idmap_adex

From a2b71a0141763c20552bb45eeb4cb78c4b513118 Mon Sep 17 00:00:00 2001 From: bubulle Date: Sat, 1 Nov 2008 11:09:46 +0000 Subject: Revert the merge of 3.3.0~pre2 in upstream branch git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream@2200 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/manpages/idmap_ad.8.html | 13 +- docs/htmldocs/manpages/idmap_adex.8.html | 44 - docs/htmldocs/manpages/idmap_hash.8.html | 29 - docs/htmldocs/manpages/idmap_ldap.8.html | 34 +- docs/htmldocs/manpages/idmap_nss.8.html | 17 +- docs/htmldocs/manpages/idmap_rid.8.html | 19 +- docs/htmldocs/manpages/idmap_tdb.8.html | 14 +- docs/htmldocs/manpages/index.html | 4 - docs/htmldocs/manpages/net.8.html | 110 +- docs/htmldocs/manpages/smb.conf.5.html | 1156 ++++++++++---------- docs/htmldocs/manpages/smbcontrol.1.html | 18 +- .../manpages/vfs_smb_traffic_analyzer.8.html | 41 - docs/htmldocs/manpages/winbindd.8.html | 16 +- 13 files changed, 693 insertions(+), 822 deletions(-) delete mode 100644 docs/htmldocs/manpages/idmap_adex.8.html delete mode 100644 docs/htmldocs/manpages/idmap_hash.8.html delete mode 100644 docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html (limited to 'docs/htmldocs/manpages') diff --git a/docs/htmldocs/manpages/idmap_ad.8.html b/docs/htmldocs/manpages/idmap_ad.8.html index a053e7b81c..40a80d4ae9 100644 --- a/docs/htmldocs/manpages/idmap_ad.8.html +++ b/docs/htmldocs/manpages/idmap_ad.8.html @@ -26,13 +26,14 @@ id allocation that may be used in internal backends like BUILTIN.

 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap domains = ALLDOMAINS
+	idmap config ALLDOMAINS:backend      = ad
+	idmap config ALLDOMAINS:default      = yes
+	idmap config ALLDOMAINS:range        = 10000 - 300000000
 
-	idmap config CORP : backend  = ad
-	idmap config CORP : range = 1000-999999
-

AUTHOR

+ idmap alloc backend = tdb + idmap alloc config:range = 5000 - 9999 +

AUTHOR

Name

idmap_adex — Samba's idmap_adex Backend for Winbind

DESCRIPTION

- The idmap_adex plugin provides a way for Winbind to read - id mappings from an AD server that uses RFC2307 schema - extensions. This module implements both the idmap and nss_info - APIs and supports domain trustes as well as two-way cross - forest trusts. It is a read-only plugin requiring that the - administrator provide mappings in advance by adding the - POSIX attribute information to the users and groups objects - in AD. The most common means of doing this is using "Identity - Services for Unix" support on Windows 2003 R2 and later. -

- Note that you must add the uidNumber, gidNumber, and uid - attributes to the partial attribute set of the forest global - catalog servers. This can be done using the Active Directory Schema - Management MMC plugin (schmmgmt.dll). -

NSS_INFO

- The nss_info plugin supports reading the unixHomeDirectory, - gidNumber, loginShell, and uidNumber attributes from the user - object and the gidNumber attribute from the group object to - fill in information required by the libc getpwnam() and - getgrnam() family of functions. Group membership is filled in - according to the Windows group membership and not the - msSFU30PosixMember attribute. -

- Username aliases are implement by setting the uid attribute - on the user object. While group name aliases are implemented - by reading the displayname attribute from the group object. -

EXAMPLES

- The following example shows how to retrieve idmappings and NSS data - from our principal and trusted AD domains. -

-	[global]
-	idmap backend = adex
-	idmap uid = 1000-4000000000
-	idmap gid = 1000-4000000000
-
-	winbind nss info = adex
-	winbind normalize names = yes
-

AUTHOR

- The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed. -

diff --git a/docs/htmldocs/manpages/idmap_hash.8.html b/docs/htmldocs/manpages/idmap_hash.8.html deleted file mode 100644 index f425fe29e1..0000000000 --- a/docs/htmldocs/manpages/idmap_hash.8.html +++ /dev/null @@ -1,29 +0,0 @@ -idmap_hash

Name

idmap_hash — Samba's idmap_hash Backend for Winbind

DESCRIPTION

The idmap_hash plugin implements a hashing algorithm used - map SIDs for domain users and groups to a 31-bit uid and gid. - This plugin also implements the nss_info API and can be used - to support a local name mapping files if enabled via the - "winbind normlaize names" and "winbind nss info" - parameters in smb.conf. -

IDMAP OPTIONS

name_map: - Specifies the absolute path to the name mapping - file used by the nss_info API. Entries in the file - are of the form "unix name - = qualified domain name. - Mapping of both user and group names is supported. -

EXAMPLES

The following example utilizes the idmap_hash plugin for - the idmap and nss_info information. -

-	[global]
-	idmap backend = hash
-	idmap uid = 1000-4000000000
-	idmap gid = 1000-4000000000
-
-	winbind nss info = hash
-	winbind normalize names = yes
-	idmap_hash:name_map = /etc/samba/name_map.cfg
-

AUTHOR

diff --git a/docs/htmldocs/manpages/idmap_ldap.8.html b/docs/htmldocs/manpages/idmap_ldap.8.html index 3d25a92de4..0dc38a0c53 100644 --- a/docs/htmldocs/manpages/idmap_ldap.8.html +++ b/docs/htmldocs/manpages/idmap_ldap.8.html @@ -31,25 +31,37 @@ Specifies the LDAP server to which modify/add/delete requests should be sent. If not defined, idmap_ldap will assume that ldap://localhost/ should be used. -

EXAMPLES

- The follow sets of a LDAP configuration which uses two LDAP - directories, one for storing the ID mappings and one for retrieving - new IDs. +

range = low - high

+ Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. +

EXAMPLES

+ The follow sets of a LDAP configuration which uses a slave server + running on localhost for fast fetching SID/gid/uid mappings, it + implies correct configuration of referrals. + The idmap alloc backend is pointed directly to the master to skip + the referral (and consequent reconnection to the master) that the + slave would return as allocation requires writing on the master.

 	[global]
-	idmap backend = ldap:ldap://localhost/
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	    idmap domains = ALLDOMAINS
+	    idmap config ALLDOMAINS:default      = yes
+	    idmap config ALLDOMAINS:backend      = ldap
+	    idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com
+	    idmap config ALLDOMAINS:ldap_url     = ldap://localhost/
+	    idmap config ALLDOMAINS:range        = 10000 - 50000
 
-	idmap alloc backend = ldap
-	idmap alloc config : ldap_url	= ldap://id-master/
-	idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+	    idmap alloc backend = ldap
+	    idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com
+	    idmap alloc config:ldap_url     = ldap://master.example.com/
+	    idmap alloc config:range        = 10000 - 50000

NOTE

In order to use authentication against ldap servers you may need to provide a DN and a password. To avoid exposing the password in plain text in the configuration file we store it into a security store. The "net idmap " command is used to store a secret for the DN specified in a specific idmap domain. -

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_nss.8.html b/docs/htmldocs/manpages/idmap_nss.8.html index bd655990e6..c177691bf3 100644 --- a/docs/htmldocs/manpages/idmap_nss.8.html +++ b/docs/htmldocs/manpages/idmap_nss.8.html @@ -9,13 +9,18 @@ own domain while using allocation to create new mappings for trusted domains

 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	    idmap domains = SAMBA TRUSTEDDOMAINS
 
-	idmap config SAMBA : backend  = nss
-	idmap config SAMBA : range = 1000-999999
-

AUTHOR

+ idmap config SAMBA:backend = nss + idmap config SAMBA:readonly = yes + + idmap config TRUSTEDDOMAINS:default = yes + idmap config TRUSTEDDOMAINS:backend = tdb + idmap config TRUSTEDDOMAINS:range = 10000 - 50000 + + idmap alloc backend = tdb + idmap alloc config:range = 10000 - 50000 +

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_rid.8.html b/docs/htmldocs/manpages/idmap_rid.8.html index 1e76560df7..7495ee62a1 100644 --- a/docs/htmldocs/manpages/idmap_rid.8.html +++ b/docs/htmldocs/manpages/idmap_rid.8.html @@ -13,17 +13,18 @@ by default start at 1000 (512 hexadecimal), this means a good value for base_rid can be 1000 as the resulting ID is calculated this way: ID = RID - BASE_RID + LOW RANGE ID. -

- Use of this parameter is deprecated. -

EXAMPLES

This example shows how to configure a domain with idmap_rid

EXAMPLES

This example shows how to configure 2 domains with idmap_rid

 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	    idmap domains = MAIN TRUSTED1
 
-	idmap config TRUSTED : backend  = rid
-	idmap config TRUSTED : range    = 50000 - 99999
-

AUTHOR

+ idmap config MAIN:backend = rid + idmap config MAIN:base_rid = 0 + idmap config MAIN:range = 10000 - 49999 + + idmap config TRUSTED1:backend = rid + idmap config TRUSTED1:base_rid = 1000 + idmap config TRUSTED1:range = 50000 - 99999 +

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_tdb.8.html b/docs/htmldocs/manpages/idmap_tdb.8.html index 933b2a020c..467bc00073 100644 --- a/docs/htmldocs/manpages/idmap_tdb.8.html +++ b/docs/htmldocs/manpages/idmap_tdb.8.html @@ -13,7 +13,19 @@ winbindd can allocate for users and groups. If the parameter is absent, Winbind fail over to use the "idmap uid" and "idmap gid" options from smb.conf. -

AUTHOR

EXAMPLES

+ The following example is equivalent to the pre-3.0.25 default idmap + configuration using the "idmap backend = tdb" setting. +

+	[global]
+	    idmap domains = ALLDOMAINS
+	    idmap config ALLDOMAINS:default = yes
+	    idmap config ALLDOMAINS:backend = tdb
+	    idmap config ALLDOMAINS:range   = 10000 - 50000
+
+	    idmap alloc backend = tdb
+	    idmap alloc config:range = 10000 - 50000
+

AUTHOR

findsmb(1)

list info about machines that respond to SMB name queries on a subnet

idmap_ad(8)

Samba's idmap_ad Backend for Winbind -

idmap_adex(8)

Samba's idmap_adex Backend for Winbind -

idmap_hash(8)

Samba's idmap_hash Backend for Winbind

idmap_ldap(8)

Samba's idmap_ldap Backend for Winbind

idmap_nss(8)

Samba's idmap_nss Backend for Winbind

idmap_rid(8)

Samba's idmap_rid Backend for Winbind @@ -75,8 +73,6 @@

vfs_readonly(8)

make a Samba share read only for a specified time period

vfs_recycle(8)

Samba VFS recycle bin

vfs_shadow_copy(8)

Make a Samba share read only for a specified time period -

smb_traffic_analyzer(8)

log Samba VFS read and write operations through a socket - to a helper application

vfs_streams_depot(8)

EXPERIMENTAL module to store alternate data streams in a central directory. diff --git a/docs/htmldocs/manpages/net.8.html b/docs/htmldocs/manpages/net.8.html index a6b25bb896..94d7917bd1 100644 --- a/docs/htmldocs/manpages/net.8.html +++ b/docs/htmldocs/manpages/net.8.html @@ -167,20 +167,18 @@ user of the system can use this time to cancel the shutdown. announce the shutdown.

RPC SAMDUMP

Print out sam database of remote server. You need to run this against the PDC, from a Samba machine joined as a BDC.

RPC VAMPIRE

Export users, aliases and groups from remote server to local server. You need to run this against the PDC, from a Samba machine joined as a BDC. -

RPC VAMPIRE KEYTAB

Dump remote SAM database to local Kerberos keytab file. -

RPC VAMPIRE LDIF

Dump remote SAM database to local LDIF file or standard output. -

RPC GETSID

Fetch domain SID and store it in the local secrets.tdb.

ADS LEAVE

Make the remote host leave the domain it is part of.

ADS STATUS

Print out status of machine account of the local machine in ADS. +

RPC GETSID

Fetch domain SID and store it in the local secrets.tdb.

ADS LEAVE

Make the remote host leave the domain it is part of.

ADS STATUS

Print out status of machine account of the local machine in ADS. Prints out quite some debug info. Aimed at developers, regular -users should use NET ADS TESTJOIN.

ADS PRINTER

ADS PRINTER INFO [`PRINTER`] [`SERVER`]

+users should use NET ADS TESTJOIN.

ADS PRINTER

ADS PRINTER INFO [`PRINTER`] [`SERVER`]

Lookup info for PRINTER on SERVER. The printer name defaults to "*", the -server name defaults to the local host.

ADS PRINTER PUBLISH `PRINTER`

Publish specified printer using ADS.

ADS PRINTER REMOVE `PRINTER`

Remove specified printer from ADS directory.

ADS SEARCH `EXPRESSION` `ATTRIBUTES...`

Perform a raw LDAP search on a ADS server and dump the results. The +server name defaults to the local host.

ADS PRINTER PUBLISH `PRINTER`

Publish specified printer using ADS.

ADS PRINTER REMOVE `PRINTER`

Remove specified printer from ADS directory.

ADS SEARCH `EXPRESSION` `ATTRIBUTES...`

Perform a raw LDAP search on a ADS server and dump the results. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results.

Example: net ads search '(objectCategory=group)' sAMAccountName -

ADS DN `DN` `(attributes)`

Perform a raw LDAP search on a ADS server and dump the results. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result. -

Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

ADS WORKGROUP

Print out workgroup name for specified kerberos realm.

SAM CREATEBUILTINGROUP <NAME>

Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

ADS WORKGROUP

Print out workgroup name for specified kerberos realm.

SAM CREATEBUILTINGROUP <NAME>

(Re)Create a BUILTIN group. Only a wellknown set of BUILTIN groups can be created with this command. This is the list of currently recognized group names: Administrators, @@ -190,78 +188,78 @@ compatible Access. This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

SAM CREATELOCALGROUP <NAME>

Create a LOCAL group (also known as Alias). This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

SAM DELETELOCALGROUP <NAME>

Delete an existing LOCAL group (also known as Alias). -

SAM MAPUNIXGROUP <NAME>

Map an existing Unix group and make it a Domain Group, the domain group will have the same name. -

SAM UNMAPUNIXGROUP <NAME>

Remove an existing group mapping entry. -

SAM ADDMEM <GROUP> <MEMBER>

Add a member to a Local group. The group can be specified only by name, the member can be specified by name or SID. -

SAM DELMEM <GROUP> <MEMBER>

Remove a member from a Local group. The group and the member must be specified by name. -

SAM LISTMEM <GROUP>

List Local group members. The group must be specified by name. -

SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

List the specified set of accounts by name. If verbose is specified, the rid and description is also provided for each account. -

SAM SHOW <NAME>

Show the full DOMAIN\\NAME the SID and the type for the corresponding account. -

SAM SET HOMEDIR <NAME> <DIRECTORY>

Set the home directory for a user account. -

SAM SET PROFILEPATH <NAME> <PATH>

Set the profile path for a user account. -

SAM SET COMMENT <NAME> <COMMENT>

Set the comment for a user or group account. -

SAM SET FULLNAME <NAME> <FULL NAME>

Set the full name for a user account. -

SAM SET LOGONSCRIPT <NAME> <SCRIPT>

Set the logon script for a user account. -

SAM SET HOMEDRIVE <NAME> <DRIVE>

Set the home drive for a user account. -

SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>

Set the workstations a user account is allowed to log in from. -

SAM SET DISABLE <NAME>

Set the "disabled" flag for a user account. -

SAM SET PWNOTREQ <NAME>

Set the "password not required" flag for a user account. -

SAM SET AUTOLOCK <NAME>

Set the "autolock" flag for a user account. -

SAM SET PWNOEXP <NAME>

Set the "password do not expire" flag for a user account. -

SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]

Set or unset the "password must change" flag for a user account. -

SAM POLICY LIST

List the available account policies. -

SAM POLICY SHOW <account policy>

Show the account policy value. -

SAM POLICY SET <account policy> <value>

Set a value for the account policy. Valid values can be: "forever", "never", "off", or a number. -

SAM PROVISION

Only available if ldapsam:editposix is set and winbindd is running. Properly populates the ldap tree with the basic accounts (Administrator) and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree. -

IDMAP DUMP <local tdb file name>

Dumps the mappings contained in the local tdb file specified. This command is useful to dump only the mappings produced by the idmap_tdb backend. -

IDMAP RESTORE [input file]

Restore the mappings from the specified file or stdin. -

IDMAP SECRET <DOMAIN>|ALLOC <secret>

Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server. -

USERSHARE

Starting with version 3.0.23, a Samba server now supports the ability for +

USERSHARE

Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user defined shares to be exported using the "net usershare" commands.

