ldbrename

+

debug pid (G)

@@ -1303,10 +1302,10 @@ debug timestamp (G) boolean parameter allows timestamping to be turned off.

Default: debug timestamp = yes -

+

debug uid (G) -

: +

Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.

@@ -1381,7 +1380,7 @@ defer sharing violations (G) designed to enable Samba to more correctly emulate Windows.

Default: defer sharing violations = True -

+

delete group script (G)

This is the full pathname to a script that will @@ -1419,10 +1418,10 @@ delete readonly (S) as rcs, where UNIX file ownership prevents changing file permissions, and DOS semantics prevent deletion of a read only file.

Default: delete readonly = no -

+

delete share command (G) -

: +

Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The delete share command is used to define an external program or script which will remove an existing service definition from @@ -1472,10 +1471,10 @@ delete user script (G)

Example: delete user script = /usr/local/samba/bin/del_user %u -

+

delete veto files (S) -

: This option is used when Samba is attempting to +

This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the veto files option). If this option is set to no (the default) then if a vetoed @@ -1505,10 +1504,10 @@ dfree cache time (S) By default this parameter is zero, meaning no caching will be done.

No default

Example: dfree cache time = dfree cache time = 60 -

+

dfree command (S) -

: +

The dfree command setting should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" @@ -1593,19 +1592,19 @@ directory security mask (S)

Example: directory security mask = 0700 -

+

disable netbios (G) -

: Enabling this parameter will disable netbios support +

Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP.

Note

Clients that only support netbios won't be able to see your samba server when netbios support is disabled.

Default: disable netbios = no -

+

disable spoolss (G) -

: Enabling this parameter will disable Samba's support +

Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba 2.0.x. Windows NT/2000 clients will downgrade to using Lanman style printing commands. Windows 9x/ME will be unaffected by @@ -1617,7 +1616,7 @@ disable spoolss (G) Be very careful about enabling this parameter.

Default: disable spoolss = no -

+

display charset (G)

@@ -1659,10 +1658,10 @@ dns proxy (G) DNS name lookup requests, as doing a name lookup is a blocking action.

Default: dns proxy = yes -

+

domain logons (G) -

: +

If set to yes, the Samba server will provide the netlogon service for Windows 9X network logons for the workgroup it is in. @@ -1723,10 +1722,10 @@ dos charset (G) charset Samba should talk to DOS clients.

The default depends on which charsets you have installed. Samba tries to use charset 850 but falls back to ASCII in - case it is not available. Run testparm(1) to check the default on your system.

No default

+ case it is not available. Run testparm(1) to check the default on your system.
No default

dos filemode (S) -

: The default behavior in Samba is to provide +

The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter @@ -1755,10 +1754,10 @@ dos filetime resolution (S) this option causes the two timestamps to match, and Visual C++ is happy.

Default: dos filetime resolution = no -

+

dos filetimes (S) -

: Under DOS and Windows, if a user can write to a +

: Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the @@ -1786,7 +1785,7 @@ ea support (S) enable asu support (G)

Hosts running the "Advanced Server for Unix (ASU)" product - require some special accomodations such as creating a builting [ADMIN$] + require some special accomodations such as creating a builtin [ADMIN$] share that only supports IPC connections. The has been the default behavior in smbd for many years. However, certain Microsoft applications such as the Print Migrator tool require that the remote server support @@ -1809,10 +1808,10 @@ enable privileges (G) Please read the extended description provided in the Samba HOWTO documentation.

Default: enable privileges = yes -

+

encrypt passwords (G) -

: This boolean controls whether encrypted passwords +

This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in @@ -1847,7 +1846,7 @@ enhanced browsing (G) DMBs. The second enhancement consists of a regular randomised browse synchronization with all currently known DMBs.

You may wish to disable this option if you have a problem with empty workgroups not disappearing from browse lists. Due to the restrictions - of the browse protocols these enhancements can cause a empty workgroup + of the browse protocols, these enhancements can cause a empty workgroup to stay around forever which can be annoying.

In general you should leave this option enabled as it makes cross-subnet browse propagation much more reliable.

Default: enhanced browsing = yes @@ -1912,10 +1911,10 @@ fake directory create times (S) ensures directories always predate their contents and an NMAKE build will proceed as expected.

Default: fake directory create times = no -

+

fake oplocks (S) -

: Oplocks are the way that SMB clients get permission +

Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume that it is the only one accessing the file and it will aggressively @@ -1931,10 +1930,10 @@ fake oplocks (S) files read-write at the same time you can get data corruption. Use this option carefully!

Default: fake oplocks = no -

+

follow symlinks (S) -

: +

This parameter allows the Samba administrator to stop smbd(8) from following symbolic links in a particular share. Setting this parameter to no prevents any file or directory that is a symbolic link from being followed (the user will get an error). This option is very useful to stop users from adding a symbolic @@ -1944,10 +1943,10 @@ follow symlinks (S) This option is enabled (i.e. smbd will follow symbolic links) by default.

Default: follow symlinks = yes -

+

force create mode (S) -

: This parameter specifies a set of UNIX mode bit +

This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created. The default for this parameter is (in octal) @@ -1975,10 +1974,10 @@ force directory mode (S)

Example: force directory mode = 0755 -

+

force directory security mode (S) -

: +

This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.

@@ -2141,10 +2140,10 @@ get quota command (G)

Example: get quota command = /usr/local/sbin/query_quota -

+

getwd cache (G) -

: This is a tuning option. When this is enabled a +

This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially when the wide smbconfoptions parameter is set to no.

Default: getwd cache = yes @@ -2170,10 +2169,10 @@ guest account (G)

Example: guest account = ftp -

+

public -

: This parameter is a synonym for guest ok.

+

: This parameter is a synonym for guest ok.

guest ok (S)

: If this parameter is yes for @@ -2197,7 +2196,7 @@ guest only (S)

hide dot files (S) -

: This is a boolean parameter that controls whether +

This is a boolean parameter that controls whether files starting with a dot appear as hidden files.

Default: hide dot files = yes

@@ -2225,18 +2224,18 @@ hide files = /./DesktopFolderDB/TrashFor%m/resource.frk/
Default: `hide files`* = `# no file are hidden` -

+

hide special files (S) -

: +

This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings.

Default: hide special files = no -

+

hide unreadable (S) -

: This parameter prevents clients from seeing the +

This parameter prevents clients from seeing the existance of files that cannot be read. Defaults to off.

Default: hide unreadable = no

@@ -2247,10 +2246,10 @@ hide unwriteable files (S) Defaults to off. Note that unwriteable directories are shown as usual.
Default: `hide unwriteable files` = `no` -

+

homedir map (G) -

: +

: If nis homedir is yes, and smbd(8) is also acting as a Win95/98 logon server then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun auto.home map format is understood. The form of the map is: @@ -2279,7 +2278,7 @@ host msdfs (G)

hostname lookups (G) -

: Specifies whether samba should use (expensive) +

Specifies whether samba should use (expensive) hostname lookups or use the ip addresses instead. An example place where hostname lookups are currently used is when checking the hosts deny and hosts allow. @@ -2313,10 +2312,10 @@ hosts allow (S)

Example: hosts allow = 150.203.5. myhost.mynet.edu.au -

+

deny hosts -

: This parameter is a synonym for hosts deny.

+

: This parameter is a synonym for hosts deny.

hosts deny (S)

The opposite of hosts allow @@ -2361,10 +2360,10 @@ idmap alloc config (G) for the backend defined by the idmap alloc backend parameter. Refer to the man page for each idmap plugin regarding specific configuration details. -

No default

+
No default

idmap backend (G) -

: +

The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables.

@@ -2385,17 +2384,17 @@ idmap backend (G) and ad (idmap_ad(8)).

Default: idmap backend = tdb -

+

idmap cache time (G) -

: This parameter specifies the number of seconds that Winbind's +

This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results.

Default: idmap cache time = 604800 (one week) -

+

idmap config (G) -

: +

The idmap config prefix provides a means of managing each trusted domain separately. The idmap config prefix should be followed by the name of the domain, a colon, and a setting specific to the chosen @@ -2427,10 +2426,10 @@ idmap config (G) idmap config CORP : backend = ad idmap config CORP : range = 1000-999999 -

No default

+
No default

winbind gid -

: This parameter is a synonym for idmap gid.

+

: This parameter is a synonym for idmap gid.

idmap gid (G)

The idmap gid parameter specifies the range of group ids @@ -2443,10 +2442,10 @@ idmap gid (G)

Example: idmap gid = 10000-20000 -

+

idmap negative cache time (G) -

: This parameter specifies the number of seconds that Winbind's +

This parameter specifies the number of seconds that Winbind's idmap interface will cache negative SID/uid/gid query results.

Default: idmap negative cache time = 120 @@ -2548,10 +2547,10 @@ init logon delay (G) init logon delayed hosts.

Default: init logon delay = 100 -

+

interfaces (G) -

: This option allows you to override the default +

This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query the kernel for the list of all active interfaces and use any @@ -2575,10 +2574,10 @@ interfaces (G)

Example: interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 -

+

invalid users (S) -

: This is a list of users that should not be allowed +

This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.

A name starting with a '@' is interpreted as an NIS @@ -2610,10 +2609,10 @@ iprint server (G)

Example: iprint server = MYCUPSSERVER -

+

keepalive (G) -

: The value of the parameter (an integer) represents +

The value of the parameter (an integer) represents the number of seconds between keepalive packets. If this parameter is zero, no keepalive packets will be sent. Keepalive packets, if sent, allow the server to tell whether @@ -2646,15 +2645,15 @@ kernel oplocks (G) to a no-op on systems that no not have the necessary kernel support. You should never need to touch this parameter.

Default: kernel oplocks = yes -

+

lanman auth (G) -

: This parameter determines whether or not smbd(8) will attempt to +

This parameter determines whether or not smbd(8) will attempt to authenticate users or permit password changes using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows 95/98 or the MS DOS network client) will be able to - connect to the Samba host.

The LANMAN encrypted response is easily broken, due to it's + connect to the Samba host.

The LANMAN encrypted response is easily broken, due to its case-insensitive nature, and the choice of algorithm. Servers without Windows 95/98/ME or MS DOS clients are advised to disable this option.

Unlike the encrypt @@ -2678,10 +2677,10 @@ large readwrite (G) performance by 10% with Windows 2000 clients. Defaults to on. Not as tested as some other Samba code paths.

Default: large readwrite = yes -

`+`

`ldap admin dn (G) -`



 	The ldap admin dn defines the Distinguished  Name (DN) name used by Samba to contact
 	the ldap server when retreiving  user account information. The ldap admin dn is used
 	in conjunction with the admin dn password stored in the private/secrets.tdb
@@ -2689,7 +2688,7 @@ ldap admin dn (G)
 	man page for more information on how  to accomplish this.
 	

 	The ldap admin dn requires a fully specified DN. The ldap  suffix is not appended to the ldap admin dn.
-	
No default

`+ No default`

`ldap connection timeout (G)`



@@ -2736,18 +2735,18 @@ ldap debug threshold (G)
 
 
Example: ldap debug threshold = 5
 
-

`+`

`ldap delete dn (G) -`


 This parameter specifies whether a delete
+


 This parameter specifies whether a delete
 	operation in the ldapsam deletes the complete entry or only the attributes
 	specific to Samba.
 	
Default: ldap delete dn = no
 
-

`+`

`ldap group suffix (G) -`


This parameter specifies the suffix that is 
+


This parameter specifies the suffix that is 
 	used for groups when these are added to the LDAP directory.
 	If this parameter is unset, the value of ldap suffix will be used instead.  The suffix string is pre-pended to the
         ldap suffix string so use a partial DN.
Default: ldap group suffix = 
@@ -2765,10 +2764,10 @@ ldap idmap suffix (G)
 
 
Example: ldap idmap suffix = ou=Idmap
 
-

`+`

`ldap machine suffix (G) -`



 	It specifies where machines should be added to the ldap tree.  If this parameter is unset, the value of
 	ldap suffix will be used instead.  The suffix string is pre-pended to the
 	ldap suffix string so use a partial DN.
@@ -2806,10 +2805,10 @@ ldap replication sleep (G)
 	The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
 	
Default: ldap replication sleep = 1000
 
-

`+`

`ldapsam:editposix (G) -`



 	Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
 	eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
 	will instead directly manipulate the ldap tree to create, remove and modify user and group entries.
@@ -2887,10 +2886,10 @@ ldapsam:editposix (G)
 	

 	
Default: ldapsam:editposix = no
 
-

`+`

`ldapsam:trusted (G) -`



 	By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
 	access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group
 	this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he
@@ -2908,29 +2907,51 @@ ldapsam:trusted (G)
 	is easily achieved.
 	
