmap_ad — Samba's idmap_ad Backend for Winbind

    DESCRIPTION

    The idmap_ad plugin provides a way for Winbind to read +idmap_ad

    Name

    idmap_ad — Samba's idmap_ad Backend for Winbind

    DESCRIPTION

    The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance by the administrator by adding the posixAccount/posixGroup classess and relative attribute/value pairs to the users and - groups objects in AD

    IDMAP OPTIONS

    range = low - high

    + groups objects in AD

    IDMAP OPTIONS

    range = low - high

    Defines the available matching uid and gid range for which the backend is authoritative. Note that the range acts as a filter. If specified any UID or GID stored in AD that fall outside the @@ -16,7 +16,7 @@ Active Directory regarding user and group information. This can either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. -

    EXAMPLES

    +

    EXAMPLES

    The following example shows how to retrieve idmappings from our principal and and trusted AD domains. All is needed is to set default to yes. If trusted domains are present id conflicts must be resolved beforehand, there is no @@ -33,7 +33,7 @@ idmap alloc backend = tdb idmap alloc config:range = 5000 - 9999 -

    AUTHOR

    +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_ldap.8.html b/docs/htmldocs/manpages/idmap_ldap.8.html index 9510f2a7ac..726aa3510b 100644 --- a/docs/htmldocs/manpages/idmap_ldap.8.html +++ b/docs/htmldocs/manpages/idmap_ldap.8.html @@ -1,8 +1,8 @@ -idmap_ldap

    Name

    idmap_ldap — Samba's idmap_ldap Backend for Winbind

    DESCRIPTION

    The idmap_ldap plugin provides a means for Winbind to +idmap_ldap

    Name

    idmap_ldap — Samba's idmap_ldap Backend for Winbind

    DESCRIPTION

    The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service. The module implements both the "idmap" and "idmap alloc" APIs. -

    IDMAP OPTIONS

    ldap_base_dn = DN

    +

    IDMAP OPTIONS

    ldap_base_dn = DN

    Defines the directory base suffix to use when searching for SID/uid/gid mapping entries. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb.conf. @@ -20,7 +20,7 @@ store and retrieve SID/uid/gid mapping entries. If the parameter is absent, Winbind fail over to use the "idmap uid" and "idmap gid" options from smb.conf. -

    IDMAP ALLOC OPTIONS

    ldap_base_dn = DN

    +

    IDMAP ALLOC OPTIONS

    ldap_base_dn = DN

    Defines the directory base suffix under which new SID/uid/gid mapping entries should be stored. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb.conf. @@ -36,7 +36,7 @@ winbindd can allocate for users and groups. If the parameter is absent, Winbind fail over to use the "idmap uid" and "idmap gid" options from smb.conf. -

    EXAMPLES

    +

    EXAMPLES

    The follow sets of a LDAP configuration which uses a slave server running on localhost for fast fetching SID/gid/uid mappings, it implies correct configuration of referrals. @@ -61,7 +61,7 @@ in plain text in the configuration file we store it into a security store. The "net idmap " command is used to store a secret for the DN specified in a specific idmap domain. -

    AUTHOR

    +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_nss.8.html b/docs/htmldocs/manpages/idmap_nss.8.html index b1aedf900b..7c82ab10f6 100644 --- a/docs/htmldocs/manpages/idmap_nss.8.html +++ b/docs/htmldocs/manpages/idmap_nss.8.html @@ -1,10 +1,10 @@ -idmap_nss

    Name

    idmap_nss — Samba's idmap_nss Backend for Winbind

    DESCRIPTION

    The idmap_nss plugin provides a means to map Unix users and groups +idmap_nss

    Name

    idmap_nss — Samba's idmap_nss Backend for Winbind

    DESCRIPTION

    The idmap_nss plugin provides a means to map Unix users and groups to Windows accounts and obseletes the "winbind trusted domains only" smb.conf option. This provides a simple means of ensuring that the SID for a Unix user named jsmith is reported as the one assigned to DOMAIN\jsmith which is necessary for reporting ACLs on files and printers stored on a Samba member server. -

    EXAMPLES

    +

    EXAMPLES

    This example shows how to use idmap_nss to check the local accounts for its own domain while using allocation to create new mappings for trusted domains 

    @@ -20,7 +20,7 @@
 
 	    idmap alloc backend      = tdb
 	    idmap alloc config:range = 10000 - 50000
-

    AUTHOR

    +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_rid.8.html b/docs/htmldocs/manpages/idmap_rid.8.html index dbab83a449..6a1edcd9a2 100644 --- a/docs/htmldocs/manpages/idmap_rid.8.html +++ b/docs/htmldocs/manpages/idmap_rid.8.html @@ -1,6 +1,6 @@ -idmap_rid

    Name

    idmap_rid — Samba's idmap_rid Backend for Winbind

    DESCRIPTION

    The idmap_rid backend provides a way to use an algorithmic +idmap_rid

    Name

    idmap_rid — Samba's idmap_rid Backend for Winbind

    DESCRIPTION

    The idmap_rid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs. No database is required - in this case as the mapping is deterministic.

    IDMAP OPTIONS

    range = low - high

    + in this case as the mapping is deterministic.

    IDMAP OPTIONS

    range = low - high

    Defines the available matching uid and gid range for which the backend is authoritative. Note that the range acts as a filter. If algorithmically determined UID or GID fall outside the @@ -13,7 +13,7 @@ by default start at 1000 (512 hexadecimal), this means a good value for base_rid can be 1000 as the resulting ID is calculated this way: ID = RID - BASE_RID + LOW RANGE ID. -

    EXAMPLES

    This example shows how to configure 2 domains with idmap_rid

    +

    EXAMPLES

    This example shows how to configure 2 domains with idmap_rid

     	[global]
 	    idmap domains = MAIN TRUSTED1
 
@@ -24,7 +24,7 @@
 	    idmap config TRUSTED1:backend  = rid
 	    idmap config TRUSTED1:base_rid = 1000
 	    idmap config TRUSTED1:range    = 50000 - 99999
-

    AUTHOR

    +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_tdb.8.html b/docs/htmldocs/manpages/idmap_tdb.8.html index 6ab21584f9..4e450e08e6 100644 --- a/docs/htmldocs/manpages/idmap_tdb.8.html +++ b/docs/htmldocs/manpages/idmap_tdb.8.html @@ -1,19 +1,19 @@ -idmap_tdb

    Name

    idmap_tdb — Samba's idmap_tdb Backend for Winbind

    DESCRIPTION

    The idmap_tdb plugin is the default backend used by winbindd +idmap_tdb

    Name

    idmap_tdb — Samba's idmap_tdb Backend for Winbind

    DESCRIPTION

    The idmap_tdb plugin is the default backend used by winbindd for storing SID/uid/gid mapping tables and implements both the "idmap" and "idmap alloc" APIs. -

    IDMAP OPTIONS

    range = low - high

    +

    IDMAP OPTIONS

    range = low - high

    Defines the available matching uid and gid range for which the backend is authoritative. Note that the range commonly matches the allocation range due to the fact that the same backend will store and retrieve SID/uid/gid mapping entries. If the parameter is absent, Winbind fail over to use the "idmap uid" and "idmap gid" options from smb.conf. -

    IDMAP ALLOC OPTIONS

    range = low - high

    +

    IDMAP ALLOC OPTIONS

    range = low - high

    Defines the available matching uid and gid range from which winbindd can allocate for users and groups. If the parameter is absent, Winbind fail over to use the "idmap uid" and "idmap gid" options from smb.conf. -

    EXAMPLES

    +

    EXAMPLES

    The following example is equivalent to the pre-3.0.25 default idmap configuration using the "idmap backend = tdb" setting. 

    @@ -25,7 +25,7 @@
 
 	    idmap alloc backend = tdb
 	    idmap alloc config:range = 10000 - 50000
-

    AUTHOR

    +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/index.html b/docs/htmldocs/manpages/index.html index ca031be3eb..c3f377ba36 100644 --- a/docs/htmldocs/manpages/index.html +++ b/docs/htmldocs/manpages/index.html @@ -1,84 +1,82 @@ -

    eventlogadm(8)

    push records into the Samba event log store -

    findsmb(1)

    list info about machines that respond to SMB +

    eventlogadm(8)

    push records into the Samba event log store +

    findsmb(1)

    list info about machines that respond to SMB name queries on a subnet -

    idmap_ad(8)

    Samba's idmap_ad Backend for Winbind -

    idmap_ldap(8)

    Samba's idmap_ldap Backend for Winbind -

    idmap_nss(8)

    Samba's idmap_nss Backend for Winbind -

    idmap_rid(8)

    Samba's idmap_rid Backend for Winbind -

    idmap_tdb(8)

    Samba's idmap_tdb Backend for Winbind -

    ldb(3)

    A light-weight database library -

    ldbadd(1)

    Command-line utility for adding records to an LDB -

    ldbdel(1)

    Command-line program for deleting LDB records -

    ldbedit(1)

    Edit LDB databases using your preferred editor -

    ldbmodify(1)

    Modify records in a LDB database -

    ldbsearch(1)

    Search for records in a LDB database -

    libsmbclient(7)

    An extension library for browsers and that can be used as a generic browsing API. -

    lmhosts(5)

    The Samba NetBIOS hosts file -

    log2pcap(1)

    Extract network traces from Samba log files -

    mount.cifs(8)

    mount using the Common Internet File System (CIFS) -

    net(8)

    Tool for administration of Samba and remote +

    idmap_ad(8)

    Samba's idmap_ad Backend for Winbind +

    idmap_ldap(8)

    Samba's idmap_ldap Backend for Winbind +

    idmap_nss(8)

    Samba's idmap_nss Backend for Winbind +

    idmap_rid(8)

    Samba's idmap_rid Backend for Winbind +

    idmap_tdb(8)

    Samba's idmap_tdb Backend for Winbind +

    ldb(3)

    A light-weight database library +

    ldbadd(1)

    Command-line utility for adding records to an LDB +

    ldbdel(1)

    Command-line program for deleting LDB records +

    ldbedit(1)

    Edit LDB databases using your preferred editor +

    ldbmodify(1)

    Modify records in a LDB database +

    ldbsearch(1)

    Search for records in a LDB database +

    libsmbclient(7)

    An extension library for browsers and that can be used as a generic browsing API. +

    lmhosts(5)

    The Samba NetBIOS hosts file +

    log2pcap(1)

    Extract network traces from Samba log files +

    mount.cifs(8)

    mount using the Common Internet File System (CIFS) +

    net(8)

    Tool for administration of Samba and remote CIFS servers. -

    nmbd(8)

    NetBIOS name server to provide NetBIOS +

    nmbd(8)

    NetBIOS name server to provide NetBIOS over IP naming services to clients -

    nmblookup(1)

    NetBIOS over TCP/IP client used to lookup NetBIOS +

    nmblookup(1)

    NetBIOS over TCP/IP client used to lookup NetBIOS names -

    ntlm_auth(1)

    tool to allow external access to Winbind's NTLM authentication function -

    pam_winbind(7)

    PAM module for Winbind -

    pdbedit(8)

    manage the SAM database (Database of Samba Users) -

    profiles(1)

    A utility to report and change SIDs in registry files +

    ntlm_auth(1)

    tool to allow external access to Winbind's NTLM authentication function +

    pam_winbind(7)

    PAM module for Winbind +

    pdbedit(8)

    manage the SAM database (Database of Samba Users) +

    profiles(1)

    A utility to report and change SIDs in registry files -

    rpcclient(1)

    tool for executing client side +

    rpcclient(1)

    tool for executing client side MS-RPC functions -

    samba(7)

    A Windows SMB/CIFS fileserver for UNIX -

    smb.conf(5)

    The configuration file for the Samba suite -

    smbcacls(1)

    Set or get ACLs on an NT file or directory names -

    smbclient(1)

    ftp-like client to access SMB/CIFS resources +

    samba(7)

    A Windows SMB/CIFS fileserver for UNIX +

    smbcacls(1)

    Set or get ACLs on an NT file or directory names +

    smbclient(1)

    ftp-like client to access SMB/CIFS resources on servers -

    smbcontrol(1)

    send messages to smbd, nmbd or winbindd processes -

    smbcquotas(1)

    Set or get QUOTAs of NTFS 5 shares -

    smbd(8)

    server to provide SMB/CIFS services to clients -

    smbget(1)

    wget-like utility for download files over SMB -

    smbgetrc(5)

    configuration file for smbget -

    smbmnt(8)

    helper utility for mounting SMB filesystems -

    smbmount(8)

    mount an smbfs filesystem -

    smbpasswd(5)

    The Samba encrypted password file -

    smbpasswd(8)

    change a user's SMB password -

    smbsh(1)

    Allows access to remote SMB shares +

    smb.conf(5)

    The configuration file for the Samba suite +

    smbcontrol(1)

    send messages to smbd, nmbd or winbindd processes +

    smbcquotas(1)

    Set or get QUOTAs of NTFS 5 shares +

    smbd(8)

    server to provide SMB/CIFS services to clients +

    smbget(1)

    wget-like utility for download files over SMB +

    smbgetrc(5)

    configuration file for smbget +

    smbpasswd(5)

    The Samba encrypted password file +

    smbpasswd(8)

    change a user's SMB password +

    smbsh(1)

    Allows access to remote SMB shares using UNIX commands -

    smbspool(8)

    send a print file to an SMB printer -

    smbstatus(1)

    report on current Samba connections -

    smbtar(1)

    shell script for backing up SMB/CIFS shares +

    smbspool(8)

    send a print file to an SMB printer +

    smbstatus(1)

    report on current Samba connections +

    smbtar(1)

    shell script for backing up SMB/CIFS shares directly to UNIX tape drives -

    smbtree(1)

    A text based smb network browser +

    smbtree(1)

    A text based smb network browser -

    smbumount(8)

    smbfs umount for normal users -

    swat(8)

    Samba Web Administration Tool -

    tdbbackup(8)

    tool for backing up and for validating the integrity of samba .tdb files -

    tdbdump(8)

    tool for printing the contents of a TDB file -

    tdbtool(8)

    manipulate the contents TDB files -

    testparm(1)

    check an smb.conf configuration file for +

    swat(8)

    Samba Web Administration Tool +

    tdbbackup(8)

    tool for backing up and for validating the integrity of samba .tdb files +

    tdbdump(8)

    tool for printing the contents of a TDB file +

    tdbtool(8)

    manipulate the contents TDB files +

    testparm(1)

    check an smb.conf configuration file for internal correctness -

    umount.cifs(8)

    for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts -

    vfs_audit(8)

    record selected Samba VFS operations in the system log -

    vfs_cacheprime(8)

    prime the kernel file data cache -

    vfs_cap(8)

    CAP encode filenames -

    vfs_catia(8)

    translate illegal characters in Catia filenames -

    vfs_commit(8)

    flush dirty data at specified intervals -

    vfs_default_quota(8)

    store default quota records for Windows clients -

    vfs_extd_audit(8)

    record selected Samba VFS operations -

    vfs_fake_perms(8)

    enable read only Roaming Profiles -

    vfs_full_audit(8)

    record Samba VFS operations in the system log -

    vfs_gpfs(8)

    gpfs specific samba extensions like acls and prealloc -

    vfs_netatalk(8)

    hide .AppleDouble files from CIFS clients -

    vfs_notify_fam(8)

    FAM support for file change notifications -

    vfs_prealloc(8)

    preallocate matching files to a predetermined size -

    vfs_readahead(8)

    pre-load the kernel buffer cache -

    vfs_readonly(8)

    make a Samba share read only for a specified time period -

    vfs_recycle(8)

    Samba VFS recycle bin -

    vfs_shadow_copy(8)

    Make a Samba share read only for a specified time period -

    vfstest(1)

    tool for testing samba VFS modules -

    wbinfo(1)

    Query information from winbind daemon -

    winbindd(8)

    Name Service Switch daemon for resolving names +

    umount.cifs(8)

    for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts +

    vfs_audit(8)

    record selected Samba VFS operations in the system log +

    vfs_cacheprime(8)

    prime the kernel file data cache +

    vfs_cap(8)

    CAP encode filenames +

    vfs_catia(8)

    translate illegal characters in Catia filenames +

    vfs_commit(8)

    flush dirty data at specified intervals +

    vfs_default_quota(8)

    store default quota records for Windows clients +

    vfs_extd_audit(8)

    record selected Samba VFS operations +

    vfs_fake_perms(8)

    enable read only Roaming Profiles +

    vfs_full_audit(8)

    record Samba VFS operations in the system log +

    vfs_gpfs(8)

    gpfs specific samba extensions like acls and prealloc +

    vfs_netatalk(8)

    hide .AppleDouble files from CIFS clients +

    vfs_notify_fam(8)

    FAM support for file change notifications +

    vfs_prealloc(8)

    preallocate matching files to a predetermined size +

    vfs_readahead(8)

    pre-load the kernel buffer cache +

    vfs_readonly(8)

    make a Samba share read only for a specified time period +

    vfs_recycle(8)

    Samba VFS recycle bin +

    vfs_shadow_copy(8)

    Make a Samba share read only for a specified time period +

    vfstest(1)

    tool for testing samba VFS modules +

    vfs_xattr_tdb(8)

    Save Extended Attributes (EAs) in a tdb file +

    wbinfo(1)

    Query information from winbind daemon +

    winbindd(8)

    Name Service Switch daemon for resolving names from NT servers

    diff --git a/docs/htmldocs/manpages/ldb.3.html b/docs/htmldocs/manpages/ldb.3.html index dbf44dd31e..10d03bd40c 100644 --- a/docs/htmldocs/manpages/ldb.3.html +++ b/docs/htmldocs/manpages/ldb.3.html @@ -1,4 +1,4 @@ -ldb

    Name

    ldb

    The Samba Project

    — A light-weight database library

    Synopsis

    #include <ldb.h>

    description

    +ldb

    Name

    ldb

    The Samba Project

    — A light-weight database library

    Synopsis

    #include <ldb.h>

    description

    ldb is a light weight embedded database library and API. With a programming interface that is very similar to LDAP, ldb can store its data either in a tdb(3) database or in a real LDAP database. @@ -34,7 +34,7 @@ If you are new to ldb, then I suggest starting with the manual pages for ldbsearch(1) and ldbedit(1), and experimenting with a local database. Then I suggest you look at the ldb_connect(3) and ldb_search(3) manual pages. -

    TOOLS

    • +

    TOOLS

    • ldbsearch(1) - command line ldb search utility

    • @@ -49,7 +49,7 @@ ldb_search(3) manual pages.

    • ldbmodify(1) - modify records in a ldb database using LDIF formatted input -

    FUNCTIONS

    • +

    FUNCTIONS

    • ldb_connect(3) - connect to a ldb backend

    • @@ -124,12 +124,12 @@ ldb_search(3) manual pages.

    • ldb_set_debug_stderr(3) - set a debug handler for stderr output -

    Author

    +

    Author

    ldb was written by - Andrew Tridgell. + Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see -the http://ldb.samba.org/ web site for +the http://ldb.samba.org/ web site for current contact and maintainer information.

    ldb is released under the GNU Lesser General Public License version 2 diff --git a/docs/htmldocs/manpages/ldbadd.1.html b/docs/htmldocs/manpages/ldbadd.1.html index d2b1b7f7be..d20be69636 100644 --- a/docs/htmldocs/manpages/ldbadd.1.html +++ b/docs/htmldocs/manpages/ldbadd.1.html @@ -1,16 +1,16 @@ -ldbadd

    Name

    ldbadd — Command-line utility for adding records to an LDB

    Synopsis

    ldbadd [-h] [-H LDB-URL] [ldif-file1] [ldif-file2] [...]

    DESCRIPTION

    ldbadd adds records to an ldb(7) database. It reads +ldbadd

    Name

    ldbadd — Command-line utility for adding records to an LDB

    Synopsis

    ldbadd [-h] [-H LDB-URL] [ldif-file1] [ldif-file2] [...]

    DESCRIPTION

    ldbadd adds records to an ldb(7) database. It reads the ldif(5) files specified on the command line and adds the records from these files to the LDB database, which is specified by the -H option or the LDB_URL environment variable.

    If - is specified as a ldb file, the ldif input is read from - standard input.

    OPTIONS

    -h

    + standard input.

    OPTIONS

    -h

    Show list of available options.

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbdel, ldif(5)

    AUTHOR

    ldb was written by - Andrew Tridgell. +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbdel, ldif(5)

    AUTHOR

    ldb was written by + Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see -the http://ldb.samba.org/ web site for +the http://ldb.samba.org/ web site for current contact and maintainer information.

    This manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/ldbdel.1.html b/docs/htmldocs/manpages/ldbdel.1.html index 5d9b9165ea..c43a7fc44d 100644 --- a/docs/htmldocs/manpages/ldbdel.1.html +++ b/docs/htmldocs/manpages/ldbdel.1.html @@ -1,15 +1,15 @@ -ldbdel

    Name

    ldbdel — Command-line program for deleting LDB records

    Synopsis

    ldbdel [-h] [-H LDB-URL] [dn] [...]

    DESCRIPTION

    ldbdel deletes records from an ldb(7) database. +ldbdel

    Name

    ldbdel — Command-line program for deleting LDB records

    Synopsis

    ldbdel [-h] [-H LDB-URL] [dn] [...]

    DESCRIPTION

    ldbdel deletes records from an ldb(7) database. It deletes the records identified by the dn's specified on the command-line.

    ldbdel uses either the database that is specified with the -H option or the database specified by the LDB_URL environment - variable.

    OPTIONS

    -h

    + variable.

    OPTIONS

    -h

    Show list of available options.

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbadd, ldif(5)

    AUTHOR

    ldb was written by - Andrew Tridgell. +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbadd, ldif(5)

    AUTHOR

    ldb was written by + Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see -the http://ldb.samba.org/ web site for +the http://ldb.samba.org/ web site for current contact and maintainer information.

    ldbdel was written by Andrew Tridgell.

    This manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/ldbedit.1.html b/docs/htmldocs/manpages/ldbedit.1.html index eda5125f48..00f62ec397 100644 --- a/docs/htmldocs/manpages/ldbedit.1.html +++ b/docs/htmldocs/manpages/ldbedit.1.html @@ -1,8 +1,8 @@ -ldbedit

    Name

    ldbedit — Edit LDB databases using your preferred editor

    Synopsis

    ldbedit [-?] [--usage] [-s base|one|sub] [-b basedn] [-a] [-e editor] [-H LDB-URL] [expression] [attributes...]

    DESCRIPTION

    ldbedit is a utility that allows you to edit LDB entries (in +ldbedit

    Name

    ldbedit — Edit LDB databases using your preferred editor

    Synopsis

    ldbedit [-?] [--usage] [-s base|one|sub] [-b basedn] [-a] [-e editor] [-H LDB-URL] [expression] [attributes...]

    DESCRIPTION

    ldbedit is a utility that allows you to edit LDB entries (in tdb files, sqlite files or LDAP servers) using your preferred editor. ldbedit generates an LDIF file based on your query, allows you to edit the LDIF, and then merges that LDIF back into the LDB backend. -

    OPTIONS

    -?, --help

    +

    OPTIONS

    -?, --help

    Show list of available options, and a phrase describing what that option does.

    --usage

    @@ -34,19 +34,19 @@ operations that are being performed. Without this option, ldbedit will only provide a summary change line. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to. This can be +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to. This can be overridden by using the -H command-line option.)

    VISUAL and EDITOR

    Environment variables used to determine what editor to use. VISUAL takes precedence over EDITOR, and both are overridden by the -e command-line option. -

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1)

    AUTHOR

    +

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1)

    AUTHOR

    ldb was written by - Andrew Tridgell. + Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see - the http://ldb.samba.org/ web site for + the http://ldb.samba.org/ web site for current contact and maintainer information.

    This manpage was written by Jelmer Vernooij and updated diff --git a/docs/htmldocs/manpages/ldbmodify.1.html b/docs/htmldocs/manpages/ldbmodify.1.html index 7f079f0942..a8d213de91 100644 --- a/docs/htmldocs/manpages/ldbmodify.1.html +++ b/docs/htmldocs/manpages/ldbmodify.1.html @@ -1,14 +1,14 @@ -ldbmodify

    Name

    ldbmodify — Modify records in a LDB database

    Synopsis

    ldbmodify [-H LDB-URL] [ldif-file]

    DESCRIPTION

    +ldbmodify

    Name

    ldbmodify — Modify records in a LDB database

    Synopsis

    ldbmodify [-H LDB-URL] [ldif-file]

    DESCRIPTION

    ldbmodify changes, adds and deletes records in a LDB database. The changes that should be made to the LDB database are read from the specified LDIF-file. If - is specified as the filename, input is read from stdin. -

    For now, see ldapmodify(1) for details on the LDIF file format.

    OPTIONS

    -H <ldb-url>

    +

    For now, see ldapmodify(1) for details on the LDIF file format.

    OPTIONS

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit

    AUTHOR

    ldb was written by - Andrew Tridgell. +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit

    AUTHOR

    ldb was written by + Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see -the http://ldb.samba.org/ web site for +the http://ldb.samba.org/ web site for current contact and maintainer information.

    This manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/ldbsearch.1.html b/docs/htmldocs/manpages/ldbsearch.1.html index 3a4969b9a0..0ed2253a0d 100644 --- a/docs/htmldocs/manpages/ldbsearch.1.html +++ b/docs/htmldocs/manpages/ldbsearch.1.html @@ -1,15 +1,15 @@ -ldbsearch

    Name

    ldbsearch — Search for records in a LDB database

    Synopsis

    ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes]

    DESCRIPTION

    ldbsearch searches a LDB database for records matching the +ldbsearch

    Name

    ldbsearch — Search for records in a LDB database

    Synopsis

    ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes]

    DESCRIPTION

    ldbsearch searches a LDB database for records matching the specified expression (see the ldapsearch(1) manpage for a description of the expression format). For each record, the specified attributes are printed. -

    OPTIONS

    -h

    +

    OPTIONS

    -h

    Show list of available options.

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    -s one|sub|base

    Search scope to use. One-level, subtree or base.

    -i

    Read search expressions from stdin.

    -b basedn

    Specify Base DN to use.

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit(1)

    AUTHOR

    ldb was written by - Andrew Tridgell. +

    -s one|sub|base

    Search scope to use. One-level, subtree or base.

    -i

    Read search expressions from stdin.

    -b basedn

    Specify Base DN to use.

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit(1)

    AUTHOR

    ldb was written by + Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see -the http://ldb.samba.org/ web site for +the http://ldb.samba.org/ web site for current contact and maintainer information.

    This manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/libsmbclient.7.html b/docs/htmldocs/manpages/libsmbclient.7.html index 703bdf7eb7..5c2f6cbb37 100644 --- a/docs/htmldocs/manpages/libsmbclient.7.html +++ b/docs/htmldocs/manpages/libsmbclient.7.html @@ -1,7 +1,7 @@ -libsmbclient

    Name

    libsmbclient — An extension library for browsers and that can be used as a generic browsing API.

    Synopsis

    Browser URL:

    +libsmbclient

    Name

    libsmbclient — An extension library for browsers and that can be used as a generic browsing API.

    Synopsis

    Browser URL:

    smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options] -

    DESCRIPTION

    - This tool is part of the samba(7) suite. +

    DESCRIPTION

    + This tool is part of the samba(7) suite.

    libsmbclient is a library toolset that permits applications to manipulate CIFS/SMB network resources using many of the standards POSIX functions available for manipulating local UNIX/Linux files. It @@ -12,7 +12,7 @@ libsmbclient can not be used directly from the command line, instead it provides an extension of the capabilities of tools such as file managers and browsers. This man page describes the configuration options for this tool so that the user may obtain greatest utility of use. -

    OPTIONS

    +

    OPTIONS

    What the URLs mean:

    smb://

    Shows all workgroups or domains that are visible in the network. The behavior matches @@ -44,11 +44,11 @@ libsmbclient will check the users shell environment for the USER parameter and will use its value when if the user parameter was not included in the URL. -

    PROGRAMMERS GUIDE

    +

    PROGRAMMERS GUIDE

    Watch this space for future updates. -

    VERSION

    - This man page is correct for version 3.0 of the Samba suite. -

    AUTHOR

    +

    VERSION

    + This man page is correct for version 3 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. diff --git a/docs/htmldocs/manpages/lmhosts.5.html b/docs/htmldocs/manpages/lmhosts.5.html index 8915e7d3d8..f428ef3026 100644 --- a/docs/htmldocs/manpages/lmhosts.5.html +++ b/docs/htmldocs/manpages/lmhosts.5.html @@ -1,8 +1,8 @@ -lmhosts

    Name

    lmhosts — The Samba NetBIOS hosts file

    Synopsis

    lmhosts is the samba(7) NetBIOS name to IP address mapping file.

    DESCRIPTION

    This file is part of the samba(7) suite.

    lmhosts is the Samba +lmhosts

    Name

    lmhosts — The Samba NetBIOS hosts file

    Synopsis

    lmhosts is the samba(7) NetBIOS name to IP address mapping file.

    DESCRIPTION

    This file is part of the samba(7) suite.

    lmhosts is the Samba NetBIOS name to IP address mapping file. It is very similar to the /etc/hosts file format, except that the hostname component must correspond - to the NetBIOS naming format.

    FILE FORMAT

    It is an ASCII file containing one line for NetBIOS name. + to the NetBIOS naming format.

    FILE FORMAT

    It is an ASCII file containing one line for NetBIOS name. The two fields on each line are separated from each other by white space. Any entry beginning with '#' is ignored. Each line in the lmhosts file contains the following information:

    • IP Address - in dotted decimal format.

    • NetBIOS Name - This name format is a @@ -25,16 +25,16 @@ the NetBIOS name requested.

      The second mapping will be returned only when the "0x20" name type for a name "NTSERVER" is queried. Any other name type will not be resolved.

      The default location of the lmhosts file - is in the same directory as the smb.conf(5) file.

    FILES

    lmhosts is loaded from the configuration directory. This is + is in the same directory as the smb.conf(5) file.

    FILES

    lmhosts is loaded from the configuration directory. This is usually /etc/samba or /usr/local/samba/lib. -

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    SEE ALSO

    smbclient(1), smb.conf(5), and smbpasswd(8) -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbclient(1), smb.conf(5), and smbpasswd(8) +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at - + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook diff --git a/docs/htmldocs/manpages/log2pcap.1.html b/docs/htmldocs/manpages/log2pcap.1.html index 59de004aa8..cee6ed82aa 100644 --- a/docs/htmldocs/manpages/log2pcap.1.html +++ b/docs/htmldocs/manpages/log2pcap.1.html @@ -1,11 +1,11 @@ -log2pcap

    Name

    log2pcap — Extract network traces from Samba log files

    Synopsis

    log2pcap [-h] [-q] [logfile] [pcap_file]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    log2pcap reads in a +log2pcap

    Name

    log2pcap — Extract network traces from Samba log files

    Synopsis

    log2pcap [-h] [-q] [logfile] [pcap_file]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    log2pcap reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file.

    The log file must have a log level of at least 5 to get the SMB header/parameters right, 10 to get the first 512 data bytes of the packet and 50 to get the whole packet. -

    OPTIONS

    -h

    If this parameter is +

    OPTIONS

    -h

    If this parameter is specified the output file will be a hex dump, in a format that is readable by the text2pcap utility.

    -q

    Be quiet. No warning messages about missing @@ -17,13 +17,13 @@ If this argument is not specified, output data will be written to stdout.

    -h|--help

    Print a summary of command line options. -

    EXAMPLES

    Extract all network traffic from all samba log files:

    +

    EXAMPLES

    Extract all network traffic from all samba log files:

     			$ log2pcap < /var/log/* > trace.pcap

    Convert to pcap using text2pcap:

     	$ log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap
-

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    BUGS

    Only SMB data is extracted from the samba logs, no LDAP, +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    BUGS

    Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data.

    The generated TCP and IP headers don't contain a valid - checksum.

    SEE ALSO

    text2pcap(1), ethereal(1)

    AUTHOR

    The original Samba software and related utilities + checksum.

    SEE ALSO

    text2pcap(1), ethereal(1)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    This manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/mount.cifs.8.html b/docs/htmldocs/manpages/mount.cifs.8.html index b9498dfa5f..089e01e761 100644 --- a/docs/htmldocs/manpages/mount.cifs.8.html +++ b/docs/htmldocs/manpages/mount.cifs.8.html @@ -1,6 +1,6 @@ -mount.cifs

    Name

    mount.cifs — mount using the Common Internet File System (CIFS)

    Synopsis

    mount.cifs {service} {mount-point} [-o options]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    mount.cifs mounts a Linux CIFS filesystem. It +mount.cifs

    Name

    mount.cifs — mount using the Common Internet File System (CIFS)

    Synopsis

    mount.cifs {service} {mount-point} [-o options]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    mount.cifs mounts a Linux CIFS filesystem. It is usually invoked indirectly by -the mount(8) command when using the +the mount(8) command when using the "-t cifs" option. This command only works in Linux, and the kernel must support the cifs filesystem. The CIFS protocol is the successor to the SMB protocol and is supported by most Windows servers and many other @@ -20,7 +20,7 @@ kernel log.

    mount.cifs causes the cifs vfs to launch a thread named cifsd. After mounting it keeps running until the mounted resource is unmounted (usually via the umount utility). -

    OPTIONS

    user=arg

    specifies the username to connect as. If +

    OPTIONS

    user=arg

    specifies the username to connect as. If this is not given, then the environment variable USER is used. This option can also take the form "user%password" or "workgroup/user" or "workgroup/user%password" to allow the password and workgroup @@ -30,7 +30,7 @@ to be specified as part of the username.

    password=arg

    specifies the CIFS password. If this option is not given then the environment variable PASSWD is used. If the password is not specified -directly or indirectly via an argument to mount mount.cifs will prompt +directly or indirectly via an argument to mount, mount.cifs will prompt for a password, unless the guest option is specified.

    Note that a password which contains the delimiter character (i.e. a comma ',') will fail to be parsed correctly @@ -50,22 +50,57 @@ credentials file properly.

    uid=arg

    sets the uid that will own all files on the mounted filesystem. It may be specified as either a username or a numeric uid. - This parameter is ignored when the target server supports - the CIFS Unix extensions.

    gid=arg

    sets the gid that will own all files on -the mounted filesystem. -It may be specified as either a groupname or a numeric -gid. This parameter is ignored when the target server supports -the CIFS Unix extensions. + For mounts to servers which do support the CIFS Unix extensions, + such as a properly configured Samba server, the server provides + the uid, gid and mode so this parameter should not be + specified unless the server and client uid and gid + numbering differ. If the server and client are in the + same domain (e.g. running winbind or nss_ldap) and + the server supports the Unix Extensions then the uid + and gid can be retrieved from the server (and uid + and gid would not have to be specifed on the mount. + For servers which do not support the CIFS Unix + extensions, the default uid (and gid) returned on lookup + of existing files will be the uid (gid) of the person + who executed the mount (root, except when mount.cifs + is configured setuid for user mounts) unless the "uid=" + (gid) mount option is specified. For the uid (gid) of newly + created files and directories, ie files created since + the last mount of the server share, the expected uid + (gid) is cached as long as the inode remains in + memory on the client. Also note that permission + checks (authorization checks) on accesses to a file occur + at the server, but there are cases in which an administrator + may want to restrict at the client as well. For those + servers which do not report a uid/gid owner + (such as Windows), permissions can also be checked at the + client, and a crude form of client side permission checking + can be enabled by specifying file_mode and dir_mode on + the client. Note that the mount.cifs helper must be + at version 1.10 or higher to support specifying the uid + (or gid) in non-numeric form. +

    gid=arg

    sets the gid that will own all files on +the mounted filesystem. It may be specified as either a groupname or a numeric +gid. For other considerations see the description of uid above.

    port=arg

    sets the port number on the server to attempt to contact to negotiate CIFS support. If the CIFS server is not listening on this port or if it is not specified, the default ports will be tried i.e. port 445 is tried and if no response then port 139 is tried. -

    netbiosname=arg

    When mounting to servers via port 139, specifies the RFC1001 +

    servern=arg

    + Specify the server netbios name (RFC1001 name) to use + when attempting to setup a session to the server. Although + rarely needed for mounting to newer servers, this option + is needed for mounting to some older servers (such + as OS/2 or Windows 98 and Windows ME) since when connecting + over port 139 they, unlike most newer servers, do not + support a default server name. A server name can be up + to 15 characters long and is usually uppercased. +

    netbiosname=arg

    When mounting to servers via port 139, specifies the RFC1001 source name to use to represent the client netbios machine name when doing the RFC1001 netbios session initialize.

    file_mode=arg

    If the server does not support the CIFS Unix extensions this overrides the default file mode.

    dir_mode=arg

    If the server does not support the CIFS Unix extensions this - overrides the default mode for directories.

    ip=arg

    sets the destination IP address.

    domain=arg

    sets the domain (workgroup) of the user

    guest

    don't prompt for a password

    iocharset

    Charset used to convert local path names to and from + overrides the default mode for directories.

    ip=arg

    sets the destination IP address. This option is set automatically if the server name portion of the requested UNC name can be resolved so rarely needs to be specified by the user.

    domain=arg

    sets the domain (workgroup) of the user

    guest

    don't prompt for a password

    iocharset

    Charset used to convert local path names to and from Unicode. Unicode is used by default for network path names if the server supports it. If iocharset is not specified then the nls_default specified @@ -163,7 +198,26 @@ port 445 is tried and if no response then port 139 is tried. the server lacks support for returning inode numbers or equivalent.

    noserverino

    client generates inode numbers (rather than using the actual one from the server) by default. -

    nouser_xattr

    (default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise.

    rsize=arg

    default network read size

    wsize=arg

    default network write size

    --verbose

    Print additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:

    mount -t cifs //server/share /mnt --verbose -o user=username

    ENVIRONMENT VARIABLES

    +

    nouser_xattr

    (default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise.

    rsize=arg

    default network read size (usually 16K). The client currently + can not use rsize larger than CIFSMaxBufSize. CIFSMaxBufSize + defaults to 16K and may be changed (from 8K to the maximum + kmalloc size allowed by your kernel) at module install time + for cifs.ko. Setting CIFSMaxBufSize to a very large value + will cause cifs to use more memory and may reduce performance + in some cases. To use rsize greater than 127K (the original + cifs protocol maximum) also requires that the server support + a new Unix Capability flag (for very large read) which some + newer servers (e.g. Samba 3.0.26 or later) do. rsize can be + set from a minimum of 2048 to a maximum of 130048 (127K or + CIFSMaxBufSize, whichever is smaller) + +

    wsize=arg

    default network write size (default 57344) + maximum wsize currently allowed by CIFS is 57344 (fourteen + 4096 byte pages)

    --verbose

    Print additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:

    mount -t cifs //server/share /mnt --verbose -o user=username

    SERVICE FORMATTING AND DELIMITERS

    + It's generally preferred to use forward slashes (/) as a delimiter in service names. They are considered to be the "universal delimiter" since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to blackslashes (\) unconditionally. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can't be automatically converted in the same way. +

    + mount.cifs will attempt to convert backslashes to forward slashes where it's able to do so, but it cannot do so in any path component following the sharename. +

    ENVIRONMENT VARIABLES

    The variable USER may contain the username of the person to be used to authenticate to the server. The variable can be used to set both username and @@ -175,7 +229,7 @@ person using the client. The variable PASSWD_FILE may contain the pathname of a file to read the password from. A single line of input is read and used as the password. -

    NOTES

    This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled.

    CONFIGURATION

    +

    NOTES

    This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled.

    CONFIGURATION

    The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem. In the directory /proc/fs/cifs are various @@ -186,7 +240,7 @@ loaded. These can be seen by running the modinfo utility against the file cifs.ko which will list the options that may be passed to cifs during module installation (device driver load). For more information see the kernel file fs/cifs/README. -

    BUGS

    Mounting using the CIFS URL specification is currently not supported. +

    BUGS

    Mounting using the CIFS URL specification is currently not supported.

    The credentials file does not handle usernames or passwords with leading space.

    Note that the typical response to a bug report is a suggestion @@ -194,13 +248,13 @@ to try the latest version first. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: mount.cifs (try mount.cifs -V), kernel (see /proc/version) and server type you are trying to contact. -

    VERSION

    This man page is correct for version 1.39 of - the cifs vfs filesystem (roughly Linux kernel 2.6.15).

    SEE ALSO

    +

    VERSION

    This man page is correct for version 1.52 of + the cifs vfs filesystem (roughly Linux kernel 2.6.24).

    SEE ALSO

    Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel source tree may contain additional options and information. -

    umount.cifs(8)

    AUTHOR

    Steve French

    The syntax and manpage were loosely based on that of smbmount. It +

    umount.cifs(8)

    AUTHOR

    Steve French

    The syntax and manpage were loosely based on that of smbmount. It was converted to Docbook/XML by Jelmer Vernooij.

    The maintainer of the Linux cifs vfs and the userspace - tool mount.cifs is Steve French. - The Linux CIFS Mailing list + tool mount.cifs is Steve French. + The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs.

    diff --git a/docs/htmldocs/manpages/net.8.html b/docs/htmldocs/manpages/net.8.html index 76fbae251b..7314735ed7 100644 --- a/docs/htmldocs/manpages/net.8.html +++ b/docs/htmldocs/manpages/net.8.html @@ -1,13 +1,13 @@ -net

    Name

    net — Tool for administration of Samba and remote +net

    Name

    net — Tool for administration of Samba and remote CIFS servers. -

    Synopsis

    net {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-d debuglevel] [-V]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The Samba net utility is meant to work just like the net utility +

    Synopsis

    net {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-d debuglevel] [-V]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The Samba net utility is meant to work just like the net utility available for windows and DOS. The first argument should be used to specify the protocol to use when executing a certain command. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000. If this argument is omitted, net will try to determine it automatically. Not all commands are available on all protocols. -

    OPTIONS

    -h|--help

    Print a summary of command line options. +

    OPTIONS

    -h|--help

    Print a summary of command line options.

    -w target-workgroup

    Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. @@ -24,7 +24,7 @@ Defaults to trying 445 first, then 139.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -s <configuration file>

    The file specified contains the @@ -53,19 +53,19 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter -in the smb.conf file.

    COMMANDS

    CHANGESECRETPW

    This command allows the Samba machine account password to be set from an external application +override the log level parameter +in the smb.conf file.

    COMMANDS

    CHANGESECRETPW

    This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory. DO NOT USE this command unless you know exactly what you are doing. The use of this command requires that the force flag (-f) be used also. There will be NO command prompt. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning. YOU HAVE BEEN WARNED. -

    TIME

    The NET TIME command allows you to view the time on a remote server - or synchronise the time on the local server with the time on the remote server.

    TIME

    Without any options, the NET TIME command +

    TIME

    The NET TIME command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server.

    TIME

    Without any options, the NET TIME command displays the time on the remote server. -

    TIME SYSTEM

    Displays the time on the remote server in a format ready for /bin/date.

    TIME SET

    Tries to set the date and time of the local server to that on -the remote server using /bin/date.

    TIME ZONE

    Displays the timezone in hours from GMT on the remote computer.

    [RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

    +

    TIME SYSTEM

    Displays the time on the remote server in a format ready for /bin/date.

    TIME SET

    Tries to set the date and time of the local server to that on +the remote server using /bin/date.

    TIME ZONE

    Displays the timezone in hours from GMT on the remote computer.

    [RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

    Join a domain. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically. (Assuming that the machine has been created in server manager) @@ -82,81 +82,81 @@ OU string reads from top to bottom without RDNs, and is delimited by a '/'. Please note that '\' is used for escape by both the shell and ldap, so it may need to be doubled or quadrupled to pass through, and it is not used as a delimiter. -

    [RPC] OLDJOIN [options]

    Join a domain. Use the OLDJOIN option to join the domain +

    [RPC] OLDJOIN [options]

    Join a domain. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust -account in server manager first.

    [RPC|ADS] USER

    [RPC|ADS] USER

    List all users

    [RPC|ADS] USER DELETE target

    Delete specified user

    [RPC|ADS] USER INFO target

    List the domain groups of the specified user.

    [RPC|ADS] USER RENAME oldname newname

    Rename specified user.

    [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

    Add specified user.

    [RPC|ADS] GROUP

    [RPC|ADS] GROUP [misc options] [targets]

    List user groups.

    [RPC|ADS] GROUP DELETE name [misc. options]

    Delete specified group.

    [RPC|ADS] GROUP ADD name [-C comment]

    Create specified group.

    [RAP|RPC] SHARE

    [RAP|RPC] SHARE [misc. options] [targets]

    Enumerates all exported resources (network shares) on target server.

    [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]

    Adds a share from a server (makes the export active). Maxusers +account in server manager first.

    [RPC|ADS] USER

    [RPC|ADS] USER

    List all users

    [RPC|ADS] USER DELETE target

    Delete specified user

    [RPC|ADS] USER INFO target

    List the domain groups of the specified user.

    [RPC|ADS] USER RENAME oldname newname

    Rename specified user.

    [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

    Add specified user.

    [RPC|ADS] GROUP

    [RPC|ADS] GROUP [misc options] [targets]

    List user groups.

    [RPC|ADS] GROUP DELETE name [misc. options]

    Delete specified group.

    [RPC|ADS] GROUP ADD name [-C comment]

    Create specified group.

    [RAP|RPC] SHARE

    [RAP|RPC] SHARE [misc. options] [targets]

    Enumerates all exported resources (network shares) on target server.

    [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]

    Adds a share from a server (makes the export active). Maxusers specifies the number of users that can be connected to the -share simultaneously.

    SHARE DELETE sharename

    Delete specified share.

    [RPC|RAP] FILE

    [RPC|RAP] FILE

    List all open files on remote server.

    [RPC|RAP] FILE CLOSE fileid

    Close file with specified fileid on -remote server.

    [RPC|RAP] FILE INFO fileid

    +share simultaneously.

    SHARE DELETE sharename

    Delete specified share.

    [RPC|RAP] FILE

    [RPC|RAP] FILE

    List all open files on remote server.

    [RPC|RAP] FILE CLOSE fileid

    Close file with specified fileid on +remote server.

    [RPC|RAP] FILE INFO fileid

    Print information on specified fileid. Currently listed are: file-id, username, locks, path, permissions. -

    [RAP|RPC] FILE USER user

    +

    [RAP|RPC] FILE USER user

    List files opened by specified user. Please note that net rap file user does not work against Samba servers. -

    SESSION

    RAP SESSION

    Without any other options, SESSION enumerates all active SMB/CIFS -sessions on the target server.

    RAP SESSION DELETE|CLOSE CLIENT_NAME

    Close the specified sessions.

    RAP SESSION INFO CLIENT_NAME

    Give a list with all the open files in specified session.

    RAP SERVER DOMAIN

    List all servers in specified domain or workgroup. Defaults -to local domain.

    RAP DOMAIN

    Lists all domains and workgroups visible on the -current network.

    RAP PRINTQ

    RAP PRINTQ LIST QUEUE_NAME

    Lists the specified print queue and print jobs on the server. +

    SESSION

    RAP SESSION

    Without any other options, SESSION enumerates all active SMB/CIFS +sessions on the target server.

    RAP SESSION DELETE|CLOSE CLIENT_NAME

    Close the specified sessions.

    RAP SESSION INFO CLIENT_NAME

    Give a list with all the open files in specified session.

    RAP SERVER DOMAIN

    List all servers in specified domain or workgroup. Defaults +to local domain.

    RAP DOMAIN

    Lists all domains and workgroups visible on the +current network.

    RAP PRINTQ

    RAP PRINTQ LIST QUEUE_NAME

    Lists the specified print queue and print jobs on the server. If the QUEUE_NAME is omitted, all -queues are listed.

    RAP PRINTQ DELETE JOBID

    Delete job with specified id.

    RAP VALIDATE user [password]

    +queues are listed.

    RAP PRINTQ DELETE JOBID

    Delete job with specified id.

    RAP VALIDATE user [password]

    Validate whether the specified user can log in to the remote server. If the password is not specified on the commandline, it will be prompted. -

    Note

    Currently NOT implemented.

    RAP GROUPMEMBER

    RAP GROUPMEMBER LIST GROUP

    List all members of the specified group.

    RAP GROUPMEMBER DELETE GROUP USER

    Delete member from group.

    RAP GROUPMEMBER ADD GROUP USER

    Add member to group.

    RAP ADMIN command

    Execute the specified command on +

    Note

    Currently NOT implemented.

    RAP GROUPMEMBER

    RAP GROUPMEMBER LIST GROUP

    List all members of the specified group.

    RAP GROUPMEMBER DELETE GROUP USER

    Delete member from group.

    RAP GROUPMEMBER ADD GROUP USER

    Add member to group.

    RAP ADMIN command

    Execute the specified command on the remote server. Only works with OS/2 servers. -

    Note

    Currently NOT implemented.

    RAP SERVICE

    RAP SERVICE START NAME [arguments...]

    Start the specified service on the remote server. Not implemented yet.

    Note

    Currently NOT implemented.

    RAP SERVICE STOP

    Stop the specified service on the remote server.

    Note

    Currently NOT implemented.

    RAP PASSWORD USER OLDPASS NEWPASS

    +

    Note

    Currently NOT implemented.

    RAP SERVICE

    RAP SERVICE START NAME [arguments...]

    Start the specified service on the remote server. Not implemented yet.

    Note

    Currently NOT implemented.

    RAP SERVICE STOP

    Stop the specified service on the remote server.

    Note

    Currently NOT implemented.

    RAP PASSWORD USER OLDPASS NEWPASS

    Change password of USER from OLDPASS to NEWPASS. -

    LOOKUP

    LOOKUP HOST HOSTNAME [TYPE]

    +

    LOOKUP

    LOOKUP HOST HOSTNAME [TYPE]

    Lookup the IP address of the given host with the specified type (netbios suffix). The type defaults to 0x20 (workstation). -

    LOOKUP LDAP [DOMAIN]

    Give IP address of LDAP server of specified DOMAIN. Defaults to local domain.

    LOOKUP KDC [REALM]

    Give IP address of KDC for the specified REALM. -Defaults to local realm.

    LOOKUP DC [DOMAIN]

    Give IP's of Domain Controllers for specified -DOMAIN. Defaults to local domain.

    LOOKUP MASTER DOMAIN

    Give IP of master browser for specified DOMAIN -or workgroup. Defaults to local domain.

    CACHE

    Samba uses a general caching interface called 'gencache'. It +

    LOOKUP LDAP [DOMAIN]

    Give IP address of LDAP server of specified DOMAIN. Defaults to local domain.

    LOOKUP KDC [REALM]

    Give IP address of KDC for the specified REALM. +Defaults to local realm.

    LOOKUP DC [DOMAIN]

    Give IP's of Domain Controllers for specified +DOMAIN. Defaults to local domain.

    LOOKUP MASTER DOMAIN

    Give IP of master browser for specified DOMAIN +or workgroup. Defaults to local domain.

    CACHE

    Samba uses a general caching interface called 'gencache'. It can be controlled using 'NET CACHE'.

