From ca16c95b70df7e455b620a5d6eb9f224c725ae44 Mon Sep 17 00:00:00 2001 From: vorlon Date: Sat, 14 Feb 2009 17:12:39 +0000 Subject: Merge samba-3.3.0 into branches/samba/upstream. git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream@2570 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/manpages/cifs.upcall.8.html | 10 +- docs/htmldocs/manpages/eventlogadm.8.html | 12 +- docs/htmldocs/manpages/findsmb.1.html | 14 +- docs/htmldocs/manpages/idmap_ad.8.html | 29 +- docs/htmldocs/manpages/idmap_adex.8.html | 44 + docs/htmldocs/manpages/idmap_hash.8.html | 29 + docs/htmldocs/manpages/idmap_ldap.8.html | 70 +- docs/htmldocs/manpages/idmap_nss.8.html | 21 +- docs/htmldocs/manpages/idmap_rid.8.html | 23 +- docs/htmldocs/manpages/idmap_tdb.8.html | 76 +- docs/htmldocs/manpages/idmap_tdb2.8.html | 64 + docs/htmldocs/manpages/index.html | 13 +- docs/htmldocs/manpages/ldb.3.html | 8 +- docs/htmldocs/manpages/ldbadd.1.html | 8 +- docs/htmldocs/manpages/ldbdel.1.html | 8 +- docs/htmldocs/manpages/ldbedit.1.html | 8 +- docs/htmldocs/manpages/ldbmodify.1.html | 8 +- docs/htmldocs/manpages/ldbsearch.1.html | 8 +- docs/htmldocs/manpages/libsmbclient.7.html | 16 +- docs/htmldocs/manpages/lmhosts.5.html | 10 +- docs/htmldocs/manpages/log2pcap.1.html | 10 +- docs/htmldocs/manpages/mount.cifs.8.html | 24 +- docs/htmldocs/manpages/net.8.html | 198 +- docs/htmldocs/manpages/nmbd.8.html | 26 +- docs/htmldocs/manpages/nmblookup.1.html | 16 +- docs/htmldocs/manpages/ntlm_auth.1.html | 42 +- docs/htmldocs/manpages/pam_winbind.7.html | 9 +- docs/htmldocs/manpages/pdbedit.8.html | 12 +- docs/htmldocs/manpages/profiles.1.html | 10 +- docs/htmldocs/manpages/rpcclient.1.html | 24 +- docs/htmldocs/manpages/samba.7.html | 14 +- docs/htmldocs/manpages/smb.conf.5.html | 2305 ++++++++++---------- docs/htmldocs/manpages/smbcacls.1.html | 12 +- docs/htmldocs/manpages/smbclient.1.html | 29 +- docs/htmldocs/manpages/smbcontrol.1.html | 22 +- docs/htmldocs/manpages/smbcquotas.1.html | 10 +- docs/htmldocs/manpages/smbd.8.html | 30 +- docs/htmldocs/manpages/smbget.1.html | 12 +- docs/htmldocs/manpages/smbgetrc.5.html | 10 +- docs/htmldocs/manpages/smbpasswd.5.html | 10 +- docs/htmldocs/manpages/smbpasswd.8.html | 12 +- docs/htmldocs/manpages/smbspool.8.html | 6 +- docs/htmldocs/manpages/smbstatus.1.html | 10 +- docs/htmldocs/manpages/smbtar.1.html | 16 +- docs/htmldocs/manpages/smbtree.1.html | 12 +- docs/htmldocs/manpages/swat.8.html | 18 +- docs/htmldocs/manpages/tdbbackup.8.html | 8 +- docs/htmldocs/manpages/tdbdump.8.html | 4 +- docs/htmldocs/manpages/tdbtool.8.html | 13 +- docs/htmldocs/manpages/testparm.1.html | 14 +- docs/htmldocs/manpages/umount.cifs.8.html | 12 +- docs/htmldocs/manpages/vfs_audit.8.html | 16 +- docs/htmldocs/manpages/vfs_cacheprime.8.html | 16 +- docs/htmldocs/manpages/vfs_cap.8.html | 14 +- docs/htmldocs/manpages/vfs_catia.8.html | 12 +- docs/htmldocs/manpages/vfs_commit.8.html | 18 +- docs/htmldocs/manpages/vfs_default_quota.8.html | 16 +- docs/htmldocs/manpages/vfs_extd_audit.8.html | 6 +- docs/htmldocs/manpages/vfs_fake_perms.8.html | 12 +- docs/htmldocs/manpages/vfs_fileid.8.html | 32 + docs/htmldocs/manpages/vfs_full_audit.8.html | 24 +- docs/htmldocs/manpages/vfs_gpfs.8.html | 20 +- docs/htmldocs/manpages/vfs_netatalk.8.html | 12 +- docs/htmldocs/manpages/vfs_notify_fam.8.html | 10 +- docs/htmldocs/manpages/vfs_prealloc.8.html | 18 +- docs/htmldocs/manpages/vfs_readahead.8.html | 12 +- docs/htmldocs/manpages/vfs_readonly.8.html | 18 +- docs/htmldocs/manpages/vfs_recycle.8.html | 23 +- docs/htmldocs/manpages/vfs_shadow_copy.8.html | 14 +- docs/htmldocs/manpages/vfs_shadow_copy2.8.html | 52 + .../manpages/vfs_smb_traffic_analyzer.8.html | 52 + docs/htmldocs/manpages/vfs_streams_depot.8.html | 12 +- docs/htmldocs/manpages/vfs_streams_xattr.8.html | 8 +- docs/htmldocs/manpages/vfs_xattr_tdb.8.html | 6 +- docs/htmldocs/manpages/vfstest.1.html | 12 +- docs/htmldocs/manpages/wbinfo.1.html | 16 +- docs/htmldocs/manpages/winbind_krb5_locator.7.html | 43 + docs/htmldocs/manpages/winbindd.8.html | 54 +- 78 files changed, 2209 insertions(+), 1768 deletions(-) create mode 100644 docs/htmldocs/manpages/idmap_adex.8.html create mode 100644 docs/htmldocs/manpages/idmap_hash.8.html create mode 100644 docs/htmldocs/manpages/idmap_tdb2.8.html create mode 100644 docs/htmldocs/manpages/vfs_fileid.8.html create mode 100644 docs/htmldocs/manpages/vfs_shadow_copy2.8.html create mode 100644 docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html create mode 100644 docs/htmldocs/manpages/winbind_krb5_locator.7.html (limited to 'docs/htmldocs/manpages') diff --git a/docs/htmldocs/manpages/cifs.upcall.8.html b/docs/htmldocs/manpages/cifs.upcall.8.html index 7f839115f5..0187c44312 100644 --- a/docs/htmldocs/manpages/cifs.upcall.8.html +++ b/docs/htmldocs/manpages/cifs.upcall.8.html @@ -1,12 +1,12 @@ -cifs.upcall

Name

cifs.upcall — Userspace upcall helper for Common Internet File System (CIFS)

Synopsis

cifs.upcall [-c] [-v] {keyid}

DESCRIPTION

This tool is part of the samba(7) suite.

cifs.upcall is a userspace helper program for the linux CIFS client +cifs.upcall

Name

cifs.upcall — Userspace upcall helper for Common Internet File System (CIFS)

Synopsis

cifs.upcall [-c] [-v] {keyid}

DESCRIPTION

This tool is part of the samba(7) suite.

cifs.upcall is a userspace helper program for the linux CIFS client filesystem. There are a number of activities that the kernel cannot easily do itself. This program is a callout program that does these things for the kernel and then returns the result.

cifs.upcall is generally intended to be run when the kernel calls request-key(8) for a particular key type. While it can be run directly from the command-line, it's not generally intended -to be run that way.

OPTIONS

-c

When handling a kerberos upcall, use a service principal that starts with "cifs/". The default is to use the "host/" service principal. +to be run that way.

OPTIONS

-c

When handling a kerberos upcall, use a service principal that starts with "cifs/". The default is to use the "host/" service principal.

-v

Print version number and exit. -

CONFIGURATION FOR KEYCTL

cifs.upcall is designed to be called from the kernel via the +

CONFIGURATION FOR KEYCTL

cifs.upcall is designed to be called from the kernel via the request-key callout program. This requires that request-key be told where and how to call this program. The current cifs.upcall program handles two different key types: @@ -19,10 +19,10 @@ create cifs.spnego * * /usr/local/sbin/cifs.upcall -c %k create dns_resolver * * /usr/local/sbin/cifs.upcall %k

See request-key.conf(5) for more info on each field. -

SEE ALSO

+

SEE ALSO

request-key.conf(5), mount.cifs(8) -

AUTHOR

Igor Mammedov wrote the cifs.upcall program.

Jeff Layton authored this manpage.

The maintainer of the Linux CIFS VFS is Steve French.

The Linux +

AUTHOR

Igor Mammedov wrote the cifs.upcall program.

Jeff Layton authored this manpage.

The maintainer of the Linux CIFS VFS is Steve French.

The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs.

diff --git a/docs/htmldocs/manpages/eventlogadm.8.html b/docs/htmldocs/manpages/eventlogadm.8.html index f0621c45ad..5554ffbeb9 100644 --- a/docs/htmldocs/manpages/eventlogadm.8.html +++ b/docs/htmldocs/manpages/eventlogadm.8.html @@ -1,4 +1,4 @@ -eventlogadm

Name

eventlogadm — push records into the Samba event log store

Synopsis

eventlogadm [-d] [-h] -o +eventlogadm

Name

eventlogadm — push records into the Samba event log store

Synopsis

eventlogadm [-d] [-h] -o addsource EVENTLOG SOURCENAME @@ -6,10 +6,10 @@

eventlogadm [-d] [-h] -o write EVENTLOG -

DESCRIPTION

This tool is part of the samba(1) suite.

eventlogadm is a filter that accepts +

DESCRIPTION

This tool is part of the samba(1) suite.

eventlogadm is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store. Windows client can then manipulate - these record using the usual administration tools.

OPTIONS

-d

+ these record using the usual administration tools.

OPTIONS

-d

The -d option causes eventlogadm to emit debugging information.

@@ -31,7 +31,7 @@ event log store named by EVENTLOG.

-h

Print usage information. -

EVENTLOG RECORD FORMAT

For the write operation, eventlogadm +

EVENTLOG RECORD FORMAT

For the write operation, eventlogadm expects to be able to read structured records from standard input. These records are a sequence of lines, with the record key and data separated by a colon character. Records are separated @@ -80,7 +80,7 @@ eventlog. There may be more than one string in a record.

  • DAT - This field should be left unset. -

    • EXAMPLES

    An example of the record format accepted by eventlogadm:

    +

    EXAMPLES

    An example of the record format accepted by eventlogadm:

     	LEN: 0
 	RS1: 1699505740
 	RCN: 0
@@ -103,7 +103,7 @@
 	tail -f /var/log/messages | \\
 		my_program_to_parse_into_eventlog_records | \\
 	      	eventlogadm SystemLogEvents
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/findsmb.1.html b/docs/htmldocs/manpages/findsmb.1.html index c8bbfe27be..839bc1fe27 100644 --- a/docs/htmldocs/manpages/findsmb.1.html +++ b/docs/htmldocs/manpages/findsmb.1.html @@ -1,12 +1,12 @@ -findsmb

    Name

    findsmb — list info about machines that respond to SMB - name queries on a subnet

    Synopsis

    findsmb [subnet broadcast address]

    DESCRIPTION

    This perl script is part of the samba(7) +findsmb

    Name

    findsmb — list info about machines that respond to SMB + name queries on a subnet

    Synopsis

    findsmb [subnet broadcast address]

    DESCRIPTION

    This perl script is part of the samba(7) suite.

    findsmb is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests. It uses nmblookup(1) and smbclient(1) to obtain this information. -

    OPTIONS

    -r

    Controls whether findsmb takes +

    OPTIONS

    -r

    Controls whether findsmb takes bugs in Windows95 into account when trying to find a Netbios name registered of the remote machine. This option is disabled by default because it is specific to Windows 95 and Windows 95 machines only. @@ -16,7 +16,7 @@ findsmb(1) is run. This value is passed to nmblookup(1) - as part of the -B option.

    EXAMPLES

    The output of findsmb lists the following + as part of the -B option.

    EXAMPLES

    The output of findsmb lists the following information for all machines that respond to the initial nmblookup for any name: IP address, NetBIOS name, Workgroup name, operating system, and SMB server version.

    There will be a '+' in front of the workgroup name for @@ -48,10 +48,10 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION 192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] 192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] 192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] -

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    nmbd(8), +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nmbd(8), smbclient(1), and nmblookup(1) -

    AUTHOR

    The original Samba software and related utilities +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/idmap_ad.8.html b/docs/htmldocs/manpages/idmap_ad.8.html index 40a80d4ae9..bf899d2ec1 100644 --- a/docs/htmldocs/manpages/idmap_ad.8.html +++ b/docs/htmldocs/manpages/idmap_ad.8.html @@ -1,11 +1,11 @@ -idmap_ad

    Name

    idmap_ad — Samba's idmap_ad Backend for Winbind

    DESCRIPTION

    The idmap_ad plugin provides a way for Winbind to read +idmap_ad

    Name

    idmap_ad — Samba's idmap_ad Backend for Winbind

    DESCRIPTION

    The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance by the administrator by adding the posixAccount/posixGroup - classess and relative attribute/value pairs to the users and - groups objects in AD

    IDMAP OPTIONS

    range = low - high

    - Defines the available matching uid and gid range for which the + classes and relative attribute/value pairs to the user and + group objects in the AD.

    IDMAP OPTIONS

    range = low - high

    + Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded. @@ -14,26 +14,25 @@

    schema_mode = <rfc2307 | sfu >

    Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. - This can either the RFC2307 schema support included + This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. -

    EXAMPLES

    +

    EXAMPLES

    The following example shows how to retrieve idmappings from our principal and - and trusted AD domains. All is needed is to set default to yes. If trusted - domains are present id conflicts must be resolved beforehand, there is no + and trusted AD domains. If trusted domains are present id conflicts must be + resolved beforehand, there is no guarantee on the order conflicting mappings would be resolved at this point. This example also shows how to leave a small non conflicting range for local id allocation that may be used in internal backends like BUILTIN. 

     	[global]
-	idmap domains = ALLDOMAINS
-	idmap config ALLDOMAINS:backend      = ad
-	idmap config ALLDOMAINS:default      = yes
-	idmap config ALLDOMAINS:range        = 10000 - 300000000
+	idmap backend = tdb
+	idmap uid = 1000000-1999999
+	idmap gid = 1000000-1999999
 
-	idmap alloc backend = tdb
-	idmap alloc config:range        = 5000 - 9999
-

    AUTHOR

    + idmap config CORP : backend = ad + idmap config CORP : range = 1000-999999 +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_adex.8.html b/docs/htmldocs/manpages/idmap_adex.8.html new file mode 100644 index 0000000000..d59996fa71 --- /dev/null +++ b/docs/htmldocs/manpages/idmap_adex.8.html @@ -0,0 +1,44 @@ +idmap_adex

    Name

    idmap_adex — Samba's idmap_adex Backend for Winbind

    DESCRIPTION

    + The idmap_adex plugin provides a way for Winbind to read + id mappings from an AD server that uses RFC2307 schema + extensions. This module implements both the idmap and nss_info + APIs and supports domain trustes as well as two-way cross + forest trusts. It is a read-only plugin requiring that the + administrator provide mappings in advance by adding the + POSIX attribute information to the users and groups objects + in AD. The most common means of doing this is using "Identity + Services for Unix" support on Windows 2003 R2 and later. +

    + Note that you must add the uidNumber, gidNumber, and uid + attributes to the partial attribute set of the forest global + catalog servers. This can be done using the Active Directory Schema + Management MMC plugin (schmmgmt.dll). +

    NSS_INFO

    + The nss_info plugin supports reading the unixHomeDirectory, + gidNumber, loginShell, and uidNumber attributes from the user + object and the gidNumber attribute from the group object to + fill in information required by the libc getpwnam() and + getgrnam() family of functions. Group membership is filled in + according to the Windows group membership and not the + msSFU30PosixMember attribute. +

    + Username aliases are implement by setting the uid attribute + on the user object. While group name aliases are implemented + by reading the displayname attribute from the group object. +

    EXAMPLES

    + The following example shows how to retrieve idmappings and NSS data + from our principal and trusted AD domains. + 

    +	[global]
+	idmap backend = adex
+	idmap uid = 1000-4000000000
+	idmap gid = 1000-4000000000
+
+	winbind nss info = adex
+	winbind normalize names = yes
+

    AUTHOR

    + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. +

    diff --git a/docs/htmldocs/manpages/idmap_hash.8.html b/docs/htmldocs/manpages/idmap_hash.8.html new file mode 100644 index 0000000000..82870d8fe8 --- /dev/null +++ b/docs/htmldocs/manpages/idmap_hash.8.html @@ -0,0 +1,29 @@ +idmap_hash

    Name

    idmap_hash — Samba's idmap_hash Backend for Winbind

    DESCRIPTION

    The idmap_hash plugin implements a hashing algorithm used + map SIDs for domain users and groups to a 31-bit uid and gid. + This plugin also implements the nss_info API and can be used + to support a local name mapping files if enabled via the + "winbind normlaize names" and "winbind nss info" + parameters in smb.conf. +

    IDMAP OPTIONS

    name_map

    + Specifies the absolute path to the name mapping + file used by the nss_info API. Entries in the file + are of the form "unix name + = qualified domain name". + Mapping of both user and group names is supported. +

    EXAMPLES

    The following example utilizes the idmap_hash plugin for + the idmap and nss_info information. + 

    +	[global]
+	idmap backend = hash
+	idmap uid = 1000-4000000000
+	idmap gid = 1000-4000000000
+
+	winbind nss info = hash
+	winbind normalize names = yes
+	idmap_hash:name_map = /etc/samba/name_map.cfg
+

    AUTHOR

    + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. +

    diff --git a/docs/htmldocs/manpages/idmap_ldap.8.html b/docs/htmldocs/manpages/idmap_ldap.8.html index 0dc38a0c53..8542994041 100644 --- a/docs/htmldocs/manpages/idmap_ldap.8.html +++ b/docs/htmldocs/manpages/idmap_ldap.8.html @@ -1,8 +1,25 @@ -idmap_ldap

    Name

    idmap_ldap — Samba's idmap_ldap Backend for Winbind

    DESCRIPTION

    The idmap_ldap plugin provides a means for Winbind to +idmap_ldap

    Name

    idmap_ldap — Samba's idmap_ldap Backend for Winbind

    DESCRIPTION

    The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory - service. The module implements both the "idmap" and - "idmap alloc" APIs. -

    IDMAP OPTIONS

    ldap_base_dn = DN

    + service. +

    + In contrast to read only backends like idmap_rid, it is an allocating + backend: This means that it needs to allocate new user and group IDs in + order to create new mappings. The allocator can be provided by the + idmap_ldap backend itself or by any other allocating backend like + idmap_tdb or idmap_tdb2. This is configured with the + parameter idmap alloc backend. +

    + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". +

    + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend ldap + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. +

    IDMAP OPTIONS

    ldap_base_dn = DN

    Defines the directory base suffix to use when searching for SID/uid/gid mapping entries. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb.conf. @@ -15,12 +32,11 @@ assume that ldap://localhost/ should be used.

    range = low - high

    Defines the available matching uid and gid range for which the - backend is authoritative. Note that the range commonly matches - the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. -

    IDMAP ALLOC OPTIONS

    ldap_base_dn = DN

    + backend is authoritative. + If the parameter is absent, Winbind fails over to use the + "idmap uid" and "idmap gid" options + from smb.conf. +

    IDMAP ALLOC OPTIONS

    ldap_base_dn = DN

    Defines the directory base suffix under which new SID/uid/gid mapping entries should be stored. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb.conf. @@ -31,37 +47,25 @@ Specifies the LDAP server to which modify/add/delete requests should be sent. If not defined, idmap_ldap will assume that ldap://localhost/ should be used. -

    range = low - high

    - Defines the available matching uid and gid range from which - winbindd can allocate for users and groups. If the parameter - is absent, Winbind fail over to use the "idmap uid" - and "idmap gid" options from smb.conf. -

    EXAMPLES

    - The follow sets of a LDAP configuration which uses a slave server - running on localhost for fast fetching SID/gid/uid mappings, it - implies correct configuration of referrals. - The idmap alloc backend is pointed directly to the master to skip - the referral (and consequent reconnection to the master) that the - slave would return as allocation requires writing on the master. +

    EXAMPLES

    + The follow sets of a LDAP configuration which uses two LDAP + directories, one for storing the ID mappings and one for retrieving + new IDs. 

     	[global]
-	    idmap domains = ALLDOMAINS
-	    idmap config ALLDOMAINS:default      = yes
-	    idmap config ALLDOMAINS:backend      = ldap
-	    idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com
-	    idmap config ALLDOMAINS:ldap_url     = ldap://localhost/
-	    idmap config ALLDOMAINS:range        = 10000 - 50000
+	idmap backend = ldap:ldap://localhost/
+	idmap uid = 1000000-1999999
+	idmap gid = 1000000-1999999
 
-	    idmap alloc backend = ldap
-	    idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com
-	    idmap alloc config:ldap_url     = ldap://master.example.com/
-	    idmap alloc config:range        = 10000 - 50000
+	idmap alloc backend = ldap
+	idmap alloc config : ldap_url	= ldap://id-master/
+	idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com

    NOTE

    In order to use authentication against ldap servers you may need to provide a DN and a password. To avoid exposing the password in plain text in the configuration file we store it into a security store. The "net idmap " command is used to store a secret for the DN specified in a specific idmap domain. -

    AUTHOR

    +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_nss.8.html b/docs/htmldocs/manpages/idmap_nss.8.html index c177691bf3..45f3899756 100644 --- a/docs/htmldocs/manpages/idmap_nss.8.html +++ b/docs/htmldocs/manpages/idmap_nss.8.html @@ -1,26 +1,21 @@ -idmap_nss

    Name

    idmap_nss — Samba's idmap_nss Backend for Winbind

    DESCRIPTION

    The idmap_nss plugin provides a means to map Unix users and groups +idmap_nss

    Name

    idmap_nss — Samba's idmap_nss Backend for Winbind

    DESCRIPTION

    The idmap_nss plugin provides a means to map Unix users and groups to Windows accounts and obseletes the "winbind trusted domains only" smb.conf option. This provides a simple means of ensuring that the SID for a Unix user named jsmith is reported as the one assigned to DOMAIN\jsmith which is necessary for reporting ACLs on files and printers stored on a Samba member server. -

    EXAMPLES

    +

    EXAMPLES

    This example shows how to use idmap_nss to check the local accounts for its own domain while using allocation to create new mappings for trusted domains 

     	[global]
-	    idmap domains = SAMBA TRUSTEDDOMAINS
+	idmap backend = tdb
+	idmap uid = 1000000-1999999
+	idmap gid = 1000000-1999999
 
-	    idmap config SAMBA:backend  = nss
-	    idmap config SAMBA:readonly = yes
-
-	    idmap config TRUSTEDDOMAINS:default = yes
-	    idmap config TRUSTEDDOMAINS:backend = tdb
-	    idmap config TRUSTEDDOMAINS:range   = 10000 - 50000
-
-	    idmap alloc backend      = tdb
-	    idmap alloc config:range = 10000 - 50000
-

    AUTHOR

    + idmap config SAMBA : backend = nss + idmap config SAMBA : range = 1000-999999 +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_rid.8.html b/docs/htmldocs/manpages/idmap_rid.8.html index 7495ee62a1..6115cc584b 100644 --- a/docs/htmldocs/manpages/idmap_rid.8.html +++ b/docs/htmldocs/manpages/idmap_rid.8.html @@ -1,6 +1,6 @@ -idmap_rid

    Name

    idmap_rid — Samba's idmap_rid Backend for Winbind

    DESCRIPTION

    The idmap_rid backend provides a way to use an algorithmic +idmap_rid

    Name

    idmap_rid — Samba's idmap_rid Backend for Winbind

    DESCRIPTION

    The idmap_rid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs. No database is required - in this case as the mapping is deterministic.

    IDMAP OPTIONS

    range = low - high

    + in this case as the mapping is deterministic.

    IDMAP OPTIONS

    range = low - high

    Defines the available matching uid and gid range for which the backend is authoritative. Note that the range acts as a filter. If algorithmically determined UID or GID fall outside the @@ -13,18 +13,17 @@ by default start at 1000 (512 hexadecimal), this means a good value for base_rid can be 1000 as the resulting ID is calculated this way: ID = RID - BASE_RID + LOW RANGE ID. -

    EXAMPLES

    This example shows how to configure 2 domains with idmap_rid

    +		
    
+			Use of this parameter is deprecated.
+

    EXAMPLES

    This example shows how to configure a domain with idmap_rid

     	[global]
-	    idmap domains = MAIN TRUSTED1
+	idmap backend = tdb
+	idmap uid = 1000000-1999999
+	idmap gid = 1000000-1999999
 
-	    idmap config MAIN:backend      = rid
-	    idmap config MAIN:base_rid     = 0
-	    idmap config MAIN:range        = 10000 - 49999
-
-	    idmap config TRUSTED1:backend  = rid
-	    idmap config TRUSTED1:base_rid = 1000
-	    idmap config TRUSTED1:range    = 50000 - 99999
-

    AUTHOR

    + idmap config TRUSTED : backend = rid + idmap config TRUSTED : range = 50000 - 99999 +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_tdb.8.html b/docs/htmldocs/manpages/idmap_tdb.8.html index 467bc00073..dc725da974 100644 --- a/docs/htmldocs/manpages/idmap_tdb.8.html +++ b/docs/htmldocs/manpages/idmap_tdb.8.html @@ -1,31 +1,59 @@ -idmap_tdb

    Name

    idmap_tdb — Samba's idmap_tdb Backend for Winbind

    DESCRIPTION

    The idmap_tdb plugin is the default backend used by winbindd - for storing SID/uid/gid mapping tables and implements - both the "idmap" and "idmap alloc" APIs. -

    IDMAP OPTIONS

    range = low - high

    +idmap_tdb

    Name

    idmap_tdb — Samba's idmap_tdb Backend for Winbind

    DESCRIPTION

    + The idmap_tdb plugin is the default backend used by winbindd + for storing SID/uid/gid mapping tables. +

    + In contrast to read only backends like idmap_rid, it is an allocating + backend: This means that it needs to allocate new user and group IDs in + order to create new mappings. The allocator can be provided by the + idmap_tdb backend itself or by any other allocating backend like + idmap_ldap or idmap_tdb2. This is configured with the + parameter idmap alloc backend. +

    + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". +

    + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend tdb + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. +

    IDMAP OPTIONS

    range = low - high

    Defines the available matching uid and gid range for which the - backend is authoritative. Note that the range commonly matches - the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. -

    IDMAP ALLOC OPTIONS

    range = low - high

    - Defines the available matching uid and gid range from which - winbindd can allocate for users and groups. If the parameter - is absent, Winbind fail over to use the "idmap uid" - and "idmap gid" options from smb.conf. -

    EXAMPLES

    - The following example is equivalent to the pre-3.0.25 default idmap - configuration using the "idmap backend = tdb" setting. + backend is authoritative. + If the parameter is absent, Winbind fails over to use + the "idmap uid" and "idmap gid" options + from smb.conf. +

    EXAMPLES

    + This example shows how tdb is used as a the default idmap backend. + It configures the idmap range through the global options for all + domains encountered. This same range is used for uid/gid allocation. 

     	[global]
-	    idmap domains = ALLDOMAINS
-	    idmap config ALLDOMAINS:default = yes
-	    idmap config ALLDOMAINS:backend = tdb
-	    idmap config ALLDOMAINS:range   = 10000 - 50000
+	# "idmap backend = tdb" is redundant here since it is the default
+	idmap backend = tdb
+	idmap uid = 1000000-2000000
+	idmap gid = 1000000-2000000
+

    + This (rather theoretical) example shows how tdb can be used as the + allocating backend while ldap is the default backend used to store + the mappings. + It adds an explicit configuration for some domain DOM1, that + uses the tdb idmap backend. Note that the same range as the + default uid/gid range is used, since the allocator has to serve + both the default backend and the explicitly configured domain DOM1. + 

    +	[global]
+	idmap backend = ldap
+	idmap uid = 1000000-2000000
+	idmap gid = 1000000-2000000
+	# use a different uid/gid allocator:
+	idmap alloc backend = tdb
 
-	    idmap alloc backend = tdb
-	    idmap alloc config:range = 10000 - 50000
-

    AUTHOR

    + idmap config DOM1 : backend = tdb + idmap config DOM1 : range = 1000000-2000000 +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_tdb2.8.html b/docs/htmldocs/manpages/idmap_tdb2.8.html new file mode 100644 index 0000000000..4242b40f39 --- /dev/null +++ b/docs/htmldocs/manpages/idmap_tdb2.8.html @@ -0,0 +1,64 @@ +idmap_tdb2

    Name

    idmap_tdb2 — Samba's idmap_tdb2 Backend for Winbind

    DESCRIPTION

    + The idmap_tdb2 plugin is a substitute for the default idmap_tdb + backend used by winbindd for storing SID/uid/gid mapping tables + in clustered environments with Samba and CTDB. +

    + In contrast to read only backends like idmap_rid, it is an allocating + backend: This means that it needs to allocate new user and group IDs in + order to create new mappings. The allocator can be provided by the + idmap_tdb2 backend itself or by any other allocating backend like + idmap_tdb or idmap_ldap. This is configured with the + parameter idmap alloc backend. +

    + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". +

    + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend tdb2 + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. +

    IDMAP OPTIONS

    range = low - high

    + Defines the available matching uid and gid range for which the + backend is authoritative. + If the parameter is absent, Winbind fails over to use + the "idmap uid" and "idmap gid" options + from smb.conf. +

    IDMAP SCRIPT

    + The tdb2 idmap backend supports a script for performing id mappings + through the smb.conf option idmap : script. + The script should accept the following command line options. + 

    +	SIDTOID S-1-xxxx
+	IDTOSID UID xxxx
+	IDTOSID GID xxxx
+

    + And it should return one of the following responses as a single line of + text. + 

    +	UID:yyyy
+	GID:yyyy
+	SID:yyyy
+	ERR:yyyy
+

    + Note that the script should cover the complete range of SIDs + that can be passed in for SID to Unix ID mapping, since otherwise + SIDs unmapped by the script might get mapped to IDs that had + previously been mapped by the script. +

    EXAMPLES

    + This example shows how tdb2 is used as a the default idmap backend. + It configures the idmap range through the global options for all + domains encountered. This same range is used for uid/gid allocation. + 

    +	[global]
+	idmap backend = tdb2
+	idmap uid = 1000000-2000000
+	idmap gid = 1000000-2000000
+

    AUTHOR

    + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. +

    diff --git a/docs/htmldocs/manpages/index.html b/docs/htmldocs/manpages/index.html index 1447d6819d..8dc949745e 100644 --- a/docs/htmldocs/manpages/index.html +++ b/docs/htmldocs/manpages/index.html @@ -1,11 +1,14 @@ -
    cifs.upcall(8)

    Userspace upcall helper for Common Internet File System (CIFS) +

    cifs.upcall(8)

    Userspace upcall helper for Common Internet File System (CIFS)

    eventlogadm(8)

    push records into the Samba event log store

    findsmb(1)

    list info about machines that respond to SMB name queries on a subnet

    idmap_ad(8)

    Samba's idmap_ad Backend for Winbind +

    idmap_adex(8)

    Samba's idmap_adex Backend for Winbind +

    idmap_hash(8)

    Samba's idmap_hash Backend for Winbind

    idmap_ldap(8)

    Samba's idmap_ldap Backend for Winbind

    idmap_nss(8)

    Samba's idmap_nss Backend for Winbind

    idmap_rid(8)

    Samba's idmap_rid Backend for Winbind +

    idmap_tdb2(8)

    Samba's idmap_tdb2 Backend for Winbind

    idmap_tdb(8)

    Samba's idmap_tdb Backend for Winbind

    ldb(3)

    A light-weight database library

    ldbadd(1)

    Command-line utility for adding records to an LDB @@ -33,7 +36,7 @@ MS-RPC functions

    samba(7)

    A Windows SMB/CIFS fileserver for UNIX

    smbcacls(1)

    Set or get ACLs on an NT file or directory names -

    smbclient(1)

    ftp-like client to access SMB/CIFS resources +

    smbclient(1)

    ftp-like client to access SMB/CIFS resources on servers

    smb.conf(5)

    The configuration file for the Samba suite

    smbcontrol(1)

    send messages to smbd, nmbd or winbindd processes @@ -64,6 +67,8 @@

    vfs_default_quota(8)

    store default quota records for Windows clients

    vfs_extd_audit(8)

    record selected Samba VFS operations

    vfs_fake_perms(8)

    enable read only Roaming Profiles +

    vfs_fileid(8)

    Generates file_id structs with unique device id values for + cluster setups

    vfs_full_audit(8)

    record Samba VFS operations in the system log

    vfs_gpfs(8)

    gpfs specific samba extensions like acls and prealloc

    vfs_netatalk(8)

    hide .AppleDouble files from CIFS clients @@ -72,7 +77,10 @@

    vfs_readahead(8)

    pre-load the kernel buffer cache

    vfs_readonly(8)

    make a Samba share read only for a specified time period

    vfs_recycle(8)

    Samba VFS recycle bin +

    vfs_shadow_copy2(8)

    Expose snapshots to Windows clients as shadow copies.

    vfs_shadow_copy(8)

    Make a Samba share read only for a specified time period +

    smb_traffic_analyzer(8)

    log Samba VFS read and write operations through a socket + to a helper application

    vfs_streams_depot(8)

    EXPERIMENTAL module to store alternate data streams in a central directory. @@ -82,4 +90,5 @@

    wbinfo(1)

    Query information from winbind daemon

    winbindd(8)

    Name Service Switch daemon for resolving names from NT servers +

    winbind_krb5_locator(7)

    A plugin for MIT and Heimdal Kerberos for detecting KDCs using Windows semantics.

    diff --git a/docs/htmldocs/manpages/ldb.3.html b/docs/htmldocs/manpages/ldb.3.html index 66ee6b10d3..e01f1f8a85 100644 --- a/docs/htmldocs/manpages/ldb.3.html +++ b/docs/htmldocs/manpages/ldb.3.html @@ -1,4 +1,4 @@ -ldb

    Name

    ldb

    The Samba Project

    — A light-weight database library

    Synopsis

    #include <ldb.h>

    description

    +ldb

    Name

    ldb

    The Samba Project

    — A light-weight database library

    Synopsis

    #include <ldb.h>

    description

    ldb is a light weight embedded database library and API. With a programming interface that is very similar to LDAP, ldb can store its data either in a tdb(3) database or in a real LDAP database. @@ -34,7 +34,7 @@ If you are new to ldb, then I suggest starting with the manual pages for ldbsearch(1) and ldbedit(1), and experimenting with a local database. Then I suggest you look at the ldb_connect(3) and ldb_search(3) manual pages. -

    TOOLS

    • +

    TOOLS

    • ldbsearch(1) - command line ldb search utility

    • @@ -49,7 +49,7 @@ ldb_search(3) manual pages.

    • ldbmodify(1) - modify records in a ldb database using LDIF formatted input -

    FUNCTIONS

    • +

    FUNCTIONS

    • ldb_connect(3) - connect to a ldb backend

    • @@ -124,7 +124,7 @@ ldb_search(3) manual pages.

    • ldb_set_debug_stderr(3) - set a debug handler for stderr output -

    Author

    +

    Author

    ldb was written by Andrew Tridgell.

    diff --git a/docs/htmldocs/manpages/ldbadd.1.html b/docs/htmldocs/manpages/ldbadd.1.html index 72871e6708..e001badd23 100644 --- a/docs/htmldocs/manpages/ldbadd.1.html +++ b/docs/htmldocs/manpages/ldbadd.1.html @@ -1,13 +1,13 @@ -ldbadd

    Name

    ldbadd — Command-line utility for adding records to an LDB

    Synopsis

    ldbadd [-h] [-H LDB-URL] [ldif-file1] [ldif-file2] [...]

    DESCRIPTION

    ldbadd adds records to an ldb(7) database. It reads +ldbadd

    Name

    ldbadd — Command-line utility for adding records to an LDB

    Synopsis

    ldbadd [-h] [-H LDB-URL] [ldif-file1] [ldif-file2] [...]

    DESCRIPTION

    ldbadd adds records to an ldb(7) database. It reads the ldif(5) files specified on the command line and adds the records from these files to the LDB database, which is specified by the -H option or the LDB_URL environment variable.

    If - is specified as a ldb file, the ldif input is read from - standard input.

    OPTIONS

    -h

    + standard input.

    OPTIONS

    -h

    Show list of available options.

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbdel, ldif(5)

    AUTHOR

    ldb was written by +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbdel, ldif(5)

    AUTHOR

    ldb was written by Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see diff --git a/docs/htmldocs/manpages/ldbdel.1.html b/docs/htmldocs/manpages/ldbdel.1.html index ca5cae02e4..a69ef89f59 100644 --- a/docs/htmldocs/manpages/ldbdel.1.html +++ b/docs/htmldocs/manpages/ldbdel.1.html @@ -1,12 +1,12 @@ -ldbdel

    Name

    ldbdel — Command-line program for deleting LDB records

    Synopsis

    ldbdel [-h] [-H LDB-URL] [dn] [...]

    DESCRIPTION

    ldbdel deletes records from an ldb(7) database. +ldbdel

    Name

    ldbdel — Command-line program for deleting LDB records

    Synopsis

    ldbdel [-h] [-H LDB-URL] [dn] [...]

    DESCRIPTION

    ldbdel deletes records from an ldb(7) database. It deletes the records identified by the dn's specified on the command-line.

    ldbdel uses either the database that is specified with the -H option or the database specified by the LDB_URL environment - variable.

    OPTIONS

    -h

    + variable.

    OPTIONS

    -h

    Show list of available options.

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbadd, ldif(5)

    AUTHOR

    ldb was written by +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify, ldbadd, ldif(5)

    AUTHOR

    ldb was written by Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see diff --git a/docs/htmldocs/manpages/ldbedit.1.html b/docs/htmldocs/manpages/ldbedit.1.html index 90dd482c3a..d557fca850 100644 --- a/docs/htmldocs/manpages/ldbedit.1.html +++ b/docs/htmldocs/manpages/ldbedit.1.html @@ -1,8 +1,8 @@ -ldbedit

    Name

    ldbedit — Edit LDB databases using your preferred editor

    Synopsis

    ldbedit [-?] [--usage] [-s base|one|sub] [-b basedn] [-a] [-e editor] [-H LDB-URL] [expression] [attributes...]

    DESCRIPTION

    ldbedit is a utility that allows you to edit LDB entries (in +ldbedit

    Name

    ldbedit — Edit LDB databases using your preferred editor

    Synopsis

    ldbedit [-?] [--usage] [-s base|one|sub] [-b basedn] [-a] [-e editor] [-H LDB-URL] [expression] [attributes...]

    DESCRIPTION

    ldbedit is a utility that allows you to edit LDB entries (in tdb files, sqlite files or LDAP servers) using your preferred editor. ldbedit generates an LDIF file based on your query, allows you to edit the LDIF, and then merges that LDIF back into the LDB backend. -

    OPTIONS

    -?, --help

    +

    OPTIONS

    -?, --help

    Show list of available options, and a phrase describing what that option does.

    --usage

    @@ -34,14 +34,14 @@ operations that are being performed. Without this option, ldbedit will only provide a summary change line. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to. This can be +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to. This can be overridden by using the -H command-line option.)

    VISUAL and EDITOR

    Environment variables used to determine what editor to use. VISUAL takes precedence over EDITOR, and both are overridden by the -e command-line option. -

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1)

    AUTHOR

    +

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1)

    AUTHOR

    ldb was written by Andrew Tridgell.

    diff --git a/docs/htmldocs/manpages/ldbmodify.1.html b/docs/htmldocs/manpages/ldbmodify.1.html index 0113c4bcd9..720fc74b00 100644 --- a/docs/htmldocs/manpages/ldbmodify.1.html +++ b/docs/htmldocs/manpages/ldbmodify.1.html @@ -1,11 +1,11 @@ -ldbmodify

    Name

    ldbmodify — Modify records in a LDB database

    Synopsis

    ldbmodify [-H LDB-URL] [ldif-file]

    DESCRIPTION

    +ldbmodify

    Name

    ldbmodify — Modify records in a LDB database

    Synopsis

    ldbmodify [-H LDB-URL] [ldif-file]

    DESCRIPTION

    ldbmodify changes, adds and deletes records in a LDB database. The changes that should be made to the LDB database are read from the specified LDIF-file. If - is specified as the filename, input is read from stdin. -

    For now, see ldapmodify(1) for details on the LDIF file format.

    OPTIONS

    -H <ldb-url>

    +

    For now, see ldapmodify(1) for details on the LDIF file format.

    OPTIONS

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit

    AUTHOR

    ldb was written by +

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit

    AUTHOR

    ldb was written by Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see diff --git a/docs/htmldocs/manpages/ldbsearch.1.html b/docs/htmldocs/manpages/ldbsearch.1.html index 5f4f8c9b10..9cb5707edd 100644 --- a/docs/htmldocs/manpages/ldbsearch.1.html +++ b/docs/htmldocs/manpages/ldbsearch.1.html @@ -1,12 +1,12 @@ -ldbsearch

    Name

    ldbsearch — Search for records in a LDB database

    Synopsis

    ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes]

    DESCRIPTION

    ldbsearch searches a LDB database for records matching the +ldbsearch

    Name

    ldbsearch — Search for records in a LDB database

    Synopsis

    ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes]

    DESCRIPTION

    ldbsearch searches a LDB database for records matching the specified expression (see the ldapsearch(1) manpage for a description of the expression format). For each record, the specified attributes are printed. -

    OPTIONS

    -h

    +

    OPTIONS

    -h

    Show list of available options.

    -H <ldb-url>

    LDB URL to connect to. See ldb(7) for details. -

    -s one|sub|base

    Search scope to use. One-level, subtree or base.

    -i

    Read search expressions from stdin.

    -b basedn

    Specify Base DN to use.

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the - -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit(1)

    AUTHOR

    ldb was written by +

    -s one|sub|base

    Search scope to use. One-level, subtree or base.

    -i

    Read search expressions from stdin.

    -b basedn

    Specify Base DN to use.

    ENVIRONMENT

    LDB_URL

    LDB URL to connect to (can be overrided by using the + -H command-line option.)

    VERSION

    This man page is correct for version 4.0 of the Samba suite.

    SEE ALSO

    ldb(7), ldbedit(1)

    AUTHOR

    ldb was written by Andrew Tridgell.

    If you wish to report a problem or make a suggestion then please see diff --git a/docs/htmldocs/manpages/libsmbclient.7.html b/docs/htmldocs/manpages/libsmbclient.7.html index 86c3d0e7b9..01df943ee2 100644 --- a/docs/htmldocs/manpages/libsmbclient.7.html +++ b/docs/htmldocs/manpages/libsmbclient.7.html @@ -1,6 +1,8 @@ -libsmbclient

    Name

    libsmbclient — An extension library for browsers and that can be used as a generic browsing API.

    Synopsis

    Browser URL:

    - smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options] -

    DESCRIPTION

    +libsmbclient

    Name

    libsmbclient — An extension library for browsers and that can be used as a generic browsing API.

    Synopsis

    + Browser URL: + smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options] + +

    DESCRIPTION

    This tool is part of the samba(7) suite.

    libsmbclient is a library toolset that permits applications to manipulate CIFS/SMB network @@ -12,7 +14,7 @@ libsmbclient can not be used directly from the command line, instead it provides an extension of the capabilities of tools such as file managers and browsers. This man page describes the configuration options for this tool so that the user may obtain greatest utility of use. -

    OPTIONS

    +

    OPTIONS

    What the URLs mean:

    smb://

    Shows all workgroups or domains that are visible in the network. The behavior matches @@ -44,11 +46,11 @@ libsmbclient will check the users shell environment for the USER parameter and will use its value when if the user parameter was not included in the URL. -

    PROGRAMMERS GUIDE

    +

    PROGRAMMERS GUIDE

    Watch this space for future updates. -

    VERSION

    +

    VERSION

    This man page is correct for version 3 of the Samba suite. -

    AUTHOR

    +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. diff --git a/docs/htmldocs/manpages/lmhosts.5.html b/docs/htmldocs/manpages/lmhosts.5.html index e9f5bd48c1..c8c635b3c7 100644 --- a/docs/htmldocs/manpages/lmhosts.5.html +++ b/docs/htmldocs/manpages/lmhosts.5.html @@ -1,8 +1,8 @@ -lmhosts

    Name

    lmhosts — The Samba NetBIOS hosts file

    Synopsis

    lmhosts is the samba(7) NetBIOS name to IP address mapping file.

    DESCRIPTION

    This file is part of the samba(7) suite.

    lmhosts is the Samba +lmhosts

    Name

    lmhosts — The Samba NetBIOS hosts file

    Synopsis

    lmhosts is the samba(7) NetBIOS name to IP address mapping file.

    DESCRIPTION

    This file is part of the samba(7) suite.

    lmhosts is the Samba NetBIOS name to IP address mapping file. It is very similar to the /etc/hosts file format, except that the hostname component must correspond - to the NetBIOS naming format.

    FILE FORMAT

    It is an ASCII file containing one line for NetBIOS name. + to the NetBIOS naming format.

    FILE FORMAT

    It is an ASCII file containing one line for NetBIOS name. The two fields on each line are separated from each other by white space. Any entry beginning with '#' is ignored. Each line in the lmhosts file contains the following information:

    • IP Address - in dotted decimal format.

    • NetBIOS Name - This name format is a @@ -25,10 +25,10 @@ the NetBIOS name requested.

      The second mapping will be returned only when the "0x20" name type for a name "NTSERVER" is queried. Any other name type will not be resolved.

      The default location of the lmhosts file - is in the same directory as the smb.conf(5) file.

    FILES

    lmhosts is loaded from the configuration directory. This is + is in the same directory as the smb.conf(5) file.

    FILES

    lmhosts is loaded from the configuration directory. This is usually /etc/samba or /usr/local/samba/lib. -

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbclient(1), smb.conf(5), and smbpasswd(8) -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbclient(1), smb.conf(5), and smbpasswd(8) +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/log2pcap.1.html b/docs/htmldocs/manpages/log2pcap.1.html index 7922eb7e06..b11b5ecc94 100644 --- a/docs/htmldocs/manpages/log2pcap.1.html +++ b/docs/htmldocs/manpages/log2pcap.1.html @@ -1,11 +1,11 @@ -log2pcap

    Name

    log2pcap — Extract network traces from Samba log files

    Synopsis

    log2pcap [-h] [-q] [logfile] [pcap_file]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    log2pcap reads in a +log2pcap

    Name

    log2pcap — Extract network traces from Samba log files

    Synopsis

    log2pcap [-h] [-q] [logfile] [pcap_file]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    log2pcap reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file.