Default: ldapsam:trusted = no
 
-

`+`

`+ +ldap ssl ads (G) +`


This option is used to define whether or not Samba should
+	use SSL when connecting to the ldap server using
+	ads methods.
+	Rpc methods are not affected by this parameter. Please note, that
+	this parameter won't have any effect if ldap ssl
+	is set to no.
+	
See smb.conf(5)
+	for more information on ldap ssl.
+	
Default: ldap ssl ads = no
+
+

`ldap ssl (G) -`


This option is used to define whether or not Samba should
+


This option is used to define whether or not Samba should
 	use SSL when connecting to the ldap server
 	This is NOT related to
 	Samba's previous SSL support which was enabled by specifying the
 	--with-ssl option to the
 	configure
 	script.
LDAP connections should be secured where possible. This may be
-	done setting either this parameter to
+	done setting either this parameter to
 	Start_tls
-	or by specifying ldaps:// in
+	or by specifying ldaps:// in
         the URL argument of passdb backend.
The ldap ssl can be set to one of
 	two values:
Off = Never
 			use SSL when querying the directory.
start tls = Use
 			the LDAPv3 StartTLS extended operation (RFC2830) for
-			communicating with the directory server.
Default: ldap ssl = start tls
-
-

`+ communicating with the directory server.`

+ Please note that this parameter does only affect rpc + methods. To enable the LDAPv3 StartTLS extended operation (RFC2830) for + ads, set + ldap ssl = yes + and + ldap ssl ads = yes. + See smb.conf(5) + for more information on ldap ssl ads. +

Default: ldap ssl = start tls + +

`ldap suffix (G) -`


Specifies the base for all ldap suffixes and for storing the sambaDomain object.

+


Specifies the base for all ldap suffixes and for storing the sambaDomain object.

 	The ldap suffix will be appended to the values specified for the ldap user suffix,
 	 ldap group suffix, ldap machine suffix, and the
 	 ldap idmap suffix. Each of these should be given only a DN relative to the
@@ -2939,17 +2960,17 @@ ldap suffix (G)
 
 
Example: ldap suffix = dc=samba,dc=org
 
-

`+`

`ldap timeout (G) -`



 	This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
 	
Default: ldap timeout = 15
 
-

`+`

`ldap user suffix (G) -`



 	This parameter specifies where users are added to the tree. If this parameter is unset, 
 	the value of ldap suffix will be used instead.  The suffix 
 	string is pre-pended to the  ldap suffix string so use a partial DN.
@@ -2957,10 +2978,10 @@ ldap user suffix (G)
 
 
Example: ldap user suffix = ou=people
 
-

`+`

`level2 oplocks (S) -`


This parameter controls whether Samba supports
+


This parameter controls whether Samba supports
 	level2 (read-only) oplocks on a share.
Level2, or read-only oplocks allow Windows NT clients 
 	that have an oplock on a file to downgrade from a read-write oplock 
 	to a read-only oplock once a second client opens the file (instead 
@@ -2980,10 +3001,10 @@ level2 oplocks (S)
 	parameter must be set to yes on this share in order for 
 	this parameter to have any effect.
Default: level2 oplocks = yes
 
-

`+`

`lm announce (G) -`


This parameter determines if nmbd(8) will produce Lanman announce 
+


This parameter determines if nmbd(8) will produce Lanman announce 
 	broadcasts that are needed by OS/2 clients in order for them to see 
 	the Samba server in their browse list. This parameter can have three 
 	values, yes, no, or
@@ -2999,10 +3020,10 @@ lm announce (G)
 
 
Example: lm announce = yes
 
-

`+`

`lm interval (G) -`


If Samba is set to produce Lanman announce 
+


If Samba is set to produce Lanman announce 
 	broadcasts needed by OS/2 clients (see the 
 		lm announce parameter) then this 
 	parameter defines the frequency in seconds with which they will be 
@@ -3012,18 +3033,18 @@ lm interval (G)
 
 
Example: lm interval = 120
 
-

`+`

`load printers (G) -`


A boolean variable that controls whether all 
+


A boolean variable that controls whether all 
     printers in the printcap will be loaded for browsing by default. 
     See the printers section for 
     more details.
Default: load printers = yes
 
-

`+`

`local master (G) -`


This option allows nmbd(8) to try and become a local master browser 
+


This option allows nmbd(8) to try and become a local master browser 
 	on a subnet. If set to no then 
 	nmbd will not attempt to become a local master browser 
 	on a subnet and will also lose in all browsing elections. By
@@ -3033,13 +3054,13 @@ local master (G)
 	will participate in elections for local master browser.
Setting this value to no will cause nmbd never to become a local 
 master browser.
Default: local master = yes
 
-

`+`

`lock dir -`


This parameter is a synonym for lock directory.

`+`


This parameter is a synonym for lock directory.

`lock directory (G) -`


This option specifies the directory where lock 
+


This option specifies the directory where lock 
 	files will be placed.  The lock files are used to implement the 
 	max connections option.
 	

@@ -3049,10 +3070,10 @@ lock directory (G)
 
 
Example: lock directory = /var/run/samba/locks
 
-

`+`

`locking (S) -`


This controls whether or not locking will be 
+


This controls whether or not locking will be 
 	performed by the server in response to lock requests from the 
 	client.
If locking = no, all lock and unlock 
 	requests will appear to succeed and all lock queries will report 
@@ -3062,18 +3083,18 @@ locking (S)
 	CDROM drives), although setting this parameter of no 
 	is not really recommended even in this case.
Be careful about disabling locking either globally or in a 
 	specific service, as lack of locking may result in data corruption. 
-	You should never need to set this parameter.
No default

`+ You should never need to set this parameter. No default`

`lock spin count (G) -`


This parameter has been made inoperative in Samba 3.0.24.
+


This parameter has been made inoperative in Samba 3.0.24.
 	The functionality it contolled is now controlled by the parameter
 	lock spin time.
 	
Default: lock spin count = 0
 
-

`+`

`lock spin time (G) -`


The time in microseconds that smbd should 
+


The time in microseconds that smbd should 
 	keep waiting to see if a failed lock request can
 	be granted. This parameter has changed in default
 	value from Samba 3.0.23 from 10 to 200. The associated
@@ -3081,22 +3102,22 @@ lock spin time (G)
 	no longer used in Samba 3.0.24. You should not need
 	to change the value of this parameter.
Default: lock spin time = 200
 
-

`+`

`log file (G) -`



     This option allows you to override the name of the Samba log file (also known as the debug file).
     

     This option takes the standard substitutions, allowing you to have separate log files for each user or machine.
     
No default
Example: log file = /usr/local/samba/var/log.%m
 
-

`+`

`debuglevel -`


This parameter is a synonym for log level.

`+`


This parameter is a synonym for log level.

`log level (G) -`



     The value of the parameter (a astring) allows the debug level (logging level) to be specified in the 
     smb.conf file. 
     
This parameter has been extended since the 2.2.x 
@@ -3107,10 +3128,10 @@ log level (G)
 
 
Example: log level = 3 passdb:5 auth:10 winbind:2
 
-

`+`

`logon drive (G) -`



 	This parameter specifies the local path to which the home directory will be
 	connected (see logon home) and is only used by NT
 	Workstations.
@@ -3120,10 +3141,10 @@ logon drive (G)
 
 
Example: logon drive = h:
 
-

`+`

`logon home (G) -`



 	This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC.  
 	It allows you to do
 	

@@ -3154,10 +3175,10 @@ logon home (G)
 
 
Example: logon home = \\remote_smb_server\%U
 
-

`+`

`logon path (G) -`



 	This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are 
 	stored.  Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
 	profiles.  To find out how to handle roaming profiles for Win 9X system, see the
@@ -3201,10 +3222,10 @@ logon path = \\PROFILESERVER\PROFILE\%U
 

 	
Default: logon path = \\%N\%U\profile
 
-

`+`

`logon script (G) -`



 	This parameter specifies the batch file (.bat) or NT command file
 	(.cmd) to be downloaded and run on a machine when a user successfully logs in.  The file
 	must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.
@@ -3235,10 +3256,10 @@ logon script (G)
 
 
Example: logon script = scripts\%U.bat
 
-

`+`

`lppause command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to stop printing or spooling 
     a specific print job.
This command should be a program or script which takes 
     a printer name and job number to pause the print job. One way 
@@ -3262,10 +3283,10 @@ lppause command (S)
 
 
Example: lppause command = /usr/bin/lpalt %p-%j -p0
 
-

`+`

`lpq cache time (G) -`


This controls how long lpq info will be cached 
+


This controls how long lpq info will be cached 
 	for to prevent the lpq command being called too 
 	often. A separate cache is kept for each variation of the 
 	lpq command used by the system, so if you use different 
@@ -3278,10 +3299,10 @@ lpq cache time (G)
 
 
Example: lpq cache time = 10
 
-

`+`

`lpq command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to obtain lpq
     -style printer status information.
This command should be a program or script which 
     takes a printer name as its only parameter and outputs printer 
@@ -3303,10 +3324,10 @@ lpq command (S)
 
 
Example: lpq command = /usr/bin/lpq -P%p
 
-

`+`

`lpresume command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to restart or continue 
     printing or spooling a specific print job.
This command should be a program or script which takes 
     a printer name and job number to resume the print job. See 
@@ -3319,10 +3340,10 @@ lpresume command (S)
     parameter is SYSV, in which case the default is:
lp -i %p-%j -H resume
or if the value of the printing parameter 
     is SOFTQ, then the default is:
qstat -s -j%j -r
No default
Example: lpresume command = /usr/bin/lpalt %p-%j -p2
 
-

`+`

`lprm command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to delete a print job.
This command should be a program or script which takes 
     a printer name and job number, and deletes the print job.
If a %p is given then the printer name 
     is put in its place. A %j is replaced with 
@@ -3339,10 +3360,10 @@ lprm command = /usr/bin/cancel %p-%j
 

 	
Default: lprm command =  determined by printing parameter
 
-

`+`

`machine password timeout (G) -`



 	If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change
 	the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb
 	.  This parameter specifies how often this password will be changed, in seconds. The default is one
@@ -3352,10 +3373,10 @@ machine password timeout (G)
 	and the security = domain parameter.
 	
Default: machine password timeout = 604800
 
-

`+`

`magic output (S) -`



 	This parameter specifies the name of a file which will contain output created by a magic script (see the 
 	magic script parameter below).
 	