    All the timeout parameters support the suffixes:

    s - Seconds
    m - Minutes
    h - Hours
    d - Days
    w - Weeks

    -

    CACHE ADD key data time-out

    Add specified key+data to the cache with the given timeout.

    CACHE DEL key

    Delete key from the cache.

    CACHE SET key data time-out

    Update data of existing cache entry.

    CACHE SEARCH PATTERN

    Search for the specified pattern in the cache data.

    CACHE LIST

    +

    CACHE ADD key data time-out

    Add specified key+data to the cache with the given timeout.

    CACHE DEL key

    Delete key from the cache.

    CACHE SET key data time-out

    Update data of existing cache entry.

    CACHE SEARCH PATTERN

    Search for the specified pattern in the cache data.

    CACHE LIST

    List all current items in the cache. -

    CACHE FLUSH

    Remove all the current items from the cache.

    GETLOCALSID [DOMAIN]

    Prints the SID of the specified domain, or if the parameter is -omitted, the SID of the local server.

    SETLOCALSID S-1-5-21-x-y-z

    Sets SID for the local server to the specified SID.

    GETDOMAINSID

    Prints the local machine SID and the SID of the current -domain.

    SETDOMAINSID

    Sets the SID of the current domain.

    GROUPMAP

    Manage the mappings between Windows group SIDs and UNIX groups. +

    CACHE FLUSH

    Remove all the current items from the cache.

    GETLOCALSID [DOMAIN]

    Prints the SID of the specified domain, or if the parameter is +omitted, the SID of the local server.

    SETLOCALSID S-1-5-21-x-y-z

    Sets SID for the local server to the specified SID.

    GETDOMAINSID

    Prints the local machine SID and the SID of the current +domain.

    SETDOMAINSID

    Sets the SID of the current domain.

    GROUPMAP

    Manage the mappings between Windows group SIDs and UNIX groups. Common options include:

    • unixgroup - Name of the UNIX group

    • ntgroup - Name of the Windows NT group (must be resolvable to a SID

    • rid - Unsigned 32-bit integer

    • sid - Full SID in the form of "S-1-..."

    • type - Type of the group; either 'domain', 'local', - or 'builtin'

    • comment - Freeform text description of the group

    GROUPMAP ADD

    + or 'builtin'

  • comment - Freeform text description of the group

    • GROUPMAP ADD

    Add a new group mapping entry: 

     net groupmap add {rid=int|sid=string} unixgroup=string \
 	[type={domain|local}] [ntgroup=string] [comment=string]

    -

    GROUPMAP DELETE

    Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.

    net groupmap delete {ntgroup=string|sid=SID}

    GROUPMAP MODIFY

    Update en existing group entry.

    +

    GROUPMAP DELETE

    Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.

    net groupmap delete {ntgroup=string|sid=SID}

    GROUPMAP MODIFY

    Update en existing group entry.

     net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
        [comment=string] [type={domain|local}]

    -

    GROUPMAP LIST

    List existing group mapping entries.

    net groupmap list [verbose] [ntgroup=string] [sid=SID]

    MAXRID

    Prints out the highest RID currently in use on the local +

    GROUPMAP LIST

    List existing group mapping entries.

    net groupmap list [verbose] [ntgroup=string] [sid=SID]

    MAXRID

    Prints out the highest RID currently in use on the local server (by the active 'passdb backend'). -

    RPC INFO

    Print information about the domain of the remote server, +

    RPC INFO

    Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups. -

    [RPC|ADS] TESTJOIN

    Check whether participation in a domain is still valid.

    [RPC|ADS] CHANGETRUSTPW

    Force change of domain trust password.

    RPC TRUSTDOM

    RPC TRUSTDOM ADD DOMAIN

    Add a interdomain trust account for DOMAIN. +

    [RPC|ADS] TESTJOIN

    Check whether participation in a domain is still valid.

    [RPC|ADS] CHANGETRUSTPW

    Force change of domain trust password.

    RPC TRUSTDOM

    RPC TRUSTDOM ADD DOMAIN

    Add a interdomain trust account for DOMAIN. This is in fact a Samba account named DOMAIN$ with the account flag 'I' (interdomain trust account). If the command is used against localhost it has the same effect as smbpasswd -a -i DOMAIN. Please note that both commands expect a appropriate UNIX account. -

    RPC TRUSTDOM DEL DOMAIN

    Remove interdomain trust account for +

    RPC TRUSTDOM DEL DOMAIN

    Remove interdomain trust account for DOMAIN. If it is used against localhost it has the same effect as smbpasswd -x DOMAIN$. -

    RPC TRUSTDOM ESTABLISH DOMAIN

    +

    RPC TRUSTDOM ESTABLISH DOMAIN

    Establish a trust relationship to a trusting domain. Interdomain account must already be created on the remote PDC. -

    RPC TRUSTDOM REVOKE DOMAIN

    Abandon relationship to trusted domain

    RPC TRUSTDOM LIST

    List all current interdomain trust relationships.

    RPC RIGHTS

    This subcommand is used to view and manage Samba's rights assignments (also +

    RPC TRUSTDOM REVOKE DOMAIN

    Abandon relationship to trusted domain

    RPC TRUSTDOM LIST

    List all current interdomain trust relationships.

    RPC RIGHTS

    This subcommand is used to view and manage Samba's rights assignments (also referred to as privileges). There are three options currently available: list, grant, and revoke. More details on Samba's privilege model and its use -can be found in the Samba-HOWTO-Collection.

    RPC ABORTSHUTDOWN

    Abort the shutdown of a remote server.

    RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]

    Shut down the remote server.

    -r

    +can be found in the Samba-HOWTO-Collection.

    RPC ABORTSHUTDOWN

    Abort the shutdown of a remote server.

    RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]

    Shut down the remote server.

    -r

    Reboot after shutdown.

    -f

    Force shutting down all applications. @@ -164,21 +164,21 @@ Force shutting down all applications. Timeout before system will be shut down. An interactive user of the system can use this time to cancel the shutdown.

    -C message

    Display the specified message on the screen to -announce the shutdown.

    RPC SAMDUMP

    Print out sam database of remote server. You need -to run this against the PDC, from a Samba machine joined as a BDC.

    RPC VAMPIRE

    Export users, aliases and groups from remote server to +announce the shutdown.

    RPC SAMDUMP

    Print out sam database of remote server. You need +to run this against the PDC, from a Samba machine joined as a BDC.

    RPC VAMPIRE

    Export users, aliases and groups from remote server to local server. You need to run this against the PDC, from a Samba machine joined as a BDC. -

    RPC GETSID

    Fetch domain SID and store it in the local secrets.tdb.

    ADS LEAVE

    Make the remote host leave the domain it is part of.

    ADS STATUS

    Print out status of machine account of the local machine in ADS. +

    RPC GETSID

    Fetch domain SID and store it in the local secrets.tdb.

    ADS LEAVE

    Make the remote host leave the domain it is part of.

    ADS STATUS

    Print out status of machine account of the local machine in ADS. Prints out quite some debug info. Aimed at developers, regular -users should use NET ADS TESTJOIN.

    ADS PRINTER

    ADS PRINTER INFO [PRINTER] [SERVER]

    +users should use NET ADS TESTJOIN.

    ADS PRINTER

    ADS PRINTER INFO [PRINTER] [SERVER]

    Lookup info for PRINTER on SERVER. The printer name defaults to "*", the -server name defaults to the local host.

    ADS PRINTER PUBLISH PRINTER

    Publish specified printer using ADS.

    ADS PRINTER REMOVE PRINTER

    Remove specified printer from ADS directory.

    ADS SEARCH EXPRESSION ATTRIBUTES...

    Perform a raw LDAP search on a ADS server and dump the results. The +server name defaults to the local host.

    ADS PRINTER PUBLISH PRINTER

    Publish specified printer using ADS.

    ADS PRINTER REMOVE PRINTER

    Remove specified printer from ADS directory.

    ADS SEARCH EXPRESSION ATTRIBUTES...

    Perform a raw LDAP search on a ADS server and dump the results. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results.

    Example: net ads search '(objectCategory=group)' sAMAccountName -

    ADS DN DN (attributes)

    +

    ADS DN DN (attributes)

    Perform a raw LDAP search on a ADS server and dump the results. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result. -

    Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

    ADS WORKGROUP

    Print out workgroup name for specified kerberos realm.

    SAM CREATEBUILTINGROUP <NAME>

    +

    Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

    ADS WORKGROUP

    Print out workgroup name for specified kerberos realm.

    SAM CREATEBUILTINGROUP <NAME>

    (Re)Create a BUILTIN group. Only a wellknown set of BUILTIN groups can be created with this command. This is the list of currently recognized group names: Administrators, @@ -188,78 +188,78 @@ compatible Access. This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

    SAM CREATELOCALGROUP <NAME>

    +

    SAM CREATELOCALGROUP <NAME>

    Create a LOCAL group (also known as Alias). This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

    SAM DELETELOCALGROUP <NAME>

    +

    SAM DELETELOCALGROUP <NAME>

    Delete an existing LOCAL group (also known as Alias). -

    SAM MAPUNIXGROUP <NAME>

    +

    SAM MAPUNIXGROUP <NAME>

    Map an existing Unix group and make it a Domain Group, the domain group will have the same name. -

    SAM UNMAPUNIXGROUP <NAME>

    +

    SAM UNMAPUNIXGROUP <NAME>

    Remove an existing group mapping entry. -

    SAM ADDMEM <GROUP> <MEMBER>

    +

    SAM ADDMEM <GROUP> <MEMBER>

    Add a member to a Local group. The group can be specified only by name, the member can be specified by name or SID. -

    SAM DELMEM <GROUP> <MEMBER>

    +

    SAM DELMEM <GROUP> <MEMBER>

    Remove a member from a Local group. The group and the member must be specified by name. -

    SAM LISTMEM <GROUP>

    +

    SAM LISTMEM <GROUP>

    List Local group members. The group must be specified by name. -

    SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

    +

    SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

    List the specified set of accounts by name. If verbose is specified, the rid and description is also provided for each account. -

    SAM SHOW <NAME>

    +

    SAM SHOW <NAME>

    Show the full DOMAIN\\NAME the SID and the type for the corresponding account. -

    SAM SET HOMEDIR <NAME> <DIRECTORY>

    +

    SAM SET HOMEDIR <NAME> <DIRECTORY>

    Set the home directory for a user account. -

    SAM SET PROFILEPATH <NAME> <PATH>

    +

    SAM SET PROFILEPATH <NAME> <PATH>

    Set the profile path for a user account. -

    SAM SET COMMENT <NAME> <COMMENT>

    +

    SAM SET COMMENT <NAME> <COMMENT>

    Set the comment for a user or group account. -

    SAM SET FULLNAME <NAME> <FULL NAME>

    +

    SAM SET FULLNAME <NAME> <FULL NAME>

    Set the full name for a user account. -

    SAM SET LOGONSCRIPT <NAME> <SCRIPT>

    +

    SAM SET LOGONSCRIPT <NAME> <SCRIPT>

    Set the logon script for a user account. -

    SAM SET HOMEDRIVE <NAME> <DRIVE>

    +

    SAM SET HOMEDRIVE <NAME> <DRIVE>

    Set the home drive for a user account. -

    SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>

    +

    SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>

    Set the workstations a user account is allowed to log in from. -

    SAM SET DISABLE <NAME>

    +

    SAM SET DISABLE <NAME>

    Set the "disabled" flag for a user account. -

    SAM SET PWNOTREQ <NAME>

    +

    SAM SET PWNOTREQ <NAME>

    Set the "password not required" flag for a user account. -

    SAM SET AUTOLOCK <NAME>

    +

    SAM SET AUTOLOCK <NAME>

    Set the "autolock" flag for a user account. -

    SAM SET PWNOEXP <NAME>

    +

    SAM SET PWNOEXP <NAME>

    Set the "password do not expire" flag for a user account. -

    SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]

    +

    SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]

    Set or unset the "password must change" flag for a user account. -

    SAM POLICY LIST

    +

    SAM POLICY LIST

    List the available account policies. -

    SAM POLICY SHOW <account policy>

    +

    SAM POLICY SHOW <account policy>

    Show the account policy value. -

    SAM POLICY SET <account policy> <value>

    +

    SAM POLICY SET <account policy> <value>

    Set a value for the account policy. Valid values can be: "forever", "never", "off", or a number. -

    SAM PROVISION

    +

    SAM PROVISION

    Only available if ldapsam:editposix is set and winbindd is running. Properly populates the ldap tree with the basic accounts (Administrator) and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree. -

    IDMAP DUMP <local tdb file name>

    +

    IDMAP DUMP <local tdb file name>

    Dumps the mappings contained in the local tdb file specified. This command is useful to dump only the mappings produced by the idmap_tdb backend. -

    IDMAP RESTORE [input file]

    +

    IDMAP RESTORE [input file]

    Restore the mappings from the specified file or stdin. -

    IDMAP SECRET <DOMAIN>|ALLOC <secret>

    +

    IDMAP SECRET <DOMAIN>|ALLOC <secret>

    Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server. -

    USERSHARE

    Starting with version 3.0.23, a Samba server now supports the ability for +

    USERSHARE

    Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user defined shares to be exported using the "net usershare" commands.

    @@ -288,7 +288,7 @@ can create user defined shares on demand using the commands below.

    net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.
    net usershare delete sharename - to delete a user defined share.
    net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.
    net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.

    -

    USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]

    +

    USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]

    Add or replace a new user defined share, with name "sharename".

    "path" specifies the absolute pathname on the system to be exported. @@ -325,11 +325,11 @@ sharename as the one you wish to modify and specify the new options you wish. The Samba smbd daemon notices user defined share modifications at connect time so will see the change immediately, there is no need to restart smbd on adding, deleting or changing a user defined share. -

    USERSHARE DELETE sharename

    +

    USERSHARE DELETE sharename

    Deletes the user defined share by name. The Samba smbd daemon immediately notices this change, although it will not disconnect any users currently connected to the deleted share. -

    USERSHARE INFO [-l|--long] [wildcard sharename]

    +

    USERSHARE INFO [-l|--long] [wildcard sharename]

    Get info on user defined shares owned by the current user matching the given pattern, or all users.

    net usershare info on its own dumps out info on the user defined shares that were @@ -348,7 +348,7 @@ guest_ok=n And is a list of the current settings of the user defined share that can be modified by the "net usershare add" command. -

    USERSHARE LIST [-l|--long] wildcard sharename

    +

    USERSHARE LIST [-l|--long] wildcard sharename

    List all the user defined shares owned by the current user matching the given pattern, or all users.

    net usershare list on its own list out the names of the user defined shares that were @@ -356,7 +356,7 @@ created by the current user, or restricts the list to share names that match the wildcard pattern ('*' matches one or more characters, '?' matches only one character). If the '-l' or '--long' option is also given, it includes the names of user defined shares created by other users. -

    CONF

    Starting with version 3.2.0, a Samba server can be configured by data +

    CONF

    Starting with version 3.2.0, a Samba server can be configured by data stored in registry. This configuration data can be edited with the new "net conf" commands.

    @@ -364,18 +364,18 @@ The deployment of this configuration data can be activated in two levels from th smb.conf file: Share definitions from registry are activated by setting registry shares to “yes” in the [global] section and global configuration options are -activated by setting include = registry in +activated by setting include = registry in the [global] section. -See the smb.conf(5) manpage for details. +See the smb.conf(5) manpage for details.

    The conf commands are:

    net conf list - Dump the complete configuration in smb.conf like format.
    net conf import - Import configuration from file in smb.conf format.
    net conf listshares - List the registry shares.
    net conf drop - Delete the complete configuration from registry.
    net conf showshare - Show the definition of a registry share.
    net conf addshare - Create a new registry share.
    net conf delshare - Delete a registry share.
    net conf setparm - Store a parameter.
    net conf getparm - Retrieve the value of a parameter.
    net conf delparm - Delete a parameter.

    -

    CONF LIST

    +

    CONF LIST

    Print the configuration data stored in the registry in a smb.conf-like format to standard output. -

    CONF IMPORT [--test|-T] filename [section]

    +

    CONF IMPORT [--test|-T] filename [section]

    This command imports configuration from a file in smb.conf format. If a section encountered in the input file is present in registry, its contents is replaced. Sections of registry configuration that have @@ -385,32 +385,32 @@ Optionally, a section may be specified to restrict the effect of the import command to that specific section. A test mode is enabled by specifying the parameter "-T" on the commandline. In test mode, no changes are made to the registry, and the resulting configuration is printed to standard output instead. -

    CONF LISTSHARES

    +

    CONF LISTSHARES

    List the names of the shares defined in registry. -

    CONF DROP

    +

    CONF DROP

    Delete the complete configuration data from registry. -

    CONF SHOWSHARE sharename

    +

    CONF SHOWSHARE sharename

    Show the definition of the share or section specified. It is valid to specify "global" as sharename to retrieve the global configuration options from registry. -

    CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N} [comment]]]

    Create a new share definition in registry. +

    CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N} [comment]]]

    Create a new share definition in registry. The sharename and path have to be given. The share name may not be "global". Optionally, values for the very common options "writeable", "guest ok" and a "comment" may be specified. The same result may be obtained by a sequence of "net conf setparm" commands. -

    CONF DELSHARE sharename

    +

    CONF DELSHARE sharename

    Delete a share definition from registry. -

    CONF SETPARM section parameter value

    +

    CONF SETPARM section parameter value

    Store a parameter in registry. The section may be global or a sharename. The section is created if it does not exist yet. -

    CONF GETPARM section parameter

    +

    CONF GETPARM section parameter

    Show a parameter stored in registry. -

    CONF DELPARM section parameter

    +

    CONF DELPARM section parameter

    Delete a parameter stored in registry. -

    -

    HELP [COMMAND]

    Gives usage information for the specified command.

    VERSION

    This man page is complete for version 3.0 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    +

    HELP [COMMAND]

    Gives usage information for the specified command.

    VERSION

    This man page is complete for version 3.0 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The net manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/nmbd.8.html b/docs/htmldocs/manpages/nmbd.8.html index 4d8a2f8bf2..33b08267b3 100644 --- a/docs/htmldocs/manpages/nmbd.8.html +++ b/docs/htmldocs/manpages/nmbd.8.html @@ -1,5 +1,5 @@ -nmbd

    Name

    nmbd — NetBIOS name server to provide NetBIOS - over IP naming services to clients

    Synopsis

    nmbd [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-p <port number>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    nmbd is a server that understands +nmbd

    Name

    nmbd — NetBIOS name server to provide NetBIOS + over IP naming services to clients

    Synopsis

    nmbd [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-p <port number>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    nmbd is a server that understands and can reply to NetBIOS over IP name service requests, like those produced by SMB/CIFS clients such as Windows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager clients. It also @@ -11,18 +11,18 @@ specified it will respond with the IP number of the host it is running on. Its "own NetBIOS name" is by default the primary DNS name of the host it is running on, - but this can be overridden by the netbios name + but this can be overridden by the netbios name in smb.conf. Thus nmbd will reply to broadcast queries for its own name(s). Additional names for nmbd to respond on can be set - via parameters in the smb.conf(5) configuration file.

    nmbd can also be used as a WINS + via parameters in the smb.conf(5) configuration file.

    nmbd can also be used as a WINS (Windows Internet Name Server) server. What this basically means is that it will act as a WINS database server, creating a database from name registration requests that it receives and replying to queries from clients for these names.

    In addition, nmbd can act as a WINS proxy, relaying broadcast queries from clients that do not understand how to talk the WINS protocol to a WINS - server.

    OPTIONS

    -D

    If specified, this parameter causes + server.

    OPTIONS

    -D

    If specified, this parameter causes nmbd to operate as a daemon. That is, it detaches itself and runs in the background, fielding requests on the appropriate port. By default, nmbd @@ -51,7 +51,7 @@

    -H <filename>

    NetBIOS lmhosts file. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name - resolution mechanism name resolve order described in smb.conf(5) to resolve any + resolution mechanism name resolve order described in smb.conf(5) to resolve any NetBIOS name queries needed by the server. Note that the contents of this file are NOT used by nmbd to answer any name queries. @@ -60,7 +60,7 @@ Samba as part of the build process. Common defaults are /usr/local/samba/lib/lmhosts, /usr/samba/lib/lmhosts or - /etc/samba/lmhosts. See the lmhosts(5) man page for details on the contents of this file.

    -d|--debuglevel=level

    level is an integer + /etc/samba/lmhosts. See the lmhosts(5) man page for details on the contents of this file.

    -d|--debuglevel=level

    level is an integer from 0 to 10. The default value if this parameter is not specified is 0.

    The higher this value, the more detail will be logged to the log files about the activities of the @@ -72,7 +72,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -88,7 +88,7 @@ log.smbd, etc...). The log file is never removed by the client. This option changes the default UDP port number (normally 137) that nmbd responds to name queries on. Don't use this option unless you are an expert, in which case you - won't need help!

    FILES

    /etc/inetd.conf

    If the server is to be run by the + won't need help!

    FILES

    /etc/inetd.conf

    If the server is to be run by the inetd meta-daemon, this file must contain suitable startup information for the meta-daemon. @@ -100,22 +100,22 @@ log.smbd, etc...). The log file is never removed by the client. must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp).

    /usr/local/samba/lib/smb.conf

    This is the default location of - the smb.conf(5) server + the smb.conf(5) server configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/samba/smb.conf.

    When run as a WINS server (see the - wins support - parameter in the smb.conf(5) man page), + wins support + parameter in the smb.conf(5) man page), nmbd will store the WINS database in the file wins.dat in the var/locks directory configured under wherever Samba was configured to install itself.

    If nmbd is acting as a - browse master (see the local master - parameter in the smb.conf(5) man page, nmbd + browse master (see the local master + parameter in the smb.conf(5) man page, nmbd will store the browsing database in the file browse.dat in the var/locks directory configured under wherever Samba was configured to install itself. -

    SIGNALS

    To shut down an nmbd process it is recommended +

    SIGNALS

    To shut down an nmbd process it is recommended that SIGKILL (-9) NOT be used, except as a last resort, as this may leave the name database in an inconsistent state. The correct way to terminate nmbd is to send it @@ -126,21 +126,21 @@ log.smbd, etc...). The log file is never removed by the client. under wherever Samba was configured to install itself). This will also cause nmbd to dump out its server database in the log.nmb file.

    The debug log level of nmbd may be raised or lowered - using smbcontrol(1) (SIGUSR[1|2] signals + using smbcontrol(1) (SIGUSR[1|2] signals are no longer used since Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running - at a normally low log level.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    - inetd(8), smbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the Internet + at a normally low log level.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    + inetd(8), smbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the Internet RFC's rfc1001.txt, rfc1002.txt. In addition the CIFS (formerly SMB) specification is available - as a link from the Web page - http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities + as a link from the Web page + http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook diff --git a/docs/htmldocs/manpages/nmblookup.1.html b/docs/htmldocs/manpages/nmblookup.1.html index d4084372ad..aa64c32094 100644 --- a/docs/htmldocs/manpages/nmblookup.1.html +++ b/docs/htmldocs/manpages/nmblookup.1.html @@ -1,9 +1,9 @@ -nmblookup

    Name

    nmblookup — NetBIOS over TCP/IP client used to lookup NetBIOS - names

    Synopsis

    nmblookup [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] [-f] {name}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    nmblookup is used to query NetBIOS names +nmblookup

    Name

    nmblookup — NetBIOS over TCP/IP client used to lookup NetBIOS + names

    Synopsis

    nmblookup [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] [-f] {name}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    nmblookup is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine. All queries - are done over UDP.

    OPTIONS

    -M

    Searches for a master browser by looking + are done over UDP.

    OPTIONS

    -M

    Searches for a master browser by looking up the NetBIOS name name with a type of 0x1d. If name is "-" then it does a lookup on the special name @@ -24,11 +24,11 @@ where it ignores the source port of the requesting packet and only replies to UDP port 137. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and - in addition, if the nmbd(8) daemon is running on this machine it also binds to this port. + in addition, if the nmbd(8) daemon is running on this machine it also binds to this port.

    -A

    Interpret name as an IP Address and do a node status query on this address.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -i <scope>

    This specifies a NetBIOS scope that @@ -48,8 +48,8 @@ options.

    -h|--help

    Print a sum

    -B <broadcast address>

    Send the query to the given broadcast address. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as - either auto-detected or defined in the interfaces - parameter of the smb.conf(5) file. + either auto-detected or defined in the interfaces + parameter of the smb.conf(5) file.

    -U <unicast address>

    Do a unicast query to the specified address or host unicast address. This option (along with the -R option) is needed to @@ -65,7 +65,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -88,17 +88,17 @@ log.smbd, etc...). The log file is never removed by the client. If a NetBIOS name then the different name types may be specified by appending '#<type>' to the name. This name may also be '*', which will return all registered names within a broadcast - area.

    EXAMPLES

    nmblookup can be used to query + area.

    EXAMPLES

    nmblookup can be used to query a WINS server (in the same way nslookup is used to query DNS servers). To query a WINS server, nmblookup must be called like this:

    nmblookup -U server -R 'name'

    For example, running :

    nmblookup -U samba.org -R 'IRIX#1B'

    would query the WINS server samba.org for the domain - master browser (1B name type) for the IRIX workgroup.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    nmbd(8), samba(7), and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities + master browser (1B name type) for the IRIX workgroup.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nmbd(8), samba(7), and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook diff --git a/docs/htmldocs/manpages/ntlm_auth.1.html b/docs/htmldocs/manpages/ntlm_auth.1.html index 18c77834ed..4a3fee4dc8 100644 --- a/docs/htmldocs/manpages/ntlm_auth.1.html +++ b/docs/htmldocs/manpages/ntlm_auth.1.html @@ -1,18 +1,18 @@ -ntlm_auth

    Name

    ntlm_auth — tool to allow external access to Winbind's NTLM authentication function

    Synopsis

    ntlm_auth [-d debuglevel] [-l logdir] [-s <smb config file>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    ntlm_auth is a helper utility that authenticates +ntlm_auth

    Name

    ntlm_auth — tool to allow external access to Winbind's NTLM authentication function

    Synopsis

    ntlm_auth [-d debuglevel] [-l logdir] [-s <smb config file>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    ntlm_auth is a helper utility that authenticates users using NT/LM authentication. It returns 0 if the users is authenticated successfully and 1 if access was denied. ntlm_auth uses winbind to access the user and authentication data for a domain. This utility is only indended to be used by other programs (currently - Squid - and mod_ntlm_winbind) -

    OPERATIONAL REQUIREMENTS

    - The winbindd(8) daemon must be operational + Squid + and mod_ntlm_winbind) +

    OPERATIONAL REQUIREMENTS

    + The winbindd(8) daemon must be operational for many of these commands to function.

    Some of these commands also require access to the directory winbindd_privileged in $LOCKDIR. This should be done either by running this command as root or providing group access to the winbindd_privileged directory. For - security reasons, this directory should not be world-accessable.

    OPTIONS

    --helper-protocol=PROTO

    + security reasons, this directory should not be world-accessable.

    OPTIONS

    --helper-protocol=PROTO

    Operate as a stdio-based helper. Valid helper protocols are:

    squid-2.4-basic

    Server-side helper for use with Squid 2.4's basic (plaintext) @@ -23,7 +23,7 @@ authentication.

    Requires access to the directory winbindd_privileged in $LOCKDIR. The protocol used is - described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html. + described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the YR command. (Thus avoiding @@ -64,33 +64,33 @@ any data (such as usernames/passwords) that may contain malicous user data, such as a newline. They may also need to decode strings from the helper, which likewise may have been base64 encoded.

    Username

    The username, expected to be in - Samba's unix charset. -

    Example 1. 

    Username: bob


    Example 2. 

    Username:: Ym9i


    Username

    The user's domain, expected to be in - Samba's unix charset. -

    Example 3. 

    Domain: WORKGROUP


    Example 4. 

    Domain:: V09SS0dST1VQ


    Full-Username

    The fully qualified username, expected to be in - Samba's and qualified with the - winbind separator. -

    Example 5. 

    Full-Username: WORKGROUP\bob


    Example 6. 

    Full-Username:: V09SS0dST1VQYm9i


    LANMAN-Challenge

    The 8 byte LANMAN Challenge value, + Samba's unix charset. +

    Example 1. 

    Username: bob


    Example 2. 

    Username:: Ym9i


    Username

    The user's domain, expected to be in + Samba's unix charset. +

    Example 3. 

    Domain: WORKGROUP


    Example 4. 

    Domain:: V09SS0dST1VQ


    Full-Username

    The fully qualified username, expected to be in + Samba's unix charset and qualified with the + winbind separator. +

    Example 5. 

    Full-Username: WORKGROUP\bob


    Example 6. 

    Full-Username:: V09SS0dST1VQYm9i


    LANMAN-Challenge

    The 8 byte LANMAN Challenge value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client. -

    Example 7. 

    LANMAN-Challege: 0102030405060708


    LANMAN-Response

    The 24 byte LANMAN Response value, +

    Example 7. 

    LANMAN-Challege: 0102030405060708


    LANMAN-Response

    The 24 byte LANMAN Response value, calculated from the user's password and the supplied LANMAN Challenge. Typically, this is provided over the network by a client wishing to authenticate. -

    Example 8. 

    LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    NT-Response

    The >= 24 byte NT Response +

    Example 8. 

    LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    NT-Response

    The >= 24 byte NT Response calculated from the user's password and the supplied LANMAN Challenge. Typically, this is provided over the network by a client wishing to authenticate. -

    Example 9. 

    NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    Password

    The user's password. This would be +

    Example 9. 

    NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    Password

    The user's password. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way. -

    Example 10. 

    Password: samba2


    Example 11. 

    Password:: c2FtYmEy


    Request-User-Session-Key

    Apon sucessful authenticaiton, return +

    Example 10. 

    Password: samba2


    Example 11. 

    Password:: c2FtYmEy


    Request-User-Session-Key

    Apon sucessful authenticaiton, return the user session key associated with the login. -

    Example 12. 

    Request-User-Session-Key: Yes


    Request-LanMan-Session-Key

    Apon sucessful authenticaiton, return +

    Example 12. 

    Request-User-Session-Key: Yes


    Request-LanMan-Session-Key

    Apon sucessful authenticaiton, return the LANMAN session key associated with the login. -

    Example 13. 

    Request-LanMan-Session-Key: Yes


    --username=USERNAME

    +

    Example 13. 

    Request-LanMan-Session-Key: Yes


    --username=USERNAME

    Specify username of user to authenticate

    --domain=DOMAIN

    Specify domain of user to authenticate @@ -115,7 +115,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -128,7 +128,7 @@ compile time.

    -l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

    -h|--help

    Print a summary of command line options. -

    EXAMPLE SETUP

    To setup ntlm_auth for use by squid 2.5, with both basic and +

    EXAMPLE SETUP

    To setup ntlm_auth for use by squid 2.5, with both basic and NTLMSSP authentication, the following should be placed in the squid.conf file. 

    @@ -144,13 +144,13 @@ auth_param basic credentialsttl 2 hours
 
     auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users'
 auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'
-

    TROUBLESHOOTING

    If you're experiencing problems with authenticating Internet Explorer running +

    TROUBLESHOOTING

    If you're experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication helper (--helper-protocol=squid-2.5-ntlmssp), then please read - + the Microsoft Knowledge Base article #239869 and follow instructions described there. -

    VERSION

    This man page is correct for version 3.0 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The ntlm_auth manpage was written by Jelmer Vernooij and diff --git a/docs/htmldocs/manpages/pam_winbind.7.html b/docs/htmldocs/manpages/pam_winbind.7.html index 697ecbc784..d6f554373b 100644 --- a/docs/htmldocs/manpages/pam_winbind.7.html +++ b/docs/htmldocs/manpages/pam_winbind.7.html @@ -1,6 +1,6 @@ -pam_winbind

    Name

    pam_winbind — PAM module for Winbind

    DESCRIPTION

    This tool is part of the samba(7) suite.

    +pam_winbind

    Name

    pam_winbind — PAM module for Winbind

    DESCRIPTION

    This tool is part of the samba(7) suite.

    pam_winbind is a PAM module that can authenticate users against the local domain by talking to the Winbind daemon. -

    OPTIONS

    +

    OPTIONS

    pam_winbind supports several options which can either be set in the PAM configuration files or in the pam_winbind configuration @@ -55,7 +55,7 @@

    -

    SEE ALSO

    wbinfo(1), winbindd(8), smb.conf(5)

    VERSION

    This man page is correct for version 3.0 of Samba.

    AUTHOR

    +

    SEE ALSO

    wbinfo(1), winbindd(8), smb.conf(5)

    VERSION

    This man page is correct for version 3 of Samba.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    This manpage was written by Jelmer Vernooij and Guenther Deschner.

    diff --git a/docs/htmldocs/manpages/pdbedit.8.html b/docs/htmldocs/manpages/pdbedit.8.html index 15122a414f..688bffcb2f 100644 --- a/docs/htmldocs/manpages/pdbedit.8.html +++ b/docs/htmldocs/manpages/pdbedit.8.html @@ -1,10 +1,10 @@ -pdbedit

    Name

    pdbedit — manage the SAM database (Database of Samba Users)

    Synopsis

    pdbedit [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-t, --password-from-stdin] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] [-c account-control] [-y]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The pdbedit program is used to manage the users accounts +pdbedit

    Name

    pdbedit — manage the SAM database (Database of Samba Users)

    Synopsis

    pdbedit [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-t, --password-from-stdin] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] [-c account-control] [-y]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.

    The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool).

    There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user - accounts, importing users accounts.

    OPTIONS

    -L

    This option lists all the user accounts + accounts, importing users accounts.

    OPTIONS

    -L

    This option lists all the user accounts present in the users database. This option prints a list of user/uid pairs separated by the ':' character.

    Example: pdbedit -L

    @@ -35,7 +35,7 @@ Profile Path:   \\BERSERKER\profile
 		It will make pdbedit list the users in the database, printing
 		out the account fields in a format compatible with the
 		smbpasswd file format. (see the
-		smbpasswd(5) for details)
    Example: pdbedit -L -w
    +		smbpasswd(5) for details)
    Example: pdbedit -L -w
     sorce:500:508818B733CE64BEAAD3B435B51404EE:
           D2A2418EFC466A8A0F6B1DBB5C3DB80C:
           [UX         ]:LCT-00000000:
@@ -78,7 +78,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
 retype new password
 
    
 
    Note
    pdbedit does not call the unix password syncronisation 
-				script if unix password sync
+				script if unix password sync
 				has been set. It only updates the data in the Samba 
 				user database. 
 			
    If you wish to add a user and synchronise the password
@@ -132,7 +132,7 @@ amounts of log data, and should only be used when
 investigating a problem. Levels above 3 are designed for 
 use only by developers and generate HUGE amounts of log
 data, most of which is extremely cryptic.
    Note that specifying this parameter here will 
-override the  parameter
+override the log level parameter
 in the smb.conf file.
    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -144,8 +144,8 @@ The default configuration file name is determined at compile time.

    -l|--log-basename=logdirectory

    Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. -

    NOTES

    This command may be used only by root.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    smbpasswd(5), samba(7)

    AUTHOR

    The original Samba software and related utilities +

    NOTES

    This command may be used only by root.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbpasswd(5), samba(7)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/profiles.1.html b/docs/htmldocs/manpages/profiles.1.html index c820bcac0f..040a3e0a90 100644 --- a/docs/htmldocs/manpages/profiles.1.html +++ b/docs/htmldocs/manpages/profiles.1.html @@ -1,12 +1,12 @@ -profiles

    Name

    profiles — A utility to report and change SIDs in registry files -

    Synopsis

    profiles [-v] [-c SID] [-n SID] {file}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    profiles is a utility that +profiles

    Name

    profiles — A utility to report and change SIDs in registry files +

    Synopsis

    profiles [-v] [-c SID] [-n SID] {file}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    profiles is a utility that reports and changes SIDs in windows registry files. It currently only supports NT. -

    OPTIONS

    file

    Registry file to view or edit.

    -v,--verbose

    Increases verbosity of messages. +

    OPTIONS

    file

    Registry file to view or edit.

    -v,--verbose

    Increases verbosity of messages.

    -c SID1 -n SID2

    Change all occurences of SID1 in file by SID2.

    -h|--help

    Print a summary of command line options. -

    VERSION

    This man page is correct for version 3.0 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The profiles man page was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/rpcclient.1.html b/docs/htmldocs/manpages/rpcclient.1.html index ef9b4bc532..8fe65f145d 100644 --- a/docs/htmldocs/manpages/rpcclient.1.html +++ b/docs/htmldocs/manpages/rpcclient.1.html @@ -1,11 +1,11 @@ -rpcclient

    Name

    rpcclient — tool for executing client side - MS-RPC functions

    Synopsis

    rpcclient [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logdir] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    rpcclient is a utility initially developed +rpcclient

    Name

    rpcclient — tool for executing client side + MS-RPC functions

    Synopsis

    rpcclient [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logdir] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    rpcclient is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone several stages of development and stability. Many system administrators have now written scripts around it to manage Windows NT clients from - their UNIX workstation.

    OPTIONS

    server

    NetBIOS name of Server to which to connect. + their UNIX workstation.

    OPTIONS

    server

    NetBIOS name of Server to which to connect. The server can be any SMB/CIFS server. The name is - resolved using the name resolve order line from smb.conf(5).

    -c|--command='command string'

    execute semicolon separated commands (listed + resolved using the name resolve order line from smb.conf(5).

    -c|--command='command string'

    execute semicolon separated commands (listed below))

    -I IP-address

    IP address is the address of the server to connect to. It should be specified in standard "a.b.c.d" notation.

    Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name resolution @@ -27,7 +27,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -72,7 +72,7 @@ via the ps command. To be safe always allow rpcclient to prompt for a password and type it in directly.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -i <scope>

    This specifies a NetBIOS scope that @@ -89,11 +89,11 @@ SAM (as opposed to the Domain SAM).

    -O socket op socket. See the socket options parameter in the smb.conf manual page for the list of valid options.

    -h|--help

    Print a summary of command line options. -

    COMMANDS

    LSARPC

    lsaquery

    Query info policy

    lookupsids

    Resolve a list +

    COMMANDS

    LSARPC

    lsaquery

    Query info policy

    lookupsids

    Resolve a list of SIDs to usernames.

    lookupnames

    Resolve a list of usernames to SIDs. -

    enumtrusts

    Enumerate trusted domains

    enumprivs

    Enumerate privileges

    getdispname

    Get the privilege name

    lsaenumsid

    Enumerate the LSA SIDS

    lsaenumprivsaccount

    Enumerate the privileges of an SID

    lsaenumacctrights

    Enumerate the rights of an SID

    lsaenumacctwithright

    Enumerate accounts with a right

    lsaaddacctrights

    Add rights to an account

    lsaremoveacctrights

    Remove rights from an account

    lsalookupprivvalue

    Get a privilege value given its name

    lsaquerysecobj

    Query LSA security object

    LSARPC-DS

    dsroledominfo

    Get Primary Domain Information

    DFS

    dfsexist

    Query DFS support

    dfsadd

    Add a DFS share

    dfsremove

    Remove a DFS share

    dfsgetinfo

    Query DFS share info

    dfsenum

    Enumerate dfs shares

    REG

    shutdown

    Remote Shutdown

    abortshutdown

    Abort Shutdown

    SRVSVC

    srvinfo

    Server query info

    netshareenum

    Enumerate shares

    netfileenum

    Enumerate open files

    netremotetod

    Fetch remote time of day

    SAMR

    queryuser

    Query user info

    querygroup

    Query group info

    queryusergroups

    Query user groups

    querygroupmem

    Query group membership

    queryaliasmem

    Query alias membership

    querydispinfo

    Query display info

    querydominfo

    Query domain info

    enumdomusers

    Enumerate domain users

    enumdomgroups

    Enumerate domain groups

    enumalsgroups

    Enumerate alias groups

    createdomuser

    Create domain user

    samlookupnames

    Look up names

    samlookuprids

    Look up names

    deletedomuser

    Delete domain user

    samquerysecobj

    Query SAMR security object

    getdompwinfo

    Retrieve domain password info

    lookupdomain

    Look up domain

    SPOOLSS

    adddriver <arch> <config> [<version>]

    +

    enumtrusts

    Enumerate trusted domains

    enumprivs

    Enumerate privileges

    getdispname

    Get the privilege name

    lsaenumsid

    Enumerate the LSA SIDS

    lsaenumprivsaccount

    Enumerate the privileges of an SID

    lsaenumacctrights

    Enumerate the rights of an SID

    lsaenumacctwithright

    Enumerate accounts with a right

    lsaaddacctrights

    Add rights to an account

    lsaremoveacctrights

    Remove rights from an account

    lsalookupprivvalue

    Get a privilege value given its name

    lsaquerysecobj

    Query LSA security object

    LSARPC-DS

    dsroledominfo

    Get Primary Domain Information

    DFS

    dfsexist

    Query DFS support

    dfsadd

    Add a DFS share

    dfsremove

    Remove a DFS share

    dfsgetinfo

    Query DFS share info

    dfsenum

    Enumerate dfs shares

    REG

    shutdown

    Remote Shutdown

    abortshutdown

    Abort Shutdown

    SRVSVC

    srvinfo

    Server query info

    netshareenum

    Enumerate shares

    netfileenum

    Enumerate open files

    netremotetod

    Fetch remote time of day

    SAMR

    queryuser

    Query user info

    querygroup

    Query group info

    queryusergroups

    Query user groups

    querygroupmem

    Query group membership

    queryaliasmem

    Query alias membership

    querydispinfo

    Query display info

    querydominfo

    Query domain info

    enumdomusers

    Enumerate domain users

    enumdomgroups

    Enumerate domain groups

    enumalsgroups

    Enumerate alias groups

    createdomuser

    Create domain user

    samlookupnames

    Look up names

    samlookuprids

    Look up names

    deletedomuser

    Delete domain user

    samquerysecobj

    Query SAMR security object

    getdompwinfo

    Retrieve domain password info

    lookupdomain

    Look up domain

    SPOOLSS

    adddriver <arch> <config> [<version>]

    Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should already exist in the directory returned by @@ -178,11 +178,11 @@ Comma Separated list of Files already be correctly installed on the print server.

    See also the enumprinters and enumdrivers commands for obtaining a list of of installed printers and drivers.

    addform

    Add form

    setform

    Set form

    getform

    Get form

    deleteform

    Delete form

    enumforms

    Enumerate form

    setprinter

    Set printer comment

    setprinterdata

    Set REG_SZ printer data

    setprintername <printername> - <newprintername>

    Set printer name

    rffpcnex

    Rffpcnex test

    NETLOGON

    logonctrl2

    Logon Control 2

    logonctrl

    Logon Control

    samsync

    Sam Synchronisation

    samdeltas

    Query Sam Deltas

    samlogon

    Sam Logon

    GENERAL COMMANDS

    debuglevel

    Set the current + <newprintername>

    Set printer name

    rffpcnex

    Rffpcnex test

    NETLOGON

    logonctrl2

    Logon Control 2

    logonctrl

    Logon Control

    samsync

    Sam Synchronisation

    samdeltas

    Query Sam Deltas

    samlogon

    Sam Logon

    GENERAL COMMANDS

    debuglevel

    Set the current debug level used to log information.

    help (?)

    Print a listing of all known commands or extended help on a particular command.

    quit (exit)

    Exit rpcclient - .

    BUGS

    rpcclient is designed as a developer testing tool + .

    BUGS

    rpcclient is designed as a developer testing tool and may not be robust in certain areas (such as command line parsing). It has been known to generate a core dump upon failures when invalid parameters where passed to the interpreter.

    From Luke Leighton's original rpcclient man page:

    WARNING! The MSRPC over SMB code has @@ -192,11 +192,11 @@ Comma Separated list of Files implementation of these services has been demonstrated (and reported) to be... a bit flaky in places.

    The development of Samba's implementation is also a bit rough, and as more of the services are understood, it can even result in - versions of smbd(8) and rpcclient(1) that are incompatible for some commands or services. Additionally, + versions of smbd(8) and rpcclient(1) that are incompatible for some commands or services. Additionally, the developers are sending reports to Microsoft, and problems found or reported to Microsoft are fixed in Service Packs, which may - result in incompatibilities.

    VERSION

    This man page is correct for version 3.0 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities + result in incompatibilities.

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original rpcclient man page was written by Matthew diff --git a/docs/htmldocs/manpages/samba.7.html b/docs/htmldocs/manpages/samba.7.html index 67de3c40fb..aee6b312dc 100644 --- a/docs/htmldocs/manpages/samba.7.html +++ b/docs/htmldocs/manpages/samba.7.html @@ -1,78 +1,78 @@ -samba

    Name

    samba — A Windows SMB/CIFS fileserver for UNIX

    Synopsis

    samba

    DESCRIPTION

    The Samba software suite is a collection of programs +samba

    Name

    samba — A Windows SMB/CIFS fileserver for UNIX

    Synopsis

    samba

    DESCRIPTION

    The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS). For a - more thorough description, see + more thorough description, see http://www.ubiqx.org/cifs/. Samba also implements the NetBIOS - protocol in nmbd.

    smbd(8)

    The smbd daemon provides the file and print services to + protocol in nmbd.

    smbd(8)

    The smbd daemon provides the file and print services to SMB clients, such as Windows 95/98, Windows NT, Windows for Workgroups or LanManager. The configuration file - for this daemon is described in smb.conf(5) -

    nmbd(8)

    The nmbd + for this daemon is described in smb.conf(5) +

    nmbd(8)

    The nmbd daemon provides NetBIOS nameservice and browsing support. The configuration file for this daemon - is described in smb.conf(5)

    smbclient(1)

    The smbclient + is described in smb.conf(5)

    smbclient(1)

    The smbclient program implements a simple ftp-like client. This is useful for accessing SMB shares on other compatible servers (such as Windows NT), and can also be used to allow a UNIX box to print to a printer attached to - any SMB server (such as a PC running Windows NT).

    testparm(1)

    The testparm - utility is a simple syntax checker for Samba's smb.conf(5) configuration file.

    testprns(1)

    The testprns + any SMB server (such as a PC running Windows NT).

    testparm(1)

    The testparm + utility is a simple syntax checker for Samba's smb.conf(5) configuration file.

    testprns(1)

    The testprns utility supports testing printer names defined in your printcap file used - by Samba.

    smbstatus(1)

    The smbstatus + by Samba.

    smbstatus(1)

    The smbstatus tool provides access to information about the - current connections to smbd.

    nmblookup(1)

    The nmblookup + current connections to smbd.

    nmblookup(1)

    The nmblookup tools allows NetBIOS name queries to be made - from a UNIX host.

    smbpasswd(8)

    The smbpasswd + from a UNIX host.

    smbpasswd(8)

    The smbpasswd command is a tool for changing LanMan and Windows NT - password hashes on Samba and Windows NT servers.

    smbcacls(1)

    The smbcacls command is - a tool to set ACL's on remote CIFS servers.

    smbsh(1)

    The smbsh command is + password hashes on Samba and Windows NT servers.

    smbcacls(1)

    The smbcacls command is + a tool to set ACL's on remote CIFS servers.

    smbsh(1)

    The smbsh command is a program that allows you to run a unix shell with - with an overloaded VFS.

    smbtree(1)

    The smbtree command - is a text-based network neighborhood tool.

    smbtar(1)

    The smbtar can make - backups of data on CIFS/SMB servers.

    smbspool(8)

    smbspool is a + with an overloaded VFS.

    smbtree(1)

    The smbtree command + is a text-based network neighborhood tool.

    smbtar(1)

    The smbtar can make + backups of data on CIFS/SMB servers.

    smbspool(8)

    smbspool is a helper utility for printing on printers connected - to CIFS servers.

    smbcontrol(1)

    smbcontrol is a utility + to CIFS servers.

    smbcontrol(1)

    smbcontrol is a utility that can change the behaviour of running samba daemons. -

    rpcclient(1)

    rpcclient is a utility +

    rpcclient(1)

    rpcclient is a utility that can be used to execute RPC commands on remote - CIFS servers.

    pdbedit(8)

    The pdbedit command + CIFS servers.

    pdbedit(8)

    The pdbedit command can be used to maintain the local user database on - a samba server.

    findsmb(1)

    The findsmb command + a samba server.

    findsmb(1)

    The findsmb command can be used to find SMB servers on the local network. -

    net(8)

    The net command +

    net(8)

    The net command is supposed to work similar to the DOS/Windows - NET.EXE command.

    swat(8)

    swat is a web-based + NET.EXE command.

    swat(8)

    swat is a web-based interface to configuring smb.conf. -

    winbindd(8)

    winbindd is a daemon +

    winbindd(8)

    winbindd is a daemon that is used for integrating authentication and - the user database into unix.

    wbinfo(1)

    wbinfo is a utility + the user database into unix.

    wbinfo(1)

    wbinfo is a utility that retrieves and stores information related to winbind. -

    profiles(1)

    profiles is a command-line +

    profiles(1)

    profiles is a command-line utility that can be used to replace all occurences of a certain SID with another SID. -

    log2pcap(1)

    log2pcap is a utility +

    log2pcap(1)

    log2pcap is a utility for generating pcap trace files from Samba log - files.

    vfstest(1)

    vfstest is a utility - that can be used to test vfs modules.

    ntlm_auth(1)

    ntlm_auth is a helper-utility + files.

    vfstest(1)

    vfstest is a utility + that can be used to test vfs modules.

    ntlm_auth(1)

    ntlm_auth is a helper-utility for external programs wanting to do NTLM-authentication.

    -smbmount(8), -smbumount(8), -smbmnt(8)

    smbmount,smbumount and smbmnt are commands that can be used to +smbmount(8), +smbumount(8), +smbmnt(8)

    smbmount,smbumount and smbmnt are commands that can be used to mount CIFS/SMB shares on Linux. -

    smbcquotas(1)

    smbcquotas is a tool that - can set remote QUOTA's on server with NTFS 5.

    COMPONENTS

    The Samba suite is made up of several components. Each +

    smbcquotas(1)

    smbcquotas is a tool that + can set remote QUOTA's on server with NTFS 5.

    COMPONENTS

    The Samba suite is made up of several components. Each component is described in a separate manual page. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use. If the manual pages and documents aren't clear enough then please visit - http://devel.samba.org + http://devel.samba.org for information on how to file a bug report or submit a patch.

    If you require help, visit the Samba webpage at - http://www.samba.org/ and + http://www.samba.org/ and explore the many option available to you. -

    AVAILABILITY

    The Samba software suite is licensed under the +

    AVAILABILITY

    The Samba software suite is licensed under the GNU Public License(GPL). A copy of that license should have come with the package in the file COPYING. You are encouraged to distribute copies of the Samba suite, but @@ -80,33 +80,33 @@ obtained via anonymous ftp from samba.org in the directory pub/samba/. It is also available on several mirror sites worldwide.

    You may also find useful information about Samba - on the newsgroup + on the newsgroup comp.protocol.smb and the Samba mailing list. Details on how to join the mailing list are given in the README file that comes with Samba.