@@ -290,7 +288,7 @@ can create user defined shares on demand using the commands below.

net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.

net usershare delete sharename - to delete a user defined share.

net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.

net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.

USERSHARE ADD `sharename` `path` `[comment]` `[acl]` `[guest_ok=[y|n]]`

Add or replace a new user defined share, with name "sharename".

"path" specifies the absolute pathname on the system to be exported. @@ -327,11 +325,11 @@ sharename as the one you wish to modify and specify the new options you wish. The Samba smbd daemon notices user defined share modifications at connect time so will see the change immediately, there is no need to restart smbd on adding, deleting or changing a user defined share. -

USERSHARE DELETE `sharename`

Deletes the user defined share by name. The Samba smbd daemon immediately notices this change, although it will not disconnect any users currently connected to the deleted share. -

USERSHARE INFO `[-l|--long]` `[wildcard sharename]`

Get info on user defined shares owned by the current user matching the given pattern, or all users.

net usershare info on its own dumps out info on the user defined shares that were @@ -350,7 +348,7 @@ guest_ok=n And is a list of the current settings of the user defined share that can be modified by the "net usershare add" command. -

USERSHARE LIST `[-l|--long]` `wildcard sharename`

List all the user defined shares owned by the current user matching the given pattern, or all users.

net usershare list on its own list out the names of the user defined shares that were @@ -358,7 +356,7 @@ created by the current user, or restricts the list to share names that match the wildcard pattern ('*' matches one or more characters, '?' matches only one character). If the '-l' or '--long' option is also given, it includes the names of user defined shares created by other users. -

CONF

Starting with version 3.2.0, a Samba server can be configured by data +

CONF

Starting with version 3.2.0, a Samba server can be configured by data stored in registry. This configuration data can be edited with the new "net conf" commands.

@@ -376,10 +374,10 @@ See the

CONF LIST

Print the configuration data stored in the registry in a smb.conf-like format to standard output. -

CONF IMPORT `[--test|-T]` `filename` `[section]`

This command imports configuration from a file in smb.conf format. If a section encountered in the input file is present in registry, its contents is replaced. Sections of registry configuration that have @@ -389,30 +387,30 @@ Optionally, a section may be specified to restrict the effect of the import command to that specific section. A test mode is enabled by specifying the parameter "-T" on the commandline. In test mode, no changes are made to the registry, and the resulting configuration is printed to standard output instead. -

CONF LISTSHARES

List the names of the shares defined in registry. -

CONF DROP

Delete the complete configuration data from registry. -

CONF SHOWSHARE `sharename`

Show the definition of the share or section specified. It is valid to specify "global" as sharename to retrieve the global configuration options from registry. -

CONF ADDSHARE `sharename` `path` [`writeable={y|N}` [`guest_ok={y|N}` [`comment`]]]

Create a new share definition in registry. +

CONF ADDSHARE `sharename` `path` [`writeable={y|N}` [`guest_ok={y|N}` [`comment`]]]

Create a new share definition in registry. The sharename and path have to be given. The share name may not be "global". Optionally, values for the very common options "writeable", "guest ok" and a "comment" may be specified. The same result may be obtained by a sequence of "net conf setparm" commands. -

CONF DELSHARE `sharename`

Delete a share definition from registry. -

CONF SETPARM `section` `parameter` `value`

Store a parameter in registry. The section may be global or a sharename. The section is created if it does not exist yet. -

CONF GETPARM `section` `parameter`

Show a parameter stored in registry. -

CONF DELPARM `section` `parameter`

Delete a parameter stored in registry. -

CONF GETINCLUDES `section`

Get the list of includes for the provided section (global or share).

Note that due to the nature of the registry database and the nature of include directives, @@ -428,14 +426,14 @@ per share, and this list is evaluated after all the parameters of the share. Further note that currently, only files can be included from registry configuration. In the future, there will be the ability to include configuration data from other registry keys. -

CONF SETINCLUDES `section` [`filename`]+

Set the list of includes for the provided section (global or share) to the given list of one or more filenames. The filenames may contain the usual smb.conf macros like %I. -

CONF DELINCLUDES `section`

Delete the list of includes from the provided section (global or share). -

HELP [COMMAND]

Gives usage information for the specified command.

VERSION

This man page is complete for version 3 of the Samba - suite.

AUTHOR

The original Samba software and related utilities +

HELP [COMMAND]

Gives usage information for the specified command.

VERSION

This man page is complete for version 3 of the Samba + suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The net manpage was written by Jelmer Vernooij.

diff --git a/docs/htmldocs/manpages/smb.conf.5.html b/docs/htmldocs/manpages/smb.conf.5.html index 369bd563de..d5e3f4948a 100644 --- a/docs/htmldocs/manpages/smb.conf.5.html +++ b/docs/htmldocs/manpages/smb.conf.5.html @@ -2314,138 +2314,140 @@ hosts deny (S) idmap alloc backend (G)

The idmap alloc backend provides a plugin interface for Winbind to use - when allocating Unix uids/gids for Windows SIDs. This option refers - to the name of the idmap module which will provide the id allocation - functionality. Please refer to the man page for each idmap plugin to - determine whether or not the module implements the allocation feature. - The most common plugins are the tdb (idmap_tdb(8)) - and ldap (idmap_ldap(8)) libraries. -

- This parameter defaults to the value idmap backend was set to, so by default winbind will allocate Unix IDs - from the default backend. You will only need to set this parameter - explicitly if you have an external source for Unix IDs, like a central - database service somewhere in your company. -

- Also refer to the idmap alloc config option. + when allocating Unix uids/gids for Windows SIDs. This option is + to be used in conjunction with the idmap domains + parameter and refers to the name of the idmap module which will provide + the id allocation functionality. Please refer to the man page + for each idmap plugin to determine whether or not the module implements + the allocation feature. The most common plugins are the tdb (idmap_tdb(8)) + and ldap (idmap_ldap(8)) libraries. +

Also refer to the idmap alloc config option.

No default

Example: idmap alloc backend = tdb -

+

idmap alloc config (G) -

: +

The idmap alloc config prefix provides a means of managing settings for the backend defined by the idmap alloc backend parameter. Refer to the man page for each idmap plugin regarding specific configuration details. -

No default

+
No default

idmap backend (G) -

: +

The idmap backend provides a plugin interface for Winbind to use - varying backends to store SID/uid/gid mapping tables. -

- This option specifies the default backend that is used when no special - configuration set by idmap config matches the - specific request. -

- This default backend also specifies the place where winbind-generated - idmap entries will be stored. So it is highly recommended that you - specify a writable backend like idmap_tdb(8) or idmap_ldap(8) as the idmap backend. The idmap_rid(8) and idmap_ad(8) backends are not writable and thus will generate - unexpected results if set as idmap backend. -

- To use the rid and ad backends, please specify them via the - idmap config parameter, possibly also for the - domain your machine is member of, specified by workgroup. + varying backends to store SID/uid/gid mapping tables. This + option is mutually exclusive with the newer and more flexible + idmap domains parameter. The main difference + between the "idmap backend" and the "idmap domains" + is that the former only allows one backend for all domains while the + latter supports configuring backends on a per domain basis.

Examples of SID/uid/gid backends include tdb (idmap_tdb(8)), ldap (idmap_ldap(8)), rid (idmap_rid(8)), - and ad (idmap_ad(8)). + and ad (idmap_tdb(8)).

Default: idmap backend = tdb -

+

idmap cache time (G) -

: This parameter specifies the number of seconds that Winbind's +

This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results. -

Default: idmap cache time = 604800 (one week) +

Default: idmap cache time = 900 -

+

idmap config (G) -

- The idmap config prefix provides a means of managing each trusted - domain separately. The idmap config prefix should be followed by the - name of the domain, a colon, and a setting specific to the chosen - backend. There are three options available for all domains: +

+ The idmap config prefix provides a means of managing each domain + defined by the idmap domains option using Samba's + parametric option support. The idmap config prefix should be + followed by the name of the domain, a colon, and a setting specific to + the chosen backend. There are three options available for all domains:
backend = backend_name
Specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain. -
range = low - high
- Defines the available matching uid and gid range for which the - backend is authoritative. Note that the range commonly - matches the allocation range due to the fact that the same - backend will store and retrieve SID/uid/gid mapping entries. -
- winbind uses this parameter to find the backend that is - authoritative for a unix ID to SID mapping, so it must be set - for each individually configured domain, and it must be - disjoint from the ranges set via idmap uid and idmap gid. +
default = [yes|no]
+ The default domain/backend will be used for searching for + users and groups not belonging to one of the explicitly + listed domains (matched by comparing the account SID and the + domain SID). +
readonly = [yes|no]
+ Mark the domain as readonly which means that no attempts to + allocate a uid or gid (by the idmap alloc backend) for any user or group in that domain + will be attempted.
- The following example illustrates how to configure the idmap_ad(8) for the CORP domain and the - idmap_tdb(8) backend for all other - domains. This configuration assumes that the admin of CORP assigns - unix ids below 1000000 via the SFU extensions, and winbind is supposed - to use the next million entries for its own mappings from trusted - domains and for local groups for example. + The following example illustrates how to configure the idmap_ad(8) + for the CORP domain and the idmap_tdb(8) backend for all other domains. The + TRUSTEDDOMAINS string is simply an arbitrary key used to reference the "idmap + config" settings and does not represent the actual name of a domain. + It is a catchall domain backend for any domain not explicitly listed.
- idmap backend = tdb - idmap uid = 1000000-1999999 - idmap gid = 1000000-1999999 + idmap domains = CORP TRUSTEDDOMAINS + + idmap config CORP:backend = ad + idmap config CORP:readonly = yes + + idmap config TRUSTEDDOMAINS:backend = tdb + idmap config TRUSTEDDOMAINS:default = yes + idmap config TRUSTEDDOMAINS:range = 1000 - 9999 +
No default

- idmap config CORP : backend = ad - idmap config CORP : range = 1000-999999 -
No default

+idmap domains (G) +

+ The idmap domains option defines a list of Windows domains which will each + have a separately configured backend for managing Winbind's SID/uid/gid + tables. This parameter is mutually exclusive with the older idmap backend option. +
+ Values consist of the short domain name for Winbind's primary or collection + of trusted domains. You may also use an arbitrary string to represent a catchall + domain backend for any domain not explicitly listed. +
+ Refer to the idmap config for details about + managing the SID/uid/gid backend for each domain. +
No default
Example: idmap domains = default AD CORP + +

winbind gid -

This parameter is a synonym for idmap gid.

+

This parameter is a synonym for idmap gid.

idmap gid (G) -

The idmap gid parameter specifies the range of group ids +

The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or NIS groups within it as strange conflicts can - occur otherwise.
See also the idmap backend, and - idmap config options. + occur otherwise.
See also the idmap backend, idmap domains, and idmap config options.
Default: idmap gid =
Example: idmap gid = 10000-20000 -

+

idmap negative cache time (G) -

This parameter specifies the number of seconds that Winbind's +

This parameter specifies the number of seconds that Winbind's idmap interface will cache negative SID/uid/gid query results.
Default: idmap negative cache time = 120 -

+

winbind uid -

This parameter is a synonym for idmap uid.

+

This parameter is a synonym for idmap uid.

idmap uid (G) -

The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs. This range of ids should have no existing local - or NIS users within it as strange conflicts can occur otherwise.
See also the idmap backend and - idmap config options. + or NIS users within it as strange conflicts can occur otherwise.
See also the idmap backend, idmap domains, and idmap config options.
Default: idmap uid =
Example: idmap uid = 10000-20000 -

+

include (G) -

This allows you to include one config file inside another. The file is included literally, as though typed in place.

@@ -2463,10 +2465,10 @@ include (G)

Example: include = /usr/local/samba/lib/admin_smb.conf -

+

inherit acls (S) -

: This parameter can be used to ensure that if default acls +

This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating a new file or subdirectory in these parent directories. The default behavior is to use the unix mode specified when creating the directory. @@ -2474,10 +2476,10 @@ inherit acls (S) default directory acls are propagated.

Default: inherit acls = no -

+

inherit owner (S) -

: The ownership of new files and directories +

The ownership of new files and directories is normally governed by effective uid of the connected user. This option allows the Samba administrator to specify that the ownership for new files and directories should be controlled @@ -2486,10 +2488,10 @@ inherit owner (S) delete them and to ensure that newly create files in a user's roaming profile directory are actually owner by the user.

Default: inherit owner = no -

+

inherit permissions (S) -

: +

The permissions on new files and directories are normally governed by create mask, directory mask, force create mode and force directory mode but the boolean inherit permissions parameter overrides this.

New directories inherit the mode of the parent directory, @@ -2501,33 +2503,10 @@ inherit permissions (S) many users, perhaps several thousand, to allow a single [homes] share to be used flexibly by each user.

Default: inherit permissions = no -

- -init logon delayed hosts (G) -

- This parameter takes a list of host names, addresses or networks for - which the initial samlogon reply should be delayed (so other DCs get - preferred by XP workstations if there are any). -

- The length of the delay can be specified with the - init logon delay parameter. -

Default: init logon delayed hosts = - -

Example: init logon delayed hosts = 150.203.5. myhost.mynet.de - -

- -init logon delay (G) -

- This parameter specifies a delay in milliseconds for the hosts configured - for delayed initial samlogon with - init logon delayed hosts. -

Default: init logon delay = 100 - -

+

interfaces (G) -

: This option allows you to override the default +

This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query the kernel for the list of all active interfaces and use any @@ -2551,10 +2530,10 @@ interfaces (G)

Example: interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 -

+

invalid users (S) -

: This is a list of users that should not be allowed +

This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.

A name starting with a '@' is interpreted as an NIS @@ -2574,10 +2553,10 @@ invalid users (S)

Example: invalid users = root fred admin @wheel -

+

iprint server (G) -

: +

This parameter is only applicable if printing is set to iprint.

If set, this option overrides the ServerName option in the CUPS client.conf. This is @@ -2586,10 +2565,10 @@ iprint server (G)

Example: iprint server = MYCUPSSERVER -

+

keepalive (G) -

: The value of the parameter (an integer) represents +

The value of the parameter (an integer) represents the number of seconds between keepalive packets. If this parameter is zero, no keepalive packets will be sent. Keepalive packets, if sent, allow the server to tell whether @@ -2599,20 +2578,20 @@ Basically you should only use this option if you strike difficulties.

Defa

Example: keepalive = 600 -

+

kernel change notify (S) -

: This parameter specifies whether Samba should ask the +

This parameter specifies whether Samba should ask the kernel for change notifications in directories so that SMB clients can refresh whenever the data on the server changes.

This parameter is only used when your kernel supports change notification to user programs using the inotify interface.