Warning
If two clients use the same magic script
@@ -3364,10 +3385,10 @@ magic output (S)
 
 
Example: magic output = myfile.txt
 
-

`+`

`magic script (S) -`


This parameter specifies the name of a file which, 
+


This parameter specifies the name of a file which, 
 	if opened, will be executed by the server when the file is closed. 
 	This allows a UNIX script to be sent to the Samba host and 
 	executed on behalf of the connected user.
Scripts executed in this way will be deleted upon 
@@ -3383,10 +3404,10 @@ magic script (S)
 
 
Example: magic script = user.csh
 
-

`+`

`mangled names (S) -`


This controls whether non-DOS names under UNIX 
+


This controls whether non-DOS names under UNIX 
 	should be mapped to DOS-compatible names ("mangled") and made visible, 
 	or whether non-DOS names should simply be ignored.
See the section on name mangling for 
 	details on how to control the mangling process.
If mangling is used then the mangling algorithm is as follows:
The first (up to) five alphanumeric characters 
@@ -3411,10 +3432,10 @@ mangled names (S)
 	from Windows/DOS and will retain the same basename. Mangled names 
 	do not change between sessions.
Default: mangled names = yes
 
-

`+`

`mangle prefix (G) -`


 controls the number of prefix
+


 controls the number of prefix
 	characters from the original name used when generating
 	the mangled names. A larger value will give a weaker
 	hash and therefore more name collisions. The minimum
@@ -3424,20 +3445,20 @@ mangle prefix (G)
 
 
Example: mangle prefix = 4
 
-

`+`

`mangling char (S) -`


This controls what character is used as 
+


This controls what character is used as 
 	the magic character in name mangling. The 
 	default is a '~' but this may interfere with some software. Use this option to set 
 	it to whatever you prefer. This is effective only when mangling method is hash.
Default: mangling char = ~
 
 
Example: mangling char = ^
 
-

`+`

`mangling method (G) -`


 controls the algorithm used for the generating
+


 controls the algorithm used for the generating
 	the mangled names. Can take two different values, "hash" and
 	"hash2". "hash" is the algorithm that was used
 	used in Samba for many years and was the default in Samba 2.2.x "hash2" is
@@ -3448,10 +3469,10 @@ mangling method (G)
 
 
Example: mangling method = hash
 
-

`+`

`map acl inherit (S) -`


This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected'
+


This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected'
     access control entry flags stored in Windows ACLs into an extended attribute
     called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
     on a platform that supports extended attributes (Linux and IRIX so far) and
@@ -3459,10 +3480,10 @@ map acl inherit (S)
     POSIX ACL mapping code.
     
Default: map acl inherit = no
 
-

`+`

`map archive (S) -`



 	This controls whether the DOS archive attribute 
 	should be mapped to the UNIX owner execute bit.  The DOS archive bit 
 	is set when a file has been modified since its last backup.  One 
@@ -3475,19 +3496,19 @@ map archive (S)
 	create mask for details.
 	
Default: map archive = yes
 
-

`+`

`map hidden (S) -`



 	This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
 	

 	Note that this requires the create mask to be set such that the world execute 
 	bit is not masked out (i.e. it must include 001). See the parameter create mask 
 	for details.
-	
No default

`+ No default`

`map read only (S) -`



 	This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
 	

 	This parameter can take three different values, which tell smbd(8) how to display the read only attribute on files, where either
@@ -3512,10 +3533,10 @@ map read only (S)
 		the store dos attributes method. This may be useful for exporting mounted CDs.
 		
Default: map read only = yes
 
-

`+`

`map system (S) -`



 	This controls whether DOS style system files should be mapped to the UNIX group execute bit.
 	

 	Note that this requires the create mask	to be set such that the group 
@@ -3523,10 +3544,10 @@ map system (S)
 	create mask for details.
 	
Default: map system = no
 
-

`+`

`map to guest (G) -`


This parameter is only useful in SECURITY = 
+


This parameter is only useful in SECURITY = 
     security modes other than security = share 
     and security = server
     - i.e. user, and domain.
This parameter can take four different values, which tell
@@ -3568,10 +3589,10 @@ map to guest (G)
 
 
Example: map to guest = Bad User
 
-

`+`

`max connections (S) -`


This option allows the number of simultaneous connections to a service to be limited.
+


This option allows the number of simultaneous connections to a service to be limited.
     If max connections is greater than 0 then connections
     will be refused if this number of connections to the service are already open. A value 
     of zero mean an unlimited number of connections may be made.
Record lock files are used to implement this feature. The lock files will be stored in 
@@ -3579,10 +3600,10 @@ max connections (S)
 
 
Example: max connections = 10
 
-

`+`

`max disk size (G) -`


This option allows you to put an upper limit 
+


This option allows you to put an upper limit 
     on the apparent size of disks. If you set this option to 100 
     then all shares will appear to be not larger than 100 MB in 
     size.
Note that this option does not limit the amount of 
@@ -3596,10 +3617,10 @@ max disk size (G)
 
 
Example: max disk size = 1000
 
-

`+`

`max log size (G) -`



     This option (an integer in kilobytes) specifies the max size the log file should grow to. 
     Samba periodically checks the size and if it is exceeded it will rename the file, adding 
 	a .old extension.
@@ -3608,17 +3629,17 @@ max log size (G)
 
 
Example: max log size = 1000
 
-

`+`

`max mux (G) -`


This option controls the maximum number of 
+


This option controls the maximum number of 
     outstanding simultaneous SMB operations that Samba tells the client 
 	it will allow. You should never need to set this parameter.
Default: max mux = 50
 
-

`+`

`max open files (G) -`


This parameter limits the maximum number of 
+


This parameter limits the maximum number of 
     open files that one smbd(8) file 
     serving process may have open for a client at any one time. The 
     default for this parameter is set very high (10,000) as Samba uses 
@@ -3626,23 +3647,23 @@ max open files (G)
     by the UNIX per-process file descriptor limit rather than 
     this parameter so you should never need to touch this parameter.
Default: max open files = 10000
 
-

`+`

`max print jobs (S) -`


This parameter limits the maximum number of 
+


This parameter limits the maximum number of 
     jobs allowable in a Samba printer queue at any given moment.
     If this number is exceeded, smbd(8) will remote "Out of Space" to the client.
 	
Default: max print jobs = 1000
 
 
Example: max print jobs = 5000
 
-

`+`

`protocol -`


This parameter is a synonym for max protocol.

`+`


This parameter is a synonym for max protocol.

`max protocol (G) -`


The value of the parameter (a string) is the highest 
+


The value of the parameter (a string) is the highest 
     protocol level that will be supported by the server.
Possible values are :
CORE: Earliest version. No 
 	    concept of user names.
COREPLUS: Slight improvements on 
 	    CORE for efficiency.
LANMAN1: First 
@@ -3654,10 +3675,10 @@ max protocol (G)
 
 
Example: max protocol = LANMAN1
 
-

`+`

`max reported print jobs (S) -`



     This parameter limits the maximum number of jobs displayed in a port monitor for 
     Samba printer queue at any given moment. If this number is exceeded, the excess 
     jobs will not be shown. A value of zero means there is no limit on the number of 
@@ -3666,10 +3687,10 @@ max reported print jobs (S)
 
 
Example: max reported print jobs = 1000
 
-

`+`

`max smbd processes (G) -`


This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended
+


This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended
     as a stopgap to prevent degrading service to clients in the event that the server has insufficient
     resources to handle more than this number of connections.  Remember that under normal operating
     conditions, each user will have an smbd(8) associated with him or her to handle connections to all
@@ -3677,10 +3698,10 @@ max smbd processes (G)
 
 
Example: max smbd processes = 1000
 
-

`+`

`max stat cache size (G) -`


This parameter limits the size in memory of any 
+


This parameter limits the size in memory of any 
 	  stat cache being used
 	  to speed up case insensitive name mappings. It represents
 	  the number of kilobyte (1024) units the stat cache can use.
@@ -3691,27 +3712,27 @@ max stat cache size (G)
 
 
Example: max stat cache size = 100
 
-

`+`

`max ttl (G) -`


This option tells nmbd(8) what the default 'time to live' 
+


This option tells nmbd(8) what the default 'time to live' 
     of NetBIOS names should be (in seconds) when nmbd is 
     requesting a name using either a broadcast packet or from a WINS server. You should 
 	never need to change this parameter. The default is 3 days.
Default: max ttl = 259200
 
-

`+`

`max wins ttl (G) -`


This option tells smbd(8) when acting as a WINS server
+


This option tells smbd(8) when acting as a WINS server
 	(wins support = yes) what the maximum
     'time to live' of NetBIOS names that nmbd 
     will grant will be (in seconds). You should never need to change this
 	parameter.  The default is 6 days (518400 seconds).
Default: max wins ttl = 518400
 
-

`+`

`max xmit (G) -`


This option controls the maximum packet size 
+


This option controls the maximum packet size 
     that will be negotiated by Samba. The default is 16644, which 
     matches the behavior of Windows 2000.  A value below 2048 is likely to cause problems.
     You should never need to change this parameter from its default value.
@@ -3719,10 +3740,10 @@ max xmit (G)
 
 
Example: max xmit = 8192
 
-

`+`

`message command (G) -`


This specifies what command to run when the 
+


This specifies what command to run when the 
 	server receives a WinPopup style message.
This would normally be a command that would 
 	deliver the message somehow. How this is to be done is 
 	up to your imagination.
An example is:
@@ -3761,20 +3782,20 @@ message command (G)
 
 
Example: message command = csh -c 'xedit %s; rm %s' &
 
-

`+`

`min print space (S) -`


This sets the minimum amount of free disk 
+


This sets the minimum amount of free disk 
     space that must be available before a user will be able to spool 
     a print job. It is specified in kilobytes. The default is 0, which 
     means a user can always spool a print job.
Default: min print space = 0
 
 
Example: min print space = 2000
 
-

`+`

`min protocol (G) -`


The value of the parameter (a string) is the 
+


The value of the parameter (a string) is the 
     lowest SMB protocol dialect than Samba will support.  Please refer
     to the max protocol
     parameter for a list of valid protocol names and a brief description
@@ -3786,10 +3807,10 @@ min protocol (G)
 
 
Example: min protocol = NT1
 
-

`+`

`min receivefile size (G) -`


This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming
+


This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming
 SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
 be passed to any underlying kernel recvfile or splice system call (if there is no such
 call Samba will emulate in user space). This allows zero-copy writes directly from network
@@ -3798,19 +3819,19 @@ but user testing is recommended. If set to zero Samba processes SMBwriteX calls
 normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
 nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.
Note this option will have NO EFFECT if set on a SMB signed connection.
The default is zero, which diables this option.
Default: min receivefile size = 0
 
-

`+`

`min wins ttl (G) -`


This option tells nmbd(8)
+


This option tells nmbd(8)
     when acting as a WINS server (wins support = yes) what the minimum 'time to live' 
     of NetBIOS names that nmbd will grant will be (in 
     seconds). You should never need to change this parameter.  The default 
     is 6 hours (21600 seconds).
Default: min wins ttl = 21600
 
-

`+`

`msdfs proxy (S) -`


This parameter indicates that the share is a
+


This parameter indicates that the share is a
 	stand-in for another CIFS share whose location is specified by
 	the value of the parameter. When clients attempt to connect to
 	this share, they are redirected to the proxied share using
@@ -3818,10 +3839,10 @@ msdfs proxy (S)
 	msdfs root and host msdfs
 	options to find out how to set up a Dfs root share.
No default
Example: msdfs proxy = \otherserver\someshare
 
-

`+`

`msdfs root (S) -`


If set to yes, Samba treats the
+


If set to yes, Samba treats the
 	share as a Dfs root and allows clients to browse the
 	distributed file system tree rooted at the share directory.
 	Dfs links are specified in the share directory by symbolic
@@ -3829,20 +3850,20 @@ msdfs root (S)
 	and so on.  For more information on setting up a Dfs tree on
 	Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.
Default: msdfs root = no
 
-

`+`

`name cache timeout (G) -`


Specifies the number of seconds it takes before 
+


Specifies the number of seconds it takes before 
     entries in samba's hostname resolve cache time out. If 
     the timeout is set to 0. the caching is disabled.
 
