idmap_hash

Date: Mon, 6 Jul 2009 18:17:09 +0000 Subject: merge upstream 3.4.0 git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@2936 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/manpages/eventlogadm.8.html | 23 +- docs/htmldocs/manpages/idmap_hash.8.html | 12 +- docs/htmldocs/manpages/idmap_rid.8.html | 39 +- docs/htmldocs/manpages/ldbdel.1.html | 6 +- docs/htmldocs/manpages/net.8.html | 225 +-- docs/htmldocs/manpages/nmbd.8.html | 10 +- docs/htmldocs/manpages/samba.7.html | 14 +- docs/htmldocs/manpages/sharesec.1.html | 4 +- docs/htmldocs/manpages/smb.conf.5.html | 1619 ++++++++++---------- docs/htmldocs/manpages/smbcacls.1.html | 2 +- docs/htmldocs/manpages/smbcquotas.1.html | 4 +- docs/htmldocs/manpages/smbd.8.html | 20 +- docs/htmldocs/manpages/smbget.1.html | 12 +- docs/htmldocs/manpages/smbtar.1.html | 12 +- docs/htmldocs/manpages/swat.8.html | 6 +- .../manpages/vfs_smb_traffic_analyzer.8.html | 10 +- docs/htmldocs/manpages/wbinfo.1.html | 61 +- 17 files changed, 1107 insertions(+), 972 deletions(-) (limited to 'docs/htmldocs/manpages') diff --git a/docs/htmldocs/manpages/eventlogadm.8.html b/docs/htmldocs/manpages/eventlogadm.8.html index 66d3097908..8d677f4055 100644 --- a/docs/htmldocs/manpages/eventlogadm.8.html +++ b/docs/htmldocs/manpages/eventlogadm.8.html @@ -6,10 +6,14 @@

eventlogadm [-d] [-h] -o write EVENTLOG -

DESCRIPTION

This tool is part of the samba(1) suite.

eventlogadm is a filter that accepts +

eventlogadm [-d] [-h] -o + dump + EVENTLOG + RECORD_NUMBER +

DESCRIPTION

This tool is part of the samba(1) suite.

eventlogadm is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store. Windows client can then manipulate - these record using the usual administration tools.

OPTIONS

-d: + these record using the usual administration tools.

OPTIONS

-d: The -d option causes eventlogadm to emit debugging information.
@@ -29,9 +33,18 @@ The -o write reads event log records from standard input and writes them to the Samba event log store named by EVENTLOG. +
+ -o + write + EVENTLOG + RECORD_NUMBER +: + The -o dump reads event log + records from a EVENTLOG tdb and dumps them to standard + output on screen.
-h: Print usage information. -

EVENTLOG RECORD FORMAT

For the write operation, eventlogadm +

EVENTLOG RECORD FORMAT

For the write operation, eventlogadm expects to be able to read structured records from standard input. These records are a sequence of lines, with the record key and data separated by a colon character. Records are separated @@ -80,7 +93,7 @@ eventlog. There may be more than one string in a record.

DAT - This field should be left unset. -

EXAMPLES

An example of the record format accepted by eventlogadm:

EXAMPLES

An example of the record format accepted by eventlogadm:

 	LEN: 0
 	RS1: 1699505740
 	RCN: 0
@@ -103,7 +116,7 @@
 	tail -f /var/log/messages | \\
 		my_program_to_parse_into_eventlog_records | \\
 	      	eventlogadm SystemLogEvents
-

VERSION

This man page is correct for version 3.0.25 of the Samba suite.

AUTHOR

The original Samba software and related utilities were +

VERSION

This man page is correct for version 3.0.25 of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

diff --git a/docs/htmldocs/manpages/idmap_hash.8.html b/docs/htmldocs/manpages/idmap_hash.8.html index 82870d8fe8..166c0ef4d4 100644 --- a/docs/htmldocs/manpages/idmap_hash.8.html +++ b/docs/htmldocs/manpages/idmap_hash.8.html @@ -1,16 +1,16 @@ -idmap_hash

Name

idmap_hash — Samba's idmap_hash Backend for Winbind

DESCRIPTION

The idmap_hash plugin implements a hashing algorithm used - map SIDs for domain users and groups to a 31-bit uid and gid. +idmap_hash

Name

idmap_hash — Samba's idmap_hash Backend for Winbind

DESCRIPTION

The idmap_hash plugin implements a hashing algorithm used to map + SIDs for domain users and groups to 31-bit uids and gids, respectively. This plugin also implements the nss_info API and can be used to support a local name mapping files if enabled via the - "winbind normlaize names" and "winbind nss info" + "winbind normalize names" and "winbind nss info" parameters in smb.conf. -

IDMAP OPTIONS

name_map: +

IDMAP OPTIONS

name_map: Specifies the absolute path to the name mapping file used by the nss_info API. Entries in the file are of the form "unix name = qualified domain name". Mapping of both user and group names is supported. -

EXAMPLES

The following example utilizes the idmap_hash plugin for +

EXAMPLES

The following example utilizes the idmap_hash plugin for the idmap and nss_info information.

 	[global]
@@ -21,7 +21,7 @@
 	winbind nss info = hash
 	winbind normalize names = yes
 	idmap_hash:name_map = /etc/samba/name_map.cfg
-

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_rid.8.html b/docs/htmldocs/manpages/idmap_rid.8.html index 6115cc584b..13df0c99db 100644 --- a/docs/htmldocs/manpages/idmap_rid.8.html +++ b/docs/htmldocs/manpages/idmap_rid.8.html @@ -8,22 +8,47 @@ It is intended as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.

base_rid = INTEGER

- Defines the base integer used to build SIDs out of an UID or a GID, - and to rebase the UID or GID to be obtained from a SID. User RIDs - by default start at 1000 (512 hexadecimal), this means a good value - for base_rid can be 1000 as the resulting ID is calculated this way: - ID = RID - BASE_RID + LOW RANGE ID. + Defines the base integer used to build SIDs out of a UID or a GID, + and to rebase the UID or GID to be obtained from a SID. + This means SIDs with a RID less than the base rid are filtered. + The default is not to restrict the allowed rids at all, + i.e. a base_rid value of 0. + A good value for the base_rid can be 1000, since user + RIDs by default start at 1000 (512 hexadecimal).

Use of this parameter is deprecated. -

EXAMPLES

This example shows how to configure a domain with idmap_rid

THE MAPPING FORMULAS

+ The Unix ID for a RID is calculated this way: +

+			ID = RID - BASE_RID + LOW_RANGE_ID.
+

+ Correspondingly, the formula for calculating the RID for a + given Unix ID is this: +

+			RID = ID + BASE_RID - LOW_RANGE_ID.
+

EXAMPLES

+ This example shows how to configure two domains with idmap_rid, + the principal domain and a trusted domain, leaving the default + id mapping scheme at tdb. The example also demonstrates the use + of the base_rid parameter for the trusted domain. +

 	[global]
+	security = domain
+	workgroup = MAIN
+
 	idmap backend = tdb
 	idmap uid = 1000000-1999999
 	idmap gid = 1000000-1999999
 
+	idmap config MAIN : backend     = rid
+	idmap config MAIN : range       = 10000 - 49999
+
 	idmap config TRUSTED : backend  = rid
 	idmap config TRUSTED : range    = 50000 - 99999
-

AUTHOR

+ idmap config TRUSTED : base_rid = 1000 +

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/ldbdel.1.html b/docs/htmldocs/manpages/ldbdel.1.html index a69ef89f59..98e6de3bbb 100644 --- a/docs/htmldocs/manpages/ldbdel.1.html +++ b/docs/htmldocs/manpages/ldbdel.1.html @@ -1,12 +1,12 @@ -ldbdel

Name

ldbdel — Command-line program for deleting LDB records

Synopsis

ldbdel [-h] [-H LDB-URL] [dn] [...]

DESCRIPTION

ldbdel deletes records from an ldb(7) database. +ldbdel

Name

ldbdel — Command-line program for deleting LDB records

Synopsis

ldbdel [-h] [-H LDB-URL] [dn] [...]

DESCRIPTION

ldbdel deletes records from an ldb(7) database. It deletes the records identified by the dn's specified on the command-line.

ldbdel uses either the database that is specified with the -H option or the database specified by the LDB_URL environment variable.

OPTIONS

-h: Show list of available options.
-H <ldb-url>: LDB URL to connect to. See ldb(7) for details. -

ENVIRONMENT

LDB_URL: LDB URL to connect to (can be overrided by using the - -H command-line option.)

VERSION

This man page is correct for version 4.0 of the Samba suite.

AUTHOR

ldb was written by +

ENVIRONMENT

LDB_URL: LDB URL to connect to (can be overrided by using the + -H command-line option.)

VERSION

This man page is correct for version 4.0 of the Samba suite.

AUTHOR

ldb was written by Andrew Tridgell.

If you wish to report a problem or make a suggestion then please see diff --git a/docs/htmldocs/manpages/net.8.html b/docs/htmldocs/manpages/net.8.html index 5bd0f779b5..6c521e3904 100644 --- a/docs/htmldocs/manpages/net.8.html +++ b/docs/htmldocs/manpages/net.8.html @@ -57,18 +57,18 @@ investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

Note that specifying this parameter here will override the log level parameter -in the smb.conf file.

COMMANDS

CHANGESECRETPW

This command allows the Samba machine account password to be set from an external application +in the smb.conf file.

COMMANDS

CHANGESECRETPW

This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory. DO NOT USE this command unless you know exactly what you are doing. The use of this command requires that the force flag (-f) be used also. There will be NO command prompt. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning. YOU HAVE BEEN WARNED. -

TIME

The NET TIME command allows you to view the time on a remote server - or synchronise the time on the local server with the time on the remote server.

TIME

Without any options, the NET TIME command +

TIME

The NET TIME command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server.

TIME

Without any options, the NET TIME command displays the time on the remote server.

TIME SYSTEM

Displays the time on the remote server in a format ready for /bin/date.

TIME SET

Tries to set the date and time of the local server to that on -the remote server using /bin/date.

TIME ZONE

Displays the timezone in hours from GMT on the remote computer.

[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

+the remote server using /bin/date.

TIME ZONE

Displays the timezone in hours from GMT on the remote computer.

[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

Join a domain. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically. (Assuming that the machine has been created in server manager) @@ -87,79 +87,79 @@ and ldap, so it may need to be doubled or quadrupled to pass through, and it is not used as a delimiter.

[RPC] OLDJOIN [options]

Join a domain. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust -account in server manager first.

[RPC|ADS] USER

List all users

[RPC|ADS] USER DELETE `target`

Delete specified user

[RPC|ADS] USER INFO `target`

List the domain groups of the specified user.

[RPC|ADS] USER RENAME `oldname` `newname`

Rename specified user.

[RPC|ADS] USER ADD `name` [password] [-F user flags] [-C comment]

Add specified user.

[RPC|ADS] GROUP

[RPC|ADS] GROUP [misc options] [targets]

List user groups.

[RPC|ADS] GROUP DELETE `name` [misc. options]

Delete specified group.

[RPC|ADS] GROUP ADD `name` [-C comment]

Create specified group.

[RAP|RPC] SHARE

[RAP|RPC] SHARE [misc. options] [targets]

Enumerates all exported resources (network shares) on target server.

[RAP|RPC] SHARE ADD `name=serverpath` [-C comment] [-M maxusers] [targets]

Adds a share from a server (makes the export active). Maxusers +account in server manager first.

[RPC|ADS] USER

List all users

[RPC|ADS] USER DELETE `target`

Delete specified user

[RPC|ADS] USER INFO `target`

List the domain groups of the specified user.

[RPC|ADS] USER RENAME `oldname` `newname`

Rename specified user.

[RPC|ADS] USER ADD `name` [password] [-F user flags] [-C comment]

Add specified user.

[RPC|ADS] GROUP

[RPC|ADS] GROUP [misc options] [targets]

List user groups.

[RPC|ADS] GROUP DELETE `name` [misc. options]

Delete specified group.

[RPC|ADS] GROUP ADD `name` [-C comment]

Create specified group.

[RAP|RPC] SHARE

[RAP|RPC] SHARE [misc. options] [targets]

Enumerates all exported resources (network shares) on target server.

[RAP|RPC] SHARE ADD `name=serverpath` [-C comment] [-M maxusers] [targets]

Adds a share from a server (makes the export active). Maxusers specifies the number of users that can be connected to the -share simultaneously.

SHARE DELETE `sharename`

Delete specified share.

[RPC|RAP] FILE

List all open files on remote server.

[RPC|RAP] FILE CLOSE `fileid`

Close file with specified fileid on -remote server.

[RPC|RAP] FILE INFO `fileid`

+share simultaneously.

SHARE DELETE `sharename`

Delete specified share.

[RPC|RAP] FILE

List all open files on remote server.

[RPC|RAP] FILE CLOSE `fileid`

Close file with specified fileid on +remote server.

[RPC|RAP] FILE INFO `fileid`

Print information on specified fileid. Currently listed are: file-id, username, locks, path, permissions.

[RAP|RPC] FILE USER `user`

List files opened by specified user. Please note that net rap file user does not work against Samba servers. -

SESSION

RAP SESSION

Without any other options, SESSION enumerates all active SMB/CIFS -sessions on the target server.

RAP SESSION DELETE|CLOSE `CLIENT_NAME`

Close the specified sessions.

RAP SESSION INFO `CLIENT_NAME`

Give a list with all the open files in specified session.

RAP SERVER `DOMAIN`

List all servers in specified domain or workgroup. Defaults +

SESSION

RAP SESSION

Without any other options, SESSION enumerates all active SMB/CIFS +sessions on the target server.

RAP SESSION DELETE|CLOSE `CLIENT_NAME`

Close the specified sessions.

RAP SESSION INFO `CLIENT_NAME`

Give a list with all the open files in specified session.

RAP SERVER `DOMAIN`

List all servers in specified domain or workgroup. Defaults to local domain.

RAP DOMAIN

Lists all domains and workgroups visible on the -current network.

RAP PRINTQ

RAP PRINTQ INFO `QUEUE_NAME`

Lists the specified print queue and print jobs on the server. +current network.

RAP PRINTQ

RAP PRINTQ INFO `QUEUE_NAME`

Lists the specified print queue and print jobs on the server. If the QUEUE_NAME is omitted, all -queues are listed.

RAP PRINTQ DELETE `JOBID`

Delete job with specified id.

RAP VALIDATE `user` [`password`]

+queues are listed.

RAP PRINTQ DELETE `JOBID`

Delete job with specified id.

RAP VALIDATE `user` [`password`]

Validate whether the specified user can log in to the remote server. If the password is not specified on the commandline, it will be prompted. -

Note

Currently NOT implemented.

RAP GROUPMEMBER

RAP GROUPMEMBER LIST `GROUP`

List all members of the specified group.

RAP GROUPMEMBER DELETE `GROUP` `USER`

Delete member from group.

RAP GROUPMEMBER ADD `GROUP` `USER`

Add member to group.

RAP ADMIN `command`

Execute the specified command on +

Note

Currently NOT implemented.

RAP GROUPMEMBER

RAP GROUPMEMBER LIST `GROUP`

List all members of the specified group.

RAP GROUPMEMBER DELETE `GROUP` `USER`

Delete member from group.

RAP GROUPMEMBER ADD `GROUP` `USER`

Add member to group.

RAP ADMIN `command`

Execute the specified command on the remote server. Only works with OS/2 servers. -

Note

Currently NOT implemented.

RAP SERVICE

RAP SERVICE START `NAME` [arguments...]

Start the specified service on the remote server. Not implemented yet.

Note

Currently NOT implemented.

RAP SERVICE STOP

Stop the specified service on the remote server.

Note

Currently NOT implemented.

RAP PASSWORD `USER` `OLDPASS` `NEWPASS`

Note

Currently NOT implemented.

RAP SERVICE

RAP SERVICE START `NAME` [arguments...]

Start the specified service on the remote server. Not implemented yet.

Note

Currently NOT implemented.

RAP SERVICE STOP

Stop the specified service on the remote server.

Note

Currently NOT implemented.

RAP PASSWORD `USER` `OLDPASS` `NEWPASS`

Change password of USER from OLDPASS to NEWPASS. -

LOOKUP

LOOKUP HOST `HOSTNAME` [`TYPE`]

LOOKUP

LOOKUP HOST `HOSTNAME` [`TYPE`]

Lookup the IP address of the given host with the specified type (netbios suffix). The type defaults to 0x20 (workstation). -

LOOKUP LDAP [`DOMAIN`]

Give IP address of LDAP server of specified DOMAIN. Defaults to local domain.

LOOKUP KDC [`REALM`]

Give IP address of KDC for the specified REALM. -Defaults to local realm.

LOOKUP DC [`DOMAIN`]

Give IP's of Domain Controllers for specified -DOMAIN. Defaults to local domain.

LOOKUP MASTER `DOMAIN`

Give IP of master browser for specified DOMAIN -or workgroup. Defaults to local domain.

CACHE

Samba uses a general caching interface called 'gencache'. It +

LOOKUP LDAP [`DOMAIN`]

Give IP address of LDAP server of specified DOMAIN. Defaults to local domain.

LOOKUP KDC [`REALM`]

Give IP address of KDC for the specified REALM. +Defaults to local realm.

LOOKUP DC [`DOMAIN`]

Give IP's of Domain Controllers for specified +DOMAIN. Defaults to local domain.

LOOKUP MASTER `DOMAIN`

Give IP of master browser for specified DOMAIN +or workgroup. Defaults to local domain.

CACHE

Samba uses a general caching interface called 'gencache'. It can be controlled using 'NET CACHE'.

All the timeout parameters support the suffixes:

s - Seconds

m - Minutes

h - Hours

d - Days

w - Weeks

CACHE ADD `key` `data` `time-out`

Add specified key+data to the cache with the given timeout.

CACHE DEL `key`

Delete key from the cache.

CACHE SET `key` `data` `time-out`

Update data of existing cache entry.

CACHE SEARCH `PATTERN`

Search for the specified pattern in the cache data.

CACHE LIST

CACHE ADD `key` `data` `time-out`

Add specified key+data to the cache with the given timeout.

CACHE DEL `key`

Delete key from the cache.

CACHE SET `key` `data` `time-out`

Update data of existing cache entry.

CACHE SEARCH `PATTERN`

Search for the specified pattern in the cache data.

CACHE LIST

List all current items in the cache. -

CACHE FLUSH

Remove all the current items from the cache.

GETLOCALSID [DOMAIN]

Prints the SID of the specified domain, or if the parameter is -omitted, the SID of the local server.

SETLOCALSID S-1-5-21-x-y-z

Sets SID for the local server to the specified SID.

GETDOMAINSID

Prints the local machine SID and the SID of the current -domain.

SETDOMAINSID

Sets the SID of the current domain.

GROUPMAP

Manage the mappings between Windows group SIDs and UNIX groups. +

CACHE FLUSH

Remove all the current items from the cache.

GETLOCALSID [DOMAIN]

Prints the SID of the specified domain, or if the parameter is +omitted, the SID of the local server.

SETLOCALSID S-1-5-21-x-y-z

Sets SID for the local server to the specified SID.

GETDOMAINSID

Prints the local machine SID and the SID of the current +domain.

SETDOMAINSID

Sets the SID of the current domain.

GROUPMAP

Manage the mappings between Windows group SIDs and UNIX groups. Common options include:

unixgroup - Name of the UNIX group
ntgroup - Name of the Windows NT group (must be resolvable to a SID
rid - Unsigned 32-bit integer
sid - Full SID in the form of "S-1-..."
type - Type of the group; either 'domain', 'local', - or 'builtin'
comment - Freeform text description of the group

GROUPMAP ADD

+ or 'builtin'

comment - Freeform text description of the group

GROUPMAP ADD

Add a new group mapping entry:

 net groupmap add {rid=int|sid=string} unixgroup=string \
 	[type={domain|local}] [ntgroup=string] [comment=string]

GROUPMAP DELETE

Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.

net groupmap delete {ntgroup=string|sid=SID}

GROUPMAP MODIFY

Update en existing group entry.

GROUPMAP DELETE

Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.

net groupmap delete {ntgroup=string|sid=SID}

GROUPMAP MODIFY

Update en existing group entry.

 net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
        [comment=string] [type={domain|local}]

GROUPMAP LIST

List existing group mapping entries.

net groupmap list [verbose] [ntgroup=string] [sid=SID]

MAXRID

Prints out the highest RID currently in use on the local +

GROUPMAP LIST

List existing group mapping entries.

net groupmap list [verbose] [ntgroup=string] [sid=SID]

MAXRID

Prints out the highest RID currently in use on the local server (by the active 'passdb backend'). -

RPC INFO

Print information about the domain of the remote server, +

RPC INFO

Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups. -

[RPC|ADS] TESTJOIN

Check whether participation in a domain is still valid.

[RPC|ADS] CHANGETRUSTPW

Force change of domain trust password.

RPC TRUSTDOM

RPC TRUSTDOM ADD `DOMAIN`

Add a interdomain trust account for DOMAIN. +

[RPC|ADS] TESTJOIN

Check whether participation in a domain is still valid.

[RPC|ADS] CHANGETRUSTPW

Force change of domain trust password.

RPC TRUSTDOM

RPC TRUSTDOM ADD `DOMAIN`

Add a interdomain trust account for DOMAIN. This is in fact a Samba account named DOMAIN$ with the account flag 'I' (interdomain trust account). If the command is used against localhost it has the same effect as smbpasswd -a -i DOMAIN. Please note that both commands expect a appropriate UNIX account. -

RPC TRUSTDOM DEL `DOMAIN`

Remove interdomain trust account for +

RPC TRUSTDOM DEL `DOMAIN`

Remove interdomain trust account for DOMAIN. If it is used against localhost it has the same effect as smbpasswd -x DOMAIN$. -

RPC TRUSTDOM ESTABLISH `DOMAIN`

Establish a trust relationship to a trusting domain. Interdomain account must already be created on the remote PDC. -

RPC TRUSTDOM REVOKE `DOMAIN`

Abandon relationship to trusted domain

RPC TRUSTDOM LIST

List all current interdomain trust relationships.

RPC RIGHTS

This subcommand is used to view and manage Samba's rights assignments (also +

RPC TRUSTDOM REVOKE `DOMAIN`

Abandon relationship to trusted domain

RPC TRUSTDOM LIST

List all current interdomain trust relationships.

RPC RIGHTS

This subcommand is used to view and manage Samba's rights assignments (also referred to as privileges). There are three options currently available: list, grant, and revoke. More details on Samba's privilege model and its use -can be found in the Samba-HOWTO-Collection.

RPC ABORTSHUTDOWN

Abort the shutdown of a remote server.

RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]

Shut down the remote server.

-r: +can be found in the Samba-HOWTO-Collection.

RPC ABORTSHUTDOWN

Abort the shutdown of a remote server.

RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]

Shut down the remote server.

-r: Reboot after shutdown.
-f: Force shutting down all applications. @@ -167,23 +167,23 @@ Force shutting down all applications. Timeout before system will be shut down. An interactive user of the system can use this time to cancel the shutdown.
-C message: Display the specified message on the screen to -announce the shutdown.

RPC SAMDUMP

Print out sam database of remote server. You need -to run this against the PDC, from a Samba machine joined as a BDC.

RPC VAMPIRE

Export users, aliases and groups from remote server to +announce the shutdown.

RPC SAMDUMP

Print out sam database of remote server. You need +to run this against the PDC, from a Samba machine joined as a BDC.

RPC VAMPIRE

Export users, aliases and groups from remote server to local server. You need to run this against the PDC, from a Samba machine joined as a BDC. -

RPC VAMPIRE KEYTAB

Dump remote SAM database to local Kerberos keytab file. -

RPC VAMPIRE LDIF

Dump remote SAM database to local LDIF file or standard output. -

RPC GETSID

Fetch domain SID and store it in the local secrets.tdb.

ADS LEAVE

Make the remote host leave the domain it is part of.

ADS STATUS

Print out status of machine account of the local machine in ADS. +

RPC VAMPIRE KEYTAB

Dump remote SAM database to local Kerberos keytab file. +

RPC VAMPIRE LDIF

Dump remote SAM database to local LDIF file or standard output. +

RPC GETSID

Fetch domain SID and store it in the local secrets.tdb.

ADS LEAVE

Make the remote host leave the domain it is part of.

ADS STATUS

Print out status of machine account of the local machine in ADS. Prints out quite some debug info. Aimed at developers, regular -users should use NET ADS TESTJOIN.

ADS PRINTER

ADS PRINTER INFO [`PRINTER`] [`SERVER`]

+users should use NET ADS TESTJOIN.

ADS PRINTER

ADS PRINTER INFO [`PRINTER`] [`SERVER`]

Lookup info for PRINTER on SERVER. The printer name defaults to "*", the -server name defaults to the local host.

ADS PRINTER PUBLISH `PRINTER`

Publish specified printer using ADS.

ADS PRINTER REMOVE `PRINTER`

Remove specified printer from ADS directory.

ADS SEARCH `EXPRESSION` `ATTRIBUTES...`

Perform a raw LDAP search on a ADS server and dump the results. The +server name defaults to the local host.