Default: kernel change notify = yes -

+

kernel oplocks (G) -

: For UNIXes that support kernel based oplocks +

For UNIXes that support kernel based oplocks (currently only IRIX and the Linux 2.4 kernel), this parameter allows the use of them to be turned on or off.

Kernel oplocks support allows Samba oplocks to be broken whenever a local UNIX process or NFS operation @@ -2622,10 +2601,10 @@ kernel oplocks (G) to a no-op on systems that no not have the necessary kernel support. You should never need to touch this parameter.

Default: kernel oplocks = yes -

+

lanman auth (G) -

: This parameter determines whether or not smbd(8) will attempt to +

This parameter determines whether or not smbd(8) will attempt to authenticate users or permit password changes using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, but not @@ -2642,10 +2621,10 @@ lanman auth (G) permited. Not all clients support NTLMv2, and most will require special configuration to use it.

Default: lanman auth = no -

+

large readwrite (G) -

: This parameter determines whether or not +

This parameter determines whether or not smbd(8) supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs @@ -2654,10 +2633,10 @@ large readwrite (G) performance by 10% with Windows 2000 clients. Defaults to on. Not as tested as some other Samba code paths.

Default: large readwrite = yes -

+

ldap admin dn (G) -

: +

The ldap admin dn defines the Distinguished Name (DN) name used by Samba to contact the ldap server when retreiving user account information. The ldap admin dn is used in conjunction with the admin dn password stored in the private/secrets.tdb @@ -2665,10 +2644,10 @@ ldap admin dn (G) man page for more information on how to accomplish this.

The ldap admin dn requires a fully specified DN. The ldap suffix is not appended to the ldap admin dn. -

No default

+
No default

ldap connection timeout (G) -

: +

This parameter tells the LDAP library calls which timeout in seconds they should honor during initial connection establishments to LDAP servers. It is very useful in failover scenarios in particular. If one or more LDAP @@ -2680,10 +2659,10 @@ ldap connection timeout (G) and not establishing an initial connection.

Default: ldap connection timeout = 2 -

+

ldap debug level (G) -

: +

This parameter controls the debug level of the LDAP library calls. In the case of OpenLDAP, it is the same bit-field as understood by the server and documented in the @@ -2700,10 +2679,10 @@ ldap debug level (G)

Example: ldap debug level = 1 -

+

ldap debug threshold (G) -

: +

This parameter controls the Samba debug level at which the ldap library debug output is printed in the Samba logs. See the description of @@ -2712,28 +2691,28 @@ ldap debug threshold (G)

Example: ldap debug threshold = 5 -

+

ldap delete dn (G) -

: This parameter specifies whether a delete +

This parameter specifies whether a delete operation in the ldapsam deletes the complete entry or only the attributes specific to Samba.

Default: ldap delete dn = no -

+

ldap group suffix (G) -

: This parameter specifies the suffix that is +

This parameter specifies the suffix that is used for groups when these are added to the LDAP directory. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN.

Default: ldap group suffix =

Example: ldap group suffix = ou=Groups -

+

ldap idmap suffix (G) -

: +

This parameters specifies the suffix that is used when storing idmap mappings. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN. @@ -2741,10 +2720,10 @@ ldap idmap suffix (G)

Example: ldap idmap suffix = ou=Idmap -

+

ldap machine suffix (G) -

: +

It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN. @@ -2752,10 +2731,10 @@ ldap machine suffix (G)

Example: ldap machine suffix = ou=Computers -

+

ldap passwd sync (G) -

: +

: This option is used to define whether or not Samba should sync the LDAP password with the NT and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password change via SAMBA. @@ -2766,10 +2745,10 @@ ldap passwd sync (G) LM passwords and update the pwdLastSet time.
Only = Only update the LDAP password and let the LDAP server do the rest.

Default: ldap passwd sync = no -

+

ldap replication sleep (G) -

: +

When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server. This server then replicates our changes back to the 'local' server, however the replication might take some seconds, especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success' @@ -2782,10 +2761,10 @@ ldap replication sleep (G) The value is specified in milliseconds, the maximum value is 5000 (5 seconds).

Default: ldap replication sleep = 1000 -

+

ldapsam:editposix (G) -

: +

Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller eliminating the need to set up custom scripts to add and manage the posix users and groups. This option will instead directly manipulate the ldap tree to create, remove and modify user and group entries. @@ -2863,10 +2842,10 @@ ldapsam:editposix (G)

Default: ldapsam:editposix = no -

+

ldapsam:trusted (G) -

: +

By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he @@ -2884,10 +2863,10 @@ ldapsam:trusted (G) is easily achieved.

Default: ldapsam:trusted = no -

+

ldap ssl (G) -

: This option is used to define whether or not Samba should +

: This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is NOT related to Samba's previous SSL support which was enabled by specifying the @@ -2901,10 +2880,10 @@ ldap ssl (G) to configure. See passdb backend
.

Default: ldap ssl = start_tls -

+

ldap suffix (G) -

Specifies the base for all ldap suffixes and for storing the sambaDomain object.

The ldap suffix will be appended to the values specified for the ldap user suffix, ldap group suffix, ldap machine suffix, and the ldap idmap suffix. Each of these should be given only a DN relative to the @@ -2913,19 +2892,19 @@ ldap suffix (G)

Example: ldap suffix = dc=samba,dc=org -

+

ldap timeout (G) -

: +

When Samba connects to an ldap server that server may be down or unreachable. To prevent Samba from hanging whilst waiting for the connection this parameter specifies in seconds how long Samba should wait before failing the connect. The default is to only wait fifteen seconds for the ldap server to respond to the connect request.

Default: ldap timeout = 15 -

+

ldap user suffix (G) -

: +

This parameter specifies where users are added to the tree. If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the ldap suffix string so use a partial DN. @@ -2933,10 +2912,10 @@ ldap user suffix (G)

Example: ldap user suffix = ou=people -

+

level2 oplocks (S) -

: This parameter controls whether Samba supports +

This parameter controls whether Samba supports level2 (read-only) oplocks on a share.

Level2, or read-only oplocks allow Windows NT clients that have an oplock on a file to downgrade from a read-write oplock to a read-only oplock once a second client opens the file (instead @@ -2956,10 +2935,10 @@ level2 oplocks (S) parameter must be set to yes on this share in order for this parameter to have any effect.

Default: level2 oplocks = yes -

+

lm announce (G) -

: This parameter determines if nmbd(8) will produce Lanman announce +

This parameter determines if nmbd(8) will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three values, yes, no, or @@ -2975,10 +2954,10 @@ lm announce (G)

Example: lm announce = yes -

+

lm interval (G) -

: If Samba is set to produce Lanman announce +

If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the lm announce parameter) then this parameter defines the frequency in seconds with which they will be @@ -2988,18 +2967,18 @@ lm interval (G)

Example: lm interval = 120 -

+

load printers (G) -

: A boolean variable that controls whether all +

A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. See the printers section for more details.

Default: load printers = yes -

+

local master (G) -

: This option allows nmbd(8) to try and become a local master browser +

This option allows nmbd(8) to try and become a local master browser on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By @@ -3009,13 +2988,13 @@ local master (G) will participate in elections for local master browser.

Setting this value to no will cause nmbd never to become a local master browser.

Default: local master = yes -

+

lock dir -

: This parameter is a synonym for lock directory.

+

: This parameter is a synonym for lock directory.

lock directory (G) -

: This option specifies the directory where lock +

This option specifies the directory where lock files will be placed. The lock files are used to implement the max connections option.

@@ -3025,10 +3004,10 @@ lock directory (G)

Example: lock directory = /var/run/samba/locks -

+

locking (S) -

: This controls whether or not locking will be +

This controls whether or not locking will be performed by the server in response to lock requests from the client.

If locking = no, all lock and unlock requests will appear to succeed and all lock queries will report @@ -3038,18 +3017,18 @@ locking (S) CDROM drives), although setting this parameter of no is not really recommended even in this case.

Be careful about disabling locking either globally or in a specific service, as lack of locking may result in data corruption. - You should never need to set this parameter.

No default

+ You should never need to set this parameter.
No default

lock spin count (G) -

: This parameter has been made inoperative in Samba 3.0.24. +

This parameter has been made inoperative in Samba 3.0.24. The functionality it contolled is now controlled by the parameter lock spin time.

Default: lock spin count = 0 -

+

lock spin time (G) -

: The time in microseconds that smbd should +

The time in microseconds that smbd should keep waiting to see if a failed lock request can be granted. This parameter has changed in default value from Samba 3.0.23 from 10 to 200. The associated @@ -3057,22 +3036,22 @@ lock spin time (G) no longer used in Samba 3.0.24. You should not need to change the value of this parameter.

Default: lock spin time = 200 -

+

log file (G) -

: +

This option allows you to override the name of the Samba log file (also known as the debug file).

This option takes the standard substitutions, allowing you to have separate log files for each user or machine.

No default

Example: log file = /usr/local/samba/var/log.%m -

+

debuglevel -

: This parameter is a synonym for log level.

+

: This parameter is a synonym for log level.

log level (G) -

: +

The value of the parameter (a astring) allows the debug level (logging level) to be specified in the smb.conf file.

This parameter has been extended since the 2.2.x @@ -3083,10 +3062,10 @@ log level (G)

Example: log level = 3 passdb:5 auth:10 winbind:2 -

+

logon drive (G) -

: +

This parameter specifies the local path to which the home directory will be connected (see logon home) and is only used by NT Workstations. @@ -3096,10 +3075,10 @@ logon drive (G)

Example: logon drive = h: -

+

logon home (G) -

: +

This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do

@@ -3130,10 +3109,10 @@ logon home (G)

Example: logon home = \\remote_smb_server\%U -

+

logon path (G) -

: +

This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the @@ -3177,10 +3156,10 @@ logon path = \\PROFILESERVER\PROFILE\%U

Default: logon path = \\%N\%U\profile -

+

logon script (G) -

: +

This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended. @@ -3211,10 +3190,10 @@ logon script (G)

Example: logon script = scripts\%U.bat -

+

lppause command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to stop printing or spooling a specific print job.

This command should be a program or script which takes a printer name and job number to pause the print job. One way @@ -3238,10 +3217,10 @@ lppause command (S)

Example: lppause command = /usr/bin/lpalt %p-%j -p0 -

+

lpq cache time (G) -

: This controls how long lpq info will be cached +

This controls how long lpq info will be cached for to prevent the lpq command being called too often. A separate cache is kept for each variation of the lpq command used by the system, so if you use different @@ -3254,10 +3233,10 @@ lpq cache time (G)

Example: lpq cache time = 10 -

+

lpq command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to obtain lpq-style printer status information.

This command should be a program or script which takes a printer name as its only parameter and outputs printer @@ -3279,10 +3258,10 @@ lpq command (S)

Example: lpq command = /usr/bin/lpq -P%p -

+

lpresume command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to restart or continue printing or spooling a specific print job.

This command should be a program or script which takes a printer name and job number to resume the print job. See @@ -3295,10 +3274,10 @@ lpresume command (S) parameter is SYSV, in which case the default is:

lp -i %p-%j -H resume

or if the value of the printing parameter is SOFTQ, then the default is:

qstat -s -j%j -r

No default

Example: lpresume command = /usr/bin/lpalt %p-%j -p2 -

+

lprm command (S) -

: This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to delete a print job.

This command should be a program or script which takes a printer name and job number, and deletes the print job.

If a %p is given then the printer name is put in its place. A %j is replaced with @@ -3315,10 +3294,10 @@ lprm command = /usr/bin/cancel %p-%j

Default: lprm command = determined by printing parameter -

+

machine password timeout (G) -

: +

If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb. This parameter specifies how often this password will be changed, in seconds. The default is one @@ -3328,10 +3307,10 @@ machine password timeout (G) and the security = domain parameter.

Default: machine password timeout = 604800 -

+

magic output (S) -

: +

: This parameter specifies the name of a file which will contain output created by a magic script (see the magic script parameter below).
Warning
If two clients use the same magic script @@ -3340,10 +3319,10 @@ magic output (S)
Example: magic output = myfile.txt -

`+`

`magic script (S) -`


This parameter specifies the name of a file which, 
+


This parameter specifies the name of a file which, 
 	if opened, will be executed by the server when the file is closed. 
 	This allows a UNIX script to be sent to the Samba host and 
 	executed on behalf of the connected user.
Scripts executed in this way will be deleted upon 
@@ -3359,10 +3338,10 @@ magic script (S)
 
 
Example: magic script = user.csh
 
-

`+`

`mangled names (S) -`


This controls whether non-DOS names under UNIX 
+


This controls whether non-DOS names under UNIX 
 	should be mapped to DOS-compatible names ("mangled") and made visible, 
 	or whether non-DOS names should simply be ignored.
See the section on name mangling for 
 	details on how to control the mangling process.
If mangling is used then the mangling algorithm is as follows:
The first (up to) five alphanumeric characters 
@@ -3387,10 +3366,10 @@ mangled names (S)
 	from Windows/DOS and will retain the same basename. Mangled names 
 	do not change between sessions.
Default: mangled names = yes
 
-

`+`

`mangle prefix (G) -`


 controls the number of prefix
+


 controls the number of prefix
 	characters from the original name used when generating
 	the mangled names. A larger value will give a weaker
 	hash and therefore more name collisions. The minimum
@@ -3400,20 +3379,20 @@ mangle prefix (G)
 
 
Example: mangle prefix = 4
 
-

`+`

`mangling char (S) -`


This controls what character is used as 
+


This controls what character is used as 
 	the magic character in name mangling. The 
 	default is a '~' but this may interfere with some software. Use this option to set 
 	it to whatever you prefer. This is effective only when mangling method is hash.
Default: mangling char = ~
 
 
Example: mangling char = ^
 
-

`+`

`mangling method (G) -`


 controls the algorithm used for the generating
+


 controls the algorithm used for the generating
 	the mangled names. Can take two different values, "hash" and
 	"hash2". "hash" is the algorithm that was used
 	used in Samba for many years and was the default in Samba 2.2.x "hash2" is
@@ -3424,10 +3403,10 @@ mangling method (G)
 
 
Example: mangling method = hash
 
-

`+`

`map acl inherit (S) -`


This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected'
+


This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected'
     access control entry flags stored in Windows ACLs into an extended attribute
     called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
     on a platform that supports extended attributes (Linux and IRIX so far) and
@@ -3435,10 +3414,10 @@ map acl inherit (S)
     POSIX ACL mapping code.
     
Default: map acl inherit = no
 
-

`+`

`map archive (S) -`



 	This controls whether the DOS archive attribute 
 	should be mapped to the UNIX owner execute bit.  The DOS archive bit 
 	is set when a file has been modified since its last backup.  One 
@@ -3451,19 +3430,19 @@ map archive (S)
 	create mask for details.
 	
Default: map archive = yes
 
-

`+`

`map hidden (S) -`



 	This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
 	

 	Note that this requires the create mask to be set such that the world execute 
 	bit is not masked out (i.e. it must include 001). See the parameter create mask 
 	for details.
-	
No default

`+ No default`

`map read only (S) -`



 	This controls how the DOS read only attribute should be mapped from a UNIX filesystem.
 	

 	This parameter can take three different values, which tell smbd(8) how to display the read only attribute on files, where either
@@ -3488,10 +3467,10 @@ map read only (S)
 		the store dos attributes method. This may be useful for exporting mounted CDs.
 		
Default: map read only = yes
 
-

`+`

`map system (S) -`



 	This controls whether DOS style system files should be mapped to the UNIX group execute bit.
 	

 	Note that this requires the create mask	to be set such that the group 
@@ -3499,10 +3478,10 @@ map system (S)
 	create mask for details.
 	