Default: name cache timeout = 660
 
 
Example: name cache timeout = 0
 
-

`+`

`name resolve order (G) -`


This option is used by the programs in the Samba 
+


This option is used by the programs in the Samba 
     suite to determine what naming services to use and in what order 
     to resolve host names to IP addresses. Its main purpose to is to
     control how netbios name resolution is performed.  The option takes a space 
@@ -3873,10 +3894,10 @@ name resolve order (G)
 
 
Example: name resolve order = lmhosts bcast host
 
-

`+`

`netbios aliases (G) -`


This is a list of NetBIOS names that nmbd will 
+


This is a list of NetBIOS names that nmbd will 
         advertise as additional names by which the Samba server is known. This allows one machine 
 	to appear in browse lists under multiple names. If a machine is acting as a browse server 
         or logon server none of these names will be advertised as either browse server or logon 
@@ -3886,10 +3907,10 @@ netbios aliases (G)
 
 
Example: netbios aliases = TEST TEST1 TEST2
 
-

`+`

`netbios name (G) -`



 		This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
 		of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
 		the hosts DNS name) will be the name that these services are advertised under.
@@ -3902,17 +3923,17 @@ netbios name (G)
 
 
Example: netbios name = MYNAME
 
-

`+`

`netbios scope (G) -`


This sets the NetBIOS scope that Samba will 
+


This sets the NetBIOS scope that Samba will 
 	operate under. This should not be set unless every machine 
 	on your LAN also sets this value.
Default: netbios scope = 
 
-

`+`

`nis homedir (G) -`


Get the home share server from a NIS map. For 
+


Get the home share server from a NIS map. For 
 	UNIX systems that use an automounter, the user's home directory 
 	will often be mounted on a workstation on demand from a remote 
 	server. 
When the Samba logon server is not the actual home directory 
@@ -3931,20 +3952,20 @@ nis homedir (G)
 	NIS system and the Samba server with this option must also 
 	be a logon server.
Default: nis homedir = no
 
-

`+`

`nt acl support (S) -`


This boolean parameter controls whether smbd(8) will attempt to map 
+


This boolean parameter controls whether smbd(8) will attempt to map 
     UNIX permissions into Windows NT access control lists.  The UNIX
     permissions considered are the the traditional UNIX owner and
     group permissions, as well as POSIX ACLs set on any files or
     directories.  This parameter was formally a global parameter in
     releases prior to 2.2.2.
Default: nt acl support = yes
 
-

`+`

`ntlm auth (G) -`


This parameter determines whether or not smbd(8) will attempt to
+


This parameter determines whether or not smbd(8) will attempt to
     authenticate users using the NTLM encrypted password response.
     If disabled, either the lanman password hash or an NTLMv2 response
     will need to be sent by the client.
If this option, and lanman
@@ -3952,33 +3973,33 @@ ntlm auth (G)
     permited.  Not all clients support NTLMv2, and most will require
 	special configuration to use it.
Default: ntlm auth = yes
 
-

`+`

`nt pipe support (G) -`


This boolean parameter controls whether 
+


This boolean parameter controls whether 
     smbd(8) will allow Windows NT 
     clients to connect to the NT SMB specific IPC$ 
     pipes. This is a developer debugging option and can be left
 	alone.
Default: nt pipe support = yes
 
-

`+`

`nt status support (G) -`


This boolean parameter controls whether smbd(8) will negotiate NT specific status
+


This boolean parameter controls whether smbd(8) will negotiate NT specific status
     support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
     If this option is set to no then Samba offers
     exactly the same DOS error codes that versions prior to Samba 2.2.3
     reported.
You should not need to ever disable this parameter.
Default: nt status support = yes
 
-

`+`

`null passwords (G) -`


Allow or disallow client access to accounts that have null passwords. 
See also smbpasswd(5).
Default: null passwords = no
+


Allow or disallow client access to accounts that have null passwords. 
See also smbpasswd(5).
Default: null passwords = no
 
-

`+`

`obey pam restrictions (G) -`


When Samba 3.0 is configured to enable PAM support
+


When Samba 3.0 is configured to enable PAM support
     (i.e. --with-pam), this parameter will control whether or not Samba
     should obey PAM's account and session management directives.  The 
     default behavior is to use PAM for clear text authentication only
@@ -3988,10 +4009,10 @@ obey pam restrictions (G)
     authentication mechanism needed in the presence of SMB password encryption.
 
Default: obey pam restrictions = no
 
-

`+`

`only user (S) -`


This is a boolean option that controls whether 
+


This is a boolean option that controls whether 
     connections with usernames not in the user 
     list will be allowed. By default this option is disabled so that a 
     client can supply a username to be used by the server.  Enabling
@@ -4004,10 +4025,10 @@ only user (S)
     will be just the service name, which for home directories is the 
     name of the user.
Default: only user = no
 
-

`+`

`oplock break wait time (G) -`



 	This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too 
 	quickly when that client issues an SMB that can cause an oplock break request, then the network client can 
 	fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount 
@@ -4016,10 +4037,10 @@ oplock break wait time (G)
 	DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
 	
Default: oplock break wait time = 0
 
-

`+`

`oplock contention limit (S) -`



 	This is a very advanced smbd(8) tuning option to improve the efficiency of the 
 	granting of oplocks under multiple client contention for the same file.
 	

@@ -4031,10 +4052,10 @@ oplock contention limit (S)
 	DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
 	
Default: oplock contention limit = 2
 
-

`+`

`oplocks (S) -`



 	This boolean option tells smbd whether to 
 	issue oplocks (opportunistic locks) to file open requests on this 
 	share. The oplock code can dramatically (approx. 30% or more) improve 
@@ -4053,10 +4074,10 @@ oplocks (S)
 	kernel oplocks parameter for details.
 	
Default: oplocks = yes
 
-

`+`

`os2 driver map (G) -`


The parameter is used to define the absolute
+


The parameter is used to define the absolute
     path to a file containing a mapping of Windows NT printer driver
     names to OS/2 printer driver names.  The format is:
<nt driver name> = <os2 driver name>.<device name>
For example, a valid entry using the HP LaserJet 5
     printer driver would appear as HP LaserJet 5L = LASERJET.HP 
@@ -4066,10 +4087,10 @@ os2 driver map (G)
     details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.
     
Default: os2 driver map = 
 
-

`+`

`os level (G) -`



 	This integer value controls what level Samba advertises itself as for browse elections. The value of this
 	parameter determines whether nmbd(8) has a chance of becoming a local master browser for the workgroup in the local broadcast area.
 

@@ -4085,10 +4106,10 @@ os level (G)
 
 
Example: os level = 65
 
-

`+`

`pam password change (G) -`


With the addition of better PAM support in Samba 2.2, 
+


With the addition of better PAM support in Samba 2.2, 
     this parameter, it is possible to use PAM's password change control 
     flag for Samba.  If enabled, then PAM will be used for password
     changes when requested by an SMB client instead of the program listed in 
@@ -4096,20 +4117,20 @@ pam password change (G)
     It should be possible to enable this without changing your 
     passwd chat parameter for most setups.
Default: pam password change = no
 
-

`+`

`panic action (G) -`


This is a Samba developer option that allows a 
+


This is a Samba developer option that allows a 
 	system command to be called when either smbd(8) or nmbd(8)	crashes. This is usually used to 
 	draw attention to the fact that a problem occurred.
 	
Default: panic action = 
 
 
Example: panic action = "/bin/sleep 90000"
 
-

`+`

`paranoid server security (G) -`


Some version of NT 4.x allow non-guest 
+


Some version of NT 4.x allow non-guest 
     users with a bad passowrd. When this option is enabled, samba will not 
     use a broken NT 4.x server as password server, but instead complain
     to the logs and exit.  
@@ -4117,10 +4138,10 @@ paranoid server security (G)
     this check, which involves deliberatly attempting a
     bad logon to the remote server.
Default: paranoid server security = yes
 
-

`+`

`passdb backend (G) -`


This option allows the administrator to chose which backend
+


This option allows the administrator to chose which backend
     will be used for storing user and possibly group information.  This allows 
     you to swap between different storage mechanisms without recompile. 
The parameter value is divided into two parts, the backend's name, and a 'location'
     string that has meaning only to that particular backed.  These are separated
@@ -4153,19 +4174,19 @@ or multi server LDAP URL with Netscape based LDAP library:
 passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
 
Default: passdb backend = smbpasswd
 
-

`+`

`passdb expand explicit (G) -`



 	This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
 	used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
 	%G_osver% in which %G would have been substituted by the user's primary group.
     
Default: passdb expand explicit = no
 
-

`+`

`passwd chat debug (G) -`


This boolean specifies if the passwd chat script 
+


This boolean specifies if the passwd chat script 
     parameter is run in debug mode. In this mode the 
     strings passed to and received from the passwd chat are printed 
     in the smbd(8) log with a 
@@ -4178,18 +4199,18 @@ passwd chat debug (G)
     pam password change
 	parameter is set. This parameter is off by default.
Default: passwd chat debug = no
 
-

`+`

`passwd chat timeout (G) -`


This integer specifies the number of seconds smbd will wait for an initial
+


This integer specifies the number of seconds smbd will wait for an initial
     answer from a passwd chat script being run. Once the initial answer is received
     the subsequent answers must be received in one tenth of this time. The default it
     two seconds.
Default: passwd chat timeout = 2
 
-

`+`

`passwd chat (G) -`


This string controls the "chat" 
+

This string controls the "chat" 
     conversation that takes places between smbd(8) and the local password changing
     program to change the user's password. The string describes a 
     sequence of response-receive pairs that smbd(8) uses to determine what to send to the 
@@ -4220,10 +4241,10 @@ passwd chat (G)
 
 
Example: passwd chat = "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"
 
-

`+`

`passwd program (G) -`


The name of a program that can be used to set 
+


The name of a program that can be used to set 
     UNIX user passwords.  Any occurrences of %u 
     will be replaced with the user name. The user name is checked for 
     existence before calling the password changing program.
Also note that many passwd programs insist in reasonable
@@ -4244,10 +4265,10 @@ passwd program (G)
 
 
Example: passwd program = /bin/passwd %u
 
-

`+`

`password level (G) -`


Some client/server combinations have difficulty 
+


Some client/server combinations have difficulty 
     with mixed-case passwords.  One offending client is Windows for 
     Workgroups, which for some reason forces passwords to upper 
     case when using the LANMAN1 protocol, but leaves them alone when 
@@ -4269,13 +4290,13 @@ password level (G)
 
 
Example: password level = 4
 
-

`+`

`password server (G) -`


By specifying the name of another SMB server 
+


By specifying the name of another SMB server 
     or Active Directory domain controller with this option, 
     and using security = [ads|domain|server] 
-    it is possible to get Samba to 
+    it is possible to get Samba
     to do all its username/password validation using a specific remote server.
This option sets the name or IP address of the password server to use. 
     New syntax has been added to support defining the port to use when connecting 
     to the server the case of an ADS realm.  To define a port other than the
@@ -4332,13 +4353,13 @@ password server (G)
 
 
Example: password server = windc.mydomain.com:389 192.168.1.101 *
 
-

`+`

`directory -`


This parameter is a synonym for path.

`+`


This parameter is a synonym for path.

`path (S) -`


This parameter specifies a directory to which 
+


This parameter specifies a directory to which 
 	the user of the service is to be given access. In the case of 
 	printable services, this is where print data will spool prior to 
 	being submitted to the host for printing.
For a printable service offering guest access, the service 
@@ -4355,19 +4376,19 @@ path (S)
 
 
Example: path = /home/fred
 
-

`+`

`pid directory (G) -`



 	This option specifies the directory where pid files will be placed.  
 	
Default: pid directory = ${prefix}/var/locks
 
 
Example: pid directory = pid directory = /var/run/
 
-

`+`

`posix locking (S) -`



 	The smbd(8)
 	daemon maintains an database of file locks obtained by SMB clients. The default behavior is 
 	to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are 
@@ -4375,10 +4396,10 @@ posix locking (S)
 	method (e.g. NFS or local file access). You should never need to disable this parameter.
 	
Default: posix locking = yes
 
-

`+`

`postexec (S) -`


This option specifies a command to be run 
+


This option specifies a command to be run 
 	whenever the service is disconnected. It takes the usual 
 	substitutions. The command may be run as the root on some 
 	systems.
An interesting example may be to unmount server 
@@ -4386,21 +4407,21 @@ postexec (S)
 
 
Example: postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log
 
-

`+`

`preexec close (S) -`



 	This boolean option controls whether a non-zero return code from preexec 
 	should close the service being connected to.
 	
Default: preexec close = no
 
-

`+`

`exec -`


This parameter is a synonym for preexec.

`+`


This parameter is a synonym for preexec.

`preexec (S) -`


This option specifies a command to be run whenever 
+


This option specifies a command to be run whenever 
 	the service is connected to. It takes the usual substitutions.
An interesting example is to send the users a welcome 
 	message every time they log in. Maybe a message of the day? Here 
 	is an example:

@@ -4412,13 +4433,13 @@ preexec (S)
 
 
Example: preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log
 
-

`+`

`prefered master -`


This parameter is a synonym for preferred master.