ADS PRINTER PUBLISH `PRINTER`

Publish specified printer using ADS.

ADS PRINTER REMOVE `PRINTER`

Remove specified printer from ADS directory.

ADS SEARCH `EXPRESSION` `ATTRIBUTES...`

Perform a raw LDAP search on a ADS server and dump the results. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results.

Example: net ads search '(objectCategory=group)' sAMAccountName -

ADS DN `DN` `(attributes)`

Perform a raw LDAP search on a ADS server and dump the results. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result. -

Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

ADS WORKGROUP

Print out workgroup name for specified kerberos realm.

SAM CREATEBUILTINGROUP <NAME>

Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

ADS WORKGROUP

Print out workgroup name for specified kerberos realm.

SAM CREATEBUILTINGROUP <NAME>

(Re)Create a BUILTIN group. Only a wellknown set of BUILTIN groups can be created with this command. This is the list of currently recognized group names: Administrators, @@ -193,78 +193,84 @@ compatible Access. This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

SAM CREATELOCALGROUP <NAME>

Create a LOCAL group (also known as Alias). This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

SAM DELETELOCALGROUP <NAME>

Delete an existing LOCAL group (also known as Alias). -

SAM MAPUNIXGROUP <NAME>

Map an existing Unix group and make it a Domain Group, the domain group will have the same name. -

SAM UNMAPUNIXGROUP <NAME>

Remove an existing group mapping entry. -

SAM ADDMEM <GROUP> <MEMBER>

Add a member to a Local group. The group can be specified only by name, the member can be specified by name or SID. -

SAM DELMEM <GROUP> <MEMBER>

Remove a member from a Local group. The group and the member must be specified by name. -

SAM LISTMEM <GROUP>

List Local group members. The group must be specified by name. -

SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

List the specified set of accounts by name. If verbose is specified, the rid and description is also provided for each account. -

SAM SHOW <NAME>

SAM RIGHTS LIST

+List all available privileges. +

SAM RIGHTS GRANT <NAME> <PRIVILEGE>

+Grant one or more privileges to a user. +

SAM RIGHTS REVOKE <NAME> <PRIVILEGE>

+Revoke one or more privileges from a user. +

SAM SHOW <NAME>

Show the full DOMAIN\\NAME the SID and the type for the corresponding account. -

SAM SET HOMEDIR <NAME> <DIRECTORY>

Set the home directory for a user account. -

SAM SET PROFILEPATH <NAME> <PATH>

Set the profile path for a user account. -

SAM SET COMMENT <NAME> <COMMENT>

Set the comment for a user or group account. -

SAM SET FULLNAME <NAME> <FULL NAME>

Set the full name for a user account. -

SAM SET LOGONSCRIPT <NAME> <SCRIPT>

Set the logon script for a user account. -

SAM SET HOMEDRIVE <NAME> <DRIVE>

Set the home drive for a user account. -

SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>

Set the workstations a user account is allowed to log in from. -

SAM SET DISABLE <NAME>

Set the "disabled" flag for a user account. -

SAM SET PWNOTREQ <NAME>

Set the "password not required" flag for a user account. -

SAM SET AUTOLOCK <NAME>

Set the "autolock" flag for a user account. -

SAM SET PWNOEXP <NAME>

Set the "password do not expire" flag for a user account. -

SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]

Set or unset the "password must change" flag for a user account. -

SAM POLICY LIST

List the available account policies. -

SAM POLICY SHOW <account policy>

Show the account policy value. -

SAM POLICY SET <account policy> <value>

Set a value for the account policy. Valid values can be: "forever", "never", "off", or a number. -

SAM PROVISION

Only available if ldapsam:editposix is set and winbindd is running. Properly populates the ldap tree with the basic accounts (Administrator) and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree. -

IDMAP DUMP <local tdb file name>

Dumps the mappings contained in the local tdb file specified. This command is useful to dump only the mappings produced by the idmap_tdb backend. -

IDMAP RESTORE [input file]

Restore the mappings from the specified file or stdin. -

IDMAP SECRET <DOMAIN>|ALLOC <secret>

Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server. -

USERSHARE

Starting with version 3.0.23, a Samba server now supports the ability for +

USERSHARE

Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user defined shares to be exported using the "net usershare" commands.

@@ -293,7 +299,7 @@ can create user defined shares on demand using the commands below.

net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.

net usershare delete sharename - to delete a user defined share.

net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.

net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.

USERSHARE ADD `sharename` `path` `[comment]` `[acl]` `[guest_ok=[y|n]]`

Add or replace a new user defined share, with name "sharename".

"path" specifies the absolute pathname on the system to be exported. @@ -330,11 +336,11 @@ sharename as the one you wish to modify and specify the new options you wish. The Samba smbd daemon notices user defined share modifications at connect time so will see the change immediately, there is no need to restart smbd on adding, deleting or changing a user defined share. -

USERSHARE DELETE `sharename`

Deletes the user defined share by name. The Samba smbd daemon immediately notices this change, although it will not disconnect any users currently connected to the deleted share. -

USERSHARE INFO `[-l|--long]` `[wildcard sharename]`

Get info on user defined shares owned by the current user matching the given pattern, or all users.

net usershare info on its own dumps out info on the user defined shares that were @@ -353,7 +359,7 @@ guest_ok=n And is a list of the current settings of the user defined share that can be modified by the "net usershare add" command. -

USERSHARE LIST `[-l|--long]` `wildcard sharename`

List all the user defined shares owned by the current user matching the given pattern, or all users.

net usershare list on its own list out the names of the user defined shares that were @@ -361,7 +367,7 @@ created by the current user, or restricts the list to share names that match the wildcard pattern ('*' matches one or more characters, '?' matches only one character). If the '-l' or '--long' option is also given, it includes the names of user defined shares created by other users. -

CONF

Starting with version 3.2.0, a Samba server can be configured by data +

CONF

Starting with version 3.2.0, a Samba server can be configured by data stored in registry. This configuration data can be edited with the new "net conf" commands.

@@ -379,10 +385,10 @@ See the

CONF LIST

Print the configuration data stored in the registry in a smb.conf-like format to standard output. -

CONF IMPORT `[--test|-T]` `filename` `[section]`

This command imports configuration from a file in smb.conf format. If a section encountered in the input file is present in registry, its contents is replaced. Sections of registry configuration that have @@ -392,30 +398,30 @@ Optionally, a section may be specified to restrict the effect of the import command to that specific section. A test mode is enabled by specifying the parameter "-T" on the commandline. In test mode, no changes are made to the registry, and the resulting configuration is printed to standard output instead. -

CONF LISTSHARES

List the names of the shares defined in registry. -

CONF DROP

Delete the complete configuration data from registry. -

CONF SHOWSHARE `sharename`

Show the definition of the share or section specified. It is valid to specify "global" as sharename to retrieve the global configuration options from registry. -

CONF ADDSHARE `sharename` `path` [`writeable={y|N}` [`guest_ok={y|N}` [`comment`]]]

Create a new share definition in registry. +

CONF ADDSHARE `sharename` `path` [`writeable={y|N}` [`guest_ok={y|N}` [`comment`]]]

Create a new share definition in registry. The sharename and path have to be given. The share name may not be "global". Optionally, values for the very common options "writeable", "guest ok" and a "comment" may be specified. The same result may be obtained by a sequence of "net conf setparm" commands. -

CONF DELSHARE `sharename`

Delete a share definition from registry. -

CONF SETPARM `section` `parameter` `value`

Store a parameter in registry. The section may be global or a sharename. The section is created if it does not exist yet. -

CONF GETPARM `section` `parameter`

Show a parameter stored in registry. -

CONF DELPARM `section` `parameter`

Delete a parameter stored in registry. -

CONF GETINCLUDES `section`

Get the list of includes for the provided section (global or share).

Note that due to the nature of the registry database and the nature of include directives, @@ -431,17 +437,41 @@ per share, and this list is evaluated after all the parameters of the share. Further note that currently, only files can be included from registry configuration. In the future, there will be the ability to include configuration data from other registry keys. -

CONF SETINCLUDES `section` [`filename`]+

Set the list of includes for the provided section (global or share) to the given list of one or more filenames. The filenames may contain the usual smb.conf macros like %I. -

CONF DELINCLUDES `section`

Delete the list of includes from the provided section (global or share). -

DOM

Starting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000. +

EVENTLOG

Starting with version 3.4.0 net can read, dump, import and export native +win32 eventlog files (usually *.evt). evt files are used by the native Windows eventviewer tools. +

+The import and export of evt files can only succeed when eventlog list is used in +smb.conf file. +See the smb.conf(5) manpage for details. +

The eventlog commands are: +

net eventlog dump - Dump a eventlog *.evt file on the screen.

net eventlog import - Import a eventlog *.evt into the samba internal +tdb based representation of eventlogs.

net eventlog export - Export the samba internal tdb based representation +of eventlogs into an eventlog *.evt file.

EVENTLOG DUMP `filename`

+Prints a eventlog *.evt file to standard output. +

EVENTLOG IMPORT `filename` `eventlog`

+Imports a eventlog *.evt file defined by filename into the +samba internal tdb representation of eventlog defined by eventlog. +eventlog needs to part of the eventlog list +defined in smb.conf. +See the smb.conf(5) manpage for details. +

EVENTLOG EXPORT `filename` `eventlog`

+Exports the samba internal tdb representation of eventlog defined by eventlog +to a eventlog *.evt file defined by filename. +eventlog needs to part of the eventlog list +defined in smb.conf. +See the smb.conf(5) manpage for details. +

DOM

Starting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000.

In order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege.

The client side support for remote join is implemented in the net dom commands which are: -

net dom join - Join a remote computer into a domain.

net dom unjoin - Unjoin a remote computer from a domain.

DOM JOIN `domain=DOMAIN` `ou=OU` `account=ACCOUNT` `password=PASSWORD` `reboot`

net dom join - Join a remote computer into a domain.

net dom unjoin - Unjoin a remote computer from a domain.

net dom renamecomputer - Renames a remote computer joined to a domain.

DOM JOIN `domain=DOMAIN` `ou=OU` `account=ACCOUNT` `password=PASSWORD` `reboot`

Joins a computer into a domain. This command supports the following additional parameters:

DOMAIN can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The DOMAIN parameter cannot be NULL.
OU can be set to a RFC 1779 LDAP DN, like ou=mymachines,cn=Users,dc=example,dc=com in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.
ACCOUNT defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.
PASSWORD defines the password for the domain account defined with ACCOUNT.
REBOOT is an optional parameter that can be set to reboot the remote machine after successful join to the domain.

Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user. @@ -450,7 +480,7 @@ Note that you also need to use standard net paramters to connect and authenticat net dom join -S xp -U XP\\administrator%secret domain=MYDOM account=MYDOM\\administrator password=topsecret reboot.

This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot. -

DOM UNJOIN `account=ACCOUNT` `password=PASSWORD` `reboot`

Unjoins a computer from a domain. This command supports the following additional parameters:

ACCOUNT defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines.
PASSWORD defines the password for the domain account defined with ACCOUNT.
REBOOT is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain.

Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to unjoin. These additional parameters include: -S computer and -U user. @@ -459,8 +489,17 @@ Note that you also need to use standard net paramters to connect and authenticat net dom unjoin -S xp -U XP\\administrator%secret account=MYDOM\\administrator password=topsecret reboot.

This example would connect to a computer named XP as the local administrator using password secret, and unjoin the computer from the domain using the MYDOM domain administrator account and password topsecret. After successful unjoin, the computer would reboot. -

HELP [COMMAND]

Gives usage information for the specified command.

VERSION

This man page is complete for version 3 of the Samba - suite.

AUTHOR

The original Samba software and related utilities +

DOM RENAMECOMPUTER `newname=NEWNAME` `account=ACCOUNT` `password=PASSWORD` `reboot`

+Renames a computer that is joined to a domain. This command supports the following additional parameters: +

NEWNAME defines the new name of the machine in the domain.
ACCOUNT defines a domain account that will be used to rename the machine in the domain. This domain account needs to have sufficient privileges to rename machines.
PASSWORD defines the password for the domain account defined with ACCOUNT.
REBOOT is an optional parameter that can be set to reboot the remote machine after successful rename in the domain.

+Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to rename in the domain. These additional parameters include: -S computer and -U user. +

+ Example: + net dom renamecomputer -S xp -U XP\\administrator%secret newname=XPNEW account=MYDOM\\administrator password=topsecret reboot. +

+This example would connect to a computer named XP as the local administrator using password secret, and rename the joined computer to XPNEW using the MYDOM domain administrator account and password topsecret. After successful rename, the computer would reboot. +

HELP [COMMAND]

Gives usage information for the specified command.

VERSION

This man page is complete for version 3 of the Samba + suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The net manpage was written by Jelmer Vernooij.

diff --git a/docs/htmldocs/manpages/nmbd.8.html b/docs/htmldocs/manpages/nmbd.8.html index 6cb2fbffdc..38632fb80e 100644 --- a/docs/htmldocs/manpages/nmbd.8.html +++ b/docs/htmldocs/manpages/nmbd.8.html @@ -88,7 +88,7 @@ log.smbd, etc...). The log file is never removed by the client. This option changes the default UDP port number (normally 137) that nmbd responds to name queries on. Don't use this option unless you are an expert, in which case you - won't need help!

FILES

/etc/inetd.conf: If the server is to be run by the + won't need help!

FILES

/etc/inetd.conf: If the server is to be run by the inetd meta-daemon, this file must contain suitable startup information for the meta-daemon. @@ -115,7 +115,7 @@ log.smbd, etc...). The log file is never removed by the client. will store the browsing database in the file browse.dat in the var/locks directory configured under wherever Samba was configured to install itself. -

SIGNALS

To shut down an nmbd process it is recommended +

SIGNALS

To shut down an nmbd process it is recommended that SIGKILL (-9) NOT be used, except as a last resort, as this may leave the name database in an inconsistent state. The correct way to terminate nmbd is to send it @@ -129,13 +129,13 @@ log.smbd, etc...). The log file is never removed by the client. using smbcontrol(1) (SIGUSR[1|2] signals are no longer used since Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running - at a normally low log level.

VERSION

This man page is correct for version 3 of - the Samba suite.

VERSION

This man page is correct for version 3 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + http://samba.org/cifs/.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/samba.7.html b/docs/htmldocs/manpages/samba.7.html index 305c1db619..d482020c8b 100644 --- a/docs/htmldocs/manpages/samba.7.html +++ b/docs/htmldocs/manpages/samba.7.html @@ -1,4 +1,4 @@ -samba

Name

samba — A Windows SMB/CIFS fileserver for UNIX

Synopsis

samba

DESCRIPTION

The Samba software suite is a collection of programs +samba

Name

samba — A Windows SMB/CIFS fileserver for UNIX

Synopsis

samba

DESCRIPTION

The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS). For a @@ -63,7 +63,7 @@ smbmnt(8)

smbmount,smbumount and smbmnt are commands that can be used to mount CIFS/SMB shares on Linux.

smbcquotas(1)

smbcquotas is a tool that - can set remote QUOTA's on server with NTFS 5.

COMPONENTS

The Samba suite is made up of several components. Each + can set remote QUOTA's on server with NTFS 5.

COMPONENTS

The Samba suite is made up of several components. Each component is described in a separate manual page. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use. If the @@ -72,7 +72,7 @@ for information on how to file a bug report or submit a patch.

If you require help, visit the Samba webpage at http://www.samba.org/ and explore the many option available to you. -

AVAILABILITY

The Samba software suite is licensed under the +

AVAILABILITY

The Samba software suite is licensed under the GNU Public License(GPL). A copy of that license should have come with the package in the file COPYING. You are encouraged to distribute copies of the Samba suite, but @@ -86,14 +86,14 @@ the README file that comes with Samba.

If you have access to a WWW viewer (such as Mozilla or Konqueror) then you will also find lots of useful information, including back issues of the Samba mailing list, at - http://lists.samba.org.

VERSION

This man page is correct for version 3 of the - Samba suite.

CONTRIBUTIONS

If you wish to contribute to the Samba project, + http://lists.samba.org.

VERSION

This man page is correct for version 3 of the + Samba suite.

CONTRIBUTIONS

If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list at http://lists.samba.org.

If you have patches to submit, visit http://devel.samba.org/ for information on how to do it properly. We prefer patches - in diff -u format.

CONTRIBUTORS

Contributors to the project are now too numerous + in diff -u format.

CONTRIBUTORS

Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users. To see a full list, look at the change-log in the source package @@ -101,7 +101,7 @@ http://cvs.samba.org/ for the contributors to Samba post-CVS. CVS is the Open Source source code control system used by the Samba Team to develop - Samba. The project would have been unmanageable without it.

AUTHOR

The original Samba software and related utilities + Samba. The project would have been unmanageable without it.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/sharesec.1.html b/docs/htmldocs/manpages/sharesec.1.html index c018a5a844..0a0f2c875c 100644 --- a/docs/htmldocs/manpages/sharesec.1.html +++ b/docs/htmldocs/manpages/sharesec.1.html @@ -33,7 +33,7 @@ The default configuration file name is determined at compile time.

-l|--log-basename=logdirectory

Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. -

ACL FORMAT

The format of an ACL is one or more ACL entries separated by +

ACL FORMAT

The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following:

 	REVISION:<revision number>
 	OWNER:<sid or name>
@@ -57,7 +57,7 @@ log.smbd, etc...). The log file is never removed by the client.
 	file permissions of the same name.
R - Allow read access 
W - Allow write access
X - Execute permission on the object
D - Delete the object
P - Change permissions
O - Take ownership
The following combined permissions can be specified:
READ -  Equivalent to 'RX'
 		permissions
CHANGE - Equivalent to 'RXWD' permissions
 		
FULL - Equivalent to 'RWXDPO'
-		permissions

EXIT STATUS

The sharesec program sets the exit status + permissions

EXIT STATUS

The sharesec program sets the exit status depending on the success or otherwise of the operations performed. The exit status may be one of the following values.

If the operation succeeded, sharesec returns and exit status of 0. If sharesec couldn't connect to the specified server, diff --git a/docs/htmldocs/manpages/smb.conf.5.html b/docs/htmldocs/manpages/smb.conf.5.html index 6b77065d63..adabd9af7e 100644 --- a/docs/htmldocs/manpages/smb.conf.5.html +++ b/docs/htmldocs/manpages/smb.conf.5.html @@ -1,4 +1,4 @@ -smb.conf

Name

smb.conf — The configuration file for the Samba suite

SYNOPSIS

+smb.conf

Name

smb.conf — The configuration file for the Samba suite

SYNOPSIS

The smb.conf file is a configuration file for the Samba suite. smb.conf contains runtime configuration information for the Samba programs. The smb.conf file is designed to be configured and administered by the swat(8) program. The @@ -26,7 +26,7 @@ The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 1/0 or true/false. Case is not significant in boolean values, but is preserved in string values. Some items such as create masks are numeric. -

SECTION DESCRIPTIONS

Each section in the configuration file (except for the [global] section) describes a shared resource (known as a “share”). The section name is the name of the shared resource and the parameters within the section define the shares attributes. @@ -69,7 +69,7 @@ printable = yes guest ok = yes

SPECIAL SECTIONS

The [global] section

SPECIAL SECTIONS

The [global] section

Parameters in this section apply to the server as a whole, or are defaults for sections that do not specifically define certain items. See the notes under PARAMETERS for more information.

The [homes] section

@@ -360,19 +360,34 @@ chmod 1770 /usr/local/samba/lib/usershares registry based configuration locally, i.e. directly accessing the database file, circumventing the server. -

EXPLANATION OF EACH PARAMETER

+

EXPLANATION OF EACH PARAMETER

abort shutdown script (G) -

: This a full path name to a script called by smbd(8) that +

This a full path name to a script called by smbd(8) that should stop a shutdown procedure issued by the shutdown script.

If the connected user posseses the SeRemoteShutdownPrivilege, right, this command will be run as root.

Default: abort shutdown script = ""

Example: abort shutdown script = /sbin/shutdown -c -

+

+ +public +

: This parameter is a synonym for access based share enum.

+ +access based share enum (S) +

If this parameter is yes for a + service, then the share hosted by the service will only be visible + to users who have read or write access to the share during share + enumeration (for example net view \\sambaserver). This has + parallels to access based enumeration, the main difference being + that only share permissions are evaluated, and security + descriptors on files contained on the share are not used in + computing enumeration access rights.

Default: access based share enum = no + +

acl check permissions (S) -

: This boolean parameter controls what smbd(8)does on receiving a protocol request of "open for delete" +

This boolean parameter controls what smbd(8)does on receiving a protocol request of "open for delete" from a Windows client. If a Windows client doesn't have permissions to delete a file then they expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a @@ -392,10 +407,10 @@ acl check permissions (S) with slightly different semantics was introduced in 3.0.20. That older version is not documented here.

Default: acl check permissions = True -

+

acl compatibility (G) -

: This parameter specifies what OS ACL semantics should +

This parameter specifies what OS ACL semantics should be compatible with. Possible values are winnt for Windows NT 4, win2k for Windows 2000 and above and auto. If you specify auto, the value for this parameter @@ -404,10 +419,10 @@ acl compatibility (G)

Example: acl compatibility = win2k -

+

acl group control (S) -

: +

In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the primary group owner of a file or directory to modify the permissions and ACLs @@ -434,10 +449,10 @@ acl group control (S) dos filemode option.

Default: acl group control = no -

+

acl map full control (S) -

: +

This boolean parameter controls whether smbd(8)maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any @@ -445,10 +460,10 @@ acl map full control (S) execute.

Default: acl map full control = True -

+

add group script (G) -

: +

This is the full pathname to a script that will be run AS ROOT by smbd(8) when a new group is requested. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. The script is free to create a group with @@ -458,10 +473,10 @@ add group script (G)

Example: add group script = /usr/sbin/groupadd %g -

+

add machine script (G) -

: +

This is the full pathname to a script that will be run by smbd(8) when a machine is added to Samba's domain and a Unix account matching the machine's name appended with a "$" does not @@ -472,10 +487,10 @@ add machine script (G)

Example: add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u -

+

add port command (G) -

: Samba 3.0.23 introduced support for adding printer ports +

Samba 3.0.23 introduced support for adding printer ports remotely using the Windows "Add Standard TCP/IP Port Wizard". This option defines an external program to be executed when smbd receives a request to add a new Port to the system. @@ -484,10 +499,10 @@ add port command (G)

Example: add port command = /etc/samba/scripts/addport.sh -

+

addprinter command (G) -

: With the introduction of MS-RPC based printing +

With the introduction of MS-RPC based printing support for Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon is now also available in the "Printers..." folder displayed a share listing. The APW @@ -518,10 +533,10 @@ addprinter command (G)

Example: addprinter command = /usr/bin/addprinter -

+

add share command (G) -

: +

Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The add share command is used to define an external program or script which will add a new service definition to @@ -553,10 +568,10 @@ add share command (G)

Example: add share command = /usr/local/bin/addshare -

+

add user script (G) -

: +

This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances described below. @@ -591,10 +606,10 @@ add user script (G)

Example: add user script = /usr/local/samba/bin/add_user %u -

+

add user to group script (G) -

: +

Full path to the script that will be called when a user is added to a group using the Windows NT domain administration tools. It will be run by smbd(8) AS ROOT. Any %g will be replaced with the group name and @@ -606,20 +621,20 @@ add user to group script (G)

Example: add user to group script = /usr/sbin/adduser %u %g -

+

administrative share (S) -

: If this parameter is set to yes for +

If this parameter is set to yes for a share, then the share will be an administrative share. The Administrative Shares are the default network shares created by all Windows NT-based operating systems. These are shares like C$, D$ or ADMIN$. The type of these shares is STYPE_DISKTREE_HIDDEN.

See the section below on security for more information about this option.

Default: administrative share = no -

+

admin users (S) -

: This is a list of users who will be granted +

This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root).

You should use this option very carefully, as any user in this list will be able to do anything they like on the share, @@ -628,20 +643,20 @@ admin users (S)

Example: admin users = jason -

+

afs share (S) -

: This parameter controls whether special AFS features are enabled +

This parameter controls whether special AFS features are enabled for this share. If enabled, it assumes that the directory exported via the path parameter is a local AFS import. The special AFS features include the attempt to hand-craft an AFS token if you enabled --with-fake-kaserver in configure.

Default: afs share = no -

+

afs username map (G) -

: If you are using the fake kaserver AFS feature, you might +

If you are using the fake kaserver AFS feature, you might want to hand-craft the usernames you are creating tokens for. For example this is necessary if you have users from several domain in your AFS Protection Database. One possible scheme to code users @@ -651,10 +666,10 @@ afs username map (G)

Example: afs username map = %u@afs.samba.org -

+

aio read size (S) -

: If Samba has been built with asynchronous I/O support and this +

: If Samba has been built with asynchronous I/O support and this integer parameter is set to non-zero value, Samba will read from file asynchronously when size of request is bigger than this value. Note that it happens only for non-chained and non-chaining @@ -665,10 +680,10 @@ aio read size (S) # Use asynchronous I/O for reads bigger than 16KB request size -

+

aio write size (S) -

: If Samba has been built with asynchronous I/O support and this +

: If Samba has been built with asynchronous I/O support and this integer parameter is set to non-zero value, Samba will write to file asynchronously when size of request is bigger than this value. Note that it happens only for non-chained and non-chaining @@ -679,10 +694,10 @@ aio write size (S) # Use asynchronous I/O for writes bigger than 16KB request size -

+

algorithmic rid base (G) -

: This determines how Samba will use its +

This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers.