    If you have access to a WWW viewer (such as Mozilla or Konqueror) then you will also find lots of useful information, including back issues of the Samba mailing list, at - http://lists.samba.org.

    VERSION

    This man page is correct for version 3.0 of the - Samba suite.

    CONTRIBUTIONS

    If you wish to contribute to the Samba project, + http://lists.samba.org.

    VERSION

    This man page is correct for version 3 of the + Samba suite.

    CONTRIBUTIONS

    If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list at - http://lists.samba.org. + http://lists.samba.org.

    If you have patches to submit, visit - http://devel.samba.org/ + http://devel.samba.org/ for information on how to do it properly. We prefer patches - in diff -u format.

    CONTRIBUTORS

    Contributors to the project are now too numerous + in diff -u format.

    CONTRIBUTORS

    Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users. To see a full list, look at the change-log in the source package - for the pre-CVS changes and at + for the pre-CVS changes and at http://cvs.samba.org/ for the contributors to Samba post-CVS. CVS is the Open Source source code control system used by the Samba Team to develop - Samba. The project would have been unmanageable without it.

    AUTHOR

    The original Samba software and related utilities + Samba. The project would have been unmanageable without it.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML diff --git a/docs/htmldocs/manpages/smb.conf.5.html b/docs/htmldocs/manpages/smb.conf.5.html index bd1675c385..929328eab2 100644 --- a/docs/htmldocs/manpages/smb.conf.5.html +++ b/docs/htmldocs/manpages/smb.conf.5.html @@ -1,7 +1,7 @@ -smb.conf

    Name

    smb.conf — The configuration file for the Samba suite

    SYNOPSIS

    +smb.conf

    Name

    smb.conf — The configuration file for the Samba suite

    SYNOPSIS

    The smb.conf file is a configuration file for the Samba suite. smb.conf contains runtime configuration information for the Samba programs. The smb.conf file is designed to be configured and administered by the - swat(8) program. The + swat(8) program. The complete description of the file format and possible parameters held within are here for reference purposes.

    FILE FORMAT

    The file consists of sections and parameters. A section begins with the name of the section in square brackets @@ -26,7 +26,7 @@ The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved in string values. Some items such as create masks are numeric. -

    SECTION DESCRIPTIONS

    +

    SECTION DESCRIPTIONS

    Each section in the configuration file (except for the [global] section) describes a shared resource (known as a “share”). The section name is the name of the shared resource and the parameters within the section define the shares attributes. @@ -55,8 +55,8 @@ The following sample section defines a file space share. The user has write access to the path /home/bar. The share is accessed via the share name foo: 

     	[foo]
-	path = /home/bar
-	read only = no
+	path = /home/bar
+	read only = no

    The following sample section defines a printable share. The share is read-only, but printable. That is, @@ -64,12 +64,12 @@ ok parameter means access will be permitted as the default guest user (specified elsewhere): 

     	[aprinter]
-	path = /usr/spool/public
-	read only = yes
-	printable = yes
-	guest ok = yes
+	path = /usr/spool/public
+	read only = yes
+	printable = yes
+	guest ok = yes

    -

    SPECIAL SECTIONS

    The [global] section

    +

    SPECIAL SECTIONS

    The [global] section

    Parameters in this section apply to the server as a whole, or are defaults for sections that do not specifically define certain items. See the notes under PARAMETERS for more information.

    The [homes] section

    @@ -105,7 +105,7 @@ than others. The following is a typical and suitable [homes] section: 

     [homes]
-read only = no
+read only = no

    An important point is that if guest access is specified in the [homes] section, all home directories will be @@ -137,9 +137,9 @@ it. A typical [printers] entry looks like this: 

     [printers]
-path = /usr/spool/public
-guest ok = yes
-printable = yes
+path = /usr/spool/public
+guest ok = yes
+printable = yes

    All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. @@ -160,7 +160,7 @@ alias|alias|alias|alias... On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use printcap name = lpstat to automatically obtain a list of printers. See the printcap name option for more details. -

    USERSHARES

    Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete +

    USERSHARES

    Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete their own share definitions has been added. This capability is called usershares and is controlled by a set of parameters in the [global] section of the smb.conf. The relevant parameters are : @@ -178,13 +178,13 @@ chmod 1770 /usr/local/samba/lib/usershares

    Then add the parameters 

    -	usershare path = /usr/local/samba/lib/usershares
-	usershare max shares = 10 # (or the desired number of shares)
+	usershare path = /usr/local/samba/lib/usershares
+	usershare max shares = 10 # (or the desired number of shares)

    to the global section of your smb.conf. Members of the group foo may then manipulate the user defined shares - using the following commands.

    net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]

    To create or modify (overwrite) a user defined share.

    net usershare delete sharename

    To delete a user defined share.

    net usershare list wildcard-sharename

    To list user defined shares.

    net usershare info wildcard-sharename

    To print information about user defined shares.

    PARAMETERS

    Parameters define the specific attributes of sections.

    + using the following commands.

    net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]

    To create or modify (overwrite) a user defined share.

    net usershare delete sharename

    To delete a user defined share.

    net usershare list wildcard-sharename

    To list user defined shares.

    net usershare info wildcard-sharename

    To print information about user defined shares.

    PARAMETERS

    Parameters define the specific attributes of sections.

    Some parameters are specific to the [global] section (e.g., security). Some parameters are usable in all sections (e.g., create mask). All others are permissible only in normal sections. For the purposes of the following descriptions the [homes] and [printers] sections will be @@ -196,7 +196,7 @@ chmod 1770 /usr/local/samba/lib/usershares Parameters are arranged here in alphabetical order - this may not create best bedfellows, but at least you can find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred synonym. -

    VARIABLE SUBSTITUTIONS

    +

    VARIABLE SUBSTITUTIONS

    Many of the strings that are settable in the config file can take substitutions. For example the option “path = /tmp/%u” is interpreted as “path = /tmp/john” if the user connected with the username john. @@ -214,14 +214,19 @@ chmod 1770 /usr/local/samba/lib/usershares

    %M

    the Internet name of the client machine.

    %R

    the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1.

    %d

    the process id of the current server - process.

    %a

    the architecture of the remote - machine. It currently recognizes Samba (Samba), - the Linux CIFS file system (CIFSFS), OS/2, (OS2), - Windows for Workgroups (WfWg), Windows 9x/ME - (Win95), Windows NT (WinNT), - Windows 2000 (Win2K), Windows XP (WinXP), - and Windows 2003 (Win2K3). Anything else will be known as - UNKNOWN.

    %I

    the IP address of the client machine.

    %i

    the local IP address to which a client connected.

    %T

    the current date and time.

    %D

    name of the domain or workgroup of the current user.

    %w

    the winbind separator.

    %$(envvar)

    the value of the environment variable + process.

    %a

    + The architecture of the remote + machine. It currently recognizes Samba (Samba), + the Linux CIFS file system (CIFSFS), OS/2, (OS2), + Windows for Workgroups (WfWg), Windows 9x/ME + (Win95), Windows NT (WinNT), + Windows 2000 (Win2K), + Windows XP (WinXP), + Windows XP 64-bit(WinXP64), + Windows 2003 including + 2003R2 (Win2K3), and Windows + Vista (Vista). Anything else will be known as + UNKNOWN.

    %I

    the IP address of the client machine.

    %i

    the local IP address to which a client connected.

    %T

    the current date and time.

    %D

    name of the domain or workgroup of the current user.

    %w

    the winbind separator.

    %$(envvar)

    the value of the environment variable envar.

    The following substitutes apply only to some configuration options (only those that are used when a connection has been established): @@ -253,8 +258,8 @@ chmod 1770 /usr/local/samba/lib/usershares

    default case = upper/lower

    controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem). Default lower. IMPORTANT NOTE: This option will be used to modify the case of - all incoming client filenames, not just new filenames if the options case sensitive = yes, preserve case = No, - short preserve case = No are set. This change is needed as part of the + all incoming client filenames, not just new filenames if the options case sensitive = yes, preserve case = No, + short preserve case = No are set. This change is needed as part of the optimisations for directories containing large numbers of files.

    preserve case = yes/no

    controls whether new files (ie. files that don't currently exist in the filesystem) are created with the case @@ -300,59 +305,74 @@ chmod 1770 /usr/local/samba/lib/usershares

  • If the service is a guest service, a connection is made as the username given in the guest account = for the service, irrespective of the supplied password. -

    • REGISTRY-BASED CONFIGURATION

    +

    REGISTRY-BASED CONFIGURATION

    Starting with Samba version 3.2.0, the capability to store Samba configuration in the registry is available. + The configuration is stored in the registry key + HKLM\Software\Samba\smbconf. There are two levels of registry configuration:

    1. Share definitions stored in registry are used. This is triggered by setting the global - parameter registry shares to “yes” - in smb.conf. -

      Note: Shares defined in smb.conf - always take priority over - shares of the same name defined in registry. -

    2. Global smb.conf options stored in - registry are used. This is triggered by the - parameter config backend = registry in - the [global] section of smb.conf. - This removes everything that has been read from config files + parameter registry shares + to “yes” in smb.conf. +

      The registry shares are loaded not at startup but + on demand at runtime by smbd. + Shares defined in smb.conf take + priority over shares of the same name defined in + registry.

    3. Global smb.conf + options stored in registry are used. This can be activated + in two different ways:

      Firstly, a registry only configuration is triggered + by setting + config backend = registry + in the [global] section of smb.conf. + This resets everything that has been read from config files to this point and reads the content of the global configuration section from the registry. - Activation of global registry options automatically - activates registry shares. In this case, no share definitions - from smb.conf are read: This is a registry only configuration - with the advantage that share definitions are not read - in a bulk at startup time but on demand when a share is - accessed. -

    - Caveat: To make registry-based configurations foolproof at least to a - certain extent, the use - of lock directory, - config backend, and - include inside the registry - configuration has been disabled. Especially, by changing the + This is the recommended method of using registry based + configuration.

    Secondly, a mixed configuration can be activated + by a special new meaning of the parameter + include = registry + in the [global] section of smb.conf. + This reads the global options from registry with the same + priorities as for an include of a text file. + This may be especially useful in cases where an initial + configuration is needed to access the registry.

    Activation of global registry options automatically + activates registry shares. So in the registry only case, + shares are loaded on demand only.

    + Note: To make registry-based configurations foolproof + at least to a certain extent, the use + of lock directory and + config backend + inside the registry configuration has been disabled: + Especially by changing the lock directory inside the registry configuration, one would create a broken setup where the daemons do not see the configuration they loaded once it is active.

    The registry configuration can be accessed with - tools like regedit or net rpc + tools like regedit or net (rpc) registry in the key - HKLM\Software\Samba\smbconf. + HKLM\Software\Samba\smbconf. More conveniently, the conf subcommand of the - net(8) utility + net(8) utility offers a dedicated interface to read and write the registry based configuration locally, i.e. directly accessing the database file, circumventing the server. -

    EXPLANATION OF EACH PARAMETER

    abort shutdown script (G)

    This a full path name to a script called by smbd(8) that - should stop a shutdown procedure issued by the shutdown script.

    If the connected user posseses the SeRemoteShutdownPrivilege, +

    EXPLANATION OF EACH PARAMETER

    + +abort shutdown script (G) +

    This a full path name to a script called by smbd(8) that + should stop a shutdown procedure issued by the shutdown script.

    If the connected user posseses the SeRemoteShutdownPrivilege, right, this command will be run as user.

    Default: abort shutdown script = ""

    Example: abort shutdown script = /sbin/shutdown -c -

    acl check permissions (S)

    This boolean parameter controls what smbd(8)does on receiving a protocol request of "open for delete" +

    + +acl check permissions (S) +

    This boolean parameter controls what smbd(8)does on receiving a protocol request of "open for delete" from a Windows client. If a Windows client doesn't have permissions to delete a file then they expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a @@ -372,7 +392,10 @@ chmod 1770 /usr/local/samba/lib/usershares with slightly different semantics was introduced in 3.0.20. That older version is not documented here.

    Default: acl check permissions = True -

    acl compatibility (S)

    This parameter specifies what OS ACL semantics should +

    + +acl compatibility (S) +

    This parameter specifies what OS ACL semantics should be compatible with. Possible values are winnt for Windows NT 4, win2k for Windows 2000 and above and auto. If you specify auto, the value for this parameter @@ -381,7 +404,10 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: acl compatibility = win2k -

    acl group control (S)

    +

    + +acl group control (S) +

    In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the primary group owner of a file or directory to modify the permissions and ACLs @@ -394,11 +420,11 @@ chmod 1770 /usr/local/samba/lib/usershares or directory, easing managability.

    This parameter allows Samba to also permit delegation of the control over a point in the exported - directory hierarchy in much the same was as Windows. This allows all members of a UNIX group to + directory hierarchy in much the same way as Windows. This allows all members of a UNIX group to control the permissions on a file or directory they have group ownership on.

    - This parameter is best used with the inherit owner option and also - on on a share containing directories with the UNIX setgid bit bit set + This parameter is best used with the inherit owner option and also + on on a share containing directories with the UNIX setgid bit set on them, which causes new files and directories created within it to inherit the group ownership from the containing directory.

    @@ -406,16 +432,22 @@ chmod 1770 /usr/local/samba/lib/usershares implemented by the dos filemode option.

    Default: acl group control = no -

    acl map full control (S)

    - This boolean parameter controls whether smbd(8)maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum +

    + +acl map full control (S) +

    + This boolean parameter controls whether smbd(8)maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any POSIX ACE entry of "rwx" will be returned as the specific Windows ACL bits representing read, write and execute.

    Default: acl map full control = True -

    add group script (G)

    - This is the full pathname to a script that will be run AS ROOT by smbd(8) when a new group is requested. It +

    + +add group script (G) +

    + This is the full pathname to a script that will be run AS ROOT by smbd(8) when a new group is requested. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. The script is free to create a group with an arbitrary name to circumvent unix group name restrictions. In that case the script must print the numeric @@ -424,28 +456,36 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: add group script = /usr/sbin/groupadd %g -

    add machine script (G)

    +

    + +add machine script (G) +

    This is the full pathname to a script that will be run by - smbd(8) when a machine is + smbd(8) when a machine is added to Samba's domain and a Unix account matching the machine's name appended with a "$" does not already exist. -

    This option is very similar to the add user script, and likewise uses the %u +

    This option is very similar to the add user script, and likewise uses the %u substitution for the account name. Do not use the %m substitution.

    Default: add machine script =

    Example: add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u -

    add port command (G)

    Samba 3.0.23 introduces support for adding printer ports +

    + +add port command (G) +

    Samba 3.0.23 introduced support for adding printer ports remotely using the Windows "Add Standard TCP/IP Port Wizard". This option defines an external program to be executed when smbd receives a request to add a new Port to the system. - he script is passed two parameters: -

    • port name

    • device URI

    The deviceURI is in the for of socket://<hostname>[:<portnumber>] + The script is passed two parameters:

    • port name

    • device URI

    The deviceURI is in the for of socket://<hostname>[:<portnumber>] or lpd://<hostname>/<queuename>.

    Default: add port command =

    Example: add port command = /etc/samba/scripts/addport.sh -

    add printer command (G)

    With the introduction of MS-RPC based printing +

    + +add printer command (G) +

    With the introduction of MS-RPC based printing support for Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon is now also available in the "Printers..." folder displayed a share listing. The APW @@ -456,7 +496,7 @@ chmod 1770 /usr/local/samba/lib/usershares will perform the necessary operations for adding the printer to the print system and to add the appropriate service definition to the smb.conf file in order that it can be - shared by smbd(8).

    The addprinter command is + shared by smbd(8).

    The addprinter command is automatically invoked with the following parameter (in order):

    • printer name

    • share name

    • port name

    • driver name

    • location

    • Windows 9x driver location

    All parameters are filled in from the PRINTER_INFO_2 structure sent by the Windows NT/2000 client with one exception. The "Windows 9x @@ -474,7 +514,10 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: add printer command = /usr/bin/addprinter -

    add share command (G)

    +

    + +add share command (G) +

    Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The add share command is used to define an external program or script which will add a new service definition to smb.conf. In order @@ -496,14 +539,17 @@ chmod 1770 /usr/local/samba/lib/usershares Number of maximum simultaneous connections to this share.

    - This parameter is only used for add file shares. To add printer shares, see the addprinter command. + This parameter is only used for add file shares. To add printer shares, see the addprinter command.

    Default: add share command =

    Example: add share command = /usr/local/bin/addshare -

    add user script (G)

    +

    + +add user script (G) +

    This is the full pathname to a script that will be run AS ROOT by - smbd(8) + smbd(8) under special circumstances described below.

    Normally, a Samba server requires that UNIX users are created for all users accessing @@ -512,17 +558,17 @@ chmod 1770 /usr/local/samba/lib/usershares NT PDC is an onerous task. This option allows smbd to create the required UNIX users ON DEMAND when a user accesses the Samba server.

    - In order to use this option, smbd(8) must NOT be set to - security = share and add user script + In order to use this option, smbd(8) must NOT be set to + security = share and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of %u, which expands into the UNIX user name to create.

    When the Windows user attempts to access the Samba server, at login (session setup in - the SMB protocol) time, smbd(8) contacts the password server + the SMB protocol) time, smbd(8) contacts the password server and attempts to authenticate the given user with the given password. If the authentication succeeds then smbd attempts to find a UNIX user in the UNIX password database to map the Windows user into. If this lookup fails, and - add user script is set then smbd will + add user script is set then smbd will call the specified script AS ROOT, expanding any %u argument to be the user name to create.

    @@ -530,15 +576,18 @@ chmod 1770 /usr/local/samba/lib/usershares continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts.

    - See also security, password server, - delete user script. + See also security, password server, + delete user script.

    Default: add user script =

    Example: add user script = /usr/local/samba/bin/add_user %u -

    add user to group script (G)

    +

    + +add user to group script (G) +

    Full path to the script that will be called when a user is added to a group using the Windows NT domain administration - tools. It will be run by smbd(8) + tools. It will be run by smbd(8) AS ROOT. Any %g will be replaced with the group name and any %u will be replaced with the user name.

    @@ -548,23 +597,42 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: add user to group script = /usr/sbin/adduser %u %g -

    admin users (S)

    This is a list of users who will be granted +

    + +administrative share (S) +

    If this parameter is set to yes for + a share, then the share will be an administrative share. The Administrative + Shares are the default network shares created by all Windows NT-based + operating systems. These are shares like C$, D$ or ADMIN$. The type of these + shares is STYPE_DISKTREE_HIDDEN.

    See the section below on security for more + information about this option.

    Default: administrative share = no + +

    + +admin users (S) +

    This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root).

    You should use this option very carefully, as any user in this list will be able to do anything they like on the share, - irrespective of file permissions.

    This parameter will not work with the security = share in + irrespective of file permissions.

    This parameter will not work with the security = share in Samba 3.0. This is by design.

    Default: admin users =

    Example: admin users = jason -

    afs share (S)

    This parameter controls whether special AFS features are enabled +

    + +afs share (S) +

    This parameter controls whether special AFS features are enabled for this share. If enabled, it assumes that the directory exported via the path parameter is a local AFS import. The special AFS features include the attempt to hand-craft an AFS token if you enabled --with-fake-kaserver in configure.

    Default: afs share = no -

    afs username map (G)

    If you are using the fake kaserver AFS feature, you might +

    + +afs username map (G) +

    If you are using the fake kaserver AFS feature, you might want to hand-craft the usernames you are creating tokens for. For example this is necessary if you have users from several domain in your AFS Protection Database. One possible scheme to code users @@ -574,39 +642,38 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: afs username map = %u@afs.samba.org -

    aio read size (S)

    If Samba has been built with asynchronous I/O support and this +

    + +aio read size (S) +

    If Samba has been built with asynchronous I/O support and this integer parameter is set to non-zero value, Samba will read from file asynchronously when size of request is bigger than this value. Note that it happens only for non-chained and non-chaining reads and when not using write cache.

    Current implementation of asynchronous I/O in Samba 3.0 does support - only up to 10 outstanding asynchronous requests, read and write combined.

    - - write cache size - aio write size - -

    Default: aio read size = 0 + only up to 10 outstanding asynchronous requests, read and write combined.

    Related command: write cache size

    Related command: aio write size

    Default: aio read size = 0

    Example: aio read size = 16384 # Use asynchronous I/O for reads bigger than 16KB request size -

    aio write size (S)

    If Samba has been built with asynchronous I/O support and this +

    + +aio write size (S) +

    If Samba has been built with asynchronous I/O support and this integer parameter is set to non-zero value, Samba will write to file asynchronously when size of request is bigger than this value. Note that it happens only for non-chained and non-chaining reads and when not using write cache.

    Current implementation of asynchronous I/O in Samba 3.0 does support - only up to 10 outstanding asynchronous requests, read and write combined.

    - - write cache size - aio read size - -

    Default: aio write size = 0 + only up to 10 outstanding asynchronous requests, read and write combined.

    Related command: write cache size

    Related command: aio read size

    Default: aio write size = 0

    Example: aio write size = 16384 # Use asynchronous I/O for writes bigger than 16KB request size -

    algorithmic rid base (G)

    This determines how Samba will use its +

    + +algorithmic rid base (G) +

    This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers.

    Setting this option to a larger value could be useful to sites @@ -621,7 +688,10 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: algorithmic rid base = 100000 -

    allocation roundup size (S)

    This parameter allows an administrator to tune the +

    + +allocation roundup size (S) +

    This parameter allows an administrator to tune the allocation size reported to Windows clients. The default size of 1Mb generally results in improved Windows client performance. However, rounding the allocation size may cause @@ -633,8 +703,11 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: allocation roundup size = 0 # (to disable roundups) -

    allow trusted domains (G)

    - This option only takes effect when the security option is set to +

    + +allow trusted domains (G) +

    + This option only takes effect when the security option is set to server, domain or ads. If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running @@ -648,7 +721,10 @@ chmod 1770 /usr/local/samba/lib/usershares Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.

    Default: allow trusted domains = yes -

    announce as (G)

    This specifies what type of server nmbd(8) will announce itself as, to a network neighborhood browse +

    + +announce as (G) +

    This specifies what type of server nmbd(8) will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, @@ -660,16 +736,22 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: announce as = Win95 -

    announce version (G)

    This specifies the major and minor version numbers +

    + +announce version (G) +

    This specifies the major and minor version numbers that nmbd will use when announcing itself as a server. The default is 4.9. Do not change this parameter unless you have a specific need to set a Samba server to be a downlevel server.

    Default: announce version = 4.9

    Example: announce version = 2.0 -

    auth methods (G)

    +

    + +auth methods (G) +

    This option allows the administrator to chose what authentication methods smbd - will use when authenticating a user. This option defaults to sensible values based on security. + will use when authenticating a user. This option defaults to sensible values based on security. This should be considered a developer option and used only in rare circumstances. In the majority (if not all) of production servers, the default setting should be adequate.

    @@ -688,43 +770,49 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: auth methods = guest sam winbind -

    available (S)

    This parameter lets you "turn off" a service. If +

    + +available (S) +

    This parameter lets you "turn off" a service. If available = no, then ALL attempts to connect to the service will fail. Such failures are logged.

    Default: available = yes -

    bind interfaces only (G)

    This global parameter allows the Samba admin +

    + +bind interfaces only (G) +

    This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. It - affects file service smbd(8) and name service nmbd(8) in a slightly different ways.

    + affects file service smbd(8) and name service nmbd(8) in a slightly different ways.

    For name service it causes nmbd to bind to ports 137 and 138 on the - interfaces listed in the interfaces parameter. nmbd + interfaces listed in the interfaces parameter. nmbd also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of reading broadcast messages. If this option is not set then nmbd will - service name requests on all of these sockets. If bind interfaces only is set then + service name requests on all of these sockets. If bind interfaces only is set then nmbd will check the source address of any packets coming in on the broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the - interfaces parameter list. As unicast packets are received on the other sockets it + interfaces parameter list. As unicast packets are received on the other sockets it allows nmbd to refuse to serve names to machines that send packets that - arrive through any interfaces not listed in the interfaces list. IP Source address + arrive through any interfaces not listed in the interfaces list. IP Source address spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for nmbd.

    - For file service it causes smbd(8) to bind only to the interface list given in the interfaces parameter. This restricts the networks that smbd will + For file service it causes smbd(8) to bind only to the interface list given in the interfaces parameter. This restricts the networks that smbd will serve to packets coming in those interfaces. Note that you should not use this parameter for machines that are serving PPP or other intermittent or non-broadcast network interfaces as it will not cope with non-permanent interfaces.

    - If bind interfaces only is set then unless the network address - 127.0.0.1 is added to the interfaces parameter list - smbpasswd(8) and - swat(8) may not work as + If bind interfaces only is set then unless the network address + 127.0.0.1 is added to the interfaces parameter list + smbpasswd(8) and + swat(8) may not work as expected due to the reasons covered below.

    To change a users SMB password, the smbpasswd by default connects to the localhost - 127.0.0.1 address as an SMB client to issue the password change request. If - bind interfaces only is set then unless the network address - 127.0.0.1 is added to the interfaces parameter list then smbpasswd will fail to connect in it's default mode. smbpasswd can be forced to use the primary IP interface of the local host by using - its smbpasswd(8) -r remote machine parameter, with remote + bind interfaces only is set then unless the network address + 127.0.0.1 is added to the interfaces parameter list then smbpasswd will fail to connect in it's default mode. smbpasswd can be forced to use the primary IP interface of the local host by using + its smbpasswd(8) -r remote machine parameter, with remote machine set to the IP name of the primary interface of the local host.

    The swat status page tries to connect with smbd and nmbd at the address @@ -734,8 +822,11 @@ chmod 1770 /usr/local/samba/lib/usershares from starting/stopping/restarting smbd and nmbd.

    Default: bind interfaces only = no -

    blocking locks (S)

    This parameter controls the behavior - of smbd(8) when given a request by a client +

    + +blocking locks (S) +

    This parameter controls the behavior + of smbd(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it.

    If this parameter is set and the lock range requested cannot be immediately satisfied, samba will internally @@ -745,7 +836,10 @@ chmod 1770 /usr/local/samba/lib/usershares will fail the lock request immediately if the lock range cannot be obtained.

    Default: blocking locks = yes -

    block size (S)

    This parameter controls the behavior of smbd(8) when reporting disk free +

    + +block size (S) +

    This parameter controls the behavior of smbd(8) when reporting disk free sizes. By default, this reports a disk block size of 1024 bytes.

    Changing this parameter may have some effect on the efficiency of client writes, this is not yet confirmed. This @@ -759,21 +853,36 @@ chmod 1770 /usr/local/samba/lib/usershares

    Example: block size = 4096 -

    browsable

    This parameter is a synonym for browseable.

    browseable (S)

    This controls whether this share is seen in +

    browsable

    This parameter is a synonym for browseable.

    + +browseable (S) +

    This controls whether this share is seen in the list of available shares in a net view and in the browse list.

    Default: browseable = yes -

    browse list (G)

    This controls whether smbd(8) will serve a browse list to +

    + +browse list (G) +

    This controls whether smbd(8) will serve a browse list to a client doing a NetServerEnum call. Normally set to yes. You should never need to change this.

    Default: browse list = yes -

    casesignames

    This parameter is a synonym for case sensitive.

    case sensitive (S)

    See the discussion in the section name mangling.

    Default: case sensitive = no +

    casesignames

    This parameter is a synonym for case sensitive.

    + +case sensitive (S) +

    See the discussion in the section name mangling.

    Default: case sensitive = no -

    change notify (S)

    This parameter specifies whether Samba should reply +

    + +change notify (S) +

    This parameter specifies whether Samba should reply to a client's file change notify requests.

    You should never need to change this parameter

    Default: change notify = yes -

    change share command (G)

    +

    + +change share command (G) +

    Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The change share command is used to define an external program or script which will modify an existing service definition in smb.conf. In order to successfully execute the change @@ -804,18 +913,21 @@ connected using a root account (i.e. uid == 0).

    Example: change share command = /usr/local/bin/addshare -

    check password script (G)

    The name of a program that can be used to check password +

    + +check password script (G) +

    The name of a program that can be used to check password complexity. The password is sent to the program's standrad input.

    The program must return 0 on good password any other value otherwise. In case the password is considered weak (the program do not return 0) the user will be notified and the password change will fail.

    Note: In the example directory there is a sample program called crackcheck - that uses cracklib to checkpassword quality

    . - - -

    Default: check password script = Disabled + that uses cracklib to checkpassword quality.

    Default: check password script = Disabled

    Example: check password script = check password script = /usr/local/sbin/crackcheck -

    client lanman auth (G)

    This parameter determines whether or not smbclient(8) and other samba client +

    + +client lanman auth (G) +

    This parameter determines whether or not smbclient(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash. If disabled, only server which support NT password hashes (e.g. Windows NT/2000, Samba, etc... but not @@ -826,8 +938,11 @@ connected using a root account (i.e. uid == 0). auth parameter is enabled, then only NTLMv2 logins will be attempted.

    Default: client lanman auth = no -

    client ldap sasl wrapping (G)

    - The client ldap sasl wrapping defines whether +

    + +client ldap sasl wrapping (G) +

    + The client ldap sasl wrapping defines whether ldap traffic will be signed or signed and encrypted (sealed). Possible values are plain, sign and seal. @@ -839,7 +954,8 @@ connected using a root account (i.e. uid == 0). This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e.g. Windows 2000 SP3 or higher). LDAP sign and seal can be controlled with the registry key - "HKLM\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity" + "HKLM\System\CurrentControlSet\Services\ + NTDS\Parameters\LDAPServerIntegrity" on the Windows server side.

    Depending on the used KRB5 library (MIT and older Heimdal versions) @@ -853,7 +969,10 @@ connected using a root account (i.e. uid == 0). seal.

    Default: client ldap sasl wrapping = plain -

    client ntlmv2 auth (G)

    This parameter determines whether or not smbclient(8) will attempt to +

    + +client ntlmv2 auth (G) +

    This parameter determines whether or not smbclient(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response.

    If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Many servers @@ -865,20 +984,29 @@ connected using a root account (i.e. uid == 0). those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM.

    Default: client ntlmv2 auth = no -

    client plaintext auth (G)

    Specifies whether a client should send a plaintext +

    + +client plaintext auth (G) +

    Specifies whether a client should send a plaintext password if the server does not support encrypted passwords.

    Default: client plaintext auth = no -

    client schannel (G)

    +

    + +client schannel (G) +

    This controls whether the client offers or even demands the use of the netlogon schannel. - client schannel = no does not offer the schannel, - client schannel = auto offers the schannel but does not - enforce it, and client schannel = yes denies access + client schannel = no does not offer the schannel, + client schannel = auto offers the schannel but does not + enforce it, and client schannel = yes denies access if the server is not able to speak netlogon schannel.

    Default: client schannel = auto

    Example: client schannel = yes -

    client signing (G)

    This controls whether the client offers or requires +

    + +client signing (G) +

    This controls whether the client offers or requires the server it talks to to use SMB signing. Possible values are auto, mandatory and disabled. @@ -887,26 +1015,57 @@ connected using a root account (i.e. uid == 0). to disabled, SMB signing is not offered either.

    Default: client signing = auto -

    client use spnego (G)

    This variable controls whether Samba clients will try +

    + +client use spnego (G) +

    This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with supporting servers (including WindowsXP, Windows2000 and Samba 3.0) to agree upon an authentication mechanism. This enables Kerberos authentication in particular.

    Default: client use spnego = yes -

    comment (S)

    This is a text field that is seen next to a share +

    + +cluster addresses (G) +

    With this parameter you can add additional addresses + nmbd will register with a WINS server. These addresses are not + necessarily present on all nodes simultaneously, but they will + be registered with the WINS server so that clients can contact + any of the nodes. +

    Default: cluster addresses = + +

    Example: cluster addresses = 10.0.0.1 10.0.0.2 10.0.0.3 + +

    + +clustering (G) +

    This parameter specifies whether Samba should contact + ctdb for accessing its tdb files and use ctdb as a backend + for its messaging backend. +

    Set this parameter to yes only if + you have a cluster setup with ctdb running. +

    Default: clustering = no + +

    + +comment (S) +

    This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available.

    If you want to set the string that is displayed next to the - machine name then see the server string parameter.

    Default: comment = + machine name then see the server string parameter.

    Default: comment = # No comment

    Example: comment = Fred's Files -

    config backend (G)

    +

    + +config backend (G) +

    This controls the backend for storing the configuration. Possible values are file (the default) and registry. - When config backend = registry + When config backend = registry is encountered while loading smb.conf, the configuration read so far is dropped and the global options are read from registry instead. So this triggers a @@ -920,7 +1079,10 @@ connected using a root account (i.e. uid == 0).

    Example: config backend = registry -

    config file (G)

    This allows you to override the config file +

    + +config file (G) +

    This allows you to override the config file to use, instead of the default (usually smb.conf). There is a chicken and egg problem here as this option is set in the config file!

    For this reason, if the name of the config file has changed @@ -930,7 +1092,10 @@ connected using a root account (i.e. uid == 0). (allowing you to special case the config files of just a few clients).

    No default

    Example: config file = /usr/local/samba/lib/smb.conf.%m -

    copy (S)

    This parameter allows you to "clone" service +

    + +copy (S) +

    This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current section will override those in the section being copied.

    This feature lets you set up a 'template' service and @@ -940,7 +1105,10 @@ connected using a root account (i.e. uid == 0).

    Example: copy = otherservice -

    create mode

    This parameter is a synonym for create mask.

    create mask (S)

    +

    create mode

    This parameter is a synonym for create mask.

    + +create mask (S) +

    When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit not set here will @@ -950,31 +1118,48 @@ connected using a root account (i.e. uid == 0). write and execute bits from the UNIX modes.

    Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the - force create mode parameter which is set to 000 by default. + force create mode parameter which is set to 000 by default.

    - This parameter does not affect directory masks. See the parameter directory mask + This parameter does not affect directory masks. See the parameter directory mask for details.

    Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the - administrator wishes to enforce a mask on access control lists also, they need to set the security mask. + administrator wishes to enforce a mask on access control lists also, they need to set the security mask.

    Default: create mask = 0744

    Example: create mask = 0775 -

    csc policy (S)

    +

    + +csc policy (S) +

    This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable.

    These values correspond to those used on Windows servers.

    For example, shares containing roaming profiles can have offline caching disabled using - csc policy = disable. + csc policy = disable.

    Default: csc policy = manual

    Example: csc policy = programs -

    cups options (S)

    - This parameter is only applicable if printing is +

    default

    This parameter is a synonym for ctdbd socket.

    + +ctdbd socket (G) +

    If you set clustering=yes, + you need to tell Samba where ctdbd listens on its unix domain + socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which + you have to explicitly set for Samba in smb.conf. +

    Default: ctdbd socket = + +

    Example: ctdbd socket = /tmp/ctdb.socket + +

    + +cups options (S) +

    + This parameter is only applicable if printing is set to cups. Its value is a free form string of options passed directly to the cups library.

    @@ -982,6 +1167,9 @@ connected using a root account (i.e. uid == 0). in the CUPS "Software Users' Manual"). You can also pass any printer specific option (as listed in "lpoptions -d printername -l") valid for the target queue. + Multiple parameters should be space-delimited name/value pairs according to + the PAPI text option ABNF specification. Collection values + ("name={a=... b=... c=...}") are stored with the curley brackets intact.

    You should set this parameter to raw if your CUPS server error_log file contains messages such as @@ -990,10 +1178,13 @@ connected using a root account (i.e. uid == 0). system wide raw printing in /etc/cups/mime.{convs,types}.

    Default: cups options = "" -

    Example: cups options = "raw,media=a4,job-sheets=secret,secret" +

    Example: cups options = "raw media=a4" -

    cups server (G)

    - This parameter is only applicable if printing is set to cups. +

    + +cups server (G) +

    + This parameter is only applicable if printing is set to cups.

    If set, this option overrides the ServerName option in the CUPS client.conf. This is necessary if you have virtual samba servers that connect to different CUPS daemons. @@ -1006,7 +1197,10 @@ connected using a root account (i.e. uid == 0).

    Example: cups server = mycupsserver:1631 -

    deadtime (G)

    The value of the parameter (a decimal integer) +

    + +deadtime (G) +

    The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected. The deadtime only takes effect if the number of open files is zero.

    This is useful to stop a server's resources being @@ -1018,46 +1212,78 @@ connected using a root account (i.e. uid == 0).

    Example: deadtime = 15 -

    debug hires timestamp (G)

    +

    + +debug class (G) +

    + With this boolean parameter enabled, the debug class (DBGC_CLASS) + will be displayed in the debug header. +

    + For more information about currently available debug classes, see + section about log level. +

    Default: debug class = no + +

    + +debug hires timestamp (G) +

    Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp message header when turned on.

    - Note that the parameter debug timestamp must be on for this to have an effect. + Note that the parameter debug timestamp must be on for this to have an effect.

    Default: debug hires timestamp = no -

    debug pid (G)

    - When using only one log file for more then one forked smbd(8)-process there may be hard to follow which process outputs which +

    + +debug pid (G) +

    + When using only one log file for more then one forked smbd(8)-process there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on.

    - Note that the parameter debug timestamp must be on for this to have an effect. + Note that the parameter debug timestamp must be on for this to have an effect.

    Default: debug pid = no -

    debug prefix timestamp (G)

    +

    + +debug prefix timestamp (G) +

    With this option enabled, the timestamp message header is prefixed to the debug message without the - filename and function information that is included with the debug timestamp + filename and function information that is included with the debug timestamp parameter. This gives timestamps to the messages without adding an additional line.

    - Note that this parameter overrides the debug timestamp parameter. + Note that this parameter overrides the debug timestamp parameter.

    Default: debug prefix timestamp = no -

    timestamp logs

    This parameter is a synonym for debug timestamp.

    debug timestamp (G)

    +

    timestamp logs

    This parameter is a synonym for debug timestamp.

    + +debug timestamp (G) +

    Samba debug log messages are timestamped by default. If you are running at a high - debug level these timestamps can be distracting. This + debug level these timestamps can be distracting. This boolean parameter allows timestamping to be turned off.

    Default: debug timestamp = yes -

    debug uid (G)

    +

    + +debug uid (G) +

    Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.

    - Note that the parameter debug timestamp must be on for this to have an effect. + Note that the parameter debug timestamp must be on for this to have an effect.

    Default: debug uid = no -

    default case (S)

    See the section on name mangling. - Also note the short preserve case parameter.

    Default: default case = lower +

    + +default case (S) +

    See the section on name mangling. + Also note the short preserve case parameter.

    Default: default case = lower -

    default devmode (S)

    This parameter is only applicable to printable services. +

    + +default devmode (S) +

    This parameter is only applicable to printable services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba server has a Device Mode which defines things such as paper size and orientation and duplex settings. The device mode can only correctly be @@ -1077,16 +1303,19 @@ connected using a root account (i.e. uid == 0). do this all the time, setting default devmode = yes will instruct smbd to generate a default one.

    For more information on Windows NT/2k printing and Device Modes, - see the MSDN documentation. + see the MSDN documentation.

    Default: default devmode = yes -

    default

    This parameter is a synonym for default service.

    default service (G)

    This parameter specifies the name of a service +

    default

    This parameter is a synonym for default service.

    + +default service (G) +

    This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are NOT given in the parameter value (see example below).

    There is no default value for this parameter. If this parameter is not given, attempting to connect to a nonexistent service results in an error.

    - Typically the default service would be a guest ok, read-only service.

    Also note that the apparent service name will be changed to equal + Typically the default service would be a guest ok, read-only service.

    Also note that the apparent service name will be changed to equal that of the requested service, this is very useful as it allows you to use macros like %S to make a wildcard service.

    Note also that any "_" characters in the name of the service used in the default service will get mapped to a "/". This allows for @@ -1094,7 +1323,10 @@ connected using a root account (i.e. uid == 0).

    Example: default service = pub -

    defer sharing violations (G)

    +

    + +defer sharing violations (G) +

    Windows allows specifying how a file will be shared with other processes when it is opened. Sharing violations occur when a file is opened by a different process using options that violate @@ -1107,23 +1339,29 @@ connected using a root account (i.e. uid == 0). designed to enable Samba to more correctly emulate Windows.

    Default: defer sharing violations = True -

    delete group script (G)

    This is the full pathname to a script that will - be run AS ROOT smbd(8) when a group is requested to be deleted. +

    + +delete group script (G) +

    This is the full pathname to a script that will + be run AS ROOT smbd(8) when a group is requested to be deleted. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.

    Default: delete group script = -

    deleteprinter command (G)

    With the introduction of MS-RPC based printer +

    + +deleteprinter command (G) +

    With the introduction of MS-RPC based printer support for Windows NT/2000 clients in Samba 2.2, it is now possible to delete printer at run time by issuing the DeletePrinter() RPC call.

    For a Samba host this means that the printer must be physically deleted from underlying printing system. The - deleteprinter command defines a script to be run which + deleteprinter command defines a script to be run which will perform the necessary operations for removing the printer from the print system and from smb.conf. -

    The deleteprinter command is - automatically called with only one parameter: printer name. -

    Once the deleteprinter command has +

    The deleteprinter command is + automatically called with only one parameter: printer name. +

    Once the deleteprinter command has been executed, smbd will reparse the smb.conf to associated printer no longer exists. If the sharename is still valid, then smbd @@ -1131,12 +1369,18 @@ connected using a root account (i.e. uid == 0).

    Example: deleteprinter command = /usr/bin/removeprinter -

    delete readonly (S)

    This parameter allows readonly files to be deleted. +

    + +delete readonly (S) +

    This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.

    This option may be useful for running applications such as rcs, where UNIX file ownership prevents changing file permissions, and DOS semantics prevent deletion of a read only file.

    Default: delete readonly = no -

    delete share command (G)

    +

    + +delete share command (G) +

    Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The delete share command is used to define an external program or script which will remove an existing service definition from @@ -1155,22 +1399,28 @@ connected using a root account (i.e. uid == 0). the existing service.

    This parameter is only used to remove file shares. To delete printer shares, - see the deleteprinter command. + see the deleteprinter command.

    Default: delete share command =

    Example: delete share command = /usr/local/bin/delshare -

    delete user from group script (G)

    Full path to the script that will be called when +

    + +delete user from group script (G) +

    Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration - tools. It will be run by smbd(8) AS ROOT. + tools. It will be run by smbd(8) AS ROOT. Any %g will be replaced with the group name and any %u will be replaced with the user name.

    Default: delete user from group script =

    Example: delete user from group script = /usr/sbin/deluser %u %g -

    delete user script (G)

    This is the full pathname to a script that will - be run by smbd(8) when managing users +

    + +delete user script (G) +

    This is the full pathname to a script that will + be run by smbd(8) when managing users with remote RPC (NT) tools.

    This script is called when a remote client removes a user from the server, normally using 'User Manager for Domains' or @@ -1178,9 +1428,12 @@ connected using a root account (i.e. uid == 0).

    Example: delete user script = /usr/local/samba/bin/del_user %u -

    delete veto files (S)

    This option is used when Samba is attempting to +

    + +delete veto files (S) +

    This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories - (see the veto files + (see the veto files option). If this option is set to no (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want.

    If this option is set to yes, then Samba @@ -1188,11 +1441,14 @@ connected using a root account (i.e. uid == 0). the vetoed directory. This can be useful for integration with file serving systems such as NetAtalk which create meta-files within directories you might normally veto DOS/Windows users from seeing - (e.g. .AppleDouble)

    Setting delete veto files = yes allows these + (e.g. .AppleDouble)

    Setting delete veto files = yes allows these directories to be transparently deleted when the parent directory is deleted (so long as the user has permissions to do so).

    Default: delete veto files = no -

    dfree cache time (S)

    +

    + +dfree cache time (S) +

    The dfree cache time should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" at the @@ -1200,12 +1456,15 @@ connected using a root account (i.e. uid == 0).

    This is a new parameter introduced in Samba version 3.0.21. It specifies in seconds the time that smbd will cache the output of a disk free query. If set to zero (the default) no caching is done. This allows a heavily - loaded server to prevent rapid spawning of dfree command scripts increasing the load. + loaded server to prevent rapid spawning of dfree command scripts increasing the load.

    By default this parameter is zero, meaning no caching will be done.

    No default

    Example: dfree cache time = dfree cache time = 60 -

    dfree command (S)

    +

    + +dfree command (S) +

    The dfree command setting should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" @@ -1216,7 +1475,7 @@ connected using a root account (i.e. uid == 0). function.

    In Samba version 3.0.21 this parameter has been changed to be a per-share parameter, and in addition the - parameter dfree cache time was added to allow the output of this script to be cached + parameter dfree cache time was added to allow the output of this script to be cached for systems under heavy load.

    The external program will be passed a single parameter indicating a directory in the filesystem being queried. @@ -1243,7 +1502,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' By default internal routines for determining the disk capacity and remaining space will be used.

    No default

    Example: dfree command = /usr/local/samba/bin/dfree -

    directory mode

    This parameter is a synonym for directory mask.

    directory mask (S)

    This parameter is the octal modes which are +

    directory mode

    This parameter is a synonym for directory mask.

    + +directory mask (S) +

    This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.

    When a directory is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, @@ -1254,19 +1516,22 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' created.

    The default value of this parameter removes the 'group' and 'other' write bits from the UNIX mode, allowing only the user who owns the directory to modify it.

    Following this Samba will bit-wise 'OR' the UNIX mode - created from this parameter with the value of the force directory mode parameter. + created from this parameter with the value of the force directory mode parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).

    Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the directory security mask.

    Default: directory mask = 0755 + a mask on access control lists also, they need to set the directory security mask.

    Default: directory mask = 0755

    Example: directory mask = 0775 -

    directory security mask (S)

    This parameter controls what UNIX permission bits +

    + +directory security mask (S) +

    This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.

    This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting - any bits not in this mask. Make sure not to mix up this parameter with force directory security mode, which works similar like this one but uses logical OR instead of AND. + any bits not in this mask. Make sure not to mix up this parameter with force directory security mode, which works similar like this one but uses logical OR instead of AND. Essentially, zero bits in this mask are a set of bits that will always be set to zero.

    Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the @@ -1281,13 +1546,19 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: directory security mask = 0700 -

    disable netbios (G)

    Enabling this parameter will disable netbios support +

    + +disable netbios (G) +

    Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP.

    Note

    Clients that only support netbios won't be able to see your samba server when netbios support is disabled.

    Default: disable netbios = no -

    disable spoolss (G)

    Enabling this parameter will disable Samba's support +

    + +disable spoolss (G) +

    Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba 2.0.x. Windows NT/2000 clients will downgrade to using Lanman style printing commands. Windows 9x/ME will be unaffected by @@ -1299,16 +1570,22 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' Be very careful about enabling this parameter.

    Default: disable spoolss = no -

    display charset (G)

    +

    + +display charset (G) +

    Specifies the charset that samba will use to print messages to stdout and stderr. The default value is "LOCALE", which means automatically set, depending on the current locale. The value should generally be the same as the value of the parameter - unix charset. + unix charset.

    Default: display charset = "LOCALE" or "ASCII" (depending on the system)

    Example: display charset = UTF8 -

    dmapi support (S)

    This parameter specifies whether Samba should use DMAPI to +

    + +dmapi support (S) +

    This parameter specifies whether Samba should use DMAPI to determine whether a file is offline or not. This would typically be used in conjunction with a hierarchical storage system that automatically migrates files to tape. @@ -1323,7 +1600,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Default: dmapi support = no -

    dns proxy (G)

    Specifies that nmbd(8) when acting as a WINS server and +

    + +dns proxy (G) +

    Specifies that nmbd(8) when acting as a WINS server and finding that a NetBIOS name has not been registered, should treat the NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server for that name on behalf of the name-querying client.

    Note that the maximum length for a NetBIOS name is 15 @@ -1332,43 +1612,52 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' DNS name lookup requests, as doing a name lookup is a blocking action.

    Default: dns proxy = yes -

    domain logons (G)

    +

    + +domain logons (G) +

    If set to yes, the Samba server will provide the netlogon service for Windows 9X network logons for the - workgroup it is in. + workgroup it is in. This will also cause the Samba server to act as a domain controller for NT4 style domain services. For more details on setting up this feature see the Domain Control chapter of the Samba HOWTO Collection.

    Default: domain logons = no -

    domain master (G)

    - Tell smbd(8) to enable +

    + +domain master (G) +

    + Tell smbd(8) to enable WAN-wide browse list collation. Setting this option causes nmbd to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given - workgroup. Local master browsers in the same workgroup on + workgroup. Local master browsers in the same workgroup on broadcast-isolated subnets will give this nmbd their local browse lists, - and then ask smbd(8) for a + and then ask smbd(8) for a complete copy of the browse list for the whole wide area network. Browser clients will then contact their local master browser, and will receive the domain-wide browse list, instead of just the list for their broadcast-isolated subnet.

    - Note that Windows NT Primary Domain Controllers expect to be able to claim this workgroup specific special NetBIOS name that identifies them as domain master browsers for that - workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting + Note that Windows NT Primary Domain Controllers expect to be able to claim this workgroup specific special NetBIOS name that identifies them as domain master browsers for that + workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting to do this). This means that if this parameter is set and nmbd claims the - special name for a workgroup before a Windows NT PDC is able to do so then cross + special name for a workgroup before a Windows NT PDC is able to do so then cross subnet browsing will behave strangely and may fail.

    - If domain logons = yes, then the default behavior is to enable the - domain master parameter. If domain logons is not enabled (the - default setting), then neither will domain master be enabled by default. + If domain logons = yes, then the default behavior is to enable the + domain master parameter. If domain logons is not enabled (the + default setting), then neither will domain master be enabled by default.

    - When domain logons = Yes the default setting for this parameter is - Yes, with the result that Samba will be a PDC. If domain master = No, + When domain logons = Yes the default setting for this parameter is + Yes, with the result that Samba will be a PDC. If domain master = No, Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC.

    Default: domain master = auto -

    dont descend (S)

    There are certain directories on some systems +

    + +dont descend (S) +

    There are certain directories on some systems (e.g., the /proc tree under Linux) that are either not of interest to clients or are infinitely deep (recursive). This parameter allows you to specify a comma-delimited list of directories @@ -1379,12 +1668,18 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: dont descend = /proc,/dev -

    dos charset (G)

    DOS SMB clients assume the server has +

    + +dos charset (G) +

    DOS SMB clients assume the server has the same charset as they do. This option specifies which charset Samba should talk to DOS clients.

    The default depends on which charsets you have installed. Samba tries to use charset 850 but falls back to ASCII in - case it is not available. Run testparm(1) to check the default on your system.

    No default

    dos filemode (S)

    The default behavior in Samba is to provide + case it is not available. Run testparm(1) to check the default on your system.

    No default

    + +dos filemode (S) +

    The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter @@ -1394,11 +1689,14 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' change permissions if the group is only granted read access. Ownership of the file/directory may also be changed.