`+`


This parameter is a synonym for preferred master.

`preferred master (G) -`



 	This boolean parameter controls if nmbd(8) is a preferred master browser  for its workgroup.
 	

 	If this is set to yes, on startup, nmbd will force
@@ -4432,22 +4453,22 @@ preferred master (G)
 	capabilities.
 	
Default: preferred master = auto
 
-

`+`

`preload modules (G) -`


This is a list of paths to modules that should
+


This is a list of paths to modules that should
 	be loaded into smbd before a client connects. This improves
 	the speed of smbd when reacting to new connections somewhat. 
Default: preload modules = 
 
 
Example: preload modules = /usr/lib/samba/passdb/mysql.so
 
-

`+`

`auto services -`


This parameter is a synonym for preload.

`+`


This parameter is a synonym for preload.

`preload (G) -`


This is a list of services that you want to be 
+


This is a list of services that you want to be 
 	automatically added to the browse lists. This is most useful 
 	for homes and printers services that would otherwise not be 
 	visible.

@@ -4458,33 +4479,33 @@ preload (G)
 
 
Example: preload = fred lp colorlp
 
-

`+`

`preserve case (S) -`



 	This controls if new filenames are created with the case that the client passes, or if 
 	they are forced to be the default case.
 	

 	See the section on NAME MANGLING for a fuller discussion.
 	
Default: preserve case = yes
 
-

`+`

`print ok -`


This parameter is a synonym for printable.

`+`


This parameter is a synonym for printable.

`printable (S) -`


If this parameter is yes, then 
+


If this parameter is yes, then 
     clients may open, write to and submit spool files on the directory 
     specified for the service. 
Note that a printable service will ALWAYS allow writing 
     to the service path (user privileges permitting) via the spooling 
     of print data. The read only parameter controls only non-printing access to 
     the resource.
Default: printable = no
 
-

`+`

`printcap cache time (G) -`


This option specifies the number of seconds before the printing
+


This option specifies the number of seconds before the printing
     subsystem is again asked for the known printers.  If the value
     is greater than 60 the initial waiting time is set to 60 seconds
     to allow an earlier first rescan of the printing subsystem.
@@ -4494,13 +4515,13 @@ printcap cache time (G)
 
 
Example: printcap cache time = 600
 
-

`+`

`printcap -`


This parameter is a synonym for printcap name.

`+`


This parameter is a synonym for printcap name.

`printcap name (G) -`



 	This parameter may be used to override the compiled-in default printcap name used by the server (usually
 	 /etc/printcap). See the discussion of the [printers] section above for reasons why you might want to do this.
 	

@@ -4535,10 +4556,10 @@ print5|My Printer 5
 
 
Example: printcap name = /etc/myprintcap
 
-

`+`

`print command (S) -`


After a print job has finished spooling to 
+


After a print job has finished spooling to 
     a service, this command will be used via a system() 
     call to process the spool file. Typically the command specified will 
     submit the spool file to the host's printing subsystem, but there 
@@ -4580,10 +4601,10 @@ print command (S)
     and if SAMBA is compiled against libcups, any manually 
 	set print command will be ignored.
No default
Example: print command = /usr/local/samba/bin/myprintscript %p %s
 
-

`+`

`printer admin (S) -`



 	This lists users who can do anything to printers
 	via the remote administration interfaces offered
 	by MS-RPC (usually using a NT workstation).
@@ -4599,13 +4620,13 @@ printer admin (S)
 
 
Example: printer admin = admin, @staff
 
-

`+`

`printer -`


This parameter is a synonym for printer name.

`+`


This parameter is a synonym for printer name.

`printer name (S) -`



 	This parameter specifies the name of the printer to which print jobs spooled through a printable service
 	will be sent.
 	

@@ -4618,10 +4639,10 @@ printer name (S)
 
 
Example: printer name = laserwriter
 
-

`+`

`printing (S) -`


This parameters controls how printer status  information is
+


This parameters controls how printer status  information is
     interpreted on your system. It also affects the  default values for
     the print command,  lpq command, lppause command , lpresume command, and  lprm command if specified in the 
     [global] section.
Currently nine printing styles are supported. They are
@@ -4638,27 +4659,27 @@ printing (S)
     [printers] section.
Default: printing = Depends on the operating system, see
 testparm -v.
 
-

`+`

`printjob username (S) -`


This parameter specifies which user information will be 
+


This parameter specifies which user information will be 
     passed to the printing system. Usually, the username is sent,
     but in some cases, e.g. the domain prefix is useful, too.
Default: printjob username = %U
 
 
Example: printjob username = %D\%U
 
-

`+`

`private dir (G) -`


This parameters defines the directory
+


This parameters defines the directory
     smbd will use for storing such files as smbpasswd
     and secrets.tdb.
 
Default: private dir = ${prefix}/private
 
-

`+`

`profile acls (S) -`



 	This boolean parameter was added to fix the problems that people have been
 	having with storing user profiles on Samba shares from Windows 2000 or
 	Windows XP clients. New versions of Windows 2000 or Windows XP service
@@ -4686,10 +4707,10 @@ profile acls (S)
 	tree to the owning user.
 	
Default: profile acls = no
 
-

`+`

`queuepause command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to pause the printer queue.
This command should be a program or script which takes 
     a printer name as its only parameter and stops the printer queue, 
     such that no longer jobs are submitted to the printer.
This command is not supported by Windows for Workgroups, 
@@ -4700,10 +4721,10 @@ queuepause command (S)
     path in the command as the PATH may not be available to the 
 	server.
No default
Example: queuepause command = disable %p
 
-

`+`

`queueresume command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to resume the printer queue. It 
     is the command to undo the behavior that is caused by the 
     previous parameter (queuepause command).
This command should be a program or script which takes 
@@ -4718,10 +4739,10 @@ queueresume command (S)
 
 
Example: queueresume command = enable %p
 
-

`+`

`read list (S) -`



 	This is a list of users that are given read-only access to a service. If the connecting user is in this list
 	then they will not be given write access, no matter what the read only option is set
 	to. The list can include group names using the syntax described in the invalid users
@@ -4731,19 +4752,19 @@ read list (S)
 
 
Example: read list = mary, @students
 
-

`+`

`read only (S) -`


An inverted synonym is writeable.
If this parameter is yes, then users 
+


An inverted synonym is writeable.
If this parameter is yes, then users 
     of a service may not create or modify files in the service's 
     directory.
Note that a printable service (printable = yes)
     will ALWAYS allow writing to the directory 
     (user privileges permitting), but only via spooling operations.
Default: read only = yes
 
-

`+`

`read raw (G) -`


This parameter controls whether or not the server 
+


This parameter controls whether or not the server 
     will support the raw read SMB requests when transferring data 
     to clients.
If enabled, raw reads allow reads of 65535 bytes in 
     one packet. This typically provides a major performance benefit.
@@ -4752,20 +4773,20 @@ read raw (G)
 	sizes, and for these clients you may need to disable raw reads.
In general this parameter should be viewed as a system tuning 
 	tool and left severely alone.
Default: read raw = yes
 
-

`+`

`realm (G) -`


This option specifies the kerberos realm to use. The realm is 
+


This option specifies the kerberos realm to use. The realm is 
 	used as the ADS equivalent of the NT4 domain. It
 	is usually set to the DNS name of the kerberos server.
 	
Default: realm = 
 
 
Example: realm = mysambabox.mycompany.com
 
-

`+`

`registry shares (G) -`



 	This turns on or off support for share definitions read from
 	registry. Shares defined in smb.conf take
 	precedence over shares with the same name defined in
@@ -4780,11 +4801,11 @@ registry shares (G)
 
 
Example: registry shares = yes
 
-

`+`

`remote announce (G) -`



-	This option allows you to setup nmbd(8)to periodically announce itself 
+



+	This option allows you to setup nmbd(8) to periodically announce itself 
 	to arbitrary IP addresses with an arbitrary workgroup name.
 	

 	This is useful if you want your Samba server to appear in a remote workgroup for 
@@ -4797,7 +4818,7 @@ remote announce (G)
 

 	the above line would cause nmbd to announce itself 
 	to the two given IP addresses using the given workgroup names. If you leave out the 
-	workgroup name then the one given in the workgroup parameter 
+	workgroup name, then the one given in the workgroup parameter 
 	is used instead.
 	

 	The IP addresses you choose would normally be the broadcast addresses of the remote 
@@ -4807,10 +4828,10 @@ remote announce (G)
 	See the chapter on Network Browsing in the Samba-HOWTO book.
 	
Default: remote announce = 
 
-

`+`

`remote browse sync (G) -`



 	This option allows you to setup nmbd(8) to periodically request 
 	synchronization of browse lists with the master browser of a Samba 
 	server that is on a remote segment. This option will allow you to 
@@ -4842,10 +4863,10 @@ remote browse sync (G)
 	each network has its own WINS server.
 	
Default: remote browse sync = 
 
-

`+`

`rename user script (G) -`



 	This is the full pathname to a script that will be run as root by smbd(8) under special circumstances described below.
 	

 	When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
@@ -4863,10 +4884,10 @@ rename user script (G)
 	needs to change for other applications using the same directory.
 	
Default: rename user script = no
 
-

`+`

`reset on zero vc (G) -`



 	This boolean option controls whether an incoming session setup
 	should kill other connections coming from the same IP. This matches
         the default Windows 2003 behaviour.
@@ -4885,10 +4906,10 @@ reset on zero vc (G)
 
 	
Default: reset on zero vc = no
 
-

`+`

`restrict anonymous (G) -`


The setting of this parameter determines whether user and
+


The setting of this parameter determines whether user and
     group list information is returned for an anonymous connection.
     and mirrors the effects of the
 
@@ -4911,16 +4932,16 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
     by setting guest ok = yes on any share.
 	
Default: restrict anonymous = 0
 
-

`+`

`root -`


This parameter is a synonym for root directory.

`+`


This parameter is a synonym for root directory.

`root dir -`


This parameter is a synonym for root directory.

`+`


This parameter is a synonym for root directory.

`root directory (G) -`


The server will chroot() (i.e. 
+


The server will chroot() (i.e. 
     Change its root directory) to this directory on startup. This is 
     not strictly necessary for secure operation. Even without it the 
     server will deny access to files not in one of the service entries. 
@@ -4943,34 +4964,34 @@ root directory (G)
 
 
Example: root directory = /homes/smb
 
-

`+`

`root postexec (S) -`



 	This is the same as the postexec
 	parameter except that the command is run as root. This is useful for 
 	unmounting filesystems (such as CDROMs) after a connection is closed.
 	
Default: root postexec = 
 
-

`+`

`root preexec close (S) -`


This is the same as the preexec close
+


This is the same as the preexec close
 	 parameter except that the command is run as root.
Default: root preexec close = no
 
-

`+`

`root preexec (S) -`



 	This is the same as the preexec
 	parameter except that the command is run as root. This is useful for 
 	mounting filesystems (such as CDROMs) when a connection is opened.
 	
Default: root preexec = 
 
-

`+`

`security mask (S) -`


 	This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
 	UNIX permission on a file using the native NT security dialog box.
 	
@@ -4989,10 +5010,10 @@ security mask (S)
 
 
Example: security mask = 0770
 
-

`+`

`security (G) -`


This option affects how clients respond to 
+


This option affects how clients respond to 
     Samba and is one of the most important settings in the 
     smb.conf file.
The option sets the "security mode bit" in replies to 
     protocol negotiations with smbd(8) to turn share level security on or off. Clients decide 
@@ -5016,9 +5037,9 @@ security (G)
     want to mainly setup shares without a password (guest shares). This 
     is commonly used for a shared printer server. It is more difficult 
     to setup guest shares with security = user, see 
-    the map to guestparameter for details.
It is possible to use smbd in a 
+    the map to guest parameter for details.
It is possible to use smbd in a 
     hybrid mode where it is offers both user and share 
-    level security under different NetBIOS aliases. 
The different settings will now be explained.
SECURITY = SHARE
When clients connect to a share level security server they 
+    level security under different NetBIOS aliases. 
The different settings will now be explained.
SECURITY = SHARE
When clients connect to a share level security server, they 
     need not log onto the server with a valid username and password before 
     attempting to connect to a shared resource (although modern clients 
     such as Windows 95/98 and Windows NT will send a logon request with 
@@ -5098,7 +5119,7 @@ security (G)
     there is no way to reestablish it, and futher authentications to the
     Samba server may fail (from a single client, till it disconnects).
 	