Setting this option to a larger value could be useful to sites @@ -697,10 +712,10 @@ algorithmic rid base (G)

Example: algorithmic rid base = 100000 -

+

allocation roundup size (S) -

: This parameter allows an administrator to tune the +

This parameter allows an administrator to tune the allocation size reported to Windows clients. The default size of 1Mb generally results in improved Windows client performance. However, rounding the allocation size may cause @@ -712,10 +727,10 @@ allocation roundup size (S)

Example: allocation roundup size = 0 # (to disable roundups) -

+

allow trusted domains (G) -

: +

This option only takes effect when the security option is set to server, domain or ads. If it is set to no, then attempts to connect to a resource from @@ -730,10 +745,10 @@ allow trusted domains (G) Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.

Default: allow trusted domains = yes -

+

announce as (G) -

: This specifies what type of server nmbd(8) will announce itself as, to a network neighborhood browse +

This specifies what type of server nmbd(8) will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, @@ -745,20 +760,20 @@ announce as (G)

Example: announce as = Win95 -

+

announce version (G) -

: This specifies the major and minor version numbers +

This specifies the major and minor version numbers that nmbd will use when announcing itself as a server. The default is 4.9. Do not change this parameter unless you have a specific need to set a Samba server to be a downlevel server.

Default: announce version = 4.9

Example: announce version = 2.0 -

+

auth methods (G) -

: +

This option allows the administrator to chose what authentication methods smbd will use when authenticating a user. This option defaults to sensible values based on security. This should be considered a developer option and used only in rare circumstances. In the majority (if not all) @@ -779,18 +794,18 @@ auth methods (G)

Example: auth methods = guest sam winbind -

+

available (S) -

: This parameter lets you "turn off" a service. If +

This parameter lets you "turn off" a service. If available = no, then ALL attempts to connect to the service will fail. Such failures are logged.

Default: available = yes -

+

bind interfaces only (G) -

: This global parameter allows the Samba admin +

This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. It affects file service smbd(8) and name service nmbd(8) in a slightly different ways.

For name service it causes nmbd to bind to ports 137 and 138 on the @@ -831,10 +846,10 @@ bind interfaces only (G) from starting/stopping/restarting smbd and nmbd.

Default: bind interfaces only = no -

+

blocking locks (S) -

: This parameter controls the behavior +

This parameter controls the behavior of smbd(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it.

If this parameter is set and the lock range requested @@ -845,10 +860,10 @@ blocking locks (S) will fail the lock request immediately if the lock range cannot be obtained.

Default: blocking locks = yes -

+

block size (S) -

: This parameter controls the behavior of smbd(8) when reporting disk free +

This parameter controls the behavior of smbd(8) when reporting disk free sizes. By default, this reports a disk block size of 1024 bytes.

Changing this parameter may have some effect on the efficiency of client writes, this is not yet confirmed. This @@ -862,42 +877,42 @@ block size (S)

Example: block size = 4096 -

+

browsable -

: This parameter is a synonym for browseable.

+

: This parameter is a synonym for browseable.

browseable (S) -

: This controls whether this share is seen in +

This controls whether this share is seen in the list of available shares in a net view and in the browse list.

Default: browseable = yes -

+

browse list (G) -

: This controls whether smbd(8) will serve a browse list to +

This controls whether smbd(8) will serve a browse list to a client doing a NetServerEnum call. Normally set to yes. You should never need to change this.

Default: browse list = yes -

+

casesignames -

: This parameter is a synonym for case sensitive.

+

: This parameter is a synonym for case sensitive.

case sensitive (S) -

See the discussion in the section name mangling.

Default: case sensitive = no +

See the discussion in the section name mangling.
Default: case sensitive = no -

+

change notify (S) -

This parameter specifies whether Samba should reply +

This parameter specifies whether Samba should reply to a client's file change notify requests.
You should never need to change this parameter
Default: change notify = yes -

+

change share command (G) -

Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The change share command is used to define an external program or script which will modify an existing service definition in smb.conf. @@ -932,22 +947,22 @@ program or script which will modify an existing service definition in
Example: change share command = /usr/local/bin/changeshare -

`+`

`check password script (G) -`

The name of a program that can be used to check password +

The name of a program that can be used to check password complexity. The password is sent to the program's standard input. The program must return 0 on a good password, or any other value if the password is bad. In case the password is considered weak (the program does not return 0) the user will be notified and the password change will fail. Note: In the example directory is a sample program called crackcheck that uses cracklib to check the password quality. Default: check password script = Disabled - Example: check password script = check password script = /usr/local/sbin/crackcheck + Example: check password script = /usr/local/sbin/crackcheck -

`+`

`client lanman auth (G) -`

This parameter determines whether or not smbclient(8) and other samba client +

This parameter determines whether or not smbclient(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash. If disabled, only server which support NT password hashes (e.g. Windows NT/2000, Samba, etc... but not @@ -958,10 +973,10 @@ client lanman auth (G) auth parameter is enabled, then only NTLMv2 logins will be attempted.
Default: client lanman auth = no -

+

client ldap sasl wrapping (G) -

The client ldap sasl wrapping defines whether ldap traffic will be signed or signed and encrypted (sealed). Possible values are plain, sign @@ -989,10 +1004,10 @@ client ldap sasl wrapping (G) seal.
Default: client ldap sasl wrapping = plain -

+

client ntlmv2 auth (G) -

This parameter determines whether or not smbclient(8) will attempt to +

This parameter determines whether or not smbclient(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response.
If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Many servers @@ -1004,16 +1019,16 @@ client ntlmv2 auth (G) those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM.
Default: client ntlmv2 auth = no -

+

client plaintext auth (G) -

Specifies whether a client should send a plaintext +

Specifies whether a client should send a plaintext password if the server does not support encrypted passwords.
Default: client plaintext auth = no -

+

client schannel (G) -

This controls whether the client offers or even demands the use of the netlogon schannel. client schannel = no does not offer the schannel, client schannel = auto offers the schannel but does not @@ -1023,10 +1038,10 @@ client schannel (G)
Example: client schannel = yes -

+

client signing (G) -

This controls whether the client is allowed or required to use SMB signing. Possible values +

This controls whether the client is allowed or required to use SMB signing. Possible values are auto, mandatory and disabled.
When set to auto, SMB signing is offered, but not enforced. @@ -1034,19 +1049,19 @@ client signing (G) to disabled, SMB signing is not offered either.
Default: client signing = auto -

+

client use spnego (G) -

This variable controls whether Samba clients will try +

This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with supporting servers (including WindowsXP, Windows2000 and Samba 3.0) to agree upon an authentication mechanism. This enables Kerberos authentication in particular.
Default: client use spnego = yes -

+

cluster addresses (G) -

With this parameter you can add additional addresses +

With this parameter you can add additional addresses nmbd will register with a WINS server. These addresses are not necessarily present on all nodes simultaneously, but they will be registered with the WINS server so that clients can contact @@ -1055,20 +1070,20 @@ cluster addresses (G)

Example: cluster addresses = 10.0.0.1 10.0.0.2 10.0.0.3 -

+

clustering (G) -

: This parameter specifies whether Samba should contact +

This parameter specifies whether Samba should contact ctdb for accessing its tdb files and use ctdb as a backend for its messaging backend.

Set this parameter to yes only if you have a cluster setup with ctdb running.

Default: clustering = no -

+

comment (S) -

: This is a text field that is seen next to a share +

This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available.

If you want to set the string that is displayed next to the @@ -1077,10 +1092,10 @@ comment (S)

Example: comment = Fred's Files -

+

config backend (G) -

: +

This controls the backend for storing the configuration. Possible values are file (the default) and registry. @@ -1098,10 +1113,10 @@ config backend (G)

Example: config backend = registry -

+

config file (G) -

: This allows you to override the config file +

This allows you to override the config file to use, instead of the default (usually smb.conf). There is a chicken and egg problem here as this option is set in the config file!

For this reason, if the name of the config file has changed @@ -1111,10 +1126,10 @@ config file (G) (allowing you to special case the config files of just a few clients).

No default

Example: config file = /usr/local/samba/lib/smb.conf.%m -

+

copy (S) -

: This parameter allows you to "clone" service +

This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current section will override those in the section being copied.

This feature lets you set up a 'template' service and @@ -1124,13 +1139,13 @@ copy (S)

Example: copy = otherservice -

+

create mode -

: This parameter is a synonym for create mask.

+

: This parameter is a synonym for create mask.

create mask (S) -

: +

When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit not set here will @@ -1151,10 +1166,10 @@ create mask (S)

Example: create mask = 0775 -

+

csc policy (S) -

: +

This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable.

@@ -1166,10 +1181,10 @@ csc policy (S)

Example: csc policy = programs -

+

ctdbd socket (G) -

: If you set clustering=yes, +

If you set clustering=yes, you need to tell Samba where ctdbd listens on its unix domain socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which you have to explicitly set for Samba in smb.conf. @@ -1177,10 +1192,10 @@ ctdbd socket (G)

Example: ctdbd socket = /tmp/ctdb.socket -

+

cups connection timeout (G) -

: +

This parameter is only applicable if printing is set to cups.

If set, this option specifies the number of seconds that smbd will wait @@ -1190,10 +1205,10 @@ cups connection timeout (G)

Example: cups connection timeout = 60 -

+

cups options (S) -

: +

This parameter is only applicable if printing is set to cups. Its value is a free form string of options passed directly to the cups library. @@ -1215,10 +1230,10 @@ cups options (S)

Example: cups options = "raw media=a4" -

+

cups server (G) -

: +

This parameter is only applicable if printing is set to cups.

If set, this option overrides the ServerName option in the CUPS client.conf. This is @@ -1232,10 +1247,10 @@ cups server (G)

Example: cups server = mycupsserver:1631 -

+

deadtime (G) -

: The value of the parameter (a decimal integer) +

The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected. The deadtime only takes effect if the number of open files is zero.

This is useful to stop a server's resources being @@ -1247,10 +1262,10 @@ deadtime (G)

Example: deadtime = 15 -

+

debug class (G) -

: +

With this boolean parameter enabled, the debug class (DBGC_CLASS) will be displayed in the debug header.

@@ -1258,20 +1273,20 @@ debug class (G) section about log level.

Default: debug class = no -

+

debug hires timestamp (G) -

: +

Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp message header when turned on.

Note that the parameter debug timestamp must be on for this to have an effect.

Default: debug hires timestamp = no -

+

debug pid (G) -

: +

When using only one log file for more then one forked smbd(8)-process there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on. @@ -1279,10 +1294,10 @@ debug pid (G) Note that the parameter debug timestamp must be on for this to have an effect.

Default: debug pid = no -

+

debug prefix timestamp (G) -

: +

With this option enabled, the timestamp message header is prefixed to the debug message without the filename and function information that is included with the debug timestamp parameter. This gives timestamps to the messages without adding an additional line. @@ -1290,38 +1305,49 @@ debug prefix timestamp (G) Note that this parameter overrides the debug timestamp parameter.

Default: debug prefix timestamp = no -

+

timestamp logs -

: This parameter is a synonym for debug timestamp.

+

: This parameter is a synonym for debug timestamp.

debug timestamp (G) -

: +

Samba debug log messages are timestamped by default. If you are running at a high debug level these timestamps can be distracting. This boolean parameter allows timestamping to be turned off.

Default: debug timestamp = yes -

+

debug uid (G) -

: +

Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.

Note that the parameter debug timestamp must be on for this to have an effect.

Default: debug uid = no -

+

+ +dedicated keytab file (G) +

+ Specifies the path to the kerberos keytab file when + kerberos method is set to "dedicated + keytab". +

Default: dedicated keytab file = + +

Example: dedicated keytab file = /usr/local/etc/krb5.keytab + +

default case (S) -

: See the section on name mangling. +

See the section on name mangling. Also note the short preserve case parameter.

Default: default case = lower -

+

default devmode (S) -

: This parameter is only applicable to printable services. +

This parameter is only applicable to printable services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba server has a Device Mode which defines things such as paper size and orientation and duplex settings. The device mode can only correctly be @@ -1344,13 +1370,13 @@ default devmode (S) see the MSDN documentation.

Default: default devmode = yes -

+

default -

: This parameter is a synonym for default service.

+

: This parameter is a synonym for default service.

default service (G) -

: This parameter specifies the name of a service +

This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are NOT given in the parameter value (see example below).

There is no default value for this parameter. If this @@ -1364,10 +1390,10 @@ default service (G)

Example: default service = pub -

+

defer sharing violations (G) -

: +

Windows allows specifying how a file will be shared with other processes when it is opened. Sharing violations occur when a file is opened by a different process using options that violate @@ -1380,19 +1406,19 @@ defer sharing violations (G) designed to enable Samba to more correctly emulate Windows.

Default: defer sharing violations = True -

+

delete group script (G) -

: This is the full pathname to a script that will +

This is the full pathname to a script that will be run AS ROOT smbd(8) when a group is requested to be deleted. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.

Default: delete group script = -

+

deleteprinter command (G) -

: With the introduction of MS-RPC based printer +

With the introduction of MS-RPC based printer support for Windows NT/2000 clients in Samba 2.2, it is now possible to delete a printer at run time by issuing the DeletePrinter() RPC call.

For a Samba host this means that the printer must be @@ -1410,18 +1436,18 @@ deleteprinter command (G)

Example: deleteprinter command = /usr/bin/removeprinter -

+

delete readonly (S) -

: This parameter allows readonly files to be deleted. +

This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.

This option may be useful for running applications such as rcs, where UNIX file ownership prevents changing file permissions, and DOS semantics prevent deletion of a read only file.

Default: delete readonly = no -

+

delete share command (G) -

: +

Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The delete share command is used to define an external program or script which will remove an existing service definition from @@ -1447,10 +1473,10 @@ delete share command (G)

Example: delete share command = /usr/local/bin/delshare -

+

delete user from group script (G) -

: Full path to the script that will be called when +

Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration tools. It will be run by smbd(8) AS ROOT. Any %g will be replaced with the group name and @@ -1459,10 +1485,10 @@ delete user from group script (G)

Example: delete user from group script = /usr/sbin/deluser %u %g -

+

delete user script (G) -

: This is the full pathname to a script that will +

This is the full pathname to a script that will be run by smbd(8) when managing users with remote RPC (NT) tools.

This script is called when a remote client removes a user @@ -1471,10 +1497,10 @@ delete user script (G)

Example: delete user script = /usr/local/samba/bin/del_user %u -

+

delete veto files (S) -

: This option is used when Samba is attempting to +

This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the veto files option). If this option is set to no (the default) then if a vetoed @@ -1488,10 +1514,10 @@ delete veto files (S) directories to be transparently deleted when the parent directory is deleted (so long as the user has permissions to do so).

Default: delete veto files = no -

+

dfree cache time (S) -

: +

The dfree cache time should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" at the @@ -1504,10 +1530,10 @@ dfree cache time (S) By default this parameter is zero, meaning no caching will be done.

No default

Example: dfree cache time = dfree cache time = 60 -

+

dfree command (S) -

: +

The dfree command setting should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" @@ -1545,13 +1571,13 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' By default internal routines for determining the disk capacity and remaining space will be used.

No default

Example: dfree command = /usr/local/samba/bin/dfree -

+

directory mode -

: This parameter is a synonym for directory mask.

+

: This parameter is a synonym for directory mask.

directory mask (S) -

: This parameter is the octal modes which are +

This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.

When a directory is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, @@ -1569,10 +1595,10 @@ directory mask (S)

Example: directory mask = 0775 -

+

directory security mask (S) -

: This parameter controls what UNIX permission bits +

This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.

@@ -1592,19 +1618,19 @@ directory security mask (S)

Example: directory security mask = 0700 -

+

disable netbios (G) -

: Enabling this parameter will disable netbios support +

Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP.

Note

Clients that only support netbios won't be able to see your samba server when netbios support is disabled.

Default: disable netbios = no -

+

disable spoolss (G) -

: Enabling this parameter will disable Samba's support +

Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba 2.0.x. Windows NT/2000 clients will downgrade to using Lanman style printing commands. Windows 9x/ME will be unaffected by @@ -1616,10 +1642,10 @@ disable spoolss (G) Be very careful about enabling this parameter.

Default: disable spoolss = no -

+

display charset (G) -

: +

Specifies the charset that samba will use to print messages to stdout and stderr. The default value is "LOCALE", which means automatically set, depending on the current locale. The value should generally be the same as the value of the parameter @@ -1628,10 +1654,10 @@ display charset (G)

Example: display charset = UTF8 -

+

dmapi support (S) -

: This parameter specifies whether Samba should use DMAPI to +

This parameter specifies whether Samba should use DMAPI to determine whether a file is offline or not. This would typically be used in conjunction with a hierarchical storage system that automatically migrates files to tape. @@ -1646,10 +1672,10 @@ dmapi support (S)

Default: dmapi support = no -

+

dns proxy (G) -

: Specifies that nmbd(8) when acting as a WINS server and +

Specifies that nmbd(8) when acting as a WINS server and finding that a NetBIOS name has not been registered, should treat the NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server for that name on behalf of the name-querying client.

Note that the maximum length for a NetBIOS name is 15 @@ -1658,10 +1684,10 @@ dns proxy (G) DNS name lookup requests, as doing a name lookup is a blocking action.

Default: dns proxy = yes -

+

domain logons (G) -

: +

If set to yes, the Samba server will provide the netlogon service for Windows 9X network logons for the workgroup it is in. @@ -1671,10 +1697,10 @@ domain logons (G) Samba HOWTO Collection.

Default: domain logons = no -

+

domain master (G) -

: +

Tell smbd(8) to enable WAN-wide browse list collation. Setting this option causes nmbd to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given @@ -1700,10 +1726,10 @@ domain master (G) Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC.

Default: domain master = auto -

+

dont descend (S) -

: There are certain directories on some systems +

There are certain directories on some systems (e.g., the /proc tree under Linux) that are either not of interest to clients or are infinitely deep (recursive). This parameter allows you to specify a comma-delimited list of directories @@ -1714,18 +1740,18 @@ dont descend (S)

Example: dont descend = /proc,/dev -

+

dos charset (G) -

: DOS SMB clients assume the server has +

DOS SMB clients assume the server has the same charset as they do. This option specifies which charset Samba should talk to DOS clients.

The default depends on which charsets you have installed. Samba tries to use charset 850 but falls back to ASCII in - case it is not available. Run testparm(1) to check the default on your system.

No default

+ case it is not available. Run testparm(1) to check the default on your system.
No default

dos filemode (S) -

: The default behavior in Samba is to provide +

The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter @@ -1736,10 +1762,10 @@ dos filemode (S) the group is only granted read access. Ownership of the file/directory may also be changed.

Default: dos filemode = no -

+

dos filetime resolution (S) -

: Under the DOS and Windows FAT filesystem, the finest +

Under the DOS and Windows FAT filesystem, the finest granularity on time resolution is two seconds. Setting this parameter for a share causes Samba to round the reported time down to the nearest two second boundary when a query call that requires one second @@ -1754,10 +1780,10 @@ dos filetime resolution (S) this option causes the two timestamps to match, and Visual C++ is happy.

Default: dos filetime resolution = no -

+

dos filetimes (S) -

: Under DOS and Windows, if a user can write to a +

Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the @@ -1771,20 +1797,20 @@ dos filetimes (S) shared between users.

Default: dos filetimes = yes -

+

ea support (S) -

: This boolean parameter controls whether smbd(8) will allow clients to attempt to store OS/2 style Extended +

This boolean parameter controls whether smbd(8) will allow clients to attempt to store OS/2 style Extended attributes on a share. In order to enable this parameter the underlying filesystem exported by the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the correct kernel patches). On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel.

Default: ea support = no -

+

enable asu support (G) -

: Hosts running the "Advanced Server for Unix (ASU)" product +

Hosts running the "Advanced Server for Unix (ASU)" product require some special accomodations such as creating a builtin [ADMIN$] share that only supports IPC connections. The has been the default behavior in smbd for many years. However, certain Microsoft applications @@ -1792,10 +1818,10 @@ enable asu support (G) an [ADMIN$} file share. Disabling this parameter allows for creating an [ADMIN$] file share in smb.conf.

Default: enable asu support = no -

+

enable privileges (G) -

: +

This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either net rpc rights or one of the Windows user and group manager tools. This parameter is enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to @@ -1808,10 +1834,10 @@ enable privileges (G) Please read the extended description provided in the Samba HOWTO documentation.

Default: enable privileges = yes -

+

encrypt passwords (G) -

: This boolean controls whether encrypted passwords +

This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in @@ -1834,10 +1860,10 @@ encrypt passwords (G) causes smbd to authenticate against another server.

Default: encrypt passwords = yes -

+

enhanced browsing (G) -

: This option enables a couple of enhancements to +

This option enables a couple of enhancements to cross-subnet browse propagation that have been added in Samba but which are not standard in Microsoft implementations.

The first enhancement to browse propagation consists of a regular @@ -1850,10 +1876,10 @@ enhanced browsing (G) to stay around forever which can be annoying.

In general you should leave this option enabled as it makes cross-subnet browse propagation much more reliable.

Default: enhanced browsing = yes -

+

enumports command (G) -

: The concept of a "port" is fairly foreign +

The concept of a "port" is fairly foreign to UNIX hosts. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of a local port (i.e. LPT1:, COM1:, FILE:) or a remote port @@ -1870,10 +1896,10 @@ enumports command (G)

Example: enumports command = /usr/bin/listports -

+

eventlog list (G) -

: This option defines a list of log names that Samba will +

This option defines a list of log names that Samba will report to the Microsoft EventViewer utility. The listed eventlogs will be associated with tdb file on disk in the $(lockdir)/eventlog. @@ -1886,10 +1912,10 @@ eventlog list (G)

Example: eventlog list = Security Application Syslog Apache -

+

fake directory create times (S) -

: NTFS and Windows VFAT file systems keep a create +

NTFS and Windows VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - status change time - that Unix keeps, so Samba by default reports the earliest of the various times Unix does keep. Setting @@ -1911,10 +1937,10 @@ fake directory create times (S) ensures directories always predate their contents and an NMAKE build will proceed as expected.

Default: fake directory create times = no -

+

fake oplocks (S) -

: Oplocks are the way that SMB clients get permission +

Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume that it is the only one accessing the file and it will aggressively @@ -1930,10 +1956,10 @@ fake oplocks (S) files read-write at the same time you can get data corruption. Use this option carefully!

Default: fake oplocks = no -

+

follow symlinks (S) -

: +

This parameter allows the Samba administrator to stop smbd(8) from following symbolic links in a particular share. Setting this parameter to no prevents any file or directory that is a symbolic link from being followed (the user will get an error). This option is very useful to stop users from adding a symbolic @@ -1943,10 +1969,10 @@ follow symlinks (S) This option is enabled (i.e. smbd will follow symbolic links) by default.

Default: follow symlinks = yes -

+

force create mode (S) -

: This parameter specifies a set of UNIX mode bit +

This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created. The default for this parameter is (in octal) @@ -1958,10 +1984,10 @@ force create mode (S)

Example: force create mode = 0755 -

+

force directory mode (S) -

: This parameter specifies a set of UNIX mode bit +

This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this @@ -1974,10 +2000,10 @@ force directory mode (S)

Example: force directory mode = 0755 -

+

force directory security mode (S) -

: +

This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.

@@ -1998,13 +2024,13 @@ force directory security mode (S)

Example: force directory security mode = 700 -

+

group -

: This parameter is a synonym for force group.

+

: This parameter is a synonym for force group.

force group (S) -

: This specifies a UNIX group name that will be +

This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to files on service will use the named group for @@ -2028,10 +2054,10 @@ force group (S)

Example: force group = agroup -

+

force printername (S) -

: When printing from Windows NT (or later), +

When printing from Windows NT (or later), each printer in smb.conf has two associated names which can be used by the client. The first is the sharename (or shortname) defined in smb.conf. This @@ -2054,10 +2080,10 @@ force printername (S) not be able to delete printer connections from their local Printers folder.

Default: force printername = no -

+

force security mode (S) -

: +

This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box.

@@ -2077,10 +2103,10 @@ force security mode (S)

Example: force security mode = 700 -

+

force unknown acl user (S) -

: +

If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or representation of a user or group id) as the owner or group owner of the file will be silently mapped into the current UNIX uid or gid of the currently connected user. @@ -2094,10 +2120,10 @@ force unknown acl user (S) Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.

Default: force unknown acl user = no -

+

force user (S) -

: This specifies a UNIX user name that will be +

This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.