    The log file must have a log level of at least 5 to get the SMB header/parameters right, 10 to get the first 512 data bytes of the packet and 50 to get the whole packet. -

    OPTIONS

    -h

    If this parameter is +

    OPTIONS

    -h

    If this parameter is specified the output file will be a hex dump, in a format that is readable by the text2pcap utility.

    -q

    Be quiet. No warning messages about missing @@ -17,13 +17,13 @@ If this argument is not specified, output data will be written to stdout.

    -h|--help

    Print a summary of command line options. -

    EXAMPLES

    Extract all network traffic from all samba log files:

    +

    EXAMPLES

    Extract all network traffic from all samba log files:

     			$ log2pcap < /var/log/* > trace.pcap

    Convert to pcap using text2pcap:

     	$ log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap
-

    VERSION

    This man page is correct for version 3 of the Samba suite.

    BUGS

    Only SMB data is extracted from the samba logs, no LDAP, +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    BUGS

    Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data.

    The generated TCP and IP headers don't contain a valid - checksum.

    SEE ALSO

    text2pcap(1), ethereal(1)

    AUTHOR

    The original Samba software and related utilities + checksum.

    SEE ALSO

    text2pcap(1), ethereal(1)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    This manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/mount.cifs.8.html b/docs/htmldocs/manpages/mount.cifs.8.html index 909353425d..a9be046e31 100644 --- a/docs/htmldocs/manpages/mount.cifs.8.html +++ b/docs/htmldocs/manpages/mount.cifs.8.html @@ -1,4 +1,4 @@ -mount.cifs

    Name

    mount.cifs — mount using the Common Internet File System (CIFS)

    Synopsis

    mount.cifs {service} {mount-point} [-o options]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    mount.cifs mounts a Linux CIFS filesystem. It +mount.cifs

    Name

    mount.cifs — mount using the Common Internet File System (CIFS)

    Synopsis

    mount.cifs {service} {mount-point} [-o options]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    mount.cifs mounts a Linux CIFS filesystem. It is usually invoked indirectly by the mount(8) command when using the "-t cifs" option. This command only works in Linux, and the kernel must @@ -20,7 +20,7 @@ kernel log.

    mount.cifs causes the cifs vfs to launch a thread named cifsd. After mounting it keeps running until the mounted resource is unmounted (usually via the umount utility). -

    OPTIONS

    user=arg

    specifies the username to connect as. If +

    OPTIONS

    user=arg

    specifies the username to connect as. If this is not given, then the environment variable USER is used. This option can also take the form "user%password" or "workgroup/user" or "workgroup/user%password" to allow the password and workgroup @@ -29,7 +29,7 @@ to be specified as part of the username. The cifs vfs accepts the parameter user=, or for users familiar with smbfs it accepts the longer form of the parameter username=. Similarly the longer smbfs style parameter names may be accepted as synonyms for the shorter cifs parameters pass=,dom= and cred=.

    password=arg

    specifies the CIFS password. If this option is not given then the environment variable -PASSWD is used. If the password is not specified +PASSWD is used. If the password is not specified directly or indirectly via an argument to mount, mount.cifs will prompt for a password, unless the guest option is specified.

    Note that a password which contains the delimiter @@ -39,10 +39,12 @@ in the PASSWD environment variable or via a credentials file (see below) or entered at the password prompt will be read correctly.

    credentials=filename

    specifies a file that contains a username - and/or password. The format of the file is: + and/or password and optionally the name of the + workgroup. The format of the file is: 

     		username=value
 		password=value
+		workgroup=value

    This is preferred over having passwords in plaintext in a shared file, such as /etc/fstab. Be sure to protect any @@ -213,11 +215,11 @@ port 445 is tried and if no response then port 139 is tried.

    wsize=arg

    default network write size (default 57344) maximum wsize currently allowed by CIFS is 57344 (fourteen - 4096 byte pages)

    --verbose

    Print additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:

    mount -t cifs //server/share /mnt --verbose -o user=username

    SERVICE FORMATTING AND DELIMITERS

    + 4096 byte pages)

    --verbose

    Print additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:

    mount -t cifs //server/share /mnt --verbose -o user=username

    SERVICE FORMATTING AND DELIMITERS

    It's generally preferred to use forward slashes (/) as a delimiter in service names. They are considered to be the "universal delimiter" since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to blackslashes (\) unconditionally. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can't be automatically converted in the same way.

    mount.cifs will attempt to convert backslashes to forward slashes where it's able to do so, but it cannot do so in any path component following the sharename. -

    ENVIRONMENT VARIABLES

    +

    ENVIRONMENT VARIABLES

    The variable USER may contain the username of the person to be used to authenticate to the server. The variable can be used to set both username and @@ -229,7 +231,7 @@ person using the client. The variable PASSWD_FILE may contain the pathname of a file to read the password from. A single line of input is read and used as the password. -

    NOTES

    This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled.

    CONFIGURATION

    +

    NOTES

    This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled.

    CONFIGURATION

    The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem. In the directory /proc/fs/cifs are various @@ -240,7 +242,7 @@ loaded. These can be seen by running the modinfo utility against the file cifs.ko which will list the options that may be passed to cifs during module installation (device driver load). For more information see the kernel file fs/cifs/README. -

    BUGS

    Mounting using the CIFS URL specification is currently not supported. +

    BUGS

    Mounting using the CIFS URL specification is currently not supported.

    The credentials file does not handle usernames or passwords with leading space.

    Note that the typical response to a bug report is a suggestion @@ -248,11 +250,11 @@ to try the latest version first. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: mount.cifs (try mount.cifs -V), kernel (see /proc/version) and server type you are trying to contact. -

    VERSION

    This man page is correct for version 1.52 of - the cifs vfs filesystem (roughly Linux kernel 2.6.24).

    SEE ALSO

    +

    VERSION

    This man page is correct for version 1.52 of + the cifs vfs filesystem (roughly Linux kernel 2.6.24).

    SEE ALSO

    Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel source tree may contain additional options and information. -

    umount.cifs(8)

    AUTHOR

    Steve French

    The syntax and manpage were loosely based on that of smbmount. It +

    umount.cifs(8)

    AUTHOR

    Steve French

    The syntax and manpage were loosely based on that of smbmount. It was converted to Docbook/XML by Jelmer Vernooij.

    The maintainer of the Linux cifs vfs and the userspace tool mount.cifs is Steve French. The Linux CIFS Mailing list diff --git a/docs/htmldocs/manpages/net.8.html b/docs/htmldocs/manpages/net.8.html index 94d7917bd1..5dbeb35357 100644 --- a/docs/htmldocs/manpages/net.8.html +++ b/docs/htmldocs/manpages/net.8.html @@ -1,13 +1,13 @@ -net

    Name

    net — Tool for administration of Samba and remote +net

    Name

    net — Tool for administration of Samba and remote CIFS servers. -

    Synopsis

    net {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-d debuglevel] [-V]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The Samba net utility is meant to work just like the net utility +

    Synopsis

    net {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-d debuglevel] [-V]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The Samba net utility is meant to work just like the net utility available for windows and DOS. The first argument should be used to specify the protocol to use when executing a certain command. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000. If this argument is omitted, net will try to determine it automatically. Not all commands are available on all protocols. -

    OPTIONS

    -h|--help

    Print a summary of command line options. +

    OPTIONS

    -h|--help

    Print a summary of command line options.

    -w target-workgroup

    Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. @@ -24,7 +24,7 @@ Defaults to trying 445 first, then 139.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the netbios name parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -s <configuration file>

    The file specified contains the @@ -53,19 +53,19 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter -in the smb.conf file.

    COMMANDS

    CHANGESECRETPW

    This command allows the Samba machine account password to be set from an external application +override the log level parameter +in the smb.conf file.

    COMMANDS

    CHANGESECRETPW

    This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory. DO NOT USE this command unless you know exactly what you are doing. The use of this command requires that the force flag (-f) be used also. There will be NO command prompt. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning. YOU HAVE BEEN WARNED. -

    TIME

    The NET TIME command allows you to view the time on a remote server - or synchronise the time on the local server with the time on the remote server.

    TIME

    Without any options, the NET TIME command +

    TIME

    The NET TIME command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server.

    TIME

    Without any options, the NET TIME command displays the time on the remote server. -

    TIME SYSTEM

    Displays the time on the remote server in a format ready for /bin/date.

    TIME SET

    Tries to set the date and time of the local server to that on -the remote server using /bin/date.

    TIME ZONE

    Displays the timezone in hours from GMT on the remote computer.

    [RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

    +

    TIME SYSTEM

    Displays the time on the remote server in a format ready for /bin/date.

    TIME SET

    Tries to set the date and time of the local server to that on +the remote server using /bin/date.

    TIME ZONE

    Displays the timezone in hours from GMT on the remote computer.

    [RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]

    Join a domain. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically. (Assuming that the machine has been created in server manager) @@ -82,81 +82,81 @@ OU string reads from top to bottom without RDNs, and is delimited by a '/'. Please note that '\' is used for escape by both the shell and ldap, so it may need to be doubled or quadrupled to pass through, and it is not used as a delimiter. -

    [RPC] OLDJOIN [options]

    Join a domain. Use the OLDJOIN option to join the domain +

    [RPC] OLDJOIN [options]

    Join a domain. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust -account in server manager first.

    [RPC|ADS] USER

    [RPC|ADS] USER

    List all users

    [RPC|ADS] USER DELETE target

    Delete specified user

    [RPC|ADS] USER INFO target

    List the domain groups of the specified user.

    [RPC|ADS] USER RENAME oldname newname

    Rename specified user.

    [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

    Add specified user.

    [RPC|ADS] GROUP

    [RPC|ADS] GROUP [misc options] [targets]

    List user groups.

    [RPC|ADS] GROUP DELETE name [misc. options]

    Delete specified group.

    [RPC|ADS] GROUP ADD name [-C comment]

    Create specified group.

    [RAP|RPC] SHARE

    [RAP|RPC] SHARE [misc. options] [targets]

    Enumerates all exported resources (network shares) on target server.

    [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]

    Adds a share from a server (makes the export active). Maxusers +account in server manager first.

    [RPC|ADS] USER

    [RPC|ADS] USER

    List all users

    [RPC|ADS] USER DELETE target

    Delete specified user

    [RPC|ADS] USER INFO target

    List the domain groups of the specified user.

    [RPC|ADS] USER RENAME oldname newname

    Rename specified user.

    [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

    Add specified user.

    [RPC|ADS] GROUP

    [RPC|ADS] GROUP [misc options] [targets]

    List user groups.

    [RPC|ADS] GROUP DELETE name [misc. options]

    Delete specified group.

    [RPC|ADS] GROUP ADD name [-C comment]

    Create specified group.

    [RAP|RPC] SHARE

    [RAP|RPC] SHARE [misc. options] [targets]

    Enumerates all exported resources (network shares) on target server.

    [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]

    Adds a share from a server (makes the export active). Maxusers specifies the number of users that can be connected to the -share simultaneously.

    SHARE DELETE sharename

    Delete specified share.

    [RPC|RAP] FILE

    [RPC|RAP] FILE

    List all open files on remote server.

    [RPC|RAP] FILE CLOSE fileid

    Close file with specified fileid on -remote server.

    [RPC|RAP] FILE INFO fileid

    +share simultaneously.

    SHARE DELETE sharename

    Delete specified share.

    [RPC|RAP] FILE

    [RPC|RAP] FILE

    List all open files on remote server.

    [RPC|RAP] FILE CLOSE fileid

    Close file with specified fileid on +remote server.

    [RPC|RAP] FILE INFO fileid

    Print information on specified fileid. Currently listed are: file-id, username, locks, path, permissions. -

    [RAP|RPC] FILE USER user

    +

    [RAP|RPC] FILE USER user

    List files opened by specified user. Please note that net rap file user does not work against Samba servers. -

    SESSION

    RAP SESSION

    Without any other options, SESSION enumerates all active SMB/CIFS -sessions on the target server.

    RAP SESSION DELETE|CLOSE CLIENT_NAME

    Close the specified sessions.

    RAP SESSION INFO CLIENT_NAME

    Give a list with all the open files in specified session.

    RAP SERVER DOMAIN

    List all servers in specified domain or workgroup. Defaults -to local domain.

    RAP DOMAIN

    Lists all domains and workgroups visible on the -current network.

    RAP PRINTQ

    RAP PRINTQ LIST QUEUE_NAME

    Lists the specified print queue and print jobs on the server. +

    SESSION

    RAP SESSION

    Without any other options, SESSION enumerates all active SMB/CIFS +sessions on the target server.

    RAP SESSION DELETE|CLOSE CLIENT_NAME

    Close the specified sessions.

    RAP SESSION INFO CLIENT_NAME

    Give a list with all the open files in specified session.

    RAP SERVER DOMAIN

    List all servers in specified domain or workgroup. Defaults +to local domain.

    RAP DOMAIN

    Lists all domains and workgroups visible on the +current network.

    RAP PRINTQ

    RAP PRINTQ INFO QUEUE_NAME

    Lists the specified print queue and print jobs on the server. If the QUEUE_NAME is omitted, all -queues are listed.

    RAP PRINTQ DELETE JOBID

    Delete job with specified id.

    RAP VALIDATE user [password]

    +queues are listed.

    RAP PRINTQ DELETE JOBID

    Delete job with specified id.

    RAP VALIDATE user [password]

    Validate whether the specified user can log in to the remote server. If the password is not specified on the commandline, it will be prompted. -

    Note

    Currently NOT implemented.

    RAP GROUPMEMBER

    RAP GROUPMEMBER LIST GROUP

    List all members of the specified group.

    RAP GROUPMEMBER DELETE GROUP USER

    Delete member from group.

    RAP GROUPMEMBER ADD GROUP USER

    Add member to group.

    RAP ADMIN command

    Execute the specified command on +

    Note

    Currently NOT implemented.

    RAP GROUPMEMBER

    RAP GROUPMEMBER LIST GROUP

    List all members of the specified group.

    RAP GROUPMEMBER DELETE GROUP USER

    Delete member from group.

    RAP GROUPMEMBER ADD GROUP USER

    Add member to group.

    RAP ADMIN command

    Execute the specified command on the remote server. Only works with OS/2 servers. -

    Note

    Currently NOT implemented.

    RAP SERVICE

    RAP SERVICE START NAME [arguments...]

    Start the specified service on the remote server. Not implemented yet.

    Note

    Currently NOT implemented.

    RAP SERVICE STOP

    Stop the specified service on the remote server.

    Note

    Currently NOT implemented.

    RAP PASSWORD USER OLDPASS NEWPASS

    +

    Note

    Currently NOT implemented.

    RAP SERVICE

    RAP SERVICE START NAME [arguments...]

    Start the specified service on the remote server. Not implemented yet.

    Note

    Currently NOT implemented.

    RAP SERVICE STOP

    Stop the specified service on the remote server.

    Note

    Currently NOT implemented.

    RAP PASSWORD USER OLDPASS NEWPASS

    Change password of USER from OLDPASS to NEWPASS. -

    LOOKUP

    LOOKUP HOST HOSTNAME [TYPE]

    +

    LOOKUP

    LOOKUP HOST HOSTNAME [TYPE]

    Lookup the IP address of the given host with the specified type (netbios suffix). The type defaults to 0x20 (workstation). -

    LOOKUP LDAP [DOMAIN]

    Give IP address of LDAP server of specified DOMAIN. Defaults to local domain.

    LOOKUP KDC [REALM]

    Give IP address of KDC for the specified REALM. -Defaults to local realm.

    LOOKUP DC [DOMAIN]

    Give IP's of Domain Controllers for specified -DOMAIN. Defaults to local domain.

    LOOKUP MASTER DOMAIN

    Give IP of master browser for specified DOMAIN -or workgroup. Defaults to local domain.

    CACHE

    Samba uses a general caching interface called 'gencache'. It +

    LOOKUP LDAP [DOMAIN]

    Give IP address of LDAP server of specified DOMAIN. Defaults to local domain.

    LOOKUP KDC [REALM]

    Give IP address of KDC for the specified REALM. +Defaults to local realm.

    LOOKUP DC [DOMAIN]

    Give IP's of Domain Controllers for specified +DOMAIN. Defaults to local domain.

    LOOKUP MASTER DOMAIN

    Give IP of master browser for specified DOMAIN +or workgroup. Defaults to local domain.

    CACHE

    Samba uses a general caching interface called 'gencache'. It can be controlled using 'NET CACHE'.

    All the timeout parameters support the suffixes:

    s - Seconds
    m - Minutes
    h - Hours
    d - Days
    w - Weeks

    -

    CACHE ADD key data time-out

    Add specified key+data to the cache with the given timeout.

    CACHE DEL key

    Delete key from the cache.

    CACHE SET key data time-out

    Update data of existing cache entry.

    CACHE SEARCH PATTERN

    Search for the specified pattern in the cache data.

    CACHE LIST

    +

    CACHE ADD key data time-out

    Add specified key+data to the cache with the given timeout.

    CACHE DEL key

    Delete key from the cache.

    CACHE SET key data time-out

    Update data of existing cache entry.

    CACHE SEARCH PATTERN

    Search for the specified pattern in the cache data.

    CACHE LIST

    List all current items in the cache. -

    CACHE FLUSH

    Remove all the current items from the cache.

    GETLOCALSID [DOMAIN]

    Prints the SID of the specified domain, or if the parameter is -omitted, the SID of the local server.

    SETLOCALSID S-1-5-21-x-y-z

    Sets SID for the local server to the specified SID.

    GETDOMAINSID

    Prints the local machine SID and the SID of the current -domain.

    SETDOMAINSID

    Sets the SID of the current domain.

    GROUPMAP

    Manage the mappings between Windows group SIDs and UNIX groups. +

    CACHE FLUSH

    Remove all the current items from the cache.

    GETLOCALSID [DOMAIN]

    Prints the SID of the specified domain, or if the parameter is +omitted, the SID of the local server.

    SETLOCALSID S-1-5-21-x-y-z

    Sets SID for the local server to the specified SID.

    GETDOMAINSID

    Prints the local machine SID and the SID of the current +domain.

    SETDOMAINSID

    Sets the SID of the current domain.

    GROUPMAP

    Manage the mappings between Windows group SIDs and UNIX groups. Common options include:

    • unixgroup - Name of the UNIX group

    • ntgroup - Name of the Windows NT group (must be resolvable to a SID

    • rid - Unsigned 32-bit integer

    • sid - Full SID in the form of "S-1-..."

    • type - Type of the group; either 'domain', 'local', - or 'builtin'

    • comment - Freeform text description of the group

    GROUPMAP ADD

    + or 'builtin'

  • comment - Freeform text description of the group

    • GROUPMAP ADD

    Add a new group mapping entry: 

     net groupmap add {rid=int|sid=string} unixgroup=string \
 	[type={domain|local}] [ntgroup=string] [comment=string]

    -

    GROUPMAP DELETE

    Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.

    net groupmap delete {ntgroup=string|sid=SID}

    GROUPMAP MODIFY

    Update en existing group entry.

    +

    GROUPMAP DELETE

    Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.

    net groupmap delete {ntgroup=string|sid=SID}

    GROUPMAP MODIFY

    Update en existing group entry.

     net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
        [comment=string] [type={domain|local}]

    -

    GROUPMAP LIST

    List existing group mapping entries.

    net groupmap list [verbose] [ntgroup=string] [sid=SID]

    MAXRID

    Prints out the highest RID currently in use on the local +

    GROUPMAP LIST

    List existing group mapping entries.

    net groupmap list [verbose] [ntgroup=string] [sid=SID]

    MAXRID

    Prints out the highest RID currently in use on the local server (by the active 'passdb backend'). -

    RPC INFO

    Print information about the domain of the remote server, +

    RPC INFO

    Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups. -

    [RPC|ADS] TESTJOIN

    Check whether participation in a domain is still valid.

    [RPC|ADS] CHANGETRUSTPW

    Force change of domain trust password.

    RPC TRUSTDOM

    RPC TRUSTDOM ADD DOMAIN

    Add a interdomain trust account for DOMAIN. +

    [RPC|ADS] TESTJOIN

    Check whether participation in a domain is still valid.

    [RPC|ADS] CHANGETRUSTPW

    Force change of domain trust password.

    RPC TRUSTDOM

    RPC TRUSTDOM ADD DOMAIN

    Add a interdomain trust account for DOMAIN. This is in fact a Samba account named DOMAIN$ with the account flag 'I' (interdomain trust account). If the command is used against localhost it has the same effect as smbpasswd -a -i DOMAIN. Please note that both commands expect a appropriate UNIX account. -

    RPC TRUSTDOM DEL DOMAIN

    Remove interdomain trust account for +

    RPC TRUSTDOM DEL DOMAIN

    Remove interdomain trust account for DOMAIN. If it is used against localhost it has the same effect as smbpasswd -x DOMAIN$. -

    RPC TRUSTDOM ESTABLISH DOMAIN

    +

    RPC TRUSTDOM ESTABLISH DOMAIN

    Establish a trust relationship to a trusting domain. Interdomain account must already be created on the remote PDC. -

    RPC TRUSTDOM REVOKE DOMAIN

    Abandon relationship to trusted domain

    RPC TRUSTDOM LIST

    List all current interdomain trust relationships.

    RPC RIGHTS

    This subcommand is used to view and manage Samba's rights assignments (also +

    RPC TRUSTDOM REVOKE DOMAIN

    Abandon relationship to trusted domain

    RPC TRUSTDOM LIST

    List all current interdomain trust relationships.

    RPC RIGHTS

    This subcommand is used to view and manage Samba's rights assignments (also referred to as privileges). There are three options currently available: list, grant, and revoke. More details on Samba's privilege model and its use -can be found in the Samba-HOWTO-Collection.

    RPC ABORTSHUTDOWN

    Abort the shutdown of a remote server.

    RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]

    Shut down the remote server.

    -r

    +can be found in the Samba-HOWTO-Collection.

    RPC ABORTSHUTDOWN

    Abort the shutdown of a remote server.

    RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]

    Shut down the remote server.

    -r

    Reboot after shutdown.

    -f

    Force shutting down all applications. @@ -164,21 +164,23 @@ Force shutting down all applications. Timeout before system will be shut down. An interactive user of the system can use this time to cancel the shutdown.

    -C message

    Display the specified message on the screen to -announce the shutdown.

    RPC SAMDUMP

    Print out sam database of remote server. You need -to run this against the PDC, from a Samba machine joined as a BDC.

    RPC VAMPIRE

    Export users, aliases and groups from remote server to +announce the shutdown.

    RPC SAMDUMP

    Print out sam database of remote server. You need +to run this against the PDC, from a Samba machine joined as a BDC.

    RPC VAMPIRE

    Export users, aliases and groups from remote server to local server. You need to run this against the PDC, from a Samba machine joined as a BDC. -

    RPC GETSID

    Fetch domain SID and store it in the local secrets.tdb.

    ADS LEAVE

    Make the remote host leave the domain it is part of.

    ADS STATUS

    Print out status of machine account of the local machine in ADS. +

    RPC VAMPIRE KEYTAB

    Dump remote SAM database to local Kerberos keytab file. +

    RPC VAMPIRE LDIF

    Dump remote SAM database to local LDIF file or standard output. +

    RPC GETSID

    Fetch domain SID and store it in the local secrets.tdb.

    ADS LEAVE

    Make the remote host leave the domain it is part of.

    ADS STATUS

    Print out status of machine account of the local machine in ADS. Prints out quite some debug info. Aimed at developers, regular -users should use NET ADS TESTJOIN.

    ADS PRINTER

    ADS PRINTER INFO [PRINTER] [SERVER]

    +users should use NET ADS TESTJOIN.

    ADS PRINTER

    ADS PRINTER INFO [PRINTER] [SERVER]

    Lookup info for PRINTER on SERVER. The printer name defaults to "*", the -server name defaults to the local host.

    ADS PRINTER PUBLISH PRINTER

    Publish specified printer using ADS.

    ADS PRINTER REMOVE PRINTER

    Remove specified printer from ADS directory.

    ADS SEARCH EXPRESSION ATTRIBUTES...

    Perform a raw LDAP search on a ADS server and dump the results. The +server name defaults to the local host.

    ADS PRINTER PUBLISH PRINTER

    Publish specified printer using ADS.

    ADS PRINTER REMOVE PRINTER

    Remove specified printer from ADS directory.

    ADS SEARCH EXPRESSION ATTRIBUTES...

    Perform a raw LDAP search on a ADS server and dump the results. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results.

    Example: net ads search '(objectCategory=group)' sAMAccountName -

    ADS DN DN (attributes)

    +

    ADS DN DN (attributes)

    Perform a raw LDAP search on a ADS server and dump the results. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result. -

    Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

    ADS WORKGROUP

    Print out workgroup name for specified kerberos realm.

    SAM CREATEBUILTINGROUP <NAME>

    +

    Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName

    ADS WORKGROUP

    Print out workgroup name for specified kerberos realm.

    SAM CREATEBUILTINGROUP <NAME>

    (Re)Create a BUILTIN group. Only a wellknown set of BUILTIN groups can be created with this command. This is the list of currently recognized group names: Administrators, @@ -188,78 +190,78 @@ compatible Access. This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

    SAM CREATELOCALGROUP <NAME>

    +

    SAM CREATELOCALGROUP <NAME>

    Create a LOCAL group (also known as Alias). This command requires a running Winbindd with idmap allocation properly configured. The group gid will be allocated out of the winbindd range. -

    SAM DELETELOCALGROUP <NAME>

    +

    SAM DELETELOCALGROUP <NAME>

    Delete an existing LOCAL group (also known as Alias). -

    SAM MAPUNIXGROUP <NAME>

    +

    SAM MAPUNIXGROUP <NAME>

    Map an existing Unix group and make it a Domain Group, the domain group will have the same name. -

    SAM UNMAPUNIXGROUP <NAME>

    +

    SAM UNMAPUNIXGROUP <NAME>

    Remove an existing group mapping entry. -

    SAM ADDMEM <GROUP> <MEMBER>

    +

    SAM ADDMEM <GROUP> <MEMBER>

    Add a member to a Local group. The group can be specified only by name, the member can be specified by name or SID. -

    SAM DELMEM <GROUP> <MEMBER>

    +

    SAM DELMEM <GROUP> <MEMBER>

    Remove a member from a Local group. The group and the member must be specified by name. -

    SAM LISTMEM <GROUP>

    +

    SAM LISTMEM <GROUP>

    List Local group members. The group must be specified by name. -

    SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

    +

    SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]

    List the specified set of accounts by name. If verbose is specified, the rid and description is also provided for each account. -

    SAM SHOW <NAME>

    +

    SAM SHOW <NAME>

    Show the full DOMAIN\\NAME the SID and the type for the corresponding account. -

    SAM SET HOMEDIR <NAME> <DIRECTORY>

    +

    SAM SET HOMEDIR <NAME> <DIRECTORY>

    Set the home directory for a user account. -

    SAM SET PROFILEPATH <NAME> <PATH>

    +

    SAM SET PROFILEPATH <NAME> <PATH>

    Set the profile path for a user account. -

    SAM SET COMMENT <NAME> <COMMENT>

    +

    SAM SET COMMENT <NAME> <COMMENT>

    Set the comment for a user or group account. -

    SAM SET FULLNAME <NAME> <FULL NAME>

    +

    SAM SET FULLNAME <NAME> <FULL NAME>

    Set the full name for a user account. -

    SAM SET LOGONSCRIPT <NAME> <SCRIPT>

    +

    SAM SET LOGONSCRIPT <NAME> <SCRIPT>

    Set the logon script for a user account. -

    SAM SET HOMEDRIVE <NAME> <DRIVE>

    +

    SAM SET HOMEDRIVE <NAME> <DRIVE>

    Set the home drive for a user account. -

    SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>

    +

    SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>

    Set the workstations a user account is allowed to log in from. -

    SAM SET DISABLE <NAME>

    +

    SAM SET DISABLE <NAME>

    Set the "disabled" flag for a user account. -

    SAM SET PWNOTREQ <NAME>

    +

    SAM SET PWNOTREQ <NAME>

    Set the "password not required" flag for a user account. -

    SAM SET AUTOLOCK <NAME>

    +

    SAM SET AUTOLOCK <NAME>

    Set the "autolock" flag for a user account. -

    SAM SET PWNOEXP <NAME>

    +

    SAM SET PWNOEXP <NAME>

    Set the "password do not expire" flag for a user account. -

    SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]

    +

    SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]

    Set or unset the "password must change" flag for a user account. -

    SAM POLICY LIST

    +

    SAM POLICY LIST

    List the available account policies. -

    SAM POLICY SHOW <account policy>

    +

    SAM POLICY SHOW <account policy>

    Show the account policy value. -

    SAM POLICY SET <account policy> <value>

    +

    SAM POLICY SET <account policy> <value>

    Set a value for the account policy. Valid values can be: "forever", "never", "off", or a number. -

    SAM PROVISION

    +

    SAM PROVISION

    Only available if ldapsam:editposix is set and winbindd is running. Properly populates the ldap tree with the basic accounts (Administrator) and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree. -

    IDMAP DUMP <local tdb file name>

    +

    IDMAP DUMP <local tdb file name>

    Dumps the mappings contained in the local tdb file specified. This command is useful to dump only the mappings produced by the idmap_tdb backend. -

    IDMAP RESTORE [input file]

    +

    IDMAP RESTORE [input file]

    Restore the mappings from the specified file or stdin. -

    IDMAP SECRET <DOMAIN>|ALLOC <secret>

    +

    IDMAP SECRET <DOMAIN>|ALLOC <secret>

    Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server. -

    USERSHARE

    Starting with version 3.0.23, a Samba server now supports the ability for +

    USERSHARE

    Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user defined shares to be exported using the "net usershare" commands.

    @@ -288,7 +290,7 @@ can create user defined shares on demand using the commands below.

    net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.
    net usershare delete sharename - to delete a user defined share.
    net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.
    net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.

    -

    USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]

    +

    USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]

    Add or replace a new user defined share, with name "sharename".

    "path" specifies the absolute pathname on the system to be exported. @@ -325,11 +327,11 @@ sharename as the one you wish to modify and specify the new options you wish. The Samba smbd daemon notices user defined share modifications at connect time so will see the change immediately, there is no need to restart smbd on adding, deleting or changing a user defined share. -

    USERSHARE DELETE sharename

    +

    USERSHARE DELETE sharename

    Deletes the user defined share by name. The Samba smbd daemon immediately notices this change, although it will not disconnect any users currently connected to the deleted share. -

    USERSHARE INFO [-l|--long] [wildcard sharename]

    +

    USERSHARE INFO [-l|--long] [wildcard sharename]

    Get info on user defined shares owned by the current user matching the given pattern, or all users.

    net usershare info on its own dumps out info on the user defined shares that were @@ -348,7 +350,7 @@ guest_ok=n And is a list of the current settings of the user defined share that can be modified by the "net usershare add" command. -

    USERSHARE LIST [-l|--long] wildcard sharename

    +

    USERSHARE LIST [-l|--long] wildcard sharename

    List all the user defined shares owned by the current user matching the given pattern, or all users.

    net usershare list on its own list out the names of the user defined shares that were @@ -356,7 +358,7 @@ created by the current user, or restricts the list to share names that match the wildcard pattern ('*' matches one or more characters, '?' matches only one character). If the '-l' or '--long' option is also given, it includes the names of user defined shares created by other users. -

    CONF

    Starting with version 3.2.0, a Samba server can be configured by data +

    CONF

    Starting with version 3.2.0, a Samba server can be configured by data stored in registry. This configuration data can be edited with the new "net conf" commands.

    @@ -364,9 +366,9 @@ The deployment of this configuration data can be activated in two levels from th smb.conf file: Share definitions from registry are activated by setting registry shares to “yes” in the [global] section and global configuration options are -activated by setting include = registry in +activated by setting include = registry in the [global] section for a mixed configuration or by setting -config backend = registry in the [global] +config backend = registry in the [global] section for a registry-only configuration. See the smb.conf(5) manpage for details.

    The conf commands are: @@ -374,10 +376,10 @@ See the

    CONF LIST

    +

    CONF LIST

    Print the configuration data stored in the registry in a smb.conf-like format to standard output. -

    CONF IMPORT [--test|-T] filename [section]

    +

    CONF IMPORT [--test|-T] filename [section]

    This command imports configuration from a file in smb.conf format. If a section encountered in the input file is present in registry, its contents is replaced. Sections of registry configuration that have @@ -387,30 +389,30 @@ Optionally, a section may be specified to restrict the effect of the import command to that specific section. A test mode is enabled by specifying the parameter "-T" on the commandline. In test mode, no changes are made to the registry, and the resulting configuration is printed to standard output instead. -

    CONF LISTSHARES

    +

    CONF LISTSHARES

    List the names of the shares defined in registry. -

    CONF DROP

    +

    CONF DROP

    Delete the complete configuration data from registry. -

    CONF SHOWSHARE sharename

    +

    CONF SHOWSHARE sharename

    Show the definition of the share or section specified. It is valid to specify "global" as sharename to retrieve the global configuration options from registry. -

    CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N} [comment]]]

    Create a new share definition in registry. +

    CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N} [comment]]]

    Create a new share definition in registry. The sharename and path have to be given. The share name may not be "global". Optionally, values for the very common options "writeable", "guest ok" and a "comment" may be specified. The same result may be obtained by a sequence of "net conf setparm" commands. -

    CONF DELSHARE sharename

    +

    CONF DELSHARE sharename

    Delete a share definition from registry. -

    CONF SETPARM section parameter value

    +

    CONF SETPARM section parameter value

    Store a parameter in registry. The section may be global or a sharename. The section is created if it does not exist yet. -

    CONF GETPARM section parameter

    +

    CONF GETPARM section parameter

    Show a parameter stored in registry. -

    CONF DELPARM section parameter

    +

    CONF DELPARM section parameter

    Delete a parameter stored in registry. -

    CONF GETINCLUDES section

    +

    CONF GETINCLUDES section

    Get the list of includes for the provided section (global or share).

    Note that due to the nature of the registry database and the nature of include directives, @@ -426,14 +428,14 @@ per share, and this list is evaluated after all the parameters of the share. Further note that currently, only files can be included from registry configuration. In the future, there will be the ability to include configuration data from other registry keys. -

    CONF SETINCLUDES section [filename]+

    +

    CONF SETINCLUDES section [filename]+

    Set the list of includes for the provided section (global or share) to the given list of one or more filenames. The filenames may contain the usual smb.conf macros like %I. -

    CONF DELINCLUDES section

    +

    CONF DELINCLUDES section

    Delete the list of includes from the provided section (global or share). -

    HELP [COMMAND]

    Gives usage information for the specified command.

    VERSION

    This man page is complete for version 3 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    HELP [COMMAND]

    Gives usage information for the specified command.

    VERSION

    This man page is complete for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The net manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/nmbd.8.html b/docs/htmldocs/manpages/nmbd.8.html index e750136409..6cb2fbffdc 100644 --- a/docs/htmldocs/manpages/nmbd.8.html +++ b/docs/htmldocs/manpages/nmbd.8.html @@ -1,5 +1,5 @@ -nmbd

    Name

    nmbd — NetBIOS name server to provide NetBIOS - over IP naming services to clients

    Synopsis

    nmbd [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-p <port number>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    nmbd is a server that understands +nmbd

    Name

    nmbd — NetBIOS name server to provide NetBIOS + over IP naming services to clients

    Synopsis

    nmbd [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-p <port number>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    nmbd is a server that understands and can reply to NetBIOS over IP name service requests, like those produced by SMB/CIFS clients such as Windows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager clients. It also @@ -11,7 +11,7 @@ specified it will respond with the IP number of the host it is running on. Its "own NetBIOS name" is by default the primary DNS name of the host it is running on, - but this can be overridden by the netbios name + but this can be overridden by the netbios name in smb.conf. Thus nmbd will reply to broadcast queries for its own name(s). Additional names for nmbd to respond on can be set @@ -22,7 +22,7 @@ replying to queries from clients for these names.

    In addition, nmbd can act as a WINS proxy, relaying broadcast queries from clients that do not understand how to talk the WINS protocol to a WINS - server.

    OPTIONS

    -D

    If specified, this parameter causes + server.

    OPTIONS

    -D

    If specified, this parameter causes nmbd to operate as a daemon. That is, it detaches itself and runs in the background, fielding requests on the appropriate port. By default, nmbd @@ -51,7 +51,7 @@

    -H <filename>

    NetBIOS lmhosts file. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name - resolution mechanism name resolve order described in smb.conf(5) to resolve any + resolution mechanism name resolve order described in smb.conf(5) to resolve any NetBIOS name queries needed by the server. Note that the contents of this file are NOT used by nmbd to answer any name queries. @@ -72,7 +72,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -88,7 +88,7 @@ log.smbd, etc...). The log file is never removed by the client. This option changes the default UDP port number (normally 137) that nmbd responds to name queries on. Don't use this option unless you are an expert, in which case you - won't need help!

    FILES

    /etc/inetd.conf

    If the server is to be run by the + won't need help!

    FILES

    /etc/inetd.conf

    If the server is to be run by the inetd meta-daemon, this file must contain suitable startup information for the meta-daemon. @@ -104,18 +104,18 @@ log.smbd, etc...). The log file is never removed by the client. configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/samba/smb.conf.

    When run as a WINS server (see the - wins support + wins support parameter in the smb.conf(5) man page), nmbd will store the WINS database in the file wins.dat in the var/locks directory configured under wherever Samba was configured to install itself.

    If nmbd is acting as a - browse master (see the local master + browse master (see the local master parameter in the smb.conf(5) man page, nmbd will store the browsing database in the file browse.dat in the var/locks directory configured under wherever Samba was configured to install itself. -

    SIGNALS

    To shut down an nmbd process it is recommended +

    SIGNALS

    To shut down an nmbd process it is recommended that SIGKILL (-9) NOT be used, except as a last resort, as this may leave the name database in an inconsistent state. The correct way to terminate nmbd is to send it @@ -129,13 +129,13 @@ log.smbd, etc...). The log file is never removed by the client. using smbcontrol(1) (SIGUSR[1|2] signals are no longer used since Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running - at a normally low log level.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    + at a normally low log level.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    inetd(8), smbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the Internet RFC's rfc1001.txt, rfc1002.txt. In addition the CIFS (formerly SMB) specification is available as a link from the Web page - http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities + http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/nmblookup.1.html b/docs/htmldocs/manpages/nmblookup.1.html index 33369bdcbb..929ca68172 100644 --- a/docs/htmldocs/manpages/nmblookup.1.html +++ b/docs/htmldocs/manpages/nmblookup.1.html @@ -1,9 +1,9 @@ -nmblookup

    Name

    nmblookup — NetBIOS over TCP/IP client used to lookup NetBIOS - names

    Synopsis

    nmblookup [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] [-f] {name}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    nmblookup is used to query NetBIOS names +nmblookup

    Name

    nmblookup — NetBIOS over TCP/IP client used to lookup NetBIOS + names

    Synopsis

    nmblookup [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] [-f] {name}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    nmblookup is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine. All queries - are done over UDP.

    OPTIONS

    -M

    Searches for a master browser by looking + are done over UDP.

    OPTIONS

    -M

    Searches for a master browser by looking up the NetBIOS name name with a type of 0x1d. If name is "-" then it does a lookup on the special name @@ -28,7 +28,7 @@

    -A

    Interpret name as an IP Address and do a node status query on this address.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the netbios name parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -i <scope>

    This specifies a NetBIOS scope that @@ -65,7 +65,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -88,12 +88,12 @@ log.smbd, etc...). The log file is never removed by the client. If a NetBIOS name then the different name types may be specified by appending '#<type>' to the name. This name may also be '*', which will return all registered names within a broadcast - area.

    EXAMPLES

    nmblookup can be used to query + area.

    EXAMPLES

    nmblookup can be used to query a WINS server (in the same way nslookup is used to query DNS servers). To query a WINS server, nmblookup must be called like this:

    nmblookup -U server -R 'name'

    For example, running :

    nmblookup -U samba.org -R 'IRIX#1B'

    would query the WINS server samba.org for the domain - master browser (1B name type) for the IRIX workgroup.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    nmbd(8), samba(7), and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities + master browser (1B name type) for the IRIX workgroup.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nmbd(8), samba(7), and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/ntlm_auth.1.html b/docs/htmldocs/manpages/ntlm_auth.1.html index 3086f35588..bf8458a350 100644 --- a/docs/htmldocs/manpages/ntlm_auth.1.html +++ b/docs/htmldocs/manpages/ntlm_auth.1.html @@ -1,18 +1,18 @@ -ntlm_auth

    Name

    ntlm_auth — tool to allow external access to Winbind's NTLM authentication function

    Synopsis

    ntlm_auth [-d debuglevel] [-l logdir] [-s <smb config file>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    ntlm_auth is a helper utility that authenticates +ntlm_auth

    Name

    ntlm_auth — tool to allow external access to Winbind's NTLM authentication function

    Synopsis

    ntlm_auth [-d debuglevel] [-l logdir] [-s <smb config file>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    ntlm_auth is a helper utility that authenticates users using NT/LM authentication. It returns 0 if the users is authenticated successfully and 1 if access was denied. ntlm_auth uses winbind to access the user and authentication data for a domain. This utility is only indended to be used by other programs (currently Squid and mod_ntlm_winbind) -

    OPERATIONAL REQUIREMENTS

    +

    OPERATIONAL REQUIREMENTS

    The winbindd(8) daemon must be operational for many of these commands to function.

    Some of these commands also require access to the directory winbindd_privileged in $LOCKDIR. This should be done either by running this command as root or providing group access to the winbindd_privileged directory. For - security reasons, this directory should not be world-accessable.

    OPTIONS

    --helper-protocol=PROTO

    + security reasons, this directory should not be world-accessable.

    OPTIONS

    --helper-protocol=PROTO

    Operate as a stdio-based helper. Valid helper protocols are:

    squid-2.4-basic

    Server-side helper for use with Squid 2.4's basic (plaintext) @@ -64,33 +64,33 @@ any data (such as usernames/passwords) that may contain malicous user data, such as a newline. They may also need to decode strings from the helper, which likewise may have been base64 encoded.

    Username

    The username, expected to be in - Samba's unix charset. -

    Example 1. 

    Username: bob


    Example 2. 

    Username:: Ym9i


    Username

    The user's domain, expected to be in - Samba's unix charset. -

    Example 3. 

    Domain: WORKGROUP


    Example 4. 

    Domain:: V09SS0dST1VQ


    Full-Username

    The fully qualified username, expected to be in - Samba's unix charset and qualified with the - winbind separator. -

    Example 5. 

    Full-Username: WORKGROUP\bob


    Example 6. 

    Full-Username:: V09SS0dST1VQYm9i


    LANMAN-Challenge

    The 8 byte LANMAN Challenge value, + Samba's unix charset. +

    Example 1. 

    Username: bob


    Example 2. 

    Username:: Ym9i


    Username

    The user's domain, expected to be in + Samba's unix charset. +

    Example 3. 

    Domain: WORKGROUP


    Example 4. 

    Domain:: V09SS0dST1VQ


    Full-Username

    The fully qualified username, expected to be in + Samba's unix charset and qualified with the + winbind separator. +

    Example 5. 

    Full-Username: WORKGROUP\bob


    Example 6. 

    Full-Username:: V09SS0dST1VQYm9i


    LANMAN-Challenge

    The 8 byte LANMAN Challenge value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client. -

    Example 7. 

    LANMAN-Challege: 0102030405060708


    LANMAN-Response

    The 24 byte LANMAN Response value, +

    Example 7. 

    LANMAN-Challege: 0102030405060708


    LANMAN-Response

    The 24 byte LANMAN Response value, calculated from the user's password and the supplied LANMAN Challenge. Typically, this is provided over the network by a client wishing to authenticate. -

    Example 8. 

    LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    NT-Response

    The >= 24 byte NT Response +

    Example 8. 

    LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    NT-Response

    The >= 24 byte NT Response calculated from the user's password and the supplied LANMAN Challenge. Typically, this is provided over the network by a client wishing to authenticate. -

    Example 9. 

    NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    Password

    The user's password. This would be +

    Example 9. 

    NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


    Password

    The user's password. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way. -

    Example 10. 

    Password: samba2


    Example 11. 

    Password:: c2FtYmEy


    Request-User-Session-Key

    Apon sucessful authenticaiton, return +

    Example 10. 

    Password: samba2


    Example 11. 

    Password:: c2FtYmEy


    Request-User-Session-Key

    Apon sucessful authenticaiton, return the user session key associated with the login. -

    Example 12. 

    Request-User-Session-Key: Yes


    Request-LanMan-Session-Key

    Apon sucessful authenticaiton, return +

    Example 12. 

    Request-User-Session-Key: Yes


    Request-LanMan-Session-Key

    Apon sucessful authenticaiton, return the LANMAN session key associated with the login. -

    Example 13. 

    Request-LanMan-Session-Key: Yes


    --username=USERNAME

    +

    Example 13. 

    Request-LanMan-Session-Key: Yes


    --username=USERNAME

    Specify username of user to authenticate

    --domain=DOMAIN

    Specify domain of user to authenticate @@ -115,7 +115,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -128,7 +128,7 @@ compile time.

    -l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

    -h|--help

    Print a summary of command line options. -

    EXAMPLE SETUP

    To setup ntlm_auth for use by squid 2.5, with both basic and +

    EXAMPLE SETUP

    To setup ntlm_auth for use by squid 2.5, with both basic and NTLMSSP authentication, the following should be placed in the squid.conf file. 

    @@ -144,13 +144,13 @@ auth_param basic credentialsttl 2 hours
 
     auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users'
 auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'
-

    TROUBLESHOOTING

    If you're experiencing problems with authenticating Internet Explorer running +

    TROUBLESHOOTING

    If you're experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication helper (--helper-protocol=squid-2.5-ntlmssp), then please read the Microsoft Knowledge Base article #239869 and follow instructions described there. -

    VERSION

    This man page is correct for version 3 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The ntlm_auth manpage was written by Jelmer Vernooij and diff --git a/docs/htmldocs/manpages/pam_winbind.7.html b/docs/htmldocs/manpages/pam_winbind.7.html index 25e534c687..b76a6746b4 100644 --- a/docs/htmldocs/manpages/pam_winbind.7.html +++ b/docs/htmldocs/manpages/pam_winbind.7.html @@ -1,6 +1,6 @@ -pam_winbind

    Name

    pam_winbind — PAM module for Winbind

    DESCRIPTION

    This tool is part of the samba(7) suite.

    +pam_winbind

    Name

    pam_winbind — PAM module for Winbind

    DESCRIPTION

    This tool is part of the samba(7) suite.

    pam_winbind is a PAM module that can authenticate users against the local domain by talking to the Winbind daemon. -

    OPTIONS

    +

    OPTIONS

    pam_winbind supports several options which can either be set in the PAM configuration files or in the pam_winbind configuration @@ -52,10 +52,13 @@ Winbind allows to logon using cached credentials when winbind offline logon is enabled. To use this feature from the PAM module this option must be set.

    silent

    Do not emit any messages. +

    mkhomedir

    + Create homedirectory for a user on-the-fly, option is valid in + PAM session block.