    Default: dos filemode = no -

    dos filetime resolution (S)

    Under the DOS and Windows FAT filesystem, the finest +

    + +dos filetime resolution (S) +

    Under the DOS and Windows FAT filesystem, the finest granularity on time resolution is two seconds. Setting this parameter for a share causes Samba to round the reported time down to the nearest two second boundary when a query call that requires one second - resolution is made to smbd(8).

    This option is mainly used as a compatibility option for Visual + resolution is made to smbd(8).

    This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. If oplocks are enabled on a share, Visual C++ uses two different time reading calls to check if a file has changed since it was last read. One of these calls uses a @@ -1409,13 +1707,16 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' this option causes the two timestamps to match, and Visual C++ is happy.

    Default: dos filetime resolution = no -

    dos filetimes (S)

    Under DOS and Windows, if a user can write to a +

    + +dos filetimes (S) +

    Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user smbd is acting on behalf of is not the file owner. Setting this option to - yes allows DOS semantics and smbd(8) will change the file + yes allows DOS semantics and smbd(8) will change the file timestamp as DOS requires. Due to changes in Microsoft Office 2000 and beyond, the default for this parameter has been changed from "no" to "yes" in Samba 3.0.14 and above. Microsoft Excel will display dialog box warnings about the file being @@ -1423,14 +1724,20 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' shared between users.

    Default: dos filetimes = yes -

    ea support (S)

    This boolean parameter controls whether smbd(8) will allow clients to attempt to store OS/2 style Extended +

    + +ea support (S) +

    This boolean parameter controls whether smbd(8) will allow clients to attempt to store OS/2 style Extended attributes on a share. In order to enable this parameter the underlying filesystem exported by the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the correct kernel patches). On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel.

    Default: ea support = no -

    enable asu support (G)

    Hosts running the "Advanced Server for Unix (ASU)" product +

    + +enable asu support (G) +

    Hosts running the "Advanced Server for Unix (ASU)" product require some special accomodations such as creating a builting [ADMIN$] share that only supports IPC connections. The has been the default behavior in smbd for many years. However, certain Microsoft applications @@ -1438,7 +1745,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' an [ADMIN$} file share. Disabling this parameter allows for creating an [ADMIN$] file share in smb.conf.

    Default: enable asu support = no -

    enable privileges (G)

    +

    + +enable privileges (G) +

    This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either net rpc rights or one of the Windows user and group manager tools. This parameter is enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to @@ -1451,7 +1761,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' Please read the extended description provided in the Samba HOWTO documentation.

    Default: enable privileges = yes -

    encrypt passwords (G)

    This boolean controls whether encrypted passwords +

    + +encrypt passwords (G) +

    This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in @@ -1468,13 +1781,16 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' is no longer maintained in Microsoft Windows products. If you want to use plain text passwords you must set this parameter to no.

    In order for encrypted passwords to work correctly - smbd(8) must either - have access to a local smbpasswd(5) file (see the smbpasswd(8) program for information on how to set up - and maintain this file), or set the security = [server|domain|ads] parameter which + smbd(8) must either + have access to a local smbpasswd(5) file (see the smbpasswd(8) program for information on how to set up + and maintain this file), or set the security = [server|domain|ads] parameter which causes smbd to authenticate against another server.

    Default: encrypt passwords = yes -

    enhanced browsing (G)

    This option enables a couple of enhancements to +

    + +enhanced browsing (G) +

    This option enables a couple of enhancements to cross-subnet browse propagation that have been added in Samba but which are not standard in Microsoft implementations.

    The first enhancement to browse propagation consists of a regular @@ -1487,7 +1803,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' to stay around forever which can be annoying.

    In general you should leave this option enabled as it makes cross-subnet browse propagation much more reliable.

    Default: enhanced browsing = yes -

    enumports command (G)

    The concept of a "port" is fairly foreign +

    + +enumports command (G) +

    The concept of a "port" is fairly foreign to UNIX hosts. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of a local port (i.e. LPT1:, COM1:, FILE:) or a remote port @@ -1504,7 +1823,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: enumports command = /usr/bin/listports -

    eventlog list (G)

    This option defines a list of log names that Samba will +

    + +eventlog list (G) +

    This option defines a list of log names that Samba will report to the Microsoft EventViewer utility. The listed eventlogs will be associated with tdb file on disk in the $(lockdir)/eventlog. @@ -1517,7 +1839,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: eventlog list = Security Application Syslog Apache -

    fake directory create times (S)

    NTFS and Windows VFAT file systems keep a create +

    + +fake directory create times (S) +

    NTFS and Windows VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - status change time - that Unix keeps, so Samba by default reports the earliest of the various times Unix does keep. Setting @@ -1539,14 +1864,17 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' ensures directories always predate their contents and an NMAKE build will proceed as expected.

    Default: fake directory create times = no -

    fake oplocks (S)

    Oplocks are the way that SMB clients get permission +

    + +fake oplocks (S) +

    Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume that it is the only one accessing the file and it will aggressively cache file data. With some oplock types the client may even cache file open/close operations. This can give enormous performance benefits. -

    When you set fake oplocks = yes, smbd(8) will - always grant oplock requests no matter how many clients are using the file.

    It is generally much better to use the real oplocks support rather +

    When you set fake oplocks = yes, smbd(8) will + always grant oplock requests no matter how many clients are using the file.

    It is generally much better to use the real oplocks support rather than this parameter.

    If you enable this option on all read-only shares or shares that you know will only be accessed from one client at a time such as physically read-only media like CDROMs, you will see @@ -1555,8 +1883,11 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' files read-write at the same time you can get data corruption. Use this option carefully!

    Default: fake oplocks = no -

    follow symlinks (S)

    - This parameter allows the Samba administrator to stop smbd(8) from following symbolic links in a particular share. Setting this +

    + +follow symlinks (S) +

    + This parameter allows the Samba administrator to stop smbd(8) from following symbolic links in a particular share. Setting this parameter to no prevents any file or directory that is a symbolic link from being followed (the user will get an error). This option is very useful to stop users from adding a symbolic link to /etc/passwd in their home directory for instance. However @@ -1565,7 +1896,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' This option is enabled (i.e. smbd will follow symbolic links) by default.

    Default: follow symlinks = yes -

    force create mode (S)

    This parameter specifies a set of UNIX mode bit +

    + +force create mode (S) +

    This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created or having its @@ -1578,7 +1912,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: force create mode = 0755 -

    force directory mode (S)

    This parameter specifies a set of UNIX mode bit +

    + +force directory mode (S) +

    This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this @@ -1591,12 +1928,15 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: force directory mode = 0755 -

    force directory security mode (S)

    +

    + +force directory security mode (S) +

    This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.

    This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this - mask that the user may have modified to be on. Make sure not to mix up this parameter with directory security mask, which works in a similar manner to this one, but uses a logical AND instead + mask that the user may have modified to be on. Make sure not to mix up this parameter with directory security mask, which works in a similar manner to this one, but uses a logical AND instead of an OR.

    Essentially, this mask may be treated as a set of bits that, when modifying security on a directory, @@ -1612,7 +1952,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: force directory security mode = 700 -

    group

    This parameter is a synonym for force group.

    force group (S)

    This specifies a UNIX group name that will be +

    group

    This parameter is a synonym for force group.

    + +force group (S) +

    This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to files on service will use the named group for @@ -1630,13 +1973,16 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group.

    - If the force user parameter is also set the group specified in + If the force user parameter is also set the group specified in force group will override the primary group set in force user.

    Default: force group =

    Example: force group = agroup -

    force printername (S)

    When printing from Windows NT (or later), +

    + +force printername (S) +

    When printing from Windows NT (or later), each printer in smb.conf has two associated names which can be used by the client. The first is the sharename (or shortname) defined in smb.conf. This @@ -1659,12 +2005,15 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' not be able to delete printer connections from their local Printers folder.

    Default: force printername = no -

    force security mode (S)

    +

    + +force security mode (S) +

    This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box.

    This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this - mask that the user may have modified to be on. Make sure not to mix up this parameter with security mask, which works similar like this one but uses logical AND instead of OR. + mask that the user may have modified to be on. Make sure not to mix up this parameter with security mask, which works similar like this one but uses logical AND instead of OR.

    Essentially, one bits in this mask may be treated as a set of bits that, when modifying security on a file, the user has always set to be on. @@ -1679,7 +2028,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: force security mode = 700 -

    force unknown acl user (S)

    +

    + +force unknown acl user (S) +

    If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or representation of a user or group id) as the owner or group owner of the file will be silently mapped into the current UNIX uid or gid of the currently connected user. @@ -1693,7 +2045,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.

    Default: force unknown acl user = no -

    force user (S)

    This specifies a UNIX user name that will be +

    + +force user (S) +

    This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.

    This user name only gets used once a connection is established. @@ -1707,9 +2062,12 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: force user = auser -

    fstype (S)

    +

    + +fstype (S) +

    This parameter allows the administrator to configure the string that specifies the type of filesystem a share - is using that is reported by smbd(8) + is using that is reported by smbd(8) when a client queries the filesystem type for a share. The default type is NTFS for compatibility with Windows NT but this can be changed to other strings such as Samba or FAT if required. @@ -1717,7 +2075,10 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: fstype = Samba -

    get quota command (G)

    The get quota command should only be used +

    + +get quota command (G) +

    The get quota command should only be used whenever there is no operating system API available from the OS that samba can use.

    This option is only available with ./configure --with-sys-quotas. Or on linux when ./configure --with-quotas was used and a working quota api @@ -1729,13 +2090,19 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: get quota command = /usr/local/sbin/query_quota -

    getwd cache (G)

    This is a tuning option. When this is enabled a +

    + +getwd cache (G) +

    This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially - when the wide smbconfoptions parameter is set to no.

    Default: getwd cache = yes + when the wide smbconfoptions parameter is set to no.

    Default: getwd cache = yes -

    guest account (G)

    This is a username which will be used for access - to services which are specified as guest ok (see below). Whatever privileges this +

    + +guest account (G) +

    This is a username which will be used for access + to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require a valid login. The user account "ftp" is often a good choice @@ -1752,22 +2119,34 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'

    Example: guest account = ftp -

    public

    This parameter is a synonym for guest ok.

    guest ok (S)

    If this parameter is yes for +

    public

    This parameter is a synonym for guest ok.

    + +guest ok (S) +

    If this parameter is yes for a service, then no password is required to connect to the service. - Privileges will be those of the guest account.

    This paramater nullifies the benifits of setting - restrict anonymous = 2 -

    See the section below on security for more information about this option. + Privileges will be those of the guest account.

    This paramater nullifies the benifits of setting + restrict anonymous = 2 +

    See the section below on security for more information about this option.

    Default: guest ok = no -

    only guest

    This parameter is a synonym for guest only.

    guest only (S)

    If this parameter is yes for +

    only guest

    This parameter is a synonym for guest only.

    + +guest only (S) +

    If this parameter is yes for a service, then only guest connections to the service are permitted. - This parameter will have no effect if guest ok is not set for the service.

    See the section below on security for more information about this option. + This parameter will have no effect if guest ok is not set for the service.

    See the section below on security for more information about this option.

    Default: guest only = no -

    hide dot files (S)

    This is a boolean parameter that controls whether +

    + +hide dot files (S) +

    This is a boolean parameter that controls whether files starting with a dot appear as hidden files.

    Default: hide dot files = yes -

    hide files (S)

    This is a list of files or directories that are not +

    + +hide files (S) +

    This is a list of files or directories that are not visible but are accessible. The DOS 'hidden' attribute is applied to any files or directories that match.

    Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' @@ -1778,7 +2157,7 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' as it will be forced to check all files and directories for a match as they are scanned.

    The example shown above is based on files that the Macintosh - SMB client (DAVE) available from + SMB client (DAVE) available from Thursby creates for internal use, and also still hides all files beginning with a dot.

    @@ -1789,21 +2168,33 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

    Default: hide files = # no file are hidden -

    hide special files (S)

    +

    + +hide special files (S) +

    This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings.

    Default: hide special files = no -

    hide unreadable (S)

    This parameter prevents clients from seeing the +

    + +hide unreadable (S) +

    This parameter prevents clients from seeing the existance of files that cannot be read. Defaults to off.

    Default: hide unreadable = no -

    hide unwriteable files (S)

    +

    + +hide unwriteable files (S) +

    This parameter prevents clients from seeing the existance of files that cannot be written to. Defaults to off. Note that unwriteable directories are shown as usual.

    Default: hide unwriteable files = no -

    homedir map (G)

    - If nis homedir is yes, and smbd(8) is also acting as a Win95/98 logon server +

    + +homedir map (G) +

    + If nis homedir is yes, and smbd(8) is also acting as a Win95/98 logon server then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun auto.home map format is understood. The form of the map is: 

    @@ -1817,15 +2208,21 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
 
 
    Example: homedir map = amd.homedir
 
-
    host msdfs (G)

    +

    + +host msdfs (G) +

    If set to yes, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server.

    - See also the msdfs root share level parameter. For more information on + See also the msdfs root share level parameter. For more information on setting up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO.

    Default: host msdfs = yes -

    hostname lookups (G)

    Specifies whether samba should use (expensive) +

    + +hostname lookups (G) +

    Specifies whether samba should use (expensive) hostname lookups or use the ip addresses instead. An example place where hostname lookups are currently used is when checking the hosts deny and hosts allow. @@ -1833,7 +2230,10 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

    Example: hostname lookups = yes -

    allow hosts

    This parameter is a synonym for hosts allow.

    hosts allow (S)

    A synonym for this parameter is allow hosts.

    This parameter is a comma, space, or tab delimited +

    allow hosts

    This parameter is a synonym for hosts allow.

    + +hosts allow (S) +

    A synonym for this parameter is allow hosts.

    This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.

    If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.

    You can specify the hosts by name or IP number. For @@ -1843,67 +2243,85 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/ page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also.

    Note that the localhost address 127.0.0.1 will always - be allowed access unless specifically denied by a hosts deny option.

    You can also specify hosts by network/netmask pairs and + be allowed access unless specifically denied by a hosts deny option.

    You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:

    Example 1: allow all IPs in 150.203.*.*; except one

    hosts allow = 150.203. EXCEPT 150.203.6.66

    Example 2: allow hosts that match the given network/netmask

    hosts allow = 150.203.15.0/255.255.255.0

    Example 3: allow a couple of hosts

    hosts allow = lapland, arvidsjaur

    Example 4: allow only hosts in NIS netgroup "foonet", but - deny access from one particular host

    hosts allow = @foonet

    hosts deny = pirate

    Note

    Note that access still requires suitable user-level passwords.

    See testparm(1) for a way of testing your host access + deny access from one particular host

    hosts allow = @foonet

    hosts deny = pirate

    Note

    Note that access still requires suitable user-level passwords.

    See testparm(1) for a way of testing your host access to see if it does what you expect.

    Default: hosts allow = # none (i.e., all hosts permitted access)

    Example: hosts allow = 150.203.5. myhost.mynet.edu.au -

    deny hosts

    This parameter is a synonym for hosts deny.

    hosts deny (S)

    The opposite of hosts allow +

    deny hosts

    This parameter is a synonym for hosts deny.

    + +hosts deny (S) +

    The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the allow list takes precedence.

    In the event that it is necessary to deny all by default, use the keyword ALL (or the netmask 0.0.0.0/0) and then explicitly specify - to the hosts allow = hosts allow parameter those hosts + to the hosts allow = hosts allow parameter those hosts that should be permitted access.

    Default: hosts deny = # none (i.e., no hosts specifically excluded)

    Example: hosts deny = 150.203.4. badhost.mynet.edu.au -

    idmap alloc backend (G)

    +

    + +idmap alloc backend (G) +

    The idmap alloc backend provides a plugin interface for Winbind to use when allocating Unix uids/gids for Windows SIDs. This option is - to be used in conjunction with the idmap domains + to be used in conjunction with the idmap domains parameter and refers to the name of the idmap module which will provide the id allocation functionality. Please refer to the man page for each idmap plugin to determine whether or not the module implements - the allocation feature. The most common plugins are the tdb (idmap_tdb(8)) - and ldap (idmap_ldap(8)) libraries. -

    Also refer to the idmap alloc config option. + the allocation feature. The most common plugins are the tdb (idmap_tdb(8)) + and ldap (idmap_ldap(8)) libraries. +

    Also refer to the idmap alloc config option.

    No default

    Example: idmap alloc backend = tdb -

    idmap alloc config (G)

    +

    + +idmap alloc config (G) +

    The idmap alloc config prefix provides a means of managing settings - for the backend defined by the idmap alloc backend + for the backend defined by the idmap alloc backend parameter. Refer to the man page for each idmap plugin regarding specific configuration details. -

    No default

    idmap backend (G)

    +

    No default

    + +idmap backend (G) +

    The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables. This option is mutually exclusive with the newer and more flexible - idmap domains parameter. The main difference + idmap domains parameter. The main difference between the "idmap backend" and the "idmap domains" is that the former only allows on backend for all domains while the latter supports configuring backends on a per domain basis. -

    Examples of SID/uid/gid backends include tdb (idmap_tdb(8)), - ldap (idmap_ldap(8)), rid (idmap_rid(8)), - and ad (idmap_tdb(8)). +

    Examples of SID/uid/gid backends include tdb (idmap_tdb(8)), + ldap (idmap_ldap(8)), rid (idmap_rid(8)), + and ad (idmap_tdb(8)).

    Default: idmap backend = tdb -

    idmap cache time (G)

    This parameter specifies the number of seconds that Winbind's +

    + +idmap cache time (G) +

    This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results.

    Default: idmap cache time = 900 -

    idmap config (G)

    +

    + +idmap config (G) +

    The idmap config prefix provides a means of managing each domain - defined by the idmap domains option using Samba's + defined by the idmap domains option using Samba's parameteric option support. The idmap config prefix should be followed by the name of the domain, a colon, and a setting specific to the chosen backend. There are three options available for all domains: @@ -1917,11 +2335,11 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/ domain SID).

    readonly = [yes|no]

    Mark the domain as readonly which means that no attempts to - allocate a uid or gid (by the idmap alloc backend) for any user or group in that domain + allocate a uid or gid (by the idmap alloc backend) for any user or group in that domain will be attempted.

    - The following example illustrates how to configure the idmap_ad(8) - for the CORP domain and the idmap_tdb(8) backend for all other domains. The + The following example illustrates how to configure the idmap_ad(8) + for the CORP domain and the idmap_tdb(8) backend for all other domains. The TRUSTEDDOMAINS string is simply a key used to reference the "idmap config" settings and does not represent the actual name of a domain. 

    @@ -1933,52 +2351,78 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
 	idmap config TRUSTEDDOMAINS:backend = tdb
 	idmap config TRUSTEDDOMAINS:default = yes
 	idmap config TRUSTEDDOMAINS:range   = 1000 - 9999
-

    No default

    idmap domains (G)

    +

    No default

    + +idmap domains (G) +

    The idmap domains option defines a list of Windows domains which will each have a separately configured backend for managing Winbind's SID/uid/gid - tables. This parameter is mutually exclusive with the older idmap backend option. + tables. This parameter is mutually exclusive with the older idmap backend option.

    Values consist of the short domain name for Winbind's primary or collection of trusted domains. You may also use an arbitrary string to represent a catchall domain backend for any domain not explicitly listed.

    - Refer to the idmap config for details about + Refer to the idmap config for details about managing the SID/uid/gid backend for each domain.

    No default

    Example: idmap domains = default AD CORP -

    winbind gid

    This parameter is a synonym for idmap gid.

    idmap gid (G)

    The idmap gid parameter specifies the range of group ids +

    winbind gid

    This parameter is a synonym for idmap gid.

    + +idmap gid (G) +

    The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or NIS groups within it as strange conflicts can - occur otherwise.

    See also the idmap backend, idmap domains, and idmap config options. + occur otherwise.

    See also the idmap backend, idmap domains, and idmap config options.

    Default: idmap gid =

    Example: idmap gid = 10000-20000 -

    idmap negative cache time (G)

    This parameter specifies the number of seconds that Winbind's +

    + +idmap negative cache time (G) +

    This parameter specifies the number of seconds that Winbind's idmap interface will cache negative SID/uid/gid query results.

    Default: idmap negative cache time = 120 -

    winbind uid

    This parameter is a synonym for idmap uid.

    idmap uid (G)

    +

    winbind uid

    This parameter is a synonym for idmap uid.

    + +idmap uid (G) +

    The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs. This range of ids should have no existing local - or NIS users within it as strange conflicts can occur otherwise.

    See also the idmap backend, idmap domains, and idmap config options. + or NIS users within it as strange conflicts can occur otherwise.

    See also the idmap backend, idmap domains, and idmap config options.

    Default: idmap uid =

    Example: idmap uid = 10000-20000 -

    include (G)

    +

    + +include (G) +

    This allows you to include one config file inside another. The file is included literally, as though typed in place.

    It takes the standard substitutions, except %u, %P and %S. +

    + The parameter include = registry has + a special meaning: It does not include + a file named registry from the current working + directory, but instead reads the global configuration options + from the registry. See the section on registry-based + configuration for details. Note that this option + automatically activates registry shares.

    Default: include =

    Example: include = /usr/local/samba/lib/admin_smb.conf -

    inherit acls (S)

    This parameter can be used to ensure that if default acls +

    + +inherit acls (S) +

    This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating a new file or subdirectory in these parent directories. The default behavior is to use the unix mode specified when creating the directory. @@ -1986,7 +2430,10 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/ default directory acls are propagated.

    Default: inherit acls = no -

    inherit owner (S)

    The ownership of new files and directories +

    + +inherit owner (S) +

    The ownership of new files and directories is normally governed by effective uid of the connected user. This option allows the Samba administrator to specify that the ownership for new files and directories should be controlled @@ -1995,19 +2442,25 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/ delete them and to ensure that newly create files in a user's roaming profile directory are actually owner by the user.

    Default: inherit owner = no -

    inherit permissions (S)

    - The permissions on new files and directories are normally governed by create mask, - directory mask, force create mode and force directory mode but the boolean inherit permissions parameter overrides this. +

    + +inherit permissions (S) +

    + The permissions on new files and directories are normally governed by create mask, + directory mask, force create mode and force directory mode but the boolean inherit permissions parameter overrides this.

    New directories inherit the mode of the parent directory, including bits such as setgid.

    New files inherit their read/write bits from the parent directory. Their execute bits continue to be - determined by map archive, map hidden and map system as usual. + determined by map archive, map hidden and map system as usual.

    Note that the setuid bit is never set via inheritance (the code explicitly prohibits this).

    This can be particularly useful on large systems with many users, perhaps several thousand, to allow a single [homes] share to be used flexibly by each user.

    Default: inherit permissions = no -

    interfaces (G)

    This option allows you to override the default +

    + +interfaces (G) +

    This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NBT traffic. By default Samba will query the kernel for the list of all active interfaces and use any @@ -2031,7 +2484,10 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

    Example: interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 -

    invalid users (S)

    This is a list of users that should not be allowed +

    + +invalid users (S) +

    This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.

    A name starting with a '@' is interpreted as an NIS @@ -2051,8 +2507,11 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

    Example: invalid users = root fred admin @wheel -

    iprint server (G)

    - This parameter is only applicable if printing is set to iprint. +

    + +iprint server (G) +

    + This parameter is only applicable if printing is set to iprint.

    If set, this option overrides the ServerName option in the CUPS client.conf. This is necessary if you have virtual samba servers that connect to different CUPS daemons. @@ -2060,34 +2519,46 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

    Example: iprint server = MYCUPSSERVER -

    keepalive (G)

    The value of the parameter (an integer) represents +

    + +keepalive (G) +

    The value of the parameter (an integer) represents the number of seconds between keepalive packets. If this parameter is zero, no keepalive packets will be sent. Keepalive packets, if sent, allow the server to tell whether a client is still present and responding.

    Keepalives should, in general, not be needed if the socket - has the SO_KEEPALIVE attribute set on it by default. (see socket options). + has the SO_KEEPALIVE attribute set on it by default. (see socket options). Basically you should only use this option if you strike difficulties.

    Default: keepalive = 300

    Example: keepalive = 600 -

    kernel change notify (S)

    This parameter specifies whether Samba should ask the +

    + +kernel change notify (S) +

    This parameter specifies whether Samba should ask the kernel for change notifications in directories so that SMB clients can refresh whenever the data on the server changes.

    This parameter is only used when your kernel supports change notification to user programs using the inotify interface.

    Default: kernel change notify = yes -

    kernel oplocks (G)

    For UNIXes that support kernel based oplocks +

    + +kernel oplocks (G) +

    For UNIXes that support kernel based oplocks (currently only IRIX and the Linux 2.4 kernel), this parameter allows the use of them to be turned on or off.

    Kernel oplocks support allows Samba oplocks to be broken whenever a local UNIX process or NFS operation - accesses a file that smbd(8) has oplocked. This allows complete + accesses a file that smbd(8) has oplocked. This allows complete data consistency between SMB/CIFS, NFS and local file access (and is a very cool feature :-).

    This parameter defaults to on, but is translated to a no-op on systems that no not have the necessary kernel support. You should never need to touch this parameter.

    Default: kernel oplocks = yes -

    lanman auth (G)

    This parameter determines whether or not smbd(8) will attempt to +

    + +lanman auth (G) +

    This parameter determines whether or not smbd(8) will attempt to authenticate users or permit password changes using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, but not @@ -2104,8 +2575,11 @@ Basically you should only use this option if you strike difficulties.

    Defa permited. Not all clients support NTLMv2, and most will require special configuration to use it.

    Default: lanman auth = no -

    large readwrite (G)

    This parameter determines whether or not - smbd(8) supports the new 64k +

    + +large readwrite (G) +

    This parameter determines whether or not + smbd(8) supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs this requires Samba to be running on a 64-bit capable operating @@ -2113,54 +2587,107 @@ Basically you should only use this option if you strike difficulties.

    Defa performance by 10% with Windows 2000 clients. Defaults to on. Not as tested as some other Samba code paths.

    Default: large readwrite = yes -

    ldap admin dn (G)

    - The ldap admin dn defines the Distinguished Name (DN) name used by Samba to contact - the ldap server when retreiving user account information. The ldap admin dn is used +

    + +ldap admin dn (G) +

    + The ldap admin dn defines the Distinguished Name (DN) name used by Samba to contact + the ldap server when retreiving user account information. The ldap admin dn is used in conjunction with the admin dn password stored in the private/secrets.tdb - file. See the smbpasswd(8) + file. See the smbpasswd(8) man page for more information on how to accomplish this.

    - The ldap admin dn requires a fully specified DN. The ldap suffix is not appended to the ldap admin dn. -

    No default

    ldap delete dn (G)

    This parameter specifies whether a delete + The ldap admin dn requires a fully specified DN. The ldap suffix is not appended to the ldap admin dn. +

    No default

    + +ldap debug level (G) +

    + This parameter controls the debug level of the LDAP library + calls. In the case of OpenLDAP, it is the same + bit-field as understood by the server and documented in the + slapd.conf(5) + manpage. + A typical useful value will be + 1 for tracing function calls. +

    + The debug ouput from the LDAP libraries appears with the + prefix [LDAP] in Samba's logging output. + The level at which LDAP logging is printed is controlled by the + parameter ldap debug threshold. +

    Default: ldap debug level = 0 + +

    Example: ldap debug level = 1 + +

    + +ldap debug threshold (G) +

    + This parameter controls the Samba debug level at which + the ldap library debug output is + printed in the Samba logs. See the description of + ldap debug level for details. +

    Default: ldap debug threshold = 10 + +

    Example: ldap debug threshold = 5 + +

    + +ldap delete dn (G) +

    This parameter specifies whether a delete operation in the ldapsam deletes the complete entry or only the attributes specific to Samba.

    Default: ldap delete dn = no -

    ldap group suffix (G)

    This parameter specifies the suffix that is +

    + +ldap group suffix (G) +

    This parameter specifies the suffix that is used for groups when these are added to the LDAP directory. - If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the - ldap suffix string so use a partial DN.

    Default: ldap group suffix = + If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the + ldap suffix string so use a partial DN.

    Default: ldap group suffix =

    Example: ldap group suffix = ou=Groups -

    ldap idmap suffix (G)

    +

    + +ldap idmap suffix (G) +

    This parameters specifies the suffix that is used when storing idmap mappings. If this parameter - is unset, the value of ldap suffix will be used instead. The suffix - string is pre-pended to the ldap suffix string so use a partial DN. + is unset, the value of ldap suffix will be used instead. The suffix + string is pre-pended to the ldap suffix string so use a partial DN.

    Default: ldap idmap suffix =

    Example: ldap idmap suffix = ou=Idmap -

    ldap machine suffix (G)

    +

    + +ldap machine suffix (G) +

    It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of - ldap suffix will be used instead. The suffix string is pre-pended to the - ldap suffix string so use a partial DN. + ldap suffix will be used instead. The suffix string is pre-pended to the + ldap suffix string so use a partial DN.

    Default: ldap machine suffix =

    Example: ldap machine suffix = ou=Computers -

    ldap passwd sync (G)

    +

    + +ldap passwd sync (G) +

    This option is used to define whether or not Samba should sync the LDAP password with the NT and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password change via SAMBA.

    - The ldap passwd sync can be set to one of three values: + The ldap passwd sync can be set to one of three values:

    • Yes = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.

    • No = Update NT and LM passwords and update the pwdLastSet time.

    • Only = Only update the LDAP password and let the LDAP server do the rest.

    Default: ldap passwd sync = no -

    ldap replication sleep (G)

    +

    + +ldap replication sleep (G) +

    When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server. This server then replicates our changes back to the 'local' server, however the replication might take some seconds, especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success' @@ -2173,7 +2700,10 @@ Basically you should only use this option if you strike difficulties.

    Defa The value is specified in milliseconds, the maximum value is 5000 (5 seconds).

    Default: ldap replication sleep = 1000 -

    ldapsam:editposix (G)

    +

    + +ldapsam:editposix (G) +

    Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller eliminating the need to set up custom scripts to add and manage the posix users and groups. This option will instead directly manipulate the ldap tree to create, remove and modify user and group entries. @@ -2186,8 +2716,8 @@ Basically you should only use this option if you strike difficulties.

    Defa provision. To run this command the ldap server must be running, Winindd must be running and the smb.conf ldap options must be properly configured. - The typical ldap setup used with the ldapsam:trusted = yes option - is usually sufficient to use ldapsam:editposix = yes as well. + The typical ldap setup used with the ldapsam:trusted = yes option + is usually sufficient to use ldapsam:editposix = yes as well.

    An example configuration can be the following: @@ -2252,7 +2782,10 @@ Basically you should only use this option if you strike difficulties.

    Defa

    Default: ldapsam:editposix = no -

    ldapsam:trusted (G)

    +

    + +ldapsam:trusted (G) +

    By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he @@ -2260,54 +2793,69 @@ Basically you should only use this option if you strike difficulties.

    Defa counterparts in LDAP. UNIX has optimized functions to enumerate group membership. Sadly, other functions that are used to deal with user and group attributes lack such optimization.

    - To make Samba scale well in large environments, the ldapsam:trusted = yes + To make Samba scale well in large environments, the ldapsam:trusted = yes option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are stored together with the POSIX data in the same LDAP object. If these assumptions are met, - ldapsam:trusted = yes can be activated and Samba can bypass the + ldapsam:trusted = yes can be activated and Samba can bypass the NSS system to query user group memberships. Optimized LDAP queries can greatly speed up domain logon and administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries is easily achieved.

    Default: ldapsam:trusted = no -

    ldap ssl (G)

    This option is used to define whether or not Samba should +

    + +ldap ssl (G) +

    This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is NOT related to Samba's previous SSL support which was enabled by specifying the --with-ssl option to the configure - script.

    The ldap ssl can be set to one of three values:

    • Off = Never + script.

      The ldap ssl can be set to one of three values:

      • Off = Never use SSL when querying the directory.

      • Start_tls = Use the LDAPv3 StartTLS extended operation (RFC2830) for communicating with the directory server.

      • On = Use SSL on the ldaps port when contacting the ldap server. Only available when the backwards-compatiblity --with-ldapsam option is specified - to configure. See passdb backend

        . + to configure. See passdb backend

        .

      Default: ldap ssl = start_tls -

    ldap suffix (G)

    Specifies the base for all ldap suffixes and for storing the sambaDomain object.

    - The ldap suffix will be appended to the values specified for the ldap user suffix, - ldap group suffix, ldap machine suffix, and the - ldap idmap suffix. Each of these should be given only a DN relative to the - ldap suffix. +

    + +ldap suffix (G) +

    Specifies the base for all ldap suffixes and for storing the sambaDomain object.

    + The ldap suffix will be appended to the values specified for the ldap user suffix, + ldap group suffix, ldap machine suffix, and the + ldap idmap suffix. Each of these should be given only a DN relative to the + ldap suffix.

    Default: ldap suffix =

    Example: ldap suffix = dc=samba,dc=org -

    ldap timeout (G)

    +

    + +ldap timeout (G) +

    When Samba connects to an ldap server that servermay be down or unreachable. To prevent Samba from hanging whilst waiting for the connection this parameter specifies in seconds how long Samba should wait before failing the connect. The default is to only wait fifteen seconds for the ldap server to respond to the connect request.

    Default: ldap timeout = 15 -

    ldap user suffix (G)

    +

    + +ldap user suffix (G) +

    This parameter specifies where users are added to the tree. If this parameter is unset, - the value of ldap suffix will be used instead. The suffix - string is pre-pended to the ldap suffix string so use a partial DN. + the value of ldap suffix will be used instead. The suffix + string is pre-pended to the ldap suffix string so use a partial DN.

    Default: ldap user suffix =

    Example: ldap user suffix = ou=people -

    level2 oplocks (S)

    This parameter controls whether Samba supports +

    + +level2 oplocks (S) +

    This parameter controls whether Samba supports level2 (read-only) oplocks on a share.

    Level2, or read-only oplocks allow Windows NT clients that have an oplock on a file to downgrade from a read-write oplock to a read-only oplock once a second client opens the file (instead @@ -2321,13 +2869,16 @@ Basically you should only use this option if you strike difficulties.

    Defa or waited for) and told to break their oplocks to "none" and delete any read-ahead caches.

    It is recommended that this parameter be turned on to speed access to shared executables.

    For more discussions on level2 oplocks see the CIFS spec.

    - Currently, if kernel oplocks are supported then + Currently, if kernel oplocks are supported then level2 oplocks are not granted (even if this parameter is set to - yes). Note also, the oplocks + yes). Note also, the oplocks parameter must be set to yes on this share in order for this parameter to have any effect.

    Default: level2 oplocks = yes -

    lm announce (G)

    This parameter determines if nmbd(8) will produce Lanman announce +

    + +lm announce (G) +

    This parameter determines if nmbd(8) will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three values, yes, no, or @@ -2335,30 +2886,39 @@ Basically you should only use this option if you strike difficulties.

    Defa If set to no Samba will never produce these broadcasts. If set to yes Samba will produce Lanman announce broadcasts at a frequency set by the parameter - lm interval. If set to auto + lm interval. If set to auto Samba will not send Lanman announce broadcasts by default but will listen for them. If it hears such a broadcast on the wire it will then start sending them at a frequency set by the parameter - lm interval.

    Default: lm announce = auto + lm interval.

    Default: lm announce = auto

    Example: lm announce = yes -

    lm interval (G)

    If Samba is set to produce Lanman announce +

    + +lm interval (G) +

    If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the - lm announce parameter) then this + lm announce parameter) then this parameter defines the frequency in seconds with which they will be made. If this is set to zero then no Lanman announcements will be - made despite the setting of the lm announce + made despite the setting of the lm announce parameter.

    Default: lm interval = 60

    Example: lm interval = 120 -

    load printers (G)

    A boolean variable that controls whether all +

    + +load printers (G) +

    A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. - See the printers section for + See the printers section for more details.

    Default: load printers = yes -

    local master (G)

    This option allows nmbd(8) to try and become a local master browser +

    + +local master (G) +

    This option allows nmbd(8) to try and become a local master browser on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By @@ -2368,9 +2928,12 @@ Basically you should only use this option if you strike difficulties.

    Defa will participate in elections for local master browser.

    Setting this value to no will cause nmbd never to become a local master browser.

    Default: local master = yes -

    lock dir

    This parameter is a synonym for lock directory.

    lock directory (G)

    This option specifies the directory where lock +

    lock dir

    This parameter is a synonym for lock directory.

    + +lock directory (G) +

    This option specifies the directory where lock files will be placed. The lock files are used to implement the - max connections option. + max connections option.

    Note: This option can not be set inside registry configurations. @@ -2378,7 +2941,10 @@ master browser.

    Default:

    Example: lock directory = /var/run/samba/locks -

    locking (S)

    This controls whether or not locking will be +

    + +locking (S) +

    This controls whether or not locking will be performed by the server in response to lock requests from the client.

    If locking = no, all lock and unlock requests will appear to succeed and all lock queries will report @@ -2388,37 +2954,54 @@ master browser.

    Default: CDROM drives), although setting this parameter of no is not really recommended even in this case.

    Be careful about disabling locking either globally or in a specific service, as lack of locking may result in data corruption. - You should never need to set this parameter.

    No default

    lock spin count (G)

    This parameter has been made inoperative in Samba 3.0.24. + You should never need to set this parameter.

    No default

    + +lock spin count (G) +

    This parameter has been made inoperative in Samba 3.0.24. The functionality it contolled is now controlled by the parameter - lock spin time. + lock spin time.

    Default: lock spin count = 0 -

    lock spin time (G)

    The time in microseconds that smbd should +

    + +lock spin time (G) +

    The time in microseconds that smbd should keep waiting to see if a failed lock request can be granted. This parameter has changed in default value from Samba 3.0.23 from 10 to 200. The associated - lock spin count parameter is + lock spin count parameter is no longer used in Samba 3.0.24. You should not need to change the value of this parameter.

    Default: lock spin time = 200 -

    log file (G)

    +

    + +log file (G) +

    This option allows you to override the name of the Samba log file (also known as the debug file).

    This option takes the standard substitutions, allowing you to have separate log files for each user or machine.

    No default

    Example: log file = /usr/local/samba/var/log.%m -

    debuglevel

    This parameter is a synonym for log level.

    log level (G)

    +

    debuglevel

    This parameter is a synonym for log level.

    + +log level (G) +

    The value of the parameter (a astring) allows the debug level (logging level) to be specified in the - smb.conf file. This parameter has been extended since the 2.2.x - series, now it allow to specify the debug level for multiple debug classes. This is to give greater - flexibility in the configuration of the system. -

    - The default will be the log level specified on the command line or level zero if none was specified. -

    No default

    Example: log level = 3 passdb:5 auth:10 winbind:2 + smb.conf file. +

    This parameter has been extended since the 2.2.x + series, now it allows to specify the debug level for multiple + debug classes. This is to give greater flexibility in the configuration + of the system. The following debug classes are currently implemented: +

    • all

    • tdb

    • printdrivers

    • lanman

    • smb

    • rpc_parse

    • rpc_srv

    • rpc_cli

    • passdb

    • sam

    • auth

    • winbind

    • vfs

    • idmap

    • quota

    • acls

    • locking

    • msdfs

    • dmapi

    • registry

    Default: log level = 0 -

    logon drive (G)

    +

    Example: log level = 3 passdb:5 auth:10 winbind:2 + +

    + +logon drive (G) +

    This parameter specifies the local path to which the home directory will be - connected (see logon home) and is only used by NT + connected (see logon home) and is only used by NT Workstations.

    Note that this option is only useful if Samba is set up as a logon server. @@ -2426,7 +3009,10 @@ master browser.

    Default:

    Example: logon drive = h: -

    logon home (G)

    +

    + +logon home (G) +

    This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do

    @@ -2445,23 +3031,26 @@ master browser.

    Default: in a NetUserGetInfo request. Win9X clients truncate the info to \\server\share when a user does net use /home but use the whole string when dealing with profiles.

    - Note that in prior versions of Samba, the logon path was returned rather than + Note that in prior versions of Samba, the logon path was returned rather than logon home. This broke net use /home but allowed profiles outside the home directory. The current implementation is correct, and can be used for profiles if you use the above trick.

    - Disable this feature by setting logon home = "" - using the empty string. + Disable this feature by setting logon home = "" - using the empty string.

    This option is only useful if Samba is set up as a logon server.

    Default: logon home = \\%N\%U

    Example: logon home = \\remote_smb_server\%U -

    logon path (G)

    +

    + +logon path (G) +

    This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the - logon home parameter. + logon home parameter.

    This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine. It also specifies the directory from which the "Application Data", desktop, start menu, network neighborhood, programs and other @@ -2490,7 +3079,7 @@ master browser.

    Default: provided system tool).

    Note that this option is only useful if Samba is set up as a domain controller.

    Disable the use of roaming profiles by setting the value of this parameter to the empty string. For - example, logon path = "". Take note that even if the default setting + example, logon path = "". Take note that even if the default setting in the smb.conf file is the empty string, any value specified in the user account settings in the passdb backend will over-ride the effect of setting this parameter to null. Disabling of all roaming profile use requires that the user account settings must also be blank. @@ -2501,13 +3090,16 @@ logon path = \\PROFILESERVER\PROFILE\%U

    Default: logon path = \\%N\%U\profile -

    logon script (G)

    +

    + +logon script (G) +

    This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.

    The script must be a relative path to the [netlogon] service. If the [netlogon] - service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is: + service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is: 

     	/usr/local/samba/netlogon/STARTUP.BAT

    @@ -2532,7 +3124,10 @@ logon path = \\PROFILESERVER\PROFILE\%U

    Example: logon script = scripts\%U.bat -

    lppause command (S)

    This parameter specifies the command to be +

    + +lppause command (S) +

    This parameter specifies the command to be executed on the server host in order to stop printing or spooling a specific print job.

    This command should be a program or script which takes a printer name and job number to pause the print job. One way @@ -2547,7 +3142,7 @@ logon path = \\PROFILESERVER\PROFILE\%U will have the SPOOLED or PRINTING status.

    Note that it is good practice to include the absolute path in the lppause command as the PATH may not be available to the server.

    Default: lppause command = # Currently no default value is given to - this string, unless the value of the printing + this string, unless the value of the printing parameter is SYSV, in which case the default is : lp -i %p-%j -H hold or if the value of the printing parameter is @@ -2556,7 +3151,10 @@ logon path = \\PROFILESERVER\PROFILE\%U

    Example: lppause command = /usr/bin/lpalt %p-%j -p0 -

    lpq cache time (G)

    This controls how long lpq info will be cached +

    + +lpq cache time (G) +

    This controls how long lpq info will be cached for to prevent the lpq command being called too often. A separate cache is kept for each variation of the lpq command used by the system, so if you use different @@ -2569,7 +3167,10 @@ logon path = \\PROFILESERVER\PROFILE\%U

    Example: lpq cache time = 10 -

    lpq command (S)

    This parameter specifies the command to be +

    + +lpq command (S) +

    This parameter specifies the command to be executed on the server host in order to obtain lpq -style printer status information.

    This command should be a program or script which takes a printer name as its only parameter and outputs printer @@ -2591,20 +3192,26 @@ logon path = \\PROFILESERVER\PROFILE\%U

    Example: lpq command = /usr/bin/lpq -P%p -

    lpresume command (S)

    This parameter specifies the command to be +

    + +lpresume command (S) +

    This parameter specifies the command to be executed on the server host in order to restart or continue printing or spooling a specific print job.

    This command should be a program or script which takes a printer name and job number to resume the print job. See - also the lppause command parameter.

    If a %p is given then the printer name + also the lppause command parameter.

    If a %p is given then the printer name is put in its place. A %j is replaced with the job number (an integer).

    Note that it is good practice to include the absolute path in the lpresume command as the PATH may not - be available to the server.

    See also the printing parameter.

    Default: Currently no default value is given + be available to the server.

    See also the printing parameter.

    Default: Currently no default value is given to this string, unless the value of the printing - parameter is SYSV, in which case the default is :

    lp -i %p-%j -H resume

    or if the value of the printing parameter - is SOFTQ, then the default is:

    qstat -s -j%j -r

    Default: lpresume command = lpresume command = /usr/bin/lpalt %p-%j -p2 + parameter is SYSV, in which case the default is:

    lp -i %p-%j -H resume

    or if the value of the printing parameter + is SOFTQ, then the default is:

    qstat -s -j%j -r

    No default

    Example: lpresume command = /usr/bin/lpalt %p-%j -p2 -

    lprm command (S)

    This parameter specifies the command to be +

    + +lprm command (S) +

    This parameter specifies the command to be executed on the server host in order to delete a print job.

    This command should be a program or script which takes a printer name and job number, and deletes the print job.

    If a %p is given then the printer name is put in its place. A %j is replaced with @@ -2621,32 +3228,41 @@ lprm command = /usr/bin/cancel %p-%j

    Default: lprm command = determined by printing parameter -

    machine password timeout (G)

    - If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change +

    + +machine password timeout (G) +

    + If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb . This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in seconds), the same as a Windows NT Domain member server.

    - See also smbpasswd(8), - and the security = domain parameter. + See also smbpasswd(8), + and the security = domain parameter.

    Default: machine password timeout = 604800 -

    magic output (S)

    +

    + +magic output (S) +

    This parameter specifies the name of a file which will contain output created by a magic script (see the - magic script parameter below). + magic script parameter below).

    Warning

    If two clients use the same magic script in the same directory the output file content is undefined.

    Default: magic output = <magic script name>.out

    Example: magic output = myfile.txt -

    magic script (S)

    This parameter specifies the name of a file which, +

    + +magic script (S) +

    This parameter specifies the name of a file which, if opened, will be executed by the server when the file is closed. This allows a UNIX script to be sent to the Samba host and executed on behalf of the connected user.

    Scripts executed in this way will be deleted upon completion assuming that the user has the appropriate level of privilege and the file permissions allow the deletion.

    If the script generates output, output will be sent to - the file specified by the magic output + the file specified by the magic output parameter (see above).

    Note that some shells are unable to interpret scripts containing CR/LF instead of CR as the end-of-line marker. Magic scripts must be executable @@ -2656,30 +3272,12 @@ lprm command = /usr/bin/cancel %p-%j

    Example: magic script = user.csh -

    mangled map (S)

    - This is for those who want to directly map UNIX file names which cannot be represented on - Windows/DOS. The mangling of names is not always what is needed. In particular you may have - documents with file extensions that differ between DOS and UNIX. - For example, under UNIX it is common to use .html - for HTML files, whereas under Windows/DOS .htm - is more commonly used. -

    - So to map html to htm - you would use: -

    - mangled map = (*.html *.htm). -

    - One very useful case is to remove the annoying ;1 off - the ends of filenames on some CDROMs (only visible under some UNIXes). To do this use a map of - (*;1 *;). -

    Default: mangled map = -# no mangled map - -

    Example: mangled map = (*;1 *;) - -

    mangled names (S)

    This controls whether non-DOS names under UNIX +

    + +mangled names (S) +

    This controls whether non-DOS names under UNIX should be mapped to DOS-compatible names ("mangled") and made visible, - or whether non-DOS names should simply be ignored.

    See the section on name mangling for + or whether non-DOS names should simply be ignored.

    See the section on name mangling for details on how to control the mangling process.

    If mangling is used then the mangling algorithm is as follows:

    • The first (up to) five alphanumeric characters before the rightmost dot of the filename are preserved, forced to upper case, and appear as the first (up to) five characters @@ -2689,7 +3287,7 @@ lprm command = /usr/bin/cancel %p-%j extension). The final extension is included in the hash calculation only if it contains any upper case characters or is longer than three characters.

      Note that the character to use may be specified using - the mangling char + the mangling char option, if you don't like '~'.

    • Files whose UNIX name begins with a dot will be presented as DOS hidden files. The mangled name will be created as for other filenames, but with the leading dot removed and "___" as @@ -2702,7 +3300,10 @@ lprm command = /usr/bin/cancel %p-%j from Windows/DOS and will retain the same basename. Mangled names do not change between sessions.

      Default: mangled names = yes -

    mangle prefix (G)

    controls the number of prefix +

    + +mangle prefix (G) +

    controls the number of prefix characters from the original name used when generating the mangled names. A larger value will give a weaker hash and therefore more name collisions. The minimum @@ -2712,14 +3313,20 @@ lprm command = /usr/bin/cancel %p-%j

    Example: mangle prefix = 4 -

    mangling char (S)

    This controls what character is used as - the magic character in name mangling. The +

    + +mangling char (S) +

    This controls what character is used as + the magic character in name mangling. The default is a '~' but this may interfere with some software. Use this option to set it to whatever you prefer. This is effective only when mangling method is hash.

    Default: mangling char = ~

    Example: mangling char = ^ -

    mangling method (G)

    controls the algorithm used for the generating +

    + +mangling method (G) +

    controls the algorithm used for the generating the mangled names. Can take two different values, "hash" and "hash2". "hash" is the algorithm that was used used in Samba for many years and was the default in Samba 2.2.x "hash2" is @@ -2730,7 +3337,10 @@ lprm command = /usr/bin/cancel %p-%j

    Example: mangling method = hash -

    map acl inherit (S)

    This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected' +

    + +map acl inherit (S) +

    This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected' access control entry flags stored in Windows ACLs into an extended attribute called user.SAMBA_PAI. This parameter only takes effect if Samba is being run on a platform that supports extended attributes (Linux and IRIX so far) and @@ -2738,7 +3348,10 @@ lprm command = /usr/bin/cancel %p-%j POSIX ACL mapping code.

    Default: map acl inherit = no -

    map archive (S)

    +

    + +map archive (S) +

    This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit. The DOS archive bit is set when a file has been modified since its last backup. One @@ -2746,23 +3359,29 @@ lprm command = /usr/bin/cancel %p-%j any file it touches from becoming executable under UNIX. This can be quite annoying for shared source code, documents, etc...

    - Note that this requires the create mask parameter to be set such that owner + Note that this requires the create mask parameter to be set such that owner execute bit is not masked out (i.e. it must include 100). See the parameter - create mask for details. + create mask for details.

    Default: map archive = yes -

    map hidden (S)

    +

    + +map hidden (S) +

    This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.

    - Note that this requires the create mask to be set such that the world execute - bit is not masked out (i.e. it must include 001). See the parameter create mask + Note that this requires the create mask to be set such that the world execute + bit is not masked out (i.e. it must include 001). See the parameter create mask for details. -

    No default

    map read only (S)

    +

    No default

    + +map read only (S) +

    This controls how the DOS read only attribute should be mapped from a UNIX filesystem.

    - This parameter can take three different values, which tell smbd(8) how to display the read only attribute on files, where either - store dos attributes is set to No, or no extended attribute is - present. If store dos attributes is set to yes then this + This parameter can take three different values, which tell smbd(8) how to display the read only attribute on files, where either + store dos attributes is set to No, or no extended attribute is + present. If store dos attributes is set to yes then this parameter is ignored. This is a new parameter introduced in Samba version 3.0.21.

    The three settings are :

    • Yes - The read only DOS attribute is mapped to the inverse of the user @@ -2770,35 +3389,41 @@ lprm command = /usr/bin/cancel %p-%j read only attribute is reported as being set on the file.