This user name only gets used once a connection is established. @@ -2111,10 +2137,10 @@ force user (S)

Example: force user = auser -

+

fstype (S) -

: +

This parameter allows the administrator to configure the string that specifies the type of filesystem a share is using that is reported by smbd(8) when a client queries the filesystem type for a share. The default type is NTFS for compatibility @@ -2124,10 +2150,10 @@ fstype (S)

Example: fstype = Samba -

+

get quota command (G) -

: The get quota command should only be used +

The get quota command should only be used whenever there is no operating system API available from the OS that samba can use.

This option is only available you have compiled Samba with the --with-sys-quotas option or on Linux with @@ -2140,18 +2166,18 @@ get quota command (G)

Example: get quota command = /usr/local/sbin/query_quota -

+

getwd cache (G) -

: This is a tuning option. When this is enabled a +

This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially when the wide smbconfoptions parameter is set to no.

Default: getwd cache = yes -

+

guest account (G) -

: This is a username which will be used for access +

This is a username which will be used for access to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require @@ -2169,40 +2195,40 @@ guest account (G)

Example: guest account = ftp -

+

public -

: This parameter is a synonym for guest ok.

+

: This parameter is a synonym for guest ok.

guest ok (S) -

: If this parameter is yes for +

If this parameter is yes for a service, then no password is required to connect to the service. Privileges will be those of the guest account.

This paramater nullifies the benifits of setting restrict anonymous = 2

See the section below on security for more information about this option.

Default: guest ok = no -

+

only guest -

: This parameter is a synonym for guest only.

+

: This parameter is a synonym for guest only.

guest only (S) -

: If this parameter is yes for +

If this parameter is yes for a service, then only guest connections to the service are permitted. This parameter will have no effect if guest ok is not set for the service.

See the section below on security for more information about this option.

Default: guest only = no -

+

hide dot files (S) -

: This is a boolean parameter that controls whether +

This is a boolean parameter that controls whether files starting with a dot appear as hidden files.

Default: hide dot files = yes -

+

hide files (S) -

: This is a list of files or directories that are not +

This is a list of files or directories that are not visible but are accessible. The DOS 'hidden' attribute is applied to any files or directories that match.

Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' @@ -2224,32 +2250,32 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

Default: hide files = # no file are hidden -

+

hide special files (S) -

: +

This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings.

Default: hide special files = no -

+

hide unreadable (S) -

: This parameter prevents clients from seeing the +

This parameter prevents clients from seeing the existance of files that cannot be read. Defaults to off.

Default: hide unreadable = no -

+

hide unwriteable files (S) -

: +

This parameter prevents clients from seeing the existance of files that cannot be written to. Defaults to off. Note that unwriteable directories are shown as usual.

Default: hide unwriteable files = no -

+

homedir map (G) -

: +

If nis homedir is yes, and smbd(8) is also acting as a Win95/98 logon server then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun auto.home map format is understood. The form of the map is: @@ -2264,10 +2290,10 @@ homedir map (G)

Example: homedir map = amd.homedir -

+

host msdfs (G) -

: +

If set to yes, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server.

@@ -2275,10 +2301,10 @@ host msdfs (G) setting up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO.

Default: host msdfs = yes -

+

hostname lookups (G) -

: Specifies whether samba should use (expensive) +

Specifies whether samba should use (expensive) hostname lookups or use the ip addresses instead. An example place where hostname lookups are currently used is when checking the hosts deny and hosts allow. @@ -2286,13 +2312,13 @@ hostname lookups (G)

Example: hostname lookups = yes -

+

allow hosts -

: This parameter is a synonym for hosts allow.

+

: This parameter is a synonym for hosts allow.

hosts allow (S) -

A synonym for this parameter is allow hosts.

This parameter is a comma, space, or tab delimited +

A synonym for this parameter is allow hosts.

This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.

If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.

You can specify the hosts by name or IP number. For @@ -2312,13 +2338,13 @@ hosts allow (S)

Example: hosts allow = 150.203.5. myhost.mynet.edu.au -

+

deny hosts -

: This parameter is a synonym for hosts deny.

+

: This parameter is a synonym for hosts deny.

hosts deny (S) -

: The opposite of hosts allow +

The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the allow @@ -2332,10 +2358,10 @@ hosts deny (S)

Example: hosts deny = 150.203.4. badhost.mynet.edu.au -

+

idmap alloc backend (G) -

: +

The idmap alloc backend provides a plugin interface for Winbind to use when allocating Unix uids/gids for Windows SIDs. This option refers to the name of the idmap module which will provide the id allocation @@ -2352,18 +2378,18 @@ idmap alloc backend (G) Also refer to the idmap alloc config option.

No default

Example: idmap alloc backend = tdb -

+

idmap alloc config (G) -

: +

The idmap alloc config prefix provides a means of managing settings for the backend defined by the idmap alloc backend parameter. Refer to the man page for each idmap plugin regarding specific configuration details. -

No default

+
No default

idmap backend (G) -

: +

The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables.

@@ -2384,17 +2410,17 @@ idmap backend (G) and ad (idmap_ad(8)).

Default: idmap backend = tdb -

+

idmap cache time (G) -

: This parameter specifies the number of seconds that Winbind's +

This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results.

Default: idmap cache time = 604800 (one week) -

+

idmap config (G) -

: +

The idmap config prefix provides a means of managing each trusted domain separately. The idmap config prefix should be followed by the name of the domain, a colon, and a setting specific to the chosen @@ -2426,13 +2452,13 @@ idmap config (G) idmap config CORP : backend = ad idmap config CORP : range = 1000-999999 -

No default

+
No default

winbind gid -

: This parameter is a synonym for idmap gid.

+

: This parameter is a synonym for idmap gid.

idmap gid (G) -

: The idmap gid parameter specifies the range of group ids +

The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or NIS groups within it as strange conflicts can @@ -2442,20 +2468,20 @@ idmap gid (G)

Example: idmap gid = 10000-20000 -

+

idmap negative cache time (G) -

: This parameter specifies the number of seconds that Winbind's +

This parameter specifies the number of seconds that Winbind's idmap interface will cache negative SID/uid/gid query results.

Default: idmap negative cache time = 120 -

+

winbind uid -

: This parameter is a synonym for idmap uid.

+

: This parameter is a synonym for idmap uid.

idmap uid (G) -

: +

The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs. This range of ids should have no existing local @@ -2465,10 +2491,10 @@ idmap uid (G)

Example: idmap uid = 10000-20000 -

+

include (G) -

: +

This allows you to include one config file inside another. The file is included literally, as though typed in place.

@@ -2486,10 +2512,10 @@ include (G)

Example: include = /usr/local/samba/lib/admin_smb.conf -

+

inherit acls (S) -

: This parameter can be used to ensure that if default acls +

This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating a new file or subdirectory in these parent directories. The default behavior is to use the unix mode specified when creating the directory. @@ -2497,10 +2523,10 @@ inherit acls (S) default directory acls are propagated.

Default: inherit acls = no -

+

inherit owner (S) -

: The ownership of new files and directories +

The ownership of new files and directories is normally governed by effective uid of the connected user. This option allows the Samba administrator to specify that the ownership for new files and directories should be controlled @@ -2509,10 +2535,10 @@ inherit owner (S) delete them and to ensure that newly create files in a user's roaming profile directory are actually owner by the user.

Default: inherit owner = no -

+

inherit permissions (S) -

: +

The permissions on new files and directories are normally governed by create mask, directory mask, force create mode and force directory mode but the boolean inherit permissions parameter overrides this.

New directories inherit the mode of the parent directory, @@ -2524,10 +2550,10 @@ inherit permissions (S) many users, perhaps several thousand, to allow a single [homes] share to be used flexibly by each user.

Default: inherit permissions = no -

+

init logon delayed hosts (G) -

: +

This parameter takes a list of host names, addresses or networks for which the initial samlogon reply should be delayed (so other DCs get preferred by XP workstations if there are any). @@ -2538,19 +2564,19 @@ init logon delayed hosts (G)

Example: init logon delayed hosts = 150.203.5. myhost.mynet.de -

+

init logon delay (G) -

: +

This parameter specifies a delay in milliseconds for the hosts configured for delayed initial samlogon with init logon delayed hosts.

Default: init logon delay = 100 -

+

interfaces (G) -

: This option allows you to override the default +

This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query the kernel for the list of all active interfaces and use any @@ -2574,10 +2600,10 @@ interfaces (G)

Example: interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 -

+

invalid users (S) -

: This is a list of users that should not be allowed +

This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.

A name starting with a '@' is interpreted as an NIS @@ -2597,10 +2623,10 @@ invalid users (S)

Example: invalid users = root fred admin @wheel -

+

iprint server (G) -

: +

This parameter is only applicable if printing is set to iprint.

If set, this option overrides the ServerName option in the CUPS client.conf. This is @@ -2609,10 +2635,10 @@ iprint server (G)

Example: iprint server = MYCUPSSERVER -

+

keepalive (G) -

: The value of the parameter (an integer) represents +

The value of the parameter (an integer) represents the number of seconds between keepalive packets. If this parameter is zero, no keepalive packets will be sent. Keepalive packets, if sent, allow the server to tell whether @@ -2622,20 +2648,40 @@ Basically you should only use this option if you strike difficulties.

Defa

Example: keepalive = 600 -

+

+ +kerberos method (G) +

+ Controls how kerberos tickets are verified. +

Valid options are:

secrets only - use only the secrets.tdb for + ticket verification (default)
system keytab - use only the system keytab + for ticket verification
dedicated keytab - use a dedicated keytab + for ticket verification
secrets and keytab - use the secrets.tdb + first, then the system keytab

+ The major difference between "system keytab" and "dedicated + keytab" is that the latter method relies on kerberos to find the + correct keytab entry instead of filtering based on expected + principals. +

+ When the kerberos method is in "dedicated keytab" mode, + dedicated keytab file must be set to + specify the location of the keytab file. +

Default: kerberos method = secrets only + +

kernel change notify (S) -

: This parameter specifies whether Samba should ask the +

This parameter specifies whether Samba should ask the kernel for change notifications in directories so that SMB clients can refresh whenever the data on the server changes.

This parameter is only used when your kernel supports change notification to user programs using the inotify interface.

Default: kernel change notify = yes -

+

kernel oplocks (G) -

: For UNIXes that support kernel based oplocks +

For UNIXes that support kernel based oplocks (currently only IRIX and the Linux 2.4 kernel), this parameter allows the use of them to be turned on or off.

Kernel oplocks support allows Samba oplocks to be broken whenever a local UNIX process or NFS operation @@ -2645,10 +2691,10 @@ kernel oplocks (G) to a no-op on systems that no not have the necessary kernel support. You should never need to touch this parameter.

Default: kernel oplocks = yes -

+

lanman auth (G) -

: This parameter determines whether or not smbd(8) will attempt to +

This parameter determines whether or not smbd(8) will attempt to authenticate users or permit password changes using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, but not @@ -2665,10 +2711,10 @@ lanman auth (G) permited. Not all clients support NTLMv2, and most will require special configuration to use it.

Default: lanman auth = no -

+

large readwrite (G) -

: This parameter determines whether or not +

This parameter determines whether or not smbd(8) supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs @@ -2677,10 +2723,10 @@ large readwrite (G) performance by 10% with Windows 2000 clients. Defaults to on. Not as tested as some other Samba code paths.

Default: large readwrite = yes -

+

ldap admin dn (G) -

: +

The ldap admin dn defines the Distinguished Name (DN) name used by Samba to contact the ldap server when retreiving user account information. The ldap admin dn is used in conjunction with the admin dn password stored in the private/secrets.tdb @@ -2688,10 +2734,10 @@ ldap admin dn (G) man page for more information on how to accomplish this.

The ldap admin dn requires a fully specified DN. The ldap suffix is not appended to the ldap admin dn. -

No default

+
No default

ldap connection timeout (G) -

: +

This parameter tells the LDAP library calls which timeout in seconds they should honor during initial connection establishments to LDAP servers. It is very useful in failover scenarios in particular. If one or more LDAP @@ -2703,10 +2749,10 @@ ldap connection timeout (G) and not establishing an initial connection.

Default: ldap connection timeout = 2 -

+

ldap debug level (G) -

: +

This parameter controls the debug level of the LDAP library calls. In the case of OpenLDAP, it is the same bit-field as understood by the server and documented in the @@ -2723,10 +2769,10 @@ ldap debug level (G)

Example: ldap debug level = 1 -

+

ldap debug threshold (G) -

: +

This parameter controls the Samba debug level at which the ldap library debug output is printed in the Samba logs. See the description of @@ -2735,28 +2781,28 @@ ldap debug threshold (G)

Example: ldap debug threshold = 5 -

+

ldap delete dn (G) -

: This parameter specifies whether a delete +

This parameter specifies whether a delete operation in the ldapsam deletes the complete entry or only the attributes specific to Samba.

Default: ldap delete dn = no -

+

ldap group suffix (G) -

: This parameter specifies the suffix that is +

This parameter specifies the suffix that is used for groups when these are added to the LDAP directory. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN.

Default: ldap group suffix =

Example: ldap group suffix = ou=Groups -

+

ldap idmap suffix (G) -

: +

This parameters specifies the suffix that is used when storing idmap mappings. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN. @@ -2764,10 +2810,10 @@ ldap idmap suffix (G)

Example: ldap idmap suffix = ou=Idmap -

+

ldap machine suffix (G) -

: +

It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN. @@ -2775,10 +2821,10 @@ ldap machine suffix (G)

Example: ldap machine suffix = ou=Computers -

+

ldap passwd sync (G) -

: +

: This option is used to define whether or not Samba should sync the LDAP password with the NT and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password change via SAMBA. @@ -2789,10 +2835,10 @@ ldap passwd sync (G) LM passwords and update the pwdLastSet time.
Only = Only update the LDAP password and let the LDAP server do the rest.

Default: ldap passwd sync = no -

+

ldap replication sleep (G) -

: +

When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server. This server then replicates our changes back to the 'local' server, however the replication might take some seconds, especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success' @@ -2805,10 +2851,10 @@ ldap replication sleep (G) The value is specified in milliseconds, the maximum value is 5000 (5 seconds).

Default: ldap replication sleep = 1000 -

+

ldapsam:editposix (G) -

: +

Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller eliminating the need to set up custom scripts to add and manage the posix users and groups. This option will instead directly manipulate the ldap tree to create, remove and modify user and group entries. @@ -2886,10 +2932,10 @@ ldapsam:editposix (G)

Default: ldapsam:editposix = no -

+

ldapsam:trusted (G) -

: +

By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he @@ -2907,10 +2953,10 @@ ldapsam:trusted (G) is easily achieved.

Default: ldapsam:trusted = no -

+

ldap ssl ads (G) -

: This option is used to define whether or not Samba should +

This option is used to define whether or not Samba should use SSL when connecting to the ldap server using ads methods. Rpc methods are not affected by this parameter. Please note, that @@ -2920,10 +2966,10 @@ ldap ssl ads (G) for more information on ldap ssl.

Default: ldap ssl ads = no -

+

ldap ssl (G) -

: This option is used to define whether or not Samba should +

This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is NOT related to Samba's previous SSL support which was enabled by specifying the @@ -2948,10 +2994,10 @@ ldap ssl (G) for more information on ldap ssl ads.

Default: ldap ssl = start tls -

+

ldap suffix (G) -

Specifies the base for all ldap suffixes and for storing the sambaDomain object.

The ldap suffix will be appended to the values specified for the ldap user suffix, ldap group suffix, ldap machine suffix, and the ldap idmap suffix. Each of these should be given only a DN relative to the @@ -2960,17 +3006,17 @@ ldap suffix (G)

Example: ldap suffix = dc=samba,dc=org -

+

ldap timeout (G) -

: +

This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.

Default: ldap timeout = 15 -

+

ldap user suffix (G) -

: +

This parameter specifies where users are added to the tree. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN. @@ -2978,10 +3024,10 @@ ldap user suffix (G)

Example: ldap user suffix = ou=people -

+

level2 oplocks (S) -

: This parameter controls whether Samba supports +

This parameter controls whether Samba supports level2 (read-only) oplocks on a share.

Level2, or read-only oplocks allow Windows NT clients that have an oplock on a file to downgrade from a read-write oplock to a read-only oplock once a second client opens the file (instead @@ -3001,10 +3047,10 @@ level2 oplocks (S) parameter must be set to yes on this share in order for this parameter to have any effect.

Default: level2 oplocks = yes -

+

lm announce (G) -

: This parameter determines if nmbd(8) will produce Lanman announce +

This parameter determines if nmbd(8) will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three values, yes, no, or @@ -3020,10 +3066,10 @@ lm announce (G)

Example: lm announce = yes -

+

lm interval (G) -

: If Samba is set to produce Lanman announce +

If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the lm announce parameter) then this parameter defines the frequency in seconds with which they will be @@ -3033,18 +3079,18 @@ lm interval (G)

Example: lm interval = 120 -

+

load printers (G) -

: A boolean variable that controls whether all +

A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. See the printers section for more details.

Default: load printers = yes -

+

local master (G) -

: This option allows nmbd(8) to try and become a local master browser +

This option allows nmbd(8) to try and become a local master browser on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By @@ -3054,13 +3100,13 @@ local master (G) will participate in elections for local master browser.

Setting this value to no will cause nmbd never to become a local master browser.

Default: local master = yes -

+

lock dir -

: This parameter is a synonym for lock directory.

+

: This parameter is a synonym for lock directory.

lock directory (G) -

: This option specifies the directory where lock +

This option specifies the directory where lock files will be placed. The lock files are used to implement the max connections option.

@@ -3070,10 +3116,10 @@ lock directory (G)

Example: lock directory = /var/run/samba/locks -

+

locking (S) -

: This controls whether or not locking will be +

This controls whether or not locking will be performed by the server in response to lock requests from the client.

If locking = no, all lock and unlock requests will appear to succeed and all lock queries will report @@ -3083,18 +3129,18 @@ locking (S) CDROM drives), although setting this parameter of no is not really recommended even in this case.

Be careful about disabling locking either globally or in a specific service, as lack of locking may result in data corruption. - You should never need to set this parameter.

No default

+ You should never need to set this parameter.
No default

lock spin count (G) -

: This parameter has been made inoperative in Samba 3.0.24. +

This parameter has been made inoperative in Samba 3.0.24. The functionality it contolled is now controlled by the parameter lock spin time.

Default: lock spin count = 0 -

+

lock spin time (G) -

: The time in microseconds that smbd should +

The time in microseconds that smbd should keep waiting to see if a failed lock request can be granted. This parameter has changed in default value from Samba 3.0.23 from 10 to 200. The associated @@ -3102,22 +3148,22 @@ lock spin time (G) no longer used in Samba 3.0.24. You should not need to change the value of this parameter.

Default: lock spin time = 200 -

+

log file (G) -

: +

This option allows you to override the name of the Samba log file (also known as the debug file).

This option takes the standard substitutions, allowing you to have separate log files for each user or machine.

No default

Example: log file = /usr/local/samba/var/log.%m -

+

debuglevel -

: This parameter is a synonym for log level.

+

: This parameter is a synonym for log level.

log level (G) -

: +

The value of the parameter (a astring) allows the debug level (logging level) to be specified in the smb.conf file.

This parameter has been extended since the 2.2.x @@ -3128,10 +3174,10 @@ log level (G)

Example: log level = 3 passdb:5 auth:10 winbind:2 -

+

logon drive (G) -

: +

This parameter specifies the local path to which the home directory will be connected (see logon home) and is only used by NT Workstations. @@ -3141,10 +3187,10 @@ logon drive (G)

Example: logon drive = h: -

+

logon home (G) -

: +

This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do

@@ -3175,10 +3221,10 @@ logon home (G)

Example: logon home = \\remote_smb_server\%U -

+

logon path (G) -

: +

This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the @@ -3222,10 +3268,10 @@ logon path = \\PROFILESERVER\PROFILE\%U

Default: logon path = \\%N\%U\profile -

+

logon script (G) -

: +

This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended. @@ -3256,10 +3302,10 @@ logon script (G)

Example: logon script = scripts\%U.bat -

+

lppause command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to stop printing or spooling a specific print job.

This command should be a program or script which takes a printer name and job number to pause the print job. One way @@ -3283,10 +3329,10 @@ lppause command (S)

Example: lppause command = /usr/bin/lpalt %p-%j -p0 -

+

lpq cache time (G) -

: This controls how long lpq info will be cached +

This controls how long lpq info will be cached for to prevent the lpq command being called too often. A separate cache is kept for each variation of the lpq command used by the system, so if you use different @@ -3299,10 +3345,10 @@ lpq cache time (G)

Example: lpq cache time = 10 -

+

lpq command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to obtain lpq-style printer status information.

This command should be a program or script which takes a printer name as its only parameter and outputs printer @@ -3324,10 +3370,10 @@ lpq command (S)

Example: lpq command = /usr/bin/lpq -P%p -

+

lpresume command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to restart or continue printing or spooling a specific print job.

This command should be a program or script which takes a printer name and job number to resume the print job. See @@ -3340,10 +3386,10 @@ lpresume command (S) parameter is SYSV, in which case the default is:

lp -i %p-%j -H resume

or if the value of the printing parameter is SOFTQ, then the default is:

qstat -s -j%j -r

No default

Example: lpresume command = /usr/bin/lpalt %p-%j -p2 -

+

lprm command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to delete a print job.

This command should be a program or script which takes a printer name and job number, and deletes the print job.

If a %p is given then the printer name is put in its place. A %j is replaced with @@ -3360,10 +3406,10 @@ lprm command = /usr/bin/cancel %p-%j

Default: lprm command = determined by printing parameter -

+

machine password timeout (G) -

: +

If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb. This parameter specifies how often this password will be changed, in seconds. The default is one @@ -3373,10 +3419,10 @@ machine password timeout (G) and the security = domain parameter.

Default: machine password timeout = 604800 -

+

magic output (S) -

: +

: This parameter specifies the name of a file which will contain output created by a magic script (see the magic script parameter below).
Warning
If two clients use the same magic script @@ -3385,10 +3431,10 @@ magic output (S)
Example: magic output = myfile.txt -

`+`

`magic script (S) -`


This parameter specifies the name of a file which, 
+


This parameter specifies the name of a file which, 
 	if opened, will be executed by the server when the file is closed. 
 	This allows a UNIX script to be sent to the Samba host and 
 	executed on behalf of the connected user.
Scripts executed in this way will be deleted upon 
@@ -3404,10 +3450,10 @@ magic script (S)
 
 
Example: magic script = user.csh
 
-

`+`

`mangled names (S) -`


This controls whether non-DOS names under UNIX 
+


This controls whether non-DOS names under UNIX 
 	should be mapped to DOS-compatible names ("mangled") and made visible, 
 	or whether non-DOS names should simply be ignored.
See the section on name mangling for 
 	details on how to control the mangling process.
If mangling is used then the mangling algorithm is as follows:
The first (up to) five alphanumeric characters 
@@ -3432,10 +3478,10 @@ mangled names (S)
 	from Windows/DOS and will retain the same basename. Mangled names 
 	do not change between sessions.
Default: mangled names = yes
 
-

`+`

`mangle prefix (G) -`


 controls the number of prefix
+


 controls the number of prefix
 	characters from the original name used when generating
 	the mangled names. A larger value will give a weaker
 	hash and therefore more name collisions. The minimum
@@ -3445,20 +3491,20 @@ mangle prefix (G)
 
 
Example: mangle prefix = 4
 
-

`+`

`mangling char (S) -`


This controls what character is used as 
+


This controls what character is used as 
 	the magic character in name mangling. The 
 	default is a '~' but this may interfere with some software. Use this option to set 
 	it to whatever you prefer. This is effective only when mangling method is hash.
Default: mangling char = ~
 
 
Example: mangling char = ^
 
-

`+`

`mangling method (G) -`


 controls the algorithm used for the generating
+


 controls the algorithm used for the generating
 	the mangled names. Can take two different values, "hash" and
 	"hash2". "hash" is the algorithm that was used
 	used in Samba for many years and was the default in Samba 2.2.x "hash2" is
@@ -3469,10 +3515,10 @@ mangling method (G)
 
 
Example: mangling method = hash
 
-

`+`

`map acl inherit (S) -`


This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected'
+


This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected'
     access control entry flags stored in Windows ACLs into an extended attribute
     called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
     on a platform that supports extended attributes (Linux and IRIX so far) and
@@ -3480,10 +3526,10 @@ map acl inherit (S)
     POSIX ACL mapping code.
     
Default: map acl inherit = no
 
-

`+`

`map archive (S) -`



 	This controls whether the DOS archive attribute 
 	should be mapped to the UNIX owner execute bit.  The DOS archive bit 
 	is set when a file has been modified since its last backup.  One 
@@ -3496,19 +3542,19 @@ map archive (S)
 	create mask for details.
 	
Default: map archive = yes
 
-

`+`

`map hidden (S) -`



 	This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
 	

 	Note that this requires the create mask to be set such that the world execute 
 	bit is not masked out (i.e. it must include 001). See the parameter create mask 
 	for details.
-	
No default

`+ No default`

`map read only (S) -`



 	This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
 	

 	This parameter can take three different values, which tell smbd(8) how to display the read only attribute on files, where either
@@ -3533,10 +3579,10 @@ map read only (S)
 		the store dos attributes method. This may be useful for exporting mounted CDs.
 		