    -

    SEE ALSO

    wbinfo(1), winbindd(8), smb.conf(5)

    VERSION

    This man page is correct for version 3 of Samba.

    AUTHOR

    +

    SEE ALSO

    wbinfo(1), winbindd(8), smb.conf(5)

    VERSION

    This man page is correct for version 3 of Samba.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    This manpage was written by Jelmer Vernooij and Guenther Deschner.

    diff --git a/docs/htmldocs/manpages/pdbedit.8.html b/docs/htmldocs/manpages/pdbedit.8.html index 27af615633..2f87fec519 100644 --- a/docs/htmldocs/manpages/pdbedit.8.html +++ b/docs/htmldocs/manpages/pdbedit.8.html @@ -1,10 +1,10 @@ -pdbedit

    Name

    pdbedit — manage the SAM database (Database of Samba Users)

    Synopsis

    pdbedit [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-t, --password-from-stdin] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] [-c account-control] [-y]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The pdbedit program is used to manage the users accounts +pdbedit

    Name

    pdbedit — manage the SAM database (Database of Samba Users)

    Synopsis

    pdbedit [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-t, --password-from-stdin] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] [-c account-control] [-y]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.

    The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool).

    There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user - accounts, importing users accounts.

    OPTIONS

    -L

    This option lists all the user accounts + accounts, importing users accounts.

    OPTIONS

    -L

    This option lists all the user accounts present in the users database. This option prints a list of user/uid pairs separated by the ':' character.

    Example: pdbedit -L

    @@ -78,7 +78,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
 retype new password

    Note

    pdbedit does not call the unix password syncronisation - script if unix password sync + script if unix password sync has been set. It only updates the data in the Samba user database.

    If you wish to add a user and synchronise the password @@ -132,7 +132,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -144,8 +144,8 @@ The default configuration file name is determined at compile time.

    -l|--log-basename=logdirectory

    Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. -

    NOTES

    This command may be used only by root.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    smbpasswd(5), samba(7)

    AUTHOR

    The original Samba software and related utilities +

    NOTES

    This command may be used only by root.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbpasswd(5), samba(7)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/profiles.1.html b/docs/htmldocs/manpages/profiles.1.html index c643443c81..178f8d7836 100644 --- a/docs/htmldocs/manpages/profiles.1.html +++ b/docs/htmldocs/manpages/profiles.1.html @@ -1,12 +1,12 @@ -profiles

    Name

    profiles — A utility to report and change SIDs in registry files -

    Synopsis

    profiles [-v] [-c SID] [-n SID] {file}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    profiles is a utility that +profiles

    Name

    profiles — A utility to report and change SIDs in registry files +

    Synopsis

    profiles [-v] [-c SID] [-n SID] {file}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    profiles is a utility that reports and changes SIDs in windows registry files. It currently only supports NT. -

    OPTIONS

    file

    Registry file to view or edit.

    -v,--verbose

    Increases verbosity of messages. +

    OPTIONS

    file

    Registry file to view or edit.

    -v,--verbose

    Increases verbosity of messages.

    -c SID1 -n SID2

    Change all occurences of SID1 in file by SID2.

    -h|--help

    Print a summary of command line options. -

    VERSION

    This man page is correct for version 3 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The profiles man page was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/rpcclient.1.html b/docs/htmldocs/manpages/rpcclient.1.html index 7c22498b26..585d54c581 100644 --- a/docs/htmldocs/manpages/rpcclient.1.html +++ b/docs/htmldocs/manpages/rpcclient.1.html @@ -1,11 +1,11 @@ -rpcclient

    Name

    rpcclient — tool for executing client side - MS-RPC functions

    Synopsis

    rpcclient [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logdir] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    rpcclient is a utility initially developed +rpcclient

    Name

    rpcclient — tool for executing client side + MS-RPC functions

    Synopsis

    rpcclient [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logdir] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    rpcclient is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone several stages of development and stability. Many system administrators have now written scripts around it to manage Windows NT clients from - their UNIX workstation.

    OPTIONS

    server

    NetBIOS name of Server to which to connect. + their UNIX workstation.

    OPTIONS

    server

    NetBIOS name of Server to which to connect. The server can be any SMB/CIFS server. The name is - resolved using the name resolve order line from smb.conf(5).

    -c|--command='command string'

    execute semicolon separated commands (listed + resolved using the name resolve order line from smb.conf(5).

    -c|--command='command string'

    execute semicolon separated commands (listed below))

    -I IP-address

    IP address is the address of the server to connect to. It should be specified in standard "a.b.c.d" notation.

    Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name resolution @@ -27,7 +27,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -72,7 +72,7 @@ via the ps command. To be safe always allow rpcclient to prompt for a password and type it in directly.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the netbios name parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -i <scope>

    This specifies a NetBIOS scope that @@ -89,11 +89,11 @@ SAM (as opposed to the Domain SAM).

    -O socket op socket. See the socket options parameter in the smb.conf manual page for the list of valid options.

    -h|--help

    Print a summary of command line options. -

    COMMANDS

    LSARPC

    lsaquery

    Query info policy

    lookupsids

    Resolve a list +

    COMMANDS

    LSARPC

    lsaquery

    Query info policy

    lookupsids

    Resolve a list of SIDs to usernames.

    lookupnames

    Resolve a list of usernames to SIDs. -

    enumtrusts

    Enumerate trusted domains

    enumprivs

    Enumerate privileges

    getdispname

    Get the privilege name

    lsaenumsid

    Enumerate the LSA SIDS

    lsaenumprivsaccount

    Enumerate the privileges of an SID

    lsaenumacctrights

    Enumerate the rights of an SID

    lsaenumacctwithright

    Enumerate accounts with a right

    lsaaddacctrights

    Add rights to an account

    lsaremoveacctrights

    Remove rights from an account

    lsalookupprivvalue

    Get a privilege value given its name

    lsaquerysecobj

    Query LSA security object

    LSARPC-DS

    dsroledominfo

    Get Primary Domain Information

    DFS

    dfsexist

    Query DFS support

    dfsadd

    Add a DFS share

    dfsremove

    Remove a DFS share

    dfsgetinfo

    Query DFS share info

    dfsenum

    Enumerate dfs shares

    REG

    shutdown

    Remote Shutdown

    abortshutdown

    Abort Shutdown

    SRVSVC

    srvinfo

    Server query info

    netshareenum

    Enumerate shares

    netfileenum

    Enumerate open files

    netremotetod

    Fetch remote time of day

    SAMR

    queryuser

    Query user info

    querygroup

    Query group info

    queryusergroups

    Query user groups

    querygroupmem

    Query group membership

    queryaliasmem

    Query alias membership

    querydispinfo

    Query display info

    querydominfo

    Query domain info

    enumdomusers

    Enumerate domain users

    enumdomgroups

    Enumerate domain groups

    enumalsgroups

    Enumerate alias groups

    createdomuser

    Create domain user

    samlookupnames

    Look up names

    samlookuprids

    Look up names

    deletedomuser

    Delete domain user

    samquerysecobj

    Query SAMR security object

    getdompwinfo

    Retrieve domain password info

    lookupdomain

    Look up domain

    SPOOLSS

    adddriver <arch> <config> [<version>]

    +

    enumtrusts

    Enumerate trusted domains

    enumprivs

    Enumerate privileges

    getdispname

    Get the privilege name

    lsaenumsid

    Enumerate the LSA SIDS

    lsaenumprivsaccount

    Enumerate the privileges of an SID

    lsaenumacctrights

    Enumerate the rights of an SID

    lsaenumacctwithright

    Enumerate accounts with a right

    lsaaddacctrights

    Add rights to an account

    lsaremoveacctrights

    Remove rights from an account

    lsalookupprivvalue

    Get a privilege value given its name

    lsaquerysecobj

    Query LSA security object

    LSARPC-DS

    dsroledominfo

    Get Primary Domain Information

    DFS

    dfsexist

    Query DFS support

    dfsadd

    Add a DFS share

    dfsremove

    Remove a DFS share

    dfsgetinfo

    Query DFS share info

    dfsenum

    Enumerate dfs shares

    REG

    shutdown

    Remote Shutdown

    abortshutdown

    Abort Shutdown

    SRVSVC

    srvinfo

    Server query info

    netshareenum

    Enumerate shares

    netfileenum

    Enumerate open files

    netremotetod

    Fetch remote time of day

    SAMR

    queryuser

    Query user info

    querygroup

    Query group info

    queryusergroups

    Query user groups

    querygroupmem

    Query group membership

    queryaliasmem

    Query alias membership

    querydispinfo

    Query display info

    querydominfo

    Query domain info

    enumdomusers

    Enumerate domain users

    enumdomgroups

    Enumerate domain groups

    enumalsgroups

    Enumerate alias groups

    createdomuser

    Create domain user

    samlookupnames

    Look up names

    samlookuprids

    Look up names

    deletedomuser

    Delete domain user

    samquerysecobj

    Query SAMR security object

    getdompwinfo

    Retrieve domain password info

    lookupdomain

    Look up domain

    SPOOLSS

    adddriver <arch> <config> [<version>]

    Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should already exist in the directory returned by @@ -178,11 +178,11 @@ Comma Separated list of Files already be correctly installed on the print server.

    See also the enumprinters and enumdrivers commands for obtaining a list of of installed printers and drivers.

    addform

    Add form

    setform

    Set form

    getform

    Get form

    deleteform

    Delete form

    enumforms

    Enumerate form

    setprinter

    Set printer comment

    setprinterdata

    Set REG_SZ printer data

    setprintername <printername> - <newprintername>

    Set printer name

    rffpcnex

    Rffpcnex test

    NETLOGON

    logonctrl2

    Logon Control 2

    logonctrl

    Logon Control

    samsync

    Sam Synchronisation

    samdeltas

    Query Sam Deltas

    samlogon

    Sam Logon

    GENERAL COMMANDS

    debuglevel

    Set the current + <newprintername>

    Set printer name

    rffpcnex

    Rffpcnex test

    NETLOGON

    logonctrl2

    Logon Control 2

    logonctrl

    Logon Control

    samsync

    Sam Synchronisation

    samdeltas

    Query Sam Deltas

    samlogon

    Sam Logon

    GENERAL COMMANDS

    debuglevel

    Set the current debug level used to log information.

    help (?)

    Print a listing of all known commands or extended help on a particular command.

    quit (exit)

    Exit rpcclient - .

    BUGS

    rpcclient is designed as a developer testing tool + .

    BUGS

    rpcclient is designed as a developer testing tool and may not be robust in certain areas (such as command line parsing). It has been known to generate a core dump upon failures when invalid parameters where passed to the interpreter.

    From Luke Leighton's original rpcclient man page:

    WARNING! The MSRPC over SMB code has @@ -195,8 +195,8 @@ Comma Separated list of Files versions of smbd(8) and rpcclient(1) that are incompatible for some commands or services. Additionally, the developers are sending reports to Microsoft, and problems found or reported to Microsoft are fixed in Service Packs, which may - result in incompatibilities.

    VERSION

    This man page is correct for version 3 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities + result in incompatibilities.

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original rpcclient man page was written by Matthew diff --git a/docs/htmldocs/manpages/samba.7.html b/docs/htmldocs/manpages/samba.7.html index 96c0d89c89..305c1db619 100644 --- a/docs/htmldocs/manpages/samba.7.html +++ b/docs/htmldocs/manpages/samba.7.html @@ -1,4 +1,4 @@ -samba

    Name

    samba — A Windows SMB/CIFS fileserver for UNIX

    Synopsis

    samba

    DESCRIPTION

    The Samba software suite is a collection of programs +samba

    Name

    samba — A Windows SMB/CIFS fileserver for UNIX

    Synopsis

    samba

    DESCRIPTION

    The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS). For a @@ -63,7 +63,7 @@ smbmnt(8)

    smbmount,smbumount and smbmnt are commands that can be used to mount CIFS/SMB shares on Linux.

    smbcquotas(1)

    smbcquotas is a tool that - can set remote QUOTA's on server with NTFS 5.

    COMPONENTS

    The Samba suite is made up of several components. Each + can set remote QUOTA's on server with NTFS 5.

    COMPONENTS

    The Samba suite is made up of several components. Each component is described in a separate manual page. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use. If the @@ -72,7 +72,7 @@ for information on how to file a bug report or submit a patch.

    If you require help, visit the Samba webpage at http://www.samba.org/ and explore the many option available to you. -

    AVAILABILITY

    The Samba software suite is licensed under the +

    AVAILABILITY

    The Samba software suite is licensed under the GNU Public License(GPL). A copy of that license should have come with the package in the file COPYING. You are encouraged to distribute copies of the Samba suite, but @@ -86,14 +86,14 @@ the README file that comes with Samba.

    If you have access to a WWW viewer (such as Mozilla or Konqueror) then you will also find lots of useful information, including back issues of the Samba mailing list, at - http://lists.samba.org.

    VERSION

    This man page is correct for version 3 of the - Samba suite.

    CONTRIBUTIONS

    If you wish to contribute to the Samba project, + http://lists.samba.org.

    VERSION

    This man page is correct for version 3 of the + Samba suite.

    CONTRIBUTIONS

    If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list at http://lists.samba.org.

    If you have patches to submit, visit http://devel.samba.org/ for information on how to do it properly. We prefer patches - in diff -u format.

    CONTRIBUTORS

    Contributors to the project are now too numerous + in diff -u format.

    CONTRIBUTORS

    Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users. To see a full list, look at the change-log in the source package @@ -101,7 +101,7 @@ http://cvs.samba.org/ for the contributors to Samba post-CVS. CVS is the Open Source source code control system used by the Samba Team to develop - Samba. The project would have been unmanageable without it.

    AUTHOR

    The original Samba software and related utilities + Samba. The project would have been unmanageable without it.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/smb.conf.5.html b/docs/htmldocs/manpages/smb.conf.5.html index d5e3f4948a..3fce2783a9 100644 --- a/docs/htmldocs/manpages/smb.conf.5.html +++ b/docs/htmldocs/manpages/smb.conf.5.html @@ -1,4 +1,4 @@ -smb.conf

    Name

    smb.conf — The configuration file for the Samba suite

    SYNOPSIS

    +smb.conf

    Name

    smb.conf — The configuration file for the Samba suite

    SYNOPSIS

    The smb.conf file is a configuration file for the Samba suite. smb.conf contains runtime configuration information for the Samba programs. The smb.conf file is designed to be configured and administered by the swat(8) program. The @@ -26,7 +26,7 @@ The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 1/0 or true/false. Case is not significant in boolean values, but is preserved in string values. Some items such as create masks are numeric. -

    SECTION DESCRIPTIONS

    +

    SECTION DESCRIPTIONS

    Each section in the configuration file (except for the [global] section) describes a shared resource (known as a “share”). The section name is the name of the shared resource and the parameters within the section define the shares attributes. @@ -55,8 +55,8 @@ The following sample section defines a file space share. The user has write access to the path /home/bar. The share is accessed via the share name foo: 

     	[foo]
-	path = /home/bar
-	read only = no
+	path = /home/bar
+	read only = no

    The following sample section defines a printable share. The share is read-only, but printable. That is, @@ -64,12 +64,12 @@ ok parameter means access will be permitted as the default guest user (specified elsewhere): 

     	[aprinter]
-	path = /usr/spool/public
-	read only = yes
-	printable = yes
-	guest ok = yes
+	path = /usr/spool/public
+	read only = yes
+	printable = yes
+	guest ok = yes

    -

    SPECIAL SECTIONS

    The [global] section

    +

    SPECIAL SECTIONS

    The [global] section

    Parameters in this section apply to the server as a whole, or are defaults for sections that do not specifically define certain items. See the notes under PARAMETERS for more information.

    The [homes] section

    @@ -105,7 +105,7 @@ than others. The following is a typical and suitable [homes] section: 

     [homes]
-read only = no
+read only = no

    An important point is that if guest access is specified in the [homes] section, all home directories will be @@ -137,9 +137,9 @@ it. A typical [printers] entry looks like this: 

     [printers]
-path = /usr/spool/public
-guest ok = yes
-printable = yes
+path = /usr/spool/public
+guest ok = yes
+printable = yes

    All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. @@ -160,7 +160,7 @@ alias|alias|alias|alias... On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use printcap name = lpstat to automatically obtain a list of printers. See the printcap name option for more details. -

    USERSHARES

    Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete +

    USERSHARES

    Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete their own share definitions has been added. This capability is called usershares and is controlled by a set of parameters in the [global] section of the smb.conf. The relevant parameters are : @@ -178,13 +178,13 @@ chmod 1770 /usr/local/samba/lib/usershares

    Then add the parameters 

    -	usershare path = /usr/local/samba/lib/usershares
-	usershare max shares = 10 # (or the desired number of shares)
+	usershare path = /usr/local/samba/lib/usershares
+	usershare max shares = 10 # (or the desired number of shares)

    to the global section of your smb.conf. Members of the group foo may then manipulate the user defined shares - using the following commands.

    net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]

    To create or modify (overwrite) a user defined share.

    net usershare delete sharename

    To delete a user defined share.

    net usershare list wildcard-sharename

    To list user defined shares.

    net usershare info wildcard-sharename

    To print information about user defined shares.

    PARAMETERS

    Parameters define the specific attributes of sections.

    + using the following commands.

    net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]

    To create or modify (overwrite) a user defined share.

    net usershare delete sharename

    To delete a user defined share.

    net usershare list wildcard-sharename

    To list user defined shares.

    net usershare info wildcard-sharename

    To print information about user defined shares.

    PARAMETERS

    Parameters define the specific attributes of sections.

    Some parameters are specific to the [global] section (e.g., security). Some parameters are usable in all sections (e.g., create mask). All others are permissible only in normal sections. For the purposes of the following descriptions the [homes] and [printers] sections will be @@ -196,7 +196,7 @@ chmod 1770 /usr/local/samba/lib/usershares Parameters are arranged here in alphabetical order - this may not create best bedfellows, but at least you can find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred synonym. -

    VARIABLE SUBSTITUTIONS

    +

    VARIABLE SUBSTITUTIONS

    Many of the strings that are settable in the config file can take substitutions. For example the option “path = /tmp/%u” is interpreted as “path = /tmp/john” if the user connected with the username john. @@ -258,8 +258,8 @@ chmod 1770 /usr/local/samba/lib/usershares

    default case = upper/lower

    controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem). Default lower. IMPORTANT NOTE: This option will be used to modify the case of - all incoming client filenames, not just new filenames if the options case sensitive = yes, preserve case = No, - short preserve case = No are set. This change is needed as part of the + all incoming client filenames, not just new filenames if the options case sensitive = yes, preserve case = No, + short preserve case = No are set. This change is needed as part of the optimisations for directories containing large numbers of files.

    preserve case = yes/no

    controls whether new files (ie. files that don't currently exist in the filesystem) are created with the case @@ -305,7 +305,7 @@ chmod 1770 /usr/local/samba/lib/usershares

  • If the service is a guest service, a connection is made as the username given in the guest account = for the service, irrespective of the supplied password. -

    • REGISTRY-BASED CONFIGURATION

    +

    REGISTRY-BASED CONFIGURATION

    Starting with Samba version 3.2.0, the capability to store Samba configuration in the registry is available. The configuration is stored in the registry key @@ -323,7 +323,7 @@ chmod 1770 /usr/local/samba/lib/usershares options stored in registry are used. This can be activated in two different ways:

    Firstly, a registry only configuration is triggered by setting - config backend = registry + config backend = registry in the [global] section of smb.conf. This resets everything that has been read from config files to this point and reads the content of the global configuration @@ -331,7 +331,7 @@ chmod 1770 /usr/local/samba/lib/usershares This is the recommended method of using registry based configuration.

    Secondly, a mixed configuration can be activated by a special new meaning of the parameter - include = registry + include = registry in the [global] section of smb.conf. This reads the global options from registry with the same priorities as for an include of a text file. @@ -360,19 +360,19 @@ chmod 1770 /usr/local/samba/lib/usershares registry based configuration locally, i.e. directly accessing the database file, circumventing the server. -

    EXPLANATION OF EACH PARAMETER

    +

    EXPLANATION OF EACH PARAMETER

    abort shutdown script (G) -

    This a full path name to a script called by smbd(8) that - should stop a shutdown procedure issued by the shutdown script.

    If the connected user posseses the SeRemoteShutdownPrivilege, +

    This a full path name to a script called by smbd(8) that + should stop a shutdown procedure issued by the shutdown script.

    If the connected user posseses the SeRemoteShutdownPrivilege, right, this command will be run as user.

    Default: abort shutdown script = ""

    Example: abort shutdown script = /sbin/shutdown -c -

    +

    acl check permissions (S) -

    This boolean parameter controls what smbd(8)does on receiving a protocol request of "open for delete" +

    This boolean parameter controls what smbd(8)does on receiving a protocol request of "open for delete" from a Windows client. If a Windows client doesn't have permissions to delete a file then they expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a @@ -392,10 +392,10 @@ acl check permissions (S) with slightly different semantics was introduced in 3.0.20. That older version is not documented here.

    Default: acl check permissions = True -

    +

    -acl compatibility (S) -

    This parameter specifies what OS ACL semantics should +acl compatibility (G) +

    This parameter specifies what OS ACL semantics should be compatible with. Possible values are winnt for Windows NT 4, win2k for Windows 2000 and above and auto. If you specify auto, the value for this parameter @@ -404,10 +404,10 @@ acl compatibility (S)

    Example: acl compatibility = win2k -

    +

    acl group control (S) -

    +

    In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the primary group owner of a file or directory to modify the permissions and ACLs @@ -423,7 +423,7 @@ acl group control (S) directory hierarchy in much the same way as Windows. This allows all members of a UNIX group to control the permissions on a file or directory they have group ownership on.

    - This parameter is best used with the inherit owner option and also + This parameter is best used with the inherit owner option and also on on a share containing directories with the UNIX setgid bit set on them, which causes new files and directories created within it to inherit the group ownership from the containing directory. @@ -434,10 +434,10 @@ acl group control (S) dos filemode option.

    Default: acl group control = no -

    +

    acl map full control (S) -

    +

    This boolean parameter controls whether smbd(8)maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any @@ -445,10 +445,10 @@ acl map full control (S) execute.

    Default: acl map full control = True -

    +

    add group script (G) -

    +

    This is the full pathname to a script that will be run AS ROOT by smbd(8) when a new group is requested. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. The script is free to create a group with @@ -458,24 +458,24 @@ add group script (G)

    Example: add group script = /usr/sbin/groupadd %g -

    +

    add machine script (G) -

    +

    This is the full pathname to a script that will be run by smbd(8) when a machine is added to Samba's domain and a Unix account matching the machine's name appended with a "$" does not already exist. -

    This option is very similar to the add user script, and likewise uses the %u +

    This option is very similar to the add user script, and likewise uses the %u substitution for the account name. Do not use the %m substitution.

    Default: add machine script =

    Example: add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u -

    +

    add port command (G) -

    Samba 3.0.23 introduced support for adding printer ports +

    Samba 3.0.23 introduced support for adding printer ports remotely using the Windows "Add Standard TCP/IP Port Wizard". This option defines an external program to be executed when smbd receives a request to add a new Port to the system. @@ -484,10 +484,10 @@ add port command (G)

    Example: add port command = /etc/samba/scripts/addport.sh -

    +

    addprinter command (G) -

    With the introduction of MS-RPC based printing +

    With the introduction of MS-RPC based printing support for Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon is now also available in the "Printers..." folder displayed a share listing. The APW @@ -518,18 +518,23 @@ addprinter command (G)

    Example: addprinter command = /usr/bin/addprinter -

    +

    add share command (G) -

    +

    Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The add share command is used to define an external program - or script which will add a new service definition to smb.conf. In order - to successfully execute the add share command, smbd requires that the administrator be connected using a root account (i.e. uid == 0). + or script which will add a new service definition to + smb.conf. +

    + In order to successfully execute the + add share command, + smbd requires that the administrator + connects using a root account (i.e. uid == 0) or has the + SeDiskOperatorPrivilege. + Scripts defined in the add share command + parameter are executed as root.

    - If the connected account has SeDiskOperatorPrivilege, scripts defined in - change share parameter are executed as root. -

    When executed, smbd will automatically invoke the add share command with five parameters.

    • configFile - the location of the global smb.conf file. @@ -543,15 +548,15 @@ add share command (G) Number of maximum simultaneous connections to this share.

    - This parameter is only used for add file shares. To add printer shares, see the addprinter command. + This parameter is only used to add file shares. To add printer shares, see the addprinter command.

    Default: add share command =

    Example: add share command = /usr/local/bin/addshare -

    +

    add user script (G) -

    +

    This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances described below. @@ -563,16 +568,16 @@ add user script (G) ON DEMAND when a user accesses the Samba server.

    In order to use this option, smbd(8) must NOT be set to - security = share and add user script + security = share and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of %u, which expands into the UNIX user name to create.

    When the Windows user attempts to access the Samba server, at login (session setup in - the SMB protocol) time, smbd(8) contacts the password server + the SMB protocol) time, smbd(8) contacts the password server and attempts to authenticate the given user with the given password. If the authentication succeeds then smbd attempts to find a UNIX user in the UNIX password database to map the Windows user into. If this lookup fails, and - add user script is set then smbd will + add user script is set then smbd will call the specified script AS ROOT, expanding any %u argument to be the user name to create.

    @@ -580,16 +585,16 @@ add user script (G) continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts.

    - See also security, password server, - delete user script. + See also security, password server, + delete user script.

    Default: add user script =

    Example: add user script = /usr/local/samba/bin/add_user %u -

    +

    add user to group script (G) -

    +

    Full path to the script that will be called when a user is added to a group using the Windows NT domain administration tools. It will be run by smbd(8) AS ROOT. Any %g will be replaced with the group name and @@ -601,42 +606,42 @@ add user to group script (G)

    Example: add user to group script = /usr/sbin/adduser %u %g -

    +

    administrative share (S) -

    If this parameter is set to yes for +

    If this parameter is set to yes for a share, then the share will be an administrative share. The Administrative Shares are the default network shares created by all Windows NT-based operating systems. These are shares like C$, D$ or ADMIN$. The type of these - shares is STYPE_DISKTREE_HIDDEN.

    See the section below on security for more + shares is STYPE_DISKTREE_HIDDEN.

    See the section below on security for more information about this option.

    Default: administrative share = no -

    +

    admin users (S) -

    This is a list of users who will be granted +

    This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root).

    You should use this option very carefully, as any user in this list will be able to do anything they like on the share, - irrespective of file permissions.

    This parameter will not work with the security = share in + irrespective of file permissions.

    This parameter will not work with the security = share in Samba 3.0. This is by design.

    Default: admin users =

    Example: admin users = jason -

    +

    afs share (S) -

    This parameter controls whether special AFS features are enabled +

    This parameter controls whether special AFS features are enabled for this share. If enabled, it assumes that the directory exported via the path parameter is a local AFS import. The special AFS features include the attempt to hand-craft an AFS token if you enabled --with-fake-kaserver in configure.

    Default: afs share = no -

    +

    afs username map (G) -

    If you are using the fake kaserver AFS feature, you might +

    If you are using the fake kaserver AFS feature, you might want to hand-craft the usernames you are creating tokens for. For example this is necessary if you have users from several domain in your AFS Protection Database. One possible scheme to code users @@ -646,38 +651,38 @@ afs username map (G)

    Example: afs username map = %u@afs.samba.org -

    +

    aio read size (S) -

    If Samba has been built with asynchronous I/O support and this +

    If Samba has been built with asynchronous I/O support and this integer parameter is set to non-zero value, Samba will read from file asynchronously when size of request is bigger than this value. Note that it happens only for non-chained and non-chaining reads and when not using write cache.

    Current implementation of asynchronous I/O in Samba 3.0 does support - only up to 10 outstanding asynchronous requests, read and write combined.

    Related command: write cache size

    Related command: aio write size

    Default: aio read size = 0 + only up to 10 outstanding asynchronous requests, read and write combined.

    Related command: write cache size

    Related command: aio write size

    Default: aio read size = 0

    Example: aio read size = 16384 # Use asynchronous I/O for reads bigger than 16KB request size -

    +

    aio write size (S) -

    If Samba has been built with asynchronous I/O support and this +

    If Samba has been built with asynchronous I/O support and this integer parameter is set to non-zero value, Samba will write to file asynchronously when size of request is bigger than this value. Note that it happens only for non-chained and non-chaining reads and when not using write cache.

    Current implementation of asynchronous I/O in Samba 3.0 does support - only up to 10 outstanding asynchronous requests, read and write combined.

    Related command: write cache size

    Related command: aio read size

    Default: aio write size = 0 + only up to 10 outstanding asynchronous requests, read and write combined.

    Related command: write cache size

    Related command: aio read size

    Default: aio write size = 0

    Example: aio write size = 16384 # Use asynchronous I/O for writes bigger than 16KB request size -

    +

    algorithmic rid base (G) -

    This determines how Samba will use its +

    This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers.

    Setting this option to a larger value could be useful to sites @@ -692,10 +697,10 @@ algorithmic rid base (G)

    Example: algorithmic rid base = 100000 -

    +

    allocation roundup size (S) -

    This parameter allows an administrator to tune the +

    This parameter allows an administrator to tune the allocation size reported to Windows clients. The default size of 1Mb generally results in improved Windows client performance. However, rounding the allocation size may cause @@ -707,11 +712,11 @@ allocation roundup size (S)

    Example: allocation roundup size = 0 # (to disable roundups) -

    +

    allow trusted domains (G) -

    - This option only takes effect when the security option is set to +

    + This option only takes effect when the security option is set to server, domain or ads. If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running @@ -725,10 +730,10 @@ allow trusted domains (G) Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.

    Default: allow trusted domains = yes -

    +

    announce as (G) -

    This specifies what type of server nmbd(8) will announce itself as, to a network neighborhood browse +

    This specifies what type of server nmbd(8) will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, @@ -740,22 +745,22 @@ announce as (G)

    Example: announce as = Win95 -

    +

    announce version (G) -

    This specifies the major and minor version numbers +

    This specifies the major and minor version numbers that nmbd will use when announcing itself as a server. The default is 4.9. Do not change this parameter unless you have a specific need to set a Samba server to be a downlevel server.

    Default: announce version = 4.9

    Example: announce version = 2.0 -

    +

    auth methods (G) -

    +

    This option allows the administrator to chose what authentication methods smbd - will use when authenticating a user. This option defaults to sensible values based on security. + will use when authenticating a user. This option defaults to sensible values based on security. This should be considered a developer option and used only in rare circumstances. In the majority (if not all) of production servers, the default setting should be adequate.

    @@ -774,48 +779,48 @@ auth methods (G)

    Example: auth methods = guest sam winbind -

    +

    available (S) -

    This parameter lets you "turn off" a service. If +

    This parameter lets you "turn off" a service. If available = no, then ALL attempts to connect to the service will fail. Such failures are logged.

    Default: available = yes -

    +

    bind interfaces only (G) -

    This global parameter allows the Samba admin +

    This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. It affects file service smbd(8) and name service nmbd(8) in a slightly different ways.

    For name service it causes nmbd to bind to ports 137 and 138 on the - interfaces listed in the interfaces parameter. nmbd + interfaces listed in the interfaces parameter. nmbd also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of reading broadcast messages. If this option is not set then nmbd will - service name requests on all of these sockets. If bind interfaces only is set then + service name requests on all of these sockets. If bind interfaces only is set then nmbd will check the source address of any packets coming in on the broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the - interfaces parameter list. As unicast packets are received on the other sockets it + interfaces parameter list. As unicast packets are received on the other sockets it allows nmbd to refuse to serve names to machines that send packets that - arrive through any interfaces not listed in the interfaces list. IP Source address + arrive through any interfaces not listed in the interfaces list. IP Source address spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for nmbd.

    - For file service it causes smbd(8) to bind only to the interface list given in the interfaces parameter. This restricts the networks that smbd will + For file service it causes smbd(8) to bind only to the interface list given in the interfaces parameter. This restricts the networks that smbd will serve, to packets coming in on those interfaces. Note that you should not use this parameter for machines that are serving PPP or other intermittent or non-broadcast network interfaces as it will not cope with non-permanent interfaces.

    - If bind interfaces only is set and the network address - 127.0.0.1 is not added to the interfaces parameter list + If bind interfaces only is set and the network address + 127.0.0.1 is not added to the interfaces parameter list smbpasswd(8) and swat(8) may not work as expected due to the reasons covered below.

    To change a users SMB password, the smbpasswd by default connects to the localhost - 127.0.0.1 address as an SMB client to issue the password change request. If - bind interfaces only is set then unless the network address - 127.0.0.1 is added to the interfaces parameter list then smbpasswd will fail to connect in it's default mode. smbpasswd can be forced to use the primary IP interface of the local host by using + bind interfaces only is set then unless the network address + 127.0.0.1 is added to the interfaces parameter list then smbpasswd will fail to connect in it's default mode. smbpasswd can be forced to use the primary IP interface of the local host by using its smbpasswd(8) -r remote machine parameter, with remote machine set to the IP name of the primary interface of the local host.

    @@ -826,10 +831,10 @@ bind interfaces only (G) from starting/stopping/restarting smbd and nmbd.

    Default: bind interfaces only = no -

    +

    blocking locks (S) -

    This parameter controls the behavior +

    This parameter controls the behavior of smbd(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it.

    If this parameter is set and the lock range requested @@ -840,10 +845,10 @@ blocking locks (S) will fail the lock request immediately if the lock range cannot be obtained.

    Default: blocking locks = yes -

    +

    block size (S) -

    This parameter controls the behavior of smbd(8) when reporting disk free +

    This parameter controls the behavior of smbd(8) when reporting disk free sizes. By default, this reports a disk block size of 1024 bytes.

    Changing this parameter may have some effect on the efficiency of client writes, this is not yet confirmed. This @@ -857,50 +862,53 @@ block size (S)

    Example: block size = 4096 -

    +

    browsable -

    This parameter is a synonym for browseable.

    +

    This parameter is a synonym for browseable.

    browseable (S) -

    This controls whether this share is seen in +

    This controls whether this share is seen in the list of available shares in a net view and in the browse list.

    Default: browseable = yes -

    +

    browse list (G) -

    This controls whether smbd(8) will serve a browse list to +

    This controls whether smbd(8) will serve a browse list to a client doing a NetServerEnum call. Normally set to yes. You should never need to change this.

    Default: browse list = yes -

    +

    casesignames -

    This parameter is a synonym for case sensitive.

    +

    This parameter is a synonym for case sensitive.

    case sensitive (S) -

    See the discussion in the section name mangling.

    Default: case sensitive = no +

    See the discussion in the section name mangling.

    Default: case sensitive = no -

    +

    change notify (S) -

    This parameter specifies whether Samba should reply +

    This parameter specifies whether Samba should reply to a client's file change notify requests.

    You should never need to change this parameter

    Default: change notify = yes -

    +

    change share command (G) -

    +

    Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The change share command is used to define an external -program or script which will modify an existing service definition in smb.conf. In order to successfully execute the change -share command, smbd requires that the administrator be -connected using a root account (i.e. uid == 0). +program or script which will modify an existing service definition in smb.conf.

    - If the connected account has SeDiskOperatorPrivilege, scripts defined in - change share parameter are executed as root. + In order to successfully execute the + change share command, + smbd requires that the administrator + connects using a root account (i.e. uid == 0) or has the + SeDiskOperatorPrivilege. + Scripts defined in the change share command + parameter are executed as root.

    When executed, smbd will automatically invoke the change share command with five parameters. @@ -917,16 +925,17 @@ connected using a root account (i.e. uid == 0). Number of maximum simultaneous connections to this share.

    - This parameter is only used modify existing file shares definitions. To modify - printer shares, use the "Printers..." folder as seen when browsing the Samba host. + This parameter is only used to modify existing file share definitions. + To modify printer shares, use the "Printers..." folder as seen + when browsing the Samba host.

    Default: change share command = -

    Example: change share command = /usr/local/bin/addshare +

    Example: change share command = /usr/local/bin/changeshare -

    +

    check password script (G) -

    The name of a program that can be used to check password +

    The name of a program that can be used to check password complexity. The password is sent to the program's standard input.

    The program must return 0 on a good password, or any other value if the password is bad. In case the password is considered weak (the program does not return 0) the @@ -935,10 +944,10 @@ check password script (G)

    Example: check password script = check password script = /usr/local/sbin/crackcheck -

    +

    client lanman auth (G) -

    This parameter determines whether or not smbclient(8) and other samba client +

    This parameter determines whether or not smbclient(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash. If disabled, only server which support NT password hashes (e.g. Windows NT/2000, Samba, etc... but not @@ -949,11 +958,11 @@ client lanman auth (G) auth parameter is enabled, then only NTLMv2 logins will be attempted.

    Default: client lanman auth = no -

    +

    client ldap sasl wrapping (G) -

    - The client ldap sasl wrapping defines whether +

    + The client ldap sasl wrapping defines whether ldap traffic will be signed or signed and encrypted (sealed). Possible values are plain, sign and seal. @@ -980,10 +989,10 @@ client ldap sasl wrapping (G) seal.

    Default: client ldap sasl wrapping = plain -

    +

    client ntlmv2 auth (G) -

    This parameter determines whether or not smbclient(8) will attempt to +

    This parameter determines whether or not smbclient(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response.

    If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Many servers @@ -995,29 +1004,29 @@ client ntlmv2 auth (G) those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM.

    Default: client ntlmv2 auth = no -

    +

    client plaintext auth (G) -

    Specifies whether a client should send a plaintext +

    Specifies whether a client should send a plaintext password if the server does not support encrypted passwords.

    Default: client plaintext auth = no -

    +

    client schannel (G) -

    +

    This controls whether the client offers or even demands the use of the netlogon schannel. - client schannel = no does not offer the schannel, - client schannel = auto offers the schannel but does not - enforce it, and client schannel = yes denies access + client schannel = no does not offer the schannel, + client schannel = auto offers the schannel but does not + enforce it, and client schannel = yes denies access if the server is not able to speak netlogon schannel.

    Default: client schannel = auto

    Example: client schannel = yes -

    +

    client signing (G) -

    This controls whether the client offers or requires +

    This controls whether the client offers or requires the server it talks to to use SMB signing. Possible values are auto, mandatory and disabled. @@ -1026,19 +1035,19 @@ client signing (G) to disabled, SMB signing is not offered either.

    Default: client signing = auto -

    +

    client use spnego (G) -

    This variable controls whether Samba clients will try +

    This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with supporting servers (including WindowsXP, Windows2000 and Samba 3.0) to agree upon an authentication mechanism. This enables Kerberos authentication in particular.

    Default: client use spnego = yes -

    +

    cluster addresses (G) -

    With this parameter you can add additional addresses +

    With this parameter you can add additional addresses nmbd will register with a WINS server. These addresses are not necessarily present on all nodes simultaneously, but they will be registered with the WINS server so that clients can contact @@ -1047,36 +1056,36 @@ cluster addresses (G)

    Example: cluster addresses = 10.0.0.1 10.0.0.2 10.0.0.3 -

    +

    clustering (G) -

    This parameter specifies whether Samba should contact +

    This parameter specifies whether Samba should contact ctdb for accessing its tdb files and use ctdb as a backend for its messaging backend.

    Set this parameter to yes only if you have a cluster setup with ctdb running.

    Default: clustering = no -

    +

    comment (S) -

    This is a text field that is seen next to a share +

    This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available.

    If you want to set the string that is displayed next to the - machine name then see the server string parameter.

    Default: comment = + machine name then see the server string parameter.

    Default: comment = # No comment

    Example: comment = Fred's Files -

    +

    config backend (G) -

    +

    This controls the backend for storing the configuration. Possible values are file (the default) and registry. - When config backend = registry + When config backend = registry is encountered while loading smb.conf, the configuration read so far is dropped and the global options are read from registry instead. So this triggers a @@ -1090,10 +1099,10 @@ config backend (G)

    Example: config backend = registry -

    +

    config file (G) -

    This allows you to override the config file +

    This allows you to override the config file to use, instead of the default (usually smb.conf). There is a chicken and egg problem here as this option is set in the config file!

    For this reason, if the name of the config file has changed @@ -1103,10 +1112,10 @@ config file (G) (allowing you to special case the config files of just a few clients).

    No default

    Example: config file = /usr/local/samba/lib/smb.conf.%m -

    +

    copy (S) -

    This parameter allows you to "clone" service +

    This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current section will override those in the section being copied.

    This feature lets you set up a 'template' service and @@ -1116,13 +1125,13 @@ copy (S)

    Example: copy = otherservice -

    +

    create mode -

    This parameter is a synonym for create mask.

    +

    This parameter is a synonym for create mask.

    create mask (S) -

    +

    When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit not set here will @@ -1132,36 +1141,36 @@ create mask (S) write and execute bits from the UNIX modes.

    Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the - force create mode parameter which is set to 000 by default. + force create mode parameter which is set to 000 by default.

    - This parameter does not affect directory masks. See the parameter directory mask + This parameter does not affect directory masks. See the parameter directory mask for details.

    Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the - administrator wishes to enforce a mask on access control lists also, they need to set the security mask. + administrator wishes to enforce a mask on access control lists also, they need to set the security mask.

    Default: create mask = 0744

    Example: create mask = 0775 -

    +

    csc policy (S) -

    +

    This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable.

    These values correspond to those used on Windows servers.

    For example, shares containing roaming profiles can have offline caching disabled using - csc policy = disable. + csc policy = disable.

    Default: csc policy = manual

    Example: csc policy = programs -

    +

    ctdbd socket (G) -

    If you set clustering=yes, +

    If you set clustering=yes, you need to tell Samba where ctdbd listens on its unix domain socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which you have to explicitly set for Samba in smb.conf. @@ -1169,11 +1178,24 @@ ctdbd socket (G)

    Example: ctdbd socket = /tmp/ctdb.socket -

    +

    + +cups connection timeout (G) +

    + This parameter is only applicable if printing is set to cups. +

    + If set, this option specifies the number of seconds that smbd will wait + whilst trying to contact to the CUPS server. The connection will fail + if it takes longer than this number of seconds. +

    Default: cups connection timeout = 30 + +

    Example: cups connection timeout = 60 + +

    cups options (S) -

    - This parameter is only applicable if printing is +

    + This parameter is only applicable if printing is set to cups. Its value is a free form string of options passed directly to the cups library.

    @@ -1194,11 +1216,11 @@ cups options (S)

    Example: cups options = "raw media=a4" -

    +

    cups server (G) -

    - This parameter is only applicable if printing is set to cups. +

    + This parameter is only applicable if printing is set to cups.

    If set, this option overrides the ServerName option in the CUPS client.conf. This is necessary if you have virtual samba servers that connect to different CUPS daemons. @@ -1211,10 +1233,10 @@ cups server (G)

    Example: cups server = mycupsserver:1631 -

    +

    deadtime (G) -

    The value of the parameter (a decimal integer) +

    The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected. The deadtime only takes effect if the number of open files is zero.

    This is useful to stop a server's resources being @@ -1226,81 +1248,81 @@ deadtime (G)

    Example: deadtime = 15 -

    +

    debug class (G) -

    +

    With this boolean parameter enabled, the debug class (DBGC_CLASS) will be displayed in the debug header.

    For more information about currently available debug classes, see - section about log level. + section about log level.

    Default: debug class = no -

    +

    debug hires timestamp (G) -

    +

    Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp message header when turned on.

    - Note that the parameter debug timestamp must be on for this to have an effect. + Note that the parameter debug timestamp must be on for this to have an effect.

    Default: debug hires timestamp = no -

    +

    debug pid (G) -

    +

    When using only one log file for more then one forked smbd(8)-process there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on.

    - Note that the parameter debug timestamp must be on for this to have an effect. + Note that the parameter debug timestamp must be on for this to have an effect.

    Default: debug pid = no -

    +

    debug prefix timestamp (G) -

    +

    With this option enabled, the timestamp message header is prefixed to the debug message without the - filename and function information that is included with the debug timestamp + filename and function information that is included with the debug timestamp parameter. This gives timestamps to the messages without adding an additional line.

    - Note that this parameter overrides the debug timestamp parameter. + Note that this parameter overrides the debug timestamp parameter.

    Default: debug prefix timestamp = no -

    +

    timestamp logs -

    This parameter is a synonym for debug timestamp.

    +

    This parameter is a synonym for debug timestamp.

    debug timestamp (G) -

    +

    Samba debug log messages are timestamped by default. If you are running at a high - debug level these timestamps can be distracting. This + debug level these timestamps can be distracting. This boolean parameter allows timestamping to be turned off.

    Default: debug timestamp = yes -

    +

    debug uid (G) -

    +

    Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.

    - Note that the parameter debug timestamp must be on for this to have an effect. + Note that the parameter debug timestamp must be on for this to have an effect.

    Default: debug uid = no -

    +

    default case (S) -

    See the section on name mangling. - Also note the short preserve case parameter.

    Default: default case = lower +

    See the section on name mangling. + Also note the short preserve case parameter.

    Default: default case = lower -

    +

    default devmode (S) -

    This parameter is only applicable to printable services. +

    This parameter is only applicable to printable services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba server has a Device Mode which defines things such as paper size and orientation and duplex settings. The device mode can only correctly be @@ -1323,19 +1345,19 @@ default devmode (S) see the MSDN documentation.

    Default: default devmode = yes -

    +

    default -

    This parameter is a synonym for default service.

    +

    This parameter is a synonym for default service.

    default service (G) -

    This parameter specifies the name of a service +

    This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are NOT given in the parameter value (see example below).

    There is no default value for this parameter. If this parameter is not given, attempting to connect to a nonexistent service results in an error.

    - Typically the default service would be a guest ok, read-only service.

    Also note that the apparent service name will be changed to equal + Typically the default service would be a guest ok, read-only service.

    Also note that the apparent service name will be changed to equal that of the requested service, this is very useful as it allows you to use macros like %S to make a wildcard service.

    Note also that any "_" characters in the name of the service used in the default service will get mapped to a "/". This allows for @@ -1343,10 +1365,10 @@ default service (G)

    Example: default service = pub -

    +

    defer sharing violations (G) -

    +

    Windows allows specifying how a file will be shared with other processes when it is opened. Sharing violations occur when a file is opened by a different process using options that violate @@ -1359,29 +1381,29 @@ defer sharing violations (G) designed to enable Samba to more correctly emulate Windows.

    Default: defer sharing violations = True -

    +

    delete group script (G) -

    This is the full pathname to a script that will +

    This is the full pathname to a script that will be run AS ROOT smbd(8) when a group is requested to be deleted. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.

    Default: delete group script = -

    +

    deleteprinter command (G) -

    With the introduction of MS-RPC based printer +

    With the introduction of MS-RPC based printer support for Windows NT/2000 clients in Samba 2.2, it is now possible to delete a printer at run time by issuing the DeletePrinter() RPC call.

    For a Samba host this means that the printer must be physically deleted from the underlying printing system. The - deleteprinter command defines a script to be run which + deleteprinter command defines a script to be run which will perform the necessary operations for removing the printer from the print system and from smb.conf. -

    The deleteprinter command is - automatically called with only one parameter: printer name. -

    Once the deleteprinter command has +

    The deleteprinter command is + automatically called with only one parameter: printer name. +

    Once the deleteprinter command has been executed, smbd will reparse the smb.conf to check that the associated printer no longer exists. If the sharename is still valid, then smbd @@ -1389,28 +1411,30 @@ deleteprinter command (G)

    Example: deleteprinter command = /usr/bin/removeprinter -

    +

    delete readonly (S) -

    This parameter allows readonly files to be deleted. +

    This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.