Default: map system = no
 
-

`+`

`map to guest (G) -`


This parameter is only useful in SECURITY = 
+


This parameter is only useful in SECURITY = 
     security modes other than security = share 
     and security = server
     - i.e. user, and domain.
This parameter can take four different values, which tell
@@ -3544,10 +3523,10 @@ map to guest (G)
 
 
Example: map to guest = Bad User
 
-

`+`

`max connections (S) -`


This option allows the number of simultaneous connections to a service to be limited.
+


This option allows the number of simultaneous connections to a service to be limited.
     If max connections is greater than 0 then connections
     will be refused if this number of connections to the service are already open. A value 
     of zero mean an unlimited number of connections may be made.
Record lock files are used to implement this feature. The lock files will be stored in 
@@ -3555,10 +3534,10 @@ max connections (S)
 
 
Example: max connections = 10
 
-

`+`

`max disk size (G) -`


This option allows you to put an upper limit 
+


This option allows you to put an upper limit 
     on the apparent size of disks. If you set this option to 100 
     then all shares will appear to be not larger than 100 MB in 
     size.
Note that this option does not limit the amount of 
@@ -3572,10 +3551,10 @@ max disk size (G)
 
 
Example: max disk size = 1000
 
-

`+`

`max log size (G) -`



     This option (an integer in kilobytes) specifies the max size the log file should grow to. 
     Samba periodically checks the size and if it is exceeded it will rename the file, adding 
 	a .old extension.
@@ -3584,17 +3563,17 @@ max log size (G)
 
 
Example: max log size = 1000
 
-

`+`

`max mux (G) -`


This option controls the maximum number of 
+


This option controls the maximum number of 
     outstanding simultaneous SMB operations that Samba tells the client 
 	it will allow. You should never need to set this parameter.
Default: max mux = 50
 
-

`+`

`max open files (G) -`


This parameter limits the maximum number of 
+


This parameter limits the maximum number of 
     open files that one smbd(8) file 
     serving process may have open for a client at any one time. The 
     default for this parameter is set very high (10,000) as Samba uses 
@@ -3602,23 +3581,23 @@ max open files (G)
     by the UNIX per-process file descriptor limit rather than 
     this parameter so you should never need to touch this parameter.
Default: max open files = 10000
 
-

`+`

`max print jobs (S) -`


This parameter limits the maximum number of 
+


This parameter limits the maximum number of 
     jobs allowable in a Samba printer queue at any given moment.
     If this number is exceeded, smbd(8) will remote "Out of Space" to the client.
 	
Default: max print jobs = 1000
 
 
Example: max print jobs = 5000
 
-

`+`

`protocol -`


This parameter is a synonym for max protocol.

`+`


This parameter is a synonym for max protocol.

`max protocol (G) -`


The value of the parameter (a string) is the highest 
+


The value of the parameter (a string) is the highest 
     protocol level that will be supported by the server.
Possible values are :
CORE: Earliest version. No 
 	    concept of user names.
COREPLUS: Slight improvements on 
 	    CORE for efficiency.
LANMAN1: First 
@@ -3630,10 +3609,10 @@ max protocol (G)
 
 
Example: max protocol = LANMAN1
 
-

`+`

`max reported print jobs (S) -`



     This parameter limits the maximum number of jobs displayed in a port monitor for 
     Samba printer queue at any given moment. If this number is exceeded, the excess 
     jobs will not be shown. A value of zero means there is no limit on the number of 
@@ -3642,10 +3621,10 @@ max reported print jobs (S)
 
 
Example: max reported print jobs = 1000
 
-

`+`

`max smbd processes (G) -`


This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended
+


This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended
     as a stopgap to prevent degrading service to clients in the event that the server has insufficient
     resources to handle more than this number of connections.  Remember that under normal operating
     conditions, each user will have an smbd(8) associated with him or her to handle connections to all
@@ -3653,10 +3632,10 @@ max smbd processes (G)
 
 
Example: max smbd processes = 1000
 
-

`+`

`max stat cache size (G) -`


This parameter limits the size in memory of any 
+


This parameter limits the size in memory of any 
 	  stat cache being used
 	  to speed up case insensitive name mappings. It represents
 	  the number of kilobyte (1024) units the stat cache can use.
@@ -3667,27 +3646,27 @@ max stat cache size (G)
 
 
Example: max stat cache size = 100
 
-

`+`

`max ttl (G) -`


This option tells nmbd(8) what the default 'time to live' 
+


This option tells nmbd(8) what the default 'time to live' 
     of NetBIOS names should be (in seconds) when nmbd is 
     requesting a name using either a broadcast packet or from a WINS server. You should 
 	never need to change this parameter. The default is 3 days.
Default: max ttl = 259200
 
-

`+`

`max wins ttl (G) -`


This option tells smbd(8) when acting as a WINS server
+


This option tells smbd(8) when acting as a WINS server
 	(wins support = yes) what the maximum
     'time to live' of NetBIOS names that nmbd 
     will grant will be (in seconds). You should never need to change this
 	parameter.  The default is 6 days (518400 seconds).
Default: max wins ttl = 518400
 
-

`+`

`max xmit (G) -`


This option controls the maximum packet size 
+


This option controls the maximum packet size 
     that will be negotiated by Samba. The default is 16644, which 
     matches the behavior of Windows 2000.  A value below 2048 is likely to cause problems.
     You should never need to change this parameter from its default value.
@@ -3695,10 +3674,10 @@ max xmit (G)
 
 
Example: max xmit = 8192
 
-

`+`

`message command (G) -`


This specifies what command to run when the 
+


This specifies what command to run when the 
 	server receives a WinPopup style message.
This would normally be a command that would 
 	deliver the message somehow. How this is to be done is 
 	up to your imagination.
An example is:
@@ -3737,20 +3716,20 @@ message command (G)
 
 
Example: message command = csh -c 'xedit %s; rm %s' &
 
-

`+`

`min print space (S) -`


This sets the minimum amount of free disk 
+


This sets the minimum amount of free disk 
     space that must be available before a user will be able to spool 
     a print job. It is specified in kilobytes. The default is 0, which 
     means a user can always spool a print job.
Default: min print space = 0
 
 
Example: min print space = 2000
 
-

`+`

`min protocol (G) -`


The value of the parameter (a string) is the 
+


The value of the parameter (a string) is the 
     lowest SMB protocol dialect than Samba will support.  Please refer
     to the max protocol
     parameter for a list of valid protocol names and a brief description
@@ -3762,10 +3741,10 @@ min protocol (G)
 
 
Example: min protocol = NT1
 
-

`+`

`min receivefile size (G) -`


This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming
+


This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming
 SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
 be passed to any underlying kernel recvfile or splice system call (if there is no such
 call Samba will emulate in user space). This allows zero-copy writes directly from network
@@ -3774,19 +3753,19 @@ but user testing is recommended. If set to zero Samba processes SMBwriteX calls
 normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
 nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.
Note this option will have NO EFFECT if set on a SMB signed connection.
The default is zero, which diables this option.
Default: min receivefile size = 0
 
-

`+`

`min wins ttl (G) -`


This option tells nmbd(8)
+


This option tells nmbd(8)
     when acting as a WINS server (wins support = yes) what the minimum 'time to live' 
     of NetBIOS names that nmbd will grant will be (in 
     seconds). You should never need to change this parameter.  The default 
     is 6 hours (21600 seconds).
Default: min wins ttl = 21600
 
-

`+`

`msdfs proxy (S) -`


This parameter indicates that the share is a
+


This parameter indicates that the share is a
 	stand-in for another CIFS share whose location is specified by
 	the value of the parameter. When clients attempt to connect to
 	this share, they are redirected to the proxied share using
@@ -3794,10 +3773,10 @@ msdfs proxy (S)
 	msdfs root and host msdfs
 	options to find out how to set up a Dfs root share.
No default
Example: msdfs proxy = \otherserver\someshare
 
-

`+`

`msdfs root (S) -`


If set to yes, Samba treats the
+


If set to yes, Samba treats the
 	share as a Dfs root and allows clients to browse the
 	distributed file system tree rooted at the share directory.
 	Dfs links are specified in the share directory by symbolic
@@ -3805,20 +3784,20 @@ msdfs root (S)
 	and so on.  For more information on setting up a Dfs tree on
 	Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.
Default: msdfs root = no
 
-

`+`

`name cache timeout (G) -`


Specifies the number of seconds it takes before 
+


Specifies the number of seconds it takes before 
     entries in samba's hostname resolve cache time out. If 
     the timeout is set to 0. the caching is disabled.
 
Default: name cache timeout = 660
 
 
Example: name cache timeout = 0
 
-

`+`

`name resolve order (G) -`


This option is used by the programs in the Samba 
+


This option is used by the programs in the Samba 
     suite to determine what naming services to use and in what order 
     to resolve host names to IP addresses. Its main purpose to is to
     control how netbios name resolution is performed.  The option takes a space 
@@ -3849,10 +3828,10 @@ name resolve order (G)
 
 
Example: name resolve order = lmhosts bcast host
 
-

`+`

`netbios aliases (G) -`


This is a list of NetBIOS names that nmbd will 
+


This is a list of NetBIOS names that nmbd will 
         advertise as additional names by which the Samba server is known. This allows one machine 
 	to appear in browse lists under multiple names. If a machine is acting as a browse server 
         or logon server none of these names will be advertised as either browse server or logon 
@@ -3862,10 +3841,10 @@ netbios aliases (G)
 
 
Example: netbios aliases = TEST TEST1 TEST2
 
-

`+`

`netbios name (G) -`



 		This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component
 		of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of
 		the hosts DNS name) will be the name that these services are advertised under.
@@ -3878,17 +3857,17 @@ netbios name (G)
 
 
Example: netbios name = MYNAME
 
-

`+`

`netbios scope (G) -`


This sets the NetBIOS scope that Samba will 
+


This sets the NetBIOS scope that Samba will 
 	operate under. This should not be set unless every machine 
 	on your LAN also sets this value.
Default: netbios scope = 
 
-

`+`

`nis homedir (G) -`


Get the home share server from a NIS map. For 
+


Get the home share server from a NIS map. For 
 	UNIX systems that use an automounter, the user's home directory 
 	will often be mounted on a workstation on demand from a remote 
 	server. 
When the Samba logon server is not the actual home directory 
@@ -3907,20 +3886,20 @@ nis homedir (G)
 	NIS system and the Samba server with this option must also 
 	be a logon server.
Default: nis homedir = no
 
-

`+`

`nt acl support (S) -`


This boolean parameter controls whether smbd(8) will attempt to map 
+


This boolean parameter controls whether smbd(8) will attempt to map 
     UNIX permissions into Windows NT access control lists.  The UNIX
     permissions considered are the the traditional UNIX owner and
     group permissions, as well as POSIX ACLs set on any files or
     directories.  This parameter was formally a global parameter in
     releases prior to 2.2.2.
Default: nt acl support = yes
 
-

`+`

`ntlm auth (G) -`


This parameter determines whether or not smbd(8) will attempt to
+


This parameter determines whether or not smbd(8) will attempt to
     authenticate users using the NTLM encrypted password response.
     If disabled, either the lanman password hash or an NTLMv2 response
     will need to be sent by the client.
If this option, and lanman
@@ -3928,33 +3907,33 @@ ntlm auth (G)
     permited.  Not all clients support NTLMv2, and most will require
 	special configuration to use it.
Default: ntlm auth = yes
 
-

`+`

`nt pipe support (G) -`


This boolean parameter controls whether 
+


This boolean parameter controls whether 
     smbd(8) will allow Windows NT 
     clients to connect to the NT SMB specific IPC$ 
     pipes. This is a developer debugging option and can be left
 	alone.
Default: nt pipe support = yes
 
-

`+`

`nt status support (G) -`


This boolean parameter controls whether smbd(8) will negotiate NT specific status
+


This boolean parameter controls whether smbd(8) will negotiate NT specific status
     support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
     If this option is set to no then Samba offers
     exactly the same DOS error codes that versions prior to Samba 2.2.3
     reported.
You should not need to ever disable this parameter.
Default: nt status support = yes
 
-

`+`

`null passwords (G) -`


Allow or disallow client access to accounts that have null passwords. 
See also smbpasswd(5).
Default: null passwords = no
+


Allow or disallow client access to accounts that have null passwords. 
See also smbpasswd(5).
Default: null passwords = no
 
-

`+`

`obey pam restrictions (G) -`


When Samba 3.0 is configured to enable PAM support
+


When Samba 3.0 is configured to enable PAM support
     (i.e. --with-pam), this parameter will control whether or not Samba
     should obey PAM's account and session management directives.  The 
     default behavior is to use PAM for clear text authentication only
@@ -3964,10 +3943,10 @@ obey pam restrictions (G)
     authentication mechanism needed in the presence of SMB password encryption.
 
Default: obey pam restrictions = no
 
-

`+`

`only user (S) -`


This is a boolean option that controls whether 
+


This is a boolean option that controls whether 
     connections with usernames not in the user 
     list will be allowed. By default this option is disabled so that a 
     client can supply a username to be used by the server.  Enabling
@@ -3980,10 +3959,10 @@ only user (S)
     will be just the service name, which for home directories is the 
     name of the user.
Default: only user = no
 
-

`+`

`oplock break wait time (G) -`



 	This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too 
 	quickly when that client issues an SMB that can cause an oplock break request, then the network client can 
 	fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount 
@@ -3992,10 +3971,10 @@ oplock break wait time (G)
 	DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
 	
Default: oplock break wait time = 0
 
-

`+`

`oplock contention limit (S) -`



 	This is a very advanced smbd(8) tuning option to improve the efficiency of the 
 	granting of oplocks under multiple client contention for the same file.
 	

@@ -4007,10 +3986,10 @@ oplock contention limit (S)
 	DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.
 	
Default: oplock contention limit = 2
 
-

`+`

`oplocks (S) -`



 	This boolean option tells smbd whether to 
 	issue oplocks (opportunistic locks) to file open requests on this 
 	share. The oplock code can dramatically (approx. 30% or more) improve 
@@ -4029,10 +4008,10 @@ oplocks (S)
 	kernel oplocks parameter for details.
 	
Default: oplocks = yes
 
-

`+`

`os2 driver map (G) -`


The parameter is used to define the absolute
+


The parameter is used to define the absolute
     path to a file containing a mapping of Windows NT printer driver
     names to OS/2 printer driver names.  The format is:
<nt driver name> = <os2 driver name>.<device name>
For example, a valid entry using the HP LaserJet 5
     printer driver would appear as HP LaserJet 5L = LASERJET.HP 
@@ -4042,10 +4021,10 @@ os2 driver map (G)
     details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.
     
Default: os2 driver map = 
 
-

`+`

`os level (G) -`



 	This integer value controls what level Samba advertises itself as for browse elections. The value of this
 	parameter determines whether nmbd(8) has a chance of becoming a local master browser for the workgroup in the local broadcast area.
 

@@ -4061,10 +4040,10 @@ os level (G)
 
 
Example: os level = 65
 
-

`+`

`pam password change (G) -`


With the addition of better PAM support in Samba 2.2, 
+


With the addition of better PAM support in Samba 2.2, 
     this parameter, it is possible to use PAM's password change control 
     flag for Samba.  If enabled, then PAM will be used for password
     changes when requested by an SMB client instead of the program listed in 
@@ -4072,20 +4051,20 @@ pam password change (G)
     It should be possible to enable this without changing your 
     passwd chat parameter for most setups.
Default: pam password change = no
 
-

`+`

`panic action (G) -`


This is a Samba developer option that allows a 
+


This is a Samba developer option that allows a 
 	system command to be called when either smbd(8) or nmbd(8)	crashes. This is usually used to 
 	draw attention to the fact that a problem occurred.
 	