Default: map read only = yes
 
-

`+`

`map system (S) -`



 	This controls whether DOS style system files should be mapped to the UNIX group execute bit.
 	

 	Note that this requires the create mask	to be set such that the group 
@@ -3544,10 +3590,10 @@ map system (S)
 	create mask for details.
 	
Default: map system = no
 
-

`+`

`map to guest (G) -`


This parameter is only useful in SECURITY = 
+


This parameter is only useful in SECURITY = 
     security modes other than security = share 
     and security = server
     - i.e. user, and domain.
This parameter can take four different values, which tell
@@ -3589,10 +3635,31 @@ map to guest (G)
 
 
Example: map to guest = Bad User
 
-

`+`

`+ +map untrusted to domain (G) +`



+    If a client connects to smbd using an untrusted domain name, such as
+    BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
+    attempting to authenticate that user.  In the case where smbd is acting as
+    a PDC this will be DOMAIN\user.  In the case where smbd is acting as a
+    domain member server or a standalone server this will be WORKSTATION\user.
+    

+    In previous versions of Samba (pre 3.4), if smbd was acting as a domain
+    member server, the BOGUS domain name would instead be replaced by the
+    primary domain which smbd was a member of.  In this case authentication
+    would be deferred off to a DC using the credentials DOMAIN\user.
+    

+    When this parameter is set to yes smbd provides the
+    legacy behavior of mapping untrusted domain names to the primary domain.
+    When smbd is not acting as a domain member server, this parameter has no
+    effect.
+    
Default: map untrusted to domain = no
+
+

`max connections (S) -`


This option allows the number of simultaneous connections to a service to be limited.
+


This option allows the number of simultaneous connections to a service to be limited.
     If max connections is greater than 0 then connections
     will be refused if this number of connections to the service are already open. A value 
     of zero mean an unlimited number of connections may be made.
Record lock files are used to implement this feature. The lock files will be stored in 
@@ -3600,10 +3667,10 @@ max connections (S)
 
 
Example: max connections = 10
 
-

`+`

`max disk size (G) -`


This option allows you to put an upper limit 
+


This option allows you to put an upper limit 
     on the apparent size of disks. If you set this option to 100 
     then all shares will appear to be not larger than 100 MB in 
     size.
Note that this option does not limit the amount of 
@@ -3617,10 +3684,10 @@ max disk size (G)
 
 
Example: max disk size = 1000
 
-

`+`

`max log size (G) -`



     This option (an integer in kilobytes) specifies the max size the log file should grow to. 
     Samba periodically checks the size and if it is exceeded it will rename the file, adding 
 	a .old extension.
@@ -3629,17 +3696,17 @@ max log size (G)
 
 
Example: max log size = 1000
 
-

`+`

`max mux (G) -`


This option controls the maximum number of 
+


This option controls the maximum number of 
     outstanding simultaneous SMB operations that Samba tells the client 
 	it will allow. You should never need to set this parameter.
Default: max mux = 50
 
-

`+`

`max open files (G) -`


This parameter limits the maximum number of 
+


This parameter limits the maximum number of 
     open files that one smbd(8) file 
     serving process may have open for a client at any one time. The 
     default for this parameter is set very high (10,000) as Samba uses 
@@ -3647,23 +3714,23 @@ max open files (G)
     by the UNIX per-process file descriptor limit rather than 
     this parameter so you should never need to touch this parameter.
Default: max open files = 10000
 
-

`+`

`max print jobs (S) -`


This parameter limits the maximum number of 
+


This parameter limits the maximum number of 
     jobs allowable in a Samba printer queue at any given moment.
     If this number is exceeded, smbd(8) will remote "Out of Space" to the client.
 	
Default: max print jobs = 1000
 
 
Example: max print jobs = 5000
 
-

`+`

`protocol -`


This parameter is a synonym for max protocol.

`+`


This parameter is a synonym for max protocol.

`max protocol (G) -`


The value of the parameter (a string) is the highest 
+


The value of the parameter (a string) is the highest 
     protocol level that will be supported by the server.
Possible values are :
CORE: Earliest version. No 
 	    concept of user names.
COREPLUS: Slight improvements on 
 	    CORE for efficiency.
LANMAN1: First 
@@ -3675,10 +3742,10 @@ max protocol (G)
 
 
Example: max protocol = LANMAN1
 
-

`+`

`max reported print jobs (S) -`



     This parameter limits the maximum number of jobs displayed in a port monitor for 
     Samba printer queue at any given moment. If this number is exceeded, the excess 
     jobs will not be shown. A value of zero means there is no limit on the number of 
@@ -3687,10 +3754,10 @@ max reported print jobs (S)
 
 
Example: max reported print jobs = 1000
 
-

`+`

`max smbd processes (G) -`


This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended
+


This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended
     as a stopgap to prevent degrading service to clients in the event that the server has insufficient
     resources to handle more than this number of connections.  Remember that under normal operating
     conditions, each user will have an smbd(8) associated with him or her to handle connections to all
@@ -3698,10 +3765,10 @@ max smbd processes (G)
 
 
Example: max smbd processes = 1000
 
-

`+`

`max stat cache size (G) -`


This parameter limits the size in memory of any 
+


This parameter limits the size in memory of any 
 	  stat cache being used
 	  to speed up case insensitive name mappings. It represents
 	  the number of kilobyte (1024) units the stat cache can use.
@@ -3712,27 +3779,27 @@ max stat cache size (G)
 
 
Example: max stat cache size = 100
 
-

`+`

`max ttl (G) -`


This option tells nmbd(8) what the default 'time to live' 
+


This option tells nmbd(8) what the default 'time to live' 
     of NetBIOS names should be (in seconds) when nmbd is 
     requesting a name using either a broadcast packet or from a WINS server. You should 
 	never need to change this parameter. The default is 3 days.
Default: max ttl = 259200
 
-

`+`

`max wins ttl (G) -`


This option tells smbd(8) when acting as a WINS server
+


This option tells smbd(8) when acting as a WINS server
 	(wins support = yes) what the maximum
     'time to live' of NetBIOS names that nmbd 
     will grant will be (in seconds). You should never need to change this
 	parameter.  The default is 6 days (518400 seconds).
Default: max wins ttl = 518400
 
-

`+`

`max xmit (G) -`


This option controls the maximum packet size 
+


This option controls the maximum packet size 
     that will be negotiated by Samba. The default is 16644, which 
     matches the behavior of Windows 2000.  A value below 2048 is likely to cause problems.
     You should never need to change this parameter from its default value.
@@ -3740,10 +3807,10 @@ max xmit (G)
 
 
Example: max xmit = 8192
 
-

`+`

`message command (G) -`


This specifies what command to run when the 
+


This specifies what command to run when the 
 	server receives a WinPopup style message.
This would normally be a command that would 
 	deliver the message somehow. How this is to be done is 
 	up to your imagination.
An example is:
@@ -3782,20 +3849,20 @@ message command (G)
 
 
Example: message command = csh -c 'xedit %s; rm %s' &
 
-

`+`

`min print space (S) -`


This sets the minimum amount of free disk 
+


This sets the minimum amount of free disk 
     space that must be available before a user will be able to spool 
     a print job. It is specified in kilobytes. The default is 0, which 
     means a user can always spool a print job.
Default: min print space = 0
 
 
Example: min print space = 2000
 
-

`+`

`min protocol (G) -`


The value of the parameter (a string) is the 
+


The value of the parameter (a string) is the 
     lowest SMB protocol dialect than Samba will support.  Please refer
     to the max protocol
     parameter for a list of valid protocol names and a brief description
@@ -3807,10 +3874,10 @@ min protocol (G)
 
 
Example: min protocol = NT1
 
-

`+`

`min receivefile size (G) -`


This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming
+


This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming
 SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
 be passed to any underlying kernel recvfile or splice system call (if there is no such
 call Samba will emulate in user space). This allows zero-copy writes directly from network
@@ -3819,19 +3886,19 @@ but user testing is recommended. If set to zero Samba processes SMBwriteX calls
 normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
 nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.
Note this option will have NO EFFECT if set on a SMB signed connection.
The default is zero, which diables this option.
Default: min receivefile size = 0
 
-

`+`

`min wins ttl (G) -`


This option tells nmbd(8)
+


This option tells nmbd(8)
     when acting as a WINS server (wins support = yes) what the minimum 'time to live' 
     of NetBIOS names that nmbd will grant will be (in 
     seconds). You should never need to change this parameter.  The default 
     is 6 hours (21600 seconds).
Default: min wins ttl = 21600
 
-

`+`

`msdfs proxy (S) -`


This parameter indicates that the share is a
+


This parameter indicates that the share is a
 	stand-in for another CIFS share whose location is specified by
 	the value of the parameter. When clients attempt to connect to
 	this share, they are redirected to the proxied share using
@@ -3839,10 +3906,10 @@ msdfs proxy (S)
 	msdfs root and host msdfs
 	options to find out how to set up a Dfs root share.
No default
Example: msdfs proxy = \otherserver\someshare
 
-

`+`

`msdfs root (S) -`


If set to yes, Samba treats the
+


If set to yes, Samba treats the
 	share as a Dfs root and allows clients to browse the
 	distributed file system tree rooted at the share directory.
 	Dfs links are specified in the share directory by symbolic
@@ -3850,20 +3917,20 @@ msdfs root (S)
 	and so on.  For more information on setting up a Dfs tree on
 	Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.
Default: msdfs root = no
 
-

`+`

`name cache timeout (G) -`


Specifies the number of seconds it takes before 
+


Specifies the number of seconds it takes before 
     entries in samba's hostname resolve cache time out. If 
     the timeout is set to 0. the caching is disabled.
 
Default: name cache timeout = 660
 
 
Example: name cache timeout = 0
 
-

`+`

`name resolve order (G) -`


This option is used by the programs in the Samba 
+


This option is used by the programs in the Samba 
     suite to determine what naming services to use and in what order 
     to resolve host names to IP addresses. Its main purpose to is to
     control how netbios name resolution is performed.  The option takes a space 
@@ -3894,10 +3961,10 @@ name resolve order (G)
 
 
Example: name resolve order = lmhosts bcast host
 
-

`+`

`netbios aliases (G) -`


This is a list of NetBIOS names that nmbd will 
+


This is a list of NetBIOS names that nmbd will 
         advertise as additional names by which the Samba server is known. This allows one machine 
 	to appear in browse lists under multiple names. If a machine is acting as a browse server 
         or logon server none of these names will be advertised as either browse server or logon 
@@ -3907,10 +3974,10 @@ netbios aliases (G)
 
 
Example: netbios aliases = TEST TEST1 TEST2
 
-

`+`

`netbios name (G) -`



 		This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
 		of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
 		the hosts DNS name) will be the name that these services are advertised under.
@@ -3923,17 +3990,17 @@ netbios name (G)
 
 
Example: netbios name = MYNAME
 
-

`+`

`netbios scope (G) -`


This sets the NetBIOS scope that Samba will 
+


This sets the NetBIOS scope that Samba will 
 	operate under. This should not be set unless every machine 
 	on your LAN also sets this value.
Default: netbios scope = 
 
-

`+`

`nis homedir (G) -`


Get the home share server from a NIS map. For 
+


Get the home share server from a NIS map. For 
 	UNIX systems that use an automounter, the user's home directory 
 	will often be mounted on a workstation on demand from a remote 
 	server. 
When the Samba logon server is not the actual home directory 
@@ -3952,20 +4019,20 @@ nis homedir (G)
 	NIS system and the Samba server with this option must also 
 	be a logon server.
Default: nis homedir = no
 
-

`+`

`nt acl support (S) -`


This boolean parameter controls whether smbd(8) will attempt to map 
+


This boolean parameter controls whether smbd(8) will attempt to map 
     UNIX permissions into Windows NT access control lists.  The UNIX
     permissions considered are the the traditional UNIX owner and
     group permissions, as well as POSIX ACLs set on any files or
     directories.  This parameter was formally a global parameter in
     releases prior to 2.2.2.
Default: nt acl support = yes
 
-

`+`

`ntlm auth (G) -`


This parameter determines whether or not smbd(8) will attempt to
+


This parameter determines whether or not smbd(8) will attempt to
     authenticate users using the NTLM encrypted password response.
     If disabled, either the lanman password hash or an NTLMv2 response
     will need to be sent by the client.
If this option, and lanman
@@ -3973,33 +4040,33 @@ ntlm auth (G)
     permited.  Not all clients support NTLMv2, and most will require
 	special configuration to use it.
Default: ntlm auth = yes
 
-

`+`

`nt pipe support (G) -`


This boolean parameter controls whether 
+


This boolean parameter controls whether 
     smbd(8) will allow Windows NT 
     clients to connect to the NT SMB specific IPC$ 
     pipes. This is a developer debugging option and can be left
 	alone.
Default: nt pipe support = yes
 
-

`+`

`nt status support (G) -`


This boolean parameter controls whether smbd(8) will negotiate NT specific status
+


This boolean parameter controls whether smbd(8) will negotiate NT specific status
     support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
     If this option is set to no then Samba offers
     exactly the same DOS error codes that versions prior to Samba 2.2.3
     reported.
You should not need to ever disable this parameter.
Default: nt status support = yes
 
-

`+`

`null passwords (G) -`


Allow or disallow client access to accounts that have null passwords. 
See also smbpasswd(5).
Default: null passwords = no
+


Allow or disallow client access to accounts that have null passwords. 
See also smbpasswd(5).
Default: null passwords = no
 
-

`+`

`obey pam restrictions (G) -`


When Samba 3.0 is configured to enable PAM support
+


When Samba 3.0 is configured to enable PAM support
     (i.e. --with-pam), this parameter will control whether or not Samba
     should obey PAM's account and session management directives.  The 
     default behavior is to use PAM for clear text authentication only
@@ -4009,10 +4076,10 @@ obey pam restrictions (G)
     authentication mechanism needed in the presence of SMB password encryption.
 
Default: obey pam restrictions = no
 
-

`+`

`only user (S) -`


This is a boolean option that controls whether 
+


This is a boolean option that controls whether 
     connections with usernames not in the user 
     list will be allowed. By default this option is disabled so that a 
     client can supply a username to be used by the server.  Enabling
@@ -4025,10 +4092,10 @@ only user (S)
     will be just the service name, which for home directories is the 
     name of the user.
Default: only user = no
 
-

`+`

`oplock break wait time (G) -`



 	This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too 
 	quickly when that client issues an SMB that can cause an oplock break request, then the network client can 
 	fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount 
@@ -4037,10 +4104,10 @@ oplock break wait time (G)
 	DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
 	
Default: oplock break wait time = 0
 
-

`+`

`oplock contention limit (S) -`



 	This is a very advanced smbd(8) tuning option to improve the efficiency of the 
 	granting of oplocks under multiple client contention for the same file.
 	

@@ -4052,10 +4119,10 @@ oplock contention limit (S)
 	DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
 	
Default: oplock contention limit = 2
 
-

`+`

`oplocks (S) -`



 	This boolean option tells smbd whether to 
 	issue oplocks (opportunistic locks) to file open requests on this 
 	share. The oplock code can dramatically (approx. 30% or more) improve 
@@ -4074,10 +4141,10 @@ oplocks (S)
 	kernel oplocks parameter for details.
 	
Default: oplocks = yes
 
-

`+`

`os2 driver map (G) -`


The parameter is used to define the absolute
+


The parameter is used to define the absolute
     path to a file containing a mapping of Windows NT printer driver
     names to OS/2 printer driver names.  The format is:
<nt driver name> = <os2 driver name>.<device name>
For example, a valid entry using the HP LaserJet 5
     printer driver would appear as HP LaserJet 5L = LASERJET.HP 
@@ -4087,10 +4154,10 @@ os2 driver map (G)
     details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.
     
Default: os2 driver map = 
 
-

`+`

`os level (G) -`



 	This integer value controls what level Samba advertises itself as for browse elections. The value of this
 	parameter determines whether nmbd(8) has a chance of becoming a local master browser for the workgroup in the local broadcast area.
 

@@ -4106,10 +4173,10 @@ os level (G)
 
 
Example: os level = 65
 
-

`+`

`pam password change (G) -`


With the addition of better PAM support in Samba 2.2, 
+


With the addition of better PAM support in Samba 2.2, 
     this parameter, it is possible to use PAM's password change control 
     flag for Samba.  If enabled, then PAM will be used for password
     changes when requested by an SMB client instead of the program listed in 
@@ -4117,20 +4184,20 @@ pam password change (G)
     It should be possible to enable this without changing your 
     passwd chat parameter for most setups.
Default: pam password change = no
 
-

`+`

`panic action (G) -`


This is a Samba developer option that allows a 
+


This is a Samba developer option that allows a 
 	system command to be called when either smbd(8) or nmbd(8)	crashes. This is usually used to 
 	draw attention to the fact that a problem occurred.
 	
Default: panic action = 
 
 
Example: panic action = "/bin/sleep 90000"
 
-

`+`

`paranoid server security (G) -`


Some version of NT 4.x allow non-guest 
+


Some version of NT 4.x allow non-guest 
     users with a bad passowrd. When this option is enabled, samba will not 
     use a broken NT 4.x server as password server, but instead complain
     to the logs and exit.  
@@ -4138,16 +4205,18 @@ paranoid server security (G)
     this check, which involves deliberatly attempting a
     bad logon to the remote server.
Default: paranoid server security = yes
 
-

`+`

`passdb backend (G) -`


This option allows the administrator to chose which backend
+


This option allows the administrator to chose which backend
     will be used for storing user and possibly group information.  This allows 
     you to swap between different storage mechanisms without recompile. 
The parameter value is divided into two parts, the backend's name, and a 'location'
     string that has meaning only to that particular backed.  These are separated
     by a : character.
Available backends can include:
-	
smbpasswd - The default smbpasswd
-		backend. Takes a path to the smbpasswd file as an optional argument.
+	
smbpasswd - The old plaintext passdb
+		backend. Some Samba features will not work if this passdb
+		backend is used. Takes a path to the smbpasswd file as an
+		optional argument.
 		
tdbsam - The TDB based password storage
                 backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
                 in the private dir directory.
ldapsam - The LDAP based passdb 
@@ -4172,21 +4241,21 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"
 or multi server LDAP URL with Netscape based LDAP library:
 
 passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
-
Default: passdb backend = smbpasswd
+
Default: passdb backend = tdbsam
 
-

`+`

`passdb expand explicit (G) -`



 	This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
 	used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
 	%G_osver% in which %G would have been substituted by the user's primary group.
     
Default: passdb expand explicit = no
 
-

`+`

`passwd chat debug (G) -`


This boolean specifies if the passwd chat script 
+


This boolean specifies if the passwd chat script 
     parameter is run in debug mode. In this mode the 
     strings passed to and received from the passwd chat are printed 
     in the smbd(8) log with a 
@@ -4199,18 +4268,18 @@ passwd chat debug (G)
     pam password change
 	parameter is set. This parameter is off by default.
Default: passwd chat debug = no
 
-

`+`

`passwd chat timeout (G) -`


This integer specifies the number of seconds smbd will wait for an initial
+


This integer specifies the number of seconds smbd will wait for an initial
     answer from a passwd chat script being run. Once the initial answer is received
     the subsequent answers must be received in one tenth of this time. The default it
     two seconds.
Default: passwd chat timeout = 2
 
-

`+`

`passwd chat (G) -`


This string controls the "chat" 
+

This string controls the "chat" 
     conversation that takes places between smbd(8) and the local password changing
     program to change the user's password. The string describes a 
     sequence of response-receive pairs that smbd(8) uses to determine what to send to the 
@@ -4241,10 +4310,10 @@ passwd chat (G)
 
 
Example: passwd chat = "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"
 
-

`+`

`passwd program (G) -`


The name of a program that can be used to set 
+


The name of a program that can be used to set 
     UNIX user passwords.  Any occurrences of %u 
     will be replaced with the user name. The user name is checked for 
     existence before calling the password changing program.
Also note that many passwd programs insist in reasonable
@@ -4265,10 +4334,10 @@ passwd program (G)
 
 
Example: passwd program = /bin/passwd %u
 
-

`+`

`password level (G) -`


Some client/server combinations have difficulty 
+

Some client/server combinations have difficulty 
     with mixed-case passwords.  One offending client is Windows for 
     Workgroups, which for some reason forces passwords to upper 
     case when using the LANMAN1 protocol, but leaves them alone when 
@@ -4290,10 +4359,10 @@ password level (G)
 
 
Example: password level = 4
 
-

`+`

`password server (G) -`


By specifying the name of another SMB server 
+


By specifying the name of another SMB server 
     or Active Directory domain controller with this option, 
     and using security = [ads|domain|server] 
     it is possible to get Samba
@@ -4353,13 +4422,13 @@ password server (G)
 
 
Example: password server = windc.mydomain.com:389 192.168.1.101 *
 
-

`+`

`directory -`


This parameter is a synonym for path.

`+`


This parameter is a synonym for path.

`path (S) -`


This parameter specifies a directory to which 
+


This parameter specifies a directory to which 
 	the user of the service is to be given access. In the case of 
 	printable services, this is where print data will spool prior to 
 	being submitted to the host for printing.
For a printable service offering guest access, the service 
@@ -4376,19 +4445,25 @@ path (S)
 
 
Example: path = /home/fred
 
-

`+`

`+ +perfcount module (G) +`


This parameter specifies the perfcount backend to be used when monitoring SMB
+	operations.  Only one perfcount module may be used, and it must implement all of the
+	apis contained in the smb_perfcount_handler structure defined in smb.h.
+	
No default

`pid directory (G) -`



 	This option specifies the directory where pid files will be placed.  
 	
Default: pid directory = ${prefix}/var/locks
 
 
Example: pid directory = pid directory = /var/run/
 
-

`+`

`posix locking (S) -`



 	The smbd(8)
 	daemon maintains an database of file locks obtained by SMB clients. The default behavior is 
 	to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are 
@@ -4396,10 +4471,10 @@ posix locking (S)
 	method (e.g. NFS or local file access). You should never need to disable this parameter.
 	
Default: posix locking = yes
 
-

`+`

`postexec (S) -`


This option specifies a command to be run 
+


This option specifies a command to be run 
 	whenever the service is disconnected. It takes the usual 
 	substitutions. The command may be run as the root on some 
 	systems.
An interesting example may be to unmount server 
@@ -4407,21 +4482,21 @@ postexec (S)
 
 
Example: postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log
 
-

`+`

`preexec close (S) -`



 	This boolean option controls whether a non-zero return code from preexec 
 	should close the service being connected to.
 	
Default: preexec close = no
 
-

`+`

`exec -`


This parameter is a synonym for preexec.

`+`


This parameter is a synonym for preexec.

`preexec (S) -`


This option specifies a command to be run whenever 
+


This option specifies a command to be run whenever 
 	the service is connected to. It takes the usual substitutions.
An interesting example is to send the users a welcome 
 	message every time they log in. Maybe a message of the day? Here 
 	is an example:

@@ -4433,13 +4508,13 @@ preexec (S)
 
 
Example: preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log
 
-

`+`

`prefered master -`


This parameter is a synonym for preferred master.

`+`


This parameter is a synonym for preferred master.

`preferred master (G) -`



 	This boolean parameter controls if nmbd(8) is a preferred master browser  for its workgroup.
 	

 	If this is set to yes, on startup, nmbd will force
@@ -4453,22 +4528,22 @@ preferred master (G)
 	capabilities.
 	
Default: preferred master = auto
 
-

`+`

`preload modules (G) -`


This is a list of paths to modules that should
+


This is a list of paths to modules that should
 	be loaded into smbd before a client connects. This improves
 	the speed of smbd when reacting to new connections somewhat. 
Default: preload modules = 
 
 
Example: preload modules = /usr/lib/samba/passdb/mysql.so
 
-

`+`

`auto services -`


This parameter is a synonym for preload.

`+`


This parameter is a synonym for preload.

`preload (G) -`


This is a list of services that you want to be 
+


This is a list of services that you want to be 
 	automatically added to the browse lists. This is most useful 
 	for homes and printers services that would otherwise not be 
 	visible.

@@ -4479,33 +4554,33 @@ preload (G)
 
 
Example: preload = fred lp colorlp
 
-

`+`

`preserve case (S) -`



 	This controls if new filenames are created with the case that the client passes, or if 
 	they are forced to be the default case.
 	

 	See the section on NAME MANGLING for a fuller discussion.
 	
Default: preserve case = yes
 
-

`+`

`print ok -`


This parameter is a synonym for printable.

`+`


This parameter is a synonym for printable.

`printable (S) -`


If this parameter is yes, then 
+


If this parameter is yes, then 
     clients may open, write to and submit spool files on the directory 
     specified for the service. 
Note that a printable service will ALWAYS allow writing 
     to the service path (user privileges permitting) via the spooling 
     of print data. The read only parameter controls only non-printing access to 
     the resource.
Default: printable = no
 
-

`+`

`printcap cache time (G) -`


This option specifies the number of seconds before the printing
+


This option specifies the number of seconds before the printing
     subsystem is again asked for the known printers.  If the value
     is greater than 60 the initial waiting time is set to 60 seconds
     to allow an earlier first rescan of the printing subsystem.
@@ -4515,13 +4590,13 @@ printcap cache time (G)
 
 
Example: printcap cache time = 600
 
-

`+`

`printcap -`


This parameter is a synonym for printcap name.