    • Permissions - The read only DOS attribute is mapped to the effective permissions of - the connecting user, as evaluated by smbd(8) by reading the unix permissions and POSIX ACL (if present). + the connecting user, as evaluated by smbd(8) by reading the unix permissions and POSIX ACL (if present). If the connecting user does not have permission to modify the file, the read only attribute is reported as being set on the file.

    • No - The read only DOS attribute is unaffected by permissions, and can only be set by - the store dos attributes method. This may be useful for exporting mounted CDs. + the store dos attributes method. This may be useful for exporting mounted CDs.

    Default: map read only = yes -

    map system (S)

    +

    + +map system (S) +

    This controls whether DOS style system files should be mapped to the UNIX group execute bit.

    - Note that this requires the create mask to be set such that the group + Note that this requires the create mask to be set such that the group execute bit is not masked out (i.e. it must include 010). See the parameter - create mask for details. + create mask for details.

    Default: map system = no -

    map to guest (G)

    This parameter is only useful in SECURITY = - security modes other than security = share +

    + +map to guest (G) +

    This parameter is only useful in SECURITY = + security modes other than security = share and security = server - i.e. user, and domain.

    This parameter can take four different values, which tell - smbd(8) what to do with user + smbd(8) what to do with user login requests that don't match a valid UNIX user in some way.

    The four settings are :

    • Never - Means user login requests with an invalid password are rejected. This is the default.

    • Bad User - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and - mapped into the guest account.

    • Bad Password - Means user logins + mapped into the guest account.

    • Bad Password - Means user logins with an invalid password are treated as a guest login and mapped - into the guest account. Note that + into the guest account. Note that this can cause problems as it means that any user incorrectly typing their password will be silently logged on as "guest" - and will not know the reason they cannot access files they think @@ -2828,15 +3453,21 @@ lprm command = /usr/bin/cancel %p-%j

      Example: map to guest = Bad User -

    max connections (S)

    This option allows the number of simultaneous connections to a service to be limited. +

    + +max connections (S) +

    This option allows the number of simultaneous connections to a service to be limited. If max connections is greater than 0 then connections will be refused if this number of connections to the service are already open. A value of zero mean an unlimited number of connections may be made.

    Record lock files are used to implement this feature. The lock files will be stored in - the directory specified by the lock directory option.

    Default: max connections = 0 + the directory specified by the lock directory option.

    Default: max connections = 0

    Example: max connections = 10 -

    max disk size (G)

    This option allows you to put an upper limit +

    + +max disk size (G) +

    This option allows you to put an upper limit on the apparent size of disks. If you set this option to 100 then all shares will appear to be not larger than 100 MB in size.

    Note that this option does not limit the amount of @@ -2850,7 +3481,10 @@ lprm command = /usr/bin/cancel %p-%j

    Example: max disk size = 1000 -

    max log size (G)

    +

    + +max log size (G) +

    This option (an integer in kilobytes) specifies the max size the log file should grow to. Samba periodically checks the size and if it is exceeded it will rename the file, adding a .old extension. @@ -2859,26 +3493,38 @@ lprm command = /usr/bin/cancel %p-%j

    Example: max log size = 1000 -

    max mux (G)

    This option controls the maximum number of +

    + +max mux (G) +

    This option controls the maximum number of outstanding simultaneous SMB operations that Samba tells the client it will allow. You should never need to set this parameter.

    Default: max mux = 50 -

    max open files (G)

    This parameter limits the maximum number of - open files that one smbd(8) file +

    + +max open files (G) +

    This parameter limits the maximum number of + open files that one smbd(8) file serving process may have open for a client at any one time. The default for this parameter is set very high (10,000) as Samba uses only one bit per unopened file.

    The limit of the number of open files is usually set by the UNIX per-process file descriptor limit rather than this parameter so you should never need to touch this parameter.

    Default: max open files = 10000 -

    max print jobs (S)

    This parameter limits the maximum number of +

    + +max print jobs (S) +

    This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. - If this number is exceeded, smbd(8) will remote "Out of Space" to the client. + If this number is exceeded, smbd(8) will remote "Out of Space" to the client.

    Default: max print jobs = 1000

    Example: max print jobs = 5000 -

    protocol

    This parameter is a synonym for max protocol.

    max protocol (G)

    The value of the parameter (a string) is the highest +

    protocol

    This parameter is a synonym for max protocol.

    + +max protocol (G) +

    The value of the parameter (a string) is the highest protocol level that will be supported by the server.

    Possible values are :

    • CORE: Earliest version. No concept of user names.

    • COREPLUS: Slight improvements on CORE for efficiency.

    • LANMAN1: First @@ -2890,7 +3536,10 @@ lprm command = /usr/bin/cancel %p-%j

      Example: max protocol = LANMAN1 -

    max reported print jobs (S)

    +

    + +max reported print jobs (S) +

    This parameter limits the maximum number of jobs displayed in a port monitor for Samba printer queue at any given moment. If this number is exceeded, the excess jobs will not be shown. A value of zero means there is no limit on the number of @@ -2899,15 +3548,21 @@ lprm command = /usr/bin/cancel %p-%j

    Example: max reported print jobs = 1000 -

    max smbd processes (G)

    This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended +

    + +max smbd processes (G) +

    This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections. Remember that under normal operating - conditions, each user will have an smbd(8) associated with him or her to handle connections to all + conditions, each user will have an smbd(8) associated with him or her to handle connections to all shares from a given host.

    Default: max smbd processes = 0

    Example: max smbd processes = 1000 -

    max stat cache size (G)

    This parameter limits the size in memory of any +

    + +max stat cache size (G) +

    This parameter limits the size in memory of any stat cache being used to speed up case insensitive name mappings. This parameter is the number of kilobyte (1024) units the stat cache can use. @@ -2917,18 +3572,27 @@ lprm command = /usr/bin/cancel %p-%j

    Example: max stat cache size = 100 -

    max ttl (G)

    This option tells nmbd(8) what the default 'time to live' +

    + +max ttl (G) +

    This option tells nmbd(8) what the default 'time to live' of NetBIOS names should be (in seconds) when nmbd is requesting a name using either a broadcast packet or from a WINS server. You should never need to change this parameter. The default is 3 days.

    Default: max ttl = 259200 -

    max wins ttl (G)

    This option tells smbd(8) when acting as a WINS server - (wins support = yes) what the maximum +

    + +max wins ttl (G) +

    This option tells smbd(8) when acting as a WINS server + (wins support = yes) what the maximum 'time to live' of NetBIOS names that nmbd will grant will be (in seconds). You should never need to change this parameter. The default is 6 days (518400 seconds).

    Default: max wins ttl = 518400 -

    max xmit (G)

    This option controls the maximum packet size +

    + +max xmit (G) +

    This option controls the maximum packet size that will be negotiated by Samba. The default is 16644, which matches the behavior of Windows 2000. A value below 2048 is likely to cause problems. You should never need to change this parameter from its default value. @@ -2936,7 +3600,10 @@ lprm command = /usr/bin/cancel %p-%j

    Example: max xmit = 8192 -

    message command (G)

    This specifies what command to run when the +

    + +message command (G) +

    This specifies what command to run when the server receives a WinPopup style message.

    This would normally be a command that would deliver the message somehow. How this is to be done is up to your imagination.

    An example is: @@ -2975,26 +3642,35 @@ lprm command = /usr/bin/cancel %p-%j

    Example: message command = csh -c 'xedit %s; rm %s' & -

    min print space (S)

    This sets the minimum amount of free disk +

    + +min print space (S) +

    This sets the minimum amount of free disk space that must be available before a user will be able to spool a print job. It is specified in kilobytes. The default is 0, which means a user can always spool a print job.

    Default: min print space = 0

    Example: min print space = 2000 -

    min protocol (G)

    The value of the parameter (a string) is the +

    + +min protocol (G) +

    The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer - to the max protocol + to the max protocol parameter for a list of valid protocol names and a brief description of each. You may also wish to refer to the C source code in source/smbd/negprot.c for a listing of known protocol dialects supported by clients.

    If you are viewing this parameter as a security measure, you should - also refer to the lanman auth parameter. Otherwise, you should never need + also refer to the lanman auth parameter. Otherwise, you should never need to change this parameter.

    Default: min protocol = CORE

    Example: min protocol = NT1 -

    min receivefile size (G)

    This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming +

    + +min receivefile size (G) +

    This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will be passed to any underlying kernel recvfile or splice system call (if there is no such call Samba will emulate in user space). This allows zero-copy writes directly from network @@ -3003,21 +3679,30 @@ but user testing is recommended. If set to zero Samba processes SMBwriteX calls normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.

    Note this option will have NO EFFECT if set on a SMB signed connection.

    The default is zero, which diables this option.

    Default: min receivefile size = 0 -

    min wins ttl (G)

    This option tells nmbd(8) - when acting as a WINS server (wins support = yes) what the minimum 'time to live' +

    + +min wins ttl (G) +

    This option tells nmbd(8) + when acting as a WINS server (wins support = yes) what the minimum 'time to live' of NetBIOS names that nmbd will grant will be (in seconds). You should never need to change this parameter. The default is 6 hours (21600 seconds).

    Default: min wins ttl = 21600 -

    msdfs proxy (S)

    This parameter indicates that the share is a +

    + +msdfs proxy (S) +

    This parameter indicates that the share is a stand-in for another CIFS share whose location is specified by the value of the parameter. When clients attempt to connect to this share, they are redirected to the proxied share using the SMB-Dfs protocol.

    Only Dfs roots can act as proxy shares. Take a look at the - msdfs root and host msdfs + msdfs root and host msdfs options to find out how to set up a Dfs root share.

    No default

    Example: msdfs proxy = \otherserver\someshare -

    msdfs root (S)

    If set to yes, Samba treats the +

    + +msdfs root (S) +

    If set to yes, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic @@ -3025,14 +3710,20 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se and so on. For more information on setting up a Dfs tree on Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.

    Default: msdfs root = no -

    name cache timeout (G)

    Specifies the number of seconds it takes before +

    + +name cache timeout (G) +

    Specifies the number of seconds it takes before entries in samba's hostname resolve cache time out. If the timeout is set to 0. the caching is disabled.

    Default: name cache timeout = 660

    Example: name cache timeout = 0 -

    name resolve order (G)

    This option is used by the programs in the Samba +

    + +name resolve order (G) +

    This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses. Its main purpose to is to control how netbios name resolution is performed. The option takes a space @@ -3050,9 +3741,9 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se useful for active directory domains and results in a DNS query for the SRV RR entry matching _ldap._tcp.domain.

  • wins : Query a name with - the IP address listed in the WINSSERVER parameter. If no WINS server has + the IP address listed in the WINSSERVER parameter. If no WINS server has been specified this method will be ignored.

  • bcast : Do a broadcast on - each of the known local interfaces listed in the interfaces + each of the known local interfaces listed in the interfaces parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet.

    • The example below will cause the local lmhosts file to be examined @@ -3063,7 +3754,10 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se

    Example: name resolve order = lmhosts bcast host -

    netbios aliases (G)

    This is a list of NetBIOS names that nmbd will +

    + +netbios aliases (G) +

    This is a list of NetBIOS names that nmbd will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon @@ -3073,7 +3767,10 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se

    Example: netbios aliases = TEST TEST1 TEST2 -

    netbios name (G)

    +

    + +netbios name (G) +

    This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of the hosts DNS name) will be the name that these services are advertised under. @@ -3086,11 +3783,17 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se

    Example: netbios name = MYNAME -

    netbios scope (G)

    This sets the NetBIOS scope that Samba will +

    + +netbios scope (G) +

    This sets the NetBIOS scope that Samba will operate under. This should not be set unless every machine on your LAN also sets this value.

    Default: netbios scope = -

    nis homedir (G)

    Get the home share server from a NIS map. For +

    + +nis homedir (G) +

    Get the home share server from a NIS map. For UNIX systems that use an automounter, the user's home directory will often be mounted on a workstation on demand from a remote server.

    When the Samba logon server is not the actual home directory @@ -3104,19 +3807,25 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se it will be mounted on the Samba client directly from the directory server. When Samba is returning the home share to the client, it will consult the NIS map specified in - homedir map and return the server + homedir map and return the server listed there.

    Note that for this option to work there must be a working NIS system and the Samba server with this option must also be a logon server.

    Default: nis homedir = no -

    nt acl support (S)

    This boolean parameter controls whether smbd(8) will attempt to map +

    + +nt acl support (S) +

    This boolean parameter controls whether smbd(8) will attempt to map UNIX permissions into Windows NT access control lists. The UNIX permissions considered are the the traditional UNIX owner and group permissions, as well as POSIX ACLs set on any files or directories. This parameter was formally a global parameter in releases prior to 2.2.2.

    Default: nt acl support = yes -

    ntlm auth (G)

    This parameter determines whether or not smbd(8) will attempt to +

    + +ntlm auth (G) +

    This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response. If disabled, either the lanman password hash or an NTLMv2 response will need to be sent by the client.

    If this option, and lanman @@ -3124,44 +3833,62 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se permited. Not all clients support NTLMv2, and most will require special configuration to us it.

    Default: ntlm auth = yes -

    nt pipe support (G)

    This boolean parameter controls whether - smbd(8) will allow Windows NT +

    + +nt pipe support (G) +

    This boolean parameter controls whether + smbd(8) will allow Windows NT clients to connect to the NT SMB specific IPC$ pipes. This is a developer debugging option and can be left alone.

    Default: nt pipe support = yes -

    nt status support (G)

    This boolean parameter controls whether smbd(8) will negotiate NT specific status +

    + +nt status support (G) +

    This boolean parameter controls whether smbd(8) will negotiate NT specific status support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. If this option is set to no then Samba offers exactly the same DOS error codes that versions prior to Samba 2.2.3 reported.

    You should not need to ever disable this parameter.

    Default: nt status support = yes -

    null passwords (G)

    Allow or disallow client access to accounts that have null passwords.

    See also smbpasswd(5).

    Default: null passwords = no +

    + +null passwords (G) +

    Allow or disallow client access to accounts that have null passwords.

    See also smbpasswd(5).

    Default: null passwords = no -

    obey pam restrictions (G)

    When Samba 3.0 is configured to enable PAM support +

    + +obey pam restrictions (G) +

    When Samba 3.0 is configured to enable PAM support (i.e. --with-pam), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior is to use PAM for clear text authentication only and to ignore any account or session management. Note that Samba - always ignores PAM for authentication in the case of encrypt passwords = yes. The reason + always ignores PAM for authentication in the case of encrypt passwords = yes. The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption.

    Default: obey pam restrictions = no -

    only user (S)

    This is a boolean option that controls whether +

    + +only user (S) +

    This is a boolean option that controls whether connections with usernames not in the user list will be allowed. By default this option is disabled so that a client can supply a username to be used by the server. Enabling this parameter will force the server to only use the login names from the user list and is only really - useful in security = share level security.

    Note that this also means Samba won't try to deduce + useful in security = share level security.

    Note that this also means Samba won't try to deduce usernames from the service name. This can be annoying for the [homes] section. To get around this you could use user = %S which means your user list will be just the service name, which for home directories is the name of the user.

    Default: only user = no -

    oplock break wait time (G)

    +

    + +oplock break wait time (G) +

    This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too quickly when that client issues an SMB that can cause an oplock break request, then the network client can fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount @@ -3170,11 +3897,14 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.

    Default: oplock break wait time = 0 -

    oplock contention limit (S)

    - This is a very advanced smbd(8) tuning option to improve the efficiency of the +

    + +oplock contention limit (S) +

    + This is a very advanced smbd(8) tuning option to improve the efficiency of the granting of oplocks under multiple client contention for the same file.

    - In brief it specifies a number, which causes smbd(8)not to grant an oplock even when requested if the + In brief it specifies a number, which causes smbd(8)not to grant an oplock even when requested if the approximate number of clients contending for an oplock on the same file goes over this limit. This causes smbd to behave in a similar way to Windows NT. @@ -3182,7 +3912,10 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.

    Default: oplock contention limit = 2 -

    oplocks (S)

    +

    + +oplocks (S) +

    This boolean option tells smbd whether to issue oplocks (opportunistic locks) to file open requests on this share. The oplock code can dramatically (approx. 30% or more) improve @@ -3194,14 +3927,17 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se docs/ directory.

    Oplocks may be selectively turned off on certain files with a share. See - the veto oplock files parameter. On some systems + the veto oplock files parameter. On some systems oplocks are recognized by the underlying operating system. This allows data synchronization between all access to oplocked files, whether it be via Samba or NFS or a local UNIX process. See the - kernel oplocks parameter for details. + kernel oplocks parameter for details.

    Default: oplocks = yes -

    os2 driver map (G)

    The parameter is used to define the absolute +

    + +os2 driver map (G) +

    The parameter is used to define the absolute path to a file containing a mapping of Windows NT printer driver names to OS/2 printer driver names. The format is:

    <nt driver name> = <os2 driver name>.<device name>

    For example, a valid entry using the HP LaserJet 5 printer driver would appear as HP LaserJet 5L = LASERJET.HP @@ -3211,9 +3947,12 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.

    Default: os2 driver map = -

    os level (G)

    +

    + +os level (G) +

    This integer value controls what level Samba advertises itself as for browse elections. The value of this - parameter determines whether nmbd(8) has a chance of becoming a local master browser for the workgroup in the local broadcast area. + parameter determines whether nmbd(8) has a chance of becoming a local master browser for the workgroup in the local broadcast area.

    Note: By default, Samba will win a local master browsing election over all Microsoft operating systems except a Windows NT 4.0/2000 Domain Controller. This means that a misconfigured Samba host can @@ -3226,22 +3965,31 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se

    Example: os level = 65 -

    pam password change (G)

    With the addition of better PAM support in Samba 2.2, +

    + +pam password change (G) +

    With the addition of better PAM support in Samba 2.2, this parameter, it is possible to use PAM's password change control flag for Samba. If enabled, then PAM will be used for password changes when requested by an SMB client instead of the program listed in - passwd program. + passwd program. It should be possible to enable this without changing your - passwd chat parameter for most setups.

    Default: pam password change = no + passwd chat parameter for most setups.

    Default: pam password change = no -

    panic action (G)

    This is a Samba developer option that allows a - system command to be called when either smbd(8) or nmbd(8) crashes. This is usually used to +

    + +panic action (G) +

    This is a Samba developer option that allows a + system command to be called when either smbd(8) or nmbd(8) crashes. This is usually used to draw attention to the fact that a problem occurred.

    Default: panic action =

    Example: panic action = "/bin/sleep 90000" -

    paranoid server security (G)

    Some version of NT 4.x allow non-guest +

    + +paranoid server security (G) +

    Some version of NT 4.x allow non-guest users with a bad passowrd. When this option is enabled, samba will not use a broken NT 4.x server as password server, but instead complain to the logs and exit. @@ -3249,23 +3997,26 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se this check, which involves deliberatly attempting a bad logon to the remote server.

    Default: paranoid server security = yes -

    passdb backend (G)

    This option allows the administrator to chose which backend +

    + +passdb backend (G) +

    This option allows the administrator to chose which backend will be used for storing user and possibly group information. This allows - you to swap between dfferent storage mechanisms without recompile.

    The parameter value is divided into two parts, the backend's name, and a 'location' + you to swap between different storage mechanisms without recompile.

    The parameter value is divided into two parts, the backend's name, and a 'location' string that has meaning only to that particular backed. These are separated by a : character.

    Available backends can include:

    • smbpasswd - The default smbpasswd backend. Takes a path to the smbpasswd file as an optional argument.

    • tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the private dir directory.

    • ldapsam - The LDAP based passdb + in the private dir directory.

    • ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)

      LDAP connections should be secured where possible. This may be done using either - Start-TLS (see ldap ssl) or by + Start-TLS (see ldap ssl) or by specifying ldaps:// in - the URL argument.

      Multiple servers may also be specified in double-quotes, if your - LDAP libraries supports the LDAP URL notation. - (OpenLDAP does). + the URL argument.

      Multiple servers may also be specified in double-quotes. + Whether multiple servers are supported or not and the exact + syntax depends on the LDAP library you use.

    @@ -3273,34 +4024,68 @@ nonzero. The maximum value is 128k. Values greater than 128k will be silently se 
     passdb backend = tdbsam:/etc/samba/private/passdb.tdb 
 
-or
+or multi server LDAP URL with OpenLDAP library:
 
 passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"
+
+or multi server LDAP URL with Netscape based LDAP library:
+
+passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"

    Default: passdb backend = smbpasswd -

    passdb expand explicit (G)

    +

    + +passdb expand explicit (G) +

    This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable %G_osver% in which %G would have been substituted by the user's primary group.

    Default: passdb expand explicit = no -

    passwd chat (G)

    This string controls the "chat" - conversation that takes places between smbd(8) and the local password changing +

    + +passwd chat debug (G) +

    This boolean specifies if the passwd chat script + parameter is run in debug mode. In this mode the + strings passed to and received from the passwd chat are printed + in the smbd(8) log with a + debug level + of 100. This is a dangerous option as it will allow plaintext passwords + to be seen in the smbd log. It is available to help + Samba admins debug their passwd chat scripts + when calling the passwd program and should + be turned off after this has been done. This option has no effect if the + pam password change + parameter is set. This parameter is off by default.

    Default: passwd chat debug = no + +

    + +passwd chat timeout (G) +

    This integer specifies the number of seconds smbd will wait for an initial + answer from a passwd chat script being run. Once the initial answer is received + the subsequent answers must be received in one tenth of this time. The default it + two seconds.

    Default: passwd chat timeout = 2 + +

    + +passwd chat (G) +

    This string controls the "chat" + conversation that takes places between smbd(8) and the local password changing program to change the user's password. The string describes a - sequence of response-receive pairs that smbd(8) uses to determine what to send to the - passwd program and what to expect back. If the expected output is not + sequence of response-receive pairs that smbd(8) uses to determine what to send to the + passwd program and what to expect back. If the expected output is not received then the password is not changed.

    This chat sequence is often quite site specific, depending on what local methods are used for password control (such as NIS - etc).

    Note that this parameter only is only used if the unix password sync parameter is set to yes. This sequence is + etc).

    Note that this parameter only is only used if the unix password sync parameter is set to yes. This sequence is then called AS ROOT when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. This means that root must be able to reset the user's password without knowing the text of the previous password. In the presence of - NIS/YP, this means that the passwd program must + NIS/YP, this means that the passwd program must be executed on the NIS master.

    The string can contain the macro %n which is substituted for the new password. The old passsword (%o) is only available when - encrypt passwords has been disabled. + encrypt passwords has been disabled. The chat sequence can also contain the standard macros \n, \r, \t and \s to give line-feed, carriage-return, tab and space. The chat sequence string can also contain @@ -3308,32 +4093,17 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com" be used to collect strings with spaces in them into a single string.

    If the send string in any part of the chat sequence is a full stop ".", then no string is sent. Similarly, if the - expect string is a full stop then no string is expected.

    If the pam password change parameter is set to yes, the + expect string is a full stop then no string is expected.

    If the pam password change parameter is set to yes, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions.

    Default: passwd chat = *new*password* %n\n*new*password* %n\n *changed*

    Example: passwd chat = "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*" -

    passwd chat debug (G)

    This boolean specifies if the passwd chat script - parameter is run in debug mode. In this mode the - strings passed to and received from the passwd chat are printed - in the smbd(8) log with a - debug level - of 100. This is a dangerous option as it will allow plaintext passwords - to be seen in the smbd log. It is available to help - Samba admins debug their passwd chat scripts - when calling the passwd program and should - be turned off after this has been done. This option has no effect if the - pam password change - parameter is set. This parameter is off by default.

    Default: passwd chat debug = no - -

    passwd chat timeout (G)

    This integer specifies the number of seconds smbd will wait for an initial - answer from a passwd chat script being run. Once the initial answer is received - the subsequent answers must be received in one tenth of this time. The default it - two seconds.

    Default: passwd chat timeout = 2 - -

    passwd program (G)

    The name of a program that can be used to set +

    + +passwd program (G) +

    The name of a program that can be used to set UNIX user passwords. Any occurrences of %u will be replaced with the user name. The user name is checked for existence before calling the password changing program.

    Also note that many passwd programs insist in reasonable @@ -3354,7 +4124,10 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"

    Example: passwd program = /bin/passwd %u -

    password level (G)

    Some client/server combinations have difficulty +

    + +password level (G) +

    Some client/server combinations have difficulty with mixed-case passwords. One offending client is Windows for Workgroups, which for some reason forces passwords to upper case when using the LANMAN1 protocol, but leaves them alone when @@ -3372,11 +4145,14 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com" process a new connection.

    A value of zero will cause only two attempts to be made - the password as is and the password in all-lower case.

    This parameter is used only when using plain-text passwords. It is not at all used when encrypted passwords as in use (that is the default - since samba-3.0.0). Use this only when encrypt passwords = No.

    Default: password level = 0 + since samba-3.0.0). Use this only when encrypt passwords = No.

    Default: password level = 0

    Example: password level = 4 -

    password server (G)

    By specifying the name of another SMB server +

    + +password server (G) +

    By specifying the name of another SMB server or Active Directory domain controller with this option, and using security = [ads|domain|server] it is possible to get Samba to @@ -3388,7 +4164,7 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com" Samba will use the standard LDAP port of tcp/389. Note that port numbers have no effect on password servers for Windows NT 4.0 domains or netbios connections.

    If parameter is a name, it is looked up using the - parameter name resolve order and so may resolved + parameter name resolve order and so may resolved by any method and order described in that parameter.

    The password server must be a machine capable of using the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user level security mode.

    Note

    Using a password server means your UNIX box (running @@ -3438,7 +4214,10 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"

    Example: password server = * -

    directory

    This parameter is a synonym for path.

    path (S)

    This parameter specifies a directory to which +

    directory

    This parameter is a synonym for path.

    + +path (S) +

    This parameter specifies a directory to which the user of the service is to be given access. In the case of printable services, this is where print data will spool prior to being submitted to the host for printing.

    For a printable service offering guest access, the service @@ -3450,26 +4229,35 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com" on this connection. Any occurrences of %m will be replaced by the NetBIOS name of the machine they are connecting from. These replacements are very useful for setting - up pseudo home directories for users.

    Note that this path will be based on root dir + up pseudo home directories for users.

    Note that this path will be based on root dir if one was specified.

    Default: path =

    Example: path = /home/fred -

    pid directory (G)

    +

    + +pid directory (G) +

    This option specifies the directory where pid files will be placed.

    Default: pid directory = ${prefix}/var/locks

    Example: pid directory = pid directory = /var/run/ -

    posix locking (S)

    - The smbd(8) +

    + +posix locking (S) +

    + The smbd(8) daemon maintains an database of file locks obtained by SMB clients. The default behavior is to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are consistent with those seen by POSIX compliant applications accessing the files via a non-SMB method (e.g. NFS or local file access). You should never need to disable this parameter.

    Default: posix locking = yes -

    postexec (S)

    This option specifies a command to be run +

    + +postexec (S) +

    This option specifies a command to be run whenever the service is disconnected. It takes the usual substitutions. The command may be run as the root on some systems.

    An interesting example may be to unmount server @@ -3477,29 +4265,38 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"

    Example: postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log -

    exec

    This parameter is a synonym for preexec.

    preexec (S)

    This option specifies a command to be run whenever +

    + +preexec close (S) +

    + This boolean option controls whether a non-zero return code from preexec + should close the service being connected to. +

    Default: preexec close = no + +

    exec

    This parameter is a synonym for preexec.

    + +preexec (S) +

    This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.

    An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here is an example:

    preexec = csh -c 'echo \"Welcome to %S!\" | /usr/local/samba/bin/smbclient -M %m -I %I' &

    Of course, this could get annoying after a while :-)

    - See also preexec close and postexec. + See also preexec close and postexec.

    Default: preexec =

    Example: preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log -

    preexec close (S)

    - This boolean option controls whether a non-zero return code from preexec - should close the service being connected to. -

    Default: preexec close = no - -

    prefered master

    This parameter is a synonym for preferred master.

    preferred master (G)

    - This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup. +

    prefered master

    This parameter is a synonym for preferred master.

    + +preferred master (G) +

    + This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup.

    If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this - parameter is used in conjunction with domain master = yes, so that + parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.

    Use this option with caution, because if there are several hosts (whether Samba servers, Windows 95 or NT) @@ -3508,38 +4305,53 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com" capabilities.

    Default: preferred master = auto -

    auto services

    This parameter is a synonym for preload.

    preload (G)

    This is a list of services that you want to be +

    + +preload modules (G) +

    This is a list of paths to modules that should + be loaded into smbd before a client connects. This improves + the speed of smbd when reacting to new connections somewhat.

    Default: preload modules = + +

    Example: preload modules = /usr/lib/samba/passdb/mysql.so + +

    auto services

    This parameter is a synonym for preload.

    + +preload (G) +

    This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be visible.

    Note that if you just want all printers in your - printcap file loaded then the load printers + printcap file loaded then the load printers option is easier.

    Default: preload =

    Example: preload = fred lp colorlp -

    preload modules (G)

    This is a list of paths to modules that should - be loaded into smbd before a client connects. This improves - the speed of smbd when reacting to new connections somewhat.

    Default: preload modules = - -

    Example: preload modules = /usr/lib/samba/passdb/mysql.so - -

    preserve case (S)

    +

    + +preserve case (S) +

    This controls if new filenames are created with the case that the client passes, or if - they are forced to be the default case. + they are forced to be the default case.

    - See the section on NAME MANGLING for a fuller discussion. + See the section on NAME MANGLING for a fuller discussion.

    Default: preserve case = yes -

    print ok

    This parameter is a synonym for printable.

    printable (S)

    If this parameter is yes, then +

    print ok

    This parameter is a synonym for printable.

    + +printable (S) +

    If this parameter is yes, then clients may open, write to and submit spool files on the directory specified for the service.

    Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling - of print data. The read only parameter controls only non-printing access to + of print data. The read only parameter controls only non-printing access to the resource.

    Default: printable = no -

    printcap cache time (G)

    This option specifies the number of seconds before the printing +

    + +printcap cache time (G) +

    This option specifies the number of seconds before the printing subsystem is again asked for the known printers. If the value is greater than 60 the initial waiting time is set to 60 seconds to allow an earlier first rescan of the printing subsystem. @@ -3549,12 +4361,15 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"

    Example: printcap cache time = 600 -

    printcap

    This parameter is a synonym for printcap name.

    printcap name (S)

    +

    printcap

    This parameter is a synonym for printcap name.

    + +printcap name (S) +

    This parameter may be used to override the compiled-in default printcap name used by the server (usually - /etc/printcap). See the discussion of the [printers] section above for reasons why you might want to do this. + /etc/printcap). See the discussion of the [printers] section above for reasons why you might want to do this.

    To use the CUPS printing interface set printcap name = cups . This should - be supplemented by an addtional setting printing = cups in the [global] + be supplemented by an addtional setting printing = cups in the [global] section. printcap name = cups will use the "dummy" printcap created by CUPS, as specified in your CUPS configuration file.

    @@ -3584,7 +4399,10 @@ print5|My Printer 5

    Example: printcap name = /etc/myprintcap -

    print command (S)

    After a print job has finished spooling to +

    + +print command (S) +

    After a print job has finished spooling to a service, this command will be used via a system() call to process the spool file. Typically the command specified will submit the spool file to the host's printing subsystem, but there @@ -3607,17 +4425,17 @@ print5|My Printer 5 printable service nor a global print command, spool files will be created but not processed and (most importantly) not removed.

    Note that printing may fail on some UNIXes from the nobody account. If this happens then create - an alternative guest account that can print and set the guest account + an alternative guest account that can print and set the guest account in the [global] section.

    You can form quite complex print commands by realizing that they are just passed to a shell. For example the following will log a print job, print the file, then remove it. Note that ';' is the usual separator for command in shell scripts.

    print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s

    You may have to vary this command considerably depending on how you normally print files on your system. The default for - the parameter varies depending on the setting of the printing + the parameter varies depending on the setting of the printing parameter.

    Default: For printing = BSD, AIX, QNX, LPRNG or PLP :

    print command = lpr -r -P%p %s

    For printing = SYSV or HPUX :

    print command = lp -c -d%p %s; rm %s

    For printing = SOFTQ :

    print command = lp -d%p -s %s; rm %s

    For printing = CUPS : If SAMBA is compiled against - libcups, then printcap = cups + libcups, then printcap = cups uses the CUPS API to submit jobs, etc. Otherwise it maps to the System V commands with the -oraw option for printing, i.e. it @@ -3626,7 +4444,10 @@ print5|My Printer 5 and if SAMBA is compiled against libcups, any manually set print command will be ignored.

    No default

    Example: print command = /usr/local/samba/bin/myprintscript %p %s -

    printer admin (S)

    +

    + +printer admin (S) +

    This lists users who can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation). @@ -3642,20 +4463,26 @@ print5|My Printer 5

    Example: printer admin = admin, @staff -

    printer

    This parameter is a synonym for printer name.

    printer name (S)

    +

    printer

    This parameter is a synonym for printer name.

    + +printer name (S) +

    This parameter specifies the name of the printer to which print jobs spooled through a printable service will be sent.

    If specified in the [global] section, the printer name given will be used for any printable service that does not have its own printer name specified.

    - The default value of the printer name may be lp on many + The default value of the printer name may be lp on many systems.

    Default: printer name = none

    Example: printer name = laserwriter -

    printing (S)

    This parameters controls how printer status information is +

    + +printing (S) +

    This parameters controls how printer status information is interpreted on your system. It also affects the default values for the print command, lpq command, lppause command , lpresume command, and lprm command if specified in the [global] section.

    Currently nine printing styles are supported. They are @@ -3664,23 +4491,32 @@ print5|My Printer 5 SYSV, HPUX, QNX, SOFTQ, and CUPS.

    To see what the defaults are for the other print - commands when using the various options use the testparm(1) program.

    This option can be set on a per printer basis. Please be + commands when using the various options use the testparm(1) program.

    This option can be set on a per printer basis. Please be aware however, that you must place any of the various printing commands (e.g. print command, lpq command, etc...) after defining the value for the printing option since it will - reset the printing commands to default values.

    See also the discussion in the - [printers] section.

    No default

    printjob username (S)

    This parameter specifies which user information will be + reset the printing commands to default values.

    See also the discussion in the + [printers] section.

    No default

    + +printjob username (S) +

    This parameter specifies which user information will be passed to the printing system. Usually, the username is sent, but in some cases, e.g. the domain prefix is useful, too.

    Default: printjob username = %U

    Example: printjob username = %D\%U -

    private dir (G)

    This parameters defines the directory +

    + +private dir (G) +

    This parameters defines the directory smbd will use for storing such files as smbpasswd and secrets.tdb.

    Default: private dir = ${prefix}/private -

    profile acls (S)

    +

    + +profile acls (S) +

    This boolean parameter was added to fix the problems that people have been having with storing user profiles on Samba shares from Windows 2000 or Windows XP clients. New versions of Windows 2000 or Windows XP service @@ -3708,7 +4544,10 @@ print5|My Printer 5 tree to the owning user.

    Default: profile acls = no -

    queuepause command (S)

    This parameter specifies the command to be +

    + +queuepause command (S) +

    This parameter specifies the command to be executed on the server host in order to pause the printer queue.

    This command should be a program or script which takes a printer name as its only parameter and stops the printer queue, such that no longer jobs are submitted to the printer.

    This command is not supported by Windows for Workgroups, @@ -3719,10 +4558,13 @@ print5|My Printer 5 path in the command as the PATH may not be available to the server.

    No default

    Example: queuepause command = disable %p -

    queueresume command (S)

    This parameter specifies the command to be +

    + +queueresume command (S) +

    This parameter specifies the command to be executed on the server host in order to resume the printer queue. It is the command to undo the behavior that is caused by the - previous parameter (queuepause command).

    This command should be a program or script which takes + previous parameter (queuepause command).

    This command should be a program or script which takes a printer name as its only parameter and resumes the printer queue, such that queued jobs are resubmitted to the printer.

    This command is not supported by Windows for Workgroups, but can be issued from the Printers window under Windows 95 @@ -3734,23 +4576,32 @@ print5|My Printer 5

    Example: queueresume command = enable %p -

    read list (S)

    +

    + +read list (S) +

    This is a list of users that are given read-only access to a service. If the connecting user is in this list - then they will not be given write access, no matter what the read only option is set - to. The list can include group names using the syntax described in the invalid users + then they will not be given write access, no matter what the read only option is set + to. The list can include group names using the syntax described in the invalid users parameter. -

    This parameter will not work with the security = share in +

    This parameter will not work with the security = share in Samba 3.0. This is by design.

    Default: read list =

    Example: read list = mary, @students -

    read only (S)

    An inverted synonym is writeable.

    If this parameter is yes, then users +

    + +read only (S) +

    An inverted synonym is writeable.

    If this parameter is yes, then users of a service may not create or modify files in the service's directory.

    Note that a printable service (printable = yes) will ALWAYS allow writing to the directory (user privileges permitting), but only via spooling operations.

    Default: read only = yes -

    read raw (G)

    This parameter controls whether or not the server +

    + +read raw (G) +

    This parameter controls whether or not the server will support the raw read SMB requests when transferring data to clients.

    If enabled, raw reads allow reads of 65535 bytes in one packet. This typically provides a major performance benefit. @@ -3759,14 +4610,20 @@ print5|My Printer 5 sizes, and for these clients you may need to disable raw reads.

    In general this parameter should be viewed as a system tuning tool and left severely alone.

    Default: read raw = yes -

    realm (G)

    This option specifies the kerberos realm to use. The realm is +

    + +realm (G) +

    This option specifies the kerberos realm to use. The realm is used as the ADS equivalent of the NT4 domain. It is usually set to the DNS name of the kerberos server.

    Default: realm =

    Example: realm = mysambabox.mycompany.com -

    registry shares (G)

    +

    + +registry shares (G) +

    This turns on or off support for share definitions read from registry. Shares defined in smb.conf take precedence over shares with the same name defined in @@ -3775,14 +4632,17 @@ print5|My Printer 5

    Note that this parameter defaults to no, but it is set to yes when - config bakend is set + config backend is set to registry.

    Default: registry shares = no

    Example: registry shares = yes -

    remote announce (G)

    - This option allows you to setup nmbd(8)to periodically announce itself +

    + +remote announce (G) +

    + This option allows you to setup nmbd(8)to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name.

    This is useful if you want your Samba server to appear in a remote workgroup for @@ -3795,7 +4655,7 @@ print5|My Printer 5

    the above line would cause nmbd to announce itself to the two given IP addresses using the given workgroup names. If you leave out the - workgroup name then the one given in the workgroup parameter + workgroup name then the one given in the workgroup parameter is used instead.

    The IP addresses you choose would normally be the broadcast addresses of the remote @@ -3805,8 +4665,11 @@ print5|My Printer 5 See the chapter on Network Browsing in the Samba-HOWTO book.

    Default: remote announce = -

    remote browse sync (G)

    - This option allows you to setup nmbd(8) to periodically request +

    + +remote browse sync (G) +

    + This option allows you to setup nmbd(8) to periodically request synchronization of browse lists with the master browser of a Samba server that is on a remote segment. This option will allow you to gain browse lists for multiple workgroups across routed networks. This @@ -3832,13 +4695,16 @@ print5|My Printer 5 that the remote machine is available, is listening, nor that it is in fact the browse master on its segment.

    - The remote browse sync may be used on networks + The remote browse sync may be used on networks where there is no WINS server, and may be used on disjoint networks where each network has its own WINS server.

    Default: remote browse sync = -

    rename user script (G)

    - This is the full pathname to a script that will be run as root by smbd(8) under special circumstances described below. +

    + +rename user script (G) +

    + This is the full pathname to a script that will be run as root by smbd(8) under special circumstances described below.

    When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager for Domains), this script will be run to rename the POSIX user. Two variables, %uold and @@ -3855,7 +4721,10 @@ print5|My Printer 5 needs to change for other applications using the same directory.

    Default: rename user script = no -

    reset on zero vc (G)

    +

    + +reset on zero vc (G) +

    This boolean option controls whether an incoming session setup should kill other connections coming from the same IP. This matches the default Windows 2003 behaviour. @@ -3874,7 +4743,10 @@ print5|My Printer 5

    Default: reset on zero vc = no -

    restrict anonymous (G)

    The setting of this parameter determines whether user and +

    + +restrict anonymous (G) +

    The setting of this parameter determines whether user and group list information is returned for an anonymous connection. and mirrors the effects of the 

    @@ -3894,17 +4766,20 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
 	means.
 	
    Note
    
     The security advantage of using restrict anonymous = 2 is removed
-    by setting guest ok = yes on any share.
+    by setting guest ok = yes on any share.
 	
    Default: restrict anonymous = 0
 
-
    root

    This parameter is a synonym for root directory.

    root dir

    This parameter is a synonym for root directory.

    root directory (G)

    The server will chroot() (i.e. +

    root

    This parameter is a synonym for root directory.

    root dir

    This parameter is a synonym for root directory.

    + +root directory (G) +

    The server will chroot() (i.e. Change its root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the server will deny access to files not in one of the service entries. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use ".." in file names to access other directories (depending on the setting of the - wide smbconfoptions parameter). + wide smbconfoptions parameter).

    Adding a root directory entry other than "/" adds an extra level of security, but at a price. It absolutely ensures that no access is given to files not in the @@ -3920,25 +4795,59 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

    Example: root directory = /homes/smb -

    root postexec (S)

    +

    + +root postexec (S) +

    This is the same as the postexec parameter except that the command is run as root. This is useful for unmounting filesystems (such as CDROMs) after a connection is closed.

    Default: root postexec = -

    root preexec (S)

    +

    + +root preexec close (S) +

    This is the same as the preexec close + parameter except that the command is run as root.

    Default: root preexec close = no + +

    + +root preexec (S) +

    This is the same as the preexec parameter except that the command is run as root. This is useful for mounting filesystems (such as CDROMs) when a connection is opened.

    Default: root preexec = -

    root preexec close (S)

    This is the same as the preexec close - parameter except that the command is run as root.

    Default: root preexec close = no +

    + +security mask (S) +

    + This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the + UNIX permission on a file using the native NT security dialog box. +

    + This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting + any bits not in this mask. Make sure not to mix up this parameter with force security mode, which works in a manner similar to this one but uses a logical OR instead of an AND. +

    + Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the + file permissions regardless of the previous status of this bits on the file. +

    + If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file. +

    + Note that users who can access the Samba server through other means can easily bypass this + restriction, so it is primarily useful for standalone "appliance" systems. Administrators of + most normal systems will probably want to leave it set to 0777. +

    Default: security mask = 0777 + +

    Example: security mask = 0770 -

    security (G)

    This option affects how clients respond to +

    + +security (G) +

    This option affects how clients respond to Samba and is one of the most important settings in the smb.conf file.

    The option sets the "security mode bit" in replies to - protocol negotiations with smbd(8) to turn share level security on or off. Clients decide + protocol negotiations with smbd(8) to turn share level security on or off. Clients decide based on this bit whether (and how) to transfer user and password information to the server.

    The default is security = user, as this is the most common setting needed when talking to Windows 98 and @@ -3959,9 +4868,9 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. It is more difficult to setup guest shares with security = user, see - the map to guestparameter for details.

    It is possible to use smbd in a + the map to guestparameter for details.

    It is possible to use smbd in a hybrid mode where it is offers both user and share - level security under different NetBIOS aliases.

    The different settings will now be explained.

    SECURITY = SHARE

    When clients connect to a share level security server they + level security under different NetBIOS aliases.

    The different settings will now be explained.

    SECURITY = SHARE

    When clients connect to a share level security server they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with @@ -3974,10 +4883,10 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ in share level security, smbd uses several techniques to determine the correct UNIX user to use on behalf of the client.

    A list of possible UNIX usernames to match with the given - client password is constructed using the following methods :

    • If the guest only parameter is set, then all the other - stages are missed and only the guest account username is checked. + client password is constructed using the following methods :

      • If the guest only parameter is set, then all the other + stages are missed and only the guest account username is checked.

      • Is a username is sent with the share connection - request, then this username (after mapping - see username map), + request, then this username (after mapping - see username map), is added as a potential username.

      • If the client did a previous logon request (the SessionSetup SMB call) then the @@ -3986,7 +4895,7 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ added as a potential username.

      • The NetBIOS name of the client is added to the list as a potential username. -

      • Any users on the user list are added as potential usernames. +

      • Any users on the user list are added as potential usernames.

      If the guest only parameter is not set, then this list is then tried with the supplied password. The first user for whom the password matches will be used as the @@ -3995,20 +4904,20 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ as available to the guest account, then this guest user will be used, otherwise access is denied.

      Note that it can be very confusing in share-level security as to which UNIX username will eventually - be used in granting access.

      See also the section + be used in granting access.

      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      SECURITY = USER

      This is the default security setting in Samba 3.0. With user-level security a client must first "log-on" with a - valid username and password (which can be mapped using the username map - parameter). Encrypted passwords (see the encrypted passwords parameter) can also - be used in this security mode. Parameters such as user and guest only if set are then applied and + valid username and password (which can be mapped using the username map + parameter). Encrypted passwords (see the encrypted passwords parameter) can also + be used in this security mode. Parameters such as user and guest only if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.

      Note that the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the guest account. - See the map to guest parameter for details on doing this.

      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      SECURITY = DOMAIN

      This mode will only work correctly if net(8) has been used to add this - machine into a Windows NT Domain. It expects the encrypted passwords + the server to automatically map unknown users into the guest account. + See the map to guest parameter for details on doing this.

      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      SECURITY = DOMAIN

      This mode will only work correctly if net(8) has been used to add this + machine into a Windows NT Domain. It expects the encrypted passwords parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly @@ -4022,13 +4931,13 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the guest account. - See the map to guest parameter for details on doing this.

      See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and - the encrypted passwords parameter.

      SECURITY = SERVER

      + the server to automatically map unknown users into the guest account. + See the map to guest parameter for details on doing this.

      See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and + the encrypted passwords parameter.

      SECURITY = SERVER

      In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box. If this fails it will revert to security = user. It expects the - encrypted passwords parameter to be set to yes, unless the remote + encrypted passwords parameter to be set to yes, unless the remote server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid smbpasswd file to check users against. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up. @@ -4048,10 +4957,10 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the guest account. - See the map to guest parameter for details on doing this.

      See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and the - encrypted passwords parameter.

      SECURITY = ADS

      In this mode, Samba will act as a domain member in an ADS realm. To operate + the server to automatically map unknown users into the guest account. + See the map to guest parameter for details on doing this.

      See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and the + encrypted passwords parameter.

      SECURITY = ADS

      In this mode, Samba will act as a domain member in an ADS realm. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility.

      Note that this mode does NOT make Samba operate as a Active Directory Domain @@ -4059,28 +4968,12 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

      Example: security = DOMAIN -

    security mask (S)

    - This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the - UNIX permission on a file using the native NT security dialog box. -

    - This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting - any bits not in this mask. Make sure not to mix up this parameter with force security mode, which works in a manner similar to this one but uses a logical OR instead of an AND. -

    - Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the - file permissions regardless of the previous status of this bits on the file. -

    - If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file. -

    - Note that users who can access the Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone "appliance" systems. Administrators of - most normal systems will probably want to leave it set to 0777. -

    Default: security mask = 0777 - -

    Example: security mask = 0770 - -

    server schannel (G)

    +

    + +server schannel (G) +

    This controls whether the server offers or even demands the use of the netlogon schannel. - server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel. + server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel. This is only the case for Windows NT4 before SP4.

    Please note that with this set to no you will have to apply the WindowsXP @@ -4089,7 +4982,10 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

    Example: server schannel = yes -

    server signing (G)

    This controls whether the server offers or requires +

    + +server signing (G) +

    This controls whether the server offers or requires the client it talks to to use SMB signing. Possible values are auto, mandatory and disabled. @@ -4097,7 +4993,10 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either.

    Default: server signing = Disabled -

    server string (G)

    This controls what string will show up in the printer comment box in print +

    + +server string (G) +

    This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view. It can be any string that you wish to show to your users.

    It also sets what will appear in browse lists next to the machine name.

    A %v will be replaced with the Samba @@ -4106,7 +5005,10 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

    Example: server string = University of GNUs Samba Server -

    set directory (S)

    +

    + +set directory (S) +

    If set directory = no, then users of the service may not use the setdir command to change directory.

    @@ -4115,7 +5017,10 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ for details.

    Default: set directory = no -

    set primary group script (G)

    Thanks to the Posix subsystem in NT a Windows User has a +

    + +set primary group script (G) +

    Thanks to the Posix subsystem in NT a Windows User has a primary group in addition to the auxiliary groups. This script sets the primary group in the unix userdatase when an administrator sets the primary group from the windows user @@ -4127,18 +5032,23 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

    Example: set primary group script = /usr/sbin/usermod -g '%g' '%u' -

    set quota command (G)

    The set quota command should only be used +

    + +set quota command (G) +

    The set quota command should only be used whenever there is no operating system API available from the OS that samba can use.

    This option is only available if Samba was configured with the argument --with-sys-quotas or on linux when ./configure --with-quotas was used and a working quota api was found in the system. Most packages are configured with these options already.

    This parameter should specify the path to a script that can set quota for the specified arguments.

    The specified script should take the following arguments:

    • 1 - quota type -

      • 1 - user quotas

      • 2 - user default quotas (uid = -1)

      • 3 - group quotas

      • 4 - group default quotas (gid = -1)

      -

    • 2 - id (uid for user, gid for group, -1 if N/A)

    • 3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)

    • 4 - block softlimit

    • 5 - block hardlimit

    • 6 - inode softlimit

    • 7 - inode hardlimit

    • 8(optional) - block size, defaults to 1024

    The script should output at least one line of data on success. And nothing on failure.

    Default: set quota command = +

    • 1 - user quotas

    • 2 - user default quotas (uid = -1)

    • 3 - group quotas

    • 4 - group default quotas (gid = -1)

  • 2 - id (uid for user, gid for group, -1 if N/A)

  • 3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)

  • 4 - block softlimit

  • 5 - block hardlimit

  • 6 - inode softlimit

  • 7 - inode hardlimit

  • 8(optional) - block size, defaults to 1024

    • The script should output at least one line of data on success. And nothing on failure.

    Default: set quota command =

    Example: set quota command = /usr/local/sbin/set_quota -

    share modes (S)

    This enables or disables the honoring of +

    + +share modes (S) +

    This enables or disables the honoring of the share modes during a file open. These modes are used by clients to gain exclusive read or write access to a file.

    These open modes are not directly supported by UNIX, so @@ -4151,14 +5061,20 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ by default.

    You should NEVER turn this parameter off as many Windows applications will break if you do so.