    This option may be useful for running applications such as rcs, where UNIX file ownership prevents changing file permissions, and DOS semantics prevent deletion of a read only file.

    Default: delete readonly = no -

    +

    delete share command (G) -

    +

    Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The delete share command is used to define an external program or script which will remove an existing service definition from - smb.conf. In order to successfully execute the - delete share command, smbd - requires that the administrator be connected using a root account (i.e. uid == 0). + smb.conf. +

    In order to successfully execute the + delete share command, + smbd requires that the administrator + connects using a root account (i.e. uid == 0) or has the + SeDiskOperatorPrivilege. + Scripts defined in the delete share command + parameter are executed as root.

    - If the connected account has SeDiskOperatorPrivilege, scripts defined in - change share parameter are executed as root. -

    When executed, smbd will automatically invoke the delete share command with two parameters.

    • configFile - the location @@ -1419,15 +1443,15 @@ delete share command (G) the existing service.

    This parameter is only used to remove file shares. To delete printer shares, - see the deleteprinter command. + see the deleteprinter command.

    Default: delete share command =

    Example: delete share command = /usr/local/bin/delshare -

    +

    delete user from group script (G) -

    Full path to the script that will be called when +

    Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration tools. It will be run by smbd(8) AS ROOT. Any %g will be replaced with the group name and @@ -1436,10 +1460,10 @@ delete user from group script (G)

    Example: delete user from group script = /usr/sbin/deluser %u %g -

    +

    delete user script (G) -

    This is the full pathname to a script that will +

    This is the full pathname to a script that will be run by smbd(8) when managing users with remote RPC (NT) tools.

    This script is called when a remote client removes a user @@ -1448,12 +1472,12 @@ delete user script (G)

    Example: delete user script = /usr/local/samba/bin/del_user %u -

    +

    delete veto files (S) -

    This option is used when Samba is attempting to +

    This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories - (see the veto files + (see the veto files option). If this option is set to no (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want.

    If this option is set to yes, then Samba @@ -1461,14 +1485,14 @@ delete veto files (S) the vetoed directory. This can be useful for integration with file serving systems such as NetAtalk which create meta-files within directories you might normally veto DOS/Windows users from seeing - (e.g. .AppleDouble)

    Setting delete veto files = yes allows these + (e.g. .AppleDouble)

    Setting delete veto files = yes allows these directories to be transparently deleted when the parent directory is deleted (so long as the user has permissions to do so).

    Default: delete veto files = no -

    +

    dfree cache time (S) -

    +

    The dfree cache time should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" at the @@ -1476,15 +1500,15 @@ dfree cache time (S)

    This is a new parameter introduced in Samba version 3.0.21. It specifies in seconds the time that smbd will cache the output of a disk free query. If set to zero (the default) no caching is done. This allows a heavily - loaded server to prevent rapid spawning of dfree command scripts increasing the load. + loaded server to prevent rapid spawning of dfree command scripts increasing the load.

    By default this parameter is zero, meaning no caching will be done.

    No default

    Example: dfree cache time = dfree cache time = 60 -

    +

    dfree command (S) -

    +

    The dfree command setting should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, but may occur with other operating systems. The symptom that was seen was an error of "Abort Retry Ignore" @@ -1495,7 +1519,7 @@ dfree command (S) function.

    In Samba version 3.0.21 this parameter has been changed to be a per-share parameter, and in addition the - parameter dfree cache time was added to allow the output of this script to be cached + parameter dfree cache time was added to allow the output of this script to be cached for systems under heavy load.

    The external program will be passed a single parameter indicating a directory in the filesystem being queried. @@ -1522,13 +1546,13 @@ df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}' By default internal routines for determining the disk capacity and remaining space will be used.

    No default

    Example: dfree command = /usr/local/samba/bin/dfree -

    +

    directory mode -

    This parameter is a synonym for directory mask.

    +

    This parameter is a synonym for directory mask.

    directory mask (S) -

    This parameter is the octal modes which are +

    This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.

    When a directory is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, @@ -1539,22 +1563,22 @@ directory mask (S) created.

    The default value of this parameter removes the 'group' and 'other' write bits from the UNIX mode, allowing only the user who owns the directory to modify it.

    Following this Samba will bit-wise 'OR' the UNIX mode - created from this parameter with the value of the force directory mode parameter. + created from this parameter with the value of the force directory mode parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).

    Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the directory security mask.

    Default: directory mask = 0755 + a mask on access control lists also, they need to set the directory security mask.

    Default: directory mask = 0755

    Example: directory mask = 0775 -

    +

    directory security mask (S) -

    This parameter controls what UNIX permission bits +

    This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.

    This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting - any bits not in this mask. Make sure not to mix up this parameter with force directory security mode, which works similar like this one but uses logical OR instead of AND. + any bits not in this mask. Make sure not to mix up this parameter with force directory security mode, which works similar like this one but uses logical OR instead of AND. Essentially, zero bits in this mask are a set of bits that will always be set to zero.

    Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the @@ -1569,19 +1593,19 @@ directory security mask (S)

    Example: directory security mask = 0700 -

    +

    disable netbios (G) -

    Enabling this parameter will disable netbios support +

    Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP.

    Note

    Clients that only support netbios won't be able to see your samba server when netbios support is disabled.

    Default: disable netbios = no -

    +

    disable spoolss (G) -

    Enabling this parameter will disable Samba's support +

    Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba 2.0.x. Windows NT/2000 clients will downgrade to using Lanman style printing commands. Windows 9x/ME will be unaffected by @@ -1593,22 +1617,22 @@ disable spoolss (G) Be very careful about enabling this parameter.

    Default: disable spoolss = no -

    +

    display charset (G) -

    +

    Specifies the charset that samba will use to print messages to stdout and stderr. The default value is "LOCALE", which means automatically set, depending on the current locale. The value should generally be the same as the value of the parameter - unix charset. + unix charset.

    Default: display charset = "LOCALE" or "ASCII" (depending on the system)

    Example: display charset = UTF8 -

    +

    dmapi support (S) -

    This parameter specifies whether Samba should use DMAPI to +

    This parameter specifies whether Samba should use DMAPI to determine whether a file is offline or not. This would typically be used in conjunction with a hierarchical storage system that automatically migrates files to tape. @@ -1623,10 +1647,10 @@ dmapi support (S)

    Default: dmapi support = no -

    +

    dns proxy (G) -

    Specifies that nmbd(8) when acting as a WINS server and +

    Specifies that nmbd(8) when acting as a WINS server and finding that a NetBIOS name has not been registered, should treat the NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server for that name on behalf of the name-querying client.

    Note that the maximum length for a NetBIOS name is 15 @@ -1635,52 +1659,52 @@ dns proxy (G) DNS name lookup requests, as doing a name lookup is a blocking action.

    Default: dns proxy = yes -

    +

    domain logons (G) -

    +

    If set to yes, the Samba server will provide the netlogon service for Windows 9X network logons for the - workgroup it is in. + workgroup it is in. This will also cause the Samba server to act as a domain controller for NT4 style domain services. For more details on setting up this feature see the Domain Control chapter of the Samba HOWTO Collection.

    Default: domain logons = no -

    +

    domain master (G) -

    +

    Tell smbd(8) to enable WAN-wide browse list collation. Setting this option causes nmbd to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given - workgroup. Local master browsers in the same workgroup on + workgroup. Local master browsers in the same workgroup on broadcast-isolated subnets will give this nmbd their local browse lists, and then ask smbd(8) for a complete copy of the browse list for the whole wide area network. Browser clients will then contact their local master browser, and will receive the domain-wide browse list, instead of just the list for their broadcast-isolated subnet.

    - Note that Windows NT Primary Domain Controllers expect to be able to claim this workgroup specific special NetBIOS name that identifies them as domain master browsers for that - workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting + Note that Windows NT Primary Domain Controllers expect to be able to claim this workgroup specific special NetBIOS name that identifies them as domain master browsers for that + workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting to do this). This means that if this parameter is set and nmbd claims the - special name for a workgroup before a Windows NT PDC is able to do so then cross + special name for a workgroup before a Windows NT PDC is able to do so then cross subnet browsing will behave strangely and may fail.

    - If domain logons = yes, then the default behavior is to enable the - domain master parameter. If domain logons is not enabled (the - default setting), then neither will domain master be enabled by default. + If domain logons = yes, then the default behavior is to enable the + domain master parameter. If domain logons is not enabled (the + default setting), then neither will domain master be enabled by default.

    - When domain logons = Yes the default setting for this parameter is - Yes, with the result that Samba will be a PDC. If domain master = No, + When domain logons = Yes the default setting for this parameter is + Yes, with the result that Samba will be a PDC. If domain master = No, Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC.

    Default: domain master = auto -

    +

    dont descend (S) -

    There are certain directories on some systems +

    There are certain directories on some systems (e.g., the /proc tree under Linux) that are either not of interest to clients or are infinitely deep (recursive). This parameter allows you to specify a comma-delimited list of directories @@ -1691,18 +1715,18 @@ dont descend (S)

    Example: dont descend = /proc,/dev -

    +

    dos charset (G) -

    DOS SMB clients assume the server has +

    DOS SMB clients assume the server has the same charset as they do. This option specifies which charset Samba should talk to DOS clients.

    The default depends on which charsets you have installed. Samba tries to use charset 850 but falls back to ASCII in - case it is not available. Run testparm(1) to check the default on your system.

    No default

    + case it is not available. Run testparm(1) to check the default on your system.

    No default

    dos filemode (S) -

    The default behavior in Samba is to provide +

    The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter @@ -1713,10 +1737,10 @@ dos filemode (S) the group is only granted read access. Ownership of the file/directory may also be changed.

    Default: dos filemode = no -

    +

    dos filetime resolution (S) -

    Under the DOS and Windows FAT filesystem, the finest +

    Under the DOS and Windows FAT filesystem, the finest granularity on time resolution is two seconds. Setting this parameter for a share causes Samba to round the reported time down to the nearest two second boundary when a query call that requires one second @@ -1731,10 +1755,10 @@ dos filetime resolution (S) this option causes the two timestamps to match, and Visual C++ is happy.

    Default: dos filetime resolution = no -

    +

    dos filetimes (S) -

    Under DOS and Windows, if a user can write to a +

    Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the @@ -1748,20 +1772,20 @@ dos filetimes (S) shared between users.

    Default: dos filetimes = yes -

    +

    ea support (S) -

    This boolean parameter controls whether smbd(8) will allow clients to attempt to store OS/2 style Extended +

    This boolean parameter controls whether smbd(8) will allow clients to attempt to store OS/2 style Extended attributes on a share. In order to enable this parameter the underlying filesystem exported by the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the correct kernel patches). On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel.

    Default: ea support = no -

    +

    enable asu support (G) -

    Hosts running the "Advanced Server for Unix (ASU)" product +

    Hosts running the "Advanced Server for Unix (ASU)" product require some special accomodations such as creating a builting [ADMIN$] share that only supports IPC connections. The has been the default behavior in smbd for many years. However, certain Microsoft applications @@ -1769,10 +1793,10 @@ enable asu support (G) an [ADMIN$} file share. Disabling this parameter allows for creating an [ADMIN$] file share in smb.conf.

    Default: enable asu support = no -

    +

    enable privileges (G) -

    +

    This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either net rpc rights or one of the Windows user and group manager tools. This parameter is enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to @@ -1785,10 +1809,10 @@ enable privileges (G) Please read the extended description provided in the Samba HOWTO documentation.

    Default: enable privileges = yes -

    +

    encrypt passwords (G) -

    This boolean controls whether encrypted passwords +

    This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in @@ -1807,14 +1831,14 @@ encrypt passwords (G)

    In order for encrypted passwords to work correctly smbd(8) must either have access to a local smbpasswd(5) file (see the smbpasswd(8) program for information on how to set up - and maintain this file), or set the security = [server|domain|ads] parameter which + and maintain this file), or set the security = [server|domain|ads] parameter which causes smbd to authenticate against another server.

    Default: encrypt passwords = yes -

    +

    enhanced browsing (G) -

    This option enables a couple of enhancements to +

    This option enables a couple of enhancements to cross-subnet browse propagation that have been added in Samba but which are not standard in Microsoft implementations.

    The first enhancement to browse propagation consists of a regular @@ -1827,10 +1851,10 @@ enhanced browsing (G) to stay around forever which can be annoying.

    In general you should leave this option enabled as it makes cross-subnet browse propagation much more reliable.

    Default: enhanced browsing = yes -

    +

    enumports command (G) -

    The concept of a "port" is fairly foreign +

    The concept of a "port" is fairly foreign to UNIX hosts. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of a local port (i.e. LPT1:, COM1:, FILE:) or a remote port @@ -1847,10 +1871,10 @@ enumports command (G)

    Example: enumports command = /usr/bin/listports -

    +

    eventlog list (G) -

    This option defines a list of log names that Samba will +

    This option defines a list of log names that Samba will report to the Microsoft EventViewer utility. The listed eventlogs will be associated with tdb file on disk in the $(lockdir)/eventlog. @@ -1863,10 +1887,10 @@ eventlog list (G)

    Example: eventlog list = Security Application Syslog Apache -

    +

    fake directory create times (S) -

    NTFS and Windows VFAT file systems keep a create +

    NTFS and Windows VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - status change time - that Unix keeps, so Samba by default reports the earliest of the various times Unix does keep. Setting @@ -1888,17 +1912,17 @@ fake directory create times (S) ensures directories always predate their contents and an NMAKE build will proceed as expected.

    Default: fake directory create times = no -

    +

    fake oplocks (S) -

    Oplocks are the way that SMB clients get permission +

    Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume that it is the only one accessing the file and it will aggressively cache file data. With some oplock types the client may even cache file open/close operations. This can give enormous performance benefits.

    When you set fake oplocks = yes, smbd(8) will - always grant oplock requests no matter how many clients are using the file.

    It is generally much better to use the real oplocks support rather + always grant oplock requests no matter how many clients are using the file.

    It is generally much better to use the real oplocks support rather than this parameter.

    If you enable this option on all read-only shares or shares that you know will only be accessed from one client at a time such as physically read-only media like CDROMs, you will see @@ -1907,10 +1931,10 @@ fake oplocks (S) files read-write at the same time you can get data corruption. Use this option carefully!

    Default: fake oplocks = no -

    +

    follow symlinks (S) -

    +

    This parameter allows the Samba administrator to stop smbd(8) from following symbolic links in a particular share. Setting this parameter to no prevents any file or directory that is a symbolic link from being followed (the user will get an error). This option is very useful to stop users from adding a symbolic @@ -1920,10 +1944,10 @@ follow symlinks (S) This option is enabled (i.e. smbd will follow symbolic links) by default.

    Default: follow symlinks = yes -

    +

    force create mode (S) -

    This parameter specifies a set of UNIX mode bit +

    This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created. The default for this parameter is (in octal) @@ -1935,10 +1959,10 @@ force create mode (S)

    Example: force create mode = 0755 -

    +

    force directory mode (S) -

    This parameter specifies a set of UNIX mode bit +

    This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this @@ -1951,15 +1975,15 @@ force directory mode (S)

    Example: force directory mode = 0755 -

    +

    force directory security mode (S) -

    +

    This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.

    This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this - mask that the user may have modified to be on. Make sure not to mix up this parameter with directory security mask, which works in a similar manner to this one, but uses a logical AND instead + mask that the user may have modified to be on. Make sure not to mix up this parameter with directory security mask, which works in a similar manner to this one, but uses a logical AND instead of an OR.

    Essentially, this mask may be treated as a set of bits that, when modifying security on a directory, @@ -1975,13 +1999,13 @@ force directory security mode (S)

    Example: force directory security mode = 700 -

    +

    group -

    This parameter is a synonym for force group.

    +

    This parameter is a synonym for force group.

    force group (S) -

    This specifies a UNIX group name that will be +

    This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to files on service will use the named group for @@ -1999,16 +2023,16 @@ force group (S) that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group.

    - If the force user parameter is also set the group specified in + If the force user parameter is also set the group specified in force group will override the primary group set in force user.

    Default: force group =

    Example: force group = agroup -

    +

    force printername (S) -

    When printing from Windows NT (or later), +

    When printing from Windows NT (or later), each printer in smb.conf has two associated names which can be used by the client. The first is the sharename (or shortname) defined in smb.conf. This @@ -2031,15 +2055,15 @@ force printername (S) not be able to delete printer connections from their local Printers folder.

    Default: force printername = no -

    +

    force security mode (S) -

    +

    This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box.

    This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this - mask that the user may have modified to be on. Make sure not to mix up this parameter with security mask, which works similar like this one but uses logical AND instead of OR. + mask that the user may have modified to be on. Make sure not to mix up this parameter with security mask, which works similar like this one but uses logical AND instead of OR.

    Essentially, one bits in this mask may be treated as a set of bits that, when modifying security on a file, the user has always set to be on. @@ -2054,10 +2078,10 @@ force security mode (S)

    Example: force security mode = 700 -

    +

    force unknown acl user (S) -

    +

    If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or representation of a user or group id) as the owner or group owner of the file will be silently mapped into the current UNIX uid or gid of the currently connected user. @@ -2071,10 +2095,10 @@ force unknown acl user (S) Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.

    Default: force unknown acl user = no -

    +

    force user (S) -

    This specifies a UNIX user name that will be +

    This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.

    This user name only gets used once a connection is established. @@ -2088,10 +2112,10 @@ force user (S)

    Example: force user = auser -

    +

    fstype (S) -

    +

    This parameter allows the administrator to configure the string that specifies the type of filesystem a share is using that is reported by smbd(8) when a client queries the filesystem type for a share. The default type is NTFS for compatibility @@ -2101,10 +2125,10 @@ fstype (S)

    Example: fstype = Samba -

    +

    get quota command (G) -

    The get quota command should only be used +

    The get quota command should only be used whenever there is no operating system API available from the OS that samba can use.

    This option is only available you have compiled Samba with the --with-sys-quotas option or on Linux with @@ -2117,19 +2141,19 @@ get quota command (G)

    Example: get quota command = /usr/local/sbin/query_quota -

    +

    getwd cache (G) -

    This is a tuning option. When this is enabled a +

    This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially - when the wide smbconfoptions parameter is set to no.

    Default: getwd cache = yes + when the wide smbconfoptions parameter is set to no.

    Default: getwd cache = yes -

    +

    guest account (G) -

    This is a username which will be used for access - to services which are specified as guest ok (see below). Whatever privileges this +

    This is a username which will be used for access + to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require a valid login. The user account "ftp" is often a good choice @@ -2146,40 +2170,40 @@ guest account (G)

    Example: guest account = ftp -

    +

    public -

    This parameter is a synonym for guest ok.

    +

    This parameter is a synonym for guest ok.

    guest ok (S) -

    If this parameter is yes for +

    If this parameter is yes for a service, then no password is required to connect to the service. - Privileges will be those of the guest account.

    This paramater nullifies the benifits of setting - restrict anonymous = 2 -

    See the section below on security for more information about this option. + Privileges will be those of the guest account.

    This paramater nullifies the benifits of setting + restrict anonymous = 2 +

    See the section below on security for more information about this option.

    Default: guest ok = no -

    +

    only guest -

    This parameter is a synonym for guest only.

    +

    This parameter is a synonym for guest only.

    guest only (S) -

    If this parameter is yes for +

    If this parameter is yes for a service, then only guest connections to the service are permitted. - This parameter will have no effect if guest ok is not set for the service.

    See the section below on security for more information about this option. + This parameter will have no effect if guest ok is not set for the service.

    See the section below on security for more information about this option.

    Default: guest only = no -

    +

    hide dot files (S) -

    This is a boolean parameter that controls whether +

    This is a boolean parameter that controls whether files starting with a dot appear as hidden files.

    Default: hide dot files = yes -

    +

    hide files (S) -

    This is a list of files or directories that are not +

    This is a list of files or directories that are not visible but are accessible. The DOS 'hidden' attribute is applied to any files or directories that match.

    Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' @@ -2201,33 +2225,33 @@ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

    Default: hide files = # no file are hidden -

    +

    hide special files (S) -

    +

    This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings.

    Default: hide special files = no -

    +

    hide unreadable (S) -

    This parameter prevents clients from seeing the +

    This parameter prevents clients from seeing the existance of files that cannot be read. Defaults to off.

    Default: hide unreadable = no -

    +

    hide unwriteable files (S) -

    +

    This parameter prevents clients from seeing the existance of files that cannot be written to. Defaults to off. Note that unwriteable directories are shown as usual.

    Default: hide unwriteable files = no -

    +

    homedir map (G) -

    - If nis homedir is yes, and smbd(8) is also acting as a Win95/98 logon server +

    + If nis homedir is yes, and smbd(8) is also acting as a Win95/98 logon server then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun auto.home map format is understood. The form of the map is: 

    @@ -2241,21 +2265,21 @@ homedir map (G)
 
 
    Example: homedir map = amd.homedir
 
-

    +

    host msdfs (G) -

    +

    If set to yes, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server.

    - See also the msdfs root share level parameter. For more information on + See also the msdfs root share level parameter. For more information on setting up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO.

    Default: host msdfs = yes -

    +

    hostname lookups (G) -

    Specifies whether samba should use (expensive) +

    Specifies whether samba should use (expensive) hostname lookups or use the ip addresses instead. An example place where hostname lookups are currently used is when checking the hosts deny and hosts allow. @@ -2263,13 +2287,13 @@ hostname lookups (G)

    Example: hostname lookups = yes -

    +

    allow hosts -

    This parameter is a synonym for hosts allow.

    +

    This parameter is a synonym for hosts allow.

    hosts allow (S) -

    A synonym for this parameter is allow hosts.

    This parameter is a comma, space, or tab delimited +

    A synonym for this parameter is allow hosts.

    This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.

    If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.

    You can specify the hosts by name or IP number. For @@ -2279,7 +2303,7 @@ hosts allow (S) page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also.

    Note that the localhost address 127.0.0.1 will always - be allowed access unless specifically denied by a hosts deny option.

    You can also specify hosts by network/netmask pairs and + be allowed access unless specifically denied by a hosts deny option.

    You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:

    Example 1: allow all IPs in 150.203.*.*; except one

    hosts allow = 150.203. EXCEPT 150.203.6.66

    Example 2: allow hosts that match the given network/netmask

    hosts allow = 150.203.15.0/255.255.255.0

    Example 3: allow a couple of hosts

    hosts allow = lapland, arvidsjaur

    Example 4: allow only hosts in NIS netgroup "foonet", but @@ -2289,165 +2313,163 @@ hosts allow (S)

    Example: hosts allow = 150.203.5. myhost.mynet.edu.au -

    +

    deny hosts -

    This parameter is a synonym for hosts deny.

    +

    This parameter is a synonym for hosts deny.

    hosts deny (S) -

    The opposite of hosts allow +

    The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the allow list takes precedence.

    In the event that it is necessary to deny all by default, use the keyword ALL (or the netmask 0.0.0.0/0) and then explicitly specify - to the hosts allow = hosts allow parameter those hosts + to the hosts allow = hosts allow parameter those hosts that should be permitted access.

    Default: hosts deny = # none (i.e., no hosts specifically excluded)

    Example: hosts deny = 150.203.4. badhost.mynet.edu.au -

    +

    idmap alloc backend (G) -

    +

    The idmap alloc backend provides a plugin interface for Winbind to use - when allocating Unix uids/gids for Windows SIDs. This option is - to be used in conjunction with the idmap domains - parameter and refers to the name of the idmap module which will provide - the id allocation functionality. Please refer to the man page - for each idmap plugin to determine whether or not the module implements - the allocation feature. The most common plugins are the tdb (idmap_tdb(8)) - and ldap (idmap_ldap(8)) libraries. -

    Also refer to the idmap alloc config option. + when allocating Unix uids/gids for Windows SIDs. This option refers + to the name of the idmap module which will provide the id allocation + functionality. Please refer to the man page for each idmap plugin to + determine whether or not the module implements the allocation feature. + The most common plugins are the tdb (idmap_tdb(8)) + and ldap (idmap_ldap(8)) libraries. +

    + This parameter defaults to the value idmap backend was set to, so by default winbind will allocate Unix IDs + from the default backend. You will only need to set this parameter + explicitly if you have an external source for Unix IDs, like a central + database service somewhere in your company. +

    + Also refer to the idmap alloc config option.

    No default

    Example: idmap alloc backend = tdb -

    +

    idmap alloc config (G) -

    +

    The idmap alloc config prefix provides a means of managing settings - for the backend defined by the idmap alloc backend + for the backend defined by the idmap alloc backend parameter. Refer to the man page for each idmap plugin regarding specific configuration details. -

    No default

    +

    No default

    idmap backend (G) -

    +

    The idmap backend provides a plugin interface for Winbind to use - varying backends to store SID/uid/gid mapping tables. This - option is mutually exclusive with the newer and more flexible - idmap domains parameter. The main difference - between the "idmap backend" and the "idmap domains" - is that the former only allows one backend for all domains while the - latter supports configuring backends on a per domain basis. + varying backends to store SID/uid/gid mapping tables. +

    + This option specifies the default backend that is used when no special + configuration set by idmap config matches the + specific request. +

    + This default backend also specifies the place where winbind-generated + idmap entries will be stored. So it is highly recommended that you + specify a writable backend like idmap_tdb(8) or idmap_ldap(8) as the idmap backend. The idmap_rid(8) and idmap_ad(8) backends are not writable and thus will generate + unexpected results if set as idmap backend. +

    + To use the rid and ad backends, please specify them via the + idmap config parameter, possibly also for the + domain your machine is member of, specified by workgroup.

    Examples of SID/uid/gid backends include tdb (idmap_tdb(8)), ldap (idmap_ldap(8)), rid (idmap_rid(8)), - and ad (idmap_tdb(8)). + and ad (idmap_ad(8)).

    Default: idmap backend = tdb -

    +

    idmap cache time (G) -

    This parameter specifies the number of seconds that Winbind's +

    This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results. -

    Default: idmap cache time = 900 +

    Default: idmap cache time = 604800 (one week) -

    +

    idmap config (G) -

    - The idmap config prefix provides a means of managing each domain - defined by the idmap domains option using Samba's - parametric option support. The idmap config prefix should be - followed by the name of the domain, a colon, and a setting specific to - the chosen backend. There are three options available for all domains: +

    + The idmap config prefix provides a means of managing each trusted + domain separately. The idmap config prefix should be followed by the + name of the domain, a colon, and a setting specific to the chosen + backend. There are three options available for all domains:

    backend = backend_name

    Specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain. -

    default = [yes|no]

    - The default domain/backend will be used for searching for - users and groups not belonging to one of the explicitly - listed domains (matched by comparing the account SID and the - domain SID). -

    readonly = [yes|no]

    - Mark the domain as readonly which means that no attempts to - allocate a uid or gid (by the idmap alloc backend) for any user or group in that domain - will be attempted. +

    range = low - high

    + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly + matches the allocation range due to the fact that the same + backend will store and retrieve SID/uid/gid mapping entries. +

    + winbind uses this parameter to find the backend that is + authoritative for a unix ID to SID mapping, so it must be set + for each individually configured domain, and it must be + disjoint from the ranges set via idmap uid and idmap gid.

    - The following example illustrates how to configure the idmap_ad(8) - for the CORP domain and the idmap_tdb(8) backend for all other domains. The - TRUSTEDDOMAINS string is simply an arbitrary key used to reference the "idmap - config" settings and does not represent the actual name of a domain. - It is a catchall domain backend for any domain not explicitly listed. + The following example illustrates how to configure the idmap_ad(8) for the CORP domain and the + idmap_tdb(8) backend for all other + domains. This configuration assumes that the admin of CORP assigns + unix ids below 1000000 via the SFU extensions, and winbind is supposed + to use the next million entries for its own mappings from trusted + domains and for local groups for example. 

    -	idmap domains = CORP TRUSTEDDOMAINS
+	idmap backend = tdb
+	idmap uid = 1000000-1999999
+	idmap gid = 1000000-1999999
 
-	idmap config CORP:backend  = ad
-	idmap config CORP:readonly = yes
-
-	idmap config TRUSTEDDOMAINS:backend = tdb
-	idmap config TRUSTEDDOMAINS:default = yes
-	idmap config TRUSTEDDOMAINS:range   = 1000 - 9999
-

    No default

    - -idmap domains (G) -

    - The idmap domains option defines a list of Windows domains which will each - have a separately configured backend for managing Winbind's SID/uid/gid - tables. This parameter is mutually exclusive with the older idmap backend option. -

    - Values consist of the short domain name for Winbind's primary or collection - of trusted domains. You may also use an arbitrary string to represent a catchall - domain backend for any domain not explicitly listed. -

    - Refer to the idmap config for details about - managing the SID/uid/gid backend for each domain. -

    No default

    Example: idmap domains = default AD CORP - -

    + idmap config CORP : backend = ad + idmap config CORP : range = 1000-999999 +

    No default

    winbind gid -

    This parameter is a synonym for idmap gid.

    +

    This parameter is a synonym for idmap gid.

    idmap gid (G) -

    The idmap gid parameter specifies the range of group ids +

    The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or NIS groups within it as strange conflicts can - occur otherwise.

    See also the idmap backend, idmap domains, and idmap config options. + occur otherwise.

    See also the idmap backend, and + idmap config options.

    Default: idmap gid =

    Example: idmap gid = 10000-20000 -

    +

    idmap negative cache time (G) -

    This parameter specifies the number of seconds that Winbind's +

    This parameter specifies the number of seconds that Winbind's idmap interface will cache negative SID/uid/gid query results.

    Default: idmap negative cache time = 120 -

    +

    winbind uid -

    This parameter is a synonym for idmap uid.

    +

    This parameter is a synonym for idmap uid.

    idmap uid (G) -

    +

    The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs. This range of ids should have no existing local - or NIS users within it as strange conflicts can occur otherwise.

    See also the idmap backend, idmap domains, and idmap config options. + or NIS users within it as strange conflicts can occur otherwise.

    See also the idmap backend and + idmap config options.

    Default: idmap uid =

    Example: idmap uid = 10000-20000 -

    +

    include (G) -

    +

    This allows you to include one config file inside another. The file is included literally, as though typed in place.

    @@ -2465,10 +2487,10 @@ include (G)

    Example: include = /usr/local/samba/lib/admin_smb.conf -

    +

    inherit acls (S) -

    This parameter can be used to ensure that if default acls +

    This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating a new file or subdirectory in these parent directories. The default behavior is to use the unix mode specified when creating the directory. @@ -2476,10 +2498,10 @@ inherit acls (S) default directory acls are propagated.

    Default: inherit acls = no -

    +

    inherit owner (S) -

    The ownership of new files and directories +

    The ownership of new files and directories is normally governed by effective uid of the connected user. This option allows the Samba administrator to specify that the ownership for new files and directories should be controlled @@ -2488,25 +2510,48 @@ inherit owner (S) delete them and to ensure that newly create files in a user's roaming profile directory are actually owner by the user.

    Default: inherit owner = no -

    +

    inherit permissions (S) -

    - The permissions on new files and directories are normally governed by create mask, - directory mask, force create mode and force directory mode but the boolean inherit permissions parameter overrides this. +

    + The permissions on new files and directories are normally governed by create mask, + directory mask, force create mode and force directory mode but the boolean inherit permissions parameter overrides this.

    New directories inherit the mode of the parent directory, including bits such as setgid.

    New files inherit their read/write bits from the parent directory. Their execute bits continue to be - determined by map archive, map hidden and map system as usual. + determined by map archive, map hidden and map system as usual.

    Note that the setuid bit is never set via inheritance (the code explicitly prohibits this).

    This can be particularly useful on large systems with many users, perhaps several thousand, to allow a single [homes] share to be used flexibly by each user.

    Default: inherit permissions = no -

    +

    + +init logon delayed hosts (G) +

    + This parameter takes a list of host names, addresses or networks for + which the initial samlogon reply should be delayed (so other DCs get + preferred by XP workstations if there are any). +

    + The length of the delay can be specified with the + init logon delay parameter. +

    Default: init logon delayed hosts = + +

    Example: init logon delayed hosts = 150.203.5. myhost.mynet.de + +

    + +init logon delay (G) +

    + This parameter specifies a delay in milliseconds for the hosts configured + for delayed initial samlogon with + init logon delayed hosts. +

    Default: init logon delay = 100 + +

    interfaces (G) -

    This option allows you to override the default +

    This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NetBIOS over TCP/IP (NBT) traffic. By default Samba will query the kernel for the list of all active interfaces and use any @@ -2530,10 +2575,10 @@ interfaces (G)

    Example: interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 -

    +

    invalid users (S) -

    This is a list of users that should not be allowed +

    This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.

    A name starting with a '@' is interpreted as an NIS @@ -2553,11 +2598,11 @@ invalid users (S)

    Example: invalid users = root fred admin @wheel -

    +

    iprint server (G) -

    - This parameter is only applicable if printing is set to iprint. +

    + This parameter is only applicable if printing is set to iprint.

    If set, this option overrides the ServerName option in the CUPS client.conf. This is necessary if you have virtual samba servers that connect to different CUPS daemons. @@ -2565,33 +2610,33 @@ iprint server (G)

    Example: iprint server = MYCUPSSERVER -

    +

    keepalive (G) -

    The value of the parameter (an integer) represents +

    The value of the parameter (an integer) represents the number of seconds between keepalive packets. If this parameter is zero, no keepalive packets will be sent. Keepalive packets, if sent, allow the server to tell whether a client is still present and responding.

    Keepalives should, in general, not be needed if the socket - has the SO_KEEPALIVE attribute set on it by default. (see socket options). + has the SO_KEEPALIVE attribute set on it by default. (see socket options). Basically you should only use this option if you strike difficulties.

    Default: keepalive = 300

    Example: keepalive = 600 -

    +

    kernel change notify (S) -

    This parameter specifies whether Samba should ask the +

    This parameter specifies whether Samba should ask the kernel for change notifications in directories so that SMB clients can refresh whenever the data on the server changes.

    This parameter is only used when your kernel supports change notification to user programs using the inotify interface.

    Default: kernel change notify = yes -

    +

    kernel oplocks (G) -

    For UNIXes that support kernel based oplocks +

    For UNIXes that support kernel based oplocks (currently only IRIX and the Linux 2.4 kernel), this parameter allows the use of them to be turned on or off.

    Kernel oplocks support allows Samba oplocks to be broken whenever a local UNIX process or NFS operation @@ -2601,10 +2646,10 @@ kernel oplocks (G) to a no-op on systems that no not have the necessary kernel support. You should never need to touch this parameter.

    Default: kernel oplocks = yes -

    +

    lanman auth (G) -

    This parameter determines whether or not smbd(8) will attempt to +

    This parameter determines whether or not smbd(8) will attempt to authenticate users or permit password changes using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, but not @@ -2621,10 +2666,10 @@ lanman auth (G) permited. Not all clients support NTLMv2, and most will require special configuration to use it.

    Default: lanman auth = no -

    +

    large readwrite (G) -

    This parameter determines whether or not +

    This parameter determines whether or not smbd(8) supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs @@ -2633,36 +2678,36 @@ large readwrite (G) performance by 10% with Windows 2000 clients. Defaults to on. Not as tested as some other Samba code paths.

    Default: large readwrite = yes -

    +

    ldap admin dn (G) -

    - The ldap admin dn defines the Distinguished Name (DN) name used by Samba to contact - the ldap server when retreiving user account information. The ldap admin dn is used +

    + The ldap admin dn defines the Distinguished Name (DN) name used by Samba to contact + the ldap server when retreiving user account information. The ldap admin dn is used in conjunction with the admin dn password stored in the private/secrets.tdb file. See the smbpasswd(8) man page for more information on how to accomplish this.

    - The ldap admin dn requires a fully specified DN. The ldap suffix is not appended to the ldap admin dn. -

    No default

    + The ldap admin dn requires a fully specified DN. The ldap suffix is not appended to the ldap admin dn. +

    No default

    ldap connection timeout (G) -

    +

    This parameter tells the LDAP library calls which timeout in seconds they should honor during initial connection establishments to LDAP servers. It is very useful in failover scenarios in particular. If one or more LDAP servers are not reachable at all, we do not have to wait until TCP timeouts are over. This feature must be supported by your LDAP library.

    - This parameter is different from ldap timeout + This parameter is different from ldap timeout which affects operations on LDAP servers using an existing connection and not establishing an initial connection.

    Default: ldap connection timeout = 2 -

    +

    ldap debug level (G) -

    +

    This parameter controls the debug level of the LDAP library calls. In the case of OpenLDAP, it is the same bit-field as understood by the server and documented in the @@ -2679,10 +2724,10 @@ ldap debug level (G)

    Example: ldap debug level = 1 -

    +

    ldap debug threshold (G) -

    +

    This parameter controls the Samba debug level at which the ldap library debug output is printed in the Samba logs. See the description of @@ -2691,64 +2736,64 @@ ldap debug threshold (G)

    Example: ldap debug threshold = 5 -

    +

    ldap delete dn (G) -

    This parameter specifies whether a delete +

    This parameter specifies whether a delete operation in the ldapsam deletes the complete entry or only the attributes specific to Samba.

    Default: ldap delete dn = no -

    +

    ldap group suffix (G) -

    This parameter specifies the suffix that is +

    This parameter specifies the suffix that is used for groups when these are added to the LDAP directory. - If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the - ldap suffix string so use a partial DN.

    Default: ldap group suffix = + If this parameter is unset, the value of ldap suffix will be used instead. The suffix string is pre-pended to the + ldap suffix string so use a partial DN.

    Default: ldap group suffix =

    Example: ldap group suffix = ou=Groups -

    +

    ldap idmap suffix (G) -

    +

    This parameters specifies the suffix that is used when storing idmap mappings. If this parameter - is unset, the value of ldap suffix will be used instead. The suffix - string is pre-pended to the ldap suffix string so use a partial DN. + is unset, the value of ldap suffix will be used instead. The suffix + string is pre-pended to the ldap suffix string so use a partial DN.

    Default: ldap idmap suffix =

    Example: ldap idmap suffix = ou=Idmap -

    +

    ldap machine suffix (G) -

    +

    It specifies where machines should be added to the ldap tree. If this parameter is unset, the value of - ldap suffix will be used instead. The suffix string is pre-pended to the - ldap suffix string so use a partial DN. + ldap suffix will be used instead. The suffix string is pre-pended to the + ldap suffix string so use a partial DN.

    Default: ldap machine suffix =

    Example: ldap machine suffix = ou=Computers -

    +

    ldap passwd sync (G) -

    +

    This option is used to define whether or not Samba should sync the LDAP password with the NT and LM hashes for normal accounts (NOT for workstation, server or domain trusts) on a password change via SAMBA.

    - The ldap passwd sync can be set to one of three values: + The ldap passwd sync can be set to one of three values:

    • Yes = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.

    • No = Update NT and LM passwords and update the pwdLastSet time.

    • Only = Only update the LDAP password and let the LDAP server do the rest.

    Default: ldap passwd sync = no -

    +

    ldap replication sleep (G) -

    +

    When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server. This server then replicates our changes back to the 'local' server, however the replication might take some seconds, especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success' @@ -2761,10 +2806,10 @@ ldap replication sleep (G) The value is specified in milliseconds, the maximum value is 5000 (5 seconds).

    Default: ldap replication sleep = 1000 -

    +

    ldapsam:editposix (G) -

    +

    Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller eliminating the need to set up custom scripts to add and manage the posix users and groups. This option will instead directly manipulate the ldap tree to create, remove and modify user and group entries. @@ -2777,8 +2822,8 @@ ldapsam:editposix (G) provision. To run this command the ldap server must be running, Winindd must be running and the smb.conf ldap options must be properly configured. - The typical ldap setup used with the ldapsam:trusted = yes option - is usually sufficient to use ldapsam:editposix = yes as well. + The typical ldap setup used with the ldapsam:trusted = yes option + is usually sufficient to use ldapsam:editposix = yes as well.

    An example configuration can be the following: @@ -2842,10 +2887,10 @@ ldapsam:editposix (G)

    Default: ldapsam:editposix = no -

    +

    ldapsam:trusted (G) -

    +

    By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he @@ -2853,69 +2898,69 @@ ldapsam:trusted (G) counterparts in LDAP. UNIX has optimized functions to enumerate group membership. Sadly, other functions that are used to deal with user and group attributes lack such optimization.

    - To make Samba scale well in large environments, the ldapsam:trusted = yes + To make Samba scale well in large environments, the ldapsam:trusted = yes option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are stored together with the POSIX data in the same LDAP object. If these assumptions are met, - ldapsam:trusted = yes can be activated and Samba can bypass the + ldapsam:trusted = yes can be activated and Samba can bypass the NSS system to query user group memberships. Optimized LDAP queries can greatly speed up domain logon and administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries is easily achieved.

    Default: ldapsam:trusted = no -

    +

    ldap ssl (G) -

    This option is used to define whether or not Samba should +

    This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is NOT related to - Samba's previous SSL support which was enabled by specifying the - --with-ssl option to the configure - script.

    The ldap ssl can be set to one of three values:

    • Off = Never - use SSL when querying the directory.

    • Start_tls = Use - the LDAPv3 StartTLS extended operation (RFC2830) for - communicating with the directory server.

    • On = Use SSL - on the ldaps port when contacting the ldap server. Only available when the - backwards-compatiblity --with-ldapsam option is specified - to configure. See passdb backend

      . -

    Default: ldap ssl = start_tls - -

    + Samba's previous SSL support which was enabled by specifying the + --with-ssl option to the + configure + script.

    LDAP connections should be secured where possible. This may be + done setting either this parameter to + Start_tls + or by specifying ldaps:// in + the URL argument of passdb backend.

    The ldap ssl can be set to one of + two values:

    • Off = Never + use SSL when querying the directory.

    • start tls = Use + the LDAPv3 StartTLS extended operation (RFC2830) for + communicating with the directory server.

    Default: ldap ssl = start tls + +

    ldap suffix (G) -

    Specifies the base for all ldap suffixes and for storing the sambaDomain object.

    - The ldap suffix will be appended to the values specified for the ldap user suffix, - ldap group suffix, ldap machine suffix, and the - ldap idmap suffix. Each of these should be given only a DN relative to the - ldap suffix. +

    Specifies the base for all ldap suffixes and for storing the sambaDomain object.

    + The ldap suffix will be appended to the values specified for the ldap user suffix, + ldap group suffix, ldap machine suffix, and the + ldap idmap suffix. Each of these should be given only a DN relative to the + ldap suffix.

    Default: ldap suffix =

    Example: ldap suffix = dc=samba,dc=org -

    +

    ldap timeout (G) -

    - When Samba connects to an ldap server that server may be down or unreachable. To prevent Samba from hanging whilst - waiting for the connection this parameter specifies in seconds how long Samba should wait before failing the - connect. The default is to only wait fifteen seconds for the ldap server to respond to the connect request. +

    + This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.

    Default: ldap timeout = 15 -

    +

    ldap user suffix (G) -

    +

    This parameter specifies where users are added to the tree. If this parameter is unset, - the value of ldap suffix will be used instead. The suffix - string is pre-pended to the ldap suffix string so use a partial DN. + the value of ldap suffix will be used instead. The suffix + string is pre-pended to the ldap suffix string so use a partial DN.

    Default: ldap user suffix =

    Example: ldap user suffix = ou=people -

    +

    level2 oplocks (S) -

    This parameter controls whether Samba supports +

    This parameter controls whether Samba supports level2 (read-only) oplocks on a share.

    Level2, or read-only oplocks allow Windows NT clients that have an oplock on a file to downgrade from a read-write oplock to a read-only oplock once a second client opens the file (instead @@ -2929,16 +2974,16 @@ level2 oplocks (S) or waited for) and told to break their oplocks to "none" and delete any read-ahead caches.

    It is recommended that this parameter be turned on to speed access to shared executables.

    For more discussions on level2 oplocks see the CIFS spec.

    - Currently, if kernel oplocks are supported then + Currently, if kernel oplocks are supported then level2 oplocks are not granted (even if this parameter is set to - yes). Note also, the oplocks + yes). Note also, the oplocks parameter must be set to yes on this share in order for this parameter to have any effect.

    Default: level2 oplocks = yes -

    +

    lm announce (G) -

    This parameter determines if nmbd(8) will produce Lanman announce +

    This parameter determines if nmbd(8) will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three values, yes, no, or @@ -2946,39 +2991,39 @@ lm announce (G) If set to no Samba will never produce these broadcasts. If set to yes Samba will produce Lanman announce broadcasts at a frequency set by the parameter - lm interval. If set to auto + lm interval. If set to auto Samba will not send Lanman announce broadcasts by default but will listen for them. If it hears such a broadcast on the wire it will then start sending them at a frequency set by the parameter - lm interval.

    Default: lm announce = auto + lm interval.

    Default: lm announce = auto

    Example: lm announce = yes -

    +

    lm interval (G) -

    If Samba is set to produce Lanman announce +

    If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the - lm announce parameter) then this + lm announce parameter) then this parameter defines the frequency in seconds with which they will be made. If this is set to zero then no Lanman announcements will be - made despite the setting of the lm announce + made despite the setting of the lm announce parameter.

    Default: lm interval = 60

    Example: lm interval = 120 -

    +

    load printers (G) -

    A boolean variable that controls whether all +

    A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. - See the printers section for + See the printers section for more details.

    Default: load printers = yes -

    +

    local master (G) -

    This option allows nmbd(8) to try and become a local master browser +

    This option allows nmbd(8) to try and become a local master browser on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By @@ -2988,15 +3033,15 @@ local master (G) will participate in elections for local master browser.

    Setting this value to no will cause nmbd never to become a local master browser.

    Default: local master = yes -

    +

    lock dir -

    This parameter is a synonym for lock directory.

    +

    This parameter is a synonym for lock directory.

    lock directory (G) -

    This option specifies the directory where lock +

    This option specifies the directory where lock files will be placed. The lock files are used to implement the - max connections option. + max connections option.

    Note: This option can not be set inside registry configurations. @@ -3004,10 +3049,10 @@ lock directory (G)

    Example: lock directory = /var/run/samba/locks -

    +

    locking (S) -

    This controls whether or not locking will be +

    This controls whether or not locking will be performed by the server in response to lock requests from the client.

    If locking = no, all lock and unlock requests will appear to succeed and all lock queries will report @@ -3017,41 +3062,41 @@ locking (S) CDROM drives), although setting this parameter of no is not really recommended even in this case.

    Be careful about disabling locking either globally or in a specific service, as lack of locking may result in data corruption. - You should never need to set this parameter.

    No default

    + You should never need to set this parameter.

    No default

    lock spin count (G) -

    This parameter has been made inoperative in Samba 3.0.24. +

    This parameter has been made inoperative in Samba 3.0.24. The functionality it contolled is now controlled by the parameter - lock spin time. + lock spin time.