`+`


This parameter is a synonym for printcap name.

`printcap name (G) -`



 	This parameter may be used to override the compiled-in default printcap name used by the server (usually
 	 /etc/printcap). See the discussion of the [printers] section above for reasons why you might want to do this.
 	

@@ -4556,10 +4631,10 @@ print5|My Printer 5
 
 
Example: printcap name = /etc/myprintcap
 
-

`+`

`print command (S) -`


After a print job has finished spooling to 
+


After a print job has finished spooling to 
     a service, this command will be used via a system() 
     call to process the spool file. Typically the command specified will 
     submit the spool file to the host's printing subsystem, but there 
@@ -4601,10 +4676,10 @@ print command (S)
     and if SAMBA is compiled against libcups, any manually 
 	set print command will be ignored.
No default
Example: print command = /usr/local/samba/bin/myprintscript %p %s
 
-

`+`

`printer admin (S) -`



 	This lists users who can do anything to printers
 	via the remote administration interfaces offered
 	by MS-RPC (usually using a NT workstation).
@@ -4620,13 +4695,13 @@ printer admin (S)
 
 
Example: printer admin = admin, @staff
 
-

`+`

`printer -`


This parameter is a synonym for printer name.

`+`


This parameter is a synonym for printer name.

`printer name (S) -`



 	This parameter specifies the name of the printer to which print jobs spooled through a printable service
 	will be sent.
 	

@@ -4639,10 +4714,10 @@ printer name (S)
 
 
Example: printer name = laserwriter
 
-

`+`

`printing (S) -`


This parameters controls how printer status  information is
+


This parameters controls how printer status  information is
     interpreted on your system. It also affects the  default values for
     the print command,  lpq command, lppause command , lpresume command, and  lprm command if specified in the 
     [global] section.
Currently nine printing styles are supported. They are
@@ -4659,27 +4734,27 @@ printing (S)
     [printers] section.
Default: printing = Depends on the operating system, see
 testparm -v.
 
-

`+`

`printjob username (S) -`


This parameter specifies which user information will be 
+


This parameter specifies which user information will be 
     passed to the printing system. Usually, the username is sent,
     but in some cases, e.g. the domain prefix is useful, too.
Default: printjob username = %U
 
 
Example: printjob username = %D\%U
 
-

`+`

`private dir (G) -`


This parameters defines the directory
+


This parameters defines the directory
     smbd will use for storing such files as smbpasswd
     and secrets.tdb.
 
Default: private dir = ${prefix}/private
 
-

`+`

`profile acls (S) -`



 	This boolean parameter was added to fix the problems that people have been
 	having with storing user profiles on Samba shares from Windows 2000 or
 	Windows XP clients. New versions of Windows 2000 or Windows XP service
@@ -4707,10 +4782,10 @@ profile acls (S)
 	tree to the owning user.
 	
Default: profile acls = no
 
-

`+`

`queuepause command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to pause the printer queue.
This command should be a program or script which takes 
     a printer name as its only parameter and stops the printer queue, 
     such that no longer jobs are submitted to the printer.
This command is not supported by Windows for Workgroups, 
@@ -4721,10 +4796,10 @@ queuepause command (S)
     path in the command as the PATH may not be available to the 
 	server.
No default
Example: queuepause command = disable %p
 
-

`+`

`queueresume command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to resume the printer queue. It 
     is the command to undo the behavior that is caused by the 
     previous parameter (queuepause command).
This command should be a program or script which takes 
@@ -4739,10 +4814,10 @@ queueresume command (S)
 
 
Example: queueresume command = enable %p
 
-

`+`

`read list (S) -`



 	This is a list of users that are given read-only access to a service. If the connecting user is in this list
 	then they will not be given write access, no matter what the read only option is set
 	to. The list can include group names using the syntax described in the invalid users
@@ -4752,19 +4827,19 @@ read list (S)
 
 
Example: read list = mary, @students
 
-

`+`

`read only (S) -`


An inverted synonym is writeable.
If this parameter is yes, then users 
+


An inverted synonym is writeable.
If this parameter is yes, then users 
     of a service may not create or modify files in the service's 
     directory.
Note that a printable service (printable = yes)
     will ALWAYS allow writing to the directory 
     (user privileges permitting), but only via spooling operations.
Default: read only = yes
 
-

`+`

`read raw (G) -`


This parameter controls whether or not the server 
+


This parameter controls whether or not the server 
     will support the raw read SMB requests when transferring data 
     to clients.
If enabled, raw reads allow reads of 65535 bytes in 
     one packet. This typically provides a major performance benefit.
@@ -4773,20 +4848,20 @@ read raw (G)
 	sizes, and for these clients you may need to disable raw reads.
In general this parameter should be viewed as a system tuning 
 	tool and left severely alone.
Default: read raw = yes
 
-

`+`

`realm (G) -`


This option specifies the kerberos realm to use. The realm is 
+


This option specifies the kerberos realm to use. The realm is 
 	used as the ADS equivalent of the NT4 domain. It
 	is usually set to the DNS name of the kerberos server.
 	
Default: realm = 
 
 
Example: realm = mysambabox.mycompany.com
 
-

`+`

`registry shares (G) -`



 	This turns on or off support for share definitions read from
 	registry. Shares defined in smb.conf take
 	precedence over shares with the same name defined in
@@ -4801,10 +4876,10 @@ registry shares (G)
 
 
Example: registry shares = yes
 
-

`+`

`remote announce (G) -`



 	This option allows you to setup nmbd(8) to periodically announce itself 
 	to arbitrary IP addresses with an arbitrary workgroup name.
 	

@@ -4828,10 +4903,10 @@ remote announce (G)
 	See the chapter on Network Browsing in the Samba-HOWTO book.
 	
Default: remote announce = 
 
-

`+`

`remote browse sync (G) -`



 	This option allows you to setup nmbd(8) to periodically request 
 	synchronization of browse lists with the master browser of a Samba 
 	server that is on a remote segment. This option will allow you to 
@@ -4863,10 +4938,10 @@ remote browse sync (G)
 	each network has its own WINS server.
 	
Default: remote browse sync = 
 
-

`+`

`rename user script (G) -`



 	This is the full pathname to a script that will be run as root by smbd(8) under special circumstances described below.
 	

 	When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
@@ -4884,10 +4959,10 @@ rename user script (G)
 	needs to change for other applications using the same directory.
 	
Default: rename user script = no
 
-

`+`

`reset on zero vc (G) -`



 	This boolean option controls whether an incoming session setup
 	should kill other connections coming from the same IP. This matches
         the default Windows 2003 behaviour.
@@ -4906,10 +4981,10 @@ reset on zero vc (G)
 
 	
Default: reset on zero vc = no
 
-

`+`

`restrict anonymous (G) -`


The setting of this parameter determines whether user and
+


The setting of this parameter determines whether user and
     group list information is returned for an anonymous connection.
     and mirrors the effects of the
 
@@ -4932,16 +5007,16 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
     by setting guest ok = yes on any share.
 	
Default: restrict anonymous = 0
 
-

`+`

`root -`


This parameter is a synonym for root directory.

`+`


This parameter is a synonym for root directory.

`root dir -`


This parameter is a synonym for root directory.

`+`


This parameter is a synonym for root directory.

`root directory (G) -`


The server will chroot() (i.e. 
+


The server will chroot() (i.e. 
     Change its root directory) to this directory on startup. This is 
     not strictly necessary for secure operation. Even without it the 
     server will deny access to files not in one of the service entries. 
@@ -4964,34 +5039,34 @@ root directory (G)
 
 
Example: root directory = /homes/smb
 
-

`+`

`root postexec (S) -`



 	This is the same as the postexec
 	parameter except that the command is run as root. This is useful for 
 	unmounting filesystems (such as CDROMs) after a connection is closed.
 	
Default: root postexec = 
 
-

`+`

`root preexec close (S) -`


This is the same as the preexec close
+


This is the same as the preexec close
 	 parameter except that the command is run as root.
Default: root preexec close = no
 
-

`+`

`root preexec (S) -`



 	This is the same as the preexec
 	parameter except that the command is run as root. This is useful for 
 	mounting filesystems (such as CDROMs) when a connection is opened.
 	
Default: root preexec = 
 
-

`+`

`security mask (S) -`


 	This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
 	UNIX permission on a file using the native NT security dialog box.
 	
@@ -5010,10 +5085,10 @@ security mask (S)
 
 
Example: security mask = 0770
 
-

`+`

`security (G) -`


This option affects how clients respond to 
+


This option affects how clients respond to 
     Samba and is one of the most important settings in the 
     smb.conf file.
The option sets the "security mode bit" in replies to 
     protocol negotiations with smbd(8) to turn share level security on or off. Clients decide 
@@ -5137,10 +5212,10 @@ security (G)
 
 
Example: security = DOMAIN
 
-

`+`

`server schannel (G) -`



 	This controls whether the server offers or even demands the use of the netlogon schannel.
 	server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel.
 	This is only the case for Windows NT4 before SP4.
@@ -5151,20 +5226,20 @@ server schannel (G)
 
 
Example: server schannel = yes
 
-

`+`

`server signing (G) -`


This controls whether the client is allowed or required to use SMB signing. Possible values 
+


This controls whether the client is allowed or required to use SMB signing. Possible values 
     are auto, mandatory 
     and disabled. 
     
When set to auto, SMB signing is offered, but not enforced. 
     When set to mandatory, SMB signing is required and if set 
 	to disabled, SMB signing is not offered either.
Default: server signing = Disabled
 
-

`+`

`server string (G) -`


This controls what string will show up in the printer comment box in print 
+


This controls what string will show up in the printer comment box in print 
         manager and next to the IPC connection in net view. It 
         can be any string that you wish to show to your users.
It also sets what will appear in browse lists next 
 	to the machine name.
A %v will be replaced with the Samba 
@@ -5173,10 +5248,10 @@ server string (G)
 
 
Example: server string = University of GNUs Samba Server
 
-

`+`

`set directory (S) -`



 	If set directory = no, then 	users of the 
 	service may not use the setdir command to change directory.
 	

@@ -5185,10 +5260,10 @@ set directory (S)
 	for details.
 	
Default: set directory = no
 
-

`+`

`set primary group script (G) -`


Thanks to the Posix subsystem in NT a Windows User has a
+


Thanks to the Posix subsystem in NT a Windows User has a
 	primary group in addition to the auxiliary groups.  This script
 	sets the primary group in the unix userdatase when an
 	administrator sets the primary group from the windows user
@@ -5200,10 +5275,10 @@ set primary group script (G)
 
 
Example: set primary group script = /usr/sbin/usermod -g '%g' '%u'
 
-

`+`

`set quota command (G) -`


The set quota command should only be used 
+


The set quota command should only be used 
 	whenever there is no operating system API available from the OS that 
 	samba can use.
This option is only available if Samba was configured with the argument --with-sys-quotas or 
 	on linux when ./configure --with-quotas was used and a working quota api 
@@ -5213,10 +5288,10 @@ set quota command (G)
 
 
Example: set quota command = /usr/local/sbin/set_quota
 
-

`+`

`share modes (S) -`


This enables or disables the honoring of
+


This enables or disables the honoring of
 	the share modes during a file open. These
 	modes are used by clients to gain exclusive read or write access
 	to a file.
This is a deprecated option from old versions of
@@ -5228,20 +5303,20 @@ share modes (S)
 	by default.
You should NEVER turn this parameter
 	off as many Windows applications will break if you do so.
Default: share modes = yes
 
-

`+`

`short preserve case (S) -`



 	This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
 	suitable length, are created upper case, or if they are forced to be the default case.
 	This  option can be use with preserve case = yes to permit long filenames
 	to retain their case, while short names are lowered.
 	
See the section on NAME MANGLING.
Default: short preserve case = yes
 
-

`+`

`show add printer wizard (G) -`


With the introduction of MS-RPC based printing support
+


With the introduction of MS-RPC based printing support
     for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
     appear on Samba hosts in the share listing.  Normally this folder will 
     contain an icon for the MS Add Printer Wizard (APW).  However, it is 
@@ -5259,10 +5334,10 @@ show add printer wizard (G)
 
Note
This does not prevent the same user from having 
 		administrative privilege on an individual printer.
Default: show add printer wizard = yes
 
-

`+`

`shutdown script (G) -`


This a full path name to a script called by 
+


This a full path name to a script called by 
 	 smbd(8) that should 
 	start a shutdown procedure.
If the connected user posseses the SeRemoteShutdownPrivilege,
 	right, this command will be run as root.
The %z %t %r %f variables are expanded as follows:
%z will be substituted with the
@@ -5275,23 +5350,22 @@ shutdown script (G)
 			even if applications do not respond for NT.
Shutdown script example:
 
 #!/bin/bash
-
-time=$2
-let time="${time} / 60"
-let time="${time} + 1"
+		
+$time=0
+let "time/60"
+let "time++"
 
 /sbin/shutdown $3 $4 +$time $1 &
-
 

         Shutdown does not return so we need to launch it in background.
 	
Default: shutdown script = 
 
 
Example: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f
 
-

`+`

`smb encrypt (S) -`


This is a new feature introduced with Samba 3.2 and above. It is an
+


This is a new feature introduced with Samba 3.2 and above. It is an
     extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
     SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
     and sign every request/response in a SMB protocol stream. When
@@ -5319,10 +5393,10 @@ smb encrypt (S)
     When set to mandatory, SMB encryption is required and if set 
     to disabled, SMB encryption can not be negotiated.
Default: smb encrypt = auto
 
-

`+`

`smb passwd file (G) -`


This option sets the path to the encrypted smbpasswd file. By
+


This option sets the path to the encrypted smbpasswd file. By
     default the path to the smbpasswd file  is compiled into Samba.

     An example of use is:
 
@@ -5330,15 +5404,15 @@ smb passwd file = /etc/samba/smbpasswd
 

     
Default: smb passwd file = ${prefix}/private/smbpasswd
 
-

`+`

`smb ports (G) -`


Specifies which ports the server should listen on for SMB traffic.
Default: smb ports = 445 139
+


Specifies which ports the server should listen on for SMB traffic.
Default: smb ports = 445 139
 
-

`+`

`socket address (G) -`


This option allows you to control what
+

This option allows you to control what
 	address Samba will listen for connections on. This is used to
 	support multiple virtual interfaces on the one server, each
 	with a different configuration.Setting this option should never be necessary on usual Samba
@@ -5347,10 +5421,10 @@ socket address (G)
 
 
Example: socket address = 192.168.2.20
 
-

`+`

`socket options (G) -`


This option allows you to set socket options 
+


This option allows you to set socket options 
     to be used when talking with the client.
Socket options are controls on the networking layer 
     of the operating systems which allow the connection to be 
     tuned.
This option will typically be used to tune your Samba  server
@@ -5378,17 +5452,17 @@ socket options (G)
 
 
Example: socket options = IPTOS_LOWDELAY
 
-

`+`

`stat cache (G) -`


This parameter determines if smbd(8) will use a cache in order to 
+


This parameter determines if smbd(8) will use a cache in order to 
 	speed up case insensitive name mappings. You should never need 
 	to change this parameter.
Default: stat cache = yes
 
-

`+`

`store dos attributes (S) -`



 	If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
 	READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
 	as occurs with map hidden and map readonly).  When set, DOS
@@ -5400,10 +5474,10 @@ store dos attributes (S)
 	extended attributes to work, also extended attributes must be compiled into the Linux kernel.
 	
Default: store dos attributes = no
 
-

`+`

`strict allocate (S) -`


This is a boolean that controls the handling of 
+


This is a boolean that controls the handling of 
     disk space allocation in the server. When this is set to yes 
     the server will change from UNIX behaviour of not committing real
     disk storage blocks when a file is extended to the Windows behaviour
@@ -5415,10 +5489,10 @@ strict allocate (S)
     out of quota messages on systems that are restricting the disk quota
     of users.
Default: strict allocate = no
 
-

`+`

`strict locking (S) -`



 	This is an enumerated type that controls the handling of file locking in the server. When this is set to yes,
 	the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on 
 	some systems.
@@ -5434,10 +5508,10 @@ strict locking (S)
 	 strict locking = no is acceptable.
 	
Default: strict locking = Auto
 
-

`+`

`strict sync (S) -`


Many Windows applications (including the Windows 98 explorer
+


Many Windows applications (including the Windows 98 explorer
     shell) seem to confuse flushing buffer contents to disk with doing
     a sync to disk. Under UNIX, a sync call forces the process to be
     suspended until the kernel has ensured that all outstanding data in
@@ -5451,10 +5525,10 @@ strict sync (S)
     addition, this fixes many performance problems that people have
     reported with the new Windows98 explorer shell file copies.
Default: strict sync = no
 
-

`+`

`svcctl list (G) -`


This option defines a list of init scripts that smbd
+


This option defines a list of init scripts that smbd
     will use for starting and stopping Unix services via the Win32 
     ServiceControl API.  This allows Windows administrators to 
     utilize the MS Management Console plug-ins to manage a 
@@ -5467,10 +5541,10 @@ svcctl list (G)
 
 
Example: svcctl list = cups postfix portmap httpd
 
-

`+`

`sync always (S) -`


This is a boolean parameter that controls 
+

This is a boolean parameter that controls 
     whether writes will always be written to stable storage before 
     the write call returns. If this is no then the server will be 
     guided by the client's request in each write call (clients can 
@@ -5479,21 +5553,21 @@ sync always (S)
      call to ensure the data is written to disk. Note that 
     the strict sync parameter must be set to
     yes in order for this parameter to have 
-    any affect.
Default: sync always = no
+    any effect.
Default: sync always = no
 
-

`+`

`syslog only (G) -`



     If this parameter is set then Samba debug messages are logged into the system 
     syslog only, and not to the debug log files. There still will be some
 	logging to log.[sn]mbd even if syslog only is enabled.
     
Default: syslog only = no
 
-

`+`

`syslog (G) -`



     This parameter maps how Samba debug messages are logged onto the system syslog logging levels. 
     Samba debug level zero maps onto syslog LOG_ERR, debug level one maps onto 
     LOG_WARNING, debug level two maps onto LOG_NOTICE,
@@ -5504,10 +5578,10 @@ syslog (G)
     logging to log.[sn]mbd even if syslog only is enabled.
     
Default: syslog = 1
 
-

`+`

`template homedir (G) -`


When filling out the user information for a Windows NT 
+


When filling out the user information for a Windows NT 
 	user, the winbindd(8) daemon  uses this
 	parameter to fill in the home directory for that user. If the
 	string %D is present it
@@ -5515,31 +5589,31 @@ template homedir (G)
 	string %U is present it
 	is substituted with the user's Windows  NT user name.
Default: template homedir = /home/%D/%U
 
-

`+`

`template shell (G) -`


When filling out the user information for a Windows NT 
+


When filling out the user information for a Windows NT 
 	user, the winbindd(8) daemon uses this
-	parameter to fill in the login shell for that user.
No default

`+ parameter to fill in the login shell for that user. No default`

`time offset (G) -`


This parameter is a setting in minutes to add 
+


This parameter is a setting in minutes to add 
 	to the normal GMT to local time conversion. This is useful if 
 	you are serving a lot of PCs that have incorrect daylight 
 	saving time handling.
Default: time offset = 0
 
 
Example: time offset = 60
 
-

`+`

`time server (G) -`


This parameter determines if nmbd(8) advertises itself as a time server to Windows 
+


This parameter determines if nmbd(8) advertises itself as a time server to Windows 
 clients.
Default: time server = no
 
-

`+`

`unix charset (G) -`


Specifies the charset the unix machine 
+

Specifies the charset the unix machine 
 		Samba runs on uses. Samba needs to know this in order to be able to 
 		convert text to the charsets other SMB clients use.
 	This is also the charset Samba will use when specifying arguments 
@@ -5548,20 +5622,20 @@ unix charset (G)
 
 
Example: unix charset = ASCII
 
-

`+`

`unix extensions (G) -`


This boolean parameter controls whether Samba
+


This boolean parameter controls whether Samba
     implements the CIFS UNIX extensions, as defined by HP.
     These extensions enable Samba to better serve UNIX CIFS clients
     by supporting features such as symbolic links, hard links, etc...
     These extensions require a similarly enabled client, and are of
     no current use to Windows clients.
Default: unix extensions = yes
 
-

`+`

`unix password sync (G) -`


This boolean parameter controls whether Samba 
+


This boolean parameter controls whether Samba 
     attempts to synchronize the UNIX password with the SMB password 
     when the encrypted SMB password in the smbpasswd file is changed. 
     If this is set to yes the program specified in the passwd
@@ -5570,10 +5644,10 @@ unix password sync (G)
     old UNIX password (as the SMB password change code has no 
 	access to the old password cleartext, only the new).
Default: unix password sync = no
 
-

`+`

`update encrypted (G) -`



 	This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
 	password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
 	migrate from plaintext password authentication (users authenticate with plaintext password over the
@@ -5591,10 +5665,10 @@ update encrypted (G)
 	passwords.
 	
Default: update encrypted = no
 
-

`+`

`use client driver (S) -`


This parameter applies only to Windows NT/2000
+

This parameter applies only to Windows NT/2000
     clients.  It has no effect on Windows 95/98/ME clients.  When 
     serving a printer to Windows NT/2000 clients without first installing
     a valid printer driver on the Samba host, the client will be required
@@ -5619,25 +5693,10 @@ use client driver (S)
     on a print share which has valid print driver installed on the Samba 
 	server.
Default: use client driver = no
 
-

`- -use kerberos keytab (G) -`



-	Specifies whether Samba should attempt to maintain service principals in the systems
-	keytab file for host/FQDN and cifs/FQDN.
-	

-	When you are using the heimdal Kerberos libraries, you must also specify the following in
-	/etc/krb5.conf:
-
-[libdefaults]
-default_keytab_name = FILE:/etc/krb5.keytab
-

-	
Default: use kerberos keytab = False
-
-

`+`

`use mmap (G) -`


This global parameter determines if the tdb internals of Samba can
+


This global parameter determines if the tdb internals of Samba can
     depend on mmap working correctly on the running system. Samba requires a coherent
     mmap/read-write system memory cache. Currently only HPUX does not have such a
     coherent cache, and so this parameter is set to no by
@@ -5646,10 +5705,10 @@ use mmap (G)
     the tdb internal code.
     
Default: use mmap = yes
 
-

`+`

`username level (G) -`


This option helps Samba to try and 'guess' at 
+


This option helps Samba to try and 'guess' at 
     the real UNIX username, as many DOS clients send an all-uppercase 
     username. By default Samba tries all lowercase, followed by the 
     username with the first letter capitalized, and fails if the 
@@ -5664,10 +5723,10 @@ username level (G)
 
 
Example: username level = 5
 
-

`+`

`username map script (G) -`


This script is a mutually exclusive alternative to the 
+


This script is a mutually exclusive alternative to the 
 	username map parameter.  This parameter 
 	specifies and external program or script that must accept a single 
 	command line option (the username transmitted in the authentication
@@ -5678,10 +5737,10 @@ username map script (G)
 
 
Example: username map script = /etc/samba/scripts/mapusers.sh
 
-

`+`

`username map (G) -`



 	This option allows you to specify a file containing a mapping of usernames from the clients to the server.
 	This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
 	machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they
@@ -5765,16 +5824,16 @@ username map = /usr/local/samba/lib/users.map
     
Default: username map = 
 # no username map
 
-

`+`

`user -`


This parameter is a synonym for username.

`+`


This parameter is a synonym for username.

`users -`


This parameter is a synonym for username.

`+`


This parameter is a synonym for username.

`username (S) -`


Multiple users may be specified in a comma-delimited 
+


Multiple users may be specified in a comma-delimited 
     list, in which case the supplied password will be tested against 
     each username in turn (left to right).
The username line is needed only when 
     the PC is unable to supply its own username. This is the case 
@@ -5812,28 +5871,28 @@ username (S)
 
 
Example: username = fred, mary, jack, jane, @users, @pcgroup
 
-

`+`

`usershare allow guests (G) -`


This parameter controls whether user defined shares are allowed
+


This parameter controls whether user defined shares are allowed
 	to be accessed by non-authenticated users or not. It is the equivalent
 	of allowing people who can create a share the option of setting
 	guest ok = yes in a share
 	definition. Due to its security sensitive nature, the default
 	is set to off.
Default: usershare allow guests = no
 
-

`+`

`usershare max shares (G) -`


This parameter specifies the number of user defined shares
+


This parameter specifies the number of user defined shares
 	that are allowed to be created by users belonging to the group owning the
 	usershare directory. If set to zero (the default) user defined shares are ignored.
 	
Default: usershare max shares = 0
 
-

`+`

`usershare owner only (G) -`


This parameter controls whether the pathname exported by
+


This parameter controls whether the pathname exported by
 	a user defined shares must be owned by the user creating the
 	user defined share or not. If set to True (the default) then
 	smbd checks that the directory path being shared is owned by
@@ -5843,10 +5902,10 @@ usershare owner only (G)
 	regardless of who owns it.
 	