Default: panic action = 
 
 
Example: panic action = "/bin/sleep 90000"
 
-

`+`

`paranoid server security (G) -`


Some version of NT 4.x allow non-guest 
+


Some version of NT 4.x allow non-guest 
     users with a bad passowrd. When this option is enabled, samba will not 
     use a broken NT 4.x server as password server, but instead complain
     to the logs and exit.  
@@ -4093,10 +4072,10 @@ paranoid server security (G)
     this check, which involves deliberatly attempting a
     bad logon to the remote server.
Default: paranoid server security = yes
 
-

`+`

`passdb backend (G) -`


This option allows the administrator to chose which backend
+


This option allows the administrator to chose which backend
     will be used for storing user and possibly group information.  This allows 
     you to swap between different storage mechanisms without recompile. 
The parameter value is divided into two parts, the backend's name, and a 'location'
     string that has meaning only to that particular backed.  These are separated
@@ -4129,19 +4108,19 @@ or multi server LDAP URL with Netscape based LDAP library:
 passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
 
Default: passdb backend = smbpasswd
 
-

`+`

`passdb expand explicit (G) -`



 	This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We
 	used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable
 	%G_osver% in which %G would have been substituted by the user's primary group.
     
Default: passdb expand explicit = no
 
-

`+`

`passwd chat debug (G) -`


This boolean specifies if the passwd chat script 
+


This boolean specifies if the passwd chat script 
     parameter is run in debug mode. In this mode the 
     strings passed to and received from the passwd chat are printed 
     in the smbd(8) log with a 
@@ -4154,18 +4133,18 @@ passwd chat debug (G)
     pam password change
 	parameter is set. This parameter is off by default.
Default: passwd chat debug = no
 
-

`+`

`passwd chat timeout (G) -`


This integer specifies the number of seconds smbd will wait for an initial
+


This integer specifies the number of seconds smbd will wait for an initial
     answer from a passwd chat script being run. Once the initial answer is received
     the subsequent answers must be received in one tenth of this time. The default it
     two seconds.
Default: passwd chat timeout = 2
 
-

`+`

`passwd chat (G) -`


This string controls the "chat" 
+

This string controls the "chat" 
     conversation that takes places between smbd(8) and the local password changing
     program to change the user's password. The string describes a 
     sequence of response-receive pairs that smbd(8) uses to determine what to send to the 
@@ -4196,10 +4175,10 @@ passwd chat (G)
 
 
Example: passwd chat = "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"
 
-

`+`

`passwd program (G) -`


The name of a program that can be used to set 
+


The name of a program that can be used to set 
     UNIX user passwords.  Any occurrences of %u 
     will be replaced with the user name. The user name is checked for 
     existence before calling the password changing program.
Also note that many passwd programs insist in reasonable
@@ -4220,10 +4199,10 @@ passwd program (G)
 
 
Example: passwd program = /bin/passwd %u
 
-

`+`

`password level (G) -`


Some client/server combinations have difficulty 
+


Some client/server combinations have difficulty 
     with mixed-case passwords.  One offending client is Windows for 
     Workgroups, which for some reason forces passwords to upper 
     case when using the LANMAN1 protocol, but leaves them alone when 
@@ -4245,10 +4224,10 @@ password level (G)
 
 
Example: password level = 4
 
-

`+`

`password server (G) -`


By specifying the name of another SMB server 
+


By specifying the name of another SMB server 
     or Active Directory domain controller with this option, 
     and using security = [ads|domain|server] 
     it is possible to get Samba to 
@@ -4308,13 +4287,13 @@ password server (G)
 
 
Example: password server = windc.mydomain.com:389 192.168.1.101 *
 
-

`+`

`directory -`


This parameter is a synonym for path.

`+`


This parameter is a synonym for path.

`path (S) -`


This parameter specifies a directory to which 
+


This parameter specifies a directory to which 
 	the user of the service is to be given access. In the case of 
 	printable services, this is where print data will spool prior to 
 	being submitted to the host for printing.
For a printable service offering guest access, the service 
@@ -4331,19 +4310,19 @@ path (S)
 
 
Example: path = /home/fred
 
-

`+`

`pid directory (G) -`



 	This option specifies the directory where pid files will be placed.  
 	
Default: pid directory = ${prefix}/var/locks
 
 
Example: pid directory = pid directory = /var/run/
 
-

`+`

`posix locking (S) -`



 	The smbd(8)
 	daemon maintains an database of file locks obtained by SMB clients. The default behavior is 
 	to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are 
@@ -4351,10 +4330,10 @@ posix locking (S)
 	method (e.g. NFS or local file access). You should never need to disable this parameter.
 	
Default: posix locking = yes
 
-

`+`

`postexec (S) -`


This option specifies a command to be run 
+


This option specifies a command to be run 
 	whenever the service is disconnected. It takes the usual 
 	substitutions. The command may be run as the root on some 
 	systems.
An interesting example may be to unmount server 
@@ -4362,21 +4341,21 @@ postexec (S)
 
 
Example: postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log
 
-

`+`

`preexec close (S) -`



 	This boolean option controls whether a non-zero return code from preexec 
 	should close the service being connected to.
 	
Default: preexec close = no
 
-

`+`

`exec -`


This parameter is a synonym for preexec.

`+`


This parameter is a synonym for preexec.

`preexec (S) -`


This option specifies a command to be run whenever 
+


This option specifies a command to be run whenever 
 	the service is connected to. It takes the usual substitutions.
An interesting example is to send the users a welcome 
 	message every time they log in. Maybe a message of the day? Here 
 	is an example:

@@ -4388,13 +4367,13 @@ preexec (S)
 
 
Example: preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log
 
-

`+`

`prefered master -`


This parameter is a synonym for preferred master.

`+`


This parameter is a synonym for preferred master.

`preferred master (G) -`



 	This boolean parameter controls if nmbd(8) is a preferred master browser  for its workgroup.
 	

 	If this is set to yes, on startup, nmbd will force
@@ -4408,22 +4387,22 @@ preferred master (G)
 	capabilities.
 	
Default: preferred master = auto
 
-

`+`

`preload modules (G) -`


This is a list of paths to modules that should
+


This is a list of paths to modules that should
 	be loaded into smbd before a client connects. This improves
 	the speed of smbd when reacting to new connections somewhat. 
Default: preload modules = 
 
 
Example: preload modules = /usr/lib/samba/passdb/mysql.so
 
-

`+`

`auto services -`


This parameter is a synonym for preload.

`+`


This parameter is a synonym for preload.

`preload (G) -`


This is a list of services that you want to be 
+


This is a list of services that you want to be 
 	automatically added to the browse lists. This is most useful 
 	for homes and printers services that would otherwise not be 
 	visible.

@@ -4434,33 +4413,33 @@ preload (G)
 
 
Example: preload = fred lp colorlp
 
-

`+`

`preserve case (S) -`



 	This controls if new filenames are created with the case that the client passes, or if 
 	they are forced to be the default case.
 	

 	See the section on NAME MANGLING for a fuller discussion.
 	
Default: preserve case = yes
 
-

`+`

`print ok -`


This parameter is a synonym for printable.

`+`


This parameter is a synonym for printable.

`printable (S) -`


If this parameter is yes, then 
+


If this parameter is yes, then 
     clients may open, write to and submit spool files on the directory 
     specified for the service. 
Note that a printable service will ALWAYS allow writing 
     to the service path (user privileges permitting) via the spooling 
     of print data. The read only parameter controls only non-printing access to 
     the resource.
Default: printable = no
 
-

`+`

`printcap cache time (G) -`


This option specifies the number of seconds before the printing
+


This option specifies the number of seconds before the printing
     subsystem is again asked for the known printers.  If the value
     is greater than 60 the initial waiting time is set to 60 seconds
     to allow an earlier first rescan of the printing subsystem.
@@ -4470,13 +4449,13 @@ printcap cache time (G)
 
 
Example: printcap cache time = 600
 
-

`+`

`printcap -`


This parameter is a synonym for printcap name.

`+`


This parameter is a synonym for printcap name.

`printcap name (G) -`



 	This parameter may be used to override the compiled-in default printcap name used by the server (usually
 	 /etc/printcap). See the discussion of the [printers] section above for reasons why you might want to do this.
 	

@@ -4511,10 +4490,10 @@ print5|My Printer 5
 
 
Example: printcap name = /etc/myprintcap
 
-

`+`

`print command (S) -`


After a print job has finished spooling to 
+


After a print job has finished spooling to 
     a service, this command will be used via a system() 
     call to process the spool file. Typically the command specified will 
     submit the spool file to the host's printing subsystem, but there 
@@ -4556,10 +4535,10 @@ print command (S)
     and if SAMBA is compiled against libcups, any manually 
 	set print command will be ignored.
No default
Example: print command = /usr/local/samba/bin/myprintscript %p %s
 
-

`+`

`printer admin (S) -`



 	This lists users who can do anything to printers
 	via the remote administration interfaces offered
 	by MS-RPC (usually using a NT workstation).
@@ -4575,13 +4554,13 @@ printer admin (S)
 
 
Example: printer admin = admin, @staff
 
-

`+`

`printer -`


This parameter is a synonym for printer name.

`+`


This parameter is a synonym for printer name.

`printer name (S) -`



 	This parameter specifies the name of the printer to which print jobs spooled through a printable service
 	will be sent.
 	

@@ -4594,10 +4573,10 @@ printer name (S)
 
 
Example: printer name = laserwriter
 
-

`+`

`printing (S) -`


This parameters controls how printer status  information is
+


This parameters controls how printer status  information is
     interpreted on your system. It also affects the  default values for
     the print command,  lpq command, lppause command , lpresume command, and  lprm command if specified in the 
     [global] section.
Currently nine printing styles are supported. They are
@@ -4611,27 +4590,27 @@ printing (S)
     commands (e.g. print command, lpq command, etc...) after defining
     the value for the printing option since it will 
     reset the printing commands to default values.
See also the discussion in the 
-    [printers] section.
No default

`+ [printers] section. No default`

`printjob username (S) -`


This parameter specifies which user information will be 
+


This parameter specifies which user information will be 
     passed to the printing system. Usually, the username is sent,
     but in some cases, e.g. the domain prefix is useful, too.
Default: printjob username = %U
 
 
Example: printjob username = %D\%U
 
-

`+`

`private dir (G) -`


This parameters defines the directory
+


This parameters defines the directory
     smbd will use for storing such files as smbpasswd
     and secrets.tdb.
 
Default: private dir = ${prefix}/private
 
-

`+`

`profile acls (S) -`



 	This boolean parameter was added to fix the problems that people have been
 	having with storing user profiles on Samba shares from Windows 2000 or
 	Windows XP clients. New versions of Windows 2000 or Windows XP service
@@ -4659,10 +4638,10 @@ profile acls (S)
 	tree to the owning user.
 	
Default: profile acls = no
 
-

`+`

`queuepause command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to pause the printer queue.
This command should be a program or script which takes 
     a printer name as its only parameter and stops the printer queue, 
     such that no longer jobs are submitted to the printer.
This command is not supported by Windows for Workgroups, 
@@ -4673,10 +4652,10 @@ queuepause command (S)
     path in the command as the PATH may not be available to the 
 	server.
No default
Example: queuepause command = disable %p
 
-

`+`

`queueresume command (S) -`


This parameter specifies the command to be 
+


This parameter specifies the command to be 
     executed on the server host in order to resume the printer queue. It 
     is the command to undo the behavior that is caused by the 
     previous parameter (queuepause command).
This command should be a program or script which takes 
@@ -4691,10 +4670,10 @@ queueresume command (S)
 
 
Example: queueresume command = enable %p
 
-

`+`

`read list (S) -`



 	This is a list of users that are given read-only access to a service. If the connecting user is in this list
 	then they will not be given write access, no matter what the read only option is set
 	to. The list can include group names using the syntax described in the invalid users
@@ -4704,19 +4683,19 @@ read list (S)
 
 
Example: read list = mary, @students
 
-

`+`

`read only (S) -`


An inverted synonym is writeable.
If this parameter is yes, then users 
+


An inverted synonym is writeable.
If this parameter is yes, then users 
     of a service may not create or modify files in the service's 
     directory.
Note that a printable service (printable = yes)
     will ALWAYS allow writing to the directory 
     (user privileges permitting), but only via spooling operations.
Default: read only = yes
 
-

`+`

`read raw (G) -`


This parameter controls whether or not the server 
+


This parameter controls whether or not the server 
     will support the raw read SMB requests when transferring data 
     to clients.
If enabled, raw reads allow reads of 65535 bytes in 
     one packet. This typically provides a major performance benefit.
@@ -4725,20 +4704,20 @@ read raw (G)
 	sizes, and for these clients you may need to disable raw reads.
In general this parameter should be viewed as a system tuning 
 	tool and left severely alone.
Default: read raw = yes
 
-

`+`

`realm (G) -`


This option specifies the kerberos realm to use. The realm is 
+


This option specifies the kerberos realm to use. The realm is 
 	used as the ADS equivalent of the NT4 domain. It
 	is usually set to the DNS name of the kerberos server.
 	
Default: realm = 
 
 
Example: realm = mysambabox.mycompany.com
 
-

`+`

`registry shares (G) -`



 	This turns on or off support for share definitions read from
 	registry. Shares defined in smb.conf take
 	precedence over shares with the same name defined in
@@ -4753,10 +4732,10 @@ registry shares (G)
 
 
Example: registry shares = yes
 
-

`+`

`remote announce (G) -`



 	This option allows you to setup nmbd(8)to periodically announce itself 
 	to arbitrary IP addresses with an arbitrary workgroup name.
 	

@@ -4780,10 +4759,10 @@ remote announce (G)
 	See the chapter on Network Browsing in the Samba-HOWTO book.
 	
Default: remote announce = 
 
-

`+`

`remote browse sync (G) -`



 	This option allows you to setup nmbd(8) to periodically request 
 	synchronization of browse lists with the master browser of a Samba 
 	server that is on a remote segment. This option will allow you to 
@@ -4815,10 +4794,10 @@ remote browse sync (G)
 	each network has its own WINS server.
 	
Default: remote browse sync = 
 
-

`+`

`rename user script (G) -`



 	This is the full pathname to a script that will be run as root by smbd(8) under special circumstances described below.
 	

 	When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
@@ -4836,10 +4815,10 @@ rename user script (G)
 	needs to change for other applications using the same directory.
 	
Default: rename user script = no
 
-

`+`

`reset on zero vc (G) -`



 	This boolean option controls whether an incoming session setup
 	should kill other connections coming from the same IP. This matches
         the default Windows 2003 behaviour.
@@ -4858,10 +4837,10 @@ reset on zero vc (G)
 
 	
Default: reset on zero vc = no
 
-

`+`

`restrict anonymous (G) -`


The setting of this parameter determines whether user and
+


The setting of this parameter determines whether user and
     group list information is returned for an anonymous connection.
     and mirrors the effects of the
 
@@ -4884,16 +4863,16 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
     by setting guest ok = yes on any share.
 	
Default: restrict anonymous = 0
 
-

`+`

`root -`


This parameter is a synonym for root directory.

`+`


This parameter is a synonym for root directory.

`root dir -`


This parameter is a synonym for root directory.

`+`


This parameter is a synonym for root directory.

`root directory (G) -`


The server will chroot() (i.e. 
+


The server will chroot() (i.e. 
     Change its root directory) to this directory on startup. This is 
     not strictly necessary for secure operation. Even without it the 
     server will deny access to files not in one of the service entries. 
@@ -4916,34 +4895,34 @@ root directory (G)
 
 
Example: root directory = /homes/smb
 
-

`+`

`root postexec (S) -`



 	This is the same as the postexec
 	parameter except that the command is run as root. This is useful for 
 	unmounting filesystems (such as CDROMs) after a connection is closed.
 	
Default: root postexec = 
 
-

`+`

`root preexec close (S) -`


This is the same as the preexec close
+


This is the same as the preexec close
 	 parameter except that the command is run as root.
Default: root preexec close = no
 
-

`+`

`root preexec (S) -`



 	This is the same as the preexec
 	parameter except that the command is run as root. This is useful for 
 	mounting filesystems (such as CDROMs) when a connection is opened.
 	