Note
From the client's point of 
-    view security = server is the
+    view, security = server is the
     same as security = user.  It
     only affects how the server deals  with the authentication, it does
 	not in any way affect what the  client sees.
Note that the name of the resource being 
@@ -5116,35 +5137,34 @@ security (G)
 
 
Example: security = DOMAIN
 
-

`+`

`server schannel (G) -`



 	This controls whether the server offers or even demands the use of the netlogon schannel.
 	server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel.
 	This is only the case for Windows NT4 before SP4.
 	

-	Please note that with this set to no you will have to apply the WindowsXP
+	Please note that with this set to no, you will have to apply the WindowsXP
 	WinXP_SignOrSeal.reg registry patch found in the docs/registry subdirectory of the Samba distribution tarball.
 	
Default: server schannel = auto
 
 
Example: server schannel = yes
 
-

`+`

`server signing (G) -`


This controls whether the server offers or requires
-    the client it talks to to use SMB signing. Possible values 
+


This controls whether the client is allowed or required to use SMB signing. Possible values 
     are auto, mandatory 
     and disabled. 
     
When set to auto, SMB signing is offered, but not enforced. 
     When set to mandatory, SMB signing is required and if set 
 	to disabled, SMB signing is not offered either.
Default: server signing = Disabled
 
-

`+`

`server string (G) -`


This controls what string will show up in the printer comment box in print 
+


This controls what string will show up in the printer comment box in print 
         manager and next to the IPC connection in net view. It 
         can be any string that you wish to show to your users.
It also sets what will appear in browse lists next 
 	to the machine name.
A %v will be replaced with the Samba 
@@ -5153,10 +5173,10 @@ server string (G)
 
 
Example: server string = University of GNUs Samba Server
 
-

`+`

`set directory (S) -`



 	If set directory = no, then 	users of the 
 	service may not use the setdir command to change directory.
 	

@@ -5165,10 +5185,10 @@ set directory (S)
 	for details.
 	
Default: set directory = no
 
-

`+`

`set primary group script (G) -`


Thanks to the Posix subsystem in NT a Windows User has a
+


Thanks to the Posix subsystem in NT a Windows User has a
 	primary group in addition to the auxiliary groups.  This script
 	sets the primary group in the unix userdatase when an
 	administrator sets the primary group from the windows user
@@ -5180,10 +5200,10 @@ set primary group script (G)
 
 
Example: set primary group script = /usr/sbin/usermod -g '%g' '%u'
 
-

`+`

`set quota command (G) -`


The set quota command should only be used 
+


The set quota command should only be used 
 	whenever there is no operating system API available from the OS that 
 	samba can use.
This option is only available if Samba was configured with the argument --with-sys-quotas or 
 	on linux when ./configure --with-quotas was used and a working quota api 
@@ -5193,10 +5213,10 @@ set quota command (G)
 
 
Example: set quota command = /usr/local/sbin/set_quota
 
-

`+`

`share modes (S) -`


This enables or disables the honoring of
+


This enables or disables the honoring of
 	the share modes during a file open. These
 	modes are used by clients to gain exclusive read or write access
 	to a file.
This is a deprecated option from old versions of
@@ -5208,20 +5228,20 @@ share modes (S)
 	by default.
You should NEVER turn this parameter
 	off as many Windows applications will break if you do so.
Default: share modes = yes
 
-

`+`

`short preserve case (S) -`



 	This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
 	suitable length, are created upper case, or if they are forced to be the default case.
 	This  option can be use with preserve case = yes to permit long filenames
 	to retain their case, while short names are lowered.
 	
See the section on NAME MANGLING.
Default: short preserve case = yes
 
-

`+`

`show add printer wizard (G) -`


With the introduction of MS-RPC based printing support
+


With the introduction of MS-RPC based printing support
     for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
     appear on Samba hosts in the share listing.  Normally this folder will 
     contain an icon for the MS Add Printer Wizard (APW).  However, it is 
@@ -5239,10 +5259,10 @@ show add printer wizard (G)
 
Note
This does not prevent the same user from having 
 		administrative privilege on an individual printer.
Default: show add printer wizard = yes
 
-

`+`

`shutdown script (G) -`


This a full path name to a script called by 
+


This a full path name to a script called by 
 	 smbd(8) that should 
 	start a shutdown procedure.
If the connected user posseses the SeRemoteShutdownPrivilege,
 	right, this command will be run as user.
The %z %t %r %f variables are expanded as follows:
%z will be substituted with the
@@ -5267,10 +5287,10 @@ let "time++"
 
 
Example: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f
 
-

`+`

`smb encrypt (S) -`


This is a new feature introduced with Samba 3.2 and above. It is an
+


This is a new feature introduced with Samba 3.2 and above. It is an
     extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
     SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
     and sign every request/response in a SMB protocol stream. When
@@ -5279,8 +5299,7 @@ smb encrypt (S)
     to negotiate encryption and signing keys. Currently this is only
     supported by Samba 3.2 smbclient, and hopefully soon Linux CIFSFS
     and MacOS/X clients. Windows clients do not support this feature.
-    
This controls whether the server offers or requires
-    the client it talks to to use SMB encryption. Possible values 
+    
This controls whether the remote client is allowed or required to use SMB encryption. Possible values 
     are auto, mandatory 
     and disabled. This may be set on a per-share
     basis, but clients may chose to encrypt the entire session, not
@@ -5299,10 +5318,10 @@ smb encrypt (S)
     When set to mandatory, SMB encryption is required and if set 
     to disabled, SMB encryption can not be negotiated.
Default: smb encrypt = auto
 
-

`+`

`smb passwd file (G) -`


This option sets the path to the encrypted smbpasswd file. By
+


This option sets the path to the encrypted smbpasswd file. By
     default the path to the smbpasswd file  is compiled into Samba.

     An example of use is:
 
@@ -5310,15 +5329,15 @@ smb passwd file = /etc/samba/smbpasswd
 

     
Default: smb passwd file = ${prefix}/private/smbpasswd
 
-

`+`

`smb ports (G) -`


Specifies which ports the server should listen on for SMB traffic.
Default: smb ports = 445 139
+


Specifies which ports the server should listen on for SMB traffic.
Default: smb ports = 445 139
 
-

`+`

`socket address (G) -`


This option allows you to control what
+

This option allows you to control what
 	address Samba will listen for connections on. This is used to
 	support multiple virtual interfaces on the one server, each
 	with a different configuration.Setting this option should never be necessary on usual Samba
@@ -5327,10 +5346,10 @@ socket address (G)
 
 
Example: socket address = 192.168.2.20
 
-

`+`

`socket options (G) -`


This option allows you to set socket options 
+


This option allows you to set socket options 
     to be used when talking with the client.
Socket options are controls on the networking layer 
     of the operating systems which allow the connection to be 
     tuned.
This option will typically be used to tune your Samba  server
@@ -5358,17 +5377,17 @@ socket options (G)
 
 
Example: socket options = IPTOS_LOWDELAY
 
-

`+`

`stat cache (G) -`


This parameter determines if smbd(8) will use a cache in order to 
+


This parameter determines if smbd(8) will use a cache in order to 
 	speed up case insensitive name mappings. You should never need 
 	to change this parameter.
Default: stat cache = yes
 
-

`+`

`store dos attributes (S) -`



 	If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
 	READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
 	as occurs with map hidden and map readonly).  When set, DOS
@@ -5380,10 +5399,10 @@ store dos attributes (S)
 	extended attributes to work, also extended attributes must be compiled into the Linux kernel.
 	
Default: store dos attributes = no
 
-

`+`

`strict allocate (S) -`


This is a boolean that controls the handling of 
+


This is a boolean that controls the handling of 
     disk space allocation in the server. When this is set to yes 
     the server will change from UNIX behaviour of not committing real
     disk storage blocks when a file is extended to the Windows behaviour
@@ -5395,17 +5414,17 @@ strict allocate (S)
     out of quota messages on systems that are restricting the disk quota
     of users.
Default: strict allocate = no
 
-

`+`

`strict locking (S) -`



 	This is an enumerated type that controls the handling of file locking in the server. When this is set to yes,
 	the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on 
 	some systems.
 	

 	When strict locking is set to Auto (the default), the server performs file lock checks only on non-oplocked files.
 	As most Windows redirectors perform file locking checks locally on oplocked files this is a good trade off for
-	inproved performance.
+	improved performance.
 	

 	When strict locking is disabled, the server performs file lock checks only when the client explicitly asks for them.
 	

@@ -5414,10 +5433,10 @@ strict locking (S)
 	 strict locking = no is acceptable.
 	
Default: strict locking = Auto
 
-

`+`

`strict sync (S) -`


Many Windows applications (including the Windows 98 explorer
+


Many Windows applications (including the Windows 98 explorer
     shell) seem to confuse flushing buffer contents to disk with doing
     a sync to disk. Under UNIX, a sync call forces the process to be
     suspended until the kernel has ensured that all outstanding data in
@@ -5431,10 +5450,10 @@ strict sync (S)
     addition, this fixes many performance problems that people have
     reported with the new Windows98 explorer shell file copies.
Default: strict sync = no
 
-

`+`

`svcctl list (G) -`


This option defines a list of init scripts that smbd
+


This option defines a list of init scripts that smbd
     will use for starting and stopping Unix services via the Win32 
     ServiceControl API.  This allows Windows administrators to 
     utilize the MS Management Console plug-ins to manage a 
@@ -5447,10 +5466,10 @@ svcctl list (G)
 
 
Example: svcctl list = cups postfix portmap httpd
 
-

`+`

`sync always (S) -`


This is a boolean parameter that controls 
+


This is a boolean parameter that controls 
     whether writes will always be written to stable storage before 
     the write call returns. If this is no then the server will be 
     guided by the client's request in each write call (clients can 
@@ -5461,19 +5480,19 @@ sync always (S)
     yes in order for this parameter to have 
     any affect.
Default: sync always = no
 
-

`+`

`syslog only (G) -`



     If this parameter is set then Samba debug messages are logged into the system 
     syslog only, and not to the debug log files. There still will be some
 	logging to log.[sn]mbd even if syslog only is enabled.
     
Default: syslog only = no
 
-

`+`

`syslog (G) -`



     This parameter maps how Samba debug messages are logged onto the system syslog logging levels. 
     Samba debug level zero maps onto syslog LOG_ERR, debug level one maps onto 
     LOG_WARNING, debug level two maps onto LOG_NOTICE,
@@ -5484,10 +5503,10 @@ syslog (G)
     logging to log.[sn]mbd even if syslog only is enabled.
     
Default: syslog = 1
 
-

`+`

`template homedir (G) -`


When filling out the user information for a Windows NT 
+


When filling out the user information for a Windows NT 
 	user, the winbindd(8) daemon  uses this
 	parameter to fill in the home directory for that user. If the
 	string %D is present it
@@ -5495,31 +5514,31 @@ template homedir (G)
 	string %U is present it
 	is substituted with the user's Windows  NT user name.
Default: template homedir = /home/%D/%U
 
-

`+`

`template shell (G) -`


When filling out the user information for a Windows NT 
+


When filling out the user information for a Windows NT 
 	user, the winbindd(8) daemon uses this
-	parameter to fill in the login shell for that user.
No default

`+ parameter to fill in the login shell for that user. No default`

`time offset (G) -`


This parameter is a setting in minutes to add 
+


This parameter is a setting in minutes to add 
 	to the normal GMT to local time conversion. This is useful if 
 	you are serving a lot of PCs that have incorrect daylight 
 	saving time handling.
Default: time offset = 0
 
 
Example: time offset = 60
 
-

`+`

`time server (G) -`


This parameter determines if nmbd(8) advertises itself as a time server to Windows 
+


This parameter determines if nmbd(8) advertises itself as a time server to Windows 
 clients.
Default: time server = no
 
-

`+`

`unix charset (G) -`


Specifies the charset the unix machine 
+


Specifies the charset the unix machine 
 		Samba runs on uses. Samba needs to know this in order to be able to 
 		convert text to the charsets other SMB clients use.
 	