Default: usershare owner only = True
 
-

`+`

`usershare path (G) -`


This parameter specifies the absolute path of the directory on the
+


This parameter specifies the absolute path of the directory on the
 	filesystem used to store the user defined share definition files.
 	This directory must be owned by root, and have no access for
 	other, and be writable only by the group owner. In addition the
@@ -5867,10 +5926,10 @@ usershare path (G)
 	In this case, only members of the group "power_users" can create user defined shares.
 	
Default: usershare path = NULL
 
-

`+`

`usershare prefix allow list (G) -`


This parameter specifies a list of absolute pathnames
+


This parameter specifies a list of absolute pathnames
 	the root of which are allowed to be exported by user defined share definitions.
 	If the pathname to be exported doesn't start with one of the strings in this
 	list, the user defined share will not be allowed. This allows the Samba
@@ -5885,10 +5944,10 @@ usershare prefix allow list (G)
 
 
Example: usershare prefix allow list = /home /data /space
 
-

`+`

`usershare prefix deny list (G) -`


This parameter specifies a list of absolute pathnames
+


This parameter specifies a list of absolute pathnames
 	the root of which are NOT allowed to be exported by user defined share definitions.
 	If the pathname exported starts with one of the strings in this
 	list the user defined share will not be allowed. Any pathname not
@@ -5904,10 +5963,10 @@ usershare prefix deny list (G)
 
 
Example: usershare prefix deny list = /etc /dev /private
 
-

`+`

`usershare template share (G) -`


User defined shares only have limited possible parameters
+


User defined shares only have limited possible parameters
 	such as path, guest ok, etc. This parameter allows usershares to
 	"cloned" from an existing share. If "usershare template share"
 	is set to the name of an existing share, then all usershares
@@ -5922,10 +5981,10 @@ usershare template share (G)
 
 
Example: usershare template share = template_share
 
-

`+`

`use sendfile (S) -`


If this parameter is yes, and the sendfile() 
+


If this parameter is yes, and the sendfile() 
     system call is supported by the underlying operating system, then some SMB read calls 
     (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
     are exclusively oplocked. This may make more efficient use of the system CPU's
@@ -5934,10 +5993,10 @@ use sendfile (S)
     Windows 9x (using sendfile from Linux will cause these clients to fail).
     
Default: use sendfile = false
 
-

`+`

`use spnego (G) -`


This variable controls controls whether samba will try 
+


This variable controls controls whether samba will try 
     to use Simple and Protected NEGOciation (as specified by rfc2478) with 
     WindowsXP and Windows2000 clients to agree upon an authentication mechanism. 
 

@@ -5945,10 +6004,10 @@ use spnego (G)
     implementation, there is no reason this should ever be
 	disabled.
Default: use spnego = yes
 
-

`+`

`utmp directory (G) -`


This parameter is only available if Samba has 
+


This parameter is only available if Samba has 
 	been configured and compiled with the option 
 	--with-utmp. It specifies a directory pathname that is
 	used to store the utmp or utmpx files (depending on the UNIX system) that
@@ -5960,10 +6019,10 @@ utmp directory (G)
 
 
Example: utmp directory = /var/run/utmp
 
-

`+`

`utmp (G) -`



 	This boolean parameter is only available if Samba has been configured and compiled  
 	with the option --with-utmp. If set to 
 	 yes then Samba will attempt to add utmp or utmpx records 
@@ -5975,10 +6034,10 @@ utmp (G)
 	to find this number.  This may impede performance on large installations. 
 	
Default: utmp = no
 
-

`+`

`valid users (S) -`



     This is a list of users that should be allowed to login to this service. Names starting with 
     '@', '+' and  '&' are interpreted using the same rules as described in the 
     invalid users parameter.
@@ -5994,10 +6053,10 @@ valid users (S)
 
 
Example: valid users = greg, @pcusers
 
-

`+`

`-valid (S) -`


 This parameter indicates whether a share is 
+


 This parameter indicates whether a share is 
 	valid and thus can be used. When this parameter is set to false, 
 	the share will be in no way visible nor accessible.
 	

@@ -6006,10 +6065,10 @@ valid users (S)
 	Samba uses this option internally to mark shares as deleted.
 	
Default: -valid = yes
 
-

`+`

`veto files (S) -`



 	This is a list of files and directories that are neither visible nor accessible.  Each entry in 
 	the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' 
 	can be used to specify multiple files or directories as in DOS wildcards.
@@ -6040,10 +6099,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 

 	
Default: veto files = No files or directories are vetoed.
 
-

`+`

`veto oplock files (S) -`



 	This parameter is only valid when the oplocks
 	parameter is turned on for a share. It allows the Samba administrator
 	to selectively turn off the granting of oplocks on selected files that
@@ -6064,31 +6123,31 @@ veto oplock files = /.*SEM/
 	
Default: veto oplock files = 
 # No files are vetoed for oplock grants
 
-

`+`

`vfs object -`


This parameter is a synonym for vfs objects.

`+`


This parameter is a synonym for vfs objects.

`vfs objects (S) -`


This parameter specifies the backend names which 
+


This parameter specifies the backend names which 
 	are used for Samba VFS I/O operations.  By default, normal 
 	disk I/O operations are used but these can be overloaded 
 	with one or more VFS objects. 
Default: vfs objects = 
 
 
Example: vfs objects = extd_audit recycle
 
-

`+`

`volume (S) -`


This allows you to override the volume label 
+


This allows you to override the volume label 
 	returned for a share. Useful for CDROMs with installation programs 
 	that insist on a particular volume label.
Default: volume = 
 # the name of the share
 
-

`+`

`wide links (S) -`


This parameter controls whether or not links 
+


This parameter controls whether or not links 
 	in the UNIX file system may be followed by the server. Links 
 	that point to areas within the directory tree exported by the 
 	server are always allowed; this parameter controls access only 
@@ -6096,10 +6155,10 @@ wide links (S)
 	effect on your server performance due to the extra system calls 
 	that Samba has to  do in order to perform the link checks.
Default: wide links = yes
 
-

`+`

`winbind cache time (G) -`


This parameter specifies the number of 
+


This parameter specifies the number of 
 	seconds the winbindd(8) daemon will cache 
 	user and group information before querying a Windows NT server 
 	again.

@@ -6107,10 +6166,10 @@ winbind cache time (G)
 	evaluated in real time unless the winbind   offline logon option has been enabled.
 	
Default: winbind cache time = 300
 
-

`+`

`winbind enum groups (G) -`


On large installations using winbindd(8) it may be necessary to suppress 
+


On large installations using winbindd(8) it may be necessary to suppress 
 	the enumeration of groups through the setgrent(),
 	getgrent() and
 	endgrent() group of system calls.  If
@@ -6118,10 +6177,10 @@ winbind enum groups (G)
 	no, calls to the getgrent() system
 	call will not return any data. 
Warning
Turning off group enumeration may cause some programs to behave oddly.  
Default: winbind enum groups = no
 
-

`+`

`winbind enum users (G) -`


On large installations using winbindd(8) it may be
+


On large installations using winbindd(8) it may be
 	necessary to suppress the enumeration of users through the setpwent(),
 	 getpwent() and
 	 endpwent() group of system calls.  If
@@ -6133,10 +6192,10 @@ winbind enum users (G)
 	full user list when searching for matching
 	usernames. 
Default: winbind enum users = no
 
-

`+`

`winbind expand groups (G) -`


This option controls the maximum depth that winbindd
+


This option controls the maximum depth that winbindd
               will traverse when flattening nested group memberships
 	      of Windows domain groups.  This is different from the
 	      winbind nested groups option
@@ -6148,10 +6207,10 @@ winbind expand groups (G)
 	 must perform the group unrolling and will be unable to answer
 	 incoming NSS or authentication requests during this time.
Default: winbind expand groups = 1
 
-

`+`

`winbind nested groups (G) -`


If set to yes, this parameter activates the support for nested
+


If set to yes, this parameter activates the support for nested
                  groups. Nested groups are also called local groups or
                  aliases. They work like their counterparts in Windows: Nested
                  groups are defined locally on any machine (they are shared
@@ -6159,10 +6218,10 @@ winbind nested groups (G)
                  global groups from any trusted SAM. To be able to use nested
                  groups, you need to run nss_winbind.
Default: winbind nested groups = yes
 
-

`+`

`winbind normalize names (G) -`


This parameter controls whether winbindd will replace
+


This parameter controls whether winbindd will replace
 	  whitespace in user and group names with an underscore (_) character.
 	  For example, whether the name "Space Kadet" should be
 	  replaced with the string "space_kadet".
@@ -6182,10 +6241,10 @@ winbind normalize names (G)
 
 
Example: winbind normalize names = yes
 
-

`+`

`winbind nss info (G) -`


This parameter is designed to control how Winbind retrieves Name
+


This parameter is designed to control how Winbind retrieves Name
 	Service Information to construct a user's home directory and login shell. 
 	Currently the following settings are available: 
 
@@ -6207,10 +6266,10 @@ winbind nss info (G)
 
 
Example: winbind nss info = template sfu
 
-

`+`

`winbind offline logon (G) -`


This parameter is designed to control whether Winbind should
+


This parameter is designed to control whether Winbind should
 	allow to login with the pam_winbind 
 	module using Cached Credentials. If enabled, winbindd will store user credentials
 	from successful logins encrypted in a local cache.
@@ -6218,37 +6277,37 @@ winbind offline logon (G)
 
 
Example: winbind offline logon = true
 
-

`+`

`winbind reconnect delay (G) -`


This parameter specifies the number of
+


This parameter specifies the number of
 	seconds the winbindd(8) daemon will wait between
 	attempts to contact a Domain controller for a domain that is
 	determined to be down or not contactable.
Default: winbind reconnect delay = 30
 
-

`+`

`winbind refresh tickets (G) -`


This parameter is designed to control whether Winbind should refresh Kerberos Tickets
+


This parameter is designed to control whether Winbind should refresh Kerberos Tickets
 	retrieved using the pam_winbind module.
 
 
Default: winbind refresh tickets = false
 
 
Example: winbind refresh tickets = true
 
-

`+`

`winbind rpc only (G) -`



 	Setting this parameter to yes forces 
 	winbindd to use RPC instead of LDAP to retrieve information from Domain
         Controllers.
 	
Default: winbind rpc only = no
 
-

`+`

`winbind separator (G) -`


This parameter allows an admin to define the character 
+


This parameter allows an admin to define the character 
 	used when listing a username of the form of DOMAIN
 	\user.  This parameter 
 	is only applicable when using the pam_winbind.so
@@ -6259,10 +6318,10 @@ winbind separator (G)
 
 
Example: winbind separator = +
 
-

`+`

`winbind trusted domains only (G) -`



 	This parameter is designed to allow Samba servers that are members 
 	of a Samba controlled domain to use UNIX accounts distributed via NIS, 
 	rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
@@ -6273,10 +6332,10 @@ winbind trusted domains only (G)
 	Refer to the idmap_nss(8) man page for more information.
 	
Default: winbind trusted domains only = no
 
-

`+`

`winbind use default domain (G) -`


This parameter specifies whether the
+


This parameter specifies whether the
 	 winbindd(8) daemon should operate on users  
 	without domain component in their username. Users without a domain
 	component are treated as is part of the winbindd server's own
@@ -6286,10 +6345,10 @@ winbind use default domain (G)
 
 
Example: winbind use default domain = yes
 
-

`+`

`wins hook (G) -`


When Samba is running as a WINS server this 
+


When Samba is running as a WINS server this 
 	allows you to call an external program for all changes to the 
 	WINS database. The primary use for this option is to allow the 
 	dynamic update of external name resolution databases such as 
@@ -6310,17 +6369,17 @@ wins hook (G)
 			addresses currently registered for that name. If this list is 
 			empty then the name should be deleted.
An example script that calls the BIND dynamic DNS update 
 	program nsupdate is provided in the examples 
-	directory of the Samba source code. 
No default

`+ directory of the Samba source code. No default`

`wins proxy (G) -`


This is a boolean that controls if nmbd(8) will respond to broadcast name 
+


This is a boolean that controls if nmbd(8) will respond to broadcast name 
 	queries on behalf of  other hosts. You may need to set this 
 	to yes for some older clients.
Default: wins proxy = no
 
-

`+`

`wins server (G) -`


This specifies the IP address (or DNS name: IP 
+


This specifies the IP address (or DNS name: IP 
 	address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on 
 	your network then you should set this to the WINS server's IP.
You should point this at your WINS server if you have a
 	multi-subnetted network.
If you want to work in multiple namespaces, you can 
@@ -6339,19 +6398,19 @@ wins server (G)
 
 
Example: wins server = 192.9.200.1 192.168.2.61
 
-

`+`

`wins support (G) -`


This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should 
+


This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should 
 	not set this to yes unless you have a multi-subnetted network and 
 	you wish a particular nmbd to be your WINS server. 
 	Note that you should NEVER set this to yes
 	on more than one machine in your network.
Default: wins support = no
 
-

`+`

`workgroup (G) -`


This controls what workgroup your server will 
+


This controls what workgroup your server will 
 	appear to be in when queried by clients. Note that this parameter 
 	also controls the Domain name used with 
 	the security = domain
@@ -6359,18 +6418,18 @@ workgroup (G)
 
 
Example: workgroup = MYGROUP
 
-

`+`

`writable -`


This parameter is a synonym for writeable.

`+`


This parameter is a synonym for writeable.

`writeable (S) -`


Inverted synonym for read only.
Default: writeable = no
+


Inverted synonym for read only.
Default: writeable = no
 
-

`+`

`write cache size (S) -`


If this integer parameter is set to non-zero value,
+


If this integer parameter is set to non-zero value,
     Samba will create an in-memory cache for each oplocked file 
     (it does not do this for 
     non-oplocked files). All writes that the client does not request 
@@ -6388,10 +6447,10 @@ write cache size (S)
 
Example: write cache size = 262144
 #  for a 256k cache size per file
 
-

`+`

`write list (S) -`


     This is a list of users that are given read-write access to a service. If the 
     connecting user is in this list then they will be given write access, no matter 
     what the read only option is set to. The list can 
@@ -6406,17 +6465,17 @@ write list (S)
 
 
Example: write list = admin, root, @staff
 
-

`+`

`write raw (G) -`


This parameter controls whether or not the server 
+


This parameter controls whether or not the server 
     will support raw write SMB's when transferring data from clients. 
     You should never need to change this parameter.
Default: write raw = yes
 
-

`+`

`wtmp directory (G) -`



 	This parameter is only available if Samba has been configured and compiled with the option 
 	--with-utmp. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on 
 	the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact 
@@ -6428,7 +6487,7 @@ wtmp directory (G)
 
 
Example: wtmp directory = /var/log/wtmp
 
-

WARNINGS

+

WARNINGS

 	Although the configuration file permits service names to contain spaces, your client software may not.
 	Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
 	

@@ -6441,8 +6500,8 @@ wtmp directory (G)
 	for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
 	care when designing these sections. In particular, ensure that the permissions on spool directories are
 	correct.
-

VERSION
This man page is correct for version 3 of the Samba suite.

SEE ALSO

-	samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

AUTHOR

+

VERSION
This man page is correct for version 3 of the Samba suite.

SEE ALSO

+	samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

AUTHOR

 	The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
 	

diff --git a/docs/htmldocs/manpages/smbcacls.1.html b/docs/htmldocs/manpages/smbcacls.1.html
index 2403eea762..c690741242 100644
--- a/docs/htmldocs/manpages/smbcacls.1.html
+++ b/docs/htmldocs/manpages/smbcacls.1.html
@@ -77,7 +77,7 @@ ACL:<sid or name>:<type>/<flags>/<mask>
 	file permissions of the same name. 
R - Allow read access 
W - Allow write access
X - Execute permission on the object
D - Delete the object
P - Change permissions
O - Take ownership
The following combined permissions can be specified:
READ -  Equivalent to 'RX'
 		permissions
CHANGE - Equivalent to 'RXWD' permissions
 		
FULL - Equivalent to 'RWXDPO' 
-		permissions

EXIT STATUS
The smbcacls program sets the exit status 
+		permissions

EXIT STATUS
The smbcacls program sets the exit status 
 	depending on the success or otherwise of the operations performed.  
 	The exit status may be one of the following values. 
If the operation succeeded, smbcacls returns and exit 
 	status of 0.  If smbcacls couldn't connect to the specified server, 
diff --git a/docs/htmldocs/manpages/smbcquotas.1.html b/docs/htmldocs/manpages/smbcquotas.1.html
index f39a35ce08..2830801d55 100644
--- a/docs/htmldocs/manpages/smbcquotas.1.html
+++ b/docs/htmldocs/manpages/smbcquotas.1.html
@@ -74,13 +74,13 @@ it in directly.


 	FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT
-	
All limits are specified as a number of bytes.

EXIT STATUSThe smbcquotas program sets the exit status
+	
All limits are specified as a number of bytes.

EXIT STATUS
The smbcquotas program sets the exit status
 	depending on the success or otherwise of the operations performed.
 	The exit status may be one of the following values. 
If the operation succeeded, smbcquotas returns an exit
 	status of 0.  If smbcquotas couldn't connect to the specified server,
 	or when there was an error getting or setting the quota(s), an exit status
 	of 1 is returned.  If there was an error parsing any command line
-	arguments, an exit status of 2 is returned.

VERSION
This man page is correct for version 3 of the Samba suite.

AUTHOR
The original Samba software and related utilities
+	arguments, an exit status of 2 is returned.

VERSION
This man page is correct for version 3 of the Samba suite.

AUTHOR
The original Samba software and related utilities
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar
 	to the way the Linux kernel is developed.
smbcquotas was written by Stefan Metzmacher.


diff --git a/docs/htmldocs/manpages/smbd.8.html b/docs/htmldocs/manpages/smbd.8.html
index 57e12cc37e..5e5bcd4da8 100644
--- a/docs/htmldocs/manpages/smbd.8.html
+++ b/docs/htmldocs/manpages/smbd.8.html
@@ -1,4 +1,4 @@
-smbd


Name
smbd — server to provide SMB/CIFS services to clients
Synopsis
smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number(s)>] [-P <profiling level>] [-O <socket option>] [-s <configuration file>]

DESCRIPTION
This program is part of the samba(7) suite.
smbd is the server daemon that 
+smbd


Name
smbd — server to provide SMB/CIFS services to clients
Synopsis
smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number(s)>] [-P <profiling level>] [-O <socket option>] [-s <configuration file>]
DESCRIPTION
This program is part of the samba(7) suite.
smbd is the server daemon that 
 	provides filesharing and printing services to Windows clients. 
 	The server provides filespace and printer services to
 	clients using the SMB (or CIFS) protocol. This is compatible 
@@ -21,7 +21,7 @@
 	can force a reload by sending a SIGHUP to the server.  Reloading 
 	the configuration file will not affect connections to any service 
 	that is already established.  Either the user will have to 
-	disconnect from the service, or smbd killed and restarted.
OPTIONS
-D
If specified, this parameter causes 
+	disconnect from the service, or smbd killed and restarted.
OPTIONS
-D
If specified, this parameter causes 
 		the server to operate as a daemon. That is, it detaches 
 		itself and runs in the background, fielding requests 
 		on the appropriate port. Operating the server as a
@@ -102,11 +102,11 @@ log.smbd, etc...). The log file is never removed by the client.
 	you will be unable to connect from a client (such as a PC) as 
 	two different users at once. Attempts to connect the
 	second user will result in access denied or 
-	similar.
ENVIRONMENT VARIABLES
PRINTER
If no printer name is specified to 
+	similar.
ENVIRONMENT VARIABLES
PRINTER
If no printer name is specified to 
 		printable services, most systems will use the value of 
 		this variable (or lp if this variable is 
 		not defined) as the name of the printer to use. This 
-		is not specific to the server, however.
PAM INTERACTION
Samba uses PAM for authentication (when presented with a plaintext 
+		is not specific to the server, however.
PAM INTERACTION
Samba uses PAM for authentication (when presented with a plaintext 
 	password), for account checking (is this account disabled?) and for
 	session management.  The degree too which samba supports PAM is restricted
 	by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater.  When this is set, the following restrictions apply:
@@ -119,8 +119,8 @@ log.smbd, etc...). The log file is never removed by the client.
 	is granted.  Note however, that this is bypassed in share level secuirty.  
 	Note also that some older pam configuration files may need a line 
 	added for session support. 
-	
VERSION
This man page is correct for version 3 of 
-	the Samba suite.
DIAGNOSTICS
Most diagnostics issued by the server are logged 
+	
VERSION
This man page is correct for version 3 of 
+	the Samba suite.
DIAGNOSTICS
Most diagnostics issued by the server are logged 
 	in a specified log file. The log file name is specified 
 	at compile time, but may be overridden on the command line.
The number and nature of diagnostics available depends 
 	on the debug level used by the server. If you have problems, set 
@@ -129,10 +129,10 @@ log.smbd, etc...). The log file is never removed by the client.
 	available in the source code to warrant describing each and every 
 	diagnostic. At this stage your best bet is still to grep the 
 	source code and inspect the conditions that gave rise to the 
-	diagnostics you are seeing.
TDB FILES
Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba.

+	diagnostics you are seeing.
TDB FILES
Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba.

 	(*) information persistent across restarts (but not
 	necessarily important to backup).
-	
account_policy.tdb*
NT account policy settings such as pw expiration, etc...
brlock.tdb
byte range locks
browse.dat
browse lists
connections.tdb
share connections (used to enforce max connections, etc...)
gencache.tdb
generic caching db
group_mapping.tdb*
group mapping information
locking.tdb
share modes & oplocks
login_cache.tdb*
bad pw attempts
messages.tdb
Samba messaging system
netsamlogon_cache.tdb*
cache of user net_info_3 struct	from net_samlogon() request (as a domain member)
ntdrivers.tdb*
installed printer drivers
ntforms.tdb*
installed printer forms
ntprinters.tdb*
installed printer information
printing/
directory containing tdb per print queue of cached lpq output
registry.tdb
Windows registry skeleton (connect via regedit.exe)
sessionid.tdb
session information (e.g. support for 'utmp = yes')
share_info.tdb*
share acls
winbindd_cache.tdb
winbindd's cache of user lists, etc...
winbindd_idmap.tdb*
winbindd's local idmap db
wins.dat*
wins database when 'wins support = yes'
SIGNALS
Sending the smbd a SIGHUP will cause it to 
+	
account_policy.tdb*
NT account policy settings such as pw expiration, etc...
brlock.tdb
byte range locks
browse.dat
browse lists
connections.tdb
share connections (used to enforce max connections, etc...)
gencache.tdb
generic caching db
group_mapping.tdb*
group mapping information
locking.tdb
share modes & oplocks
login_cache.tdb*
bad pw attempts
messages.tdb
Samba messaging system
netsamlogon_cache.tdb*
cache of user net_info_3 struct	from net_samlogon() request (as a domain member)
ntdrivers.tdb*
installed printer drivers
ntforms.tdb*
installed printer forms
ntprinters.tdb*
installed printer information
printing/
directory containing tdb per print queue of cached lpq output
registry.tdb
Windows registry skeleton (connect via regedit.exe)
sessionid.tdb
session information (e.g. support for 'utmp = yes')
share_info.tdb*
share acls
winbindd_cache.tdb
winbindd's cache of user lists, etc...
winbindd_idmap.tdb*
winbindd's local idmap db
wins.dat*
wins database when 'wins support = yes'
SIGNALS
Sending the smbd a SIGHUP will cause it to 
 	reload its smb.conf configuration 
 	file within a short period of time.
To shut down a user's smbd process it is recommended 
 	that SIGKILL (-9) NOT 
@@ -147,11 +147,11 @@ log.smbd, etc...). The log file is never removed by the client.
 	smbd is in a state of waiting for an incoming SMB before 
 	issuing them. It is possible to make the signal handlers safe 
 	by un-blocking the signals before the select call and re-blocking 
-	them after, however this would affect performance.
SEE ALSO
hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the 
+	them after, however this would affect performance.
SEE ALSO
hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the 
 	Internet RFC's	rfc1001.txt, rfc1002.txt. 
 	In addition the CIFS (formerly SMB) specification is available 
 	as a link from the Web page  
-	http://samba.org/cifs/.
AUTHOR
The original Samba software and related utilities 
+	http://samba.org/cifs/.

AUTHOR
The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
 	to the way the Linux kernel is developed.
The original Samba man pages were written by Karl Auer. 
diff --git a/docs/htmldocs/manpages/smbget.1.html b/docs/htmldocs/manpages/smbget.1.html
index 8b562294e7..d9323c2210 100644
--- a/docs/htmldocs/manpages/smbget.1.html
+++ b/docs/htmldocs/manpages/smbget.1.html
@@ -1,14 +1,14 @@
-smbget


Name
smbget — wget-like utility for download files over SMB
Synopsis
smbget [-a, --guest] [-r, --resume] [-R, --recursive] [-u, --username=STRING] [-p, --password=STRING] [-w, --workgroup=STRING] [-n, --nonprompt] [-d, --debuglevel=INT] [-D, --dots] [-P, --keep-permissions] [-o, --outputfile] [-f, --rcfile] [-q, --quiet] [-v, --verbose] [-b, --blocksize] [-?, --help] [--usage] {smb://host/share/path/to/file} [smb://url2/] [...]