Default: root preexec = 
 
-

`+`

`security mask (S) -`


 	This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
 	UNIX permission on a file using the native NT security dialog box.
 	
@@ -4962,10 +4941,10 @@ security mask (S)
 
 
Example: security mask = 0770
 
-

`+`

`security (G) -`


This option affects how clients respond to 
+


This option affects how clients respond to 
     Samba and is one of the most important settings in the 
     smb.conf file.
The option sets the "security mode bit" in replies to 
     protocol negotiations with smbd(8) to turn share level security on or off. Clients decide 
@@ -5089,10 +5068,10 @@ security (G)
 
 
Example: security = DOMAIN
 
-

`+`

`server schannel (G) -`



 	This controls whether the server offers or even demands the use of the netlogon schannel.
 	server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel.
 	This is only the case for Windows NT4 before SP4.
@@ -5103,10 +5082,10 @@ server schannel (G)
 
 
Example: server schannel = yes
 
-

`+`

`server signing (G) -`


This controls whether the server offers or requires
+


This controls whether the server offers or requires
     the client it talks to to use SMB signing. Possible values 
     are auto, mandatory 
     and disabled. 
@@ -5114,10 +5093,10 @@ server signing (G)
     When set to mandatory, SMB signing is required and if set 
 	to disabled, SMB signing is not offered either.
Default: server signing = Disabled
 
-

`+`

`server string (G) -`


This controls what string will show up in the printer comment box in print 
+


This controls what string will show up in the printer comment box in print 
         manager and next to the IPC connection in net view. It 
         can be any string that you wish to show to your users.
It also sets what will appear in browse lists next 
 	to the machine name.
A %v will be replaced with the Samba 
@@ -5126,10 +5105,10 @@ server string (G)
 
 
Example: server string = University of GNUs Samba Server
 
-

`+`

`set directory (S) -`



 	If set directory = no, then 	users of the 
 	service may not use the setdir command to change directory.
 	

@@ -5138,10 +5117,10 @@ set directory (S)
 	for details.
 	
Default: set directory = no
 
-

`+`

`set primary group script (G) -`


Thanks to the Posix subsystem in NT a Windows User has a
+


Thanks to the Posix subsystem in NT a Windows User has a
 	primary group in addition to the auxiliary groups.  This script
 	sets the primary group in the unix userdatase when an
 	administrator sets the primary group from the windows user
@@ -5153,10 +5132,10 @@ set primary group script (G)
 
 
Example: set primary group script = /usr/sbin/usermod -g '%g' '%u'
 
-

`+`

`set quota command (G) -`


The set quota command should only be used 
+


The set quota command should only be used 
 	whenever there is no operating system API available from the OS that 
 	samba can use.
This option is only available if Samba was configured with the argument --with-sys-quotas or 
 	on linux when ./configure --with-quotas was used and a working quota api 
@@ -5166,10 +5145,10 @@ set quota command (G)
 
 
Example: set quota command = /usr/local/sbin/set_quota
 
-

`+`

`share modes (S) -`


This enables or disables the honoring of 
+


This enables or disables the honoring of 
 	the share modes during a file open. These 
 	modes are used by clients to gain exclusive read or write access 
 	to a file.
These open modes are not directly supported by UNIX, so
@@ -5182,20 +5161,20 @@ share modes (S)
 	by default.
You should NEVER turn this parameter 
 	off as many Windows applications will break if you do so.
Default: share modes = yes
 
-

`+`

`short preserve case (S) -`



 	This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
 	suitable length, are created upper case, or if they are forced to be the default case.
 	This  option can be use with preserve case = yes to permit long filenames
 	to retain their case, while short names are lowered.
 	
See the section on NAME MANGLING.
Default: short preserve case = yes
 
-

`+`

`show add printer wizard (G) -`


With the introduction of MS-RPC based printing support
+


With the introduction of MS-RPC based printing support
     for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
     appear on Samba hosts in the share listing.  Normally this folder will 
     contain an icon for the MS Add Printer Wizard (APW).  However, it is 
@@ -5213,10 +5192,10 @@ show add printer wizard (G)
 
Note
This does not prevent the same user from having 
 		administrative privilege on an individual printer.
Default: show add printer wizard = yes
 
-

`+`

`shutdown script (G) -`


This a full path name to a script called by 
+


This a full path name to a script called by 
 	 smbd(8) that should 
 	start a shutdown procedure.
If the connected user posseses the SeRemoteShutdownPrivilege,
 	right, this command will be run as user.
The %z %t %r %f variables are expanded as follows:
%z will be substituted with the
@@ -5241,10 +5220,10 @@ let "time++"
 
 
Example: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f
 
-

`+`

`smb encrypt (S) -`


This is a new feature introduced with Samba 3.2 and above. It is an
+


This is a new feature introduced with Samba 3.2 and above. It is an
     extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
     SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
     and sign every request/response in a SMB protocol stream. When
@@ -5273,10 +5252,10 @@ smb encrypt (S)
     When set to mandatory, SMB encryption is required and if set 
     to disabled, SMB encryption can not be negotiated.
Default: smb encrypt = auto
 
-

`+`

`smb passwd file (G) -`


This option sets the path to the encrypted smbpasswd file. By
+


This option sets the path to the encrypted smbpasswd file. By
     default the path to the smbpasswd file  is compiled into Samba.

     An example of use is:
 
@@ -5284,15 +5263,15 @@ smb passwd file = /etc/samba/smbpasswd
 

     
Default: smb passwd file = ${prefix}/private/smbpasswd
 
-

`+`

`smb ports (G) -`


Specifies which ports the server should listen on for SMB traffic.
Default: smb ports = 445 139
+


Specifies which ports the server should listen on for SMB traffic.
Default: smb ports = 445 139
 
-

`+`

`socket address (G) -`


This option allows you to control what 
+

This option allows you to control what 
 	address Samba will listen for connections on. This is used to 
 	support multiple virtual interfaces on the one server, each 
 	with a different configuration.By default Samba will accept connections on any 
@@ -5300,10 +5279,10 @@ socket address (G)
 
 
Example: socket address = 192.168.2.20
 
-

`+`

`socket options (G) -`


This option allows you to set socket options 
+


This option allows you to set socket options 
     to be used when talking with the client.
Socket options are controls on the networking layer 
     of the operating systems which allow the connection to be 
     tuned.
This option will typically be used to tune your Samba  server
@@ -5331,17 +5310,17 @@ socket options (G)
 
 
Example: socket options = IPTOS_LOWDELAY
 
-

`+`

`stat cache (G) -`


This parameter determines if smbd(8) will use a cache in order to 
+


This parameter determines if smbd(8) will use a cache in order to 
 	speed up case insensitive name mappings. You should never need 
 	to change this parameter.
Default: stat cache = yes
 
-

`+`

`store dos attributes (S) -`



 	If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
 	READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
 	as occurs with map hidden and map readonly).  When set, DOS
@@ -5353,10 +5332,10 @@ store dos attributes (S)
 	extended attributes to work, also extended attributes must be compiled into the Linux kernel.
 	
Default: store dos attributes = no
 
-

`+`

`strict allocate (S) -`


This is a boolean that controls the handling of 
+


This is a boolean that controls the handling of 
     disk space allocation in the server. When this is set to yes 
     the server will change from UNIX behaviour of not committing real
     disk storage blocks when a file is extended to the Windows behaviour
@@ -5368,10 +5347,10 @@ strict allocate (S)
     out of quota messages on systems that are restricting the disk quota
     of users.
Default: strict allocate = no
 
-

`+`

`strict locking (S) -`



 	This is an enumerated type that controls the handling of file locking in the server. When this is set to yes,
 	the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on 
 	some systems.
@@ -5387,10 +5366,10 @@ strict locking (S)
 	 strict locking = no is acceptable.
 	
Default: strict locking = Auto
 
-

`+`

`strict sync (S) -`


Many Windows applications (including the Windows 98 explorer
+


Many Windows applications (including the Windows 98 explorer
     shell) seem to confuse flushing buffer contents to disk with doing
     a sync to disk. Under UNIX, a sync call forces the process to be
     suspended until the kernel has ensured that all outstanding data in
@@ -5404,10 +5383,10 @@ strict sync (S)
     addition, this fixes many performance problems that people have
     reported with the new Windows98 explorer shell file copies.
Default: strict sync = no
 
-

`+`

`svcctl list (G) -`


This option defines a list of init scripts that smbd
+


This option defines a list of init scripts that smbd
     will use for starting and stopping Unix services via the Win32 
     ServiceControl API.  This allows Windows administrators to 
     utilize the MS Management Console plug-ins to manage a 
@@ -5420,10 +5399,10 @@ svcctl list (G)
 
 
Example: svcctl list = cups postfix portmap httpd
 
-

`+`

`sync always (S) -`


This is a boolean parameter that controls 
+


This is a boolean parameter that controls 
     whether writes will always be written to stable storage before 
     the write call returns. If this is no then the server will be 
     guided by the client's request in each write call (clients can 
@@ -5434,19 +5413,19 @@ sync always (S)
     yes in order for this parameter to have 
     any affect.
Default: sync always = no
 
-

`+`

`syslog only (G) -`



     If this parameter is set then Samba debug messages are logged into the system 
     syslog only, and not to the debug log files. There still will be some
 	logging to log.[sn]mbd even if syslog only is enabled.
     
Default: syslog only = no
 
-

`+`

`syslog (G) -`



     This parameter maps how Samba debug messages are logged onto the system syslog logging levels. 
     Samba debug level zero maps onto syslog LOG_ERR, debug level one maps onto 
     LOG_WARNING, debug level two maps onto LOG_NOTICE,
@@ -5457,10 +5436,10 @@ syslog (G)
     logging to log.[sn]mbd even if syslog only is enabled.
     
Default: syslog = 1
 
-

`+`

`template homedir (G) -`


When filling out the user information for a Windows NT 
+


When filling out the user information for a Windows NT 
 	user, the winbindd(8) daemon  uses this
 	parameter to fill in the home directory for that user. If the
 	string %D is present it
@@ -5468,31 +5447,31 @@ template homedir (G)
 	string %U is present it
 	is substituted with the user's Windows  NT user name.
Default: template homedir = /home/%D/%U
 
-

`+`

`template shell (G) -`


When filling out the user information for a Windows NT 
+


When filling out the user information for a Windows NT 
 	user, the winbindd(8) daemon uses this
-	parameter to fill in the login shell for that user.
No default

`+ parameter to fill in the login shell for that user. No default`

`time offset (G) -`


This parameter is a setting in minutes to add 
+


This parameter is a setting in minutes to add 
 	to the normal GMT to local time conversion. This is useful if 
 	you are serving a lot of PCs that have incorrect daylight 
 	saving time handling.
Default: time offset = 0
 
 
Example: time offset = 60
 
-

`+`

`time server (G) -`


This parameter determines if nmbd(8) advertises itself as a time server to Windows 
+


This parameter determines if nmbd(8) advertises itself as a time server to Windows 
 clients.
Default: time server = no
 
-

`+`

`unix charset (G) -`


Specifies the charset the unix machine 
+


Specifies the charset the unix machine 
 		Samba runs on uses. Samba needs to know this in order to be able to 
 		convert text to the charsets other SMB clients use.
 	
This is also the charset Samba will use when specifying arguments 
@@ -5501,20 +5480,20 @@ unix charset (G)
 
 
Example: unix charset = ASCII
 
-

`+`

`unix extensions (G) -`


This boolean parameter controls whether Samba 
+


This boolean parameter controls whether Samba 
     implments the CIFS UNIX extensions, as defined by HP. 
     These extensions enable Samba to better serve UNIX CIFS clients
     by supporting features such as symbolic links, hard links, etc...
     These extensions require a similarly enabled client, and are of
     no current use to Windows clients.
Default: unix extensions = yes
 
-

`+`

`unix password sync (G) -`


This boolean parameter controls whether Samba 
+


This boolean parameter controls whether Samba 
     attempts to synchronize the UNIX password with the SMB password 
     when the encrypted SMB password in the smbpasswd file is changed. 
     If this is set to yes the program specified in the passwd
@@ -5523,10 +5502,10 @@ unix password sync (G)
     old UNIX password (as the SMB password change code has no 
 	access to the old password cleartext, only the new).
Default: unix password sync = no
 
-

`+`

`update encrypted (G) -`



 	This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
 	password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
 	migrate from plaintext password authentication (users authenticate with plaintext password over the
@@ -5544,10 +5523,10 @@ update encrypted (G)
 	passwords.
 	
Default: update encrypted = no
 
-

`+`

`use client driver (S) -`


This parameter applies only to Windows NT/2000
+

This parameter applies only to Windows NT/2000
     clients.  It has no effect on Windows 95/98/ME clients.  When 
     serving a printer to Windows NT/2000 clients without first installing
     a valid printer driver on the Samba host, the client will be required
@@ -5572,10 +5551,10 @@ use client driver (S)
     on a print share which has valid print driver installed on the Samba 
 	server.
Default: use client driver = no
 
-

`+`

`use kerberos keytab (G) -`



 	Specifies whether Samba should attempt to maintain service principals in the systems
 	keytab file for host/FQDN and cifs/FQDN.
 	

@@ -5587,10 +5566,10 @@ default_keytab_name = FILE:/etc/krb5.keytab
 

 	
Default: use kerberos keytab = False
 
-

`+`

`use mmap (G) -`


This global parameter determines if the tdb internals of Samba can
+


This global parameter determines if the tdb internals of Samba can
     depend on mmap working correctly on the running system. Samba requires a coherent
     mmap/read-write system memory cache. Currently only HPUX does not have such a
     coherent cache, and so this parameter is set to no by
@@ -5599,10 +5578,10 @@ use mmap (G)
     the tdb internal code.
     
Default: use mmap = yes
 
-

`+`

`username level (G) -`


This option helps Samba to try and 'guess' at 
+


This option helps Samba to try and 'guess' at 
     the real UNIX username, as many DOS clients send an all-uppercase 
     username. By default Samba tries all lowercase, followed by the 
     username with the first letter capitalized, and fails if the 
@@ -5617,10 +5596,10 @@ username level (G)
 
 
Example: username level = 5
 
-

`+`

`username map script (G) -`


This script is a mutually exclusive alternative to the 
+


This script is a mutually exclusive alternative to the 
 	username map parameter.  This parameter 
 	specifies and external program or script that must accept a single 
 	command line option (the username transmitted in the authentication
@@ -5631,10 +5610,10 @@ username map script (G)
 
 
Example: username map script = /etc/samba/scripts/mapusers.sh
 
-

`+`

`username map (G) -`



 	This option allows you to specify a file containing a mapping of usernames from the clients to the server.
 	This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
 	machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they
@@ -5718,16 +5697,16 @@ username map = /usr/local/samba/lib/users.map
     
Default: username map = 
 # no username map
 
-

`+`

`user -`


This parameter is a synonym for username.

`+`


This parameter is a synonym for username.

`users -`


This parameter is a synonym for username.

`+`


This parameter is a synonym for username.

`username (S) -`


Multiple users may be specified in a comma-delimited 
+


Multiple users may be specified in a comma-delimited 
     list, in which case the supplied password will be tested against 
     each username in turn (left to right).
The username line is needed only when 
     the PC is unable to supply its own username. This is the case 
@@ -5765,28 +5744,28 @@ username (S)
 
 
Example: username = fred, mary, jack, jane, @users, @pcgroup
 
-

`+`

`usershare allow guests (G) -`


This parameter controls whether user defined shares are allowed
+


This parameter controls whether user defined shares are allowed
 	to be accessed by non-authenticated users or not. It is the equivalent
 	of allowing people who can create a share the option of setting
 	guest ok = yes in a share
 	definition. Due to the security sensitive nature of this the default
 	is set to off.
Default: usershare allow guests = no
 
-

`+`

`usershare max shares (G) -`


This parameter specifies the number of user defined shares
+


This parameter specifies the number of user defined shares
 	that are allowed to be created by users belonging to the group owning the
 	usershare directory. If set to zero (the default) user defined shares are ignored.
 	