    Default: lock spin count = 0 -

    +

    lock spin time (G) -

    The time in microseconds that smbd should +

    The time in microseconds that smbd should keep waiting to see if a failed lock request can be granted. This parameter has changed in default value from Samba 3.0.23 from 10 to 200. The associated - lock spin count parameter is + lock spin count parameter is no longer used in Samba 3.0.24. You should not need to change the value of this parameter.

    Default: lock spin time = 200 -

    +

    log file (G) -

    +

    This option allows you to override the name of the Samba log file (also known as the debug file).

    This option takes the standard substitutions, allowing you to have separate log files for each user or machine.

    No default

    Example: log file = /usr/local/samba/var/log.%m -

    +

    debuglevel -

    This parameter is a synonym for log level.

    +

    This parameter is a synonym for log level.

    log level (G) -

    +

    The value of the parameter (a astring) allows the debug level (logging level) to be specified in the smb.conf file.

    This parameter has been extended since the 2.2.x @@ -3062,12 +3107,12 @@ log level (G)

    Example: log level = 3 passdb:5 auth:10 winbind:2 -

    +

    logon drive (G) -

    +

    This parameter specifies the local path to which the home directory will be - connected (see logon home) and is only used by NT + connected (see logon home) and is only used by NT Workstations.

    Note that this option is only useful if Samba is set up as a logon server. @@ -3075,10 +3120,10 @@ logon drive (G)

    Example: logon drive = h: -

    +

    logon home (G) -

    +

    This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do

    @@ -3097,26 +3142,26 @@ logon home (G) in a NetUserGetInfo request. Win9X clients truncate the info to \\server\share when a user does net use /home but use the whole string when dealing with profiles.

    - Note that in prior versions of Samba, the logon path was returned rather than + Note that in prior versions of Samba, the logon path was returned rather than logon home. This broke net use /home but allowed profiles outside the home directory. The current implementation is correct, and can be used for profiles if you use the above trick.

    - Disable this feature by setting logon home = "" - using the empty string. + Disable this feature by setting logon home = "" - using the empty string.

    This option is only useful if Samba is set up as a logon server.

    Default: logon home = \\%N\%U

    Example: logon home = \\remote_smb_server\%U -

    +

    logon path (G) -

    +

    This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the - logon home parameter. + logon home parameter.

    This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine. It also specifies the directory from which the "Application Data", desktop, start menu, network neighborhood, programs and other @@ -3145,7 +3190,7 @@ logon path (G) provided system tool).

    Note that this option is only useful if Samba is set up as a domain controller.

    Disable the use of roaming profiles by setting the value of this parameter to the empty string. For - example, logon path = "". Take note that even if the default setting + example, logon path = "". Take note that even if the default setting in the smb.conf file is the empty string, any value specified in the user account settings in the passdb backend will over-ride the effect of setting this parameter to null. Disabling of all roaming profile use requires that the user account settings must also be blank. @@ -3156,16 +3201,16 @@ logon path = \\PROFILESERVER\PROFILE\%U

    Default: logon path = \\%N\%U\profile -

    +

    logon script (G) -

    +

    This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.

    The script must be a relative path to the [netlogon] service. If the [netlogon] - service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is: + service specifies a path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then the file that will be downloaded is: 

     	/usr/local/samba/netlogon/STARTUP.BAT

    @@ -3190,10 +3235,10 @@ logon script (G)

    Example: logon script = scripts\%U.bat -

    +

    lppause command (S) -

    This parameter specifies the command to be +

    This parameter specifies the command to be executed on the server host in order to stop printing or spooling a specific print job.

    This command should be a program or script which takes a printer name and job number to pause the print job. One way @@ -3208,7 +3253,7 @@ lppause command (S) will have the SPOOLED or PRINTING status.

    Note that it is good practice to include the absolute path in the lppause command as the PATH may not be available to the server.

    Default: lppause command = # Currently no default value is given to - this string, unless the value of the printing + this string, unless the value of the printing parameter is SYSV, in which case the default is : lp -i %p-%j -H hold or if the value of the printing parameter is @@ -3217,10 +3262,10 @@ lppause command (S)

    Example: lppause command = /usr/bin/lpalt %p-%j -p0 -

    +

    lpq cache time (G) -

    This controls how long lpq info will be cached +

    This controls how long lpq info will be cached for to prevent the lpq command being called too often. A separate cache is kept for each variation of the lpq command used by the system, so if you use different @@ -3233,10 +3278,10 @@ lpq cache time (G)

    Example: lpq cache time = 10 -

    +

    lpq command (S) -

    This parameter specifies the command to be +

    This parameter specifies the command to be executed on the server host in order to obtain lpq -style printer status information.

    This command should be a program or script which takes a printer name as its only parameter and outputs printer @@ -3258,26 +3303,26 @@ lpq command (S)

    Example: lpq command = /usr/bin/lpq -P%p -

    +

    lpresume command (S) -

    This parameter specifies the command to be +

    This parameter specifies the command to be executed on the server host in order to restart or continue printing or spooling a specific print job.

    This command should be a program or script which takes a printer name and job number to resume the print job. See - also the lppause command parameter.

    If a %p is given then the printer name + also the lppause command parameter.

    If a %p is given then the printer name is put in its place. A %j is replaced with the job number (an integer).

    Note that it is good practice to include the absolute path in the lpresume command as the PATH may not - be available to the server.

    See also the printing parameter.

    Default: Currently no default value is given + be available to the server.

    See also the printing parameter.

    Default: Currently no default value is given to this string, unless the value of the printing parameter is SYSV, in which case the default is:

    lp -i %p-%j -H resume

    or if the value of the printing parameter is SOFTQ, then the default is:

    qstat -s -j%j -r

    No default

    Example: lpresume command = /usr/bin/lpalt %p-%j -p2 -

    +

    lprm command (S) -

    This parameter specifies the command to be +

    This parameter specifies the command to be executed on the server host in order to delete a print job.

    This command should be a program or script which takes a printer name and job number, and deletes the print job.

    If a %p is given then the printer name is put in its place. A %j is replaced with @@ -3294,41 +3339,41 @@ lprm command = /usr/bin/cancel %p-%j

    Default: lprm command = determined by printing parameter -

    +

    machine password timeout (G) -

    - If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change +

    + If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb . This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in seconds), the same as a Windows NT Domain member server.

    See also smbpasswd(8), - and the security = domain parameter. + and the security = domain parameter.

    Default: machine password timeout = 604800 -

    +

    magic output (S) -

    +

    This parameter specifies the name of a file which will contain output created by a magic script (see the - magic script parameter below). + magic script parameter below).

    Warning

    If two clients use the same magic script in the same directory the output file content is undefined.

    Default: magic output = <magic script name>.out

    Example: magic output = myfile.txt -

    +

    magic script (S) -

    This parameter specifies the name of a file which, +

    This parameter specifies the name of a file which, if opened, will be executed by the server when the file is closed. This allows a UNIX script to be sent to the Samba host and executed on behalf of the connected user.

    Scripts executed in this way will be deleted upon completion assuming that the user has the appropriate level of privilege and the file permissions allow the deletion.

    If the script generates output, output will be sent to - the file specified by the magic output + the file specified by the magic output parameter (see above).

    Note that some shells are unable to interpret scripts containing CR/LF instead of CR as the end-of-line marker. Magic scripts must be executable @@ -3338,12 +3383,12 @@ magic script (S)

    Example: magic script = user.csh -

    +

    mangled names (S) -

    This controls whether non-DOS names under UNIX +

    This controls whether non-DOS names under UNIX should be mapped to DOS-compatible names ("mangled") and made visible, - or whether non-DOS names should simply be ignored.

    See the section on name mangling for + or whether non-DOS names should simply be ignored.

    See the section on name mangling for details on how to control the mangling process.

    If mangling is used then the mangling algorithm is as follows:

    • The first (up to) five alphanumeric characters before the rightmost dot of the filename are preserved, forced to upper case, and appear as the first (up to) five characters @@ -3353,7 +3398,7 @@ mangled names (S) extension). The final extension is included in the hash calculation only if it contains any upper case characters or is longer than three characters.

      Note that the character to use may be specified using - the mangling char + the mangling char option, if you don't like '~'.

    • Files whose UNIX name begins with a dot will be presented as DOS hidden files. The mangled name will be created as for other filenames, but with the leading dot removed and "___" as @@ -3366,10 +3411,10 @@ mangled names (S) from Windows/DOS and will retain the same basename. Mangled names do not change between sessions.

      Default: mangled names = yes -

    +

    mangle prefix (G) -

    controls the number of prefix +

    controls the number of prefix characters from the original name used when generating the mangled names. A larger value will give a weaker hash and therefore more name collisions. The minimum @@ -3379,20 +3424,20 @@ mangle prefix (G)

    Example: mangle prefix = 4 -

    +

    mangling char (S) -

    This controls what character is used as - the magic character in name mangling. The +

    This controls what character is used as + the magic character in name mangling. The default is a '~' but this may interfere with some software. Use this option to set it to whatever you prefer. This is effective only when mangling method is hash.

    Default: mangling char = ~

    Example: mangling char = ^ -

    +

    mangling method (G) -

    controls the algorithm used for the generating +

    controls the algorithm used for the generating the mangled names. Can take two different values, "hash" and "hash2". "hash" is the algorithm that was used used in Samba for many years and was the default in Samba 2.2.x "hash2" is @@ -3403,10 +3448,10 @@ mangling method (G)

    Example: mangling method = hash -

    +

    map acl inherit (S) -

    This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected' +

    This boolean parameter controls whether smbd(8) will attempt to map the 'inherit' and 'protected' access control entry flags stored in Windows ACLs into an extended attribute called user.SAMBA_PAI. This parameter only takes effect if Samba is being run on a platform that supports extended attributes (Linux and IRIX so far) and @@ -3414,10 +3459,10 @@ map acl inherit (S) POSIX ACL mapping code.

    Default: map acl inherit = no -

    +

    map archive (S) -

    +

    This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit. The DOS archive bit is set when a file has been modified since its last backup. One @@ -3425,29 +3470,29 @@ map archive (S) any file it touches from becoming executable under UNIX. This can be quite annoying for shared source code, documents, etc...

    - Note that this requires the create mask parameter to be set such that owner + Note that this requires the create mask parameter to be set such that owner execute bit is not masked out (i.e. it must include 100). See the parameter - create mask for details. + create mask for details.

    Default: map archive = yes -

    +

    map hidden (S) -

    +

    This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.

    - Note that this requires the create mask to be set such that the world execute - bit is not masked out (i.e. it must include 001). See the parameter create mask + Note that this requires the create mask to be set such that the world execute + bit is not masked out (i.e. it must include 001). See the parameter create mask for details. -

    No default

    +

    No default

    map read only (S) -

    +

    This controls how the DOS read only attribute should be mapped from a UNIX filesystem.

    This parameter can take three different values, which tell smbd(8) how to display the read only attribute on files, where either - store dos attributes is set to No, or no extended attribute is - present. If store dos attributes is set to yes then this + store dos attributes is set to No, or no extended attribute is + present. If store dos attributes is set to yes then this parameter is ignored. This is a new parameter introduced in Samba version 3.0.21.

    The three settings are :

    • Yes - The read only DOS attribute is mapped to the inverse of the user @@ -3464,24 +3509,24 @@ map read only (S) is reported as being set on the file.

    • No - The read only DOS attribute is unaffected by permissions, and can only be set by - the store dos attributes method. This may be useful for exporting mounted CDs. + the store dos attributes method. This may be useful for exporting mounted CDs.

    Default: map read only = yes -

    +

    map system (S) -

    +

    This controls whether DOS style system files should be mapped to the UNIX group execute bit.

    - Note that this requires the create mask to be set such that the group + Note that this requires the create mask to be set such that the group execute bit is not masked out (i.e. it must include 010). See the parameter - create mask for details. + create mask for details.

    Default: map system = no -

    +

    map to guest (G) -

    This parameter is only useful in SECURITY = +

    This parameter is only useful in SECURITY = security modes other than security = share and security = server - i.e. user, and domain.

    This parameter can take four different values, which tell @@ -3491,9 +3536,9 @@ map to guest (G) default.

  • Bad User - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and - mapped into the guest account.

  • Bad Password - Means user logins + mapped into the guest account.

  • Bad Password - Means user logins with an invalid password are treated as a guest login and mapped - into the guest account. Note that + into the guest account. Note that this can cause problems as it means that any user incorrectly typing their password will be silently logged on as "guest" - and will not know the reason they cannot access files they think @@ -3523,21 +3568,21 @@ map to guest (G)

    Example: map to guest = Bad User -

    • +

    max connections (S) -

    This option allows the number of simultaneous connections to a service to be limited. +

    This option allows the number of simultaneous connections to a service to be limited. If max connections is greater than 0 then connections will be refused if this number of connections to the service are already open. A value of zero mean an unlimited number of connections may be made.

    Record lock files are used to implement this feature. The lock files will be stored in - the directory specified by the lock directory option.

    Default: max connections = 0 + the directory specified by the lock directory option.

    Default: max connections = 0

    Example: max connections = 10 -

    +

    max disk size (G) -

    This option allows you to put an upper limit +

    This option allows you to put an upper limit on the apparent size of disks. If you set this option to 100 then all shares will appear to be not larger than 100 MB in size.

    Note that this option does not limit the amount of @@ -3551,10 +3596,10 @@ max disk size (G)

    Example: max disk size = 1000 -

    +

    max log size (G) -

    +

    This option (an integer in kilobytes) specifies the max size the log file should grow to. Samba periodically checks the size and if it is exceeded it will rename the file, adding a .old extension. @@ -3563,17 +3608,17 @@ max log size (G)

    Example: max log size = 1000 -

    +

    max mux (G) -

    This option controls the maximum number of +

    This option controls the maximum number of outstanding simultaneous SMB operations that Samba tells the client it will allow. You should never need to set this parameter.

    Default: max mux = 50 -

    +

    max open files (G) -

    This parameter limits the maximum number of +

    This parameter limits the maximum number of open files that one smbd(8) file serving process may have open for a client at any one time. The default for this parameter is set very high (10,000) as Samba uses @@ -3581,23 +3626,23 @@ max open files (G) by the UNIX per-process file descriptor limit rather than this parameter so you should never need to touch this parameter.

    Default: max open files = 10000 -

    +

    max print jobs (S) -

    This parameter limits the maximum number of +

    This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. If this number is exceeded, smbd(8) will remote "Out of Space" to the client.

    Default: max print jobs = 1000

    Example: max print jobs = 5000 -

    +

    protocol -

    This parameter is a synonym for max protocol.

    +

    This parameter is a synonym for max protocol.

    max protocol (G) -

    The value of the parameter (a string) is the highest +

    The value of the parameter (a string) is the highest protocol level that will be supported by the server.

    Possible values are :

    • CORE: Earliest version. No concept of user names.

    • COREPLUS: Slight improvements on CORE for efficiency.

    • LANMAN1: First @@ -3609,10 +3654,10 @@ max protocol (G)

      Example: max protocol = LANMAN1 -

    +

    max reported print jobs (S) -

    +

    This parameter limits the maximum number of jobs displayed in a port monitor for Samba printer queue at any given moment. If this number is exceeded, the excess jobs will not be shown. A value of zero means there is no limit on the number of @@ -3621,10 +3666,10 @@ max reported print jobs (S)

    Example: max reported print jobs = 1000 -

    +

    max smbd processes (G) -

    This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended +

    This parameter limits the maximum number of smbd(8) processes concurrently running on a system and is intended as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections. Remember that under normal operating conditions, each user will have an smbd(8) associated with him or her to handle connections to all @@ -3632,10 +3677,10 @@ max smbd processes (G)

    Example: max smbd processes = 1000 -

    +

    max stat cache size (G) -

    This parameter limits the size in memory of any +

    This parameter limits the size in memory of any stat cache being used to speed up case insensitive name mappings. It represents the number of kilobyte (1024) units the stat cache can use. @@ -3646,27 +3691,27 @@ max stat cache size (G)

    Example: max stat cache size = 100 -

    +

    max ttl (G) -

    This option tells nmbd(8) what the default 'time to live' +

    This option tells nmbd(8) what the default 'time to live' of NetBIOS names should be (in seconds) when nmbd is requesting a name using either a broadcast packet or from a WINS server. You should never need to change this parameter. The default is 3 days.

    Default: max ttl = 259200 -

    +

    max wins ttl (G) -

    This option tells smbd(8) when acting as a WINS server - (wins support = yes) what the maximum +

    This option tells smbd(8) when acting as a WINS server + (wins support = yes) what the maximum 'time to live' of NetBIOS names that nmbd will grant will be (in seconds). You should never need to change this parameter. The default is 6 days (518400 seconds).

    Default: max wins ttl = 518400 -

    +

    max xmit (G) -

    This option controls the maximum packet size +

    This option controls the maximum packet size that will be negotiated by Samba. The default is 16644, which matches the behavior of Windows 2000. A value below 2048 is likely to cause problems. You should never need to change this parameter from its default value. @@ -3674,10 +3719,10 @@ max xmit (G)

    Example: max xmit = 8192 -

    +

    message command (G) -

    This specifies what command to run when the +

    This specifies what command to run when the server receives a WinPopup style message.

    This would normally be a command that would deliver the message somehow. How this is to be done is up to your imagination.

    An example is: @@ -3716,35 +3761,35 @@ message command (G)

    Example: message command = csh -c 'xedit %s; rm %s' & -

    +

    min print space (S) -

    This sets the minimum amount of free disk +

    This sets the minimum amount of free disk space that must be available before a user will be able to spool a print job. It is specified in kilobytes. The default is 0, which means a user can always spool a print job.

    Default: min print space = 0

    Example: min print space = 2000 -

    +

    min protocol (G) -

    The value of the parameter (a string) is the +

    The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer - to the max protocol + to the max protocol parameter for a list of valid protocol names and a brief description of each. You may also wish to refer to the C source code in source/smbd/negprot.c for a listing of known protocol dialects supported by clients.

    If you are viewing this parameter as a security measure, you should - also refer to the lanman auth parameter. Otherwise, you should never need + also refer to the lanman auth parameter. Otherwise, you should never need to change this parameter.

    Default: min protocol = CORE

    Example: min protocol = NT1 -

    +

    min receivefile size (G) -

    This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming +

    This option changes the behavior of smbd(8) when processing SMBwriteX calls. Any incoming SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will be passed to any underlying kernel recvfile or splice system call (if there is no such call Samba will emulate in user space). This allows zero-copy writes directly from network @@ -3753,30 +3798,30 @@ but user testing is recommended. If set to zero Samba processes SMBwriteX calls normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.

    Note this option will have NO EFFECT if set on a SMB signed connection.

    The default is zero, which diables this option.

    Default: min receivefile size = 0 -

    +

    min wins ttl (G) -

    This option tells nmbd(8) - when acting as a WINS server (wins support = yes) what the minimum 'time to live' +

    This option tells nmbd(8) + when acting as a WINS server (wins support = yes) what the minimum 'time to live' of NetBIOS names that nmbd will grant will be (in seconds). You should never need to change this parameter. The default is 6 hours (21600 seconds).

    Default: min wins ttl = 21600 -

    +

    msdfs proxy (S) -

    This parameter indicates that the share is a +

    This parameter indicates that the share is a stand-in for another CIFS share whose location is specified by the value of the parameter. When clients attempt to connect to this share, they are redirected to the proxied share using the SMB-Dfs protocol.

    Only Dfs roots can act as proxy shares. Take a look at the - msdfs root and host msdfs + msdfs root and host msdfs options to find out how to set up a Dfs root share.

    No default

    Example: msdfs proxy = \otherserver\someshare -

    +

    msdfs root (S) -

    If set to yes, Samba treats the +

    If set to yes, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic @@ -3784,20 +3829,20 @@ msdfs root (S) and so on. For more information on setting up a Dfs tree on Samba, refer to the MSDFS chapter in the Samba3-HOWTO book.

    Default: msdfs root = no -

    +

    name cache timeout (G) -

    Specifies the number of seconds it takes before +

    Specifies the number of seconds it takes before entries in samba's hostname resolve cache time out. If the timeout is set to 0. the caching is disabled.

    Default: name cache timeout = 660

    Example: name cache timeout = 0 -

    +

    name resolve order (G) -

    This option is used by the programs in the Samba +

    This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses. Its main purpose to is to control how netbios name resolution is performed. The option takes a space @@ -3815,9 +3860,9 @@ name resolve order (G) useful for active directory domains and results in a DNS query for the SRV RR entry matching _ldap._tcp.domain.

  • wins : Query a name with - the IP address listed in the WINSSERVER parameter. If no WINS server has + the IP address listed in the WINSSERVER parameter. If no WINS server has been specified this method will be ignored.

  • bcast : Do a broadcast on - each of the known local interfaces listed in the interfaces + each of the known local interfaces listed in the interfaces parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet.

    • The example below will cause the local lmhosts file to be examined @@ -3828,10 +3873,10 @@ name resolve order (G)

    Example: name resolve order = lmhosts bcast host -

    +

    netbios aliases (G) -

    This is a list of NetBIOS names that nmbd will +

    This is a list of NetBIOS names that nmbd will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon @@ -3841,10 +3886,10 @@ netbios aliases (G)

    Example: netbios aliases = TEST TEST1 TEST2 -

    +

    netbios name (G) -

    +

    This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host's DNS name. If a machine is a browse server or logon server this name (or the first component of the hosts DNS name) will be the name that these services are advertised under. @@ -3857,17 +3902,17 @@ netbios name (G)

    Example: netbios name = MYNAME -

    +

    netbios scope (G) -

    This sets the NetBIOS scope that Samba will +

    This sets the NetBIOS scope that Samba will operate under. This should not be set unless every machine on your LAN also sets this value.

    Default: netbios scope = -

    +

    nis homedir (G) -

    Get the home share server from a NIS map. For +

    Get the home share server from a NIS map. For UNIX systems that use an automounter, the user's home directory will often be mounted on a workstation on demand from a remote server.

    When the Samba logon server is not the actual home directory @@ -3881,25 +3926,25 @@ nis homedir (G) it will be mounted on the Samba client directly from the directory server. When Samba is returning the home share to the client, it will consult the NIS map specified in - homedir map and return the server + homedir map and return the server listed there.

    Note that for this option to work there must be a working NIS system and the Samba server with this option must also be a logon server.

    Default: nis homedir = no -

    +

    nt acl support (S) -

    This boolean parameter controls whether smbd(8) will attempt to map +

    This boolean parameter controls whether smbd(8) will attempt to map UNIX permissions into Windows NT access control lists. The UNIX permissions considered are the the traditional UNIX owner and group permissions, as well as POSIX ACLs set on any files or directories. This parameter was formally a global parameter in releases prior to 2.2.2.

    Default: nt acl support = yes -

    +

    ntlm auth (G) -

    This parameter determines whether or not smbd(8) will attempt to +

    This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response. If disabled, either the lanman password hash or an NTLMv2 response will need to be sent by the client.

    If this option, and lanman @@ -3907,62 +3952,62 @@ ntlm auth (G) permited. Not all clients support NTLMv2, and most will require special configuration to use it.

    Default: ntlm auth = yes -

    +

    nt pipe support (G) -

    This boolean parameter controls whether +

    This boolean parameter controls whether smbd(8) will allow Windows NT clients to connect to the NT SMB specific IPC$ pipes. This is a developer debugging option and can be left alone.

    Default: nt pipe support = yes -

    +

    nt status support (G) -

    This boolean parameter controls whether smbd(8) will negotiate NT specific status +

    This boolean parameter controls whether smbd(8) will negotiate NT specific status support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. If this option is set to no then Samba offers exactly the same DOS error codes that versions prior to Samba 2.2.3 reported.

    You should not need to ever disable this parameter.

    Default: nt status support = yes -

    +

    null passwords (G) -

    Allow or disallow client access to accounts that have null passwords.

    See also smbpasswd(5).

    Default: null passwords = no +

    Allow or disallow client access to accounts that have null passwords.

    See also smbpasswd(5).

    Default: null passwords = no -

    +

    obey pam restrictions (G) -

    When Samba 3.0 is configured to enable PAM support +

    When Samba 3.0 is configured to enable PAM support (i.e. --with-pam), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior is to use PAM for clear text authentication only and to ignore any account or session management. Note that Samba - always ignores PAM for authentication in the case of encrypt passwords = yes. The reason + always ignores PAM for authentication in the case of encrypt passwords = yes. The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption.

    Default: obey pam restrictions = no -

    +

    only user (S) -

    This is a boolean option that controls whether +

    This is a boolean option that controls whether connections with usernames not in the user list will be allowed. By default this option is disabled so that a client can supply a username to be used by the server. Enabling this parameter will force the server to only use the login names from the user list and is only really - useful in security = share level security.

    Note that this also means Samba won't try to deduce + useful in security = share level security.

    Note that this also means Samba won't try to deduce usernames from the service name. This can be annoying for the [homes] section. To get around this you could use user = %S which means your user list will be just the service name, which for home directories is the name of the user.

    Default: only user = no -

    +

    oplock break wait time (G) -

    +

    This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too quickly when that client issues an SMB that can cause an oplock break request, then the network client can fail and not respond to the break request. This tuning parameter (which is set in milliseconds) is the amount @@ -3971,10 +4016,10 @@ oplock break wait time (G) DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.

    Default: oplock break wait time = 0 -

    +

    oplock contention limit (S) -

    +

    This is a very advanced smbd(8) tuning option to improve the efficiency of the granting of oplocks under multiple client contention for the same file.

    @@ -3986,10 +4031,10 @@ oplock contention limit (S) DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.

    Default: oplock contention limit = 2 -

    +

    oplocks (S) -

    +

    This boolean option tells smbd whether to issue oplocks (opportunistic locks) to file open requests on this share. The oplock code can dramatically (approx. 30% or more) improve @@ -4001,17 +4046,17 @@ oplocks (S) docs/ directory.

    Oplocks may be selectively turned off on certain files with a share. See - the veto oplock files parameter. On some systems + the veto oplock files parameter. On some systems oplocks are recognized by the underlying operating system. This allows data synchronization between all access to oplocked files, whether it be via Samba or NFS or a local UNIX process. See the - kernel oplocks parameter for details. + kernel oplocks parameter for details.

    Default: oplocks = yes -

    +

    os2 driver map (G) -

    The parameter is used to define the absolute +

    The parameter is used to define the absolute path to a file containing a mapping of Windows NT printer driver names to OS/2 printer driver names. The format is:

    <nt driver name> = <os2 driver name>.<device name>

    For example, a valid entry using the HP LaserJet 5 printer driver would appear as HP LaserJet 5L = LASERJET.HP @@ -4021,12 +4066,12 @@ os2 driver map (G) details on OS/2 clients, please refer to chapter on other clients in the Samba3-HOWTO book.

    Default: os2 driver map = -

    +

    os level (G) -

    +

    This integer value controls what level Samba advertises itself as for browse elections. The value of this - parameter determines whether nmbd(8) has a chance of becoming a local master browser for the workgroup in the local broadcast area. + parameter determines whether nmbd(8) has a chance of becoming a local master browser for the workgroup in the local broadcast area.

    Note: By default, Samba will win a local master browsing election over all Microsoft operating systems except a Windows NT 4.0/2000 Domain Controller. This means that a misconfigured Samba host can @@ -4040,31 +4085,31 @@ os level (G)

    Example: os level = 65 -

    +

    pam password change (G) -

    With the addition of better PAM support in Samba 2.2, +

    With the addition of better PAM support in Samba 2.2, this parameter, it is possible to use PAM's password change control flag for Samba. If enabled, then PAM will be used for password changes when requested by an SMB client instead of the program listed in - passwd program. + passwd program. It should be possible to enable this without changing your - passwd chat parameter for most setups.

    Default: pam password change = no + passwd chat parameter for most setups.

    Default: pam password change = no -

    +

    panic action (G) -

    This is a Samba developer option that allows a +

    This is a Samba developer option that allows a system command to be called when either smbd(8) or nmbd(8) crashes. This is usually used to draw attention to the fact that a problem occurred.

    Default: panic action =

    Example: panic action = "/bin/sleep 90000" -

    +

    paranoid server security (G) -

    Some version of NT 4.x allow non-guest +

    Some version of NT 4.x allow non-guest users with a bad passowrd. When this option is enabled, samba will not use a broken NT 4.x server as password server, but instead complain to the logs and exit. @@ -4072,10 +4117,10 @@ paranoid server security (G) this check, which involves deliberatly attempting a bad logon to the remote server.

    Default: paranoid server security = yes -

    +

    passdb backend (G) -

    This option allows the administrator to chose which backend +

    This option allows the administrator to chose which backend will be used for storing user and possibly group information. This allows you to swap between different storage mechanisms without recompile.

    The parameter value is divided into two parts, the backend's name, and a 'location' string that has meaning only to that particular backed. These are separated @@ -4084,10 +4129,10 @@ passdb backend (G) backend. Takes a path to the smbpasswd file as an optional argument.

  • tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the private dir directory.

  • ldapsam - The LDAP based passdb + in the private dir directory.

  • ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)

    LDAP connections should be secured where possible. This may be done using either - Start-TLS (see ldap ssl) or by + Start-TLS (see ldap ssl) or by specifying ldaps:// in the URL argument.

    Multiple servers may also be specified in double-quotes. Whether multiple servers are supported or not and the exact @@ -4108,59 +4153,59 @@ or multi server LDAP URL with Netscape based LDAP library: passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"

    Default: passdb backend = smbpasswd -

    • +

    passdb expand explicit (G) -

    +

    This parameter controls whether Samba substitutes %-macros in the passdb fields if they are explicitly set. We used to expand macros here, but this turned out to be a bug because the Windows client can expand a variable %G_osver% in which %G would have been substituted by the user's primary group.

    Default: passdb expand explicit = no -

    +

    passwd chat debug (G) -

    This boolean specifies if the passwd chat script +

    This boolean specifies if the passwd chat script parameter is run in debug mode. In this mode the strings passed to and received from the passwd chat are printed in the smbd(8) log with a - debug level + debug level of 100. This is a dangerous option as it will allow plaintext passwords to be seen in the smbd log. It is available to help Samba admins debug their passwd chat scripts when calling the passwd program and should be turned off after this has been done. This option has no effect if the - pam password change + pam password change parameter is set. This parameter is off by default.

    Default: passwd chat debug = no -

    +

    passwd chat timeout (G) -

    This integer specifies the number of seconds smbd will wait for an initial +

    This integer specifies the number of seconds smbd will wait for an initial answer from a passwd chat script being run. Once the initial answer is received the subsequent answers must be received in one tenth of this time. The default it two seconds.

    Default: passwd chat timeout = 2 -

    +

    passwd chat (G) -

    This string controls the "chat" +

    This string controls the "chat" conversation that takes places between smbd(8) and the local password changing program to change the user's password. The string describes a sequence of response-receive pairs that smbd(8) uses to determine what to send to the - passwd program and what to expect back. If the expected output is not + passwd program and what to expect back. If the expected output is not received then the password is not changed.

    This chat sequence is often quite site specific, depending on what local methods are used for password control (such as NIS - etc).

    Note that this parameter only is used if the unix password sync parameter is set to yes. This sequence is + etc).

    Note that this parameter only is used if the unix password sync parameter is set to yes. This sequence is then called AS ROOT when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. This means that root must be able to reset the user's password without knowing the text of the previous password. In the presence of - NIS/YP, this means that the passwd program must + NIS/YP, this means that the passwd program must be executed on the NIS master.

    The string can contain the macro %n which is substituted for the new password. The old passsword (%o) is only available when - encrypt passwords has been disabled. + encrypt passwords has been disabled. The chat sequence can also contain the standard macros \n, \r, \t and \s to give line-feed, carriage-return, tab and space. The chat sequence string can also contain @@ -4168,17 +4213,17 @@ passwd chat (G) be used to collect strings with spaces in them into a single string.

    If the send string in any part of the chat sequence is a full stop ".", then no string is sent. Similarly, if the - expect string is a full stop then no string is expected.

    If the pam password change parameter is set to yes, the + expect string is a full stop then no string is expected.

    If the pam password change parameter is set to yes, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions.

    Default: passwd chat = *new*password* %n\n*new*password* %n\n *changed*

    Example: passwd chat = "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*" -

    +

    passwd program (G) -

    The name of a program that can be used to set +

    The name of a program that can be used to set UNIX user passwords. Any occurrences of %u will be replaced with the user name. The user name is checked for existence before calling the password changing program.

    Also note that many passwd programs insist in reasonable @@ -4199,10 +4244,10 @@ passwd program (G)

    Example: passwd program = /bin/passwd %u -

    +

    password level (G) -

    Some client/server combinations have difficulty +

    Some client/server combinations have difficulty with mixed-case passwords. One offending client is Windows for Workgroups, which for some reason forces passwords to upper case when using the LANMAN1 protocol, but leaves them alone when @@ -4220,14 +4265,14 @@ password level (G) process a new connection.

    A value of zero will cause only two attempts to be made - the password as is and the password in all-lower case.

    This parameter is used only when using plain-text passwords. It is not at all used when encrypted passwords as in use (that is the default - since samba-3.0.0). Use this only when encrypt passwords = No.

    Default: password level = 0 + since samba-3.0.0). Use this only when encrypt passwords = No.

    Default: password level = 0

    Example: password level = 4 -

    +

    password server (G) -

    By specifying the name of another SMB server +

    By specifying the name of another SMB server or Active Directory domain controller with this option, and using security = [ads|domain|server] it is possible to get Samba to @@ -4239,7 +4284,7 @@ password server (G) Samba will use the standard LDAP port of tcp/389. Note that port numbers have no effect on password servers for Windows NT 4.0 domains or netbios connections.

    If parameter is a name, it is looked up using the - parameter name resolve order and so may resolved + parameter name resolve order and so may resolved by any method and order described in that parameter.

    The password server must be a machine capable of using the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user level security mode.

    Note

    Using a password server means your UNIX box (running @@ -4287,13 +4332,13 @@ password server (G)

    Example: password server = windc.mydomain.com:389 192.168.1.101 * -

    +

    directory -

    This parameter is a synonym for path.

    +

    This parameter is a synonym for path.

    path (S) -

    This parameter specifies a directory to which +

    This parameter specifies a directory to which the user of the service is to be given access. In the case of printable services, this is where print data will spool prior to being submitted to the host for printing.

    For a printable service offering guest access, the service @@ -4305,24 +4350,24 @@ path (S) on this connection. Any occurrences of %m will be replaced by the NetBIOS name of the machine they are connecting from. These replacements are very useful for setting - up pseudo home directories for users.

    Note that this path will be based on root dir + up pseudo home directories for users.

    Note that this path will be based on root dir if one was specified.

    Default: path =

    Example: path = /home/fred -

    +

    pid directory (G) -

    +

    This option specifies the directory where pid files will be placed.

    Default: pid directory = ${prefix}/var/locks

    Example: pid directory = pid directory = /var/run/ -

    +

    posix locking (S) -

    +

    The smbd(8) daemon maintains an database of file locks obtained by SMB clients. The default behavior is to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are @@ -4330,10 +4375,10 @@ posix locking (S) method (e.g. NFS or local file access). You should never need to disable this parameter.

    Default: posix locking = yes -

    +

    postexec (S) -

    This option specifies a command to be run +

    This option specifies a command to be run whenever the service is disconnected. It takes the usual substitutions. The command may be run as the root on some systems.

    An interesting example may be to unmount server @@ -4341,44 +4386,44 @@ postexec (S)

    Example: postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log -

    +

    preexec close (S) -

    - This boolean option controls whether a non-zero return code from preexec +

    + This boolean option controls whether a non-zero return code from preexec should close the service being connected to.

    Default: preexec close = no -

    +

    exec -

    This parameter is a synonym for preexec.

    +

    This parameter is a synonym for preexec.

    preexec (S) -

    This option specifies a command to be run whenever +

    This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.

    An interesting example is to send the users a welcome message every time they log in. Maybe a message of the day? Here is an example:

    preexec = csh -c 'echo \"Welcome to %S!\" | /usr/local/samba/bin/smbclient -M %m -I %I' &

    Of course, this could get annoying after a while :-)

    - See also preexec close and postexec. + See also preexec close and postexec.

    Default: preexec =

    Example: preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log -

    +

    prefered master -

    This parameter is a synonym for preferred master.

    +

    This parameter is a synonym for preferred master.

    preferred master (G) -

    +

    This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup.

    If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this - parameter is used in conjunction with domain master = yes, so that + parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.

    Use this option with caution, because if there are several hosts (whether Samba servers, Windows 95 or NT) @@ -4387,59 +4432,59 @@ preferred master (G) capabilities.

    Default: preferred master = auto -

    +

    preload modules (G) -

    This is a list of paths to modules that should +

    This is a list of paths to modules that should be loaded into smbd before a client connects. This improves the speed of smbd when reacting to new connections somewhat.

    Default: preload modules =

    Example: preload modules = /usr/lib/samba/passdb/mysql.so -

    +

    auto services -

    This parameter is a synonym for preload.

    +

    This parameter is a synonym for preload.

    preload (G) -

    This is a list of services that you want to be +

    This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be visible.

    Note that if you just want all printers in your - printcap file loaded then the load printers + printcap file loaded then the load printers option is easier.

    Default: preload =

    Example: preload = fred lp colorlp -

    +

    preserve case (S) -

    +

    This controls if new filenames are created with the case that the client passes, or if - they are forced to be the default case. + they are forced to be the default case.

    See the section on NAME MANGLING for a fuller discussion.

    Default: preserve case = yes -

    +

    print ok -

    This parameter is a synonym for printable.

    +

    This parameter is a synonym for printable.

    printable (S) -

    If this parameter is yes, then +

    If this parameter is yes, then clients may open, write to and submit spool files on the directory specified for the service.

    Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling - of print data. The read only parameter controls only non-printing access to + of print data. The read only parameter controls only non-printing access to the resource.

    Default: printable = no -

    +

    printcap cache time (G) -

    This option specifies the number of seconds before the printing +

    This option specifies the number of seconds before the printing subsystem is again asked for the known printers. If the value is greater than 60 the initial waiting time is set to 60 seconds to allow an earlier first rescan of the printing subsystem. @@ -4449,18 +4494,18 @@ printcap cache time (G)

    Example: printcap cache time = 600 -

    +

    printcap -

    This parameter is a synonym for printcap name.

    +

    This parameter is a synonym for printcap name.

    printcap name (G) -

    +

    This parameter may be used to override the compiled-in default printcap name used by the server (usually /etc/printcap). See the discussion of the [printers] section above for reasons why you might want to do this.

    To use the CUPS printing interface set printcap name = cups . This should - be supplemented by an addtional setting printing = cups in the [global] + be supplemented by an addtional setting printing = cups in the [global] section. printcap name = cups will use the "dummy" printcap created by CUPS, as specified in your CUPS configuration file.

    @@ -4490,10 +4535,10 @@ print5|My Printer 5

    Example: printcap name = /etc/myprintcap -

    +

    print command (S) -

    After a print job has finished spooling to +

    After a print job has finished spooling to a service, this command will be used via a system() call to process the spool file. Typically the command specified will submit the spool file to the host's printing subsystem, but there @@ -4516,17 +4561,17 @@ print command (S) printable service nor a global print command, spool files will be created but not processed and (most importantly) not removed.

    Note that printing may fail on some UNIXes from the nobody account. If this happens then create - an alternative guest account that can print and set the guest account + an alternative guest account that can print and set the guest account in the [global] section.

    You can form quite complex print commands by realizing that they are just passed to a shell. For example the following will log a print job, print the file, then remove it. Note that ';' is the usual separator for command in shell scripts.

    print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s

    You may have to vary this command considerably depending on how you normally print files on your system. The default for - the parameter varies depending on the setting of the printing + the parameter varies depending on the setting of the printing parameter.

    Default: For printing = BSD, AIX, QNX, LPRNG or PLP :

    print command = lpr -r -P%p %s

    For printing = SYSV or HPUX :

    print command = lp -c -d%p %s; rm %s

    For printing = SOFTQ :

    print command = lp -d%p -s %s; rm %s

    For printing = CUPS : If SAMBA is compiled against - libcups, then printcap = cups + libcups, then printcap = cups uses the CUPS API to submit jobs, etc. Otherwise it maps to the System V commands with the -oraw option for printing, i.e. it @@ -4535,10 +4580,10 @@ print command (S) and if SAMBA is compiled against libcups, any manually set print command will be ignored.

    No default

    Example: print command = /usr/local/samba/bin/myprintscript %p %s -

    +

    printer admin (S) -

    +

    This lists users who can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation). @@ -4554,29 +4599,29 @@ printer admin (S)

    Example: printer admin = admin, @staff -

    +

    printer -

    This parameter is a synonym for printer name.

    +

    This parameter is a synonym for printer name.

    printer name (S) -

    +

    This parameter specifies the name of the printer to which print jobs spooled through a printable service will be sent.

    If specified in the [global] section, the printer name given will be used for any printable service that does not have its own printer name specified.

    - The default value of the printer name may be lp on many + The default value of the printer name may be lp on many systems.

    Default: printer name = none

    Example: printer name = laserwriter -

    +

    printing (S) -

    This parameters controls how printer status information is +

    This parameters controls how printer status information is interpreted on your system. It also affects the default values for the print command, lpq command, lppause command , lpresume command, and lprm command if specified in the [global] section.

    Currently nine printing styles are supported. They are @@ -4590,27 +4635,30 @@ printing (S) commands (e.g. print command, lpq command, etc...) after defining the value for the printing option since it will reset the printing commands to default values.

    See also the discussion in the - [printers] section.

    No default

    + [printers] section.

    Default: printing = Depends on the operating system, see +testparm -v. + +

    printjob username (S) -

    This parameter specifies which user information will be +

    This parameter specifies which user information will be passed to the printing system. Usually, the username is sent, but in some cases, e.g. the domain prefix is useful, too.

    Default: printjob username = %U

    Example: printjob username = %D\%U -

    +

    private dir (G) -

    This parameters defines the directory +

    This parameters defines the directory smbd will use for storing such files as smbpasswd and secrets.tdb.

    Default: private dir = ${prefix}/private -

    +

    profile acls (S) -

    +

    This boolean parameter was added to fix the problems that people have been having with storing user profiles on Samba shares from Windows 2000 or Windows XP clients. New versions of Windows 2000 or Windows XP service @@ -4638,10 +4686,10 @@ profile acls (S) tree to the owning user.

    Default: profile acls = no -

    +

    queuepause command (S) -

    This parameter specifies the command to be +

    This parameter specifies the command to be executed on the server host in order to pause the printer queue.

    This command should be a program or script which takes a printer name as its only parameter and stops the printer queue, such that no longer jobs are submitted to the printer.

    This command is not supported by Windows for Workgroups, @@ -4652,13 +4700,13 @@ queuepause command (S) path in the command as the PATH may not be available to the server.

    No default

    Example: queuepause command = disable %p -

    +

    queueresume command (S) -

    This parameter specifies the command to be +

    This parameter specifies the command to be executed on the server host in order to resume the printer queue. It is the command to undo the behavior that is caused by the - previous parameter (queuepause command).

    This command should be a program or script which takes + previous parameter (queuepause command).

    This command should be a program or script which takes a printer name as its only parameter and resumes the printer queue, such that queued jobs are resubmitted to the printer.

    This command is not supported by Windows for Workgroups, but can be issued from the Printers window under Windows 95 @@ -4670,32 +4718,32 @@ queueresume command (S)

    Example: queueresume command = enable %p -

    +

    read list (S) -

    +

    This is a list of users that are given read-only access to a service. If the connecting user is in this list - then they will not be given write access, no matter what the read only option is set - to. The list can include group names using the syntax described in the invalid users + then they will not be given write access, no matter what the read only option is set + to. The list can include group names using the syntax described in the invalid users parameter. -

    This parameter will not work with the security = share in +

    This parameter will not work with the security = share in Samba 3.0. This is by design.

    Default: read list =

    Example: read list = mary, @students -

    +

    read only (S) -

    An inverted synonym is writeable.

    If this parameter is yes, then users +

    An inverted synonym is writeable.

    If this parameter is yes, then users of a service may not create or modify files in the service's directory.

    Note that a printable service (printable = yes) will ALWAYS allow writing to the directory (user privileges permitting), but only via spooling operations.

    Default: read only = yes -

    +

    read raw (G) -

    This parameter controls whether or not the server +

    This parameter controls whether or not the server will support the raw read SMB requests when transferring data to clients.

    If enabled, raw reads allow reads of 65535 bytes in one packet. This typically provides a major performance benefit. @@ -4704,20 +4752,20 @@ read raw (G) sizes, and for these clients you may need to disable raw reads.

    In general this parameter should be viewed as a system tuning tool and left severely alone.

    Default: read raw = yes -

    +

    realm (G) -

    This option specifies the kerberos realm to use. The realm is +

    This option specifies the kerberos realm to use. The realm is used as the ADS equivalent of the NT4 domain. It is usually set to the DNS name of the kerberos server.

    Default: realm =

    Example: realm = mysambabox.mycompany.com -

    +

    registry shares (G) -

    +

    This turns on or off support for share definitions read from registry. Shares defined in smb.conf take precedence over shares with the same name defined in @@ -4732,10 +4780,10 @@ registry shares (G)

    Example: registry shares = yes -

    +

    remote announce (G) -

    +

    This option allows you to setup nmbd(8)to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name.

    @@ -4749,7 +4797,7 @@ remote announce (G)

    the above line would cause nmbd to announce itself to the two given IP addresses using the given workgroup names. If you leave out the - workgroup name then the one given in the workgroup parameter + workgroup name then the one given in the workgroup parameter is used instead.

    The IP addresses you choose would normally be the broadcast addresses of the remote @@ -4759,10 +4807,10 @@ remote announce (G) See the chapter on Network Browsing in the Samba-HOWTO book.

    Default: remote announce = -

    +

    remote browse sync (G) -

    +

    This option allows you to setup nmbd(8) to periodically request synchronization of browse lists with the master browser of a Samba server that is on a remote segment. This option will allow you to @@ -4789,15 +4837,15 @@ remote browse sync (G) that the remote machine is available, is listening, nor that it is in fact the browse master on its segment.

    - The remote browse sync may be used on networks + The remote browse sync may be used on networks where there is no WINS server, and may be used on disjoint networks where each network has its own WINS server.

    Default: remote browse sync = -

    +

    rename user script (G) -

    +

    This is the full pathname to a script that will be run as root by smbd(8) under special circumstances described below.

    When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager @@ -4815,10 +4863,10 @@ rename user script (G) needs to change for other applications using the same directory.

    Default: rename user script = no -

    +

    reset on zero vc (G) -

    +

    This boolean option controls whether an incoming session setup should kill other connections coming from the same IP. This matches the default Windows 2003 behaviour. @@ -4837,10 +4885,10 @@ reset on zero vc (G)

    Default: reset on zero vc = no -

    +

    restrict anonymous (G) -

    The setting of this parameter determines whether user and +

    The setting of this parameter determines whether user and group list information is returned for an anonymous connection. and mirrors the effects of the 

    @@ -4860,26 +4908,26 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
 	means.
 	