This is also the charset Samba will use when specifying arguments 
@@ -5528,20 +5547,20 @@ unix charset (G)
 
 
Example: unix charset = ASCII
 
-

`+`

`unix extensions (G) -`


This boolean parameter controls whether Samba 
+


This boolean parameter controls whether Samba 
     implments the CIFS UNIX extensions, as defined by HP. 
     These extensions enable Samba to better serve UNIX CIFS clients
     by supporting features such as symbolic links, hard links, etc...
     These extensions require a similarly enabled client, and are of
     no current use to Windows clients.
Default: unix extensions = yes
 
-

`+`

`unix password sync (G) -`


This boolean parameter controls whether Samba 
+


This boolean parameter controls whether Samba 
     attempts to synchronize the UNIX password with the SMB password 
     when the encrypted SMB password in the smbpasswd file is changed. 
     If this is set to yes the program specified in the passwd
@@ -5550,14 +5569,14 @@ unix password sync (G)
     old UNIX password (as the SMB password change code has no 
 	access to the old password cleartext, only the new).
Default: unix password sync = no
 
-

`+`

`update encrypted (G) -`



 	This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
 	password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
 	migrate from plaintext password authentication (users authenticate with plaintext password over the
-	wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB
+	wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB
 	challenge/response authentication mechanism) without forcing all users to re-enter their passwords via
 	smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted
 	passwords to be made over a longer period.  Once all users have encrypted representations of their passwords
@@ -5566,15 +5585,15 @@ update encrypted (G)
 	In order for this parameter to be operative the encrypt passwords parameter must 
     be set to no. The default value of encrypt  passwords = Yes. Note: This must be set to no for this update encrypted to work.
 	

-	Note that even when this parameter is set a user authenticating to smbd
+	Note that even when this parameter is set, a user authenticating to smbd
 	must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd)
 	passwords.
 	
Default: update encrypted = no
 
-

`+`

`use client driver (S) -`


This parameter applies only to Windows NT/2000
+


This parameter applies only to Windows NT/2000
     clients.  It has no effect on Windows 95/98/ME clients.  When 
     serving a printer to Windows NT/2000 clients without first installing
     a valid printer driver on the Samba host, the client will be required
@@ -5595,14 +5614,14 @@ use client driver (S)
     printed).  
If this parameter is enabled for a printer, then any attempt
     to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
     to PRINTER_ACCESS_USE instead.  Thus allowing the OpenPrinterEx()
-    call to succeed.  This parameter MUST not be able enabled
+    call to succeed.  This parameter MUST not be enabled
     on a print share which has valid print driver installed on the Samba 
 	server.
Default: use client driver = no
 
-

`+`

`use kerberos keytab (G) -`



 	Specifies whether Samba should attempt to maintain service principals in the systems
 	keytab file for host/FQDN and cifs/FQDN.
 	

@@ -5614,10 +5633,10 @@ default_keytab_name = FILE:/etc/krb5.keytab
 

 	
Default: use kerberos keytab = False
 
-

`+`

`use mmap (G) -`


This global parameter determines if the tdb internals of Samba can
+


This global parameter determines if the tdb internals of Samba can
     depend on mmap working correctly on the running system. Samba requires a coherent
     mmap/read-write system memory cache. Currently only HPUX does not have such a
     coherent cache, and so this parameter is set to no by
@@ -5626,10 +5645,10 @@ use mmap (G)
     the tdb internal code.
     
Default: use mmap = yes
 
-

`+`

`username level (G) -`


This option helps Samba to try and 'guess' at 
+

This option helps Samba to try and 'guess' at 
     the real UNIX username, as many DOS clients send an all-uppercase 
     username. By default Samba tries all lowercase, followed by the 
     username with the first letter capitalized, and fails if the 
@@ -5644,10 +5663,10 @@ username level (G)
 
 
Example: username level = 5
 
-

`+`

`username map script (G) -`


This script is a mutually exclusive alternative to the 
+

This script is a mutually exclusive alternative to the 
 	username map parameter.  This parameter 
 	specifies and external program or script that must accept a single 
 	command line option (the username transmitted in the authentication
@@ -5658,10 +5677,10 @@ username map script (G)
 
 
Example: username map script = /etc/samba/scripts/mapusers.sh
 
-

`+`

`username map (G) -`



 	This option allows you to specify a file containing a mapping of usernames from the clients to the server.
 	This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
 	machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they
@@ -5745,16 +5764,16 @@ username map = /usr/local/samba/lib/users.map
     
Default: username map = 
 # no username map
 
-

`+`

`user -`


This parameter is a synonym for username.

`+`


This parameter is a synonym for username.

`users -`


This parameter is a synonym for username.

`+`


This parameter is a synonym for username.

`username (S) -`


Multiple users may be specified in a comma-delimited 
+


Multiple users may be specified in a comma-delimited 
     list, in which case the supplied password will be tested against 
     each username in turn (left to right).
The username line is needed only when 
     the PC is unable to supply its own username. This is the case 
@@ -5792,28 +5811,28 @@ username (S)
 
 
Example: username = fred, mary, jack, jane, @users, @pcgroup
 
-

`+`

`usershare allow guests (G) -`


This parameter controls whether user defined shares are allowed
+


This parameter controls whether user defined shares are allowed
 	to be accessed by non-authenticated users or not. It is the equivalent
 	of allowing people who can create a share the option of setting
 	guest ok = yes in a share
-	definition. Due to the security sensitive nature of this the default
+	definition. Due to its security sensitive nature, the default
 	is set to off.
Default: usershare allow guests = no
 
-

`+`

`usershare max shares (G) -`


This parameter specifies the number of user defined shares
+


This parameter specifies the number of user defined shares
 	that are allowed to be created by users belonging to the group owning the
 	usershare directory. If set to zero (the default) user defined shares are ignored.
 	
Default: usershare max shares = 0
 
-

`+`

`usershare owner only (G) -`


This parameter controls whether the pathname exported by
+


This parameter controls whether the pathname exported by
 	a user defined shares must be owned by the user creating the
 	user defined share or not. If set to True (the default) then
 	smbd checks that the directory path being shared is owned by
@@ -5823,10 +5842,10 @@ usershare owner only (G)
 	regardless of who owns it.
 	
Default: usershare owner only = True
 
-

`+`

`usershare path (G) -`


This parameter specifies the absolute path of the directory on the
+


This parameter specifies the absolute path of the directory on the
 	filesystem used to store the user defined share definition files.
 	This directory must be owned by root, and have no access for
 	other, and be writable only by the group owner. In addition the
@@ -5847,13 +5866,13 @@ usershare path (G)
 	In this case, only members of the group "power_users" can create user defined shares.
 	
Default: usershare path = NULL
 
-

`+`

`usershare prefix allow list (G) -`


This parameter specifies a list of absolute pathnames
+


This parameter specifies a list of absolute pathnames
 	the root of which are allowed to be exported by user defined share definitions.
-	If the pathname exported doesn't start with one of the strings in this
-	list the user defined share will not be allowed. This allows the Samba
+	If the pathname to be exported doesn't start with one of the strings in this
+	list, the user defined share will not be allowed. This allows the Samba
 	administrator to restrict the directories on the system that can be
 	exported by user defined shares.
 	

@@ -5865,10 +5884,10 @@ usershare prefix allow list (G)
 
 
Example: usershare prefix allow list = /home /data /space
 
-

`+`

`usershare prefix deny list (G) -`


This parameter specifies a list of absolute pathnames
+


This parameter specifies a list of absolute pathnames
 	the root of which are NOT allowed to be exported by user defined share definitions.
 	If the pathname exported starts with one of the strings in this
 	list the user defined share will not be allowed. Any pathname not
@@ -5884,11 +5903,11 @@ usershare prefix deny list (G)
 
 
Example: usershare prefix deny list = /etc /dev /private
 
-

`+`

`usershare template share (G) -`


User defined shares only have limited possible parameters
-	such as path, guest ok etc. This parameter allows usershares to
+


User defined shares only have limited possible parameters
+	such as path, guest ok, etc. This parameter allows usershares to
 	"cloned" from an existing share. If "usershare template share"
 	is set to the name of an existing share, then all usershares
 	created have their defaults set from the parameters set on this
@@ -5902,10 +5921,10 @@ usershare template share (G)
 
 
Example: usershare template share = template_share
 
-

`+`

`use sendfile (S) -`


If this parameter is yes, and the sendfile() 
+


If this parameter is yes, and the sendfile() 
     system call is supported by the underlying operating system, then some SMB read calls 
     (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
     are exclusively oplocked. This may make more efficient use of the system CPU's
@@ -5914,10 +5933,10 @@ use sendfile (S)
     Windows 9x (using sendfile from Linux will cause these clients to fail).
     
Default: use sendfile = false
 
-

`+`

`use spnego (G) -`


This variable controls controls whether samba will try 
+


This variable controls controls whether samba will try 
     to use Simple and Protected NEGOciation (as specified by rfc2478) with 
     WindowsXP and Windows2000 clients to agree upon an authentication mechanism. 
 

@@ -5925,10 +5944,10 @@ use spnego (G)
     implementation, there is no reason this should ever be
 	disabled.
Default: use spnego = yes
 
-

`+`

`utmp directory (G) -`


This parameter is only available if Samba has 
+


This parameter is only available if Samba has 
 	been configured and compiled with the option 
 	--with-utmp. It specifies a directory pathname that is
 	used to store the utmp or utmpx files (depending on the UNIX system) that
@@ -5940,10 +5959,10 @@ utmp directory (G)
 
 
Example: utmp directory = /var/run/utmp
 
-

`+`

`utmp (G) -`



 	This boolean parameter is only available if Samba has been configured and compiled  
 	with the option --with-utmp. If set to 
 	 yes then Samba will attempt to add utmp or utmpx records 
@@ -5955,10 +5974,10 @@ utmp (G)
 	to find this number.  This may impede performance on large installations. 
 	
Default: utmp = no
 
-

`+`

`valid users (S) -`



     This is a list of users that should be allowed to login to this service. Names starting with 
     '@', '+' and  '&' are interpreted using the same rules as described in the 
     invalid users parameter.
@@ -5974,10 +5993,10 @@ valid users (S)
 
 
Example: valid users = greg, @pcusers
 
-

`+`

`-valid (S) -`


 This parameter indicates whether a share is 
+


 This parameter indicates whether a share is 
 	valid and thus can be used. When this parameter is set to false, 
 	the share will be in no way visible nor accessible.
 	

@@ -5986,10 +6005,10 @@ valid users (S)
 	Samba uses this option internally to mark shares as deleted.
 	
Default: -valid = yes
 
-

`+`

`veto files (S) -`



 	This is a list of files and directories that are neither visible nor accessible.  Each entry in 
 	the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' 
 	can be used to specify multiple files or directories as in DOS wildcards.
@@ -6020,10 +6039,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 

 	
Default: veto files = No files or directories are vetoed.
 
-

`+`

`veto oplock files (S) -`



 	This parameter is only valid when the oplocks
 	parameter is turned on for a share. It allows the Samba administrator
 	to selectively turn off the granting of oplocks on selected files that
@@ -6044,31 +6063,31 @@ veto oplock files = /.*SEM/
 	
Default: veto oplock files = 
 # No files are vetoed for oplock grants
 
-

`+`

`vfs object -`


This parameter is a synonym for vfs objects.

`+`


This parameter is a synonym for vfs objects.