DESCRIPTION
This tool is part of the samba(7) suite.
smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. 
+smbget
Name
smbget — wget-like utility for download files over SMB
Synopsis
smbget [-a, --guest] [-r, --resume] [-R, --recursive] [-u, --username=STRING] [-p, --password=STRING] [-w, --workgroup=STRING] [-n, --nonprompt] [-d, --debuglevel=INT] [-D, --dots] [-P, --keep-permissions] [-o, --outputfile] [-f, --rcfile] [-q, --quiet] [-v, --verbose] [-b, --blocksize] [-?, --help] [--usage] {smb://host/share/path/to/file} [smb://url2/] [...]
DESCRIPTION
This tool is part of the samba(7) suite.
smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. 
 	

 		The files should be in the smb-URL standard, e.g. use smb://host/share/file
 		for the UNC path \\\\HOST\\SHARE\\file.
-	
OPTIONS
-a, --guest
Work as user guest
-r, --resume
Automatically resume aborted files
-R, --recursive
Recursively download files
-u, --username=STRING
Username to use
-p, --password=STRING
Password to use
-w, --workgroup=STRING
Workgroup to use (optional)
-n, --nonprompt
Don't ask anything (non-interactive)
-d, --debuglevel=INT
Debuglevel to use
-D, --dots
Show dots as progress indication
-P, --keep-permissions
Set same permissions on local file as are set on remote file.
-o, --outputfile
Write the file that is being download to the specified file. Can not be used together with -R.
-f, --rcfile
Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.
-q, --quiet
Be quiet
-v, --verbose
Be verbose
-b, --blocksize
Number of bytes to download in a block. Defaults to 64000.
-?, --help
Show help message
--usage
Display brief usage message
SMB URLS
 SMB URL's should be specified in the following format:
+	
OPTIONS
-a, --guest
Work as user guest
-r, --resume
Automatically resume aborted files
-R, --recursive
Recursively download files
-u, --username=STRING
Username to use
-p, --password=STRING
Password to use
-w, --workgroup=STRING
Workgroup to use (optional)
-n, --nonprompt
Don't ask anything (non-interactive)
-d, --debuglevel=INT
Debuglevel to use
-D, --dots
Show dots as progress indication
-P, --keep-permissions
Set same permissions on local file as are set on remote file.
-o, --outputfile
Write the file that is being download to the specified file. Can not be used together with -R.
-f, --rcfile
Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.
-q, --quiet
Be quiet
-v, --verbose
Be verbose
-b, --blocksize
Number of bytes to download in a block. Defaults to 64000.
-?, --help
Show help message
--usage
Display brief usage message
SMB URLS
 SMB URL's should be specified in the following format:
 smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]]
 
 smb:// means all the workgroups
 
 smb://name/ means, if name is a workgroup, all the servers in this workgroup, or if name is a server, all the shares on this server.
-
EXAMPLES
+
EXAMPLES
 # Recursively download 'src' directory
 smbget -R smb://rhonwyn/jelmer/src
 # Download FreeBSD ISO and enable resuming
@@ -17,10 +17,10 @@ smbget -r smb://rhonwyn/isos/FreeBSD5.1.iso
 smbget -Rr smb://rhonwyn/isos
 # Backup my data on rhonwyn
 smbget -Rr smb://rhonwyn/
-
BUGS
Permission denied is returned in some cases where the cause of the error is unknown 
+
BUGS
Permission denied is returned in some cases where the cause of the error is unknown 
 (such as an illegally formatted smb:// url or trying to get a directory without -R 
-turned on).
VERSION
This man page is correct for version 3 of 
-	the Samba suite.
AUTHOR
The original Samba software and related utilities 
+turned on).
VERSION
This man page is correct for version 3 of 
+	the Samba suite.
AUTHOR
The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
 	to the way the Linux kernel is developed.
The smbget manpage was written by Jelmer Vernooij.
diff --git a/docs/htmldocs/manpages/smbtar.1.html b/docs/htmldocs/manpages/smbtar.1.html
index 46be56be27..2859a5dd95 100644
--- a/docs/htmldocs/manpages/smbtar.1.html
+++ b/docs/htmldocs/manpages/smbtar.1.html
@@ -1,6 +1,6 @@
 smbtar


Name
smbtar — shell script for backing up SMB/CIFS shares 
-	directly to UNIX tape drives
Synopsis
smbtar [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}
DESCRIPTION
This tool is part of the samba(7) suite.
smbtar is a very small shell script on top 
-	of smbclient(1) which dumps SMB shares directly to tape.

OPTIONS
-s server
The SMB/CIFS server that the share resides 
+	directly to UNIX tape drives
Synopsis
smbtar [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}
DESCRIPTION
This tool is part of the samba(7) suite.
smbtar is a very small shell script on top 
+	of smbclient(1) which dumps SMB shares directly to tape.
OPTIONS
-s server
The SMB/CIFS server that the share resides 
 		upon.
-x service
The share name on the server to connect to. 
 		The default is "backup".
-X
Exclude mode. Exclude filenames... from tar 
 		create or restore. 
-d directory
Change to initial directory
@@ -19,12 +19,12 @@
 		from the tar file. 
-l log level
Log (debug) level. Corresponds to the 
 		-d flag of smbclient(1).
ENVIRONMENT VARIABLES
The $TAPE variable specifies the 
 	default tape device to write to. May be overridden
-	with the -t option. 
BUGS
The smbtar script has different 
-	options from ordinary tar and from smbclient's tar command. 
CAVEATS
Sites that are more careful about security may not like 
+	with the -t option. 
BUGS
The smbtar script has different 
+	options from ordinary tar and from smbclient's tar command. 
CAVEATS
Sites that are more careful about security may not like 
 	the way the script handles PC passwords. Backup and restore work 
 	on entire shares; should work on file lists. smbtar works best
-	with GNU tar and may not work well with other versions. 
DIAGNOSTICS
See the DIAGNOSTICS section for the smbclient(1) command.
VERSION
This man page is correct for version 3 of 
-	the Samba suite.
SEE ALSO
smbd(8), smbclient(1), smb.conf(5).
AUTHOR
The original Samba software and related utilities 
+	with GNU tar and may not work well with other versions. 
DIAGNOSTICS
See the DIAGNOSTICS section for the smbclient(1) command.
VERSION
This man page is correct for version 3 of 
+	the Samba suite.
SEE ALSO
smbd(8), smbclient(1), smb.conf(5).AUTHOR
The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
 	to the way the Linux kernel is developed.
Ricky Poulten  
diff --git a/docs/htmldocs/manpages/swat.8.html b/docs/htmldocs/manpages/swat.8.html
index 29c392915a..c13ca8b4ed 100644
--- a/docs/htmldocs/manpages/swat.8.html
+++ b/docs/htmldocs/manpages/swat.8.html
@@ -1,4 +1,4 @@
-swat
Name
swat — Samba Web Administration Tool
Synopsis
swat [-s <smb config file>] [-a] [-P]DESCRIPTION
This tool is part of the samba(7) suite.
swat allows a Samba administrator to 
+swat
Name
swat — Samba Web Administration Tool
Synopsis
swat [-s <smb config file>] [-a] [-P]DESCRIPTION
This tool is part of the samba(7) suite.
swat allows a Samba administrator to 
 	configure the complex smb.conf(5) file via a Web browser. In addition, 
 	a swat configuration page has help links 
 	to all the configurable options in the smb.conf file allowing an 
@@ -41,7 +41,7 @@ compile time.-l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, 
 log.smbd, etc...). The log file is never removed by the client.
 
-h|--help
Print a summary of command line options.
-
INSTALLATION
Swat is included as binary package with most distributions. The 
+
INSTALLATION
Swat is included as binary package with most distributions. The 
 	package manager in this case takes care of the installation and 
 	configuration. This section is only for those who have compiled 
 	swat from scratch.
@@ -62,7 +62,7 @@ log.smbd, etc...). The log file is never removed by the client.
 		/usr/local/samba/sbin/swat swat
Once you have edited /etc/services 
 		and /etc/inetd.conf you need to send a 
 		HUP signal to inetd. To do this use kill -1 PID
-		 where PID is the process ID of the inetd daemon. LAUNCHINGTo launch SWAT just run your favorite web browser and 
+		 where PID is the process ID of the inetd daemon. 
LAUNCHING
To launch SWAT just run your favorite web browser and 
 	point it at "http://localhost:901/".
Note that you can attach to SWAT from any IP connected 
 	machine but connecting from a remote machine leaves your 
 	connection open to password sniffing as passwords will be sent 
diff --git a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
index 5278322428..1088be7759 100644
--- a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
+++ b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
@@ -1,5 +1,5 @@
 smb_traffic_analyzer
Name
vfs_smb_traffic_analyzer — log Samba VFS read and write operations through a socket
-	to a helper application
Synopsis
vfs objects = smb_traffic_analyzer
DESCRIPTION
This VFS module is part of the
+	to a helper application
Synopsis
vfs objects = smb_traffic_analyzer
DESCRIPTION
This VFS module is part of the
 	samba(7) suite.
The vfs_smb_traffic_analyzer VFS module logs
 	client write and read operations on a Samba server and sends this data
 	over a socket to a helper program, which feeds a SQL database. More
@@ -15,7 +15,7 @@
 
 	
BYTES - the length in bytes of the VFS operation
USER - the user who initiated the operation
DOMAIN - the domain of the user
READ/WRITE - either "W" for a write operation or "R" for read
SHARE - the name of the share on which the VFS operation occured
FILENAME - the name of the file that was used by the VFS operation
TIMESTAMP - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured

 
-	
This module is stackable.
OPTIONS
smb_traffic_analyzer:mode = STRING
If STRING matches to "unix_domain_socket", the module will
+	
This module is stackable.
OPTIONS
smb_traffic_analyzer:mode = STRING
If STRING matches to "unix_domain_socket", the module will
 		use a unix domain socket located at /var/tmp/stadsocket, if
 		STRING contains an different string or is not defined, the module will
 		use an internet domain socket for data transfer.
smb_traffic_analyzer:host = STRING
The module will send the data to the system named with
@@ -28,7 +28,7 @@
 		smb_traffic_analyzer:anonymize_prefix, without generating
 		an additional hash number. This means that any transfer data
 		will be mapped to a single user, leading to a total 
-		anonymization of user related data.
EXAMPLES
The module running on share "example_share", using a unix domain socket
+		anonymization of user related data.
EXAMPLES
The module running on share "example_share", using a unix domain socket
 	[example_share]
 	path = /data/example
 	vfs objects = smb_traffic_analyzer
@@ -49,8 +49,8 @@
 	smb_traffic_analyzer:host = examplehost
 	smb_traffic_analyzer:port = 3491
 	smb_traffic_analyzer:anonymize_prefix = User
-	
VERSION
This man page is correct for version 3.3 of the Samba suite.
-	
AUTHOR
The original Samba software and related utilities
+	
VERSION
This man page is correct for version 3.3 of the Samba suite.
+	AUTHOR
The original Samba software and related utilities
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar
 	to the way the Linux kernel is developed.
The original version of the VFS module and the
diff --git a/docs/htmldocs/manpages/wbinfo.1.html b/docs/htmldocs/manpages/wbinfo.1.html
index aa217a0ae9..f929926cbc 100644
--- a/docs/htmldocs/manpages/wbinfo.1.html
+++ b/docs/htmldocs/manpages/wbinfo.1.html
@@ -1,84 +1,83 @@
-wbinfo
Name
wbinfo — Query information from winbind daemon
Synopsis
wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-D domain] [--domain domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user] [--remove-uid-mapping uid,sid] [--remove-gid-mapping gid,sid] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [--set-uid-mapping uid,sid] [--set-gid-mapping gid,sid] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [-Y sid] [--verbose]DESCRIPTION
This tool is part of the samba(7) suite.
The wbinfo program queries and returns information
+wbinfo
Name
wbinfo — Query information from winbind daemon
Synopsis
wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-D domain] [--domain domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user] [--remove-uid-mapping uid,sid] [--remove-gid-mapping gid,sid] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [--set-uid-mapping uid,sid] [--set-gid-mapping gid,sid] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [-Y sid] [--verbose]
DESCRIPTION
This tool is part of the samba(7) suite.
The wbinfo program queries and returns information
 	created and used by the winbindd(8) daemon. 
The winbindd(8) daemon must be configured
 	and running for the wbinfo program to be able
-	to return information.OPTIONS
-a|--authenticate username%password
Attempt to authenticate a user via winbindd.
-                This checks both authenticaion methods and reports its results.
+	to return information.OPTIONS-a|--authenticate username%password
Attempt to authenticate a user via winbindd(8).
+                This checks both authentication methods and reports its results.
 		
Note
Do not be tempted to use this
 		functionality for authentication in third-party
 		applications.  Instead use ntlm_auth(1).
--allocate-gid
Get a new GID out of idmap
 		
--allocate-uid
Get a new UID out of idmap
 		
--all-domains
List all domains (trusted and
 		own domain).
-		
--domain name
This parameter sets the domain on which any specified
+		
--domain name
This parameter sets the domain on which any specified
 		operations will performed.  If special domain name '.' is used to represent
-		the current domain to which winbindd belongs.  Currently only the
+		the current domain to which winbindd(8) belongs.  Currently only the
 		--sequence,
 		-u, and -g options honor this parameter.
-		
-D|--domain-info domain
Show most of the info we have about the domain.
+		
-D|--domain-info domain
Show most of the info we have about the
+		specified domain.
 		
-g|--domain-groups
This option will list all groups available
 		in the Windows NT domain for which the samba(7) daemon is operating in. Groups in all trusted domains
 		will also be listed.  Note that this operation does not assign
 		group ids to any groups that have not already been
-		seen by winbindd(8). 
--get-auth-user
Print username and password used by winbindd
+		seen by winbindd(8). 
--get-auth-user
Print username and password used by winbindd(8)
 		during session setup to a domain controller. Username
 		and password can be set using --set-auth-user.
-		Only available for root.
--getdcname domain
Get the DC name for the specified domain.
-		
-G|--gid-to-sid gid
Try to convert a UNIX group id to a Windows
+		Only available for root.
--getdcname domain
Get the DC name for the specified domain.
+		
-G|--gid-to-sid gid
Try to convert a UNIX group id to a Windows
 		NT SID.  If the gid specified does not refer to one within
-		the idmap gid range then the operation will fail. 
-i|--user-info user
Get user info.
-		
-I|--WINS-by-ip ip
The -I option
+		the idmap gid range then the operation will fail. 
-i|--user-info user
Get user info.
+		
-I|--WINS-by-ip ip
The -I option
 		queries winbindd(8) to send a node status
 		request to get the NetBIOS name associated with the IP address
 		specified by the ip parameter.
-		
-K|--krb5auth username%password
Attempt to authenticate a user via Kerberos.
+		
-K|--krb5auth username%password
Attempt to authenticate a user via Kerberos.
 		
-m|--trusted-domains
Produce a list of domains trusted by the
 		Windows NT server winbindd(8) contacts
 		when resolving names.  This list does not include the Windows
 		NT domain the server is a Primary Domain Controller for.
-		
-n|--name-to-sid name
The -n option
+		
-n|--name-to-sid name
The -n option
 		queries winbindd(8) for the SID
 		associated with the name specified. Domain names can be specified
 		before the user name by using the winbind separator character.
 		For example CWDOM1/Administrator refers to the Administrator
 		user in the domain CWDOM1.  If no domain is specified then the
 		domain used is the one specified in the smb.conf(5)	workgroup
-		 parameter. 
-N|--WINS-by-name name
The -N option
+		 parameter. 
-N|--WINS-by-name name
The -N option
 		queries winbindd(8) to query the WINS
 		server for the IP address associated with the NetBIOS name
 		specified by the name parameter.
 		
--own-domain
List own domain.
-		
-p|--ping
Check whether winbindd is still alive.
+		
-p|--ping
Check whether winbindd(8) is still alive.
 		Prints out either 'succeeded' or 'failed'.
-		
-r|--user-groups username
Try to obtain the list of UNIX group ids
+		
-r|--user-groups username
Try to obtain the list of UNIX group ids
 		to which the user belongs.  This only works for users
 		defined on a Domain Controller.
-		
-s|--sid-to-name sid
Use -s to resolve
+		
-s|--sid-to-name sid
Use -s to resolve
 		a SID to a name.  This is the inverse of the -n
 		 option above.  SIDs must be specified as ASCII strings
 		in the traditional Microsoft format. For example,
 		S-1-5-21-1455342024-3071081365-2475485837-500. 
--separator
Get the active winbind separator.
-		
--sequence
Show sequence numbers of
-		all known domains
--set-auth-user username%password
Store username and password used by winbindd
-		during session setup to a domain controller.  This enables
+		
--sequence
Show sequence numbers of all known domains.
+		
--set-auth-user username%password
Store username and password used by winbindd(8)	during session setup to a domain controller.  This enables
 		winbindd to operate in a Windows 2000 domain with Restrict
 		Anonymous turned on (a.k.a. Permissions compatible with
 		Windows 2000 servers only).
-		
-S|--sid-to-uid sid
Convert a SID to a UNIX user id.  If the SID
+		
-S|--sid-to-uid sid
Convert a SID to a UNIX user id.  If the SID
 		does not correspond to a UNIX user mapped by winbindd(8) then the operation will fail. 
-t|--check-secret
Verify that the workstation trust account
 		created when the Samba server is added to the Windows NT
 		domain is working. 
-u|--domain-users
This option will list all users available
 		in the Windows NT domain for which the winbindd(8) daemon is operating in. Users in all trusted domains
 		will also be listed.  Note that this operation does not assign
 		user ids to any users that have not already been seen by winbindd(8)
-		.
--uid-info UID
Get user info for the user conencted to
-		user id UID.
--user-domgroups SID
Get user domain groups.
-		
--user-sids SID
Get user group SIDs for user.
-		
-U|--uid-to-sid uid
Try to convert a UNIX user id to a Windows NT
+		.
--uid-info uid
Get user info for the user connected to
+		user id UID.
--user-domgroups sid
Get user domain groups.
+		
--user-sids sid
Get user group SIDs for user.
+		
-U|--uid-to-sid uid
Try to convert a UNIX user id to a Windows NT
 		SID.  If the uid specified does not refer to one within
 		the idmap uid range then the operation will fail. 
--verbose

-		      Print additional information about the query
-		      results.
-		  
-Y|--sid-to-gid sid
Convert a SID to a UNIX group id.  If the SID
+		Print additional information about the query results.
+		
-Y|--sid-to-gid sid
Convert a SID to a UNIX group id.  If the SID
 		does not correspond to a UNIX group mapped by winbindd(8) then
 		the operation will fail. 
--remove-uid-mapping uid,sid
Remove an existing uid to sid mapping
 		entry from the IDmap backend.
--remove-gid-mapping gid,sid
Remove an existing gid to sid
@@ -86,10 +85,10 @@
 		mapping in the IDmap backend.
--set-gid-mapping gid,sid
Create a new or modify an existing gid to sid
 		mapping in the IDmap backend.
-V
Prints the program version number.
 
-h|--help
Print a summary of command line options.
-
EXIT STATUS
The wbinfo program returns 0 if the operation
+
EXIT STATUS
The wbinfo program returns 0 if the operation
 	succeeded, or 1 if the operation failed.  If the winbindd(8) daemon is not working wbinfo will always return
-	failure. 
VERSION
This man page is correct for version 3 of
-	the Samba suite.
SEE ALSO
winbindd(8) and ntlm_auth(1)
AUTHOR
The original Samba software and related utilities
+	failure. 
VERSION
This man page is correct for version 3 of
+	the Samba suite.
SEE ALSO
winbindd(8) and ntlm_auth(1)
AUTHOR
The original Samba software and related utilities
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar
 	to the way the Linux kernel is developed.
wbinfo and winbindd
-- 
cgit v1.2.3

DESCRIPTION

DESCRIPTION

OPTIONS

OPTIONS

EVENTLOG RECORD FORMAT

EVENTLOG RECORD FORMAT

EXAMPLES

EXAMPLES

VERSION

AUTHOR

VERSION

AUTHOR

Name

DESCRIPTION

Name

DESCRIPTION

IDMAP OPTIONS

IDMAP OPTIONS

EXAMPLES

EXAMPLES

AUTHOR

AUTHOR

EXAMPLES

THE MAPPING FORMULAS

EXAMPLES

AUTHOR

AUTHOR

Name

Synopsis

DESCRIPTION

Name

Synopsis

DESCRIPTION

OPTIONS

ENVIRONMENT

VERSION

SEE ALSO

AUTHOR

ENVIRONMENT

VERSION

SEE ALSO

AUTHOR

COMMANDS

CHANGESECRETPW

COMMANDS

CHANGESECRETPW

TIME

TIME

TIME

TIME

TIME SYSTEM

TIME SET

TIME ZONE

[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

TIME ZONE

[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

[RPC] OLDJOIN [options]

[RPC|ADS] USER

[RPC|ADS] USER

[RPC|ADS] USER DELETE target

[RPC|ADS] USER INFO target

[RPC|ADS] USER RENAME oldname newname

[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

[RPC|ADS] GROUP

[RPC|ADS] GROUP [misc options] [targets]

[RPC|ADS] GROUP DELETE name [misc. options]

[RPC|ADS] GROUP ADD name [-C comment]

[RAP|RPC] SHARE

[RAP|RPC] SHARE [misc. options] [targets]

[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]

[RPC|ADS] USER

[RPC|ADS] USER

[RPC|ADS] USER DELETE target

[RPC|ADS] USER INFO target

[RPC|ADS] USER RENAME oldname newname

[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

[RPC|ADS] GROUP

[RPC|ADS] GROUP [misc options] [targets]

[RPC|ADS] GROUP DELETE name [misc. options]

[RPC|ADS] GROUP ADD name [-C comment]

[RPC|ADS] USER DELETE `target`

[RPC|ADS] USER INFO `target`

[RPC|ADS] USER RENAME `oldname` `newname`

[RPC|ADS] USER ADD `name` [password] [-F user flags] [-C comment]

[RPC|ADS] GROUP DELETE `name` [misc. options]

[RPC|ADS] GROUP ADD `name` [-C comment]

[RAP|RPC] SHARE ADD `name=serverpath` [-C comment] [-M maxusers] [targets]

[RPC|ADS] USER DELETE `target`

[RPC|ADS] USER INFO `target`

[RPC|ADS] USER RENAME `oldname` `newname`

[RPC|ADS] USER ADD `name` [password] [-F user flags] [-C comment]

[RPC|ADS] GROUP DELETE `name` [misc. options]

[RPC|ADS] GROUP ADD `name` [-C comment]

[RAP|RPC] SHARE ADD `name=serverpath` [-C comment] [-M maxusers] [targets]

SHARE DELETE `sharename`

[RPC|RAP] FILE CLOSE `fileid`

[RPC|RAP] FILE INFO `fileid`

SHARE DELETE `sharename`

[RPC|RAP] FILE CLOSE `fileid`

[RPC|RAP] FILE INFO `fileid`

[RAP|RPC] FILE USER `user`

RAP SESSION DELETE|CLOSE `CLIENT_NAME`

RAP SESSION INFO `CLIENT_NAME`

RAP SERVER `DOMAIN`

RAP SESSION DELETE|CLOSE `CLIENT_NAME`

RAP SESSION INFO `CLIENT_NAME`

RAP SERVER `DOMAIN`

RAP PRINTQ INFO `QUEUE_NAME`

RAP PRINTQ INFO `QUEUE_NAME`

RAP PRINTQ DELETE `JOBID`

RAP VALIDATE `user` [`password`]

RAP PRINTQ DELETE `JOBID`

RAP VALIDATE `user` [`password`]

RAP GROUPMEMBER LIST `GROUP`

RAP GROUPMEMBER DELETE `GROUP` `USER`

RAP GROUPMEMBER ADD `GROUP` `USER`

RAP ADMIN `command`

RAP GROUPMEMBER LIST `GROUP`

RAP GROUPMEMBER DELETE `GROUP` `USER`

RAP GROUPMEMBER ADD `GROUP` `USER`

RAP ADMIN `command`

RAP SERVICE START `NAME` [arguments...]

RAP PASSWORD `USER` `OLDPASS` `NEWPASS`

RAP SERVICE START `NAME` [arguments...]

RAP PASSWORD `USER` `OLDPASS` `NEWPASS`

LOOKUP HOST `HOSTNAME` [`TYPE`]

LOOKUP HOST `HOSTNAME` [`TYPE`]

LOOKUP LDAP [`DOMAIN`]

LOOKUP KDC [`REALM`]

LOOKUP DC [`DOMAIN`]

LOOKUP MASTER `DOMAIN`

LOOKUP LDAP [`DOMAIN`]

LOOKUP KDC [`REALM`]