    Note
    
     The security advantage of using restrict anonymous = 2 is removed
-    by setting guest ok = yes on any share.
+    by setting guest ok = yes on any share.
 	
    Default: restrict anonymous = 0
 
-

    +

    root -

    This parameter is a synonym for root directory.

    +

    This parameter is a synonym for root directory.

    root dir -

    This parameter is a synonym for root directory.

    +

    This parameter is a synonym for root directory.

    root directory (G) -

    The server will chroot() (i.e. +

    The server will chroot() (i.e. Change its root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the server will deny access to files not in one of the service entries. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use ".." in file names to access other directories (depending on the setting of the - wide smbconfoptions parameter). + wide smbconfoptions parameter).

    Adding a root directory entry other than "/" adds an extra level of security, but at a price. It absolutely ensures that no access is given to files not in the @@ -4895,39 +4943,39 @@ root directory (G)

    Example: root directory = /homes/smb -

    +

    root postexec (S) -

    +

    This is the same as the postexec parameter except that the command is run as root. This is useful for unmounting filesystems (such as CDROMs) after a connection is closed.

    Default: root postexec = -

    +

    root preexec close (S) -

    This is the same as the preexec close +

    This is the same as the preexec close parameter except that the command is run as root.

    Default: root preexec close = no -

    +

    root preexec (S) -

    +

    This is the same as the preexec parameter except that the command is run as root. This is useful for mounting filesystems (such as CDROMs) when a connection is opened.

    Default: root preexec = -

    +

    security mask (S) -

    +

    This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box.

    This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting - any bits not in this mask. Make sure not to mix up this parameter with force security mode, which works in a manner similar to this one but uses a logical OR instead of an AND. + any bits not in this mask. Make sure not to mix up this parameter with force security mode, which works in a manner similar to this one but uses a logical OR instead of an AND.

    Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the file permissions regardless of the previous status of this bits on the file. @@ -4941,10 +4989,10 @@ security mask (S)

    Example: security mask = 0770 -

    +

    security (G) -

    This option affects how clients respond to +

    This option affects how clients respond to Samba and is one of the most important settings in the smb.conf file.

    The option sets the "security mode bit" in replies to protocol negotiations with smbd(8) to turn share level security on or off. Clients decide @@ -4968,9 +5016,9 @@ security (G) want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. It is more difficult to setup guest shares with security = user, see - the map to guestparameter for details.

    It is possible to use smbd in a + the map to guestparameter for details.

    It is possible to use smbd in a hybrid mode where it is offers both user and share - level security under different NetBIOS aliases.

    The different settings will now be explained.

    SECURITY = SHARE

    When clients connect to a share level security server they + level security under different NetBIOS aliases.

    The different settings will now be explained.

    SECURITY = SHARE

    When clients connect to a share level security server they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with @@ -4983,10 +5031,10 @@ security (G) in share level security, smbd uses several techniques to determine the correct UNIX user to use on behalf of the client.

    A list of possible UNIX usernames to match with the given - client password is constructed using the following methods :

    • If the guest only parameter is set, then all the other - stages are missed and only the guest account username is checked. + client password is constructed using the following methods :

      • If the guest only parameter is set, then all the other + stages are missed and only the guest account username is checked.

      • Is a username is sent with the share connection - request, then this username (after mapping - see username map), + request, then this username (after mapping - see username map), is added as a potential username.

      • If the client did a previous logon request (the SessionSetup SMB call) then the @@ -4995,7 +5043,7 @@ security (G) added as a potential username.

      • The NetBIOS name of the client is added to the list as a potential username. -

      • Any users on the user list are added as potential usernames. +

      • Any users on the user list are added as potential usernames.

      If the guest only parameter is not set, then this list is then tried with the supplied password. The first user for whom the password matches will be used as the @@ -5007,17 +5055,17 @@ security (G) be used in granting access.

      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      SECURITY = USER

      This is the default security setting in Samba 3.0. With user-level security a client must first "log-on" with a - valid username and password (which can be mapped using the username map - parameter). Encrypted passwords (see the encrypted passwords parameter) can also - be used in this security mode. Parameters such as user and guest only if set are then applied and + valid username and password (which can be mapped using the username map + parameter). Encrypted passwords (see the encrypted passwords parameter) can also + be used in this security mode. Parameters such as user and guest only if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.

      Note that the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the guest account. - See the map to guest parameter for details on doing this.

      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      SECURITY = DOMAIN

      This mode will only work correctly if net(8) has been used to add this - machine into a Windows NT Domain. It expects the encrypted passwords + the server to automatically map unknown users into the guest account. + See the map to guest parameter for details on doing this.

      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      SECURITY = DOMAIN

      This mode will only work correctly if net(8) has been used to add this + machine into a Windows NT Domain. It expects the encrypted passwords parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly @@ -5031,13 +5079,13 @@ security (G) requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the guest account. - See the map to guest parameter for details on doing this.

      See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and - the encrypted passwords parameter.

      SECURITY = SERVER

      + the server to automatically map unknown users into the guest account. + See the map to guest parameter for details on doing this.

      See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and + the encrypted passwords parameter.

      SECURITY = SERVER

      In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box. If this fails it will revert to security = user. It expects the - encrypted passwords parameter to be set to yes, unless the remote + encrypted passwords parameter to be set to yes, unless the remote server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid smbpasswd file to check users against. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up. @@ -5057,10 +5105,10 @@ security (G) requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the guest account. - See the map to guest parameter for details on doing this.

      See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and the - encrypted passwords parameter.

      SECURITY = ADS

      In this mode, Samba will act as a domain member in an ADS realm. To operate + the server to automatically map unknown users into the guest account. + See the map to guest parameter for details on doing this.

      See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION.

      See also the password server parameter and the + encrypted passwords parameter.

      SECURITY = ADS

      In this mode, Samba will act as a domain member in an ADS realm. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility.

      Note that this mode does NOT make Samba operate as a Active Directory Domain @@ -5068,12 +5116,12 @@ security (G)

      Example: security = DOMAIN -

    +

    server schannel (G) -

    +

    This controls whether the server offers or even demands the use of the netlogon schannel. - server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel. + server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel. This is only the case for Windows NT4 before SP4.

    Please note that with this set to no you will have to apply the WindowsXP @@ -5082,10 +5130,10 @@ server schannel (G)

    Example: server schannel = yes -

    +

    server signing (G) -

    This controls whether the server offers or requires +

    This controls whether the server offers or requires the client it talks to to use SMB signing. Possible values are auto, mandatory and disabled. @@ -5093,10 +5141,10 @@ server signing (G) When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either.

    Default: server signing = Disabled -

    +

    server string (G) -

    This controls what string will show up in the printer comment box in print +

    This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view. It can be any string that you wish to show to your users.

    It also sets what will appear in browse lists next to the machine name.

    A %v will be replaced with the Samba @@ -5105,10 +5153,10 @@ server string (G)

    Example: server string = University of GNUs Samba Server -

    +

    set directory (S) -

    +

    If set directory = no, then users of the service may not use the setdir command to change directory.

    @@ -5117,10 +5165,10 @@ set directory (S) for details.

    Default: set directory = no -

    +

    set primary group script (G) -

    Thanks to the Posix subsystem in NT a Windows User has a +

    Thanks to the Posix subsystem in NT a Windows User has a primary group in addition to the auxiliary groups. This script sets the primary group in the unix userdatase when an administrator sets the primary group from the windows user @@ -5132,10 +5180,10 @@ set primary group script (G)

    Example: set primary group script = /usr/sbin/usermod -g '%g' '%u' -

    +

    set quota command (G) -

    The set quota command should only be used +

    The set quota command should only be used whenever there is no operating system API available from the OS that samba can use.

    This option is only available if Samba was configured with the argument --with-sys-quotas or on linux when ./configure --with-quotas was used and a working quota api @@ -5145,36 +5193,35 @@ set quota command (G)

    Example: set quota command = /usr/local/sbin/set_quota -

    +

    share modes (S) -

    This enables or disables the honoring of - the share modes during a file open. These - modes are used by clients to gain exclusive read or write access - to a file.

    These open modes are not directly supported by UNIX, so - they are simulated using shared memory, or lock files if your - UNIX doesn't support shared memory (almost all do).

    The share modes that are enabled by this option are - DENY_DOS, DENY_ALL, - DENY_READ, DENY_WRITE, - DENY_NONE and DENY_FCB. -

    This option gives full share compatibility and enabled - by default.

    You should NEVER turn this parameter +

    This enables or disables the honoring of + the share modes during a file open. These + modes are used by clients to gain exclusive read or write access + to a file.

    This is a deprecated option from old versions of + Samba, and will be removed in the next major release. +

    These open modes are not directly supported by UNIX, so + they are simulated using shared memory.

    The share modes that are enabled by this option are + the standard Windows share modes. +

    This option gives full share compatibility and is enabled + by default.

    You should NEVER turn this parameter off as many Windows applications will break if you do so.

    Default: share modes = yes -

    +

    short preserve case (S) -

    +

    This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of - suitable length, are created upper case, or if they are forced to be the default case. - This option can be use with preserve case = yes to permit long filenames + suitable length, are created upper case, or if they are forced to be the default case. + This option can be use with preserve case = yes to permit long filenames to retain their case, while short names are lowered.

    See the section on NAME MANGLING.

    Default: short preserve case = yes -

    +

    show add printer wizard (G) -

    With the introduction of MS-RPC based printing support +

    With the introduction of MS-RPC based printing support for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will appear on Samba hosts in the share listing. Normally this folder will contain an icon for the MS Add Printer Wizard (APW). However, it is @@ -5192,10 +5239,10 @@ show add printer wizard (G)

    Note

    This does not prevent the same user from having administrative privilege on an individual printer.

    Default: show add printer wizard = yes -

    +

    shutdown script (G) -

    This a full path name to a script called by +

    This a full path name to a script called by smbd(8) that should start a shutdown procedure.

    If the connected user posseses the SeRemoteShutdownPrivilege, right, this command will be run as user.

    The %z %t %r %f variables are expanded as follows:

    • %z will be substituted with the @@ -5220,10 +5267,10 @@ let "time++"

      Example: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f -

    +

    smb encrypt (S) -

    This is a new feature introduced with Samba 3.2 and above. It is an +

    This is a new feature introduced with Samba 3.2 and above. It is an extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions. SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt and sign every request/response in a SMB protocol stream. When @@ -5246,16 +5293,16 @@ smb encrypt (S) style read/writes allowed) as well as the overhead of encrypting and signing all the data.

    If SMB encryption is selected, Windows style SMB signing (see - the server signing option) is no longer necessary, + the server signing option) is no longer necessary, as the GSSAPI flags use select both signing and sealing of the data.

    When set to auto, SMB encryption is offered, but not enforced. When set to mandatory, SMB encryption is required and if set to disabled, SMB encryption can not be negotiated.

    Default: smb encrypt = auto -

    +

    smb passwd file (G) -

    This option sets the path to the encrypted smbpasswd file. By +

    This option sets the path to the encrypted smbpasswd file. By default the path to the smbpasswd file is compiled into Samba.

    An example of use is: 

    @@ -5263,26 +5310,27 @@ smb passwd file = /etc/samba/smbpasswd

    Default: smb passwd file = ${prefix}/private/smbpasswd -

    +

    smb ports (G) -

    Specifies which ports the server should listen on for SMB traffic.

    Default: smb ports = 445 139 +

    Specifies which ports the server should listen on for SMB traffic.

    Default: smb ports = 445 139 -

    +

    socket address (G) -

    This option allows you to control what - address Samba will listen for connections on. This is used to - support multiple virtual interfaces on the one server, each - with a different configuration.

    By default Samba will accept connections on any +

    This option allows you to control what + address Samba will listen for connections on. This is used to + support multiple virtual interfaces on the one server, each + with a different configuration.

    Setting this option should never be necessary on usual Samba + servers running only one nmbd.

    By default Samba will accept connections on any address.

    Default: socket address =

    Example: socket address = 192.168.2.20 -

    +

    socket options (G) -

    This option allows you to set socket options +

    This option allows you to set socket options to be used when talking with the client.

    Socket options are controls on the networking layer of the operating systems which allow the connection to be tuned.

    This option will typically be used to tune your Samba server @@ -5310,32 +5358,32 @@ socket options (G)

    Example: socket options = IPTOS_LOWDELAY -

    +

    stat cache (G) -

    This parameter determines if smbd(8) will use a cache in order to +

    This parameter determines if smbd(8) will use a cache in order to speed up case insensitive name mappings. You should never need to change this parameter.

    Default: stat cache = yes -

    +

    store dos attributes (S) -

    +

    If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such - as occurs with map hidden and map readonly). When set, DOS + as occurs with map hidden and map readonly). When set, DOS attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or - directory. For no other mapping to occur as a fall-back, the parameters map hidden, - map system, map archive and map readonly must be set to off. This parameter writes the DOS attributes as a string into the extended + directory. For no other mapping to occur as a fall-back, the parameters map hidden, + map system, map archive and map readonly must be set to off. This parameter writes the DOS attributes as a string into the extended attribute named "user.DOSATTRIB". This extended attribute is explicitly hidden from smbd clients requesting an EA list. On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel.

    Default: store dos attributes = no -

    +

    strict allocate (S) -

    This is a boolean that controls the handling of +

    This is a boolean that controls the handling of disk space allocation in the server. When this is set to yes the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour @@ -5347,10 +5395,10 @@ strict allocate (S) out of quota messages on systems that are restricting the disk quota of users.

    Default: strict allocate = no -

    +

    strict locking (S) -

    +

    This is an enumerated type that controls the handling of file locking in the server. When this is set to yes, the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on some systems. @@ -5366,10 +5414,10 @@ strict locking (S) strict locking = no is acceptable.

    Default: strict locking = Auto -

    +

    strict sync (S) -

    Many Windows applications (including the Windows 98 explorer +

    Many Windows applications (including the Windows 98 explorer shell) seem to confuse flushing buffer contents to disk with doing a sync to disk. Under UNIX, a sync call forces the process to be suspended until the kernel has ensured that all outstanding data in @@ -5383,10 +5431,10 @@ strict sync (S) addition, this fixes many performance problems that people have reported with the new Windows98 explorer shell file copies.

    Default: strict sync = no -

    +

    svcctl list (G) -

    This option defines a list of init scripts that smbd +

    This option defines a list of init scripts that smbd will use for starting and stopping Unix services via the Win32 ServiceControl API. This allows Windows administrators to utilize the MS Management Console plug-ins to manage a @@ -5399,10 +5447,10 @@ svcctl list (G)

    Example: svcctl list = cups postfix portmap httpd -

    +

    sync always (S) -

    This is a boolean parameter that controls +

    This is a boolean parameter that controls whether writes will always be written to stable storage before the write call returns. If this is no then the server will be guided by the client's request in each write call (clients can @@ -5413,19 +5461,19 @@ sync always (S) yes in order for this parameter to have any affect.

    Default: sync always = no -

    +

    syslog only (G) -

    +

    If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files. There still will be some logging to log.[sn]mbd even if syslog only is enabled.

    Default: syslog only = no -

    +

    syslog (G) -

    +

    This parameter maps how Samba debug messages are logged onto the system syslog logging levels. Samba debug level zero maps onto syslog LOG_ERR, debug level one maps onto LOG_WARNING, debug level two maps onto LOG_NOTICE, @@ -5436,10 +5484,10 @@ syslog (G) logging to log.[sn]mbd even if syslog only is enabled.

    Default: syslog = 1 -

    +

    template homedir (G) -

    When filling out the user information for a Windows NT +

    When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this parameter to fill in the home directory for that user. If the string %D is present it @@ -5447,31 +5495,31 @@ template homedir (G) string %U is present it is substituted with the user's Windows NT user name.

    Default: template homedir = /home/%D/%U -

    +

    template shell (G) -

    When filling out the user information for a Windows NT +

    When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this - parameter to fill in the login shell for that user.

    No default

    + parameter to fill in the login shell for that user.

    No default

    time offset (G) -

    This parameter is a setting in minutes to add +

    This parameter is a setting in minutes to add to the normal GMT to local time conversion. This is useful if you are serving a lot of PCs that have incorrect daylight saving time handling.

    Default: time offset = 0

    Example: time offset = 60 -

    +

    time server (G) -

    This parameter determines if nmbd(8) advertises itself as a time server to Windows +

    This parameter determines if nmbd(8) advertises itself as a time server to Windows clients.

    Default: time server = no -

    +

    unix charset (G) -

    Specifies the charset the unix machine +

    Specifies the charset the unix machine Samba runs on uses. Samba needs to know this in order to be able to convert text to the charsets other SMB clients use.

    This is also the charset Samba will use when specifying arguments @@ -5480,20 +5528,20 @@ unix charset (G)

    Example: unix charset = ASCII -

    +

    unix extensions (G) -

    This boolean parameter controls whether Samba +

    This boolean parameter controls whether Samba implments the CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX CIFS clients by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients.

    Default: unix extensions = yes -

    +

    unix password sync (G) -

    This boolean parameter controls whether Samba +

    This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. If this is set to yes the program specified in the passwd @@ -5502,10 +5550,10 @@ unix password sync (G) old UNIX password (as the SMB password change code has no access to the old password cleartext, only the new).

    Default: unix password sync = no -

    +

    update encrypted (G) -

    +

    This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the @@ -5515,18 +5563,18 @@ update encrypted (G) passwords to be made over a longer period. Once all users have encrypted representations of their passwords in the smbpasswd file this parameter should be set to no.

    - In order for this parameter to be operative the encrypt passwords parameter must - be set to no. The default value of encrypt passwords = Yes. Note: This must be set to no for this update encrypted to work. + In order for this parameter to be operative the encrypt passwords parameter must + be set to no. The default value of encrypt passwords = Yes. Note: This must be set to no for this update encrypted to work.

    Note that even when this parameter is set a user authenticating to smbd must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords.

    Default: update encrypted = no -

    +

    use client driver (S) -

    This parameter applies only to Windows NT/2000 +

    This parameter applies only to Windows NT/2000 clients. It has no effect on Windows 95/98/ME clients. When serving a printer to Windows NT/2000 clients without first installing a valid printer driver on the Samba host, the client will be required @@ -5551,10 +5599,10 @@ use client driver (S) on a print share which has valid print driver installed on the Samba server.

    Default: use client driver = no -

    +

    use kerberos keytab (G) -

    +

    Specifies whether Samba should attempt to maintain service principals in the systems keytab file for host/FQDN and cifs/FQDN.

    @@ -5566,10 +5614,10 @@ default_keytab_name = FILE:/etc/krb5.keytab

    Default: use kerberos keytab = False -

    +

    use mmap (G) -

    This global parameter determines if the tdb internals of Samba can +

    This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a coherent cache, and so this parameter is set to no by @@ -5578,10 +5626,10 @@ use mmap (G) the tdb internal code.

    Default: use mmap = yes -

    +

    username level (G) -

    This option helps Samba to try and 'guess' at +

    This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the username with the first letter capitalized, and fails if the @@ -5596,11 +5644,11 @@ username level (G)

    Example: username level = 5 -

    +

    username map script (G) -

    This script is a mutually exclusive alternative to the - username map parameter. This parameter +

    This script is a mutually exclusive alternative to the + username map parameter. This parameter specifies and external program or script that must accept a single command line option (the username transmitted in the authentication request) and return a line line on standard output (the name to which @@ -5610,10 +5658,10 @@ username map script (G)

    Example: username map script = /etc/samba/scripts/mapusers.sh -

    +

    username map (G) -

    +

    This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they @@ -5669,7 +5717,7 @@ guest = * Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and fred is remapped to mary then you will actually be connecting to \\server\mary and will need to supply a password suitable for mary not - fred. The only exception to this is the username passed to the password server (if you have one). The password server will receive whatever username the client + fred. The only exception to this is the username passed to the password server (if you have one). The password server will receive whatever username the client supplies without modification.

    Also note that no reverse mapping is done. The main effect this has is with printing. Users who have been @@ -5697,16 +5745,16 @@ username map = /usr/local/samba/lib/users.map

    Default: username map = # no username map -

    +

    user -

    This parameter is a synonym for username.

    +

    This parameter is a synonym for username.

    users -

    This parameter is a synonym for username.

    +

    This parameter is a synonym for username.

    username (S) -

    Multiple users may be specified in a comma-delimited +

    Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right).

    The username line is needed only when the PC is unable to supply its own username. This is the case @@ -5725,7 +5773,7 @@ username (S) they will be able to do no more damage than if they started a telnet session. The daemon runs as the user that they log in as, so they cannot do anything that user cannot do.

    To restrict a service to a particular set of users you - can use the valid users parameter.

    If any of the usernames begin with a '@' then the name + can use the valid users parameter.

    If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users @@ -5744,28 +5792,28 @@ username (S)

    Example: username = fred, mary, jack, jane, @users, @pcgroup -

    +

    usershare allow guests (G) -

    This parameter controls whether user defined shares are allowed +

    This parameter controls whether user defined shares are allowed to be accessed by non-authenticated users or not. It is the equivalent of allowing people who can create a share the option of setting guest ok = yes in a share definition. Due to the security sensitive nature of this the default is set to off.

    Default: usershare allow guests = no -

    +

    usershare max shares (G) -

    This parameter specifies the number of user defined shares +

    This parameter specifies the number of user defined shares that are allowed to be created by users belonging to the group owning the usershare directory. If set to zero (the default) user defined shares are ignored.

    Default: usershare max shares = 0 -

    +

    usershare owner only (G) -

    This parameter controls whether the pathname exported by +

    This parameter controls whether the pathname exported by a user defined shares must be owned by the user creating the user defined share or not. If set to True (the default) then smbd checks that the directory path being shared is owned by @@ -5775,10 +5823,10 @@ usershare owner only (G) regardless of who owns it.

    Default: usershare owner only = True -

    +

    usershare path (G) -

    This parameter specifies the absolute path of the directory on the +

    This parameter specifies the absolute path of the directory on the filesystem used to store the user defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the @@ -5799,10 +5847,10 @@ usershare path (G) In this case, only members of the group "power_users" can create user defined shares.

    Default: usershare path = NULL -

    +

    usershare prefix allow list (G) -

    This parameter specifies a list of absolute pathnames +

    This parameter specifies a list of absolute pathnames the root of which are allowed to be exported by user defined share definitions. If the pathname exported doesn't start with one of the strings in this list the user defined share will not be allowed. This allows the Samba @@ -5817,10 +5865,10 @@ usershare prefix allow list (G)

    Example: usershare prefix allow list = /home /data /space -

    +

    usershare prefix deny list (G) -

    This parameter specifies a list of absolute pathnames +

    This parameter specifies a list of absolute pathnames the root of which are NOT allowed to be exported by user defined share definitions. If the pathname exported starts with one of the strings in this list the user defined share will not be allowed. Any pathname not @@ -5836,10 +5884,10 @@ usershare prefix deny list (G)

    Example: usershare prefix deny list = /etc /dev /private -

    +

    usershare template share (G) -

    User defined shares only have limited possible parameters +

    User defined shares only have limited possible parameters such as path, guest ok etc. This parameter allows usershares to "cloned" from an existing share. If "usershare template share" is set to the name of an existing share, then all usershares @@ -5854,10 +5902,10 @@ usershare template share (G)

    Example: usershare template share = template_share -

    +

    use sendfile (S) -

    If this parameter is yes, and the sendfile() +

    If this parameter is yes, and the sendfile() system call is supported by the underlying operating system, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked. This may make more efficient use of the system CPU's @@ -5866,10 +5914,10 @@ use sendfile (S) Windows 9x (using sendfile from Linux will cause these clients to fail).

    Default: use sendfile = false -

    +

    use spnego (G) -

    This variable controls controls whether samba will try +

    This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism.

    @@ -5877,10 +5925,10 @@ use spnego (G) implementation, there is no reason this should ever be disabled.

    Default: use spnego = yes -

    +

    utmp directory (G) -

    This parameter is only available if Samba has +

    This parameter is only available if Samba has been configured and compiled with the option --with-utmp. It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that @@ -5892,10 +5940,10 @@ utmp directory (G)

    Example: utmp directory = /var/run/utmp -

    +

    utmp (G) -

    +

    This boolean parameter is only available if Samba has been configured and compiled with the option --with-utmp. If set to yes then Samba will attempt to add utmp or utmpx records @@ -5907,10 +5955,10 @@ utmp (G) to find this number. This may impede performance on large installations.

    Default: utmp = no -

    +

    valid users (S) -

    +

    This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the invalid users parameter. @@ -5926,10 +5974,10 @@ valid users (S)

    Example: valid users = greg, @pcusers -

    +

    -valid (S) -

    This parameter indicates whether a share is +

    This parameter indicates whether a share is valid and thus can be used. When this parameter is set to false, the share will be in no way visible nor accessible.

    @@ -5938,10 +5986,10 @@ valid users (S) Samba uses this option internally to mark shares as deleted.

    Default: -valid = yes -

    +

    veto files (S) -

    +

    This is a list of files and directories that are neither visible nor accessible. Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards. @@ -5949,11 +5997,11 @@ veto files (S) Each entry must be a unix path, not a DOS path and must not include the unix directory separator '/'.

    - Note that the case sensitive option is applicable in vetoing files. + Note that the case sensitive option is applicable in vetoing files.

    One feature of the veto files parameter that it is important to be aware of is Samba's behaviour when trying to delete a directory. If a directory that is to be deleted contains nothing but veto files this - deletion will fail unless you also set the delete veto files + deletion will fail unless you also set the delete veto files parameter to yes.

    Setting this parameter will affect the performance of Samba, as it will be forced to check all files @@ -5972,15 +6020,15 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/

    Default: veto files = No files or directories are vetoed. -

    +

    veto oplock files (S) -

    - This parameter is only valid when the oplocks +

    + This parameter is only valid when the oplocks parameter is turned on for a share. It allows the Samba administrator to selectively turn off the granting of oplocks on selected files that match a wildcarded list, similar to the wildcarded list used in the - veto files parameter. + veto files parameter.

    You might want to do this on files that you know will be heavily contended for by clients. A good example of this is in the NetBench SMB benchmark @@ -5996,31 +6044,31 @@ veto oplock files = /.*SEM/

    Default: veto oplock files = # No files are vetoed for oplock grants -

    +

    vfs object -

    This parameter is a synonym for vfs objects.

    +

    This parameter is a synonym for vfs objects.

    vfs objects (S) -

    This parameter specifies the backend names which +

    This parameter specifies the backend names which are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects.

    Default: vfs objects =

    Example: vfs objects = extd_audit recycle -

    +

    volume (S) -

    This allows you to override the volume label +

    This allows you to override the volume label returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.

    Default: volume = # the name of the share -

    +

    wide links (S) -

    This parameter controls whether or not links +

    This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the server are always allowed; this parameter controls access only @@ -6028,21 +6076,21 @@ wide links (S) effect on your server performance due to the extra system calls that Samba has to do in order to perform the link checks.

    Default: wide links = yes -

    +

    winbind cache time (G) -

    This parameter specifies the number of +

    This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again.

    This does not apply to authentication requests, these are always - evaluated in real time unless the winbind offline logon option has been enabled. + evaluated in real time unless the winbind offline logon option has been enabled.

    Default: winbind cache time = 300 -

    +

    winbind enum groups (G) -

    On large installations using winbindd(8) it may be necessary to suppress +

    On large installations using winbindd(8) it may be necessary to suppress the enumeration of groups through the setgrent(), getgrent() and endgrent() group of system calls. If @@ -6050,10 +6098,10 @@ winbind enum groups (G) no, calls to the getgrent() system call will not return any data.

    Warning

    Turning off group enumeration may cause some programs to behave oddly.

    Default: winbind enum groups = no -

    +

    winbind enum users (G) -

    On large installations using winbindd(8) it may be +

    On large installations using winbindd(8) it may be necessary to suppress the enumeration of users through the setpwent(), getpwent() and endpwent() group of system calls. If @@ -6065,13 +6113,13 @@ winbind enum users (G) full user list when searching for matching usernames.

    Default: winbind enum users = no -

    +

    winbind expand groups (G) -

    This option controls the maximum depth that winbindd +

    This option controls the maximum depth that winbindd will traverse when flattening nested group memberships of Windows domain groups. This is different from the - winbind nested groups option + winbind nested groups option which implements the Windows NT4 model of local group nesting. The "winbind expand groups" parameter specifically applies to the membership of @@ -6080,10 +6128,10 @@ winbind expand groups (G) must perform the group unrolling and will be unable to answer incoming NSS or authentication requests during this time.

    Default: winbind expand groups = 1 -

    +

    winbind nested groups (G) -

    If set to yes, this parameter activates the support for nested +

    If set to yes, this parameter activates the support for nested groups. Nested groups are also called local groups or aliases. They work like their counterparts in Windows: Nested groups are defined locally on any machine (they are shared @@ -6091,25 +6139,33 @@ winbind nested groups (G) global groups from any trusted SAM. To be able to use nested groups, you need to run nss_winbind.

    Default: winbind nested groups = yes -

    +

    winbind normalize names (G) -

    This parameter controls whether winbindd will replace - whitespace in user and group names with an underscore (_) character. - For example, whether the name "Space Kadet" should be - replaced with the string "space_kadet". - Frequently Unix shell scripts will have difficulty with usernames - contains whitespace due to the default field separator in the shell. - Do not enable this option if the underscore character is used in - account names within your domain -

    Default: winbind normalize names = no +

    This parameter controls whether winbindd will replace + whitespace in user and group names with an underscore (_) character. + For example, whether the name "Space Kadet" should be + replaced with the string "space_kadet". + Frequently Unix shell scripts will have difficulty with usernames + contains whitespace due to the default field separator in the shell. + If your domain possesses names containing the underscore character, + this option may cause problems unless the name aliasing feature + is supported by your nss_info plugin. +

    This feature also enables the name aliasing API which can + be used to make domain user and group names to a non-qlaified + version. Please refer to the manpage for the configured + idmap and nss_info plugin for the specifics on how to configure + name aliasing for a specific configuration. Name aliasing takes + precendence (and is mutually exclusive) over the whitespace + replacement mechanism discussed previsouly. +

    Default: winbind normalize names = no

    Example: winbind normalize names = yes -

    +

    winbind nss info (G) -

    This parameter is designed to control how Winbind retrieves Name +

    This parameter is designed to control how Winbind retrieves Name Service Information to construct a user's home directory and login shell. Currently the following settings are available: @@ -6131,10 +6187,10 @@ winbind nss info (G)

    Example: winbind nss info = template sfu -

    +

    winbind offline logon (G) -

    This parameter is designed to control whether Winbind should +

    This parameter is designed to control whether Winbind should allow to login with the pam_winbind module using Cached Credentials. If enabled, winbindd will store user credentials from successful logins encrypted in a local cache. @@ -6142,29 +6198,37 @@ winbind offline logon (G)

    Example: winbind offline logon = true -

    +

    + +winbind reconnect delay (G) +

    This parameter specifies the number of + seconds the winbindd(8) daemon will wait between + attempts to contact a Domain controller for a domain that is + determined to be down or not contactable.

    Default: winbind reconnect delay = 30 + +

    winbind refresh tickets (G) -

    This parameter is designed to control whether Winbind should refresh Kerberos Tickets +

    This parameter is designed to control whether Winbind should refresh Kerberos Tickets retrieved using the pam_winbind module.

    Default: winbind refresh tickets = false

    Example: winbind refresh tickets = true -

    +

    winbind rpc only (G) -

    +

    Setting this parameter to yes forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers.

    Default: winbind rpc only = no -

    +

    winbind separator (G) -

    This parameter allows an admin to define the character +

    This parameter allows an admin to define the character used when listing a username of the form of DOMAIN \user. This parameter is only applicable when using the pam_winbind.so @@ -6175,10 +6239,10 @@ winbind separator (G)

    Example: winbind separator = + -

    +

    winbind trusted domains only (G) -

    +

    This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain. @@ -6186,14 +6250,13 @@ winbind trusted domains only (G) the account user1 in /etc/passwd instead of allocating a new uid for him or her.

    This parameter is now deprecated in favor of the newer idmap_nss backend. - Refer to the idmap domains smb.conf option and - the idmap_nss(8) man page for more information. + Refer to the idmap_nss(8) man page for more information.

    Default: winbind trusted domains only = no -

    +

    winbind use default domain (G) -

    This parameter specifies whether the +

    This parameter specifies whether the winbindd(8) daemon should operate on users without domain component in their username. Users without a domain component are treated as is part of the winbindd server's own @@ -6203,10 +6266,10 @@ winbind use default domain (G)

    Example: winbind use default domain = yes -

    +

    wins hook (G) -

    When Samba is running as a WINS server this +

    When Samba is running as a WINS server this allows you to call an external program for all changes to the WINS database. The primary use for this option is to allow the dynamic update of external name resolution databases such as @@ -6227,17 +6290,17 @@ wins hook (G) addresses currently registered for that name. If this list is empty then the name should be deleted.

    An example script that calls the BIND dynamic DNS update program nsupdate is provided in the examples - directory of the Samba source code.

    No default

    + directory of the Samba source code.

    No default

    wins proxy (G) -

    This is a boolean that controls if nmbd(8) will respond to broadcast name +

    This is a boolean that controls if nmbd(8) will respond to broadcast name queries on behalf of other hosts. You may need to set this to yes for some older clients.

    Default: wins proxy = no -

    +

    wins server (G) -

    This specifies the IP address (or DNS name: IP +

    This specifies the IP address (or DNS name: IP address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on your network then you should set this to the WINS server's IP.

    You should point this at your WINS server if you have a multi-subnetted network.

    If you want to work in multiple namespaces, you can @@ -6256,36 +6319,38 @@ wins server (G)

    Example: wins server = 192.9.200.1 192.168.2.61 -

    +

    wins support (G) -

    This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should +

    This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should not set this to yes unless you have a multi-subnetted network and you wish a particular nmbd to be your WINS server. Note that you should NEVER set this to yes on more than one machine in your network.

    Default: wins support = no -

    +

    workgroup (G) -

    This controls what workgroup your server will +

    This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with - the security = domain + the security = domain setting.

    Default: workgroup = WORKGROUP

    Example: workgroup = MYGROUP -

    +

    writable -

    This parameter is a synonym for writeable.

    +

    This parameter is a synonym for writeable.

    writeable (S) -

    Inverted synonym for read only.

    No default

    +

    Inverted synonym for read only.

    Default: writeable = no + +

    write cache size (S) -

    If this integer parameter is set to non-zero value, +

    If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file (it does not do this for non-oplocked files). All writes that the client does not request @@ -6303,35 +6368,35 @@ write cache size (S)

    Example: write cache size = 262144 # for a 256k cache size per file -

    +

    write list (S) -

    +

    This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter - what the read only option is set to. The list can + what the read only option is set to. The list can include group names using the @group syntax.

    Note that if a user is in both the read list and the write list then they will be given write access.

    By design, this parameter will not work with the - security = share in Samba 3.0. + security = share in Samba 3.0.

    Default: write list =

    Example: write list = admin, root, @staff -

    +

    write raw (G) -

    This parameter controls whether or not the server +

    This parameter controls whether or not the server will support raw write SMB's when transferring data from clients. You should never need to change this parameter.

    Default: write raw = yes -

    +

    wtmp directory (G) -

    +

    This parameter is only available if Samba has been configured and compiled with the option --with-utmp. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact @@ -6343,7 +6408,7 @@ wtmp directory (G)

    Example: wtmp directory = /var/log/wtmp -

    WARNINGS

    +

    WARNINGS

    Although the configuration file permits service names to contain spaces, your client software may not. Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.

    @@ -6356,8 +6421,8 @@ wtmp directory (G) for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme care when designing these sections. In particular, ensure that the permissions on spool directories are correct. -

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    - samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

    AUTHOR

    +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    + samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/smbcacls.1.html b/docs/htmldocs/manpages/smbcacls.1.html index 02f9691381..2403eea762 100644 --- a/docs/htmldocs/manpages/smbcacls.1.html +++ b/docs/htmldocs/manpages/smbcacls.1.html @@ -1,5 +1,5 @@ -smbcacls

    Name

    smbcacls — Set or get ACLs on an NT file or directory names

    Synopsis

    smbcacls {//server/share} {filename} [-D acls] [-M acls] [-a acls] [-S acls] [-C name] [-G name] [--numeric] [-t] [-U username] [-h] [-d]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcacls program manipulates NT Access Control - Lists (ACLs) on SMB file shares.

    OPTIONS

    The following options are available to the smbcacls program. +smbcacls

    Name

    smbcacls — Set or get ACLs on an NT file or directory names

    Synopsis

    smbcacls {//server/share} {filename} [-D acls] [-M acls] [-a acls] [-S acls] [-C name] [-G name] [--numeric] [-t] [-U username] [-h] [-d]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcacls program manipulates NT Access Control + Lists (ACLs) on SMB file shares.

    OPTIONS

    The following options are available to the smbcacls program. The format of ACLs is described in the section ACL FORMAT

    -a acls

    Add the ACLs specified to the ACL list. Existing access control entries are unchanged.

    -M acls

    Modify the mask value (permissions) for the ACLs specified on the command line. An error will be printed for each @@ -40,7 +40,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -52,7 +52,7 @@ The default configuration file name is determined at compile time.

    -l|--log-basename=logdirectory

    Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. -

    ACL FORMAT

    The format of an ACL is one or more ACL entries separated by +

    ACL FORMAT

    The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: 

     
 REVISION:<revision number>
 OWNER:<sid or name>
@@ -77,13 +77,13 @@ ACL:<sid or name>:<type>/<flags>/<mask>
 	file permissions of the same name. 
    • R - Allow read access 
    • W - Allow write access
    • X - Execute permission on the object
    • D - Delete the object
    • P - Change permissions
    • O - Take ownership
    The following combined permissions can be specified:
    • READ -  Equivalent to 'RX'
 		permissions
    • CHANGE - Equivalent to 'RXWD' permissions
 		
    • FULL - Equivalent to 'RWXDPO' 
-		permissions

    EXIT STATUS

    The smbcacls program sets the exit status + permissions

    EXIT STATUS

    The smbcacls program sets the exit status depending on the success or otherwise of the operations performed. The exit status may be one of the following values.

    If the operation succeeded, smbcacls returns and exit status of 0. If smbcacls couldn't connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned. If there was an error parsing any command line - arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities + arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    smbcacls was written by Andrew Tridgell diff --git a/docs/htmldocs/manpages/smbclient.1.html b/docs/htmldocs/manpages/smbclient.1.html index b50965ef61..9f6e2f23b8 100644 --- a/docs/htmldocs/manpages/smbclient.1.html +++ b/docs/htmldocs/manpages/smbclient.1.html @@ -1,11 +1,11 @@ -smbclient

    Name

    smbclient — ftp-like client to access SMB/CIFS resources - on servers

    Synopsis

    smbclient [-b <buffer size>] [-d debuglevel] [-e] [-L <netbios name>] [-U username] [-I destinationIP] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-k] [-P] [-c <command>]

    smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] [-e] [-D Directory] [-U username] [-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-l log-basename] [-I destinationIP] [-E] [-c <command string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-T<c|x>IXFqgbNan] [-k]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbclient is a client that can +smbclient

    Name

    smbclient — ftp-like client to access SMB/CIFS resources + on servers

    Synopsis

    smbclient [-b <buffer size>] [-d debuglevel] [-e] [-L <netbios name>] [-U username] [-I destinationIP] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-g] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-k] [-P] [-c <command>]

    smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] [-e] [-D Directory] [-U username] [-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-g] [-l log-basename] [-I destinationIP] [-E] [-c <command string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-T<c|x>IXFqgbNan] [-k]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbclient is a client that can 'talk' to an SMB/CIFS server. It offers an interface similar to that of the ftp program (see ftp(1)). Operations include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server - and so on.

    OPTIONS

    servicename

    servicename is the name of the service + and so on.

    OPTIONS

    servicename

    servicename is the name of the service you want to use on the server. A service name takes the form //server/service where server is the NetBIOS name of the SMB/CIFS server @@ -85,10 +85,13 @@ messages.

    -p port

    This number is the TCP port number that will be used when making connections to the server. The standard (well-known) TCP port number for an SMB/CIFS server is 139, which is the - default.

    -P

    + default.

    -g

    This parameter provides combined with + -L easy parseable output that allows processing + with utilities such as grep and cut. +

    -P

    Make queries to the external server using the machine account of the local server.

    -h|--help

    Print a summary of command line options. -

    -I IP-address

    IP address is the address of the server to connect to. +

    -I IP-address

    IP address is the address of the server to connect to. It should be specified in standard "a.b.c.d" notation.

    Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name resolution mechanism described above in the name resolve order @@ -137,7 +140,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -182,7 +185,7 @@ via the ps command. To be safe always allow rpcclient to prompt for a password and type it in directly.

    -n <primary NetBIOS name>

    This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the netbios name parameter in the smb.conf file. +to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.

    -i <scope>

    This specifies a NetBIOS scope that @@ -267,7 +270,7 @@ options.

    -T tar options

    smbcli only of any use with the tar -T option.

    -c command string

    command string is a semicolon-separated list of commands to be executed instead of prompting from stdin. -N is implied by -c.

    This is particularly useful in scripts and for printing stdin - to the server, e.g. -c 'print -'.

    OPERATIONS

    Once the client is running, the user is presented with + to the server, e.g. -c 'print -'.

    OPERATIONS

    Once the client is running, the user is presented with a prompt :

    smb:\>

    The backslash ("\\") indicates the current working directory on the server, and will change if the current working directory is changed.

    The prompt indicates that the client is ready and waiting to @@ -465,14 +468,14 @@ options.

    -T tar options

    smbcli

    vuid <number>

    Changes the currently used vuid in the protocol to the given arbitrary number. Without an argument prints out the current vuid being used. Used for internal Samba testing purposes. -

    NOTES

    Some servers are fussy about the case of supplied usernames, +

    NOTES

    Some servers are fussy about the case of supplied usernames, passwords, share names (AKA service names) and machine names. If you fail to connect try giving all parameters in uppercase.

    It is often necessary to use the -n option when connecting to some types of servers. For example OS/2 LanManager insists on a valid NetBIOS name being used, so you need to supply a valid name that would be known to the server.

    smbclient supports long file names where the server - supports the LANMAN2 protocol or above.

    ENVIRONMENT VARIABLES

    The variable USER may contain the + supports the LANMAN2 protocol or above.

    ENVIRONMENT VARIABLES

    The variable USER may contain the username of the person using the client. This information is used only if the protocol level is high enough to support session-level passwords.

    The variable PASSWD may contain @@ -482,7 +485,7 @@ options.

    -T tar options

    smbcli the path, executed with system(), which the client should connect to instead of connecting to a server. This functionality is primarily intended as a development aid, and works best when using a LMHOSTS - file

    INSTALLATION

    The location of the client program is a matter for + file

    INSTALLATION

    The location of the client program is a matter for individual system administrators. The following are thus suggestions only.

    It is recommended that the smbclient software be installed in the /usr/local/samba/bin/ or @@ -493,11 +496,11 @@ options.

    -T tar options

    smbcli and writeable only by the user.

    To test the client, you will need to know the name of a running SMB/CIFS server. It is possible to run smbd(8) as an ordinary user - running that server as a daemon on a user-accessible port (typically any port number over 1024) - would provide a suitable test server.

    DIAGNOSTICS

    Most diagnostics issued by the client are logged in a + would provide a suitable test server.

    DIAGNOSTICS

    Most diagnostics issued by the client are logged in a specified log file. The log file name is specified at compile time, but may be overridden on the command line.

    The number and nature of diagnostics available depends on the debug level used by the client. If you have problems, - set the debug level to 3 and peruse the log files.

    VERSION

    This man page is correct for version 3.2 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities + set the debug level to 3 and peruse the log files.

    VERSION

    This man page is correct for version 3.2 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/smbcontrol.1.html b/docs/htmldocs/manpages/smbcontrol.1.html index 0648f42d94..207ca7fe26 100644 --- a/docs/htmldocs/manpages/smbcontrol.1.html +++ b/docs/htmldocs/manpages/smbcontrol.1.html @@ -1,5 +1,5 @@ -smbcontrol

    Name

    smbcontrol — send messages to smbd, nmbd or winbindd processes

    Synopsis

    smbcontrol [-i] [-s]

    smbcontrol [destination] [message-type] [parameter]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbcontrol is a very small program, which - sends messages to a smbd(8), a nmbd(8), or a winbindd(8) daemon running on the system.

    OPTIONS

    -h|--help

    Print a summary of command line options. +smbcontrol

    Name

    smbcontrol — send messages to smbd, nmbd or winbindd processes

    Synopsis

    smbcontrol [-i] [-s]

    smbcontrol [destination] [message-type] [parameter]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbcontrol is a very small program, which + sends messages to a smbd(8), a nmbd(8), or a winbindd(8) daemon running on the system.

    OPTIONS

    -h|--help

    Print a summary of command line options.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The information in this file includes server-specific @@ -10,13 +10,19 @@ The default configuration file name is determined at compile time.

    -i

    Run interactively. Individual commands of the form destination message-type parameters can be entered on STDIN. An empty command line or a "q" will quit the - program.

    destination

    One of nmbd, smbd or a process ID.

    The smbd destination causes the - message to "broadcast" to all smbd daemons.

    The nmbd destination causes the + program.

    destination

    One of nmbd, smbd or a process ID.

    The all destination causes the + message to "broadcast" to all running daemons including nmbd and + winbind. This is a change for Samba 3.3, prior to this the + paramter smbd used to do this.

    The smbd destination causes the + message to be sent to the smbd daemon specified in the + smbd.pid file.

    The nmbd destination causes the message to be sent to the nmbd daemon specified in the - nmbd.pid file.

    If a single process ID is given, the message is sent + nmbd.pid file.

    The winbindd destination causes the + message to be sent to the winbind daemon specified in the + winbindd.pid file.

    If a single process ID is given, the message is sent to only that process.

    message-type

    Type of message to send. See the section MESSAGE-TYPES for details. -

    parameters

    any parameters required for the message-type

    MESSAGE-TYPES

    Available message types are:

    close-share

    Order smbd to close the client +

    parameters

    any parameters required for the message-type

    MESSAGE-TYPES

    Available message types are:

    close-share

    Order smbd to close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the share name for which client connections will be closed, or the @@ -59,8 +65,8 @@ compile time.

    -i

    Run interactiv to update their local version of the driver. Can only be sent to smbd.

    reload-config

    Force daemon to reload smb.conf configuration file. Can be sent to smbd, nmbd, or winbindd. -

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    nmbd(8) and smbd(8).

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nmbd(8) and smbd(8).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/smbcquotas.1.html b/docs/htmldocs/manpages/smbcquotas.1.html index 0ca7530ca6..f39a35ce08 100644 --- a/docs/htmldocs/manpages/smbcquotas.1.html +++ b/docs/htmldocs/manpages/smbcquotas.1.html @@ -1,4 +1,4 @@ -smbcquotas

    Name

    smbcquotas — Set or get QUOTAs of NTFS 5 shares

    Synopsis

    smbcquotas {//server/share} [-u user] [-L] [-F] [-S QUOTA_SET_COMMAND] [-n] [-t] [-v] [-d debuglevel] [-s configfile] [-l logdir] [-V] [-U username] [-N] [-k] [-A]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcquotas program manipulates NT Quotas on SMB file shares.