    Default: share modes = yes -

    short preserve case (S)

    +

    + +short preserve case (S) +

    This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of - suitable length, are created upper case, or if they are forced to be the default case. - This option can be use with preserve case = yes to permit long filenames + suitable length, are created upper case, or if they are forced to be the default case. + This option can be use with preserve case = yes to permit long filenames to retain their case, while short names are lowered. -

    See the section on NAME MANGLING.

    Default: short preserve case = yes +

    See the section on NAME MANGLING.

    Default: short preserve case = yes -

    show add printer wizard (G)

    With the introduction of MS-RPC based printing support +

    + +show add printer wizard (G) +

    With the introduction of MS-RPC based printing support for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will appear on Samba hosts in the share listing. Normally this folder will contain an icon for the MS Add Printer Wizard (APW). However, it is @@ -4176,8 +5092,11 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

    Note

    This does not prevent the same user from having administrative privilege on an individual printer.

    Default: show add printer wizard = yes -

    shutdown script (G)

    This a full path name to a script called by - smbd(8) that should +

    + +shutdown script (G) +

    This a full path name to a script called by + smbd(8) that should start a shutdown procedure.

    If the connected user posseses the SeRemoteShutdownPrivilege, right, this command will be run as user.

    The %z %t %r %f variables are expanded as follows:

    • %z will be substituted with the shutdown message sent to the server.

    • %t will be substituted with the @@ -4201,7 +5120,10 @@ let "time++"

      Example: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f -

    smb encrypt (S)

    This is a new feature introduced with Samba 3.2 and above. It is an +

    + +smb encrypt (S) +

    This is a new feature introduced with Samba 3.2 and above. It is an extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions. SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt and sign every request/response in a SMB protocol stream. When @@ -4224,13 +5146,16 @@ let "time++" style read/writes allowed) as well as the overhead of encrypting and signing all the data.

    If SMB encryption is selected, Windows style SMB signing (see - the server signing option) is no longer necessary, + the server signing option) is no longer necessary, as the GSSAPI flags use select both signing and sealing of the data.

    When set to auto, SMB encryption is offered, but not enforced. When set to mandatory, SMB encryption is required and if set to disabled, SMB encryption can not be negotiated.

    Default: smb encrypt = auto -

    smb passwd file (G)

    This option sets the path to the encrypted smbpasswd file. By +

    + +smb passwd file (G) +

    This option sets the path to the encrypted smbpasswd file. By default the path to the smbpasswd file is compiled into Samba.

    An example of use is: 

    @@ -4238,9 +5163,15 @@ smb passwd file = /etc/samba/smbpasswd

    Default: smb passwd file = ${prefix}/private/smbpasswd -

    smb ports (G)

    Specifies which ports the server should listen on for SMB traffic.

    Default: smb ports = 445 139 +

    + +smb ports (G) +

    Specifies which ports the server should listen on for SMB traffic.

    Default: smb ports = 445 139 -

    socket address (G)

    This option allows you to control what +

    + +socket address (G) +

    This option allows you to control what address Samba will listen for connections on. This is used to support multiple virtual interfaces on the one server, each with a different configuration.

    By default Samba will accept connections on any @@ -4248,7 +5179,10 @@ smb passwd file = /etc/samba/smbpasswd

    Example: socket address = 192.168.2.20 -

    socket options (G)

    This option allows you to set socket options +

    + +socket options (G) +

    This option allows you to set socket options to be used when talking with the client.

    Socket options are controls on the networking layer of the operating systems which allow the connection to be tuned.

    This option will typically be used to tune your Samba server @@ -4261,7 +5195,7 @@ smb passwd file = /etc/samba/smbpasswd "Unknown socket option" when you supply an option. This means you either incorrectly typed it or you need to add an include file to includes.h for your OS. If the latter is the case please - send the patch to + send the patch to samba-technical@samba.org.

    Any of the supported socket options may be combined in any way you like, as long as your OS allows it.

    This is the list of socket options currently settable using this option:

    • SO_KEEPALIVE

    • SO_REUSEADDR

    • SO_BROADCAST

    • TCP_NODELAY

    • IPTOS_LOWDELAY

    • IPTOS_THROUGHPUT

    • SO_SNDBUF *

    • SO_RCVBUF *

    • SO_SNDLOWAT *

    • SO_RCVLOWAT *

    Those marked with a '*' take an integer @@ -4276,23 +5210,32 @@ smb passwd file = /etc/samba/smbpasswd

    Example: socket options = IPTOS_LOWDELAY -

    stat cache (G)

    This parameter determines if smbd(8) will use a cache in order to +

    + +stat cache (G) +

    This parameter determines if smbd(8) will use a cache in order to speed up case insensitive name mappings. You should never need to change this parameter.

    Default: stat cache = yes -

    store dos attributes (S)

    +

    + +store dos attributes (S) +

    If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such - as occurs with map hidden and map readonly). When set, DOS + as occurs with map hidden and map readonly). When set, DOS attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or - directory. For no other mapping to occur as a fall-back, the parameters map hidden, - map system, map archive and map readonly must be set to off. This parameter writes the DOS attributes as a string into the extended + directory. For no other mapping to occur as a fall-back, the parameters map hidden, + map system, map archive and map readonly must be set to off. This parameter writes the DOS attributes as a string into the extended attribute named "user.DOSATTRIB". This extended attribute is explicitly hidden from smbd clients requesting an EA list. On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel.

    Default: store dos attributes = no -

    strict allocate (S)

    This is a boolean that controls the handling of +

    + +strict allocate (S) +

    This is a boolean that controls the handling of disk space allocation in the server. When this is set to yes the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour @@ -4304,7 +5247,10 @@ smb passwd file = /etc/samba/smbpasswd out of quota messages on systems that are restricting the disk quota of users.

    Default: strict allocate = no -

    strict locking (S)

    +

    + +strict locking (S) +

    This is an enumerated type that controls the handling of file locking in the server. When this is set to yes, the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on some systems. @@ -4320,21 +5266,27 @@ smb passwd file = /etc/samba/smbpasswd strict locking = no is acceptable.

    Default: strict locking = Auto -

    strict sync (S)

    Many Windows applications (including the Windows 98 explorer +

    + +strict sync (S) +

    Many Windows applications (including the Windows 98 explorer shell) seem to confuse flushing buffer contents to disk with doing a sync to disk. Under UNIX, a sync call forces the process to be suspended until the kernel has ensured that all outstanding data in kernel disk buffers has been safely stored onto stable storage. This is very slow and should only be done rarely. Setting this parameter to no (the default) means that - smbd(8) ignores the Windows + smbd(8) ignores the Windows applications requests for a sync call. There is only a possibility of losing data if the operating system itself that Samba is running on crashes, so there is little danger in this default setting. In addition, this fixes many performance problems that people have reported with the new Windows98 explorer shell file copies.

    Default: strict sync = no -

    svcctl list (G)

    This option defines a list of init scripts that smbd +

    + +svcctl list (G) +

    This option defines a list of init scripts that smbd will use for starting and stopping Unix services via the Win32 ServiceControl API. This allows Windows administrators to utilize the MS Management Console plug-ins to manage a @@ -4347,7 +5299,10 @@ smb passwd file = /etc/samba/smbpasswd

    Example: svcctl list = cups postfix portmap httpd -

    sync always (S)

    This is a boolean parameter that controls +

    + +sync always (S) +

    This is a boolean parameter that controls whether writes will always be written to stable storage before the write call returns. If this is no then the server will be guided by the client's request in each write call (clients can @@ -4358,7 +5313,19 @@ smb passwd file = /etc/samba/smbpasswd yes in order for this parameter to have any affect.

    Default: sync always = no -

    syslog (G)

    +

    + +syslog only (G) +

    + If this parameter is set then Samba debug messages are logged into the system + syslog only, and not to the debug log files. There still will be some + logging to log.[sn]mbd even if syslog only is enabled. +

    Default: syslog only = no + +

    + +syslog (G) +

    This parameter maps how Samba debug messages are logged onto the system syslog logging levels. Samba debug level zero maps onto syslog LOG_ERR, debug level one maps onto LOG_WARNING, debug level two maps onto LOG_NOTICE, @@ -4369,33 +5336,42 @@ smb passwd file = /etc/samba/smbpasswd logging to log.[sn]mbd even if syslog only is enabled.

    Default: syslog = 1 -

    syslog only (G)

    - If this parameter is set then Samba debug messages are logged into the system - syslog only, and not to the debug log files. There still will be some - logging to log.[sn]mbd even if syslog only is enabled. -

    Default: syslog only = no - -

    template homedir (G)

    When filling out the user information for a Windows NT - user, the winbindd(8) daemon uses this +

    + +template homedir (G) +

    When filling out the user information for a Windows NT + user, the winbindd(8) daemon uses this parameter to fill in the home directory for that user. If the string %D is present it is substituted with the user's Windows NT domain name. If the string %U is present it is substituted with the user's Windows NT user name.

    Default: template homedir = /home/%D/%U -

    template shell (G)

    When filling out the user information for a Windows NT - user, the winbindd(8) daemon uses this - parameter to fill in the login shell for that user.

    No default

    time offset (G)

    This parameter is a setting in minutes to add +

    + +template shell (G) +

    When filling out the user information for a Windows NT + user, the winbindd(8) daemon uses this + parameter to fill in the login shell for that user.

    No default

    + +time offset (G) +

    This parameter is a setting in minutes to add to the normal GMT to local time conversion. This is useful if you are serving a lot of PCs that have incorrect daylight saving time handling.

    Default: time offset = 0

    Example: time offset = 60 -

    time server (G)

    This parameter determines if nmbd(8) advertises itself as a time server to Windows +

    + +time server (G) +

    This parameter determines if nmbd(8) advertises itself as a time server to Windows clients.

    Default: time server = no -

    unix charset (G)

    Specifies the charset the unix machine +

    + +unix charset (G) +

    Specifies the charset the unix machine Samba runs on uses. Samba needs to know this in order to be able to convert text to the charsets other SMB clients use.

    This is also the charset Samba will use when specifying arguments @@ -4404,14 +5380,20 @@ clients.

    Default: t

    Example: unix charset = ASCII -

    unix extensions (G)

    This boolean parameter controls whether Samba +

    + +unix extensions (G) +

    This boolean parameter controls whether Samba implments the CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX CIFS clients by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients.

    Default: unix extensions = yes -

    unix password sync (G)

    This boolean parameter controls whether Samba +

    + +unix password sync (G) +

    This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. If this is set to yes the program specified in the passwd @@ -4420,7 +5402,10 @@ clients.

    Default: t old UNIX password (as the SMB password change code has no access to the old password cleartext, only the new).

    Default: unix password sync = no -

    update encrypted (G)

    +

    + +update encrypted (G) +

    This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the @@ -4430,15 +5415,18 @@ clients.

    Default: t passwords to be made over a longer period. Once all users have encrypted representations of their passwords in the smbpasswd file this parameter should be set to no.

    - In order for this parameter to be operative the encrypt passwords parameter must - be set to no. The default value of encrypt passwords = Yes. Note: This must be set to no for this update encrypted to work. + In order for this parameter to be operative the encrypt passwords parameter must + be set to no. The default value of encrypt passwords = Yes. Note: This must be set to no for this update encrypted to work.

    Note that even when this parameter is set a user authenticating to smbd must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords.

    Default: update encrypted = no -

    use client driver (S)

    This parameter applies only to Windows NT/2000 +

    + +use client driver (S) +

    This parameter applies only to Windows NT/2000 clients. It has no effect on Windows 95/98/ME clients. When serving a printer to Windows NT/2000 clients without first installing a valid printer driver on the Samba host, the client will be required @@ -4463,7 +5451,10 @@ clients.

    Default: t on a print share which has valid print driver installed on the Samba server.

    Default: use client driver = no -

    use kerberos keytab (G)

    +

    + +use kerberos keytab (G) +

    Specifies whether Samba should attempt to maintain service principals in the systems keytab file for host/FQDN and cifs/FQDN.

    @@ -4475,7 +5466,10 @@ default_keytab_name = FILE:/etc/krb5.keytab

    Default: use kerberos keytab = False -

    use mmap (G)

    This global parameter determines if the tdb internals of Samba can +

    + +use mmap (G) +

    This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a coherent cache, and so this parameter is set to no by @@ -4484,45 +5478,10 @@ default_keytab_name = FILE:/etc/krb5.keytab the tdb internal code.

    Default: use mmap = yes -

    user

    This parameter is a synonym for username.

    users

    This parameter is a synonym for username.

    username (S)

    Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right).

    The username line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead.

    The username line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - username line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely.

    Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do.

    To restrict a service to a particular set of users you - can use the valid users parameter.

    If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name.

    If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name.

    If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name.

    Note that searching though a groups database can take - quite some time, and some clients may time out during the - search.

    See the section NOTE ABOUT - USERNAME/PASSWORD VALIDATION for more information on how - this parameter determines access to the services.

    Default: username = -# The guest account if a guest service, - else <empty string>. - -

    Example: username = fred, mary, jack, jane, @users, @pcgroup - -

    username level (G)

    This option helps Samba to try and 'guess' at +

    + +username level (G) +

    This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the username with the first letter capitalized, and fails if the @@ -4537,7 +5496,24 @@ default_keytab_name = FILE:/etc/krb5.keytab

    Example: username level = 5 -

    username map (G)

    +

    + +username map script (G) +

    This script is a mutually exclusive alternative to the + username map parameter. This parameter + specifies and external program or script that must accept a single + command line option (the username transmitted in the authentication + request) and return a line line on standard output (the name to which + the account should mapped). In this way, it is possible to store + username map tables in an LDAP or NIS directory services. +

    Default: username map script = + +

    Example: username map script = /etc/samba/scripts/mapusers.sh + +

    + +username map (G) +

    This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they @@ -4546,7 +5522,7 @@ default_keytab_name = FILE:/etc/krb5.keytab Please note that for user or share mode security, the username map is applied prior to validating the user credentials. Domain member servers (domain or ads) apply the username map after the user has been successfully authenticated by the domain controller and require fully qualified enties in the map table (e.g. - biddle = DOMAIN\foo). + biddle = DOMAIN\foo).

    The map file is parsed line by line. Each line should contain a single UNIX username on the left then a '=' followed by a list of usernames on the right. The list of usernames on the right may contain names of the form @@ -4593,14 +5569,15 @@ guest = * Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and fred is remapped to mary then you will actually be connecting to \\server\mary and will need to supply a password suitable for mary not - fred. The only exception to this is the username passed to the password server (if you have one). The password server will receive whatever username the client + fred. The only exception to this is the username passed to the password server (if you have one). The password server will receive whatever username the client supplies without modification.

    Also note that no reverse mapping is done. The main effect this has is with printing. Users who have been mapped may have trouble deleting print jobs as PrintManager under WfWg will think they don't own the print job.

    - Samba versions prior to 3.0.8 would only support reading the fully qualified username (e.g.: DOMAIN\user) from + Samba versions prior to 3.0.8 would only support reading the fully qualified username + (e.g.: DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. @@ -4611,7 +5588,7 @@ guest = * the connection.

    When relying upon a external domain controller for validating authentication requests, smbd will apply the username map - to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. + to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated.

    An example of use is: 

    @@ -4620,30 +5597,69 @@ username map = /usr/local/samba/lib/users.map
     
    Default: username map = 
 # no username map
 
-
    username map script (G)

    This script is a mutually exclusive alternative to the - username map parameter. This parameter - specifies and external program or script that must accept a single - command line option (the username transmitted in the authentication - request) and return a line line on standard output (the name to which - the account should mapped). In this way, it is possible to store - username map tables in an LDAP or NIS directory services. -

    Default: username map script = +

    user

    This parameter is a synonym for username.

    users

    This parameter is a synonym for username.

    + +username (S) +

    Multiple users may be specified in a comma-delimited + list, in which case the supplied password will be tested against + each username in turn (left to right).

    The username line is needed only when + the PC is unable to supply its own username. This is the case + for the COREPLUS protocol or where your users have different WfWg + usernames to UNIX usernames. In both these cases you may also be + better using the \\server\share%user syntax instead.

    The username line is not a great + solution in many cases as it means Samba will try to validate + the supplied password against each of the usernames in the + username line in turn. This is slow and + a bad idea for lots of users in case of duplicate passwords. + You may get timeouts or security breaches using this parameter + unwisely.

    Samba relies on the underlying UNIX security. This + parameter does not restrict who can login, it just offers hints + to the Samba server as to what usernames might correspond to the + supplied password. Users can login as whoever they please and + they will be able to do no more damage than if they started a + telnet session. The daemon runs as the user that they log in as, + so they cannot do anything that user cannot do.

    To restrict a service to a particular set of users you + can use the valid users parameter.

    If any of the usernames begin with a '@' then the name + will be looked up first in the NIS netgroups list (if Samba + is compiled with netgroup support), followed by a lookup in + the UNIX groups database and will expand to a list of all users + in the group of that name.

    If any of the usernames begin with a '+' then the name + will be looked up only in the UNIX groups database and will + expand to a list of all users in the group of that name.

    If any of the usernames begin with a '&' then the name + will be looked up only in the NIS netgroups database (if Samba + is compiled with netgroup support) and will expand to a list + of all users in the netgroup group of that name.

    Note that searching though a groups database can take + quite some time, and some clients may time out during the + search.

    See the section NOTE ABOUT + USERNAME/PASSWORD VALIDATION for more information on how + this parameter determines access to the services.

    Default: username = +# The guest account if a guest service, + else <empty string>. -

    Example: username map script = /etc/samba/scripts/mapusers.sh +

    Example: username = fred, mary, jack, jane, @users, @pcgroup -

    usershare allow guests (G)

    This parameter controls whether user defined shares are allowed +

    + +usershare allow guests (G) +

    This parameter controls whether user defined shares are allowed to be accessed by non-authenticated users or not. It is the equivalent of allowing people who can create a share the option of setting guest ok = yes in a share definition. Due to the security sensitive nature of this the default is set to off.

    Default: usershare allow guests = no -

    usershare max shares (G)

    This parameter specifies the number of user defined shares +

    + +usershare max shares (G) +

    This parameter specifies the number of user defined shares that are allowed to be created by users belonging to the group owning the usershare directory. If set to zero (the default) user defined shares are ignored.

    Default: usershare max shares = 0 -

    usershare owner only (G)

    This parameter controls whether the pathname exported by +

    + +usershare owner only (G) +

    This parameter controls whether the pathname exported by a user defined shares must be owned by the user creating the user defined share or not. If set to True (the default) then smbd checks that the directory path being shared is owned by @@ -4653,7 +5669,10 @@ username map = /usr/local/samba/lib/users.map regardless of who owns it.

    Default: usershare owner only = True -

    usershare path (G)

    This parameter specifies the absolute path of the directory on the +

    + +usershare path (G) +

    This parameter specifies the absolute path of the directory on the filesystem used to store the user defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the @@ -4674,7 +5693,10 @@ username map = /usr/local/samba/lib/users.map In this case, only members of the group "power_users" can create user defined shares.

    Default: usershare path = NULL -

    usershare prefix allow list (G)

    This parameter specifies a list of absolute pathnames +

    + +usershare prefix allow list (G) +

    This parameter specifies a list of absolute pathnames the root of which are allowed to be exported by user defined share definitions. If the pathname exported doesn't start with one of the strings in this list the user defined share will not be allowed. This allows the Samba @@ -4689,7 +5711,10 @@ username map = /usr/local/samba/lib/users.map

    Example: usershare prefix allow list = /home /data /space -

    usershare prefix deny list (G)

    This parameter specifies a list of absolute pathnames +

    + +usershare prefix deny list (G) +

    This parameter specifies a list of absolute pathnames the root of which are NOT allowed to be exported by user defined share definitions. If the pathname exported starts with one of the strings in this list the user defined share will not be allowed. Any pathname not @@ -4705,7 +5730,10 @@ username map = /usr/local/samba/lib/users.map

    Example: usershare prefix deny list = /etc /dev /private -

    usershare template share (G)

    User defined shares only have limited possible parameters +

    + +usershare template share (G) +

    User defined shares only have limited possible parameters such as path, guest ok etc. This parameter allows usershares to "cloned" from an existing share. If "usershare template share" is set to the name of an existing share, then all usershares @@ -4720,7 +5748,10 @@ username map = /usr/local/samba/lib/users.map

    Example: usershare template share = template_share -

    use sendfile (S)

    If this parameter is yes, and the sendfile() +

    + +use sendfile (S) +

    If this parameter is yes, and the sendfile() system call is supported by the underlying operating system, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked. This may make more efficient use of the system CPU's @@ -4729,7 +5760,10 @@ username map = /usr/local/samba/lib/users.map Windows 9x (using sendfile from Linux will cause these clients to fail).

    Default: use sendfile = false -

    use spnego (G)

    This variable controls controls whether samba will try +

    + +use spnego (G) +

    This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism.

    @@ -4737,19 +5771,10 @@ username map = /usr/local/samba/lib/users.map implementation, there is no reason this should ever be disabled.

    Default: use spnego = yes -

    utmp (G)

    - This boolean parameter is only available if Samba has been configured and compiled - with the option --with-utmp. If set to - yes then Samba will attempt to add utmp or utmpx records - (depending on the UNIX system) whenever a connection is made to a Samba server. - Sites may use this to record the user connecting to a Samba share. -

    - Due to the requirements of the utmp record, we are required to create a unique - identifier for the incoming user. Enabling this option creates an n^2 algorithm - to find this number. This may impede performance on large installations. -

    Default: utmp = no - -

    utmp directory (G)

    This parameter is only available if Samba has +

    + +utmp directory (G) +

    This parameter is only available if Samba has been configured and compiled with the option --with-utmp. It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that @@ -4761,16 +5786,25 @@ username map = /usr/local/samba/lib/users.map

    Example: utmp directory = /var/run/utmp -

    -valid (S)

    This parameter indicates whether a share is - valid and thus can be used. When this parameter is set to false, - the share will be in no way visible nor accessible. +

    + +utmp (G) +

    + This boolean parameter is only available if Samba has been configured and compiled + with the option --with-utmp. If set to + yes then Samba will attempt to add utmp or utmpx records + (depending on the UNIX system) whenever a connection is made to a Samba server. + Sites may use this to record the user connecting to a Samba share.

    - This option should not be - used by regular users but might be of help to developers. - Samba uses this option internally to mark shares as deleted. -

    Default: -valid = yes + Due to the requirements of the utmp record, we are required to create a unique + identifier for the incoming user. Enabling this option creates an n^2 algorithm + to find this number. This may impede performance on large installations. +

    Default: utmp = no -

    valid users (S)

    +

    + +valid users (S) +

    This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the invalid users parameter. @@ -4786,7 +5820,22 @@ username map = /usr/local/samba/lib/users.map

    Example: valid users = greg, @pcusers -

    veto files (S)

    +

    + +-valid (S) +

    This parameter indicates whether a share is + valid and thus can be used. When this parameter is set to false, + the share will be in no way visible nor accessible. +

    + This option should not be + used by regular users but might be of help to developers. + Samba uses this option internally to mark shares as deleted. +

    Default: -valid = yes + +

    + +veto files (S) +

    This is a list of files and directories that are neither visible nor accessible. Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards. @@ -4794,11 +5843,11 @@ username map = /usr/local/samba/lib/users.map Each entry must be a unix path, not a DOS path and must not include the unix directory separator '/'.

    - Note that the case sensitive option is applicable in vetoing files. + Note that the case sensitive option is applicable in vetoing files.

    One feature of the veto files parameter that it is important to be aware of is Samba's behaviour when trying to delete a directory. If a directory that is to be deleted contains nothing but veto files this - deletion will fail unless you also set the delete veto files + deletion will fail unless you also set the delete veto files parameter to yes.

    Setting this parameter will affect the performance of Samba, as it will be forced to check all files @@ -4817,12 +5866,15 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/

    Default: veto files = No files or directories are vetoed. -

    veto oplock files (S)

    - This parameter is only valid when the oplocks +

    + +veto oplock files (S) +

    + This parameter is only valid when the oplocks parameter is turned on for a share. It allows the Samba administrator to selectively turn off the granting of oplocks on selected files that match a wildcarded list, similar to the wildcarded list used in the - veto files parameter. + veto files parameter.

    You might want to do this on files that you know will be heavily contended for by clients. A good example of this is in the NetBench SMB benchmark @@ -4838,19 +5890,28 @@ veto oplock files = /.*SEM/

    Default: veto oplock files = # No files are vetoed for oplock grants -

    vfs object

    This parameter is a synonym for vfs objects.

    vfs objects (S)

    This parameter specifies the backend names which +

    vfs object

    This parameter is a synonym for vfs objects.

    + +vfs objects (S) +

    This parameter specifies the backend names which are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects.

    Default: vfs objects =

    Example: vfs objects = extd_audit recycle -

    volume (S)

    This allows you to override the volume label +

    + +volume (S) +

    This allows you to override the volume label returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.

    Default: volume = # the name of the share -

    wide links (S)

    This parameter controls whether or not links +

    + +wide links (S) +

    This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the server are always allowed; this parameter controls access only @@ -4858,15 +5919,21 @@ veto oplock files = /.*SEM/ effect on your server performance due to the extra system calls that Samba has to do in order to perform the link checks.

    Default: wide links = yes -

    winbind cache time (G)

    This parameter specifies the number of - seconds the winbindd(8) daemon will cache +

    + +winbind cache time (G) +

    This parameter specifies the number of + seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again.

    This does not apply to authentication requests, these are always - evaluated in real time unless the winbind offline logon option has been enabled. + evaluated in real time unless the winbind offline logon option has been enabled.

    Default: winbind cache time = 300 -

    winbind enum groups (G)

    On large installations using winbindd(8) it may be necessary to suppress +

    + +winbind enum groups (G) +

    On large installations using winbindd(8) it may be necessary to suppress the enumeration of groups through the setgrent(), getgrent() and endgrent() group of system calls. If @@ -4874,7 +5941,10 @@ veto oplock files = /.*SEM/ no, calls to the getgrent() system call will not return any data.

    Warning

    Turning off group enumeration may cause some programs to behave oddly.

    Default: winbind enum groups = no -

    winbind enum users (G)

    On large installations using winbindd(8) it may be +

    + +winbind enum users (G) +

    On large installations using winbindd(8) it may be necessary to suppress the enumeration of users through the setpwent(), getpwent() and endpwent() group of system calls. If @@ -4886,10 +5956,13 @@ veto oplock files = /.*SEM/ full user list when searching for matching usernames.

    Default: winbind enum users = no -

    winbind expand groups (G)

    This option controls the maximum depth that winbindd +

    + +winbind expand groups (G) +

    This option controls the maximum depth that winbindd will traverse when flattening nested group memberships of Windows domain groups. This is different from the - winbind nested groups option + winbind nested groups option which implements the Windows NT4 model of local group nesting. The "winbind expand groups" parameter specifically applies to the membership of @@ -4898,7 +5971,10 @@ veto oplock files = /.*SEM/ must perform the group unrolling and will be unable to answer incoming NSS or authentication requests during this time.

    Default: winbind expand groups = 1 -

    winbind nested groups (G)

    If set to yes, this parameter activates the support for nested +

    + +winbind nested groups (G) +

    If set to yes, this parameter activates the support for nested groups. Nested groups are also called local groups or aliases. They work like their counterparts in Windows: Nested groups are defined locally on any machine (they are shared @@ -4906,7 +5982,10 @@ veto oplock files = /.*SEM/ global groups from any trusted SAM. To be able to use nested groups, you need to run nss_winbind.

    Default: winbind nested groups = yes -

    winbind normalize names (G)

    This parameter controls whether winbindd will replace +

    + +winbind normalize names (G) +

    This parameter controls whether winbindd will replace whitespace in user and group names with an underscore (_) character. For example, whether the name "Space Kadet" should be replaced with the string "space_kadet". @@ -4918,14 +5997,17 @@ veto oplock files = /.*SEM/

    Example: winbind normalize names = yes -

    winbind nss info (G)

    This parameter is designed to control how Winbind retrieves Name +

    + +winbind nss info (G) +

    This parameter is designed to control how Winbind retrieves Name Service Information to construct a user's home directory and login shell. Currently the following settings are available:

    • template - The default, using the parameters of template shell and template homedir) -

    • sfu +

    • <sfu | rfc2307 > - When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home @@ -4940,7 +6022,10 @@ veto oplock files = /.*SEM/

      Example: winbind nss info = template sfu -

    winbind offline logon (G)

    This parameter is designed to control whether Winbind should +

    + +winbind offline logon (G) +

    This parameter is designed to control whether Winbind should allow to login with the pam_winbind module using Cached Credentials. If enabled, winbindd will store user credentials from successful logins encrypted in a local cache. @@ -4948,20 +6033,29 @@ veto oplock files = /.*SEM/

    Example: winbind offline logon = true -

    winbind refresh tickets (G)

    This parameter is designed to control whether Winbind should refresh Kerberos Tickets +

    + +winbind refresh tickets (G) +

    This parameter is designed to control whether Winbind should refresh Kerberos Tickets retrieved using the pam_winbind module.

    Default: winbind refresh tickets = false

    Example: winbind refresh tickets = true -

    winbind rpc only (G)

    +

    + +winbind rpc only (G) +

    Setting this parameter to yes forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers.

    Default: winbind rpc only = no -

    winbind separator (G)

    This parameter allows an admin to define the character +

    + +winbind separator (G) +

    This parameter allows an admin to define the character used when listing a username of the form of DOMAIN \user. This parameter is only applicable when using the pam_winbind.so @@ -4972,7 +6066,10 @@ veto oplock files = /.*SEM/

    Example: winbind separator = + -

    winbind trusted domains only (G)

    +

    + +winbind trusted domains only (G) +

    This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain. @@ -4980,12 +6077,15 @@ veto oplock files = /.*SEM/ the account user1 in /etc/passwd instead of allocating a new uid for him or her.

    This parameter is now deprecated in favor of the newer idmap_nss backend. - Refer to the idmap domains smb.conf option and - the idmap_nss(8) man page for more information. + Refer to the idmap domains smb.conf option and + the idmap_nss(8) man page for more information.

    Default: winbind trusted domains only = no -

    winbind use default domain (G)

    This parameter specifies whether the - winbindd(8) daemon should operate on users +

    + +winbind use default domain (G) +

    This parameter specifies whether the + winbindd(8) daemon should operate on users without domain component in their username. Users without a domain component are treated as is part of the winbindd server's own domain. While this does not benifit Windows users, it makes SSH, FTP and @@ -4994,7 +6094,10 @@ veto oplock files = /.*SEM/

    Example: winbind use default domain = yes -

    wins hook (G)

    When Samba is running as a WINS server this +

    + +wins hook (G) +

    When Samba is running as a WINS server this allows you to call an external program for all changes to the WINS database. The primary use for this option is to allow the dynamic update of external name resolution databases such as @@ -5015,12 +6118,18 @@ veto oplock files = /.*SEM/ addresses currently registered for that name. If this list is empty then the name should be deleted.

    An example script that calls the BIND dynamic DNS update program nsupdate is provided in the examples - directory of the Samba source code.

    No default

    wins proxy (G)

    This is a boolean that controls if nmbd(8) will respond to broadcast name + directory of the Samba source code.

    No default

    + +wins proxy (G) +

    This is a boolean that controls if nmbd(8) will respond to broadcast name queries on behalf of other hosts. You may need to set this to yes for some older clients.

    Default: wins proxy = no -

    wins server (G)

    This specifies the IP address (or DNS name: IP - address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on +

    + +wins server (G) +

    This specifies the IP address (or DNS name: IP + address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on your network then you should set this to the WINS server's IP.

    You should point this at your WINS server if you have a multi-subnetted network.

    If you want to work in multiple namespaces, you can give every wins server a 'tag'. For each tag, only one @@ -5038,21 +6147,33 @@ veto oplock files = /.*SEM/

    Example: wins server = 192.9.200.1 192.168.2.61 -

    wins support (G)

    This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should +

    + +wins support (G) +

    This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should not set this to yes unless you have a multi-subnetted network and you wish a particular nmbd to be your WINS server. Note that you should NEVER set this to yes on more than one machine in your network.

    Default: wins support = no -

    workgroup (G)

    This controls what workgroup your server will +

    + +workgroup (G) +

    This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with - the security = domain + the security = domain setting.

    Default: workgroup = WORKGROUP

    Example: workgroup = MYGROUP -

    writable

    This parameter is a synonym for writeable.

    writeable (S)

    Inverted synonym for read only.

    No default

    write cache size (S)

    If this integer parameter is set to non-zero value, +

    writable

    This parameter is a synonym for writeable.

    + +writeable (S) +

    Inverted synonym for read only.

    No default

    + +write cache size (S) +

    If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file (it does not do this for non-oplocked files). All writes that the client does not request @@ -5070,26 +6191,35 @@ veto oplock files = /.*SEM/

    Example: write cache size = 262144 # for a 256k cache size per file -

    write list (S)

    +

    + +write list (S) +

    This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter - what the read only option is set to. The list can + what the read only option is set to. The list can include group names using the @group syntax.

    Note that if a user is in both the read list and the write list then they will be given write access.

    By design, this parameter will not work with the - security = share in Samba 3.0. + security = share in Samba 3.0.

    Default: write list =

    Example: write list = admin, root, @staff -

    write raw (G)

    This parameter controls whether or not the server +

    + +write raw (G) +

    This parameter controls whether or not the server will support raw write SMB's when transferring data from clients. You should never need to change this parameter.

    Default: write raw = yes -

    wtmp directory (G)

    +

    + +wtmp directory (G) +

    This parameter is only available if Samba has been configured and compiled with the option --with-utmp. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact @@ -5101,12 +6231,12 @@ veto oplock files = /.*SEM/

    Example: wtmp directory = /var/log/wtmp -

    WARNINGS

    +

    WARNINGS

    Although the configuration file permits service names to contain spaces, your client software may not. Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.

    On a similar note, many clients - especially DOS clients - limit service names to eight characters. - smbd(8) has no such + smbd(8) has no such limitation, but attempts to connect from such clients will fail if they truncate the service names. For this reason you should probably keep your service names down to eight characters in length.

    @@ -5114,13 +6244,13 @@ veto oplock files = /.*SEM/ for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme care when designing these sections. In particular, ensure that the permissions on spool directories are correct. -

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    SEE ALSO

    - samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

    AUTHOR

    +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    + samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. diff --git a/docs/htmldocs/manpages/smbcacls.1.html b/docs/htmldocs/manpages/smbcacls.1.html index ffbf336c0b..9166d52fac 100644 --- a/docs/htmldocs/manpages/smbcacls.1.html +++ b/docs/htmldocs/manpages/smbcacls.1.html @@ -1,5 +1,5 @@ -smbcacls

    Name

    smbcacls — Set or get ACLs on an NT file or directory names

    Synopsis

    smbcacls {//server/share} {filename} [-D acls] [-M acls] [-a acls] [-S acls] [-C name] [-G name] [--numeric] [-t] [-U username] [-h] [-d]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcacls program manipulates NT Access Control - Lists (ACLs) on SMB file shares.

    OPTIONS

    The following options are available to the smbcacls program. +smbcacls

    Name

    smbcacls — Set or get ACLs on an NT file or directory names

    Synopsis

    smbcacls {//server/share} {filename} [-D acls] [-M acls] [-a acls] [-S acls] [-C name] [-G name] [--numeric] [-t] [-U username] [-h] [-d]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcacls program manipulates NT Access Control + Lists (ACLs) on SMB file shares.

    OPTIONS

    The following options are available to the smbcacls program. The format of ACLs is described in the section ACL FORMAT

    -a acls

    Add the ACLs specified to the ACL list. Existing access control entries are unchanged.

    -M acls

    Modify the mask value (permissions) for the ACLs specified on the command line. An error will be printed for each @@ -12,7 +12,7 @@ type, owner and group for the call to succeed.

    -U username

    Specifies a username used to connect to the specified service. The username may be of the form "username" in which case the user is prompted to enter in a password and the - workgroup specified in the smb.conf(5) file is + workgroup specified in the smb.conf(5) file is used, or "username%password" or "DOMAIN\username%password" and the password and workgroup names are used as provided.

    -C name

    The owner of a file or directory can be changed to the name given using the -C option. @@ -40,7 +40,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -52,7 +52,7 @@ The default configuration file name is determined at compile time.

    -l|--log-basename=logdirectory

    Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. -

    ACL FORMAT

    The format of an ACL is one or more ACL entries separated by +

    ACL FORMAT

    The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: 

     
 REVISION:<revision number>
 OWNER:<sid or name>
@@ -68,23 +68,22 @@ ACL:<sid or name>:<type>/<flags>/<mask>
 	can be specified in S-1-x-y-z format or as a name in which case 
 	it is resolved against the server on which the file or directory 
 	resides.  The type, flags and mask values determine the type of 
-	access granted to the SID. 
    The type can be either 0 or 1 corresponding to ALLOWED or 
-	DENIED access to the SID.  The flags values are generally
-	zero for file ACLs and either 9 or 2 for directory ACLs.  Some 
-	common flags are: 
    • #define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1
    • #define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2
    • #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT     0x4
    • #define SEC_ACE_FLAG_INHERIT_ONLY       	0x8
    At present flags can only be specified as decimal or 
+	access granted to the SID. 
    The type can be either ALLOWED or	DENIED to allow/deny access 
+	to the SID. The flags values are generally zero for file ACLs and 
+	either 9 or 2 for directory ACLs.  Some common flags are: 
    • #define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1
    • #define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2
    • #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT     0x4
    • #define SEC_ACE_FLAG_INHERIT_ONLY       	0x8
    At present flags can only be specified as decimal or 
 	hexadecimal values.
    The mask is a value which expresses the access right 
 	granted to the SID. It can be given as a decimal or hexadecimal value, 
 	or by using one of the following text strings which map to the NT 
 	file permissions of the same name. 
    • R - Allow read access 
    • W - Allow write access
    • X - Execute permission on the object
    • D - Delete the object
    • P - Change permissions
    • O - Take ownership
    The following combined permissions can be specified:
    • READ -  Equivalent to 'RX'
 		permissions
    • CHANGE - Equivalent to 'RXWD' permissions
 		
    • FULL - Equivalent to 'RWXDPO' 
-		permissions

    EXIT STATUS

    The smbcacls program sets the exit status + permissions

    EXIT STATUS

    The smbcacls program sets the exit status depending on the success or otherwise of the operations performed. The exit status may be one of the following values.

    If the operation succeeded, smbcacls returns and exit status of 0. If smbcacls couldn't connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned. If there was an error parsing any command line - arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities + arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    smbcacls was written by Andrew Tridgell diff --git a/docs/htmldocs/manpages/smbclient.1.html b/docs/htmldocs/manpages/smbclient.1.html index e965d241a3..8e5629def0 100644 --- a/docs/htmldocs/manpages/smbclient.1.html +++ b/docs/htmldocs/manpages/smbclient.1.html @@ -1,11 +1,11 @@ -smbclient

    Name

    smbclient — ftp-like client to access SMB/CIFS resources - on servers

    Synopsis

    smbclient [-b <buffer size>] [-d debuglevel] [-e] [-L <netbios name>] [-U username] [-I destinationIP] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-k] [-P] [-c <command>]

    smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] [-e] [-D Directory] [-U username] [-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-l log-basename] [-I destinationIP] [-E] [-c <command string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-T<c|x>IXFqgbNan] [-k]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbclient is a client that can +smbclient

    Name

    smbclient — ftp-like client to access SMB/CIFS resources + on servers

    Synopsis

    smbclient [-b <buffer size>] [-d debuglevel] [-e] [-L <netbios name>] [-U username] [-I destinationIP] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-k] [-P] [-c <command>]

    smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] [-e] [-D Directory] [-U username] [-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-l log-basename] [-I destinationIP] [-E] [-c <command string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-T<c|x>IXFqgbNan] [-k]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbclient is a client that can 'talk' to an SMB/CIFS server. It offers an interface - similar to that of the ftp program (see ftp(1)). + similar to that of the ftp program (see ftp(1)). Operations include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server - and so on.

    OPTIONS

    servicename

    servicename is the name of the service + and so on.

    OPTIONS

    servicename

    servicename is the name of the service you want to use on the server. A service name takes the form //server/service where server is the NetBIOS name of the SMB/CIFS server @@ -20,7 +20,7 @@

    The server name is looked up according to either the -R parameter to smbclient or using the name resolve order parameter in - the smb.conf(5) file, + the smb.conf(5) file, allowing an administrator to change the order and methods by which server names are looked up.

    password

    The password required to access the specified service on the specified server. If this parameter is @@ -43,7 +43,7 @@ cause names to be resolved as follows:

    • lmhosts: Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has no name type attached to the NetBIOS name (see - the lmhosts(5) for details) then + the lmhosts(5) for details) then any name type matches for lookup.

    • host: Do a standard host name to IP address resolution, using the system /etc/hosts , NIS, or DNS lookups. This method of name resolution @@ -60,10 +60,10 @@ parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet.

    If this parameter is not set then the name resolve order - defined in the smb.conf(5) file parameter + defined in the smb.conf(5) file parameter (name resolve order) will be used.

    The default order is lmhosts, host, wins, bcast and without this parameter or any entry in the name resolve order - parameter of the smb.conf(5) file the name resolution + parameter of the smb.conf(5) file the name resolution methods will be attempted in this order.

    -M NetBIOS name

    This options allows you to send messages, using the "WinPopup" protocol, to another computer. Once a connection is established you then type your message, pressing ^D (control-D) to @@ -79,7 +79,7 @@ machine FRED.

    You may also find the -U and -I options useful, as they allow you to - control the FROM and TO parts of the message.

    See the message command parameter in the smb.conf(5) for a description of how to handle incoming + control the FROM and TO parts of the message.

    See the message command parameter in the smb.conf(5) for a description of how to handle incoming WinPopup messages in Samba.

    Note: Copy WinPopup into the startup group on your WfWg PCs if you want them to always be able to receive messages.

    -p port

    This number is the TCP port number that will be used @@ -137,7 +137,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -182,7 +182,7 @@ via the ps command. To be safe always allow rpcclient to prompt for a password and type it in directly.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -i <scope>

    This specifies a NetBIOS scope that @@ -267,7 +267,7 @@ options.

    -T tar options

    smbcli only of any use with the tar -T option.

    -c command string

    command string is a semicolon-separated list of commands to be executed instead of prompting from stdin. -N is implied by -c.

    This is particularly useful in scripts and for printing stdin - to the server, e.g. -c 'print -'.

    OPERATIONS

    Once the client is running, the user is presented with + to the server, e.g. -c 'print -'.

    OPERATIONS

    Once the client is running, the user is presented with a prompt :

    smb:\>

    The backslash ("\\") indicates the current working directory on the server, and will change if the current working directory is changed.

    The prompt indicates that the client is ready and waiting to @@ -464,14 +464,14 @@ options.

    -T tar options

    smbcli

    vuid <number>

    Changes the currently used vuid in the protocol to the given arbitrary number. Without an argument prints out the current vuid being used. Used for internal Samba testing purposes. -

    NOTES

    Some servers are fussy about the case of supplied usernames, +

    NOTES

    Some servers are fussy about the case of supplied usernames, passwords, share names (AKA service names) and machine names. If you fail to connect try giving all parameters in uppercase.

    It is often necessary to use the -n option when connecting to some types of servers. For example OS/2 LanManager insists on a valid NetBIOS name being used, so you need to supply a valid name that would be known to the server.

    smbclient supports long file names where the server - supports the LANMAN2 protocol or above.

    ENVIRONMENT VARIABLES

    The variable USER may contain the + supports the LANMAN2 protocol or above.

    ENVIRONMENT VARIABLES

    The variable USER may contain the username of the person using the client. This information is used only if the protocol level is high enough to support session-level passwords.

    The variable PASSWD may contain @@ -481,7 +481,7 @@ options.

    -T tar options

    smbcli the path, executed with system(), which the client should connect to instead of connecting to a server. This functionality is primarily intended as a development aid, and works best when using a LMHOSTS - file

    INSTALLATION

    The location of the client program is a matter for + file

    INSTALLATION

    The location of the client program is a matter for individual system administrators. The following are thus suggestions only.

    It is recommended that the smbclient software be installed in the /usr/local/samba/bin/ or @@ -490,18 +490,18 @@ options.

    -T tar options

    smbcli be executable by all. The client should NOT be setuid or setgid!

    The client log files should be put in a directory readable and writeable only by the user.

    To test the client, you will need to know the name of a - running SMB/CIFS server. It is possible to run smbd(8) as an ordinary user - running that server as a daemon + running SMB/CIFS server. It is possible to run smbd(8) as an ordinary user - running that server as a daemon on a user-accessible port (typically any port number over 1024) - would provide a suitable test server.

    DIAGNOSTICS

    Most diagnostics issued by the client are logged in a + would provide a suitable test server.

    DIAGNOSTICS

    Most diagnostics issued by the client are logged in a specified log file. The log file name is specified at compile time, but may be overridden on the command line.

    The number and nature of diagnostics available depends on the debug level used by the client. If you have problems, - set the debug level to 3 and peruse the log files.

    VERSION

    This man page is correct for version 3.2 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities + set the debug level to 3 and peruse the log files.

    VERSION

    This man page is correct for version 3.2 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 diff --git a/docs/htmldocs/manpages/smbcontrol.1.html b/docs/htmldocs/manpages/smbcontrol.1.html index 0c092546d1..013be4f7de 100644 --- a/docs/htmldocs/manpages/smbcontrol.1.html +++ b/docs/htmldocs/manpages/smbcontrol.1.html @@ -1,5 +1,5 @@ -smbcontrol

    Name

    smbcontrol — send messages to smbd, nmbd or winbindd processes

    Synopsis

    smbcontrol [-i] [-s]

    smbcontrol [destination] [message-type] [parameter]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbcontrol is a very small program, which - sends messages to a smbd(8), a nmbd(8), or a winbindd(8) daemon running on the system.

    OPTIONS

    -h|--help

    Print a summary of command line options. +smbcontrol

    Name

    smbcontrol — send messages to smbd, nmbd or winbindd processes

    Synopsis

    smbcontrol [-i] [-s]

    smbcontrol [destination] [message-type] [parameter]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbcontrol is a very small program, which + sends messages to a smbd(8), a nmbd(8), or a winbindd(8) daemon running on the system.

    OPTIONS

    -h|--help

    Print a summary of command line options.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The information in this file includes server-specific @@ -16,7 +16,7 @@ compile time.

    -i

    Run interactiv nmbd.pid file.

    If a single process ID is given, the message is sent to only that process.

    message-type

    Type of message to send. See the section MESSAGE-TYPES for details. -

    parameters

    any parameters required for the message-type

    MESSAGE-TYPES

    Available message types are:

    close-share

    Order smbd to close the client +

    parameters

    any parameters required for the message-type

    MESSAGE-TYPES

    Available message types are:

    close-share

    Order smbd to close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the share name for which client connections will be closed, or the @@ -59,13 +59,13 @@ compile time.

    -i

    Run interactiv to update their local version of the driver. Can only be sent to smbd.

    reload-config

    Force daemon to reload smb.conf configuration file. Can be sent to smbd, nmbd, or winbindd. -

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    nmbd(8) and smbd(8).

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nmbd(8) and smbd(8).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for diff --git a/docs/htmldocs/manpages/smbcquotas.1.html b/docs/htmldocs/manpages/smbcquotas.1.html index 80dcf4b2a4..036033ba4b 100644 --- a/docs/htmldocs/manpages/smbcquotas.1.html +++ b/docs/htmldocs/manpages/smbcquotas.1.html @@ -1,4 +1,4 @@ -smbcquotas

    Name

    smbcquotas — Set or get QUOTAs of NTFS 5 shares

    Synopsis

    smbcquotas {//server/share} [-u user] [-L] [-F] [-S QUOTA_SET_COMMAND] [-n] [-t] [-v] [-d debuglevel] [-s configfile] [-l logdir] [-V] [-U username] [-N] [-k] [-A]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcquotas program manipulates NT Quotas on SMB file shares.

    OPTIONS

    The following options are available to the smbcquotas program.

    -u user

    Specifies the user of whom the quotas are get or set. +smbcquotas

    Name

    smbcquotas — Set or get QUOTAs of NTFS 5 shares

    Synopsis

    smbcquotas {//server/share} [-u user] [-L] [-F] [-S QUOTA_SET_COMMAND] [-n] [-t] [-v] [-d debuglevel] [-s configfile] [-l logdir] [-V] [-U username] [-N] [-k] [-A]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcquotas program manipulates NT Quotas on SMB file shares.

    OPTIONS

    The following options are available to the smbcquotas program.

    -u user

    Specifies the user of whom the quotas are get or set. By default the current user's username will be used.

    -L

    Lists all quota records of the share.

    -F

    Show the share quota status and default limits.

    -S QUOTA_SET_COMMAND

    This command sets/modifies quotas for a user or on the share, depending on the QUOTA_SET_COMMAND parameter which is described later.

    -n

    This option displays all QUOTA information in numeric format. The default is to convert SIDs to names and QUOTA limits @@ -19,7 +19,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -62,7 +62,7 @@ on the file restrict access from unwanted users. See the many systems the command line of a running process may be seen via the ps command. To be safe always allow rpcclient to prompt for a password and type -it in directly.

    QUOTA_SET_COMAND

    The format of an the QUOTA_SET_COMMAND is an operation +it in directly.

    QUOTA_SET_COMAND

    The format of an the QUOTA_SET_COMMAND is an operation name followed by a set of parameters specific to that operation.

    To set user quotas for the user specified by -u or for the current username:

    @@ -74,13 +74,13 @@ it in directly.

    FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT -

    All limits are specified as a number of bytes.

    EXIT STATUS

    The smbcquotas program sets the exit status +

    All limits are specified as a number of bytes.

    EXIT STATUS

    The smbcquotas program sets the exit status depending on the success or otherwise of the operations performed. The exit status may be one of the following values.

    If the operation succeeded, smbcquotas returns an exit status of 0. If smbcquotas couldn't connect to the specified server, or when there was an error getting or setting the quota(s), an exit status of 1 is returned. If there was an error parsing any command line - arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities + arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    smbcquotas was written by Stefan Metzmacher.

    diff --git a/docs/htmldocs/manpages/smbd.8.html b/docs/htmldocs/manpages/smbd.8.html index d7aa0fcc6b..1c7fb288bc 100644 --- a/docs/htmldocs/manpages/smbd.8.html +++ b/docs/htmldocs/manpages/smbd.8.html @@ -1,4 +1,4 @@ -smbd

    Name

    smbd — server to provide SMB/CIFS services to clients

    Synopsis

    smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number(s)>] [-P <profiling level>] [-O <socket option>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    smbd is the server daemon that +smbd

    Name

    smbd — server to provide SMB/CIFS services to clients

    Synopsis

    smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number(s)>] [-P <profiling level>] [-O <socket option>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    smbd is the server daemon that provides filesharing and printing services to Windows clients. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. This is compatible @@ -8,10 +8,10 @@ OS/2, DAVE for Macintosh, and smbfs for Linux.

    An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those - services (see smb.conf(5). This man page will not describe the + services (see smb.conf(5). This man page will not describe the services, but will concentrate on the administrative aspects of running the server.