Default: usershare max shares = 0
 
-

`+`

`usershare owner only (G) -`


This parameter controls whether the pathname exported by
+


This parameter controls whether the pathname exported by
 	a user defined shares must be owned by the user creating the
 	user defined share or not. If set to True (the default) then
 	smbd checks that the directory path being shared is owned by
@@ -5796,10 +5775,10 @@ usershare owner only (G)
 	regardless of who owns it.
 	
Default: usershare owner only = True
 
-

`+`

`usershare path (G) -`


This parameter specifies the absolute path of the directory on the
+


This parameter specifies the absolute path of the directory on the
 	filesystem used to store the user defined share definition files.
 	This directory must be owned by root, and have no access for
 	other, and be writable only by the group owner. In addition the
@@ -5820,10 +5799,10 @@ usershare path (G)
 	In this case, only members of the group "power_users" can create user defined shares.
 	
Default: usershare path = NULL
 
-

`+`

`usershare prefix allow list (G) -`


This parameter specifies a list of absolute pathnames
+


This parameter specifies a list of absolute pathnames
 	the root of which are allowed to be exported by user defined share definitions.
 	If the pathname exported doesn't start with one of the strings in this
 	list the user defined share will not be allowed. This allows the Samba
@@ -5838,10 +5817,10 @@ usershare prefix allow list (G)
 
 
Example: usershare prefix allow list = /home /data /space
 
-

`+`

`usershare prefix deny list (G) -`


This parameter specifies a list of absolute pathnames
+


This parameter specifies a list of absolute pathnames
 	the root of which are NOT allowed to be exported by user defined share definitions.
 	If the pathname exported starts with one of the strings in this
 	list the user defined share will not be allowed. Any pathname not
@@ -5857,10 +5836,10 @@ usershare prefix deny list (G)
 
 
Example: usershare prefix deny list = /etc /dev /private
 
-

`+`

`usershare template share (G) -`


User defined shares only have limited possible parameters
+


User defined shares only have limited possible parameters
 	such as path, guest ok etc. This parameter allows usershares to
 	"cloned" from an existing share. If "usershare template share"
 	is set to the name of an existing share, then all usershares
@@ -5875,10 +5854,10 @@ usershare template share (G)
 
 
Example: usershare template share = template_share
 
-

`+`

`use sendfile (S) -`


If this parameter is yes, and the sendfile() 
+


If this parameter is yes, and the sendfile() 
     system call is supported by the underlying operating system, then some SMB read calls 
     (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that
     are exclusively oplocked. This may make more efficient use of the system CPU's
@@ -5887,10 +5866,10 @@ use sendfile (S)
     Windows 9x (using sendfile from Linux will cause these clients to fail).
     
Default: use sendfile = false
 
-

`+`

`use spnego (G) -`


This variable controls controls whether samba will try 
+


This variable controls controls whether samba will try 
     to use Simple and Protected NEGOciation (as specified by rfc2478) with 
     WindowsXP and Windows2000 clients to agree upon an authentication mechanism. 
 

@@ -5898,10 +5877,10 @@ use spnego (G)
     implementation, there is no reason this should ever be
 	disabled.
Default: use spnego = yes
 
-

`+`

`utmp directory (G) -`


This parameter is only available if Samba has 
+


This parameter is only available if Samba has 
 	been configured and compiled with the option 
 	--with-utmp. It specifies a directory pathname that is
 	used to store the utmp or utmpx files (depending on the UNIX system) that
@@ -5913,10 +5892,10 @@ utmp directory (G)
 
 
Example: utmp directory = /var/run/utmp
 
-

`+`

`utmp (G) -`



 	This boolean parameter is only available if Samba has been configured and compiled  
 	with the option --with-utmp. If set to 
 	 yes then Samba will attempt to add utmp or utmpx records 
@@ -5928,10 +5907,10 @@ utmp (G)
 	to find this number.  This may impede performance on large installations. 
 	
Default: utmp = no
 
-

`+`

`valid users (S) -`



     This is a list of users that should be allowed to login to this service. Names starting with 
     '@', '+' and  '&' are interpreted using the same rules as described in the 
     invalid users parameter.
@@ -5947,10 +5926,10 @@ valid users (S)
 
 
Example: valid users = greg, @pcusers
 
-

`+`

`-valid (S) -`


 This parameter indicates whether a share is 
+


 This parameter indicates whether a share is 
 	valid and thus can be used. When this parameter is set to false, 
 	the share will be in no way visible nor accessible.
 	

@@ -5959,10 +5938,10 @@ valid users (S)
 	Samba uses this option internally to mark shares as deleted.
 	
Default: -valid = yes
 
-

`+`

`veto files (S) -`



 	This is a list of files and directories that are neither visible nor accessible.  Each entry in 
 	the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' 
 	can be used to specify multiple files or directories as in DOS wildcards.
@@ -5993,10 +5972,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 

 	
Default: veto files = No files or directories are vetoed.
 
-

`+`

`veto oplock files (S) -`



 	This parameter is only valid when the oplocks
 	parameter is turned on for a share. It allows the Samba administrator
 	to selectively turn off the granting of oplocks on selected files that
@@ -6017,31 +5996,31 @@ veto oplock files = /.*SEM/
 	
Default: veto oplock files = 
 # No files are vetoed for oplock grants
 
-

`+`

`vfs object -`


This parameter is a synonym for vfs objects.

`+`


This parameter is a synonym for vfs objects.

`vfs objects (S) -`


This parameter specifies the backend names which 
+


This parameter specifies the backend names which 
 	are used for Samba VFS I/O operations.  By default, normal 
 	disk I/O operations are used but these can be overloaded 
 	with one or more VFS objects. 
Default: vfs objects = 
 
 
Example: vfs objects = extd_audit recycle
 
-

`+`

`volume (S) -`


This allows you to override the volume label 
+


This allows you to override the volume label 
 	returned for a share. Useful for CDROMs with installation programs 
 	that insist on a particular volume label.
Default: volume = 
 # the name of the share
 
-

`+`

`wide links (S) -`


This parameter controls whether or not links 
+


This parameter controls whether or not links 
 	in the UNIX file system may be followed by the server. Links 
 	that point to areas within the directory tree exported by the 
 	server are always allowed; this parameter controls access only 
@@ -6049,10 +6028,10 @@ wide links (S)
 	effect on your server performance due to the extra system calls 
 	that Samba has to  do in order to perform the link checks.
Default: wide links = yes
 
-

`+`

`winbind cache time (G) -`


This parameter specifies the number of 
+


This parameter specifies the number of 
 	seconds the winbindd(8) daemon will cache 
 	user and group information before querying a Windows NT server 
 	again.

@@ -6060,10 +6039,10 @@ winbind cache time (G)
 	evaluated in real time unless the winbind   offline logon option has been enabled.
 	
Default: winbind cache time = 300
 
-

`+`

`winbind enum groups (G) -`


On large installations using winbindd(8) it may be necessary to suppress 
+


On large installations using winbindd(8) it may be necessary to suppress 
 	the enumeration of groups through the setgrent(),
 	getgrent() and
 	endgrent() group of system calls.  If
@@ -6071,10 +6050,10 @@ winbind enum groups (G)
 	no, calls to the getgrent() system
 	call will not return any data. 
Warning
Turning off group enumeration may cause some programs to behave oddly.  
Default: winbind enum groups = no
 
-

`+`

`winbind enum users (G) -`


On large installations using winbindd(8) it may be
+


On large installations using winbindd(8) it may be
 	necessary to suppress the enumeration of users through the setpwent(),
 	 getpwent() and
 	 endpwent() group of system calls.  If
@@ -6086,10 +6065,10 @@ winbind enum users (G)
 	full user list when searching for matching
 	usernames. 
Default: winbind enum users = no
 
-

`+`

`winbind expand groups (G) -`


This option controls the maximum depth that winbindd
+


This option controls the maximum depth that winbindd
               will traverse when flattening nested group memberships
 	      of Windows domain groups.  This is different from the
 	      winbind nested groups option
@@ -6101,10 +6080,10 @@ winbind expand groups (G)
 	 must perform the group unrolling and will be unable to answer
 	 incoming NSS or authentication requests during this time.
Default: winbind expand groups = 1
 
-

`+`

`winbind nested groups (G) -`


If set to yes, this parameter activates the support for nested
+


If set to yes, this parameter activates the support for nested
                  groups. Nested groups are also called local groups or
                  aliases. They work like their counterparts in Windows: Nested
                  groups are defined locally on any machine (they are shared
@@ -6112,33 +6091,25 @@ winbind nested groups (G)
                  global groups from any trusted SAM. To be able to use nested
                  groups, you need to run nss_winbind.
Default: winbind nested groups = yes
 
-

`+`

`winbind normalize names (G) -`


This parameter controls whether winbindd will replace
-	  whitespace in user and group names with an underscore (_) character.
-	  For example, whether the name "Space Kadet" should be
-	  replaced with the string "space_kadet".
-	  Frequently Unix shell scripts will have difficulty with usernames
-	  contains whitespace due to the default field separator in the shell.
-	  If your domain possesses names containing the underscore character,
-	  this option may cause problems unless the name aliasing feature
-	  is supported by your nss_info plugin.
-        
This feature also enables the name aliasing API which can
-	  be used to make domain user and group names to a non-qlaified
-	  version.  Please refer to the manpage for the configured
-	  idmap and nss_info plugin for the specifics on how to configure
-	  name aliasing for a specific configuration.  Name aliasing takes
-	  precendence (and is mutually exclusive) over the whitespace
-	  replacement mechanism discussed previsouly.
-	  
Default: winbind normalize names = no
+


This parameter controls whether winbindd will replace
+	whitespace in user and group names with an underscore (_) character.
+	For example, whether the name "Space Kadet" should be
+	replaced with the string "space_kadet".
+	Frequently Unix shell scripts will have difficulty with usernames 
+	contains whitespace due to the default field separator in the shell.
+	Do not enable this option if the underscore character is used in
+	account names within your domain
+	
Default: winbind normalize names = no
 
 
Example: winbind normalize names = yes
 
-

`+`

`winbind nss info (G) -`


This parameter is designed to control how Winbind retrieves Name
+

This parameter is designed to control how Winbind retrieves Name
 	Service Information to construct a user's home directory and login shell. 
 	Currently the following settings are available: 
 
@@ -6160,10 +6131,10 @@ winbind nss info (G)
 
 
Example: winbind nss info = template sfu
 
-

`+`

`winbind offline logon (G) -`


This parameter is designed to control whether Winbind should
+


This parameter is designed to control whether Winbind should
 	allow to login with the pam_winbind 
 	module using Cached Credentials. If enabled, winbindd will store user credentials
 	from successful logins encrypted in a local cache.
@@ -6171,37 +6142,29 @@ winbind offline logon (G)
 
 
Example: winbind offline logon = true
 
-

`- -winbind reconnect delay (G) -`


This parameter specifies the number of
-	seconds the winbindd(8) daemon will wait between
-	attempts to contact a Domain controller for a domain that is
-	determined to be down or not contactable.
Default: winbind reconnect delay = 30
-
-

`+`

`winbind refresh tickets (G) -`


This parameter is designed to control whether Winbind should refresh Kerberos Tickets
+


This parameter is designed to control whether Winbind should refresh Kerberos Tickets
 	retrieved using the pam_winbind module.
 
 
Default: winbind refresh tickets = false
 
 
Example: winbind refresh tickets = true
 
-

`+`

`winbind rpc only (G) -`



 	Setting this parameter to yes forces 
 	winbindd to use RPC instead of LDAP to retrieve information from Domain
         Controllers.
 	
Default: winbind rpc only = no
 
-

`+`

`winbind separator (G) -`


This parameter allows an admin to define the character 
+


This parameter allows an admin to define the character 
 	used when listing a username of the form of DOMAIN
 	\user.  This parameter 
 	is only applicable when using the pam_winbind.so
@@ -6212,10 +6175,10 @@ winbind separator (G)
 
 
Example: winbind separator = +
 
-

`+`

`winbind trusted domains only (G) -`



 	This parameter is designed to allow Samba servers that are members 
 	of a Samba controlled domain to use UNIX accounts distributed via NIS, 
 	rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
@@ -6223,13 +6186,14 @@ winbind trusted domains only (G)
 	the account user1 in /etc/passwd instead of allocating a new uid for him or her.
 	

 	This parameter is now deprecated in favor of the newer idmap_nss backend.
-	Refer to the idmap_nss(8) man page for more information.
+	Refer to the idmap domains smb.conf option and
+	the idmap_nss(8) man page for more information.
 	
Default: winbind trusted domains only = no
 
-

`+`

`winbind use default domain (G) -`


This parameter specifies whether the
+


This parameter specifies whether the
 	 winbindd(8) daemon should operate on users  
 	without domain component in their username. Users without a domain
 	component are treated as is part of the winbindd server's own
@@ -6239,10 +6203,10 @@ winbind use default domain (G)
 
 
Example: winbind use default domain = yes
 
-

`+`

`wins hook (G) -`


When Samba is running as a WINS server this 
+


When Samba is running as a WINS server this 
 	allows you to call an external program for all changes to the 
 	WINS database. The primary use for this option is to allow the 
 	dynamic update of external name resolution databases such as 
@@ -6263,17 +6227,17 @@ wins hook (G)
 			addresses currently registered for that name. If this list is 
 			empty then the name should be deleted.
An example script that calls the BIND dynamic DNS update 
 	program nsupdate is provided in the examples 
-	directory of the Samba source code. 
No default

`+ directory of the Samba source code. No default`

`wins proxy (G) -`


This is a boolean that controls if nmbd(8) will respond to broadcast name 
+


This is a boolean that controls if nmbd(8) will respond to broadcast name 
 	queries on behalf of  other hosts. You may need to set this 
 	to yes for some older clients.
Default: wins proxy = no
 
-

`+`

`wins server (G) -`


This specifies the IP address (or DNS name: IP 
+


This specifies the IP address (or DNS name: IP 
 	address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on 
 	your network then you should set this to the WINS server's IP.
You should point this at your WINS server if you have a
 	multi-subnetted network.
If you want to work in multiple namespaces, you can 
@@ -6292,19 +6256,19 @@ wins server (G)
 
 
Example: wins server = 192.9.200.1 192.168.2.61
 
-

`+`

`wins support (G) -`


This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should 
+


This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should 
 	not set this to yes unless you have a multi-subnetted network and 
 	you wish a particular nmbd to be your WINS server. 
 	Note that you should NEVER set this to yes
 	on more than one machine in your network.
Default: wins support = no
 
-

`+`

`workgroup (G) -`


This controls what workgroup your server will 
+


This controls what workgroup your server will 
 	appear to be in when queried by clients. Note that this parameter 
 	also controls the Domain name used with 
 	the security = domain
@@ -6312,16 +6276,16 @@ workgroup (G)
 
 
Example: workgroup = MYGROUP
 
-

`+`

`writable -`


This parameter is a synonym for writeable.

`+`


This parameter is a synonym for writeable.