    OPTIONS

    The following options are available to the smbcquotas program.

    -u user

    Specifies the user of whom the quotas are get or set. +smbcquotas

    Name

    smbcquotas — Set or get QUOTAs of NTFS 5 shares

    Synopsis

    smbcquotas {//server/share} [-u user] [-L] [-F] [-S QUOTA_SET_COMMAND] [-n] [-t] [-v] [-d debuglevel] [-s configfile] [-l logdir] [-V] [-U username] [-N] [-k] [-A]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbcquotas program manipulates NT Quotas on SMB file shares.

    OPTIONS

    The following options are available to the smbcquotas program.

    -u user

    Specifies the user of whom the quotas are get or set. By default the current user's username will be used.

    -L

    Lists all quota records of the share.

    -F

    Show the share quota status and default limits.

    -S QUOTA_SET_COMMAND

    This command sets/modifies quotas for a user or on the share, depending on the QUOTA_SET_COMMAND parameter which is described later.

    -n

    This option displays all QUOTA information in numeric format. The default is to convert SIDs to names and QUOTA limits @@ -19,7 +19,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -62,7 +62,7 @@ on the file restrict access from unwanted users. See the many systems the command line of a running process may be seen via the ps command. To be safe always allow rpcclient to prompt for a password and type -it in directly.

    QUOTA_SET_COMAND

    The format of an the QUOTA_SET_COMMAND is an operation +it in directly.

    QUOTA_SET_COMAND

    The format of an the QUOTA_SET_COMMAND is an operation name followed by a set of parameters specific to that operation.

    To set user quotas for the user specified by -u or for the current username:

    @@ -74,13 +74,13 @@ it in directly.

    FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT -

    All limits are specified as a number of bytes.

    EXIT STATUS

    The smbcquotas program sets the exit status +

    All limits are specified as a number of bytes.

    EXIT STATUS

    The smbcquotas program sets the exit status depending on the success or otherwise of the operations performed. The exit status may be one of the following values.

    If the operation succeeded, smbcquotas returns an exit status of 0. If smbcquotas couldn't connect to the specified server, or when there was an error getting or setting the quota(s), an exit status of 1 is returned. If there was an error parsing any command line - arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities + arguments, an exit status of 2 is returned.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    smbcquotas was written by Stefan Metzmacher.

    diff --git a/docs/htmldocs/manpages/smbd.8.html b/docs/htmldocs/manpages/smbd.8.html index 91e5f6968f..57e12cc37e 100644 --- a/docs/htmldocs/manpages/smbd.8.html +++ b/docs/htmldocs/manpages/smbd.8.html @@ -1,4 +1,4 @@ -smbd

    Name

    smbd — server to provide SMB/CIFS services to clients

    Synopsis

    smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number(s)>] [-P <profiling level>] [-O <socket option>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    smbd is the server daemon that +smbd

    Name

    smbd — server to provide SMB/CIFS services to clients

    Synopsis

    smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number(s)>] [-P <profiling level>] [-O <socket option>] [-s <configuration file>]

    DESCRIPTION

    This program is part of the samba(7) suite.

    smbd is the server daemon that provides filesharing and printing services to Windows clients. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. This is compatible @@ -21,7 +21,7 @@ can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to - disconnect from the service, or smbd killed and restarted.

    OPTIONS

    -D

    If specified, this parameter causes + disconnect from the service, or smbd killed and restarted.

    OPTIONS

    -D

    If specified, this parameter causes the server to operate as a daemon. That is, it detaches itself and runs in the background, fielding requests on the appropriate port. Operating the server as a @@ -60,7 +60,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -76,13 +76,13 @@ log.smbd, etc...). The log file is never removed by the client.

    -b

    Prints information about how Samba was built.

    -p|--port<port number(s)>

    port number(s) is a space or comma-separated list of TCP ports smbd should listen on. - The default value is taken from the ports parameter in smb.conf

    The default ports are 139 (used for SMB over NetBIOS over TCP) + The default value is taken from the ports parameter in smb.conf

    The default ports are 139 (used for SMB over NetBIOS over TCP) and port 445 (used for plain SMB over TCP).

    -P|--profiling-level<profiling level>

    profiling level is a number specifying the level of profiling data to be collected. 0 turns off profiling, 1 turns on counter profiling only, 2 turns on complete profiling, and 3 resets all profiling data. -

    FILES

    /etc/inetd.conf

    If the server is to be run by the +

    FILES

    /etc/inetd.conf

    If the server is to be run by the inetd meta-daemon, this file must contain suitable startup information for the meta-daemon. @@ -96,20 +96,20 @@ log.smbd, etc...). The log file is never removed by the client.

    /usr/local/samba/lib/smb.conf

    This is the default location of the smb.conf(5) server configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/samba/smb.conf.

    This file describes all the services the server - is to make available to clients. See smb.conf(5) for more information.

    LIMITATIONS

    On some systems smbd cannot change uid back + is to make available to clients. See smb.conf(5) for more information.

    LIMITATIONS

    On some systems smbd cannot change uid back to root after a setuid() call. Such systems are called trapdoor uid systems. If you have such a system, you will be unable to connect from a client (such as a PC) as two different users at once. Attempts to connect the second user will result in access denied or - similar.

    ENVIRONMENT VARIABLES

    PRINTER

    If no printer name is specified to + similar.

    ENVIRONMENT VARIABLES

    PRINTER

    If no printer name is specified to printable services, most systems will use the value of this variable (or lp if this variable is not defined) as the name of the printer to use. This - is not specific to the server, however.

    PAM INTERACTION

    Samba uses PAM for authentication (when presented with a plaintext + is not specific to the server, however.

    PAM INTERACTION

    Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management. The degree too which samba supports PAM is restricted - by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater. When this is set, the following restrictions apply: + by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater. When this is set, the following restrictions apply:

    • Account Validation: All accesses to a samba server are checked against PAM to see if the account is vaild, not disabled and is permitted to @@ -119,8 +119,8 @@ log.smbd, etc...). The log file is never removed by the client. is granted. Note however, that this is bypassed in share level secuirty. Note also that some older pam configuration files may need a line added for session support. -

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    DIAGNOSTICS

    Most diagnostics issued by the server are logged +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    DIAGNOSTICS

    Most diagnostics issued by the server are logged in a specified log file. The log file name is specified at compile time, but may be overridden on the command line.

    The number and nature of diagnostics available depends on the debug level used by the server. If you have problems, set @@ -129,10 +129,10 @@ log.smbd, etc...). The log file is never removed by the client. available in the source code to warrant describing each and every diagnostic. At this stage your best bet is still to grep the source code and inspect the conditions that gave rise to the - diagnostics you are seeing.

    TDB FILES

    Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba.

    + diagnostics you are seeing.

    TDB FILES

    Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba.

    (*) information persistent across restarts (but not necessarily important to backup). -

    account_policy.tdb*

    NT account policy settings such as pw expiration, etc...

    brlock.tdb

    byte range locks

    browse.dat

    browse lists

    connections.tdb

    share connections (used to enforce max connections, etc...)

    gencache.tdb

    generic caching db

    group_mapping.tdb*

    group mapping information

    locking.tdb

    share modes & oplocks

    login_cache.tdb*

    bad pw attempts

    messages.tdb

    Samba messaging system

    netsamlogon_cache.tdb*

    cache of user net_info_3 struct from net_samlogon() request (as a domain member)

    ntdrivers.tdb*

    installed printer drivers

    ntforms.tdb*

    installed printer forms

    ntprinters.tdb*

    installed printer information

    printing/

    directory containing tdb per print queue of cached lpq output

    registry.tdb

    Windows registry skeleton (connect via regedit.exe)

    sessionid.tdb

    session information (e.g. support for 'utmp = yes')

    share_info.tdb*

    share acls

    winbindd_cache.tdb

    winbindd's cache of user lists, etc...

    winbindd_idmap.tdb*

    winbindd's local idmap db

    wins.dat*

    wins database when 'wins support = yes'

    SIGNALS

    Sending the smbd a SIGHUP will cause it to +

    account_policy.tdb*

    NT account policy settings such as pw expiration, etc...

    brlock.tdb

    byte range locks

    browse.dat

    browse lists

    connections.tdb

    share connections (used to enforce max connections, etc...)

    gencache.tdb

    generic caching db

    group_mapping.tdb*

    group mapping information

    locking.tdb

    share modes & oplocks

    login_cache.tdb*

    bad pw attempts

    messages.tdb

    Samba messaging system

    netsamlogon_cache.tdb*

    cache of user net_info_3 struct from net_samlogon() request (as a domain member)

    ntdrivers.tdb*

    installed printer drivers

    ntforms.tdb*

    installed printer forms

    ntprinters.tdb*

    installed printer information

    printing/

    directory containing tdb per print queue of cached lpq output

    registry.tdb

    Windows registry skeleton (connect via regedit.exe)

    sessionid.tdb

    session information (e.g. support for 'utmp = yes')

    share_info.tdb*

    share acls

    winbindd_cache.tdb

    winbindd's cache of user lists, etc...

    winbindd_idmap.tdb*

    winbindd's local idmap db

    wins.dat*

    wins database when 'wins support = yes'

    SIGNALS

    Sending the smbd a SIGHUP will cause it to reload its smb.conf configuration file within a short period of time.

    To shut down a user's smbd process it is recommended that SIGKILL (-9) NOT @@ -147,11 +147,11 @@ log.smbd, etc...). The log file is never removed by the client. smbd is in a state of waiting for an incoming SMB before issuing them. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking - them after, however this would affect performance.

    SEE ALSO

    hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the + them after, however this would affect performance.

    SEE ALSO

    hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the Internet RFC's rfc1001.txt, rfc1002.txt. In addition the CIFS (formerly SMB) specification is available as a link from the Web page - http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities + http://samba.org/cifs/.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/smbget.1.html b/docs/htmldocs/manpages/smbget.1.html index 632652a680..8b562294e7 100644 --- a/docs/htmldocs/manpages/smbget.1.html +++ b/docs/htmldocs/manpages/smbget.1.html @@ -1,14 +1,14 @@ -smbget

    Name

    smbget — wget-like utility for download files over SMB

    Synopsis

    smbget [-a, --guest] [-r, --resume] [-R, --recursive] [-u, --username=STRING] [-p, --password=STRING] [-w, --workgroup=STRING] [-n, --nonprompt] [-d, --debuglevel=INT] [-D, --dots] [-P, --keep-permissions] [-o, --outputfile] [-f, --rcfile] [-q, --quiet] [-v, --verbose] [-b, --blocksize] [-?, --help] [--usage] {smb://host/share/path/to/file} [smb://url2/] [...]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. +smbget

    Name

    smbget — wget-like utility for download files over SMB

    Synopsis

    smbget [-a, --guest] [-r, --resume] [-R, --recursive] [-u, --username=STRING] [-p, --password=STRING] [-w, --workgroup=STRING] [-n, --nonprompt] [-d, --debuglevel=INT] [-D, --dots] [-P, --keep-permissions] [-o, --outputfile] [-f, --rcfile] [-q, --quiet] [-v, --verbose] [-b, --blocksize] [-?, --help] [--usage] {smb://host/share/path/to/file} [smb://url2/] [...]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line.

    The files should be in the smb-URL standard, e.g. use smb://host/share/file for the UNC path \\\\HOST\\SHARE\\file. -

    OPTIONS

    -a, --guest

    Work as user guest

    -r, --resume

    Automatically resume aborted files

    -R, --recursive

    Recursively download files

    -u, --username=STRING

    Username to use

    -p, --password=STRING

    Password to use

    -w, --workgroup=STRING

    Workgroup to use (optional)

    -n, --nonprompt

    Don't ask anything (non-interactive)

    -d, --debuglevel=INT

    Debuglevel to use

    -D, --dots

    Show dots as progress indication

    -P, --keep-permissions

    Set same permissions on local file as are set on remote file.

    -o, --outputfile

    Write the file that is being download to the specified file. Can not be used together with -R.

    -f, --rcfile

    Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.

    -q, --quiet

    Be quiet

    -v, --verbose

    Be verbose

    -b, --blocksize

    Number of bytes to download in a block. Defaults to 64000.

    -?, --help

    Show help message

    --usage

    Display brief usage message

    SMB URLS

    SMB URL's should be specified in the following format:

    +

    OPTIONS

    -a, --guest

    Work as user guest

    -r, --resume

    Automatically resume aborted files

    -R, --recursive

    Recursively download files

    -u, --username=STRING

    Username to use

    -p, --password=STRING

    Password to use

    -w, --workgroup=STRING

    Workgroup to use (optional)

    -n, --nonprompt

    Don't ask anything (non-interactive)

    -d, --debuglevel=INT

    Debuglevel to use

    -D, --dots

    Show dots as progress indication

    -P, --keep-permissions

    Set same permissions on local file as are set on remote file.

    -o, --outputfile

    Write the file that is being download to the specified file. Can not be used together with -R.

    -f, --rcfile

    Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.

    -q, --quiet

    Be quiet

    -v, --verbose

    Be verbose

    -b, --blocksize

    Number of bytes to download in a block. Defaults to 64000.

    -?, --help

    Show help message

    --usage

    Display brief usage message

    SMB URLS

    SMB URL's should be specified in the following format:

     smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]]
 
     smb:// means all the workgroups
 
     smb://name/ means, if name is a workgroup, all the servers in this workgroup, or if name is a server, all the shares on this server.
-

    EXAMPLES

    +

    EXAMPLES

     # Recursively download 'src' directory
 smbget -R smb://rhonwyn/jelmer/src
 # Download FreeBSD ISO and enable resuming
@@ -17,10 +17,10 @@ smbget -r smb://rhonwyn/isos/FreeBSD5.1.iso
 smbget -Rr smb://rhonwyn/isos
 # Backup my data on rhonwyn
 smbget -Rr smb://rhonwyn/
-

    BUGS

    Permission denied is returned in some cases where the cause of the error is unknown +

    BUGS

    Permission denied is returned in some cases where the cause of the error is unknown (such as an illegally formatted smb:// url or trying to get a directory without -R -turned on).

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    AUTHOR

    The original Samba software and related utilities +turned on).

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The smbget manpage was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/smbgetrc.5.html b/docs/htmldocs/manpages/smbgetrc.5.html index b387413d1b..8d99c86657 100644 --- a/docs/htmldocs/manpages/smbgetrc.5.html +++ b/docs/htmldocs/manpages/smbgetrc.5.html @@ -1,17 +1,17 @@ -smbgetrc

    Name

    smbgetrc — configuration file for smbget

    Synopsis

    smbgetrc

    DESCRIPTION

    +smbgetrc

    Name

    smbgetrc — configuration file for smbget

    Synopsis

    smbgetrc

    DESCRIPTION

    This manual page documents the format and options of the smbgetrc file. This is the configuration file used by the smbget(1) utility. The file contains of key-value pairs, one pair on each line. The key and value should be separated by a space.

    By default, smbget reads its configuration from $HOME/.smbgetrc, though - other locations can be specified using the command-line options.

    OPTIONS

    + other locations can be specified using the command-line options.

    OPTIONS

    The following keys can be set:

    resume on|off

    Whether aborted downloads should be automatically resumed.

    recursive on|off

    Whether directories should be downloaded recursively

    username name

    Username to use when logging in to the remote server. Use an empty string for anonymous access. -

    password pass

    Password to use when logging in.

    workgroup wg

    Workgroup to use when logging in

    nonprompt on|off

    Turns off asking for username and password. Useful for scripts.

    debuglevel int

    (Samba) debuglevel to run at. Useful for tracking down protocol level problems.

    dots on|off

    Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator.

    blocksize int

    Number of bytes to put in a block.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    smbget(1) and Samba(7). -

    AUTHOR

    The original Samba software and related utilities +

    password pass

    Password to use when logging in.

    workgroup wg

    Workgroup to use when logging in

    nonprompt on|off

    Turns off asking for username and password. Useful for scripts.

    debuglevel int

    (Samba) debuglevel to run at. Useful for tracking down protocol level problems.

    dots on|off

    Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator.

    blocksize int

    Number of bytes to put in a block.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbget(1) and Samba(7). +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    This manual page was written by Jelmer Vernooij

    diff --git a/docs/htmldocs/manpages/smbpasswd.5.html b/docs/htmldocs/manpages/smbpasswd.5.html index 9df5b85d03..634e2e800b 100644 --- a/docs/htmldocs/manpages/smbpasswd.5.html +++ b/docs/htmldocs/manpages/smbpasswd.5.html @@ -1,8 +1,8 @@ -smbpasswd

    Name

    smbpasswd — The Samba encrypted password file

    Synopsis

    smbpasswd

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbpasswd is the Samba encrypted password file. It contains +smbpasswd

    Name

    smbpasswd — The Samba encrypted password file

    Synopsis

    smbpasswd

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed. This file format has been evolving with - Samba and has had several different formats in the past.

    FILE FORMAT

    The format of the smbpasswd file used by Samba 2.2 + Samba and has had several different formats in the past.

    FILE FORMAT

    The format of the smbpasswd file used by Samba 2.2 is very similar to the familiar Unix passwd(5) file. It is an ASCII file containing one line for each user. Each field ithin each line is separated from the next by a colon. Any entry @@ -76,10 +76,10 @@ last modified. It consists of the characters 'LCT-' (standing for "Last Change Time") followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made. -

    All other colon separated fields are ignored at this time.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    smbpasswd(8), Samba(7), and +

    All other colon separated fields are ignored at this time.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbpasswd(8), Samba(7), and the Internet RFC1321 for details on the MD4 algorithm. -

    AUTHOR

    The original Samba software and related utilities +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/smbpasswd.8.html b/docs/htmldocs/manpages/smbpasswd.8.html index 98e36c4316..bb9f39d5f6 100644 --- a/docs/htmldocs/manpages/smbpasswd.8.html +++ b/docs/htmldocs/manpages/smbpasswd.8.html @@ -1,4 +1,4 @@ -smbpasswd

    Name

    smbpasswd — change a user's SMB password

    Synopsis

    smbpasswd [-a] [-c <config file>] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-W] [-i] [-L] [username]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbpasswd program has several different +smbpasswd

    Name

    smbpasswd — change a user's SMB password

    Synopsis

    smbpasswd [-a] [-c <config file>] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-W] [-i] [-L] [username]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The smbpasswd program has several different functions, depending on whether it is run by the root user or not. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store @@ -25,7 +25,7 @@ the attributes of the user in this file to be made. When run by root, smbpasswd accesses the local smbpasswd file directly, thus enabling changes to be made even if smbd is not - running.

    OPTIONS

    -a

    + running.

    OPTIONS

    -a

    This option specifies that the username following should be added to the local smbpasswd file, with the new password typed (type <Enter> for the old password). This option is ignored if the username following already exists in the smbpasswd file and it is treated like a regular change password command. Note that the @@ -128,7 +128,7 @@ is to aid people writing scripts to drive smbpasswd

    -w password

    This parameter is only available if Samba has been compiled with LDAP support. The -w switch is used to specify the password to be used with the - ldap admin dn. Note that the password is stored in + ldap admin dn. Note that the password is stored in the secrets.tdb and is keyed off of the admin's DN. This means that if the value of ldap admin dn ever changes, the password will need to be @@ -138,7 +138,7 @@

    This parameter is only available if Samba has been compiled with LDAP support. The -W switch is used to specify the password to be used with the - ldap admin dn. Note that the password is stored in + ldap admin dn. Note that the password is stored in the secrets.tdb and is keyed off of the admin's DN. This means that if the value of ldap admin dn ever changes, the password will need to be @@ -151,7 +151,7 @@ root only options to operate on. Only root can specify this parameter as only root has the permission needed to modify attributes directly in the local smbpasswd file. -

    NOTES

    Since smbpasswd works in client-server +

    NOTES

    Since smbpasswd works in client-server mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work. A common problem is to add a restriction to the hosts that may access the @@ -159,7 +159,7 @@ hosts or deny hosts entry in the smb.conf(5) file and neglecting to allow "localhost" access to the smbd.

    In addition, the smbpasswd command is only useful if Samba - has been set up to use encrypted passwords.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbpasswd(5), Samba(7).

    AUTHOR

    The original Samba software and related utilities + has been set up to use encrypted passwords.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbpasswd(5), Samba(7).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/smbspool.8.html b/docs/htmldocs/manpages/smbspool.8.html index 6402c3e8c9..ca2eb1adb2 100644 --- a/docs/htmldocs/manpages/smbspool.8.html +++ b/docs/htmldocs/manpages/smbspool.8.html @@ -1,4 +1,4 @@ -smbspool

    Name

    smbspool — send a print file to an SMB printer

    Synopsis

    smbspool {job} {user} {title} {copies} {options} [filename]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbspool is a very small print spooling program that +smbspool

    Name

    smbspool — send a print file to an SMB printer

    Synopsis

    smbspool {job} {user} {title} {copies} {options} [filename]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbspool is a very small print spooling program that sends a print file to an SMB printer. The command-line arguments are position-dependent for compatibility with the Common UNIX Printing System, but you can use smbspool with any printing system @@ -10,7 +10,7 @@ or argv[1] if that is not the case.

    Programs using the exec(2) functions can pass the URI in argv[0], while shell scripts must set the DEVICE_URI environment variable prior to - running smbspool.

    OPTIONS

    • The job argument (argv[1]) contains the + running smbspool.

    OPTIONS

    • The job argument (argv[1]) contains the job ID number and is presently not used by smbspool.

    • The user argument (argv[2]) contains the print user's name and is presently not used by smbspool. @@ -23,7 +23,7 @@ the print options in a single string and is currently not used by smbspool.

    • The filename argument (argv[6]) contains the name of the file to print. If this argument is not specified - then the print file is read from the standard input.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbd(8) and samba(7).

    AUTHOR

    smbspool was written by Michael Sweet + then the print file is read from the standard input.

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    smbd(8) and samba(7).

    AUTHOR

    smbspool was written by Michael Sweet at Easy Software Products.

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/smbstatus.1.html b/docs/htmldocs/manpages/smbstatus.1.html index ed881329c0..0ce4c69dac 100644 --- a/docs/htmldocs/manpages/smbstatus.1.html +++ b/docs/htmldocs/manpages/smbstatus.1.html @@ -1,5 +1,5 @@ -smbstatus

    Name

    smbstatus — report on current Samba connections

    Synopsis

    smbstatus [-P] [-b] [-d <debug level>] [-v] [-L] [-B] [-p] [-S] [-s <configuration file>] [-u <username>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbstatus is a very simple program to - list the current Samba connections.

    OPTIONS

    -P|--profile

    If samba has been compiled with the +smbstatus

    Name

    smbstatus — report on current Samba connections

    Synopsis

    smbstatus [-P] [-b] [-d <debug level>] [-v] [-L] [-B] [-p] [-S] [-s <configuration file>] [-u <username>]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbstatus is a very simple program to + list the current Samba connections.

    OPTIONS

    -P|--profile

    If samba has been compiled with the profiling option, print only the contents of the profiling shared memory area.

    -b|--brief

    gives brief output.

    -d|--debuglevel=level

    level is an integer from 0 to 10. The default value if this parameter is @@ -13,7 +13,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -28,8 +28,8 @@ log.smbd, etc...). The log file is never removed by the client.

    -v|--verbose

    gives verbose output.

    -L|--locks

    causes smbstatus to only list locks.

    -B|--byterange

    causes smbstatus to include byte range locks.

    -p|--processes

    print a list of smbd(8) processes and exit. Useful for scripting.

    -S|--shares

    causes smbstatus to only list shares.

    -h|--help

    Print a summary of command line options. -

    -u|--user=<username>

    selects information relevant to username only.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    smbd(8) and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities +

    -u|--user=<username>

    selects information relevant to username only.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbd(8) and smb.conf(5).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/smbtar.1.html b/docs/htmldocs/manpages/smbtar.1.html index 69ef2e88cb..46be56be27 100644 --- a/docs/htmldocs/manpages/smbtar.1.html +++ b/docs/htmldocs/manpages/smbtar.1.html @@ -1,6 +1,6 @@ -smbtar

    Name

    smbtar — shell script for backing up SMB/CIFS shares - directly to UNIX tape drives

    Synopsis

    smbtar [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtar is a very small shell script on top - of smbclient(1) which dumps SMB shares directly to tape.

    OPTIONS

    -s server

    The SMB/CIFS server that the share resides +smbtar

    Name

    smbtar — shell script for backing up SMB/CIFS shares + directly to UNIX tape drives

    Synopsis

    smbtar [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtar is a very small shell script on top + of smbclient(1) which dumps SMB shares directly to tape.

    OPTIONS

    -s server

    The SMB/CIFS server that the share resides upon.

    -x service

    The share name on the server to connect to. The default is "backup".

    -X

    Exclude mode. Exclude filenames... from tar create or restore.

    -d directory

    Change to initial directory @@ -17,14 +17,14 @@ up if they have the archive bit set. The archive bit is reset after each file is read.

    -r

    Restore. Files are restored to the share from the tar file.

    -l log level

    Log (debug) level. Corresponds to the - -d flag of smbclient(1).

    ENVIRONMENT VARIABLES

    The $TAPE variable specifies the + -d flag of smbclient(1).

    ENVIRONMENT VARIABLES

    The $TAPE variable specifies the default tape device to write to. May be overridden - with the -t option.

    BUGS

    The smbtar script has different - options from ordinary tar and from smbclient's tar command.

    CAVEATS

    Sites that are more careful about security may not like + with the -t option.

    BUGS

    The smbtar script has different + options from ordinary tar and from smbclient's tar command.

    CAVEATS

    Sites that are more careful about security may not like the way the script handles PC passwords. Backup and restore work on entire shares; should work on file lists. smbtar works best - with GNU tar and may not work well with other versions.

    DIAGNOSTICS

    See the DIAGNOSTICS section for the smbclient(1) command.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    smbd(8), smbclient(1), smb.conf(5).

    AUTHOR

    The original Samba software and related utilities + with GNU tar and may not work well with other versions.

    DIAGNOSTICS

    See the DIAGNOSTICS section for the smbclient(1) command.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smbd(8), smbclient(1), smb.conf(5).

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    Ricky Poulten diff --git a/docs/htmldocs/manpages/smbtree.1.html b/docs/htmldocs/manpages/smbtree.1.html index c2e9229230..4159201394 100644 --- a/docs/htmldocs/manpages/smbtree.1.html +++ b/docs/htmldocs/manpages/smbtree.1.html @@ -1,10 +1,10 @@ -smbtree

    Name

    smbtree — A text based smb network browser -

    Synopsis

    smbtree [-b] [-D] [-S]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtree is a smb browser program +smbtree

    Name

    smbtree — A text based smb network browser +

    Synopsis

    smbtree [-b] [-D] [-S]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    smbtree is a smb browser program in text mode. It is similar to the "Network Neighborhood" found on Windows computers. It prints a tree with all the known domains, the servers in those domains and the shares on the servers. -

    OPTIONS

    -b

    Query network nodes by sending requests +

    OPTIONS

    -b

    Query network nodes by sending requests as broadcasts instead of querying the local master browser.

    -D

    Only print a list of all the domains known on broadcast or by the @@ -23,7 +23,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -67,8 +67,8 @@ many systems the command line of a running process may be seen via the ps command. To be safe always allow rpcclient to prompt for a password and type it in directly.

    -h|--help

    Print a summary of command line options. -

    VERSION

    This man page is correct for version 3 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The smbtree man page was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/swat.8.html b/docs/htmldocs/manpages/swat.8.html index 07150c4c49..29c392915a 100644 --- a/docs/htmldocs/manpages/swat.8.html +++ b/docs/htmldocs/manpages/swat.8.html @@ -1,8 +1,8 @@ -swat

    Name

    swat — Samba Web Administration Tool

    Synopsis

    swat [-s <smb config file>] [-a] [-P]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    swat allows a Samba administrator to +swat

    Name

    swat — Samba Web Administration Tool

    Synopsis

    swat [-s <smb config file>] [-a] [-P]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    swat allows a Samba administrator to configure the complex smb.conf(5) file via a Web browser. In addition, a swat configuration page has help links to all the configurable options in the smb.conf file allowing an - administrator to easily look up the effects of any change.

    swat is run from inetd

    OPTIONS

    -s smb configuration file

    The default configuration file path is + administrator to easily look up the effects of any change.

    swat is run from inetd

    OPTIONS

    -s smb configuration file

    The default configuration file path is determined at compile time. The file specified contains the configuration details required by the smbd(8) server. This is the file that swat will modify. @@ -28,7 +28,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -41,14 +41,14 @@ compile time.

    -l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

    -h|--help

    Print a summary of command line options. -

    INSTALLATION

    Swat is included as binary package with most distributions. The +

    INSTALLATION

    Swat is included as binary package with most distributions. The package manager in this case takes care of the installation and configuration. This section is only for those who have compiled swat from scratch.

    After you compile SWAT you need to run make install to install the swat binary and the various help files and images. A default install would put - these in:

    • /usr/local/samba/sbin/swat

    • /usr/local/samba/swat/images/*

    • /usr/local/samba/swat/help/*

    Inetd Installation

    You need to edit your /etc/inetd.conf + these in:

    • /usr/local/samba/sbin/swat

    • /usr/local/samba/swat/images/*

    • /usr/local/samba/swat/help/*

    Inetd Installation

    You need to edit your /etc/inetd.conf and /etc/services to enable SWAT to be launched via inetd.

    In /etc/services you need to add a line like this:

    swat 901/tcp

    Note for NIS/YP and LDAP users - you may need to rebuild the @@ -62,21 +62,21 @@ log.smbd, etc...). The log file is never removed by the client. /usr/local/samba/sbin/swat swat

    Once you have edited /etc/services and /etc/inetd.conf you need to send a HUP signal to inetd. To do this use kill -1 PID - where PID is the process ID of the inetd daemon.

    LAUNCHING

    To launch SWAT just run your favorite web browser and + where PID is the process ID of the inetd daemon.

    LAUNCHING

    To launch SWAT just run your favorite web browser and point it at "http://localhost:901/".

    Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent - in the clear over the wire.

    FILES

    /etc/inetd.conf

    This file must contain suitable startup + in the clear over the wire.

    FILES

    /etc/inetd.conf

    This file must contain suitable startup information for the meta-daemon.

    /etc/services

    This file must contain a mapping of service name (e.g., swat) to service port (e.g., 901) and protocol type (e.g., tcp).

    /usr/local/samba/lib/smb.conf

    This is the default location of the smb.conf(5) server configuration file that swat edits. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/smb.conf . This file describes all the services the server - is to make available to clients.

    WARNINGS

    swat will rewrite your smb.conf(5) file. It will rearrange the entries and delete all + is to make available to clients.

    WARNINGS

    swat will rewrite your smb.conf(5) file. It will rearrange the entries and delete all comments, include= and copy= options. If you have a carefully crafted - smb.conf then back it up or don't use swat!

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    inetd(5), smbd(8), smb.conf(5)

    AUTHOR

    The original Samba software and related utilities + smb.conf then back it up or don't use swat!

    VERSION

    This man page is correct for version 3 of the Samba suite.

    SEE ALSO

    inetd(5), smbd(8), smb.conf(5)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/tdbbackup.8.html b/docs/htmldocs/manpages/tdbbackup.8.html index f86a92cf6d..6190590234 100644 --- a/docs/htmldocs/manpages/tdbbackup.8.html +++ b/docs/htmldocs/manpages/tdbbackup.8.html @@ -1,8 +1,8 @@ -tdbbackup

    Name

    tdbbackup — tool for backing up and for validating the integrity of samba .tdb files

    Synopsis

    tdbbackup [-s suffix] [-v] [-h]

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbbackup is a tool that may be used to backup samba .tdb +tdbbackup

    Name

    tdbbackup — tool for backing up and for validating the integrity of samba .tdb files

    Synopsis

    tdbbackup [-s suffix] [-v] [-h]

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbbackup is a tool that may be used to backup samba .tdb files. This tool may also be used to verify the integrity of the .tdb files prior to samba startup or during normal operation. If it finds file damage and it finds a prior backup the backup file will be restored. -

    OPTIONS

    -h

    +

    OPTIONS

    -h

    Get help information.

    -s suffix

    The -s option allows the adminisistrator to specify a file @@ -11,7 +11,7 @@

    -v

    The -v will check the database for damages (currupt data) which if detected causes the backup to be restored. -

    COMMANDS

    GENERAL INFORMATION

    +

    COMMANDS

    GENERAL INFORMATION

    The tdbbackup utility can safely be run at any time. It was designed so that it can be used at any time to validate the integrity of tdb files, even during Samba operation. Typical usage for the command will be: @@ -29,7 +29,7 @@

  • *.tdb located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories. -

    • VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. diff --git a/docs/htmldocs/manpages/tdbdump.8.html b/docs/htmldocs/manpages/tdbdump.8.html index 7d3f8be209..81daa3b75c 100644 --- a/docs/htmldocs/manpages/tdbdump.8.html +++ b/docs/htmldocs/manpages/tdbdump.8.html @@ -1,9 +1,9 @@ -tdbdump

    Name

    tdbdump — tool for printing the contents of a TDB file

    Synopsis

    tdbdump {filename}

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbdump is a very simple utility that 'dumps' the +tdbdump

    Name

    tdbdump — tool for printing the contents of a TDB file

    Synopsis

    tdbdump {filename}

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbdump is a very simple utility that 'dumps' the contents of a TDB (Trivial DataBase) file to standard output in a human-readable format.

    This tool can be used when debugging problems with TDB files. It is intended for those who are somewhat familiar with Samba internals. -

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    +

    VERSION

    This man page is correct for version 3 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. diff --git a/docs/htmldocs/manpages/tdbtool.8.html b/docs/htmldocs/manpages/tdbtool.8.html index 422ac3859f..c21d6a333b 100644 --- a/docs/htmldocs/manpages/tdbtool.8.html +++ b/docs/htmldocs/manpages/tdbtool.8.html @@ -1,12 +1,12 @@ -tdbtool

    Name

    tdbtool — manipulate the contents TDB files

    Synopsis

    tdbtool

    tdbtool +tdbtool

    Name

    tdbtool — manipulate the contents TDB files

    Synopsis

    tdbtool

    tdbtool TDBFILE [ COMMANDS - ...]

    DESCRIPTION

    This tool is part of the + ...]

    DESCRIPTION

    This tool is part of the samba(1) suite.

    tdbtool a tool for displaying and altering the contents of Samba TDB (Trivial DataBase) files. Each of the commands listed below can be entered interactively or - provided on the command line.

    COMMANDS

    create + provided on the command line.

    COMMANDS

    create TDBFILE

    Create a new database named TDBFILE.

    open @@ -54,12 +54,15 @@ next

    Print the next record in the current database.

    + check +

    Check the integrity of the current database. +

    quit

    Exit tdbtool. -

    CAVEATS

    The contents of the Samba TDB files are private +

    CAVEATS

    The contents of the Samba TDB files are private to the implementation and should not be altered with tdbtool. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/testparm.1.html b/docs/htmldocs/manpages/testparm.1.html index 8cc00ec337..d490216df5 100644 --- a/docs/htmldocs/manpages/testparm.1.html +++ b/docs/htmldocs/manpages/testparm.1.html @@ -1,5 +1,5 @@ -testparm

    Name

    testparm — check an smb.conf configuration file for - internal correctness

    Synopsis

    testparm [-s] [-h] [-v] [-L <servername>] [-t <encoding>] {config filename} [hostname hostIP]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    testparm is a very simple test program +testparm

    Name

    testparm — check an smb.conf configuration file for + internal correctness

    Synopsis

    testparm [-s] [-h] [-v] [-L <servername>] [-t <encoding>] {config filename} [hostname hostIP]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    testparm is a very simple test program to check an smbd(8) configuration file for internal correctness. If this program reports no problems, you can use the configuration file with confidence that smbd @@ -11,7 +11,7 @@ has access to each service.

    If testparm finds an error in the smb.conf file it returns an exit code of 1 to the calling program, else it returns an exit code of 0. This allows shell scripts - to test the output from testparm.

    OPTIONS

    -s

    Without this option, testparm + to test the output from testparm.

    OPTIONS

    -s

    Without this option, testparm will prompt for a carriage return after printing the service names and before dumping the service definitions.

    -h|--help

    Print a summary of command line options.

    -V

    Prints the program version number. @@ -41,14 +41,14 @@ this parameter is supplied, the hostIP parameter must also be supplied.

    hostIP

    This is the IP address of the host specified in the previous parameter. This address must be supplied - if the hostname parameter is supplied.

    FILES

    smb.conf(5)

    This is usually the name of the configuration + if the hostname parameter is supplied.

    FILES

    smb.conf(5)

    This is usually the name of the configuration file used by smbd(8). -

    DIAGNOSTICS

    The program will issue a message saying whether the +

    DIAGNOSTICS

    The program will issue a message saying whether the configuration file loaded OK or not. This message may be preceded by errors and warnings if the file did not load. If the file was loaded OK, the program then dumps all known service details - to stdout.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    smb.conf(5), smbd(8)

    AUTHOR

    The original Samba software and related utilities + to stdout.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    smb.conf(5), smbd(8)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The original Samba man pages were written by Karl Auer. diff --git a/docs/htmldocs/manpages/umount.cifs.8.html b/docs/htmldocs/manpages/umount.cifs.8.html index c38bbf3514..57bf7ee844 100644 --- a/docs/htmldocs/manpages/umount.cifs.8.html +++ b/docs/htmldocs/manpages/umount.cifs.8.html @@ -1,4 +1,4 @@ -umount.cifs

    Name

    umount.cifs — for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts

    Synopsis

    umount.cifs {mount-point} [-nVvhfle]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    umount.cifs unmounts a Linux CIFS filesystem. It can be invoked +umount.cifs

    Name

    umount.cifs — for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts

    Synopsis

    umount.cifs {mount-point} [-nVvhfle]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    umount.cifs unmounts a Linux CIFS filesystem. It can be invoked indirectly by the umount(8) command when umount.cifs is in /sbin directory, unless you specify the "-i" option to umount. Specifying -i to umount avoids execution of umount helpers such as umount.cifs. The umount.cifs command only works in Linux, and the kernel must @@ -11,24 +11,24 @@ by the popular Open Source server Samba. It is possible to set the mode for umount.cifs to setuid root (or equivalently update the /etc/permissions file) to allow non-root users to umount shares to directories for which they have write permission. The umount.cifs utility is typically not needed if unmounts need only be performed by root users, or if user mounts and unmounts -can rely on specifying explicit entries in /etc/fstab See

    fstab(5)

    OPTIONS

    --verbose

    print additional debugging information

    --no-mtab

    Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information)

    NOTES

    This command is normally intended to be installed setuid (since root users can already run unmount). An alternative to using umount.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab

    CONFIGURATION

    +can rely on specifying explicit entries in /etc/fstab See

    fstab(5)

    OPTIONS

    --verbose

    print additional debugging information

    --no-mtab

    Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information)

    NOTES

    This command is normally intended to be installed setuid (since root users can already run unmount). An alternative to using umount.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab

    CONFIGURATION

    The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem. In the directory /proc/fs/cifs are various configuration files and pseudo files which can display debug information. For more information see the kernel file fs/cifs/README. -

    BUGS

    At this time umount.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time). +

    BUGS

    At this time umount.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time).

    If the same mount point is mounted multiple times by cifs, umount.cifs will remove all of the matching entries from the mount table (although umount.cifs will actually only unmount the last one), rather than only removing the last matching entry in /etc/mtab. The pseudofile /proc/mounts will display correct information though, and the lack of an entry in /etc/mtab does not prevent subsequent unmounts.

    Note that the typical response to a bug report is a suggestion to try the latest version first. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: umount.cifs (try umount.cifs -V), kernel (see /proc/version) and server type you are trying to contact. -

    VERSION

    This man page is correct for version 1.34 of - the cifs vfs filesystem (roughly Linux kernel 2.6.12).

    SEE ALSO

    +

    VERSION

    This man page is correct for version 1.34 of + the cifs vfs filesystem (roughly Linux kernel 2.6.12).

    SEE ALSO

    Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel source tree may contain additional options and information. -

    mount.cifs(8)

    AUTHOR

    Steve French

    The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount.cifs.8. The man page was created by Steve French

    The maintainer of the Linux cifs vfs and the userspace +

    mount.cifs(8)

    AUTHOR

    Steve French

    The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount.cifs.8. The man page was created by Steve French

    The maintainer of the Linux cifs vfs and the userspace tool umount.cifs is Steve French. The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs. diff --git a/docs/htmldocs/manpages/vfs_audit.8.html b/docs/htmldocs/manpages/vfs_audit.8.html index 32a794e13b..a770ae0642 100644 --- a/docs/htmldocs/manpages/vfs_audit.8.html +++ b/docs/htmldocs/manpages/vfs_audit.8.html @@ -1,19 +1,19 @@ -vfs_audit

    Name

    vfs_audit — record selected Samba VFS operations in the system log

    Synopsis

    vfs objects = audit

    DESCRIPTION

    This VFS module is part of the +vfs_audit

    Name

    vfs_audit — record selected Samba VFS operations in the system log

    Synopsis

    vfs objects = audit

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_audit VFS module records selected client operations to the system log using - syslog(3).

    The following Samba VFS operations are recorded:

    connect
    disconnect
    opendir
    mkdir
    rmdir
    open
    close
    rename
    unlink
    chmod
    fchmod
    chmod_acl
    fchmod_acl

    This module is stackable.

    OPTIONS

    audit:facility = FACILITY

    Log messages to the named + syslog(3).

    The following Samba VFS operations are recorded:

    connect
    disconnect
    opendir
    mkdir
    rmdir
    open
    close
    rename
    unlink
    chmod
    fchmod
    chmod_acl
    fchmod_acl

    This module is stackable.

    OPTIONS

    audit:facility = FACILITY

    Log messages to the named syslog(3) facility.

    audit:priority = PRIORITY

    Log messages with the named syslog(3) priority. -

    EXAMPLES

    Log operations on all shares using the LOCAL1 facility +

    EXAMPLES

    Log operations on all shares using the LOCAL1 facility and NOTICE priority:

             [global]
-	vfs objects = audit
-	audit:facility = LOCAL1
-	audit:priority = NOTICE
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = audit + audit:facility = LOCAL1 + audit:priority = NOTICE +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_cacheprime.8.html b/docs/htmldocs/manpages/vfs_cacheprime.8.html index 0abfd354f9..88d41e4ab7 100644 --- a/docs/htmldocs/manpages/vfs_cacheprime.8.html +++ b/docs/htmldocs/manpages/vfs_cacheprime.8.html @@ -1,4 +1,4 @@ -vfs_cacheprime

    Name

    vfs_cacheprime — prime the kernel file data cache

    Synopsis

    vfs objects = cacheprime

    DESCRIPTION

    This VFS module is part of the +vfs_cacheprime

    Name

    vfs_cacheprime — prime the kernel file data cache

    Synopsis

    vfs objects = cacheprime

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_cacheprime VFS module reads chunks of file data near the range requested by clients in order to make sure the data is present in the kernel file data cache at @@ -7,20 +7,20 @@ cacheprime:rsize option. All disk read operations are aligned on boundaries that are a multiple of this size. Each range of the file data is primed at most once during the time the client - has the file open.

    This module is stackable.

    OPTIONS

    cacheprime:rsize = BYTES

    The number of bytes with which to prime - the kernel data cache.

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    For a hypothetical disk array, it is necessary to ensure + has the file open.

    This module is stackable.

    OPTIONS

    cacheprime:rsize = BYTES

    The number of bytes with which to prime + the kernel data cache.

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    For a hypothetical disk array, it is necessary to ensure that all read operations are of size 1 megabyte (1048576 bytes), and aligned on 1 megabyte boundaries: 

     	[hypothetical]
-	vfs objects = cacheprime
-	cacheprime:rsize = 1M
-

    CAVEATS

    cacheprime is not a a substitute for + vfs objects = cacheprime + cacheprime:rsize = 1M +

    CAVEATS

    cacheprime is not a a substitute for a general-purpose readahead mechanism. It is intended for use only in very specific environments where disk operations must be aligned and sized to known values (as much as that is possible). -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_cap.8.html b/docs/htmldocs/manpages/vfs_cap.8.html index f777ec6a5c..4614297626 100644 --- a/docs/htmldocs/manpages/vfs_cap.8.html +++ b/docs/htmldocs/manpages/vfs_cap.8.html @@ -1,17 +1,17 @@ -vfs_cap

    Name

    vfs_cap — CAP encode filenames

    Synopsis

    vfs objects = cap

    DESCRIPTION

    This VFS module is part of the +vfs_cap

    Name

    vfs_cap — CAP encode filenames

    Synopsis

    vfs objects = cap

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    CAP (Columbia Appletalk Protocol) encoding is a technique for representing non-ASCII filenames in ASCII. The vfs_cap VFS module translates filenames to and from CAP format, allowing users to name files in their native encoding.

    CAP encoding is most commonly - used in Japanese language environments.

    This module is stackable.

    EXAMPLES

    On a system using GNU libiconv, use CAP encoding to support + used in Japanese language environments.

    This module is stackable.

    EXAMPLES

    On a system using GNU libiconv, use CAP encoding to support users in the Shift_JIS locale:

             [global]
-	dos charset = CP932
-	dos charset = CP932
-	vfs objects = cap
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + dos charset = CP932 + dos charset = CP932 + vfs objects = cap +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_catia.8.html b/docs/htmldocs/manpages/vfs_catia.8.html index 83a1088f8c..1d60071428 100644 --- a/docs/htmldocs/manpages/vfs_catia.8.html +++ b/docs/htmldocs/manpages/vfs_catia.8.html @@ -1,14 +1,14 @@ -vfs_catia

    Name

    vfs_catia — translate illegal characters in Catia filenames

    Synopsis

    vfs objects = catia

    DESCRIPTION

    This VFS module is part of the +vfs_catia

    Name

    vfs_catia — translate illegal characters in Catia filenames

    Synopsis

    vfs objects = catia

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The Catia CAD package commonly creates filenames that use characters that are illegal in CIFS filenames. The vfs_catia VFS module implements a fixed character mapping so that these files can be shared with CIFS clients. -

    This module is stackable.

    EXAMPLES

    Map Catia filenames on the [CAD] share:

    +	
    This module is stackable.

    EXAMPLES

    Map Catia filenames on the [CAD] share:

             [CAD]
-	path = /data/cad
-	vfs objects = catia
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /data/cad + vfs objects = catia +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_commit.8.html b/docs/htmldocs/manpages/vfs_commit.8.html index aee246d5d9..51448b78d2 100644 --- a/docs/htmldocs/manpages/vfs_commit.8.html +++ b/docs/htmldocs/manpages/vfs_commit.8.html @@ -1,4 +1,4 @@ -vfs_commit

    Name

    vfs_commit — flush dirty data at specified intervals

    Synopsis

    vfs objects = commit

    DESCRIPTION

    This VFS module is part of the +vfs_commit

    Name

    vfs_commit — flush dirty data at specified intervals

    Synopsis

    vfs objects = commit

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_commit VFS module keeps track of the amount of data written to a file and synchronizes it to disk when a specified amount accumulates. @@ -7,18 +7,18 @@ impact of unexpected power loss can be minimized by a small commit:dthresh value. Secondly, write performance can be improved on some systems by flushing file data early and at - regular intervals.