    Please note that there are significant security - implications to running this server, and the smb.conf(5) manual page should be regarded as mandatory reading before + implications to running this server, and the smb.conf(5) manual page should be regarded as mandatory reading before proceeding with installation.

    A session is created whenever a client requests one. Each client gets a copy of the server for each session. This copy then services all connections made by the client during @@ -21,7 +21,7 @@ can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to - disconnect from the service, or smbd killed and restarted.

    OPTIONS

    -D

    If specified, this parameter causes + disconnect from the service, or smbd killed and restarted.

    OPTIONS

    -D

    If specified, this parameter causes the server to operate as a daemon. That is, it detaches itself and runs in the background, fielding requests on the appropriate port. Operating the server as a @@ -60,7 +60,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -76,13 +76,13 @@ log.smbd, etc...). The log file is never removed by the client.

    -b

    Prints information about how Samba was built.

    -p|--port<port number(s)>

    port number(s) is a space or comma-separated list of TCP ports smbd should listen on. - The default value is taken from the ports parameter in smb.conf

    The default ports are 139 (used for SMB over NetBIOS over TCP) + The default value is taken from the ports parameter in smb.conf

    The default ports are 139 (used for SMB over NetBIOS over TCP) and port 445 (used for plain SMB over TCP).

    -P|--profiling-level<profiling level>

    profiling level is a number specifying the level of profiling data to be collected. 0 turns off profiling, 1 turns on counter profiling only, 2 turns on complete profiling, and 3 resets all profiling data. -

    FILES

    /etc/inetd.conf

    If the server is to be run by the +

    FILES

    /etc/inetd.conf

    If the server is to be run by the inetd meta-daemon, this file must contain suitable startup information for the meta-daemon. @@ -93,23 +93,23 @@ log.smbd, etc...). The log file is never removed by the client. meta-daemon inetd, this file must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp). -

    /usr/local/samba/lib/smb.conf

    This is the default location of the smb.conf(5) server configuration file. Other common places that systems +

    /usr/local/samba/lib/smb.conf

    This is the default location of the smb.conf(5) server configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/samba/smb.conf.

    This file describes all the services the server - is to make available to clients. See smb.conf(5) for more information.

    LIMITATIONS

    On some systems smbd cannot change uid back + is to make available to clients. See smb.conf(5) for more information.

    LIMITATIONS

    On some systems smbd cannot change uid back to root after a setuid() call. Such systems are called trapdoor uid systems. If you have such a system, you will be unable to connect from a client (such as a PC) as two different users at once. Attempts to connect the second user will result in access denied or - similar.

    ENVIRONMENT VARIABLES

    PRINTER

    If no printer name is specified to + similar.

    ENVIRONMENT VARIABLES

    PRINTER

    If no printer name is specified to printable services, most systems will use the value of this variable (or lp if this variable is not defined) as the name of the printer to use. This - is not specific to the server, however.

    PAM INTERACTION

    Samba uses PAM for authentication (when presented with a plaintext + is not specific to the server, however.

    PAM INTERACTION

    Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management. The degree too which samba supports PAM is restricted - by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater. When this is set, the following restrictions apply: + by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater. When this is set, the following restrictions apply:

    • Account Validation: All accesses to a samba server are checked against PAM to see if the account is vaild, not disabled and is permitted to @@ -119,8 +119,8 @@ log.smbd, etc...). The log file is never removed by the client. is granted. Note however, that this is bypassed in share level secuirty. Note also that some older pam configuration files may need a line added for session support. -

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    DIAGNOSTICS

    Most diagnostics issued by the server are logged +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    DIAGNOSTICS

    Most diagnostics issued by the server are logged in a specified log file. The log file name is specified at compile time, but may be overridden on the command line.

    The number and nature of diagnostics available depends on the debug level used by the server. If you have problems, set @@ -129,10 +129,10 @@ log.smbd, etc...). The log file is never removed by the client. available in the source code to warrant describing each and every diagnostic. At this stage your best bet is still to grep the source code and inspect the conditions that gave rise to the - diagnostics you are seeing.

    TDB FILES

    Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba.

    + diagnostics you are seeing.

    TDB FILES

    Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba.

    (*) information persistent across restarts (but not necessarily important to backup). -

    account_policy.tdb*

    NT account policy settings such as pw expiration, etc...

    brlock.tdb

    byte range locks

    browse.dat

    browse lists

    connections.tdb

    share connections (used to enforce max connections, etc...)

    gencache.tdb

    generic caching db

    group_mapping.tdb*

    group mapping information

    locking.tdb

    share modes & oplocks

    login_cache.tdb*

    bad pw attempts

    messages.tdb

    Samba messaging system

    netsamlogon_cache.tdb*

    cache of user net_info_3 struct from net_samlogon() request (as a domain member)

    ntdrivers.tdb*

    installed printer drivers

    ntforms.tdb*

    installed printer forms

    ntprinters.tdb*

    installed printer information

    printing/

    directory containing tdb per print queue of cached lpq output

    registry.tdb

    Windows registry skeleton (connect via regedit.exe)

    sessionid.tdb

    session information (e.g. support for 'utmp = yes')

    share_info.tdb*

    share acls

    winbindd_cache.tdb

    winbindd's cache of user lists, etc...

    winbindd_idmap.tdb*

    winbindd's local idmap db

    wins.dat*

    wins database when 'wins support = yes'

    SIGNALS

    Sending the smbd a SIGHUP will cause it to +

    account_policy.tdb*

    NT account policy settings such as pw expiration, etc...

    brlock.tdb

    byte range locks

    browse.dat

    browse lists

    connections.tdb

    share connections (used to enforce max connections, etc...)

    gencache.tdb

    generic caching db

    group_mapping.tdb*

    group mapping information

    locking.tdb

    share modes & oplocks

    login_cache.tdb*

    bad pw attempts

    messages.tdb

    Samba messaging system

    netsamlogon_cache.tdb*

    cache of user net_info_3 struct from net_samlogon() request (as a domain member)

    ntdrivers.tdb*

    installed printer drivers

    ntforms.tdb*

    installed printer forms

    ntprinters.tdb*

    installed printer information

    printing/

    directory containing tdb per print queue of cached lpq output

    registry.tdb

    Windows registry skeleton (connect via regedit.exe)

    sessionid.tdb

    session information (e.g. support for 'utmp = yes')

    share_info.tdb*

    share acls

    winbindd_cache.tdb

    winbindd's cache of user lists, etc...

    winbindd_idmap.tdb*

    winbindd's local idmap db

    wins.dat*

    wins database when 'wins support = yes'

    SIGNALS

    Sending the smbd a SIGHUP will cause it to reload its smb.conf configuration file within a short period of time.

    To shut down a user's smbd process it is recommended that SIGKILL (-9) NOT @@ -140,23 +140,23 @@ log.smbd, etc...). The log file is never removed by the client. memory area in an inconsistent state. The safe way to terminate an smbd is to send it a SIGTERM (-15) signal and wait for it to die on its own.

    The debug log level of smbd may be raised - or lowered using smbcontrol(1) program (SIGUSR[1|2] signals are no longer + or lowered using smbcontrol(1) program (SIGUSR[1|2] signals are no longer used since Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.

    Note that as the signal handlers send a debug write, they are not re-entrant in smbd. This you should wait until smbd is in a state of waiting for an incoming SMB before issuing them. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking - them after, however this would affect performance.

    SEE ALSO

    hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the + them after, however this would affect performance.

    SEE ALSO

    hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the Internet RFC's rfc1001.txt, rfc1002.txt. In addition the CIFS (formerly SMB) specification is available - as a link from the Web page - http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities + as a link from the Web page + http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for diff --git a/docs/htmldocs/manpages/smbget.1.html b/docs/htmldocs/manpages/smbget.1.html index ebe9e9419e..ecf3b08fb9 100644 --- a/docs/htmldocs/manpages/smbget.1.html +++ b/docs/htmldocs/manpages/smbget.1.html @@ -1,14 +1,14 @@ -smbget

    Name

    smbget — wget-like utility for download files over SMB

    Synopsis

    smbget [-a, --guest] [-r, --resume] [-R, --recursive] [-u, --username=STRING] [-p, --password=STRING] [-w, --workgroup=STRING] [-n, --nonprompt] [-d, --debuglevel=INT] [-D, --dots] [-P, --keep-permissions] [-o, --outputfile] [-f, --rcfile] [-q, --quiet] [-v, --verbose] [-b, --blocksize] [-?, --help] [--usage] {smb://host/share/path/to/file} [smb://url2/] [...]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. +smbget

    Name

    smbget — wget-like utility for download files over SMB

    Synopsis

    smbget [-a, --guest] [-r, --resume] [-R, --recursive] [-u, --username=STRING] [-p, --password=STRING] [-w, --workgroup=STRING] [-n, --nonprompt] [-d, --debuglevel=INT] [-D, --dots] [-P, --keep-permissions] [-o, --outputfile] [-f, --rcfile] [-q, --quiet] [-v, --verbose] [-b, --blocksize] [-?, --help] [--usage] {smb://host/share/path/to/file} [smb://url2/] [...]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line.

    The files should be in the smb-URL standard, e.g. use smb://host/share/file for the UNC path \\\\HOST\\SHARE\\file. -

    OPTIONS

    -a, --guest

    Work as user guest

    -r, --resume

    Automatically resume aborted files

    -R, --recursive

    Recursively download files

    -u, --username=STRING

    Username to use

    -p, --password=STRING

    Password to use

    -w, --workgroup=STRING

    Workgroup to use (optional)

    -n, --nonprompt

    Don't ask anything (non-interactive)

    -d, --debuglevel=INT

    Debuglevel to use

    -D, --dots

    Show dots as progress indication

    -P, --keep-permissions

    Set same permissions on local file as are set on remote file.

    -o, --outputfile

    Write the file that is being download to the specified file. Can not be used together with -R.

    -f, --rcfile

    Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.

    -q, --quiet

    Be quiet

    -v, --verbose

    Be verbose

    -b, --blocksize

    Number of bytes to download in a block. Defaults to 64000.

    -?, --help

    Show help message

    --usage

    Display brief usage message

    SMB URLS

    SMB URL's should be specified in the following format:

    +

    OPTIONS

    -a, --guest

    Work as user guest

    -r, --resume

    Automatically resume aborted files

    -R, --recursive

    Recursively download files

    -u, --username=STRING

    Username to use

    -p, --password=STRING

    Password to use

    -w, --workgroup=STRING

    Workgroup to use (optional)

    -n, --nonprompt

    Don't ask anything (non-interactive)

    -d, --debuglevel=INT

    Debuglevel to use

    -D, --dots

    Show dots as progress indication

    -P, --keep-permissions

    Set same permissions on local file as are set on remote file.

    -o, --outputfile

    Write the file that is being download to the specified file. Can not be used together with -R.

    -f, --rcfile

    Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.

    -q, --quiet

    Be quiet

    -v, --verbose

    Be verbose

    -b, --blocksize

    Number of bytes to download in a block. Defaults to 64000.

    -?, --help

    Show help message

    --usage

    Display brief usage message

    SMB URLS

    SMB URL's should be specified in the following format:

     smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]]
 
     smb:// means all the workgroups
 
     smb://name/ means, if name is a workgroup, all the servers in this workgroup, or if name is a server, all the shares on this server.
-

    EXAMPLES

    +

    EXAMPLES

     # Recursively download 'src' directory
 smbget -R smb://rhonwyn/jelmer/src
 # Download FreeBSD ISO and enable resuming
@@ -17,10 +17,10 @@ smbget -r smb://rhonwyn/isos/FreeBSD5.1.iso
 smbget -Rr smb://rhonwyn/isos
 # Backup my data on rhonwyn
 smbget -Rr smb://rhonwyn/
-

    BUGS

    Permission denied is returned in some cases where the cause of the error is unknown +

    BUGS

    Permission denied is returned in some cases where the cause of the error is unknown (such as an illegally formatted smb:// url or trying to get a directory without -R -turned on).

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    AUTHOR

    The original Samba software and related utilities +turned on).

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The smbget manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/smbgetrc.5.html b/docs/htmldocs/manpages/smbgetrc.5.html index ecc95a8ec3..f4f67c6ba5 100644 --- a/docs/htmldocs/manpages/smbgetrc.5.html +++ b/docs/htmldocs/manpages/smbgetrc.5.html @@ -1,17 +1,17 @@ -smbgetrc

    Name

    smbgetrc — configuration file for smbget

    Synopsis

    smbgetrc

    DESCRIPTION

    +smbgetrc

    Name

    smbgetrc — configuration file for smbget

    Synopsis

    smbgetrc

    DESCRIPTION

    This manual page documents the format and options of the smbgetrc - file. This is the configuration file used by the smbget(1) + file. This is the configuration file used by the smbget(1) utility. The file contains of key-value pairs, one pair on each line. The key and value should be separated by a space.

    By default, smbget reads its configuration from $HOME/.smbgetrc, though - other locations can be specified using the command-line options.

    OPTIONS

    + other locations can be specified using the command-line options.

    OPTIONS

    The following keys can be set:

    resume on|off

    Whether aborted downloads should be automatically resumed.

    recursive on|off

    Whether directories should be downloaded recursively

    username name

    Username to use when logging in to the remote server. Use an empty string for anonymous access. -

    password pass

    Password to use when logging in.

    workgroup wg

    Workgroup to use when logging in

    nonprompt on|off

    Turns off asking for username and password. Useful for scripts.

    debuglevel int

    (Samba) debuglevel to run at. Useful for tracking down protocol level problems.

    dots on|off

    Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator.

    blocksize int

    Number of bytes to put in a block.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    smbget(1) and Samba(7). -

    AUTHOR

    The original Samba software and related utilities +

    password pass

    Password to use when logging in.

    workgroup wg

    Workgroup to use when logging in

    nonprompt on|off

    Turns off asking for username and password. Useful for scripts.

    debuglevel int

    (Samba) debuglevel to run at. Useful for tracking down protocol level problems.

    dots on|off

    Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator.

    blocksize int

    Number of bytes to put in a block.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbget(1) and Samba(7). +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    This manual page was written by Jelmer Vernooij

    diff --git a/docs/htmldocs/manpages/smbmnt.8.html b/docs/htmldocs/manpages/smbmnt.8.html deleted file mode 100644 index 2706d6f556..0000000000 --- a/docs/htmldocs/manpages/smbmnt.8.html +++ /dev/null @@ -1,24 +0,0 @@ -smbmnt

    Name

    smbmnt — helper utility for mounting SMB filesystems

    Synopsis

    smbmnt {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>] [-h]

    DESCRIPTION

    smbmnt is a helper application used - by the smbmount program to do the actual mounting of SMB shares. - smbmnt can be installed setuid root if you want - normal users to be able to mount their SMB shares.

    A setuid smbmnt will only allow mounts on directories owned - by the user, and that the user has write permission on.

    The smbmnt program is normally invoked - by smbmount(8). It should not be invoked directly by users.

    smbmount searches the normal PATH for smbmnt. You must ensure - that the smbmnt version in your path matches the smbmount used.

    OPTIONS

    -r

    mount the filesystem read-only -

    -u uid

    specify the uid that the files will - be owned by

    -g gid

    specify the gid that the files will be - owned by

    -f mask

    specify the octal file mask applied -

    -d mask

    specify the octal directory mask - applied

    -o options

    - list of options that are passed as-is to smbfs, if this - command is run on a 2.4 or higher Linux kernel. -

    -h|--help

    Print a summary of command line options. -

    AUTHOR

    Volker Lendecke, Andrew Tridgell, Michael H. Warfield - and others.

    The current maintainer of smbfs and the userspace - tools smbmount, smbumount, - and smbmnt is Urban Widmark. - The SAMBA Mailing list - is the preferred place to ask questions regarding these programs. -

    The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.

    diff --git a/docs/htmldocs/manpages/smbmount.8.html b/docs/htmldocs/manpages/smbmount.8.html deleted file mode 100644 index 4ff97eaecf..0000000000 --- a/docs/htmldocs/manpages/smbmount.8.html +++ /dev/null @@ -1,110 +0,0 @@ -smbmount

    Name

    smbmount — mount an smbfs filesystem

    Synopsis

    smbmount {service} {mount-point} [-o options]

    DESCRIPTION

    smbmount mounts a Linux SMB filesystem. It - is usually invoked as mount.smbfs by - the mount(8) command when using the - "-t smbfs" option. This command only works in Linux, and the kernel must - support the smbfs filesystem.

    WARNING: smbmount is deprecated and not - maintained any longer. mount.cifs (mount -t cifs) - should be used instead of smbmount.

    Options to smbmount are specified as a comma-separated - list of key=value pairs. It is possible to send options other - than those listed here, assuming that smbfs supports them. If - you get mount failures, check your kernel log for errors on - unknown options.

    smbmount is a daemon. After mounting it keeps running until - the mounted smbfs is umounted. It will log things that happen - when in daemon mode using the "machine name" smbmount, so - typically this output will end up in log.smbmount. The - smbmount process may also be called mount.smbfs.

    Note

    smbmount - calls smbmnt(8) to do the actual mount. You - must make sure that smbmnt is in the path so - that it can be found.

    OPTIONS

    username=<arg>

    - specifies the username to connect as. If this is not given, then the environment variable USER - is used. This option can also take the form "user%password" or "user/workgroup" or "user/workgroup%password" - to allow the password and workgroup to be specified as part of the username. -

    password=<arg>

    - specifies the SMB password. If this option is not given then the environment - variable PASSWD is used. If it can find no password - smbmount will prompt for a password, unless the guest option is given. -

    - Note that passwords which contain the argument delimiter character (i.e. a comma ',') will failed to be parsed - correctly on the command line. However, the same password defined in the PASSWD environment variable or a - credentials file (see below) will be read correctly. -

    credentials=<filename>

    specifies a file that contains a username and/or password. -The format of the file is: -

    -username=value
-password=value
-

    This is preferred over having passwords in plaintext in a - shared file, such as /etc/fstab. Be sure to protect any - credentials file properly. -

    krb

    Use kerberos (Active Directory).

    netbiosname=<arg>

    sets the source NetBIOS name. It defaults - to the local hostname.

    uid=<arg>

    sets the uid that will own all files on - the mounted filesystem. - It may be specified as either a username or a numeric uid. -

    gid=<arg>

    sets the gid that will own all files on - the mounted filesystem. - It may be specified as either a groupname or a numeric - gid.

    port=<arg>

    sets the remote SMB port number. The default - is 445, fallback is 139.

    fmask=<arg>

    sets the file mask. This determines the - permissions that remote files have in the local filesystem. - This is not a umask, but the actual permissions for the files. - The default is based on the current umask.

    dmask=<arg>

    Sets the directory mask. This determines the - permissions that remote directories have in the local filesystem. - This is not a umask, but the actual permissions for the directories. - The default is based on the current umask.

    debug=<arg>

    Sets the debug level. This is useful for - tracking down SMB connection problems. A suggested value to - start with is 4. If set too high there will be a lot of - output, possibly hiding the useful output.

    ip=<arg>

    Sets the destination host or IP address. -

    workgroup=<arg>

    Sets the workgroup on the destination

    sockopt=<arg>

    Sets the TCP socket options. See the smb.conf(5) socket options option. -

    scope=<arg>

    Sets the NetBIOS scope

    guest

    Don't prompt for a password

    ro

    mount read-only

    rw

    mount read-write

    iocharset=<arg>

    - sets the charset used by the Linux side for codepage - to charset translations (NLS). Argument should be the - name of a charset, like iso8859-1. (Note: only kernel - 2.4.0 or later) -

    codepage=<arg>

    - sets the codepage the server uses. See the iocharset - option. Example value cp850. (Note: only kernel 2.4.0 - or later) -

    ttl=<arg>

    - sets how long a directory listing is cached in milliseconds - (also affects visibility of file size and date - changes). A higher value means that changes on the - server take longer to be noticed but it can give - better performance on large directories, especially - over long distances. Default is 1000ms but something - like 10000ms (10 seconds) is probably more reasonable - in many cases. - (Note: only kernel 2.4.2 or later) -

    ENVIRONMENT VARIABLES

    The variable USER may contain the username of the - person using the client. This information is used only if the - protocol level is high enough to support session-level - passwords. The variable can be used to set both username and - password by using the format username%password.

    The variable PASSWD may contain the password of the - person using the client. This information is used only if the - protocol level is high enough to support session-level - passwords.

    The variable PASSWD_FILE may contain the pathname - of a file to read the password from. A single line of input is - read and used as the password.

    OTHER COMMANDS

    - File systems that have been mounted using the smbmount - can be unmounted using the smbumount or the UNIX system - umount command. -

    BUGS

    Passwords and other options containing , can not be handled. - For passwords an alternative way of passing them is in a credentials - file or in the PASSWD environment.

    The credentials file does not handle usernames or passwords with - leading space.

    One smbfs bug is important enough to mention here, even if it - is a bit misplaced:

    • Mounts sometimes stop working. This is usually - caused by smbmount terminating. Since smbfs needs smbmount to - reconnect when the server disconnects, the mount will eventually go - dead. An umount/mount normally fixes this. At least 2 ways to - trigger this bug are known.

    Note that the typical response to a bug report is suggestion - to try the latest version first. So please try doing that first, - and always include which versions you use of relevant software - when reporting bugs (minimum: samba, kernel, distribution)

    SEE ALSO

    Documentation/filesystems/smbfs.txt in the linux kernel - source tree may contain additional options and information.

    FreeBSD also has a smbfs, but it is not related to smbmount

    For Solaris, HP-UX and others you may want to look at smbsh(1) or at other solutions, such as - Sharity or perhaps replacing the SMB server with a NFS server.

    AUTHOR

    Volker Lendecke, Andrew Tridgell, Michael H. Warfield - and others.

    The current maintainer of smbfs and the userspace - tools smbmount, smbumount, - and smbmnt is Urban Widmark. - The SAMBA Mailing list - is the preferred place to ask questions regarding these programs. -

    The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.

    diff --git a/docs/htmldocs/manpages/smbpasswd.5.html b/docs/htmldocs/manpages/smbpasswd.5.html index 53073de8ff..31715513f1 100644 --- a/docs/htmldocs/manpages/smbpasswd.5.html +++ b/docs/htmldocs/manpages/smbpasswd.5.html @@ -1,8 +1,8 @@ -smbpasswd

    Name

    smbpasswd — The Samba encrypted password file

    Synopsis

    smbpasswd

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbpasswd is the Samba encrypted password file. It contains +smbpasswd

    Name

    smbpasswd — The Samba encrypted password file

    Synopsis

    smbpasswd

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed. This file format has been evolving with - Samba and has had several different formats in the past.

    FILE FORMAT

    The format of the smbpasswd file used by Samba 2.2 + Samba and has had several different formats in the past.

    FILE FORMAT

    The format of the smbpasswd file used by Samba 2.2 is very similar to the familiar Unix passwd(5) file. It is an ASCII file containing one line for each user. Each field ithin each line is separated from the next by a colon. Any entry @@ -64,7 +64,7 @@ Password Hash and NT Password Hash are ignored). Note that this will only allow users to log on with no password if the null passwords parameter is set in the - smb.conf(5) config file.

  • D - This means the account + smb.conf(5) config file.

  • D - This means the account is disabled and no SMB/CIFS logins will be allowed for this user.

  • X - This means the password does not expire.

  • W - This means this account is a "Workstation Trust" account. This kind of account is used @@ -76,15 +76,15 @@ last modified. It consists of the characters 'LCT-' (standing for "Last Change Time") followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made. -

    • All other colon separated fields are ignored at this time.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    smbpasswd(8), Samba(7), and +

    All other colon separated fields are ignored at this time.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbpasswd(8), Samba(7), and the Internet RFC1321 for details on the MD4 algorithm. -

    AUTHOR

    The original Samba software and related utilities +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 diff --git a/docs/htmldocs/manpages/smbpasswd.8.html b/docs/htmldocs/manpages/smbpasswd.8.html index 6c200b6e9e..d857153f41 100644 --- a/docs/htmldocs/manpages/smbpasswd.8.html +++ b/docs/htmldocs/manpages/smbpasswd.8.html @@ -1,4 +1,4 @@ -smbpasswd

    Name

    smbpasswd — change a user's SMB password

    Synopsis

    smbpasswd [-a] [-c <config file>] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-W] [-i] [-L] [username]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbpasswd program has several different +smbpasswd

    Name

    smbpasswd — change a user's SMB password

    Synopsis

    smbpasswd [-a] [-c <config file>] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-W] [-i] [-L] [username]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbpasswd program has several different functions, depending on whether it is run by the root user or not. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store @@ -8,10 +8,10 @@ smbpasswd differs from how the passwd program works however in that it is not setuid root but works in a client-server mode and communicates with a - locally running smbd(8). As a consequence in order for this to + locally running smbd(8). As a consequence in order for this to succeed the smbd daemon must be running on the local machine. On a UNIX machine the encrypted SMB passwords are usually stored in - the smbpasswd(5) file.

    When run by an ordinary user with no options, smbpasswd + the smbpasswd(5) file.

    When run by an ordinary user with no options, smbpasswd will prompt them for their old SMB password and then ask them for their new password twice, to ensure that the new password was typed correctly. No passwords will be echoed on the screen @@ -25,7 +25,7 @@ the attributes of the user in this file to be made. When run by root, smbpasswd accesses the local smbpasswd file directly, thus enabling changes to be made even if smbd is not - running.

    OPTIONS

    -a

    + running.

    OPTIONS

    -a

    This option specifies that the username following should be added to the local smbpasswd file, with the new password typed (type <Enter> for the old password). This option is ignored if the username following already exists in the smbpasswd file and it is treated like a regular change password command. Note that the @@ -46,7 +46,7 @@ is done all attempts to authenticate via SMB using this username will fail.

    If the smbpasswd file is in the 'old' format (pre-Samba 2.0 format) there is no space in the user's password entry to write - this information and the command will FAIL. See smbpasswd(5) for details on the 'old' and new password file formats. + this information and the command will FAIL. See smbpasswd(5) for details on the 'old' and new password file formats.

    This option is only available when running smbpasswd as root.

    -e

    This option specifies that the username following should be enabled in the local smbpasswd file, @@ -54,7 +54,7 @@ disabled this option has no effect. Once the account is enabled then the user will be able to authenticate via SMB once again.

    If the smbpasswd file is in the 'old' format, then smbpasswd will FAIL to enable the account. - See smbpasswd(5) for + See smbpasswd(5) for details on the 'old' and new password file formats.

    This option is only available when running smbpasswd as root.

    -D debuglevel

    debuglevel is an integer from 0 to 10. The default value if this parameter is not specified @@ -94,7 +94,7 @@ name of the host being connected to.

    The options are :"lmhosts", "host", "wins" and "bcast". They cause names to be resolved as follows:

    • lmhosts: Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup.

    • host: Do a standard host name to IP address resolution, using the system /etc/hosts , NIS, or DNS lookups. This method of name resolution @@ -110,7 +110,7 @@ interfaces parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet.

    The default order is lmhosts, host, wins, bcast - and without this parameter or any entry in the smb.conf(5) file the name resolution methods will + and without this parameter or any entry in the smb.conf(5) file the name resolution methods will be attempted in this order.

    -m

    This option tells smbpasswd that the account being changed is a MACHINE account. Currently this is used when Samba is being used as an NT Primary Domain Controller.

    This option is only available when running smbpasswd as root. @@ -128,7 +128,7 @@ is to aid people writing scripts to drive smbpasswd

    -w password

    This parameter is only available if Samba has been compiled with LDAP support. The -w switch is used to specify the password to be used with the - ldap admin dn. Note that the password is stored in + ldap admin dn. Note that the password is stored in the secrets.tdb and is keyed off of the admin's DN. This means that if the value of ldap admin dn ever changes, the password will need to be @@ -138,7 +138,7 @@

    This parameter is only available if Samba has been compiled with LDAP support. The -W switch is used to specify the password to be used with the - ldap admin dn. Note that the password is stored in + ldap admin dn. Note that the password is stored in the secrets.tdb and is keyed off of the admin's DN. This means that if the value of ldap admin dn ever changes, the password will need to be @@ -151,20 +151,20 @@ root only options to operate on. Only root can specify this parameter as only root has the permission needed to modify attributes directly in the local smbpasswd file. -

    NOTES

    Since smbpasswd works in client-server +

    NOTES

    Since smbpasswd works in client-server mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work. A common problem is to add a restriction to the hosts that may access the smbd running on the local machine by specifying either allow hosts or deny hosts entry in - the smb.conf(5) file and neglecting to + the smb.conf(5) file and neglecting to allow "localhost" access to the smbd.

    In addition, the smbpasswd command is only useful if Samba - has been set up to use encrypted passwords.

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    SEE ALSO

    smbpasswd(5), Samba(7).

    AUTHOR

    The original Samba software and related utilities + has been set up to use encrypted passwords.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbpasswd(5), Samba(7).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 diff --git a/docs/htmldocs/manpages/smbsh.1.html b/docs/htmldocs/manpages/smbsh.1.html index 461a87d909..99c4ec3997 100644 --- a/docs/htmldocs/manpages/smbsh.1.html +++ b/docs/htmldocs/manpages/smbsh.1.html @@ -1,10 +1,10 @@ -smbsh

    Name

    smbsh — Allows access to remote SMB shares - using UNIX commands

    Synopsis

    smbsh [-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logdir] [-L libdir]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbsh allows you to access an NT filesystem +smbsh

    Name

    smbsh — Allows access to remote SMB shares + using UNIX commands

    Synopsis

    smbsh [-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logdir] [-L libdir]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbsh allows you to access an NT filesystem using UNIX commands such as ls, egrep, and rcp. You must use a shell that is dynamically linked in order for smbsh - to work correctly.

    OPTIONS

    -W WORKGROUP

    Override the default workgroup specified in the - workgroup parameter of the smb.conf(5) file + to work correctly.

    OPTIONS

    -W WORKGROUP

    Override the default workgroup specified in the + workgroup parameter of the smb.conf(5) file for this session. This may be needed to connect to some servers.

    -U username[%pass]

    Sets the SMB username or username and password. If this option is not specified, the user will be prompted for @@ -33,7 +33,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -R <name resolve order>

    This option is used to determine what naming services and in what order to resolve host names to IP addresses. The option takes a space-separated @@ -42,7 +42,7 @@ They cause names to be resolved as follows :

      lmhosts(5) for details) +(see the lmhosts(5) for details) then any name type matches for lookup.

    • host: Do a standard host name to IP address resolution, using @@ -66,13 +66,13 @@ resolution methods as it depends on the target host being on a locally connected subnet.

    If this parameter is not set then the name resolve order defined in the smb.conf file parameter -() will be used. +(name resolve order) will be used.

    The default order is lmhosts, host, wins, bcast. Without -this parameter or any entry in the parameter of the smb.conf file, the name +this parameter or any entry in the name resolve order parameter of the smb.conf file, the name resolution methods will be attempted in this order.

    -L libdir

    This parameter specifies the location of the shared libraries used by smbsh. The default value is specified at compile time. -

    EXAMPLES

    To use the smbsh command, execute +

    EXAMPLES

    To use the smbsh command, execute smbsh from the prompt and enter the username and password that authenticates you to the machine running the Windows NT operating system. @@ -89,19 +89,19 @@ resolution methods will be attempted in this order.

    ls /smb/MYGROUP/<machine-name> will show the share names for that machine. You could then, for example, use the cd command to change directories, vi to - edit files, and rcp to copy files.

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    BUGS

    smbsh works by intercepting the standard + edit files, and rcp to copy files.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    BUGS

    smbsh works by intercepting the standard libc calls with the dynamically loaded versions in smbwrapper.o. Not all calls have been "wrapped", so some programs may not function correctly under smbsh .

    Programs which are not dynamically linked cannot make use of smbsh's functionality. Most versions of UNIX have a file command that will - describe how a program was linked.

    SEE ALSO

    smbd(8), smb.conf(5)

    AUTHOR

    The original Samba software and related utilities + describe how a program was linked.

    SEE ALSO

    smbd(8), smb.conf(5)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 diff --git a/docs/htmldocs/manpages/smbspool.8.html b/docs/htmldocs/manpages/smbspool.8.html index f3cd58c85f..b95dc7a249 100644 --- a/docs/htmldocs/manpages/smbspool.8.html +++ b/docs/htmldocs/manpages/smbspool.8.html @@ -1,4 +1,4 @@ -smbspool

    Name

    smbspool — send a print file to an SMB printer

    Synopsis

    smbspool {job} {user} {title} {copies} {options} [filename]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbspool is a very small print spooling program that +smbspool

    Name

    smbspool — send a print file to an SMB printer

    Synopsis

    smbspool {job} {user} {title} {copies} {options} [filename]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbspool is a very small print spooling program that sends a print file to an SMB printer. The command-line arguments are position-dependent for compatibility with the Common UNIX Printing System, but you can use smbspool with any printing system @@ -10,7 +10,7 @@ or argv[1] if that is not the case.

    Programs using the exec(2) functions can pass the URI in argv[0], while shell scripts must set the DEVICE_URI environment variable prior to - running smbspool.

    OPTIONS

    • The job argument (argv[1]) contains the + running smbspool.

    OPTIONS

    • The job argument (argv[1]) contains the job ID number and is presently not used by smbspool.

    • The user argument (argv[2]) contains the print user's name and is presently not used by smbspool. @@ -23,13 +23,13 @@ the print options in a single string and is currently not used by smbspool.

    • The filename argument (argv[6]) contains the name of the file to print. If this argument is not specified - then the print file is read from the standard input.

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    SEE ALSO

    smbd(8) and samba(7).

    AUTHOR

    smbspool was written by Michael Sweet + then the print file is read from the standard input.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbd(8) and samba(7).

    AUTHOR

    smbspool was written by Michael Sweet at Easy Software Products.

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 diff --git a/docs/htmldocs/manpages/smbstatus.1.html b/docs/htmldocs/manpages/smbstatus.1.html index abef01c4f9..714a31f3e6 100644 --- a/docs/htmldocs/manpages/smbstatus.1.html +++ b/docs/htmldocs/manpages/smbstatus.1.html @@ -1,5 +1,5 @@ -smbstatus

    Name

    smbstatus — report on current Samba connections

    Synopsis

    smbstatus [-P] [-b] [-d <debug level>] [-v] [-L] [-B] [-p] [-S] [-s <configuration file>] [-u <username>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbstatus is a very simple program to - list the current Samba connections.

    OPTIONS

    -P|--profile

    If samba has been compiled with the +smbstatus

    Name

    smbstatus — report on current Samba connections

    Synopsis

    smbstatus [-P] [-b] [-d <debug level>] [-v] [-L] [-B] [-p] [-S] [-s <configuration file>] [-u <username>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbstatus is a very simple program to + list the current Samba connections.

    OPTIONS

    -P|--profile

    If samba has been compiled with the profiling option, print only the contents of the profiling shared memory area.

    -b|--brief

    gives brief output.

    -d|--debuglevel=level

    level is an integer from 0 to 10. The default value if this parameter is @@ -13,7 +13,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -26,15 +26,15 @@ compile time.

    -l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

    -v|--verbose

    gives verbose output.

    -L|--locks

    causes smbstatus to only list locks.

    -B|--byterange

    causes smbstatus to include byte range locks. -

    -p|--processes

    print a list of smbd(8) processes and exit. +

    -p|--processes

    print a list of smbd(8) processes and exit. Useful for scripting.

    -S|--shares

    causes smbstatus to only list shares.

    -h|--help

    Print a summary of command line options. -

    -u|--user=<username>

    selects information relevant to username only.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    smbd(8) and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities +

    -u|--user=<username>

    selects information relevant to username only.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbd(8) and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 diff --git a/docs/htmldocs/manpages/smbtar.1.html b/docs/htmldocs/manpages/smbtar.1.html index 1049c82908..2ab1df276a 100644 --- a/docs/htmldocs/manpages/smbtar.1.html +++ b/docs/htmldocs/manpages/smbtar.1.html @@ -1,6 +1,6 @@ -smbtar

    Name

    smbtar — shell script for backing up SMB/CIFS shares - directly to UNIX tape drives

    Synopsis

    smbtar [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtar is a very small shell script on top - of smbclient(1) which dumps SMB shares directly to tape.

    OPTIONS

    -s server

    The SMB/CIFS server that the share resides +smbtar

    Name

    smbtar — shell script for backing up SMB/CIFS shares + directly to UNIX tape drives

    Synopsis

    smbtar [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtar is a very small shell script on top + of smbclient(1) which dumps SMB shares directly to tape.

    OPTIONS

    -s server

    The SMB/CIFS server that the share resides upon.

    -x service

    The share name on the server to connect to. The default is "backup".

    -X

    Exclude mode. Exclude filenames... from tar create or restore.

    -d directory

    Change to initial directory @@ -17,22 +17,22 @@ up if they have the archive bit set. The archive bit is reset after each file is read.

    -r

    Restore. Files are restored to the share from the tar file.

    -l log level

    Log (debug) level. Corresponds to the - -d flag of smbclient(1).

    ENVIRONMENT VARIABLES

    The $TAPE variable specifies the + -d flag of smbclient(1).

    ENVIRONMENT VARIABLES

    The $TAPE variable specifies the default tape device to write to. May be overridden - with the -t option.

    BUGS

    The smbtar script has different - options from ordinary tar and from smbclient's tar command.

    CAVEATS

    Sites that are more careful about security may not like + with the -t option.

    BUGS

    The smbtar script has different + options from ordinary tar and from smbclient's tar command.

    CAVEATS

    Sites that are more careful about security may not like the way the script handles PC passwords. Backup and restore work on entire shares; should work on file lists. smbtar works best - with GNU tar and may not work well with other versions.

    DIAGNOSTICS

    See the DIAGNOSTICS section for the smbclient(1) command.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    smbd(8), smbclient(1), smb.conf(5).

    AUTHOR

    The original Samba software and related utilities + with GNU tar and may not work well with other versions.

    DIAGNOSTICS

    See the DIAGNOSTICS section for the smbclient(1) command.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbd(8), smbclient(1), smb.conf(5).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.

    Ricky Poulten + to the way the Linux kernel is developed.

    Ricky Poulten wrote the tar extension and this man page. The smbtar - script was heavily rewritten and improved by Martin Kraemer. Many + script was heavily rewritten and improved by Martin Kraemer. Many thanks to everyone who suggested extensions, improvements, bug fixes, etc. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for diff --git a/docs/htmldocs/manpages/smbtree.1.html b/docs/htmldocs/manpages/smbtree.1.html index c221a1b77b..b03c5d4762 100644 --- a/docs/htmldocs/manpages/smbtree.1.html +++ b/docs/htmldocs/manpages/smbtree.1.html @@ -1,10 +1,10 @@ -smbtree

    Name

    smbtree — A text based smb network browser -

    Synopsis

    smbtree [-b] [-D] [-S]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtree is a smb browser program +smbtree

    Name

    smbtree — A text based smb network browser +

    Synopsis

    smbtree [-b] [-D] [-S]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtree is a smb browser program in text mode. It is similar to the "Network Neighborhood" found on Windows computers. It prints a tree with all the known domains, the servers in those domains and the shares on the servers. -

    OPTIONS

    -b

    Query network nodes by sending requests +

    OPTIONS

    -b

    Query network nodes by sending requests as broadcasts instead of querying the local master browser.

    -D

    Only print a list of all the domains known on broadcast or by the @@ -23,7 +23,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -67,8 +67,8 @@ many systems the command line of a running process may be seen via the ps command. To be safe always allow rpcclient to prompt for a password and type it in directly.

    -h|--help

    Print a summary of command line options. -

    VERSION

    This man page is correct for version 3.0 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The smbtree man page was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/smbumount.8.html b/docs/htmldocs/manpages/smbumount.8.html deleted file mode 100644 index 85b58cf5c2..0000000000 --- a/docs/htmldocs/manpages/smbumount.8.html +++ /dev/null @@ -1,17 +0,0 @@ -smbumount

    Name

    smbumount — smbfs umount for normal users

    Synopsis

    smbumount {mount-point}

    DESCRIPTION

    With this program, normal users can unmount smb-filesystems, - provided that it is suid root. smbumount has - been written to give normal Linux users more control over their - resources. It is safe to install this program suid root, because only - the user who has mounted a filesystem is allowed to unmount it again. - For root it is not necessary to use smbumount. The normal umount - program works perfectly well.

    WARNING: smbumount is deprecated and not - maintained any longer. umount.cifs - should be used instead of smbumount.

    OPTIONS

    mount-point

    The directory to unmount.

    SEE ALSO

    smbmount(8)

    AUTHOR

    Volker Lendecke, Andrew Tridgell, Michael H. Warfield - and others.

    The current maintainer of smbfs and the userspace - tools smbmount, smbumount, - and smbmnt is Urban Widmark. - The SAMBA Mailing list - is the preferred place to ask questions regarding these programs. -

    The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.

    diff --git a/docs/htmldocs/manpages/swat.8.html b/docs/htmldocs/manpages/swat.8.html index 267e25db78..7323edaf2e 100644 --- a/docs/htmldocs/manpages/swat.8.html +++ b/docs/htmldocs/manpages/swat.8.html @@ -1,10 +1,10 @@ -swat

    Name

    swat — Samba Web Administration Tool

    Synopsis

    swat [-s <smb config file>] [-a] [-P]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    swat allows a Samba administrator to - configure the complex smb.conf(5) file via a Web browser. In addition, +swat

    Name

    swat — Samba Web Administration Tool

    Synopsis

    swat [-s <smb config file>] [-a] [-P]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    swat allows a Samba administrator to + configure the complex smb.conf(5) file via a Web browser. In addition, a swat configuration page has help links to all the configurable options in the smb.conf file allowing an - administrator to easily look up the effects of any change.

    swat is run from inetd

    OPTIONS

    -s smb configuration file

    The default configuration file path is + administrator to easily look up the effects of any change.

    swat is run from inetd

    OPTIONS

    -s smb configuration file

    The default configuration file path is determined at compile time. The file specified contains - the configuration details required by the smbd(8) server. This is the file + the configuration details required by the smbd(8) server. This is the file that swat will modify. The information in this file includes server-specific information such as what printcap file to use, as well as @@ -28,7 +28,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -41,14 +41,14 @@ compile time.

    -l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

    -h|--help

    Print a summary of command line options. -

    INSTALLATION

    Swat is included as binary package with most distributions. The +

    INSTALLATION

    Swat is included as binary package with most distributions. The package manager in this case takes care of the installation and configuration. This section is only for those who have compiled swat from scratch.

    After you compile SWAT you need to run make install to install the swat binary and the various help files and images. A default install would put - these in:

    • /usr/local/samba/sbin/swat

    • /usr/local/samba/swat/images/*

    • /usr/local/samba/swat/help/*

    Inetd Installation

    You need to edit your /etc/inetd.conf + these in:

    • /usr/local/samba/sbin/swat

    • /usr/local/samba/swat/images/*

    • /usr/local/samba/swat/help/*

    Inetd Installation

    You need to edit your /etc/inetd.conf and /etc/services to enable SWAT to be launched via inetd.

    In /etc/services you need to add a line like this:

    swat 901/tcp

    Note for NIS/YP and LDAP users - you may need to rebuild the @@ -62,26 +62,26 @@ log.smbd, etc...). The log file is never removed by the client. /usr/local/samba/sbin/swat swat

    Once you have edited /etc/services and /etc/inetd.conf you need to send a HUP signal to inetd. To do this use kill -1 PID - where PID is the process ID of the inetd daemon.

    LAUNCHING

    To launch SWAT just run your favorite web browser and + where PID is the process ID of the inetd daemon.

    LAUNCHING

    To launch SWAT just run your favorite web browser and point it at "http://localhost:901/".

    Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent - in the clear over the wire.

    FILES

    /etc/inetd.conf

    This file must contain suitable startup + in the clear over the wire.

    FILES

    /etc/inetd.conf

    This file must contain suitable startup information for the meta-daemon.

    /etc/services

    This file must contain a mapping of service name (e.g., swat) to service port (e.g., 901) and protocol type - (e.g., tcp).

    /usr/local/samba/lib/smb.conf

    This is the default location of the smb.conf(5) server configuration file that swat edits. Other + (e.g., tcp).

    /usr/local/samba/lib/smb.conf

    This is the default location of the smb.conf(5) server configuration file that swat edits. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/smb.conf . This file describes all the services the server - is to make available to clients.

    WARNINGS

    swat will rewrite your smb.conf(5) file. It will rearrange the entries and delete all + is to make available to clients.

    WARNINGS

    swat will rewrite your smb.conf(5) file. It will rearrange the entries and delete all comments, include= and copy= options. If you have a carefully crafted - smb.conf then back it up or don't use swat!

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    SEE ALSO

    inetd(5), smbd(8), smb.conf(5)

    AUTHOR

    The original Samba software and related utilities + smb.conf then back it up or don't use swat!

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    inetd(5), smbd(8), smb.conf(5)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for diff --git a/docs/htmldocs/manpages/tdbbackup.8.html b/docs/htmldocs/manpages/tdbbackup.8.html index 6364bdf997..b77fc74348 100644 --- a/docs/htmldocs/manpages/tdbbackup.8.html +++ b/docs/htmldocs/manpages/tdbbackup.8.html @@ -1,8 +1,8 @@ -tdbbackup

    Name

    tdbbackup — tool for backing up and for validating the integrity of samba .tdb files

    Synopsis

    tdbbackup [-s suffix] [-v] [-h]

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbbackup is a tool that may be used to backup samba .tdb +tdbbackup

    Name

    tdbbackup — tool for backing up and for validating the integrity of samba .tdb files

    Synopsis

    tdbbackup [-s suffix] [-v] [-h]

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbbackup is a tool that may be used to backup samba .tdb files. This tool may also be used to verify the integrity of the .tdb files prior to samba startup or during normal operation. If it finds file damage and it finds a prior backup the backup file will be restored. -

    OPTIONS

    -h

    +

    OPTIONS

    -h

    Get help information.

    -s suffix

    The -s option allows the adminisistrator to specify a file @@ -11,7 +11,7 @@

    -v

    The -v will check the database for damages (currupt data) which if detected causes the backup to be restored. -

    COMMANDS

    GENERAL INFORMATION

    +

    COMMANDS

    GENERAL INFORMATION

    The tdbbackup utility can safely be run at any time. It was designed so that it can be used at any time to validate the integrity of tdb files, even during Samba operation. Typical usage for the command will be: @@ -29,7 +29,7 @@

  • *.tdb located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories. -

    • VERSION

    This man page is correct for version 3.0 of the Samba suite.

    AUTHOR

    +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. diff --git a/docs/htmldocs/manpages/tdbdump.8.html b/docs/htmldocs/manpages/tdbdump.8.html index 9fd92dd9a1..b971fc4a4b 100644 --- a/docs/htmldocs/manpages/tdbdump.8.html +++ b/docs/htmldocs/manpages/tdbdump.8.html @@ -1,9 +1,9 @@ -tdbdump

    Name

    tdbdump — tool for printing the contents of a TDB file

    Synopsis

    tdbdump {filename}

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbdump is a very simple utility that 'dumps' the +tdbdump

    Name

    tdbdump — tool for printing the contents of a TDB file

    Synopsis

    tdbdump {filename}

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbdump is a very simple utility that 'dumps' the contents of a TDB (Trivial DataBase) file to standard output in a human-readable format.

    This tool can be used when debugging problems with TDB files. It is intended for those who are somewhat familiar with Samba internals. -

    VERSION

    This man page is correct for version 3.0 of the Samba suite.

    AUTHOR

    +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. diff --git a/docs/htmldocs/manpages/tdbtool.8.html b/docs/htmldocs/manpages/tdbtool.8.html index 69f38adf91..12558728b2 100644 --- a/docs/htmldocs/manpages/tdbtool.8.html +++ b/docs/htmldocs/manpages/tdbtool.8.html @@ -1,12 +1,12 @@ -tdbtool

    Name

    tdbtool — manipulate the contents TDB files

    Synopsis

    tdbtool

    tdbtool +tdbtool

    Name

    tdbtool — manipulate the contents TDB files

    Synopsis

    tdbtool

    tdbtool TDBFILE [ COMMANDS - ...]

    DESCRIPTION

    This tool is part of the - samba(1) suite.

    tdbtool a tool for displaying and + ...]

    DESCRIPTION

    This tool is part of the + samba(1) suite.

    tdbtool a tool for displaying and altering the contents of Samba TDB (Trivial DataBase) files. Each of the commands listed below can be entered interactively or - provided on the command line.

    COMMANDS

    create + provided on the command line.

    COMMANDS

    create TDBFILE

    Create a new database named TDBFILE.

    open @@ -56,10 +56,10 @@

    quit

    Exit tdbtool. -

    CAVEATS

    The contents of the Samba TDB files are private +

    CAVEATS

    The contents of the Samba TDB files are private to the implementation and should not be altered with tdbtool. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/testparm.1.html b/docs/htmldocs/manpages/testparm.1.html index ff42f34ffe..9f991982bc 100644 --- a/docs/htmldocs/manpages/testparm.1.html +++ b/docs/htmldocs/manpages/testparm.1.html @@ -1,6 +1,6 @@ -testparm

    Name

    testparm — check an smb.conf configuration file for - internal correctness

    Synopsis

    testparm [-s] [-h] [-v] [-L <servername>] [-t <encoding>] {config filename} [hostname hostIP]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    testparm is a very simple test program - to check an smbd(8) configuration file for +testparm

    Name

    testparm — check an smb.conf configuration file for + internal correctness

    Synopsis

    testparm [-s] [-h] [-v] [-L <servername>] [-t <encoding>] {config filename} [hostname hostIP]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    testparm is a very simple test program + to check an smbd(8) configuration file for internal correctness. If this program reports no problems, you can use the configuration file with confidence that smbd will successfully load the configuration file.

    Note that this is NOT a guarantee that @@ -11,14 +11,14 @@ has access to each service.

    If testparm finds an error in the smb.conf file it returns an exit code of 1 to the calling program, else it returns an exit code of 0. This allows shell scripts - to test the output from testparm.

    OPTIONS

    -s

    Without this option, testparm + to test the output from testparm.

    OPTIONS

    -s

    Without this option, testparm will prompt for a carriage return after printing the service names and before dumping the service definitions.

    -h|--help

    Print a summary of command line options.

    -V

    Prints the program version number.

    -L servername

    Sets the value of the %L macro to servername. This is useful for testing include files specified with the %L macro.

    -v

    If this option is specified, testparm - will also output all options that were not used in smb.conf(5) and are thus set to their defaults.

    -t encoding

    + will also output all options that were not used in smb.conf(5) and are thus set to their defaults.

    -t encoding

    Output data in specified encoding.