`writeable (S) -`


Inverted synonym for read only.
No default

`+`


Inverted synonym for read only.
No default

`write cache size (S) -`


If this integer parameter is set to non-zero value,
+


If this integer parameter is set to non-zero value,
     Samba will create an in-memory cache for each oplocked file 
     (it does not do this for 
     non-oplocked files). All writes that the client does not request 
@@ -6339,10 +6303,10 @@ write cache size (S)
 
Example: write cache size = 262144
 #  for a 256k cache size per file
 
-

`+`

`write list (S) -`



     This is a list of users that are given read-write access to a service. If the 
     connecting user is in this list then they will be given write access, no matter 
     what the read only option is set to. The list can 
@@ -6357,17 +6321,17 @@ write list (S)
 
 
Example: write list = admin, root, @staff
 
-

`+`

`write raw (G) -`


This parameter controls whether or not the server 
+


This parameter controls whether or not the server 
     will support raw write SMB's when transferring data from clients. 
     You should never need to change this parameter.
Default: write raw = yes
 
-

`+`

`wtmp directory (G) -`



 	This parameter is only available if Samba has been configured and compiled with the option 
 	--with-utmp. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on 
 	the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact 
@@ -6379,7 +6343,7 @@ wtmp directory (G)
 
 
Example: wtmp directory = /var/log/wtmp
 
-

WARNINGS

+

WARNINGS

 	Although the configuration file permits service names to contain spaces, your client software may not.
 	Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
 	

@@ -6392,8 +6356,8 @@ wtmp directory (G)
 	for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
 	care when designing these sections. In particular, ensure that the permissions on spool directories are
 	correct.
-

VERSION
This man page is correct for version 3 of the Samba suite.

SEE ALSO

-	samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

AUTHOR

+

VERSION
This man page is correct for version 3 of the Samba suite.

SEE ALSO

+	samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

AUTHOR

 	The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
 	

diff --git a/docs/htmldocs/manpages/smbcontrol.1.html b/docs/htmldocs/manpages/smbcontrol.1.html
index 6c3d2d286d..0648f42d94 100644
--- a/docs/htmldocs/manpages/smbcontrol.1.html
+++ b/docs/htmldocs/manpages/smbcontrol.1.html
@@ -10,19 +10,13 @@ The default configuration file name is determined at
 compile time.
-i
Run interactively. Individual commands 
 		of the form destination message-type parameters can be entered 
 		on STDIN. An empty command line or a "q" will quit the 
-		program.
destination
One of nmbd, smbd or a process ID.
The all destination causes the 
-		message to "broadcast" to all running daemons including nmbd and
-		winbind. This is a change for Samba 3.3, prior to this the
-		paramter smbd used to do this.
The smbd destination causes the 
-		message to be sent to the smbd daemon specified in the 
-		smbd.pid file.
The nmbd destination causes the 
+		program.
destination
One of nmbd, smbd or a process ID.
The smbd destination causes the 
+		message to "broadcast" to all smbd daemons.
The nmbd destination causes the 
 		message to be sent to the nmbd daemon specified in the 
-		nmbd.pid file.
The winbindd destination causes the 
-		message to be sent to the winbind daemon specified in the 
-		winbindd.pid file.
If a single process ID is given, the message is sent 
+		nmbd.pid file.
If a single process ID is given, the message is sent 
 		to only that process.
message-type
Type of message to send. See 
 		the section MESSAGE-TYPES for details.
-		
parameters
any parameters required for the message-type

MESSAGE-TYPES
Available message types are:
close-share
Order smbd to close the client 
+		
parameters
any parameters required for the message-type

MESSAGE-TYPES
Available message types are:
close-share
Order smbd to close the client 
 	connections to the named share. Note that this doesn't affect client 
 	connections to any other shares. This message-type takes an argument of the
 	share name for which client connections will be closed, or the
@@ -65,8 +59,8 @@ compile time.
-i
Run interactiv
 	to update their local version of the driver. Can only be 
 	sent to smbd.
reload-config
Force daemon to reload smb.conf configuration file. Can be sent
 	to smbd, nmbd, or winbindd.
-

VERSION
This man page is correct for version 3 of 
-	the Samba suite.

SEE ALSO
nmbd(8) and smbd(8).

AUTHOR
The original Samba software and related utilities 
+

VERSION
This man page is correct for version 3 of 
+	the Samba suite.

SEE ALSO
nmbd(8) and smbd(8).

AUTHOR
The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
 	to the way the Linux kernel is developed.
The original Samba man pages were written by Karl Auer. 
diff --git a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
deleted file mode 100644
index 51e517740f..0000000000
--- a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
+++ /dev/null
@@ -1,41 +0,0 @@
-smb_traffic_analyzer
Name
vfs_smb_traffic_analyzer — log Samba VFS read and write operations through a socket
-	to a helper application
Synopsis
vfs objects = smb_traffic_analyzer
DESCRIPTION
This VFS module is part of the
-	samba(7) suite.
The vfs_smb_traffic_analyzer VFS module logs
-	client write and read operations on a Samba server and sends this data
-	over a socket to a helper program, which feeds a SQL database. More
-	information on the helper programs can be obtained from the
-	homepage of the project at:
-	http://holger123.wordpress.com/smb-traffic-analyzer/
-	
vfs_smb_traffic_analyzer currently is aware
-	of the following VFS operations:
write
pwrite
read
pread
vfs_smb_traffic_analyzer sends the following data
-	in a fixed format seperated by a comma through either an internet or a
-	unix domain socket:
-	BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
-	
Description of the records:
-
-	
BYTES - the length in bytes of the VFS operation
USER - the user who initiated the operation
DOMAIN - the domain of the user
READ/WRITE - either "W" for a write operation or "R" for read
SHARE - the name of the share on which the VFS operation occured
FILENAME - the name of the file that was used by the VFS operation
TIMESTAMP - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured

-
-	
This module is stackable.
OPTIONS
smb_traffic_analyzer:mode = STRING
If STRING matches to "unix_domain_socket", the module will
-		use a unix domain socket located at /var/tmp/stadsocket, if
-		STRING contains an different string or is not defined, the module will
-		use an internet domain socket for data transfer.
smb_traffic_analyzer:host = STRING
The module will send the data to the system named with
-		the hostname STRING.
smb_traffic_analyzer:port = STRING
The module will send the data using the TCP port given
-		in STRING
-		
EXAMPLES
The module running on share "example_share", using a unix domain socket
-	[example_share]
-	path = /data/example
-	vfs objects = smb_traffic_analyzer
-	smb_traffic_analyzer:mode = unix_domain_socket
-	
The module running on share "example_share", using an internet domain socket,
-	connecting to host "examplehost" on port 3491.
-	[example_share]
-	path = /data/example
-	vfs objects = smb_traffic_analyzer
-	smb_traffic_analyzer:host = examplehost
-	smb_traffic_analyzer:port = 3490
-	
VERSION
This man page is correct for version 3.3 of the Samba suite.
-	
AUTHOR
The original Samba software and related utilities
-	were created by Andrew Tridgell. Samba is now developed
-	by the Samba Team as an Open Source project similar
-	to the way the Linux kernel is developed.
The original version of the VFS module and the
-	helper tools were created by Holger Hetterich.
diff --git a/docs/htmldocs/manpages/winbindd.8.html b/docs/htmldocs/manpages/winbindd.8.html
index b04ecab0a7..87d67bb47d 100644
--- a/docs/htmldocs/manpages/winbindd.8.html
+++ b/docs/htmldocs/manpages/winbindd.8.html
@@ -127,7 +127,9 @@ log.smbd, etc...). The log file is never removed by the client.
 	where the user and group mappings are stored by winbindd.  If this
 	store is deleted or corrupted, there is no way for winbindd to
 	determine which user and group ids correspond to Windows NT user
-	and group rids.

CONFIGURATION
Configuration of the winbindd daemon
+	and group rids. 
See the idmap domains or the old idmap backend parameters in
+        smb.conf for options for sharing this
+        database, such as via LDAP.

CONFIGURATION
Configuration of the winbindd daemon
 	is done through configuration parameters in the smb.conf(5) file.  All parameters should be specified in the
 	[global] section of smb.conf. 

 		winbind separator

@@ -144,7 +146,7 @@ log.smbd, etc...). The log file is never removed by the client.
 		Setting this parameter forces winbindd to use RPC
 		instead of LDAP to retrieve information from Domain
 		Controllers.
-

EXAMPLE SETUP

+

EXAMPLE SETUP

 	To setup winbindd for user and group lookups plus
 	authentication from a domain controller use something like the
 	following setup. This was tested on an early Red Hat Linux box.
@@ -195,7 +197,7 @@ auth  required    /lib/security/pam_unix.so \
 	and that you can login to your unix box as a domain user, using
 	the DOMAIN+user syntax for the username. You may wish to use the
 	commands getent passwd and getent group
-	 to confirm the correct operation of winbindd.

NOTESThe following notes are useful when configuring and
+	 to confirm the correct operation of winbindd.

NOTES
The following notes are useful when configuring and
 	running winbindd: 
nmbd(8) must be running on the local machine
 	for winbindd to work. 
PAM is really easy to misconfigure.  Make sure you know what
 	you are doing when modifying PAM configuration files.  It is possible
@@ -203,7 +205,7 @@ auth  required    /lib/security/pam_unix.so \
 	then in general the user and groups ids allocated by winbindd will not
 	be the same.  The user and group ids will only be valid for the local
 	machine, unless a shared idmap backend is configured.
If the the Windows NT SID to UNIX user and group id mapping
-	file is damaged or destroyed then the mappings will be lost.

SIGNALS
The following signals can be used to manipulate the
+	file is damaged or destroyed then the mappings will be lost.

SIGNALS
The following signals can be used to manipulate the
 	winbindd daemon. 
SIGHUP
Reload the smb.conf(5) file and
 		apply any parameter changes to the running
 		version of winbindd.  This signal also clears any cached
@@ -211,7 +213,7 @@ auth  required    /lib/security/pam_unix.so \
 		by winbindd is also reloaded.  
SIGUSR2
The SIGUSR2 signal will cause 
 		winbindd to write status information to the winbind
 		log file.
Log files are stored in the filename specified by the
-		log file parameter.

FILES
/etc/nsswitch.conf(5)
Name service switch configuration file.
/tmp/.winbindd/pipe
The UNIX pipe over which clients communicate with
+		log file parameter.

FILES
/etc/nsswitch.conf(5)
Name service switch configuration file.
/tmp/.winbindd/pipe
The UNIX pipe over which clients communicate with
 		the winbindd program.  For security reasons, the
 		winbind client will only attempt to connect to the winbindd daemon
 		if both the /tmp/.winbindd directory
@@ -232,8 +234,8 @@ auth  required    /lib/security/pam_unix.so \
 		compiled using the --with-lockdir option.
 		This directory is by default /usr/local/samba/var/locks
 		. 
$LOCKDIR/winbindd_cache.tdb
Storage for cached user and group information.
-

VERSION
This man page is correct for version 3 of
-        the Samba suite.

SEE ALSO
nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

AUTHOR
The original Samba software and related utilities
+

VERSION
This man page is correct for version 3 of
+        the Samba suite.

SEE ALSO
nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

AUTHOR
The original Samba software and related utilities
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar
 	to the way the Linux kernel is developed.
wbinfo and winbindd were
-- 
cgit v1.2.3

AUTHOR

AUTHOR

Name

DESCRIPTION

NSS_INFO

EXAMPLES

AUTHOR

Name

DESCRIPTION

IDMAP OPTIONS

EXAMPLES

AUTHOR

EXAMPLES

EXAMPLES

NOTE

AUTHOR

AUTHOR

AUTHOR

AUTHOR

EXAMPLES

EXAMPLES

AUTHOR

AUTHOR

AUTHOR

EXAMPLES

AUTHOR

RPC SAMDUMP

RPC VAMPIRE

RPC VAMPIRE KEYTAB

RPC VAMPIRE LDIF

RPC GETSID

ADS LEAVE

ADS STATUS

RPC GETSID

ADS LEAVE

ADS STATUS

ADS PRINTER

ADS PRINTER INFO [PRINTER] [SERVER]

ADS PRINTER

ADS PRINTER INFO [PRINTER] [SERVER]

ADS PRINTER PUBLISH PRINTER

ADS PRINTER REMOVE PRINTER

ADS SEARCH EXPRESSION ATTRIBUTES...

ADS PRINTER PUBLISH PRINTER

ADS PRINTER REMOVE PRINTER

ADS SEARCH EXPRESSION ATTRIBUTES...

ADS DN DN (attributes)

ADS DN DN (attributes)

ADS WORKGROUP

SAM CREATEBUILTINGROUP <NAME>

ADS WORKGROUP

SAM CREATEBUILTINGROUP <NAME>

SAM CREATELOCALGROUP <NAME>

SAM CREATELOCALGROUP <NAME>

SAM DELETELOCALGROUP <NAME>

SAM DELETELOCALGROUP <NAME>

SAM MAPUNIXGROUP <NAME>

SAM MAPUNIXGROUP <NAME>

SAM UNMAPUNIXGROUP <NAME>

SAM UNMAPUNIXGROUP <NAME>

SAM ADDMEM <GROUP> <MEMBER>

SAM ADDMEM <GROUP> <MEMBER>

SAM DELMEM <GROUP> <MEMBER>

SAM DELMEM <GROUP> <MEMBER>

SAM LISTMEM <GROUP>

SAM LISTMEM <GROUP>

SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

SAM SHOW <NAME>

SAM SHOW <NAME>

SAM SET HOMEDIR <NAME> <DIRECTORY>

SAM SET HOMEDIR <NAME> <DIRECTORY>

SAM SET PROFILEPATH <NAME> <PATH>

SAM SET PROFILEPATH <NAME> <PATH>

SAM SET COMMENT <NAME> <COMMENT>

SAM SET COMMENT <NAME> <COMMENT>

SAM SET FULLNAME <NAME> <FULL NAME>

SAM SET FULLNAME <NAME> <FULL NAME>

SAM SET LOGONSCRIPT <NAME> <SCRIPT>

SAM SET LOGONSCRIPT <NAME> <SCRIPT>

ADS PRINTER INFO [`PRINTER`] [`SERVER`]

ADS PRINTER INFO [`PRINTER`] [`SERVER`]

ADS PRINTER PUBLISH `PRINTER`

ADS PRINTER REMOVE `PRINTER`

ADS SEARCH `EXPRESSION` `ATTRIBUTES...`

ADS PRINTER PUBLISH `PRINTER`

ADS PRINTER REMOVE `PRINTER`

ADS SEARCH `EXPRESSION` `ATTRIBUTES...`

ADS DN `DN` `(attributes)`

ADS DN `DN` `(attributes)`

USERSHARE ADD `sharename` `path` `[comment]` `[acl]` `[guest_ok=[y|n]]`

USERSHARE ADD `sharename` `path` `[comment]` `[acl]` `[guest_ok=[y|n]]`

USERSHARE DELETE `sharename`

USERSHARE DELETE `sharename`

USERSHARE INFO `[-l|--long]` `[wildcard sharename]`

USERSHARE INFO `[-l|--long]` `[wildcard sharename]`

USERSHARE LIST `[-l|--long]` `wildcard sharename`

USERSHARE LIST `[-l|--long]` `wildcard sharename`

CONF IMPORT `[--test|-T]` `filename` `[section]`

CONF IMPORT `[--test|-T]` `filename` `[section]`

CONF SHOWSHARE `sharename`

CONF SHOWSHARE `sharename`

CONF ADDSHARE `sharename` `path` [`writeable={y|N}` [`guest_ok={y|N}` [`comment`]]]

CONF ADDSHARE `sharename` `path` [`writeable={y|N}` [`guest_ok={y|N}` [`comment`]]]

CONF DELSHARE `sharename`

CONF DELSHARE `sharename`

CONF SETPARM `section` `parameter` `value`

CONF SETPARM `section` `parameter` `value`

CONF GETPARM `section` `parameter`

CONF GETPARM `section` `parameter`

CONF DELPARM `section` `parameter`

CONF DELPARM `section` `parameter`

CONF GETINCLUDES `section`

CONF GETINCLUDES `section`

CONF SETINCLUDES `section` [`filename`]+

CONF SETINCLUDES `section` [`filename`]+

CONF DELINCLUDES `section`

CONF DELINCLUDES `section`