    This module is stackable.

    OPTIONS

    commit:dthresh = BYTES

    Synchronize file data each time the specified + regular intervals.

    This module is stackable.

    OPTIONS

    commit:dthresh = BYTES

    Synchronize file data each time the specified number of bytes has been written. -

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    Synchronize the file data on the [precious] share after +

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    Synchronize the file data on the [precious] share after every 512 kilobytes (524288 bytes) of data is written:

             [precious]
-	path = /data/precious
-	vfs objects = commit
-	commit:dthresh = 512K
-

    CAVEATS

    On some systems, the data synchronization performed by + path = /data/precious + vfs objects = commit + commit:dthresh = 512K +

    CAVEATS

    On some systems, the data synchronization performed by commit may reduce performance. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_default_quota.8.html b/docs/htmldocs/manpages/vfs_default_quota.8.html index 78580fcbeb..df082223db 100644 --- a/docs/htmldocs/manpages/vfs_default_quota.8.html +++ b/docs/htmldocs/manpages/vfs_default_quota.8.html @@ -1,4 +1,4 @@ -vfs_default_quota

    Name

    vfs_default_quota — store default quota records for Windows clients

    Synopsis

    vfs objects = default_quota

    DESCRIPTION

    This VFS module is part of the +vfs_default_quota

    Name

    vfs_default_quota — store default quota records for Windows clients

    Synopsis

    vfs objects = default_quota

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    Many common quota implementations only store quotas for users and groups, but do not store a default quota. The @@ -9,7 +9,7 @@ refuses to update them. vfs_default_quota maps the default quota to the quota record of a user. By default the root user is taken because quota limits for root are typically - not enforced.

    This module is stackable.

    OPTIONS

    default_quota:uid = UID

    UID specifies the user ID of the quota record where the + not enforced.

    This module is stackable.

    OPTIONS

    default_quota:uid = UID

    UID specifies the user ID of the quota record where the default user quota values are stored.

    default_quota:gid = GID

    GID specifies the group ID of the quota record where the default group quota values are stored. @@ -21,15 +21,15 @@ quota record is storing the default group quota will be reported as having a quota of NO_LIMIT. Otherwise, the stored values will be reported. -

    EXAMPLES

    Store the default quota record in the quota record for +

    EXAMPLES

    Store the default quota record in the quota record for the user with ID 65535 and report that user as having no quota limits:

             [global]
-	vfs objects = default_quota
-	default_quota:uid = 65535
-	default_quota:uid nolimit = yes
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = default_quota + default_quota:uid = 65535 + default_quota:uid nolimit = yes +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_extd_audit.8.html b/docs/htmldocs/manpages/vfs_extd_audit.8.html index f05ee25a56..7534938aaa 100644 --- a/docs/htmldocs/manpages/vfs_extd_audit.8.html +++ b/docs/htmldocs/manpages/vfs_extd_audit.8.html @@ -1,4 +1,4 @@ -vfs_extd_audit

    Name

    vfs_extd_audit — record selected Samba VFS operations

    Synopsis

    vfs objects = extd_audit

    DESCRIPTION

    This VFS module is part of the +vfs_extd_audit

    Name

    vfs_extd_audit — record selected Samba VFS operations

    Synopsis

    vfs objects = extd_audit

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The extd_audit VFS module records selected client operations to both the smbd(8) log and @@ -7,8 +7,8 @@ smbd(8) log, vfs_extd_audit is identical to vfs_audit(8). -

    This module is stackable.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    This module is stackable.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_fake_perms.8.html b/docs/htmldocs/manpages/vfs_fake_perms.8.html index da3bbc1a37..4943015849 100644 --- a/docs/htmldocs/manpages/vfs_fake_perms.8.html +++ b/docs/htmldocs/manpages/vfs_fake_perms.8.html @@ -1,4 +1,4 @@ -vfs_fake_perms

    Name

    vfs_fake_perms — enable read only Roaming Profiles

    Synopsis

    vfs objects = fake_perms

    DESCRIPTION

    This VFS module is part of the +vfs_fake_perms

    Name

    vfs_fake_perms — enable read only Roaming Profiles

    Synopsis

    vfs objects = fake_perms

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_fake_perms VFS module was created to allow Roaming Profile files and directories to be set (on the Samba server under UNIX) as read only. This module will, @@ -6,12 +6,12 @@ the Profile files and directories are writeable. This satisfies the client even though the files will never be overwritten as the client logs out or shuts down. -

    This module is stackable.

    EXAMPLES

    +	
    This module is stackable.

    EXAMPLES

             [Profiles]
-	path = /profiles
-	vfs objects = fake_perms
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /profiles + vfs objects = fake_perms +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_fileid.8.html b/docs/htmldocs/manpages/vfs_fileid.8.html new file mode 100644 index 0000000000..b1fe332111 --- /dev/null +++ b/docs/htmldocs/manpages/vfs_fileid.8.html @@ -0,0 +1,32 @@ +vfs_fileid

    Name

    vfs_fileid — Generates file_id structs with unique device id values for + cluster setups

    Synopsis

    vfs objects = fileid

    DESCRIPTION

    This VFS module is part of the + samba(7) + suite.

    Samba uses file_id structs to uniquely identify files + for locking purpose. By default the file_id contains the device + and inode number returned by the stat() system call. + As the file_id is a unique identifier of a file, it must be the same + on all nodes in a cluster setup. This module overloads the + SMB_VFS_FILE_ID_CREATE() operation and + generates the device number based on the configured algorithm + (see the "fileid:algorithm" option). +

    OPTIONS

    fileid:algorithm = ALGORITHM

    Available algorithms are fsname + and fsid. The default value is + fsname. +

    The fsname algorithm generates + device id by hashing the kernel device name. +

    The fsid algorithm generates + the device id from the f_fsid returned + from the statfs() syscall. +

    fileid:mapping = ALGORITHM

    This option is the legacy version of the + fileid:algorithm option, which was used in earlier + versions of fileid mapping feature in custom Samba 3.0 versions. +

    EXAMPLES

    Usage of the fileid module with the + fsid algorithm:

    +        [global]
+	vfs objects = fileid
+	fileid:algorithm = fsid
+

    VERSION

    This man page is correct for version 3.2 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_full_audit.8.html b/docs/htmldocs/manpages/vfs_full_audit.8.html index c598dd3263..e67574bbb2 100644 --- a/docs/htmldocs/manpages/vfs_full_audit.8.html +++ b/docs/htmldocs/manpages/vfs_full_audit.8.html @@ -1,4 +1,4 @@ -vfs_full_audit

    Name

    vfs_full_audit — record Samba VFS operations in the system log

    Synopsis

    vfs objects = full_audit

    DESCRIPTION

    This VFS module is part of the +vfs_full_audit

    Name

    vfs_full_audit — record Samba VFS operations in the system log

    Synopsis

    vfs objects = full_audit

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_full_audit VFS module records selected client operations to the system log using syslog(3).

    vfs_full_audit is able to record the @@ -10,7 +10,7 @@ format consisting of fields separated by '|' characters. The format is: 

     		smbd_audit: PREFIX|OPERATION|RESULT|FILE
-

    The record fields are:

    • PREFIX - the result of the full_audit:prefix string after variable substitutions

    • OPERATION - the name of the VFS operation

    • RESULT - whether the operation succeeded or failed

    • FILE - the name of the file or directory the operation was performed on

    This module is stackable.

    OPTIONS

    vfs_full_audit:prefix = STRING

    Prepend audit messages with STRING. STRING is +

    The record fields are:

    • PREFIX - the result of the full_audit:prefix string after variable substitutions

    • OPERATION - the name of the VFS operation

    • RESULT - whether the operation succeeded or failed

    • FILE - the name of the file or directory the operation was performed on

    This module is stackable.

    OPTIONS

    vfs_full_audit:prefix = STRING

    Prepend audit messages with STRING. STRING is processed for standard substitution variables listed in smb.conf(5). The default prefix is "%u|%I".

    vfs_full_audit:success = LIST

    LIST is a list of VFS operations that should be @@ -24,19 +24,19 @@

    full_audit:priority = PRIORITY

    Log messages with the named syslog(3) priority. -

    EXAMPLES

    Log file and directory open operations on the [records] +

    EXAMPLES

    Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address:

             [records]
-	path = /data/records
-	vfs objects = full_audit
-	full_audit:prefix = %u|%I
-	full_audit:success = open opendir
-	full_audit:failure = all
-	full_audit:facility = LOCAL7
-	full_audit:priority = ALERT
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /data/records + vfs objects = full_audit + full_audit:prefix = %u|%I + full_audit:success = open opendir + full_audit:failure = all + full_audit:facility = LOCAL7 + full_audit:priority = ALERT +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_gpfs.8.html b/docs/htmldocs/manpages/vfs_gpfs.8.html index 71c7862124..399ef960cf 100644 --- a/docs/htmldocs/manpages/vfs_gpfs.8.html +++ b/docs/htmldocs/manpages/vfs_gpfs.8.html @@ -1,4 +1,4 @@ -vfs_gpfs

    Name

    vfs_gpfs — gpfs specific samba extensions like acls and prealloc

    Synopsis

    vfs objects = gpfs

    DESCRIPTION

    This VFS module is part of the +vfs_gpfs

    Name

    vfs_gpfs — gpfs specific samba extensions like acls and prealloc

    Synopsis

    vfs objects = gpfs

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The gpfs VFS module is the home for all gpfs extensions that Samba requires for proper integration with GPFS. It uses the GPL library interfaces provided by GPFS. @@ -8,7 +8,7 @@ and hence allows permission stealing via chown. Samba might allow at a later point in time, to restrict the chown via this module as such restrictions are the responsibility of the underlying filesystem than of Samba. -

    This module is stackable.

    OPTIONS

    nfs4:mode = [ simple | special ]

    +

    This module is stackable.

    OPTIONS

    nfs4:mode = [ simple | special ]

    Enable/Disable substitution of special IDs on GPFS. This parameter should not affect the windows users in anyway. It only ensures that Samba sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids ) @@ -19,17 +19,17 @@

    Following is the behaviour of Samba for different values :

    • dontcare (default) - copy the ACEs as they come

    • reject - stop operation and exit with error on ACL set op

    • ignore - don't include the second matching ACE

    • merge - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE

    nfs4:chown = [yes|no]

    This parameter allows enabling or disabling the chown supported by the underlying filesystem. This parameter should be enabled with care as it might leave your system insecure.

    Some filesystems allow chown as a) giving b) stealing. It is the latter - that is considered a risk.

    Following is the behaviour of Samba for different values :

    • yes - Enable chown if as supported by the under filesystem

    • no (default) - Disable chown

    EXAMPLES

    A GPFS mount can be exported via Samba as follows :

    +		that is considered a risk.
    Following is the behaviour of Samba for different values : 
    • yes - Enable chown if as supported by the under filesystem
    • no (default) - Disable chown

    EXAMPLES

    A GPFS mount can be exported via Samba as follows :

             [samba_gpfs_share]
-	vfs objects = gpfs
-	path = /test/gpfs_mount
-	nfs4: mode = special
-	nfs4: acedup = merge
-

    CAVEATS

    The gpfs gpl libraries are required by gpfs VFS + vfs objects = gpfs + path = /test/gpfs_mount + nfs4: mode = special + nfs4: acedup = merge +

    CAVEATS

    The gpfs gpl libraries are required by gpfs VFS module during both compilation and runtime. Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4 -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The GPFS VFS module was created with contributions from diff --git a/docs/htmldocs/manpages/vfs_netatalk.8.html b/docs/htmldocs/manpages/vfs_netatalk.8.html index de490e26a2..5d30c5d31e 100644 --- a/docs/htmldocs/manpages/vfs_netatalk.8.html +++ b/docs/htmldocs/manpages/vfs_netatalk.8.html @@ -1,15 +1,15 @@ -vfs_netatalk

    Name

    vfs_netatalk — hide .AppleDouble files from CIFS clients

    Synopsis

    vfs objects = netatalk

    DESCRIPTION

    This VFS module is part of the +vfs_netatalk

    Name

    vfs_netatalk — hide .AppleDouble files from CIFS clients

    Synopsis

    vfs objects = netatalk

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_netatalk VFS module dynamically hides .AppleDouble files, preventing spurious errors on some CIFS clients. .AppleDouble files may be created by historic - implementations of AFP (Apple Filing Protocol) on servers.

    This module is stackable.

    EXAMPLES

    Hide .AppleDouble files on the [data] share:

    +	implementations of AFP (Apple Filing Protocol) on servers. 
    This module is stackable.

    EXAMPLES

    Hide .AppleDouble files on the [data] share:

             [data]
-	vfs objects = netatalk
-

    CAVEATS

    This module is largely historic and unlikely to be of use + vfs objects = netatalk +

    CAVEATS

    This module is largely historic and unlikely to be of use in modern networks since current Apple systems are able to mount CIFS shares natively. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_notify_fam.8.html b/docs/htmldocs/manpages/vfs_notify_fam.8.html index 5735a16091..f1ccfd5567 100644 --- a/docs/htmldocs/manpages/vfs_notify_fam.8.html +++ b/docs/htmldocs/manpages/vfs_notify_fam.8.html @@ -1,12 +1,12 @@ -vfs_notify_fam

    Name

    vfs_notify_fam — FAM support for file change notifications

    Synopsis

    vfs objects = notify_fam

    DESCRIPTION

    This VFS module is part of the +vfs_notify_fam

    Name

    vfs_notify_fam — FAM support for file change notifications

    Synopsis

    vfs objects = notify_fam

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_notify_fam module makes use of the system FAM (File Alteration Monitor) daemon to implement file change notifications for Windows clients. FAM is generally - present only on IRIX and some BSD systems.

    This module is not stackable.

    EXAMPLES

    Support FAM notifications globally:

    +	present only on IRIX and some BSD systems.
    This module is not stackable.

    EXAMPLES

    Support FAM notifications globally:

             [global]
-	vfs objects = notify_fam
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = notify_fam +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_prealloc.8.html b/docs/htmldocs/manpages/vfs_prealloc.8.html index c4347d3229..62b24cc599 100644 --- a/docs/htmldocs/manpages/vfs_prealloc.8.html +++ b/docs/htmldocs/manpages/vfs_prealloc.8.html @@ -1,22 +1,22 @@ -vfs_prealloc

    Name

    vfs_prealloc — preallocate matching files to a predetermined size

    Synopsis

    vfs objects = prealloc

    DESCRIPTION

    This VFS module is part of the +vfs_prealloc

    Name

    vfs_prealloc — preallocate matching files to a predetermined size

    Synopsis

    vfs objects = prealloc

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_prealloc VFS module preallocates files to a specified size each time a new file is created. This is useful in environments where files are of a predetermined size will be written to a disk subsystem where extending file - allocations is expensive.

    This module is stackable.

    OPTIONS

    prealloc:EXT = BYTES

    Preallocate all files with the extension EXT to + allocations is expensive.

    This module is stackable.

    OPTIONS

    prealloc:EXT = BYTES

    Preallocate all files with the extension EXT to the size specified by BYTES. -

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    A process writes TIFF files to a Samba share, and the +

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    EXAMPLES

    A process writes TIFF files to a Samba share, and the is known these files will almost always be around 4 megabytes (4194304 bytes): 

             [frames]
-	path = /data/frames
-	vfs objects = prealloc
-	prealloc:tiff = 4M
-

    CAVEATS

    vfs_prealloc is not supported on all + path = /data/frames + vfs objects = prealloc + prealloc:tiff = 4M +

    CAVEATS

    vfs_prealloc is not supported on all platforms and filesystems. Currently only XFS filesystems on Linux and IRIX are supported. -

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_readahead.8.html b/docs/htmldocs/manpages/vfs_readahead.8.html index 601db675ea..7521be9296 100644 --- a/docs/htmldocs/manpages/vfs_readahead.8.html +++ b/docs/htmldocs/manpages/vfs_readahead.8.html @@ -1,4 +1,4 @@ -vfs_readahead

    Name

    vfs_readahead — pre-load the kernel buffer cache

    Synopsis

    vfs objects = readahead

    DESCRIPTION

    This VFS module is part of the +vfs_readahead

    Name

    vfs_readahead — pre-load the kernel buffer cache

    Synopsis

    vfs objects = readahead

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    This vfs_readahead VFS module detects read requests at multiples of a given offset (hex 0x80000 by default) and then tells the kernel via either the readahead @@ -12,14 +12,14 @@ readahead:length option. By default this is set to the same value as the readahead:offset option and if not set explicitly will use the current value of - readahead:offset.

    This module is stackable.

    OPTIONS

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    readahead:offset = BYTES

    The offset multiple that causes readahead to be + readahead:offset.

    This module is stackable.

    OPTIONS

    The following suffixes may be applied to BYTES:

    • K - BYTES is a number of kilobytes

    • M - BYTES is a number of megabytes

    • G - BYTES is a number of gigabytes

    readahead:offset = BYTES

    The offset multiple that causes readahead to be requested of the kernel buffer cache.

    readahead:length = BYTES

    The number of bytes requested to be read into the kernel buffer cache on each - readahead call.

    EXAMPLES

    +		readahead call.

    EXAMPLES

     	[hypothetical]
-	vfs objects = readahead
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + vfs objects = readahead +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_readonly.8.html b/docs/htmldocs/manpages/vfs_readonly.8.html index 48509cd978..4a6f80e246 100644 --- a/docs/htmldocs/manpages/vfs_readonly.8.html +++ b/docs/htmldocs/manpages/vfs_readonly.8.html @@ -1,24 +1,24 @@ -vfs_readonly

    Name

    vfs_readonly — make a Samba share read only for a specified time period

    Synopsis

    vfs objects = readonly

    DESCRIPTION

    This VFS module is part of the +vfs_readonly

    Name

    vfs_readonly — make a Samba share read only for a specified time period

    Synopsis

    vfs objects = readonly

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_readonly VFS module marks a share as read only for all clients connecting within the configured time period. Clients connecting during this time will be denied write access to all files in the share, irrespective of ther - actual access privileges.

    This module is stackable.

    OPTIONS

    readonly:period = BEGIN, END

    Only mark the share as read only if the client + actual access privileges.

    This module is stackable.

    OPTIONS

    readonly:period = BEGIN, END

    Only mark the share as read only if the client connection was made between the times marked by the BEGIN and END date specifiers. The syntax of these date specifiers is the same as that accepted by the -d option of GNU date(1). -

    EXAMPLES

    Mark all shares read only:

    +

    EXAMPLES

    Mark all shares read only:

             [global]
-	vfs objects = readonly
+	vfs objects = readonly

    Mark the [backup] share as read only during business hours:

             [backup]
-	path = /readonly
-	vfs objects = readonly
-	readonly:period = readonly:period = "today 9:00","today 17:00"
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + path = /readonly + vfs objects = readonly + readonly:period = readonly:period = "today 9:00","today 17:00" +

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_recycle.8.html b/docs/htmldocs/manpages/vfs_recycle.8.html index 3e2607b2d2..7a209b5f63 100644 --- a/docs/htmldocs/manpages/vfs_recycle.8.html +++ b/docs/htmldocs/manpages/vfs_recycle.8.html @@ -1,4 +1,4 @@ -vfs_recycle

    Name

    vfs_recycle — Samba VFS recycle bin

    Synopsis

    vfs objects = recycle

    DESCRIPTION

    This VFS module is part of the +vfs_recycle

    Name

    vfs_recycle — Samba VFS recycle bin

    Synopsis

    vfs objects = recycle

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_recycle intercepts file deletion requests and moves the affected files to a temporary repository rather than deleting them immediately. This gives the same effect @@ -10,7 +10,7 @@ of the created directory depends on recycle:repository. Users can recover files from the recycle bin. If the recycle:keeptree option has been specified, deleted files will be found in a path - identical with that from which the file was deleted.

    This module is stackable.

    OPTIONS

    recycle:repository = PATH

    Path of the directory where deleted files should be moved. + identical with that from which the file was deleted.

    This module is stackable.

    OPTIONS

    recycle:repository = PATH

    Path of the directory where deleted files should be moved.

    If this option is not set, the default path .recycle is used.

    recycle:directory_mode = MODE

    Set MODE to the octal mode the recycle repository should be created with. The recycle repository will be @@ -47,14 +47,17 @@

    recycle:noversions = LIST

    Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning should be used. Only useful when recycle:versions is enabled. -

    EXAMPLES

    Log operations on all shares using the LOCAL1 facility - and NOTICE priority:

    -        [global]
-	vfs objects = recycle
-	recycle:facility = LOCAL1
-	recycle:priority = NOTICE
-

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities +

    EXAMPLES

    Move files "deleted" on share to + /data/share/.recycle instead of deleting them: + 

    +        [share]
+	path = /data/share
+	vfs objects = recycle
+	recycle:repository = .recycle
+	recycle:keeptree = yes
+	recycle:versions = yes
+

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_shadow_copy.8.html b/docs/htmldocs/manpages/vfs_shadow_copy.8.html index e855f7a8e1..cbfd8ab57d 100644 --- a/docs/htmldocs/manpages/vfs_shadow_copy.8.html +++ b/docs/htmldocs/manpages/vfs_shadow_copy.8.html @@ -1,9 +1,9 @@ -vfs_shadow_copy

    Name

    vfs_shadow_copy — Make a Samba share read only for a specified time period

    Synopsis

    vfs objects = shadow_copy

    DESCRIPTION

    This VFS module is part of the +vfs_shadow_copy

    Name

    vfs_shadow_copy — Make a Samba share read only for a specified time period

    Synopsis

    vfs objects = shadow_copy

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_shadow_copy VFS module functionality that is similar to Microsoft Shadow Copy services. When setup properly, this module allows Microsoft Shadow Copy clients to browse "shadow copies" on Samba shares. -

    This module is stackable.

    CONFIGURATION

    vfs_shadow_copy relies on a filesystem +

    This module is stackable.

    CONFIGURATION

    vfs_shadow_copy relies on a filesystem snapshot implementation. Many common filesystems have native support for this.

    Filesystem snapshots must be mounted on @@ -16,17 +16,17 @@ date(1) command: 

     	TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S
-

    EXAMPLES

    Add shadow copy support to user home directories:

    +

    EXAMPLES

    Add shadow copy support to user home directories:

             [homes]
-	vfs objects = shadow_copy
-

    CAVEATS

    This is not a backup, archival, or version control solution. + vfs objects = shadow_copy +

    CAVEATS

    This is not a backup, archival, or version control solution.

    With Samba or Windows servers, vfs_shadow_copy is designed to be an end-user tool only. It does not replace or enhance your backup and archival solutions and should in no way be considered as such. Additionally, if you need version control, implement a - version control system.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. -

    AUTHOR

    The original Samba software and related utilities + version control system.

    VERSION

    This man page is correct for version 3.0.25 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_shadow_copy2.8.html b/docs/htmldocs/manpages/vfs_shadow_copy2.8.html new file mode 100644 index 0000000000..d8f96e8198 --- /dev/null +++ b/docs/htmldocs/manpages/vfs_shadow_copy2.8.html @@ -0,0 +1,52 @@ +vfs_shadow_copy2

    Name

    vfs_shadow_copy2 — Expose snapshots to Windows clients as shadow copies.

    Synopsis

    vfs objects = shadow_copy2

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_shadow_copy2 VFS module functionality + that is similar to Microsoft Shadow Copy services. When setup properly, + this module allows Microsoft Shadow Copy clients to browse + "shadow copies" on Samba shares. +

    This is a 2nd implementation of a shadow copy module. This + version has the following features:

    1. You don't need to populate your shares with symlinks to the + snapshots. This can be very important when you have thousands of + shares, or use [homes].

    2. The inode number of the files is altered so it is different + from the original. This allows the 'restore' button to work + without a sharing violation.

    This module is stackable.

    CONFIGURATION

    vfs_shadow_copy2 relies on a filesystem + snapshot implementation. Many common filesystems have native + support for this. +

    Filesystem snapshots must be mounted on + specially named directories in order to be recognized by + vfs_shadow_copy2. The snapshot mount points must + be immediate children of a the directory being shared.

    The snapshot naming convention is @GMT-YYYY.MM.DD-hh.mm.ss, + where: +

    • YYYY is the 4 digit year

    • MM is the 2 digit month

    • DD is the 2 digit day

    • hh is the 2 digit hour

    • mm is the 2 digit minute

    • ss is the 2 digit second.

    +

    The vfs_shadow_copy2 snapshot naming convention can be + produced with the following date(1) command: + 

    +	TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S
+

    OPTIONS

    shadow:snapdir = SNAPDIR +

    Path to the directory where snapshots are kept. +

    shadow:basedir = BASEDIR +

    Path to the base directory that snapshots are from. +

    shadow:fixinodes = yes/no +

    If you enable shadow:fixinodes + then this module will modify the apparent inode + number of files in the snapshot directories using a hash of the + files path. This is needed for snapshot systems where the + snapshots have the same device:inode number as the original + files (such as happens with GPFS snapshots). If you don't set + this option then the 'restore' button in the shadow copy UI + will fail with a sharing violation. +

    EXAMPLES

    Add shadow copy support to user home directories:

    +        [homes]
+	vfs objects = shadow_copy2
+	shadow:snapdir = /data/snaphots
+	shadow:basedir = /data/home
+

    CAVEATS

    This is not a backup, archival, or version control solution. +

    With Samba or Windows servers, + vfs_shadow_copy2 is designed to be an end-user + tool only. It does not replace or enhance your backup and + archival solutions and should in no way be considered as + such. Additionally, if you need version control, implement a + version control system.

    VERSION

    This man page is correct for version 3.2.7 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html new file mode 100644 index 0000000000..9d0a148927 --- /dev/null +++ b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html @@ -0,0 +1,52 @@ +smb_traffic_analyzer

    Name

    vfs_smb_traffic_analyzer — log Samba VFS read and write operations through a socket + to a helper application

    Synopsis

    vfs objects = smb_traffic_analyzer

    DESCRIPTION

    This VFS module is part of the + samba(7) suite.

    The vfs_smb_traffic_analyzer VFS module logs + client write and read operations on a Samba server and sends this data + over a socket to a helper program, which feeds a SQL database. More + information on the helper programs can be obtained from the + homepage of the project at: + http://holger123.wordpress.com/smb-traffic-analyzer/ +

    vfs_smb_traffic_analyzer currently is aware + of the following VFS operations:

    write
    pwrite
    read
    pread

    vfs_smb_traffic_analyzer sends the following data + in a fixed format seperated by a comma through either an internet or a + unix domain socket:

    +	BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
+

    Description of the records: + +

    • BYTES - the length in bytes of the VFS operation

    • USER - the user who initiated the operation

    • DOMAIN - the domain of the user

    • READ/WRITE - either "W" for a write operation or "R" for read

    • SHARE - the name of the share on which the VFS operation occured

    • FILENAME - the name of the file that was used by the VFS operation

    • TIMESTAMP - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured

    + +

    This module is stackable.

    OPTIONS

    smb_traffic_analyzer:mode = STRING

    If STRING matches to "unix_domain_socket", the module will + use a unix domain socket located at /var/tmp/stadsocket, if + STRING contains an different string or is not defined, the module will + use an internet domain socket for data transfer.

    smb_traffic_analyzer:host = STRING

    The module will send the data to the system named with + the hostname STRING.

    smb_traffic_analyzer:port = STRING

    The module will send the data using the TCP port given + in STRING. +

    smb_traffic_analyzer:anonymize_prefix = STRING

    The module will replace the user names with a prefix + given by STRING and a simple hash number. +

    EXAMPLES

    The module running on share "example_share", using a unix domain socket

    +	[example_share]
+	path = /data/example
+	vfs objects = smb_traffic_analyzer
+	smb_traffic_analyzer:mode = unix_domain_socket
+

    The module running on share "example_share", using an internet socket, + connecting to host "examplehost" on port 3491.

    +	[example_share]
+	path = /data/example
+	vfs objects = smb_traffic_analyzer
+	smb_traffic_analyzer:host = examplehost
+	smb_traffic_analyzer:port = 3491
+

    The module running on share "example_share", using an internet socket, + connecting to host "examplehost" on port 3491, anonymizing user names with + the prefix "User".

    +	[example_share]
+	path = /data/example
+	vfs objects = smb_traffic_analyzer
+	smb_traffic_analyzer:host = examplehost
+	smb_traffic_analyzer:port = 3491
+	smb_traffic_analyzer:anonymize_prefix = User
+

    VERSION

    This man page is correct for version 3.3 of the Samba suite. +

    AUTHOR

    The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

    The original version of the VFS module and the + helper tools were created by Holger Hetterich.

    diff --git a/docs/htmldocs/manpages/vfs_streams_depot.8.html b/docs/htmldocs/manpages/vfs_streams_depot.8.html index 3e8e984843..84678174dc 100644 --- a/docs/htmldocs/manpages/vfs_streams_depot.8.html +++ b/docs/htmldocs/manpages/vfs_streams_depot.8.html @@ -1,15 +1,15 @@ -vfs_streams_depot

    Name

    vfs_streams_depot — EXPERIMENTAL module to store alternate data streams in a +vfs_streams_depot

    Name

    vfs_streams_depot — EXPERIMENTAL module to store alternate data streams in a central directory. -

    Synopsis

    vfs objects = streams_depot

    DESCRIPTION

    This EXPERIMENTAL VFS module is part of the +

    Synopsis

    vfs objects = streams_depot

    DESCRIPTION

    This EXPERIMENTAL VFS module is part of the samba(7) suite.

    The vfs_streams_depot enables storing of NTFS alternate data streams in the file system. As a normal posix file system does not support the concept of multiple data streams per file, the streams_depot module stores the data in files in a separate - directory.

    OPTIONS

    streams_depot:directory = PATH

    Path of the directory where the alternate data streams - should be stored. Defaults to the sharepath/.streams.

    EXAMPLES

    +	directory.

    OPTIONS

    streams_depot:directory = PATH

    Path of the directory where the alternate data streams + should be stored. Defaults to the sharepath/.streams.

    EXAMPLES

             [share]
-	vfs objects = streams_depot
-

    AUTHOR

    The original Samba software and related utilities + vfs objects = streams_depot +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_streams_xattr.8.html b/docs/htmldocs/manpages/vfs_streams_xattr.8.html index 8ca4e78c2f..686fdd9818 100644 --- a/docs/htmldocs/manpages/vfs_streams_xattr.8.html +++ b/docs/htmldocs/manpages/vfs_streams_xattr.8.html @@ -1,4 +1,4 @@ -vfs_streams_xattr

    Name

    vfs_streams_xattr — Store alternate data streams in posix xattrs

    Synopsis

    vfs objects = streams_xattr

    DESCRIPTION

    This VFS module is part of the +vfs_streams_xattr

    Name

    vfs_streams_xattr — Store alternate data streams in posix xattrs

    Synopsis

    vfs objects = streams_xattr

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_streams_xattr enables storing of NTFS alternate data streams in the file system. As a normal posix file system does not support the concept of multiple data streams per file, @@ -8,10 +8,10 @@ support xattrs.

    Please note that most file systems have severe limitations on the size of xattrs. So this module might work for applications like IE that stores small zone information in streams but will fail for - applications that store serious amounts of data in ADSs.

    EXAMPLES

    +	applications that store serious amounts of data in ADSs.

    EXAMPLES

             [share]
-	vfs objects = streams_xattr
-

    AUTHOR

    The original Samba software and related utilities + vfs objects = streams_xattr +

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfs_xattr_tdb.8.html b/docs/htmldocs/manpages/vfs_xattr_tdb.8.html index 6f61879b58..f71ba2dec9 100644 --- a/docs/htmldocs/manpages/vfs_xattr_tdb.8.html +++ b/docs/htmldocs/manpages/vfs_xattr_tdb.8.html @@ -1,12 +1,12 @@ -vfs_xattr_tdb

    Name

    vfs_xattr_tdb — Save Extended Attributes (EAs) in a tdb file

    Synopsis

    vfs objects = xattr_tdb

    DESCRIPTION

    This VFS module is part of the +vfs_xattr_tdb

    Name

    vfs_xattr_tdb — Save Extended Attributes (EAs) in a tdb file

    Synopsis

    vfs objects = xattr_tdb

    DESCRIPTION

    This VFS module is part of the samba(7) suite.

    The vfs_xattr_tdb VFS module stores Extended Attributes (EAs) in a tdb file. This enables the usage of Extended Attributes on OS and filesystems which do not support Extended Attributes by themselves. -

    This module is stackable.

    OPTIONS

    xattr_tdb:file = PATH

    Name of the tdb file the EAs are stored in. +

    This module is stackable.

    OPTIONS

    xattr_tdb:file = PATH

    Name of the tdb file the EAs are stored in. If this option is not set, the default filename - xattr.tdb is used.

    AUTHOR

    The original Samba software and related utilities + xattr.tdb is used.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    diff --git a/docs/htmldocs/manpages/vfstest.1.html b/docs/htmldocs/manpages/vfstest.1.html index 2b3855b5b1..d216fb6b5e 100644 --- a/docs/htmldocs/manpages/vfstest.1.html +++ b/docs/htmldocs/manpages/vfstest.1.html @@ -1,8 +1,8 @@ -vfstest

    Name

    vfstest — tool for testing samba VFS modules

    Synopsis

    vfstest [-d debuglevel] [-c command] [-l logdir] [-h]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    vfstest is a small command line +vfstest

    Name

    vfstest — tool for testing samba VFS modules

    Synopsis

    vfstest [-d debuglevel] [-c command] [-l logdir] [-h]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    vfstest is a small command line utility that has the ability to test dso samba VFS modules. It gives the user the ability to call the various VFS functions manually and supports cascaded VFS modules. -

    OPTIONS

    -c|--command=command

    Execute the specified (colon-separated) commands. +

    OPTIONS

    -c|--command=command

    Execute the specified (colon-separated) commands. See below for the commands that are available.

    -h|--help

    Print a summary of command line options.

    -l|--logfile=logbasename

    File name for log/debug files. The extension @@ -20,7 +20,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -32,10 +32,10 @@ The default configuration file name is determined at compile time.

    -l|--log-basename=logdirectory

    Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. -

    COMMANDS

    VFS COMMANDS

    • load <module.so> - Load specified VFS module

    • populate <char> <size> - Populate a data buffer with the specified data +

    COMMANDS

    VFS COMMANDS

    • load <module.so> - Load specified VFS module

    • populate <char> <size> - Populate a data buffer with the specified data

    • showdata [<offset> <len>] - Show data currently in data buffer -

    • connect - VFS connect()

    • disconnect - VFS disconnect()

    • disk_free - VFS disk_free()

    • opendir - VFS opendir()

    • readdir - VFS readdir()

    • mkdir - VFS mkdir()

    • rmdir - VFS rmdir()

    • closedir - VFS closedir()

    • open - VFS open()

    • close - VFS close()

    • read - VFS read()

    • write - VFS write()

    • lseek - VFS lseek()

    • rename - VFS rename()

    • fsync - VFS fsync()

    • stat - VFS stat()

    • fstat - VFS fstat()

    • lstat - VFS lstat()

    • unlink - VFS unlink()

    • chmod - VFS chmod()

    • fchmod - VFS fchmod()

    • chown - VFS chown()

    • fchown - VFS fchown()

    • chdir - VFS chdir()

    • getwd - VFS getwd()

    • utime - VFS utime()

    • ftruncate - VFS ftruncate()

    • lock - VFS lock()

    • symlink - VFS symlink()

    • readlink - VFS readlink()

    • link - VFS link()

    • mknod - VFS mknod()

    • realpath - VFS realpath()

    GENERAL COMMANDS

    • conf <smb.conf> - Load a different configuration file

    • help [<command>] - Get list of commands or info about specified command

    • debuglevel <level> - Set debug level

    • freemem - Free memory currently in use

    • exit - Exit vfstest

    VERSION

    This man page is correct for version 3 of the Samba - suite.

    AUTHOR

    The original Samba software and related utilities +

  • connect - VFS connect()

  • disconnect - VFS disconnect()

  • disk_free - VFS disk_free()

  • opendir - VFS opendir()

  • readdir - VFS readdir()

  • mkdir - VFS mkdir()

  • rmdir - VFS rmdir()

  • closedir - VFS closedir()

  • open - VFS open()

  • close - VFS close()

  • read - VFS read()

  • write - VFS write()

  • lseek - VFS lseek()

  • rename - VFS rename()

  • fsync - VFS fsync()

  • stat - VFS stat()

  • fstat - VFS fstat()

  • lstat - VFS lstat()

  • unlink - VFS unlink()

  • chmod - VFS chmod()

  • fchmod - VFS fchmod()

  • chown - VFS chown()

  • fchown - VFS fchown()

  • chdir - VFS chdir()

  • getwd - VFS getwd()

  • utime - VFS utime()

  • ftruncate - VFS ftruncate()

  • lock - VFS lock()

  • symlink - VFS symlink()

  • readlink - VFS readlink()

  • link - VFS link()

  • mknod - VFS mknod()

  • realpath - VFS realpath()

    • GENERAL COMMANDS

    • conf <smb.conf> - Load a different configuration file

    • help [<command>] - Get list of commands or info about specified command

    • debuglevel <level> - Set debug level

    • freemem - Free memory currently in use

    • exit - Exit vfstest

    VERSION

    This man page is correct for version 3 of the Samba + suite.

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    The vfstest man page was written by Jelmer Vernooij.

    diff --git a/docs/htmldocs/manpages/wbinfo.1.html b/docs/htmldocs/manpages/wbinfo.1.html index 04c5a9b20b..aa217a0ae9 100644 --- a/docs/htmldocs/manpages/wbinfo.1.html +++ b/docs/htmldocs/manpages/wbinfo.1.html @@ -1,7 +1,7 @@ -wbinfo

    Name

    wbinfo — Query information from winbind daemon

    Synopsis

    wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-D domain] [--domain domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [-Y sid] [--verbose]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The wbinfo program queries and returns information +wbinfo

    Name

    wbinfo — Query information from winbind daemon

    Synopsis

    wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-D domain] [--domain domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user] [--remove-uid-mapping uid,sid] [--remove-gid-mapping gid,sid] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [--set-uid-mapping uid,sid] [--set-gid-mapping gid,sid] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [-Y sid] [--verbose]

    DESCRIPTION

    This tool is part of the samba(7) suite.

    The wbinfo program queries and returns information created and used by the winbindd(8) daemon.

    The winbindd(8) daemon must be configured and running for the wbinfo program to be able - to return information.

    OPTIONS

    -a|--authenticate username%password

    Attempt to authenticate a user via winbindd. + to return information.

    OPTIONS

    -a|--authenticate username%password

    Attempt to authenticate a user via winbindd. This checks both authenticaion methods and reports its results.

    Note

    Do not be tempted to use this functionality for authentication in third-party @@ -80,12 +80,16 @@ results.

    -Y|--sid-to-gid sid

    Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX group mapped by winbindd(8) then - the operation will fail.

    -V

    Prints the program version number. + the operation will fail.

    --remove-uid-mapping uid,sid

    Remove an existing uid to sid mapping + entry from the IDmap backend.

    --remove-gid-mapping gid,sid

    Remove an existing gid to sid + mapping entry from the IDmap backend.

    --set-uid-mapping uid,sid

    Create a new or modify an existing uid to sid + mapping in the IDmap backend.

    --set-gid-mapping gid,sid

    Create a new or modify an existing gid to sid + mapping in the IDmap backend.

    -V

    Prints the program version number.

    -h|--help

    Print a summary of command line options. -

    EXIT STATUS

    The wbinfo program returns 0 if the operation +

    EXIT STATUS

    The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed. If the winbindd(8) daemon is not working wbinfo will always return - failure.

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    winbindd(8) and ntlm_auth(1)

    AUTHOR

    The original Samba software and related utilities + failure.

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    winbindd(8) and ntlm_auth(1)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    wbinfo and winbindd diff --git a/docs/htmldocs/manpages/winbind_krb5_locator.7.html b/docs/htmldocs/manpages/winbind_krb5_locator.7.html new file mode 100644 index 0000000000..2df2d0a429 --- /dev/null +++ b/docs/htmldocs/manpages/winbind_krb5_locator.7.html @@ -0,0 +1,43 @@ +winbind_krb5_locator

    Name

    winbind_krb5_locator — A plugin for MIT and Heimdal Kerberos for detecting KDCs using Windows semantics.

    DESCRIPTION

    + This plugin is part of the samba(7) suite. +

    + winbind_krb5_locator is a plugin that permits MIT and + Heimdal Kerberos libraries to detect Kerberos Servers (for the KDC and + kpasswd service) using the same semantics that other tools of the Samba + suite use. This include site-aware DNS service record lookups and caching + of closest dc. + The plugin uses the public locator API provided by most modern Kerberos + implementations. +

    PREREQUISITES

    + MIT Kerberos (at least version 1.5) or Heimdal Kerberos (at least version + 1.0) is required. +

    + The plugin queries the winbindd(8) daemon which needs to be configured + and started separately. +

    + The winbind_krb5_locator.so file needs to be manually + copied to the plugin directory of the system Kerberos library. + + For MIT Kerberos this is often: + /usr/lib/krb5/plugins/libkrb5/. + For Heimdal Kerberos this is often: + /usr/lib/plugin/krb5/. + + Please check your local Kerberos installation for the correct + paths. No modification in /etc/krb5.conf + is required to enable the use of this plugin. +

    + After copying the locator plugin to the appropriate plugin + directory it should immediately be available for use. + Users should be able to kinit into their kerberized Windows + environment without any modification or servers + being put manually into /etc/krb5.conf. +

    VERSION

    + This man page is correct for version 3 of the Samba suite. +

    AUTHOR

    + The original Samba software and related utilities were created by Andrew + Tridgell. Samba is now developed by the Samba Team as an Open Source + project similar to the way the Linux kernel is developed. +

    + The winbind_krb5_locator manpage was written by Guenther Deschner. +

    diff --git a/docs/htmldocs/manpages/winbindd.8.html b/docs/htmldocs/manpages/winbindd.8.html index 87d67bb47d..dbaeca84d7 100644 --- a/docs/htmldocs/manpages/winbindd.8.html +++ b/docs/htmldocs/manpages/winbindd.8.html @@ -1,13 +1,13 @@ -winbindd

    Name

    winbindd — Name Service Switch daemon for resolving names - from NT servers

    Synopsis

    winbindd [-D] [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]

    DESCRIPTION

    This program is part of the samba(7) suite.

    winbindd is a daemon that provides +winbindd

    Name

    winbindd — Name Service Switch daemon for resolving names + from NT servers

    Synopsis

    winbindd [-D] [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]

    DESCRIPTION

    This program is part of the samba(7) suite.

    winbindd is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself.

    Even if winbind is not used for nsswitch, it still provides a service to smbd, ntlm_auth and the pam_winbind.so PAM module, by managing connections to domain controllers. In this configuraiton the - idmap uid and - idmap gid + idmap uid and + idmap gid parameters are not required. (This is known as `netlogon proxy only mode'.)

    The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS. The exact behaviour can be configured @@ -60,7 +60,7 @@ hosts: files dns wins resolve hostnames from /etc/hosts and then from the WINS server.

     hosts:		files wins
-

    OPTIONS

    -F

    If specified, this parameter causes +

    OPTIONS

    -F

    If specified, this parameter causes the main winbindd process to not daemonize, i.e. double-fork and disassociate with the terminal. Child processes are still created as normal to service @@ -84,7 +84,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

    Note that specifying this parameter here will -override the log level parameter +override the log level parameter in the smb.conf file.

    -V

    Prints the program version number.

    -s <configuration file>

    The file specified contains the configuration details required by the server. The @@ -113,7 +113,7 @@ log.smbd, etc...). The log file is never removed by the client. as a single process (the mode of operation in Samba 2.2). Winbindd's default behavior is to launch a child process that is responsible for updating expired cache entries. -

    NAME AND ID RESOLUTION

    Users and groups on a Windows NT server are assigned +

    NAME AND ID RESOLUTION

    Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user @@ -127,26 +127,24 @@ log.smbd, etc...). The log file is never removed by the client. where the user and group mappings are stored by winbindd. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user - and group rids.

    See the idmap domains or the old idmap backend parameters in - smb.conf for options for sharing this - database, such as via LDAP.

    CONFIGURATION

    Configuration of the winbindd daemon + and group rids.

    CONFIGURATION

    Configuration of the winbindd daemon is done through configuration parameters in the smb.conf(5) file. All parameters should be specified in the [global] section of smb.conf.

    EXAMPLE SETUP

    +

    EXAMPLE SETUP

    To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup. This was tested on an early Red Hat Linux box. @@ -197,15 +195,15 @@ auth required /lib/security/pam_unix.so \ and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username. You may wish to use the commands getent passwd and getent group - to confirm the correct operation of winbindd.

    NOTES

    The following notes are useful when configuring and + to confirm the correct operation of winbindd.

    NOTES

    The following notes are useful when configuring and running winbindd:

    nmbd(8) must be running on the local machine for winbindd to work.

    PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system.

    If more than one UNIX machine is running winbindd, then in general the user and groups ids allocated by winbindd will not be the same. The user and group ids will only be valid for the local - machine, unless a shared idmap backend is configured.

    If the the Windows NT SID to UNIX user and group id mapping - file is damaged or destroyed then the mappings will be lost.

    SIGNALS

    The following signals can be used to manipulate the + machine, unless a shared idmap backend is configured.

    If the the Windows NT SID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost.

    SIGNALS

    The following signals can be used to manipulate the winbindd daemon.

    SIGHUP

    Reload the smb.conf(5) file and apply any parameter changes to the running version of winbindd. This signal also clears any cached @@ -213,7 +211,7 @@ auth required /lib/security/pam_unix.so \ by winbindd is also reloaded.

    SIGUSR2

    The SIGUSR2 signal will cause winbindd to write status information to the winbind log file.

    Log files are stored in the filename specified by the - log file parameter.

    FILES

    /etc/nsswitch.conf(5)

    Name service switch configuration file.

    /tmp/.winbindd/pipe

    The UNIX pipe over which clients communicate with + log file parameter.

    FILES

    /etc/nsswitch.conf(5)

    Name service switch configuration file.

    /tmp/.winbindd/pipe

    The UNIX pipe over which clients communicate with the winbindd program. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the /tmp/.winbindd directory @@ -234,8 +232,8 @@ auth required /lib/security/pam_unix.so \ compiled using the --with-lockdir option. This directory is by default /usr/local/samba/var/locks .

    $LOCKDIR/winbindd_cache.tdb

    Storage for cached user and group information. -

    VERSION

    This man page is correct for version 3 of - the Samba suite.

    SEE ALSO

    nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

    AUTHOR

    The original Samba software and related utilities +

    VERSION

    This man page is correct for version 3 of + the Samba suite.

    SEE ALSO

    nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

    AUTHOR

    The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

    wbinfo and winbindd were -- cgit v1.2.3