`vfs objects (S) -`


This parameter specifies the backend names which 
+


This parameter specifies the backend names which 
 	are used for Samba VFS I/O operations.  By default, normal 
 	disk I/O operations are used but these can be overloaded 
 	with one or more VFS objects. 
Default: vfs objects = 
 
 
Example: vfs objects = extd_audit recycle
 
-

`+`

`volume (S) -`


This allows you to override the volume label 
+


This allows you to override the volume label 
 	returned for a share. Useful for CDROMs with installation programs 
 	that insist on a particular volume label.
Default: volume = 
 # the name of the share
 
-

`+`

`wide links (S) -`


This parameter controls whether or not links 
+


This parameter controls whether or not links 
 	in the UNIX file system may be followed by the server. Links 
 	that point to areas within the directory tree exported by the 
 	server are always allowed; this parameter controls access only 
@@ -6076,10 +6095,10 @@ wide links (S)
 	effect on your server performance due to the extra system calls 
 	that Samba has to  do in order to perform the link checks.
Default: wide links = yes
 
-

`+`

`winbind cache time (G) -`


This parameter specifies the number of 
+


This parameter specifies the number of 
 	seconds the winbindd(8) daemon will cache 
 	user and group information before querying a Windows NT server 
 	again.

@@ -6087,10 +6106,10 @@ winbind cache time (G)
 	evaluated in real time unless the winbind   offline logon option has been enabled.
 	
Default: winbind cache time = 300
 
-

`+`

`winbind enum groups (G) -`


On large installations using winbindd(8) it may be necessary to suppress 
+


On large installations using winbindd(8) it may be necessary to suppress 
 	the enumeration of groups through the setgrent(),
 	getgrent() and
 	endgrent() group of system calls.  If
@@ -6098,10 +6117,10 @@ winbind enum groups (G)
 	no, calls to the getgrent() system
 	call will not return any data. 
Warning
Turning off group enumeration may cause some programs to behave oddly.  
Default: winbind enum groups = no
 
-

`+`

`winbind enum users (G) -`


On large installations using winbindd(8) it may be
+


On large installations using winbindd(8) it may be
 	necessary to suppress the enumeration of users through the setpwent(),
 	 getpwent() and
 	 endpwent() group of system calls.  If
@@ -6113,10 +6132,10 @@ winbind enum users (G)
 	full user list when searching for matching
 	usernames. 
Default: winbind enum users = no
 
-

`+`

`winbind expand groups (G) -`


This option controls the maximum depth that winbindd
+


This option controls the maximum depth that winbindd
               will traverse when flattening nested group memberships
 	      of Windows domain groups.  This is different from the
 	      winbind nested groups option
@@ -6128,10 +6147,10 @@ winbind expand groups (G)
 	 must perform the group unrolling and will be unable to answer
 	 incoming NSS or authentication requests during this time.
Default: winbind expand groups = 1
 
-

`+`

`winbind nested groups (G) -`


If set to yes, this parameter activates the support for nested
+


If set to yes, this parameter activates the support for nested
                  groups. Nested groups are also called local groups or
                  aliases. They work like their counterparts in Windows: Nested
                  groups are defined locally on any machine (they are shared
@@ -6139,10 +6158,10 @@ winbind nested groups (G)
                  global groups from any trusted SAM. To be able to use nested
                  groups, you need to run nss_winbind.
Default: winbind nested groups = yes
 
-

`+`

`winbind normalize names (G) -`


This parameter controls whether winbindd will replace
+


This parameter controls whether winbindd will replace
 	  whitespace in user and group names with an underscore (_) character.
 	  For example, whether the name "Space Kadet" should be
 	  replaced with the string "space_kadet".
@@ -6162,10 +6181,10 @@ winbind normalize names (G)
 
 
Example: winbind normalize names = yes
 
-

`+`

`winbind nss info (G) -`


This parameter is designed to control how Winbind retrieves Name
+


This parameter is designed to control how Winbind retrieves Name
 	Service Information to construct a user's home directory and login shell. 
 	Currently the following settings are available: 
 
@@ -6187,10 +6206,10 @@ winbind nss info (G)
 
 
Example: winbind nss info = template sfu
 
-

`+`

`winbind offline logon (G) -`


This parameter is designed to control whether Winbind should
+


This parameter is designed to control whether Winbind should
 	allow to login with the pam_winbind 
 	module using Cached Credentials. If enabled, winbindd will store user credentials
 	from successful logins encrypted in a local cache.
@@ -6198,37 +6217,37 @@ winbind offline logon (G)
 
 
Example: winbind offline logon = true
 
-

`+`

`winbind reconnect delay (G) -`


This parameter specifies the number of
+


This parameter specifies the number of
 	seconds the winbindd(8) daemon will wait between
 	attempts to contact a Domain controller for a domain that is
 	determined to be down or not contactable.
Default: winbind reconnect delay = 30
 
-

`+`

`winbind refresh tickets (G) -`


This parameter is designed to control whether Winbind should refresh Kerberos Tickets
+


This parameter is designed to control whether Winbind should refresh Kerberos Tickets
 	retrieved using the pam_winbind module.
 
 
Default: winbind refresh tickets = false
 
 
Example: winbind refresh tickets = true
 
-

`+`

`winbind rpc only (G) -`



 	Setting this parameter to yes forces 
 	winbindd to use RPC instead of LDAP to retrieve information from Domain
         Controllers.
 	
Default: winbind rpc only = no
 
-

`+`

`winbind separator (G) -`


This parameter allows an admin to define the character 
+


This parameter allows an admin to define the character 
 	used when listing a username of the form of DOMAIN
 	\user.  This parameter 
 	is only applicable when using the pam_winbind.so
@@ -6239,10 +6258,10 @@ winbind separator (G)
 
 
Example: winbind separator = +
 
-

`+`

`winbind trusted domains only (G) -`



 	This parameter is designed to allow Samba servers that are members 
 	of a Samba controlled domain to use UNIX accounts distributed via NIS, 
 	rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
@@ -6253,10 +6272,10 @@ winbind trusted domains only (G)
 	Refer to the idmap_nss(8) man page for more information.
 	
Default: winbind trusted domains only = no
 
-

`+`

`winbind use default domain (G) -`


This parameter specifies whether the
+


This parameter specifies whether the
 	 winbindd(8) daemon should operate on users  
 	without domain component in their username. Users without a domain
 	component are treated as is part of the winbindd server's own
@@ -6266,10 +6285,10 @@ winbind use default domain (G)
 
 
Example: winbind use default domain = yes
 
-

`+`

`wins hook (G) -`


When Samba is running as a WINS server this 
+


When Samba is running as a WINS server this 
 	allows you to call an external program for all changes to the 
 	WINS database. The primary use for this option is to allow the 
 	dynamic update of external name resolution databases such as 
@@ -6290,17 +6309,17 @@ wins hook (G)
 			addresses currently registered for that name. If this list is 
 			empty then the name should be deleted.
An example script that calls the BIND dynamic DNS update 
 	program nsupdate is provided in the examples 
-	directory of the Samba source code. 
No default

`+ directory of the Samba source code. No default`

`wins proxy (G) -`


This is a boolean that controls if nmbd(8) will respond to broadcast name 
+


This is a boolean that controls if nmbd(8) will respond to broadcast name 
 	queries on behalf of  other hosts. You may need to set this 
 	to yes for some older clients.
Default: wins proxy = no
 
-

`+`

`wins server (G) -`


This specifies the IP address (or DNS name: IP 
+


This specifies the IP address (or DNS name: IP 
 	address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on 
 	your network then you should set this to the WINS server's IP.
You should point this at your WINS server if you have a
 	multi-subnetted network.
If you want to work in multiple namespaces, you can 
@@ -6319,19 +6338,19 @@ wins server (G)
 
 
Example: wins server = 192.9.200.1 192.168.2.61
 
-

`+`

`wins support (G) -`


This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should 
+


This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should 
 	not set this to yes unless you have a multi-subnetted network and 
 	you wish a particular nmbd to be your WINS server. 
 	Note that you should NEVER set this to yes
 	on more than one machine in your network.
Default: wins support = no
 
-

`+`

`workgroup (G) -`


This controls what workgroup your server will 
+


This controls what workgroup your server will 
 	appear to be in when queried by clients. Note that this parameter 
 	also controls the Domain name used with 
 	the security = domain
@@ -6339,18 +6358,18 @@ workgroup (G)
 
 
Example: workgroup = MYGROUP
 
-

`+`

`writable -`


This parameter is a synonym for writeable.

`+`


This parameter is a synonym for writeable.

`writeable (S) -`


Inverted synonym for read only.
Default: writeable = no
+


Inverted synonym for read only.
Default: writeable = no
 
-

`+`

`write cache size (S) -`


If this integer parameter is set to non-zero value,
+


If this integer parameter is set to non-zero value,
     Samba will create an in-memory cache for each oplocked file 
     (it does not do this for 
     non-oplocked files). All writes that the client does not request 
@@ -6368,10 +6387,10 @@ write cache size (S)
 
Example: write cache size = 262144
 #  for a 256k cache size per file
 
-

`+`

`write list (S) -`


     This is a list of users that are given read-write access to a service. If the 
     connecting user is in this list then they will be given write access, no matter 
     what the read only option is set to. The list can 
@@ -6386,17 +6405,17 @@ write list (S)
 
 
Example: write list = admin, root, @staff
 
-

`+`

`write raw (G) -`


This parameter controls whether or not the server 
+


This parameter controls whether or not the server 
     will support raw write SMB's when transferring data from clients. 
     You should never need to change this parameter.
Default: write raw = yes
 
-

`+`

`wtmp directory (G) -`



 	This parameter is only available if Samba has been configured and compiled with the option 
 	--with-utmp. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on 
 	the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact 
@@ -6408,7 +6427,7 @@ wtmp directory (G)
 
 
Example: wtmp directory = /var/log/wtmp
 
-

WARNINGS

+

Name

Synopsis

DESCRIPTION

OPTIONS

ENVIRONMENT

VERSION

SEE ALSO

AUTHOR

OPTIONS

OPTIONS

SERVICE FORMATTING AND DELIMITERS

SERVICE FORMATTING AND DELIMITERS

ENVIRONMENT VARIABLES

ENVIRONMENT VARIABLES

NOTES

CONFIGURATION

NOTES

CONFIGURATION

BUGS

BUGS

VERSION

SEE ALSO

VERSION

SEE ALSO

AUTHOR

AUTHOR

Name

Synopsis

DESCRIPTION

OPTIONS

ACL FORMAT

EXIT STATUS

EXAMPLES

VERSION

AUTHOR

client signing (G) -

+

client use spnego (G) -

+

cluster addresses (G) -

+

clustering (G) -

+

config backend (G) -

+

csc policy (S) -

+

cups options (S) -

+

deadtime (G) -

+

debug class (G) -

+

debug pid (G)

+

debug uid (G) -

+

delete group script (G)

+

delete share command (G) -

+

delete veto files (S) -

+

dfree command (S) -

+

disable netbios (G) -

Note

+

disable spoolss (G) -

+

display charset (G)

+

domain logons (G) -

+ case it is not available. Run testparm(1) to check the default on your system.No default

dos filemode (S) -

+

dos filetimes (S) -

+

encrypt passwords (G) -

+

`client signing (G) -`

+ case it is not available. Run testparm(1) to check the default on your system.
No default

@@ -2225,18 +2224,18 @@ hide files = /./DesktopFolderDB/TrashFor%m/resource.frk/
Default: `hide files`* = `# no file are hidden` -

@@ -2247,10 +2246,10 @@ hide unwriteable files (S) Defaults to off. Note that unwriteable directories are shown as usual.
Default: `hide unwriteable files` = `no` -

+
No default

+
No default

`+`

`ldap admin dn (G) -`

`+ No default`

`ldap connection timeout (G)`

`+`

`ldap delete dn (G) -`

`+`

`ldap group suffix (G) -`

`+`

`ldap machine suffix (G) -`

`+`

`ldapsam:editposix (G) -`

`+`

`ldapsam:trusted (G) -`

`+`

`+ +ldap ssl ads (G) +`

`ldap ssl (G) -`

`+ communicating with the directory server.`

`ldap suffix (G) -`

`+`

`ldap timeout (G) -`

`+`

`ldap user suffix (G) -`