    --parameter-name parametername

    Dumps the named parameter. If no section-name is set the view @@ -31,29 +31,29 @@ Dumps the named section.

    configfilename

    This is the name of the configuration file to check. If this parameter is not present then the - default smb.conf(5) file will be checked. + default smb.conf(5) file will be checked.

    hostname

    If this parameter and the following are specified, then testparm will examine the hosts allow and hosts deny - parameters in the smb.conf(5) file to + parameters in the smb.conf(5) file to determine if the hostname with this IP address would be allowed access to the smbd server. If this parameter is supplied, the hostIP parameter must also be supplied.

    hostIP

    This is the IP address of the host specified in the previous parameter. This address must be supplied - if the hostname parameter is supplied.

    FILES

    smb.conf(5)

    This is usually the name of the configuration - file used by smbd(8). -

    DIAGNOSTICS

    The program will issue a message saying whether the + if the hostname parameter is supplied.

    FILES

    smb.conf(5)

    This is usually the name of the configuration + file used by smbd(8). +

    DIAGNOSTICS

    The program will issue a message saying whether the configuration file loaded OK or not. This message may be preceded by errors and warnings if the file did not load. If the file was loaded OK, the program then dumps all known service details - to stdout.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    smb.conf(5), smbd(8)

    AUTHOR

    The original Samba software and related utilities + to stdout.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smb.conf(5), smbd(8)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 diff --git a/docs/htmldocs/manpages/umount.cifs.8.html b/docs/htmldocs/manpages/umount.cifs.8.html index fc61900300..2fdd2c5cc8 100644 --- a/docs/htmldocs/manpages/umount.cifs.8.html +++ b/docs/htmldocs/manpages/umount.cifs.8.html @@ -1,6 +1,6 @@ -umount.cifs

    Name

    umount.cifs — for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts

    Synopsis

    umount.cifs {mount-point} [-nVvhfle]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    umount.cifs unmounts a Linux CIFS filesystem. It can be invoked +umount.cifs

    Name

    umount.cifs — for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts

    Synopsis

    umount.cifs {mount-point} [-nVvhfle]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    umount.cifs unmounts a Linux CIFS filesystem. It can be invoked indirectly by the -umount(8) command +umount(8) command when umount.cifs is in /sbin directory, unless you specify the "-i" option to umount. Specifying -i to umount avoids execution of umount helpers such as umount.cifs. The umount.cifs command only works in Linux, and the kernel must support the cifs filesystem. The CIFS protocol is the successor to the SMB protocol and is supported by most Windows servers and many other @@ -11,25 +11,25 @@ by the popular Open Source server Samba. It is possible to set the mode for umount.cifs to setuid root (or equivalently update the /etc/permissions file) to allow non-root users to umount shares to directories for which they have write permission. The umount.cifs utility is typically not needed if unmounts need only be performed by root users, or if user mounts and unmounts -can rely on specifying explicit entries in /etc/fstab See

    fstab(5)

    OPTIONS

    --verbose

    print additional debugging information

    --no-mtab

    Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information)

    NOTES

    This command is normally intended to be installed setuid (since root users can already run unmount). An alternative to using umount.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab

    CONFIGURATION

    +can rely on specifying explicit entries in /etc/fstab See

    fstab(5)

    OPTIONS

    --verbose

    print additional debugging information

    --no-mtab

    Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information)

    NOTES

    This command is normally intended to be installed setuid (since root users can already run unmount). An alternative to using umount.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab

    CONFIGURATION

    The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem. In the directory /proc/fs/cifs are various configuration files and pseudo files which can display debug information. For more information see the kernel file fs/cifs/README. -

    BUGS

    At this time umount.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time). +

    BUGS

    At this time umount.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time).

    If the same mount point is mounted multiple times by cifs, umount.cifs will remove all of the matching entries from the mount table (although umount.cifs will actually only unmount the last one), rather than only removing the last matching entry in /etc/mtab. The pseudofile /proc/mounts will display correct information though, and the lack of an entry in /etc/mtab does not prevent subsequent unmounts.

    Note that the typical response to a bug report is a suggestion to try the latest version first. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: umount.cifs (try umount.cifs -V), kernel (see /proc/version) and server type you are trying to contact. -

    VERSION

    This man page is correct for version 1.34 of - the cifs vfs filesystem (roughly Linux kernel 2.6.12).

    SEE ALSO

    +

    VERSION

    This man page is correct for version 1.34 of + the cifs vfs filesystem (roughly Linux kernel 2.6.12).

    SEE ALSO

    Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel source tree may contain additional options and information. -

    mount.cifs(8)

    AUTHOR

    Steve French

    The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount.cifs.8. The man page was created by Steve French

    The maintainer of the Linux cifs vfs and the userspace - tool umount.cifs is Steve French. - The Linux CIFS Mailing list +

    mount.cifs(8)

    AUTHOR

    Steve French

    The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount.cifs.8. The man page was created by Steve French

    The maintainer of the Linux cifs vfs and the userspace + tool umount.cifs is Steve French. + The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs.

    diff --git a/docs/htmldocs/manpages/vfs_audit.8.html b/docs/htmldocs/manpages/vfs_audit.8.html index 3a7922853e..fdbc2087ea 100644 --- a/docs/htmldocs/manpages/vfs_audit.8.html +++ b/docs/htmldocs/manpages/vfs_audit.8.html @@ -1,19 +1,19 @@ -vfs_audit

    Name

    vfs_audit — record selected Samba VFS operations in the system log

    Synopsis

    vfs objects = audit

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_audit VFS module records selected +vfs_audit

    Name

    vfs_audit — record selected Samba VFS operations in the system log

    Synopsis

    vfs objects = audit

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_audit VFS module records selected client operations to the system log using - syslog(3).

    The following Samba VFS operations are recorded:

    connect
    disconnect
    opendir
    mkdir
    rmdir
    open
    close
    rename
    unlink
    chmod
    fchmod
    chmod_acl
    fchmod_acl

    This module is stackable.

    OPTIONS

    audit:facility = FACILITY

    Log messages to the named - syslog(3) facility. + syslog(3).

    The following Samba VFS operations are recorded:

    connect
    disconnect
    opendir
    mkdir
    rmdir
    open
    close
    rename
    unlink
    chmod
    fchmod
    chmod_acl
    fchmod_acl

    This module is stackable.

    OPTIONS

    audit:facility = FACILITY

    Log messages to the named + syslog(3) facility.

    audit:priority = PRIORITY

    Log messages with the named - syslog(3) priority. -

    EXAMPLES

    Log operations on all shares using the LOCAL1 facility + syslog(3) priority. +

    EXAMPLES

    Log operations on all shares using the LOCAL1 facility and NOTICE priority:

             [global]
-	vfs objects = audit
-	audit:facility = LOCAL1
-	audit:priority = NOTICE
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = audit + audit:facility = LOCAL1 + audit:priority = NOTICE +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_cacheprime.8.html b/docs/htmldocs/manpages/vfs_cacheprime.8.html index 73b4fb2f7a..113c42710f 100644 --- a/docs/htmldocs/manpages/vfs_cacheprime.8.html +++ b/docs/htmldocs/manpages/vfs_cacheprime.8.html @@ -1,5 +1,5 @@ -vfs_cacheprime

    Name

    vfs_cacheprime — prime the kernel file data cache

    Synopsis

    vfs objects = cacheprime

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_cacheprime VFS module reads chunks +vfs_cacheprime

    Name

    vfs_cacheprime — prime the kernel file data cache

    Synopsis

    vfs objects = cacheprime

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_cacheprime VFS module reads chunks of file data near the range requested by clients in order to make sure the data is present in the kernel file data cache at the time when it is actually requested by clients.

    The size of the disk read operations performed @@ -7,20 +7,20 @@ cacheprime:rsize option. All disk read operations are aligned on boundaries that are a multiple of this size. Each range of the file data is primed at most once during the time the client - has the file open.

    This module is stackable.

    OPTIONS

    cacheprime:rsize = BYTES

    The number of bytes with which to prime - the kernel data cache.

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    For a hypothetical disk array, it is necessary to ensure + has the file open.

    This module is stackable.

    OPTIONS

    cacheprime:rsize = BYTES

    The number of bytes with which to prime + the kernel data cache.

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    For a hypothetical disk array, it is necessary to ensure that all read operations are of size 1 megabyte (1048576 bytes), and aligned on 1 megabyte boundaries: 

     	[hypothetical]
-	vfs objects = cacheprime
-	cacheprime:rsize = 1M
-

    CAVEATS

    cacheprime is not a a substitute for + vfs objects = cacheprime + cacheprime:rsize = 1M +

    CAVEATS

    cacheprime is not a a substitute for a general-purpose readahead mechanism. It is intended for use only in very specific environments where disk operations must be aligned and sized to known values (as much as that is possible). -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_cap.8.html b/docs/htmldocs/manpages/vfs_cap.8.html index 4c6cf7c6c8..7e8ae0158e 100644 --- a/docs/htmldocs/manpages/vfs_cap.8.html +++ b/docs/htmldocs/manpages/vfs_cap.8.html @@ -1,17 +1,17 @@ -vfs_cap

    Name

    vfs_cap — CAP encode filenames

    Synopsis

    vfs objects = cap

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    CAP (Columbia Appletalk Protocol) encoding is a +vfs_cap

    Name

    vfs_cap — CAP encode filenames

    Synopsis

    vfs objects = cap

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    CAP (Columbia Appletalk Protocol) encoding is a technique for representing non-ASCII filenames in ASCII. The vfs_cap VFS module translates filenames to and from CAP format, allowing users to name files in their native encoding.

    CAP encoding is most commonly - used in Japanese language environments.

    This module is stackable.

    EXAMPLES

    On a system using GNU libiconv, use CAP encoding to support + used in Japanese language environments.

    This module is stackable.

    EXAMPLES

    On a system using GNU libiconv, use CAP encoding to support users in the Shift_JIS locale:

             [global]
-	dos charset = CP932
-	dos charset = CP932
-	vfs objects = cap
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + dos charset = CP932 + dos charset = CP932 + vfs objects = cap +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_catia.8.html b/docs/htmldocs/manpages/vfs_catia.8.html index eb83c79511..84a53bb1d5 100644 --- a/docs/htmldocs/manpages/vfs_catia.8.html +++ b/docs/htmldocs/manpages/vfs_catia.8.html @@ -1,14 +1,14 @@ -vfs_catia

    Name

    vfs_catia — translate illegal characters in Catia filenames

    Synopsis

    vfs objects = catia

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The Catia CAD package commonly creates filenames that +vfs_catia

    Name

    vfs_catia — translate illegal characters in Catia filenames

    Synopsis

    vfs objects = catia

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The Catia CAD package commonly creates filenames that use characters that are illegal in CIFS filenames. The vfs_catia VFS module implements a fixed character mapping so that these files can be shared with CIFS clients. -

    This module is stackable.

    EXAMPLES

    Map Catia filenames on the [CAD] share:

    +	
    This module is stackable.

    EXAMPLES

    Map Catia filenames on the [CAD] share:

             [CAD]
-	path = /data/cad
-	vfs objects = catia
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /data/cad + vfs objects = catia +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_commit.8.html b/docs/htmldocs/manpages/vfs_commit.8.html index 203f420122..59fd831f13 100644 --- a/docs/htmldocs/manpages/vfs_commit.8.html +++ b/docs/htmldocs/manpages/vfs_commit.8.html @@ -1,5 +1,5 @@ -vfs_commit

    Name

    vfs_commit — flush dirty data at specified intervals

    Synopsis

    vfs objects = commit

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_commit VFS module keeps track of +vfs_commit

    Name

    vfs_commit — flush dirty data at specified intervals

    Synopsis

    vfs objects = commit

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_commit VFS module keeps track of the amount of data written to a file and synchronizes it to disk when a specified amount accumulates.

    vfs_commit is useful in two @@ -7,18 +7,18 @@ impact of unexpected power loss can be minimized by a small commit:dthresh value. Secondly, write performance can be improved on some systems by flushing file data early and at - regular intervals.

    This module is stackable.

    OPTIONS

    commit:dthresh = BYTES

    Synchronize file data each time the specified + regular intervals.

    This module is stackable.

    OPTIONS

    commit:dthresh = BYTES

    Synchronize file data each time the specified number of bytes has been written. -

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    Synchronize the file data on the [precious] share after +

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    Synchronize the file data on the [precious] share after every 512 kilobytes (524288 bytes) of data is written:

             [precious]
-	path = /data/precious
-	vfs objects = commit
-	commit:dthresh = 512K
-

    CAVEATS

    On some systems, the data synchronization performed by + path = /data/precious + vfs objects = commit + commit:dthresh = 512K +

    CAVEATS

    On some systems, the data synchronization performed by commit may reduce performance. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_default_quota.8.html b/docs/htmldocs/manpages/vfs_default_quota.8.html index d0560dbf37..e774ec3784 100644 --- a/docs/htmldocs/manpages/vfs_default_quota.8.html +++ b/docs/htmldocs/manpages/vfs_default_quota.8.html @@ -1,5 +1,5 @@ -vfs_default_quota

    Name

    vfs_default_quota — store default quota records for Windows clients

    Synopsis

    vfs objects = default_quota

    DESCRIPTION

    This VFS module is part of the - samba(7) +vfs_default_quota

    Name

    vfs_default_quota — store default quota records for Windows clients

    Synopsis

    vfs objects = default_quota

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    Many common quota implementations only store quotas for users and groups, but do not store a default quota. The vfs_default_quota module allows Samba to store @@ -9,7 +9,7 @@ refuses to update them. vfs_default_quota maps the default quota to the quota record of a user. By default the root user is taken because quota limits for root are typically - not enforced.

    This module is stackable.

    OPTIONS

    default_quota:uid = UID

    UID specifies the user ID of the quota record where the + not enforced.

    This module is stackable.

    OPTIONS

    default_quota:uid = UID

    UID specifies the user ID of the quota record where the default user quota values are stored.

    default_quota:gid = GID

    GID specifies the group ID of the quota record where the default group quota values are stored. @@ -21,15 +21,15 @@ quota record is storing the default group quota will be reported as having a quota of NO_LIMIT. Otherwise, the stored values will be reported. -

    EXAMPLES

    Store the default quota record in the quota record for +

    EXAMPLES

    Store the default quota record in the quota record for the user with ID 65535 and report that user as having no quota limits:

             [global]
-	vfs objects = default_quota
-	default_quota:uid = 65535
-	default_quota:uid nolimit = yes
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = default_quota + default_quota:uid = 65535 + default_quota:uid nolimit = yes +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_extd_audit.8.html b/docs/htmldocs/manpages/vfs_extd_audit.8.html index 9cd78a2e32..5e7598ae95 100644 --- a/docs/htmldocs/manpages/vfs_extd_audit.8.html +++ b/docs/htmldocs/manpages/vfs_extd_audit.8.html @@ -1,14 +1,14 @@ -vfs_extd_audit

    Name

    vfs_extd_audit — record selected Samba VFS operations

    Synopsis

    vfs objects = extd_audit

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The extd_audit VFS module records selected +vfs_extd_audit

    Name

    vfs_extd_audit — record selected Samba VFS operations

    Synopsis

    vfs objects = extd_audit

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The extd_audit VFS module records selected client operations to both the - smbd(8) log and + smbd(8) log and system log (using - syslog(3)).

    Other than logging to the - smbd(8) log, + syslog(3)).

    Other than logging to the + smbd(8) log, vfs_extd_audit is identical to - vfs_audit(8). -

    This module is stackable.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs_audit(8). +

    This module is stackable.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_fake_perms.8.html b/docs/htmldocs/manpages/vfs_fake_perms.8.html index 86d1c74129..3b543052fe 100644 --- a/docs/htmldocs/manpages/vfs_fake_perms.8.html +++ b/docs/htmldocs/manpages/vfs_fake_perms.8.html @@ -1,17 +1,17 @@ -vfs_fake_perms

    Name

    vfs_fake_perms — enable read only Roaming Profiles

    Synopsis

    vfs objects = fake_perms

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_fake_perms VFS module was created +vfs_fake_perms

    Name

    vfs_fake_perms — enable read only Roaming Profiles

    Synopsis

    vfs objects = fake_perms

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_fake_perms VFS module was created to allow Roaming Profile files and directories to be set (on the Samba server under UNIX) as read only. This module will, if installed on the Profiles share, report to the client that the Profile files and directories are writeable. This satisfies the client even though the files will never be overwritten as the client logs out or shuts down. -

    This module is stackable.

    EXAMPLES

    +	
    This module is stackable.

    EXAMPLES

             [Profiles]
-	path = /profiles
-	vfs objects = fake_perms
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /profiles + vfs objects = fake_perms +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_full_audit.8.html b/docs/htmldocs/manpages/vfs_full_audit.8.html index e49baf70ac..d8bf1f229e 100644 --- a/docs/htmldocs/manpages/vfs_full_audit.8.html +++ b/docs/htmldocs/manpages/vfs_full_audit.8.html @@ -1,7 +1,7 @@ -vfs_full_audit

    Name

    vfs_full_audit — record Samba VFS operations in the system log

    Synopsis

    vfs objects = full_audit

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_full_audit VFS module records selected +vfs_full_audit

    Name

    vfs_full_audit — record Samba VFS operations in the system log

    Synopsis

    vfs objects = full_audit

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_full_audit VFS module records selected client operations to the system log using - syslog(3).

    vfs_full_audit is able to record the + syslog(3).

    vfs_full_audit is able to record the complete set of Samba VFS operations:

    aio_cancel
    aio_error
    aio_fsync
    aio_read
    aio_return
    aio_suspend
    aio_write
    chdir
    chflags
    chmod
    chmod_acl
    chown
    close
    closedir
    connect
    disconnect
    disk_free
    fchmod
    fchmod_acl
    fchown
    fget_nt_acl
    fgetxattr
    flistxattr
    fremovexattr
    fset_nt_acl
    fsetxattr
    fstat
    fsync
    ftruncate
    get_nt_acl
    get_quota
    get_shadow_copy_data
    getlock
    getwd
    getxattr
    kernel_flock
    lgetxattr
    link
    linux_setlease
    listxattr
    llistxattr
    lock
    lremovexattr
    lseek
    lsetxattr
    lstat
    mkdir
    mknod
    open
    opendir
    pread
    pwrite
    read
    readdir
    readlink
    realpath
    removexattr
    rename
    rewinddir
    rmdir
    seekdir
    sendfile
    set_nt_acl
    set_quota
    setxattr
    stat
    statvfs
    symlink
    sys_acl_add_perm
    sys_acl_clear_perms
    sys_acl_create_entry
    sys_acl_delete_def_file
    sys_acl_free_acl
    sys_acl_free_qualifier
    sys_acl_free_text
    sys_acl_get_entry
    sys_acl_get_fd
    sys_acl_get_file
    sys_acl_get_perm
    sys_acl_get_permset
    sys_acl_get_qualifier
    sys_acl_get_tag_type
    sys_acl_init
    sys_acl_set_fd
    sys_acl_set_file
    sys_acl_set_permset
    sys_acl_set_qualifier
    sys_acl_set_tag_type
    sys_acl_to_text
    sys_acl_valid
    telldir
    unlink
    utime
    write

    In addition to these operations, vfs_full_audit recognizes the special operation names "all" and "none ", which refer to all @@ -10,9 +10,9 @@ format consisting of fields separated by '|' characters. The format is: 

     		smbd_audit: PREFIX|OPERATION|RESULT|FILE
-

    The record fields are:

    • PREFIX - the result of the full_audit:prefix string after variable substitutions

    • OPERATION - the name of the VFS operation

    • RESULT - whether the operation succeeded or failed

    • FILE - the name of the file or directory the operation was performed on

    This module is stackable.

    OPTIONS

    vfs_full_audit:prefix = STRING

    Prepend audit messages with STRING. STRING is +

    The record fields are:

    • PREFIX - the result of the full_audit:prefix string after variable substitutions

    • OPERATION - the name of the VFS operation

    • RESULT - whether the operation succeeded or failed

    • FILE - the name of the file or directory the operation was performed on

    This module is stackable.

    OPTIONS

    vfs_full_audit:prefix = STRING

    Prepend audit messages with STRING. STRING is processed for standard substitution variables listed in - smb.conf(5). The default + smb.conf(5). The default prefix is "%u|%I".

    vfs_full_audit:success = LIST

    LIST is a list of VFS operations that should be recorded if they succeed. Operations are specified using the names listed above. @@ -20,23 +20,23 @@ recorded if they failed. Operations are specified using the names listed above.

    full_audit:facility = FACILITY

    Log messages to the named - syslog(3) facility. + syslog(3) facility.

    full_audit:priority = PRIORITY

    Log messages with the named - syslog(3) priority. -

    EXAMPLES

    Log file and directory open operations on the [records] + syslog(3) priority. +

    EXAMPLES

    Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address:

             [records]
-	path = /data/records
-	vfs objects = full_audit
-	full_audit:prefix = %u|%I
-	full_audit:success = open opendir
-	full_audit:failure = all
-	full_audit:facility = LOCAL7
-	full_audit:priority = ALERT
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /data/records + vfs objects = full_audit + full_audit:prefix = %u|%I + full_audit:success = open opendir + full_audit:failure = all + full_audit:facility = LOCAL7 + full_audit:priority = ALERT +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_gpfs.8.html b/docs/htmldocs/manpages/vfs_gpfs.8.html index 27aba67d74..6df627dff5 100644 --- a/docs/htmldocs/manpages/vfs_gpfs.8.html +++ b/docs/htmldocs/manpages/vfs_gpfs.8.html @@ -1,5 +1,5 @@ -vfs_gpfs

    Name

    vfs_gpfs — gpfs specific samba extensions like acls and prealloc

    Synopsis

    vfs objects = gpfs

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The gpfs VFS module is the home +vfs_gpfs

    Name

    vfs_gpfs — gpfs specific samba extensions like acls and prealloc

    Synopsis

    vfs objects = gpfs

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The gpfs VFS module is the home for all gpfs extensions that Samba requires for proper integration with GPFS. It uses the GPL library interfaces provided by GPFS.

    Currently the gpfs vfs module provides extensions in following areas : @@ -8,7 +8,7 @@ and hence allows permission stealing via chown. Samba might allow at a later point in time, to restrict the chown via this module as such restrictions are the responsibility of the underlying filesystem than of Samba. -

    This module is stackable.

    OPTIONS

    nfs4:mode = [ simple | special ]

    +

    This module is stackable.

    OPTIONS

    nfs4:mode = [ simple | special ]

    Enable/Disable substitution of special IDs on GPFS. This parameter should not affect the windows users in anyway. It only ensures that Samba sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids ) @@ -19,17 +19,17 @@

    Following is the behaviour of Samba for different values :

    • dontcare (default) - copy the ACEs as they come

    • reject - stop operation and exit with error on ACL set op

    • ignore - don't include the second matching ACE

    • merge - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE

    nfs4:chown = [yes|no]

    This parameter allows enabling or disabling the chown supported by the underlying filesystem. This parameter should be enabled with care as it might leave your system insecure.

    Some filesystems allow chown as a) giving b) stealing. It is the latter - that is considered a risk.

    Following is the behaviour of Samba for different values :

    • yes - Enable chown if as supported by the under filesystem

    • no (default) - Disable chown

    EXAMPLES

    A GPFS mount can be exported via Samba as follows :

    +		that is considered a risk.
    Following is the behaviour of Samba for different values : 
    • yes - Enable chown if as supported by the under filesystem
    • no (default) - Disable chown

    EXAMPLES

    A GPFS mount can be exported via Samba as follows :

             [samba_gpfs_share]
-	vfs objects = gpfs
-	path = /test/gpfs_mount
-	nfs4: mode = special
-	nfs4: acedup = merge
-

    CAVEATS

    The gpfs gpl libraries are required by gpfs VFS + vfs objects = gpfs + path = /test/gpfs_mount + nfs4: mode = special + nfs4: acedup = merge +

    CAVEATS

    The gpfs gpl libraries are required by gpfs VFS module during both compilation and runtime. Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4 -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The GPFS VFS module was created with contributions from diff --git a/docs/htmldocs/manpages/vfs_netatalk.8.html b/docs/htmldocs/manpages/vfs_netatalk.8.html index 99bfec138c..f25209272c 100644 --- a/docs/htmldocs/manpages/vfs_netatalk.8.html +++ b/docs/htmldocs/manpages/vfs_netatalk.8.html @@ -1,15 +1,15 @@ -vfs_netatalk

    Name

    vfs_netatalk — hide .AppleDouble files from CIFS clients

    Synopsis

    vfs objects = netatalk

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_netatalk VFS module dynamically +vfs_netatalk

    Name

    vfs_netatalk — hide .AppleDouble files from CIFS clients

    Synopsis

    vfs objects = netatalk

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_netatalk VFS module dynamically hides .AppleDouble files, preventing spurious errors on some CIFS clients. .AppleDouble files may be created by historic - implementations of AFP (Apple Filing Protocol) on servers.

    This module is stackable.

    EXAMPLES

    Hide .AppleDouble files on the [data] share:

    +	implementations of AFP (Apple Filing Protocol) on servers. 
    This module is stackable.

    EXAMPLES

    Hide .AppleDouble files on the [data] share:

             [data]
-	vfs objects = netatalk
-

    CAVEATS

    This module is largely historic and unlikely to be of use + vfs objects = netatalk +

    CAVEATS

    This module is largely historic and unlikely to be of use in modern networks since current Apple systems are able to mount CIFS shares natively. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_notify_fam.8.html b/docs/htmldocs/manpages/vfs_notify_fam.8.html index 67ee47ea70..cd5051af4a 100644 --- a/docs/htmldocs/manpages/vfs_notify_fam.8.html +++ b/docs/htmldocs/manpages/vfs_notify_fam.8.html @@ -1,12 +1,12 @@ -vfs_notify_fam

    Name

    vfs_notify_fam — FAM support for file change notifications

    Synopsis

    vfs objects = notify_fam

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_notify_fam module makes use of +vfs_notify_fam

    Name

    vfs_notify_fam — FAM support for file change notifications

    Synopsis

    vfs objects = notify_fam

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_notify_fam module makes use of the system FAM (File Alteration Monitor) daemon to implement file change notifications for Windows clients. FAM is generally - present only on IRIX and some BSD systems.

    This module is not stackable.

    EXAMPLES

    Support FAM notifications globally:

    +	present only on IRIX and some BSD systems.
    This module is not stackable.

    EXAMPLES

    Support FAM notifications globally:

             [global]
-	vfs objects = notify_fam
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = notify_fam +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_prealloc.8.html b/docs/htmldocs/manpages/vfs_prealloc.8.html index fde6653a66..53cd95eabb 100644 --- a/docs/htmldocs/manpages/vfs_prealloc.8.html +++ b/docs/htmldocs/manpages/vfs_prealloc.8.html @@ -1,22 +1,22 @@ -vfs_prealloc

    Name

    vfs_prealloc — preallocate matching files to a predetermined size

    Synopsis

    vfs objects = prealloc

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_prealloc VFS module preallocates +vfs_prealloc

    Name

    vfs_prealloc — preallocate matching files to a predetermined size

    Synopsis

    vfs objects = prealloc

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_prealloc VFS module preallocates files to a specified size each time a new file is created. This is useful in environments where files are of a predetermined size will be written to a disk subsystem where extending file - allocations is expensive.

    This module is stackable.

    OPTIONS

    prealloc:EXT = BYTES

    Preallocate all files with the extension EXT to + allocations is expensive.

    This module is stackable.

    OPTIONS

    prealloc:EXT = BYTES

    Preallocate all files with the extension EXT to the size specified by BYTES. -

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    A process writes TIFF files to a Samba share, and the +

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    A process writes TIFF files to a Samba share, and the is known these files will almost always be around 4 megabytes (4194304 bytes): 

             [frames]
-	path = /data/frames
-	vfs objects = prealloc
-	prealloc:tiff = 4M
-

    CAVEATS

    vfs_prealloc is not supported on all + path = /data/frames + vfs objects = prealloc + prealloc:tiff = 4M +

    CAVEATS

    vfs_prealloc is not supported on all platforms and filesystems. Currently only XFS filesystems on Linux and IRIX are supported. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_readahead.8.html b/docs/htmldocs/manpages/vfs_readahead.8.html index bb61e8ad07..10a9ef2e2a 100644 --- a/docs/htmldocs/manpages/vfs_readahead.8.html +++ b/docs/htmldocs/manpages/vfs_readahead.8.html @@ -1,5 +1,5 @@ -vfs_readahead

    Name

    vfs_readahead — pre-load the kernel buffer cache

    Synopsis

    vfs objects = readahead

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    This vfs_readahead VFS module detects +vfs_readahead

    Name

    vfs_readahead — pre-load the kernel buffer cache

    Synopsis

    vfs objects = readahead

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    This vfs_readahead VFS module detects read requests at multiples of a given offset (hex 0x80000 by default) and then tells the kernel via either the readahead system call (on Linux) or the posix_fadvise system call to @@ -12,14 +12,14 @@ readahead:length option. By default this is set to the same value as the readahead:offset option and if not set explicitly will use the current value of - readahead:offset.

    This module is stackable.

    OPTIONS

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    readahead:offset = BYTES

    The offset multiple that causes readahead to be + readahead:offset.

    This module is stackable.

    OPTIONS

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    readahead:offset = BYTES

    The offset multiple that causes readahead to be requested of the kernel buffer cache.

    readahead:length = BYTES

    The number of bytes requested to be read into the kernel buffer cache on each - readahead call.

    EXAMPLES

    +		readahead call.

    EXAMPLES

     	[hypothetical]
-	vfs objects = readahead
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = readahead +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_readonly.8.html b/docs/htmldocs/manpages/vfs_readonly.8.html index 7f8ed6b3db..bc3c2f65b5 100644 --- a/docs/htmldocs/manpages/vfs_readonly.8.html +++ b/docs/htmldocs/manpages/vfs_readonly.8.html @@ -1,24 +1,24 @@ -vfs_readonly

    Name

    vfs_readonly — make a Samba share read only for a specified time period

    Synopsis

    vfs objects = readonly

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_readonly VFS module marks a share +vfs_readonly

    Name

    vfs_readonly — make a Samba share read only for a specified time period

    Synopsis

    vfs objects = readonly

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_readonly VFS module marks a share as read only for all clients connecting within the configured time period. Clients connecting during this time will be denied write access to all files in the share, irrespective of ther - actual access privileges.

    This module is stackable.

    OPTIONS

    readonly:period = BEGIN, END

    Only mark the share as read only if the client + actual access privileges.

    This module is stackable.

    OPTIONS

    readonly:period = BEGIN, END

    Only mark the share as read only if the client connection was made between the times marked by the BEGIN and END date specifiers. The syntax of these date specifiers is the same as that accepted by the -d option of GNU - date(1). -

    EXAMPLES

    Mark all shares read only:

    +		date(1).
+

    EXAMPLES

    Mark all shares read only:

             [global]
-	vfs objects = readonly
+	vfs objects = readonly

    Mark the [backup] share as read only during business hours:

             [backup]
-	path = /readonly
-	vfs objects = readonly
-	readonly:period = readonly:period = "today 9:00","today 17:00"
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /readonly + vfs objects = readonly + readonly:period = readonly:period = "today 9:00","today 17:00" +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_recycle.8.html b/docs/htmldocs/manpages/vfs_recycle.8.html index 4d3901b43a..1c295c449b 100644 --- a/docs/htmldocs/manpages/vfs_recycle.8.html +++ b/docs/htmldocs/manpages/vfs_recycle.8.html @@ -1,5 +1,5 @@ -vfs_recycle

    Name

    vfs_recycle — Samba VFS recycle bin

    Synopsis

    vfs objects = recycle

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_recycle intercepts file deletion +vfs_recycle

    Name

    vfs_recycle — Samba VFS recycle bin

    Synopsis

    vfs objects = recycle

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_recycle intercepts file deletion requests and moves the affected files to a temporary repository rather than deleting them immediately. This gives the same effect as the Recycle Bin on Windows computers.

    The Recycle Bin will not appear in Windows Explorer @@ -10,7 +10,7 @@ of the created directory depends on recycle:repository. Users can recover files from the recycle bin. If the recycle:keeptree option has been specified, deleted files will be found in a path - identical with that from which the file was deleted.

    This module is stackable.

    OPTIONS

    recycle:repository = PATH

    Path of the directory where deleted files should be moved. + identical with that from which the file was deleted.

    This module is stackable.

    OPTIONS

    recycle:repository = PATH

    Path of the directory where deleted files should be moved.

    If this option is not set, the default path .recycle is used.

    recycle:directory_mode = MODE

    Set MODE to the octal mode the recycle repository should be created with. The recycle repository will be @@ -47,14 +47,14 @@

    recycle:noversions = LIST

    Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning should be used. Only useful when recycle:versions is enabled. -

    EXAMPLES

    Log operations on all shares using the LOCAL1 facility +

    EXAMPLES

    Log operations on all shares using the LOCAL1 facility and NOTICE priority:

             [global]
-	vfs objects = recycle
-	recycle:facility = LOCAL1
-	recycle:priority = NOTICE
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = recycle + recycle:facility = LOCAL1 + recycle:priority = NOTICE +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_shadow_copy.8.html b/docs/htmldocs/manpages/vfs_shadow_copy.8.html index 463787db98..5b9bdf61c1 100644 --- a/docs/htmldocs/manpages/vfs_shadow_copy.8.html +++ b/docs/htmldocs/manpages/vfs_shadow_copy.8.html @@ -1,9 +1,9 @@ -vfs_shadow_copy

    Name

    vfs_shadow_copy — Make a Samba share read only for a specified time period

    Synopsis

    vfs objects = shadow_copy

    DESCRIPTION

    This VFS module is part of the - samba(7) suite.

    The vfs_shadow_copy VFS module functionality +vfs_shadow_copy

    Name

    vfs_shadow_copy — Make a Samba share read only for a specified time period

    Synopsis

    vfs objects = shadow_copy

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_shadow_copy VFS module functionality that is similar to Microsoft Shadow Copy services. When setup properly, this module allows Microsoft Shadow Copy clients to browse "shadow copies" on Samba shares. -

    This module is stackable.

    CONFIGURATION

    vfs_shadow_copy relies on a filesystem +

    This module is stackable.

    CONFIGURATION

    vfs_shadow_copy relies on a filesystem snapshot implementation. Many common filesystems have native support for this.

    Filesystem snapshots must be mounted on @@ -13,20 +13,20 @@ where:

    • YYYY is the 4 digit year

    • MM is the 2 digit month

    • DD is the 2 digit day

    • hh is the 2 digit hour

    • mm is the 2 digit minute

    • ss is the 2 digit second.

    The vfs_shadow_copy snapshot naming convention can be produced with the following - date(1) command: + date(1) command: 

     	TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S
-

    EXAMPLES

    Add shadow copy support to user home directories:

    +

    EXAMPLES

    Add shadow copy support to user home directories:

             [homes]
-	vfs objects = shadow_copy
-

    CAVEATS

    This is not a backup, archival, or version control solution. + vfs objects = shadow_copy +

    CAVEATS

    This is not a backup, archival, or version control solution.

    With Samba or Windows servers, vfs_shadow_copy is designed to be an end-user tool only. It does not replace or enhance your backup and archival solutions and should in no way be considered as such. Additionally, if you need version control, implement a - version control system.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + version control system.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_xattr_tdb.8.html b/docs/htmldocs/manpages/vfs_xattr_tdb.8.html new file mode 100644 index 0000000000..923f4973ae --- /dev/null +++ b/docs/htmldocs/manpages/vfs_xattr_tdb.8.html @@ -0,0 +1,12 @@ +vfs_xattr_tdb

    Name

    vfs_xattr_tdb — Save Extended Attributes (EAs) in a tdb file

    Synopsis

    vfs objects = xattr_tdb

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_xattr_tdb VFS module stores + Extended Attributes (EAs) in a tdb file. + This enables the usage of Extended Attributes on OS and + filesystems which do not support Extended Attributes + by themselves. +

    This module is stackable.

    OPTIONS

    xattr_tdb:file = PATH

    Name of the tdb file the EAs are stored in. + If this option is not set, the default filename + xattr.tdb is used.

    AUTHOR

    The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfstest.1.html b/docs/htmldocs/manpages/vfstest.1.html index bcd1b802e8..53ceaa80a7 100644 --- a/docs/htmldocs/manpages/vfstest.1.html +++ b/docs/htmldocs/manpages/vfstest.1.html @@ -1,8 +1,8 @@ -vfstest

    Name

    vfstest — tool for testing samba VFS modules

    Synopsis

    vfstest [-d debuglevel] [-c command] [-l logdir] [-h]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    vfstest is a small command line +vfstest

    Name

    vfstest — tool for testing samba VFS modules

    Synopsis

    vfstest [-d debuglevel] [-c command] [-l logdir] [-h]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    vfstest is a small command line utility that has the ability to test dso samba VFS modules. It gives the user the ability to call the various VFS functions manually and supports cascaded VFS modules. -

    OPTIONS

    -c|--command=command

    Execute the specified (colon-separated) commands. +

    OPTIONS

    -c|--command=command

    Execute the specified (colon-separated) commands. See below for the commands that are available.

    -h|--help

    Print a summary of command line options.

    -l|--logfile=logbasename

    File name for log/debug files. The extension @@ -20,7 +20,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -32,10 +32,10 @@ The default configuration file name is determined at compile time.

    -l|--log-basename=logdirectory

    Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. -

    COMMANDS

    VFS COMMANDS

    • load <module.so> - Load specified VFS module

    • populate <char> <size> - Populate a data buffer with the specified data +

    COMMANDS

    VFS COMMANDS

    • load <module.so> - Load specified VFS module

    • populate <char> <size> - Populate a data buffer with the specified data

    • showdata [<offset> <len>] - Show data currently in data buffer -

    • connect - VFS connect()

    • disconnect - VFS disconnect()

    • disk_free - VFS disk_free()

    • opendir - VFS opendir()

    • readdir - VFS readdir()

    • mkdir - VFS mkdir()

    • rmdir - VFS rmdir()

    • closedir - VFS closedir()

    • open - VFS open()

    • close - VFS close()

    • read - VFS read()

    • write - VFS write()

    • lseek - VFS lseek()

    • rename - VFS rename()

    • fsync - VFS fsync()

    • stat - VFS stat()

    • fstat - VFS fstat()

    • lstat - VFS lstat()

    • unlink - VFS unlink()

    • chmod - VFS chmod()

    • fchmod - VFS fchmod()

    • chown - VFS chown()

    • fchown - VFS fchown()

    • chdir - VFS chdir()

    • getwd - VFS getwd()

    • utime - VFS utime()

    • ftruncate - VFS ftruncate()

    • lock - VFS lock()

    • symlink - VFS symlink()

    • readlink - VFS readlink()

    • link - VFS link()

    • mknod - VFS mknod()

    • realpath - VFS realpath()

    GENERAL COMMANDS

    • conf <smb.conf> - Load a different configuration file

    • help [<command>] - Get list of commands or info about specified command

    • debuglevel <level> - Set debug level

    • freemem - Free memory currently in use

    • exit - Exit vfstest

    VERSION

    This man page is correct for version 3.0 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

  • connect - VFS connect()

  • disconnect - VFS disconnect()

  • disk_free - VFS disk_free()

  • opendir - VFS opendir()

  • readdir - VFS readdir()

  • mkdir - VFS mkdir()

  • rmdir - VFS rmdir()

  • closedir - VFS closedir()

  • open - VFS open()

  • close - VFS close()

  • read - VFS read()

  • write - VFS write()

  • lseek - VFS lseek()

  • rename - VFS rename()

  • fsync - VFS fsync()

  • stat - VFS stat()

  • fstat - VFS fstat()

  • lstat - VFS lstat()

  • unlink - VFS unlink()

  • chmod - VFS chmod()

  • fchmod - VFS fchmod()

  • chown - VFS chown()

  • fchown - VFS fchown()

  • chdir - VFS chdir()

  • getwd - VFS getwd()

  • utime - VFS utime()

  • ftruncate - VFS ftruncate()

  • lock - VFS lock()

  • symlink - VFS symlink()

  • readlink - VFS readlink()

  • link - VFS link()

  • mknod - VFS mknod()

  • realpath - VFS realpath()

    • GENERAL COMMANDS

    • conf <smb.conf> - Load a different configuration file

    • help [<command>] - Get list of commands or info about specified command

    • debuglevel <level> - Set debug level

    • freemem - Free memory currently in use

    • exit - Exit vfstest

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The vfstest man page was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/wbinfo.1.html b/docs/htmldocs/manpages/wbinfo.1.html index 41fba35576..d210835a0a 100644 --- a/docs/htmldocs/manpages/wbinfo.1.html +++ b/docs/htmldocs/manpages/wbinfo.1.html @@ -1,11 +1,11 @@ -wbinfo

    Name

    wbinfo — Query information from winbind daemon

    Synopsis

    wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-D domain] [--domain domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [-Y sid]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The wbinfo program queries and returns information - created and used by the winbindd(8) daemon.

    The winbindd(8) daemon must be configured +wbinfo

    Name

    wbinfo — Query information from winbind daemon

    Synopsis

    wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-D domain] [--domain domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [-Y sid] [--verbose]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The wbinfo program queries and returns information + created and used by the winbindd(8) daemon.

    The winbindd(8) daemon must be configured and running for the wbinfo program to be able - to return information.

    OPTIONS

    -a|--authenticate username%password

    Attempt to authenticate a user via winbindd. + to return information.

    OPTIONS

    -a|--authenticate username%password

    Attempt to authenticate a user via winbindd. This checks both authenticaion methods and reports its results.

    Note

    Do not be tempted to use this functionality for authentication in third-party - applications. Instead use ntlm_auth(1).

    --allocate-gid

    Get a new GID out of idmap + applications. Instead use ntlm_auth(1).

    --allocate-gid

    Get a new GID out of idmap

    --allocate-uid

    Get a new UID out of idmap

    --all-domains

    List all domains (trusted and own domain). @@ -16,10 +16,10 @@ -u, and -g options honor this parameter.

    -D|--domain-info domain

    Show most of the info we have about the domain.

    -g|--domain-groups

    This option will list all groups available - in the Windows NT domain for which the samba(7) daemon is operating in. Groups in all trusted domains + in the Windows NT domain for which the samba(7) daemon is operating in. Groups in all trusted domains will also be listed. Note that this operation does not assign group ids to any groups that have not already been - seen by winbindd(8).

    --get-auth-user

    Print username and password used by winbindd + seen by winbindd(8).

    --get-auth-user

    Print username and password used by winbindd during session setup to a domain controller. Username and password can be set using --set-auth-user. Only available for root.

    --getdcname domain

    Get the DC name for the specified domain. @@ -27,23 +27,23 @@ NT SID. If the gid specified does not refer to one within the idmap gid range then the operation will fail.

    -i|--user-info user

    Get user info.

    -I|--WINS-by-ip ip

    The -I option - queries winbindd(8) to send a node status + queries winbindd(8) to send a node status request to get the NetBIOS name associated with the IP address specified by the ip parameter.

    -K|--krb5auth username%password

    Attempt to authenticate a user via Kerberos.

    -m|--trusted-domains

    Produce a list of domains trusted by the - Windows NT server winbindd(8) contacts + Windows NT server winbindd(8) contacts when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for.

    -n|--name-to-sid name

    The -n option - queries winbindd(8) for the SID + queries winbindd(8) for the SID associated with the name specified. Domain names can be specified before the user name by using the winbind separator character. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1. If no domain is specified then the - domain used is the one specified in the smb.conf(5) workgroup + domain used is the one specified in the smb.conf(5) workgroup parameter.

    -N|--WINS-by-name name

    The -N option - queries winbindd(8) to query the WINS + queries winbindd(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the name parameter.

    --own-domain

    List own domain. @@ -64,25 +64,28 @@ Anonymous turned on (a.k.a. Permissions compatible with Windows 2000 servers only).

    -S|--sid-to-uid sid

    Convert a SID to a UNIX user id. If the SID - does not correspond to a UNIX user mapped by winbindd(8) then the operation will fail.

    -t|--check-secret

    Verify that the workstation trust account + does not correspond to a UNIX user mapped by winbindd(8) then the operation will fail.

    -t|--check-secret

    Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working.

    -u|--domain-users

    This option will list all users available - in the Windows NT domain for which the winbindd(8) daemon is operating in. Users in all trusted domains + in the Windows NT domain for which the winbindd(8) daemon is operating in. Users in all trusted domains will also be listed. Note that this operation does not assign - user ids to any users that have not already been seen by winbindd(8) + user ids to any users that have not already been seen by winbindd(8) .

    --uid-info UID

    Get user info for the user conencted to user id UID.

    --user-domgroups SID

    Get user domain groups.

    --user-sids SID

    Get user group SIDs for user.

    -U|--uid-to-sid uid

    Try to convert a UNIX user id to a Windows NT SID. If the uid specified does not refer to one within - the idmap uid range then the operation will fail.

    -Y|--sid-to-gid sid

    Convert a SID to a UNIX group id. If the SID - does not correspond to a UNIX group mapped by winbindd(8) then + the idmap uid range then the operation will fail.

    --verbose

    + Print additional information about the query + results. +

    -Y|--sid-to-gid sid

    Convert a SID to a UNIX group id. If the SID + does not correspond to a UNIX group mapped by winbindd(8) then the operation will fail.

    -V

    Prints the program version number.

    -h|--help

    Print a summary of command line options. -

    EXIT STATUS

    The wbinfo program returns 0 if the operation - succeeded, or 1 if the operation failed. If the winbindd(8) daemon is not working wbinfo will always return - failure.

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    winbindd(8) and ntlm_auth(1)

    AUTHOR

    The original Samba software and related utilities +

    EXIT STATUS

    The wbinfo program returns 0 if the operation + succeeded, or 1 if the operation failed. If the winbindd(8) daemon is not working wbinfo will always return + failure.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    winbindd(8) and ntlm_auth(1)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    wbinfo and winbindd diff --git a/docs/htmldocs/manpages/winbindd.8.html b/docs/htmldocs/manpages/winbindd.8.html index b1143c93b5..77efc01956 100644 --- a/docs/htmldocs/manpages/winbindd.8.html +++ b/docs/htmldocs/manpages/winbindd.8.html @@ -1,13 +1,13 @@ -winbindd

    Name

    winbindd — Name Service Switch daemon for resolving names - from NT servers

    Synopsis

    winbindd [-D] [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]

    DESCRIPTION

    This program is part of the samba(7) suite.

    winbindd is a daemon that provides +winbindd

    Name

    winbindd — Name Service Switch daemon for resolving names + from NT servers

    Synopsis

    winbindd [-D] [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]

    DESCRIPTION

    This program is part of the samba(7) suite.

    winbindd is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself.

    Even if winbind is not used for nsswitch, it still provides a service to smbd, ntlm_auth and the pam_winbind.so PAM module, by managing connections to domain controllers. In this configuraiton the - idmap uid and - idmap gid + idmap uid and + idmap gid parameters are not required. (This is known as `netlogon proxy only mode'.)

    The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS. The exact behaviour can be configured @@ -57,7 +57,7 @@ hosts: files dns winbind resolve hostnames from /etc/hosts and then from the WINS server.

     hosts:		files wins
-

    OPTIONS

    -F

    If specified, this parameter causes +

    OPTIONS

    -F

    If specified, this parameter causes the main winbindd process to not daemonize, i.e. double-fork and disassociate with the terminal. Child processes are still created as normal to service @@ -81,7 +81,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -110,7 +110,7 @@ log.smbd, etc...). The log file is never removed by the client. as a single process (the mode of operation in Samba 2.2). Winbindd's default behavior is to launch a child process that is responsible for updating expired cache entries. -

    NAME AND ID RESOLUTION

    Users and groups on a Windows NT server are assigned +

    NAME AND ID RESOLUTION

    Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user @@ -124,26 +124,26 @@ log.smbd, etc...). The log file is never removed by the client. where the user and group mappings are stored by winbindd. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user - and group rids.

    See the or the old parameters in + and group rids.

    See the idmap domains or the old idmap backend parameters in smb.conf for options for sharing this - database, such as via LDAP.

    CONFIGURATION

    Configuration of the winbindd daemon - is done through configuration parameters in the smb.conf(5) file. All parameters should be specified in the + database, such as via LDAP.

    CONFIGURATION

    Configuration of the winbindd daemon + is done through configuration parameters in the smb.conf(5) file. All parameters should be specified in the [global] section of smb.conf.

    EXAMPLE SETUP

    +

    EXAMPLE SETUP

    To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup. This was tested on an early Red Hat Linux box. @@ -176,7 +176,7 @@ auth required /lib/security/pam_unix.so \ made from /lib/libnss_winbind.so to /lib/libnss_winbind.so.2. If you are using an older version of glibc then the target of the link should be - /lib/libnss_winbind.so.1.

    Finally, setup a smb.conf(5) containing directives like the + /lib/libnss_winbind.so.1.

    Finally, setup a smb.conf(5) containing directives like the following: 

     [global]
@@ -194,23 +194,23 @@ auth  required    /lib/security/pam_unix.so \
 	and that you can login to your unix box as a domain user, using
 	the DOMAIN+user syntax for the username. You may wish to use the
 	commands getent passwd and getent group
-	 to confirm the correct operation of winbindd.

    NOTES

    The following notes are useful when configuring and - running winbindd:

    nmbd(8) must be running on the local machine + to confirm the correct operation of winbindd.

    NOTES

    The following notes are useful when configuring and + running winbindd:

    nmbd(8) must be running on the local machine for winbindd to work.

    PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system.

    If more than one UNIX machine is running winbindd, then in general the user and groups ids allocated by winbindd will not be the same. The user and group ids will only be valid for the local - machine, unless a shared is configured.

    If the the Windows NT SID to UNIX user and group id mapping - file is damaged or destroyed then the mappings will be lost.

    SIGNALS

    The following signals can be used to manipulate the - winbindd daemon.

    SIGHUP

    Reload the smb.conf(5) file and + machine, unless a shared idmap backend is configured.

    If the the Windows NT SID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost.

    SIGNALS

    The following signals can be used to manipulate the + winbindd daemon.

    SIGHUP

    Reload the smb.conf(5) file and apply any parameter changes to the running version of winbindd. This signal also clears any cached user and group information. The list of other domains trusted by winbindd is also reloaded.

    SIGUSR2

    The SIGUSR2 signal will cause winbindd to write status information to the winbind log file.

    Log files are stored in the filename specified by the - log file parameter.

    FILES

    /etc/nsswitch.conf(5)

    Name service switch configuration file.

    /tmp/.winbindd/pipe

    The UNIX pipe over which clients communicate with + log file parameter.

    FILES

    /etc/nsswitch.conf(5)

    Name service switch configuration file.

    /tmp/.winbindd/pipe

    The UNIX pipe over which clients communicate with the winbindd program. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the /tmp/.winbindd directory @@ -231,8 +231,8 @@ auth required /lib/security/pam_unix.so \ compiled using the --with-lockdir option. This directory is by default /usr/local/samba/var/locks .

    $LOCKDIR/winbindd_cache.tdb

    Storage for cached user and group information. -

    VERSION

    This man page is correct for version 3.0 of - the Samba suite.

    SEE ALSO

    nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    wbinfo and winbindd were -- cgit v1.2.3