From ff4e46655ea945eb05e4b142a98c001e3734e8d1 Mon Sep 17 00:00:00 2001 From: bubulle Date: Tue, 26 Jun 2012 14:36:50 +0000 Subject: Load samba-3.6.6 into branches/samba/upstream. git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream@4134 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/manpages/idmap_autorid.8.html | 10 +- docs/htmldocs/manpages/idmap_nss.8.html | 2 +- docs/htmldocs/manpages/index.html | 1 + docs/htmldocs/manpages/libsmbclient.7.html | 2 +- docs/htmldocs/manpages/net.8.html | 2 +- docs/htmldocs/manpages/ntlm_auth.1.html | 14 +- docs/htmldocs/manpages/pdbedit.8.html | 20 +- docs/htmldocs/manpages/smb.conf.5.html | 457 +++++++++++---------- docs/htmldocs/manpages/smbcacls.1.html | 2 +- docs/htmldocs/manpages/smbclient.1.html | 6 +- docs/htmldocs/manpages/smbcontrol.1.html | 2 +- docs/htmldocs/manpages/smbcquotas.1.html | 2 +- docs/htmldocs/manpages/smbd.8.html | 8 +- docs/htmldocs/manpages/tdbbackup.8.html | 4 +- docs/htmldocs/manpages/testparm.1.html | 2 +- docs/htmldocs/manpages/vfs_acl_tdb.8.html | 13 +- docs/htmldocs/manpages/vfs_acl_xattr.8.html | 13 +- docs/htmldocs/manpages/vfs_aio_pthread.8.html | 42 ++ docs/htmldocs/manpages/vfs_readonly.8.html | 2 +- docs/htmldocs/manpages/vfs_shadow_copy2.8.html | 2 +- .../manpages/vfs_smb_traffic_analyzer.8.html | 4 +- 21 files changed, 337 insertions(+), 273 deletions(-) create mode 100644 docs/htmldocs/manpages/vfs_aio_pthread.8.html (limited to 'docs/htmldocs/manpages') diff --git a/docs/htmldocs/manpages/idmap_autorid.8.html b/docs/htmldocs/manpages/idmap_autorid.8.html index 850a001c11..06af316ee6 100644 --- a/docs/htmldocs/manpages/idmap_autorid.8.html +++ b/docs/htmldocs/manpages/idmap_autorid.8.html @@ -19,7 +19,11 @@ for regular users. As the parameter cannot be changed later, please plan accordingly for your expected number of users in a domain with safety margins. -

The default value is 100000.

THE MAPPING FORMULAS

+

One range will be used for local users and groups. + Thus the number of local users and groups that can be created is + limited by this option as well. If you plan to create a large amount + of local users or groups, you will need set this parameter accordingly. +

The default value is 100000.

THE MAPPING FORMULAS

The Unix ID for a RID is calculated this way: 

 			ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER * RANGESIZE + RID
@@ -30,7 +34,7 @@
 		
 			RID = ID - IDMAP UID LOW VALUE - DOMAINRANGENUMBER * RANGESIZE
 		

-

EXAMPLES

+

EXAMPLES

This example shows you the minimal configuration that will work for the principial domain and 19 trusted domains. 

@@ -61,7 +65,7 @@
 	idmap config TRUSTED : backend  = ad
 	idmap config TRUSTED : range    = 50000 - 99999
 	idmap config TRUSTED : schema_mode = sfu
-

AUTHOR

+

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar diff --git a/docs/htmldocs/manpages/idmap_nss.8.html b/docs/htmldocs/manpages/idmap_nss.8.html index 7ebe43b9fb..b48f2fd515 100644 --- a/docs/htmldocs/manpages/idmap_nss.8.html +++ b/docs/htmldocs/manpages/idmap_nss.8.html @@ -1,5 +1,5 @@ idmap_nss

Name

idmap_nss — Samba's idmap_nss Backend for Winbind

DESCRIPTION

The idmap_nss plugin provides a means to map Unix users and groups - to Windows accounts and obseletes the "winbind trusted domains only" + to Windows accounts and obsoletes the "winbind trusted domains only" smb.conf option. This provides a simple means of ensuring that the SID for a Unix user named jsmith is reported as the one assigned to DOMAIN\jsmith which is necessary for reporting ACLs on files and printers diff --git a/docs/htmldocs/manpages/index.html b/docs/htmldocs/manpages/index.html index 710126d5c3..941fba0412 100644 --- a/docs/htmldocs/manpages/index.html +++ b/docs/htmldocs/manpages/index.html @@ -57,6 +57,7 @@

vfs_acl_tdb(8)

Save NTFS-ACLs in a tdb file

vfs_acl_xattr(8)

Save NTFS-ACLs in Extended Attributes (EAs)

vfs_aio_fork(8)

implement async I/O in Samba vfs +

vfs_aio_pthread(8)

implement async I/O in Samba vfs using a pthread pool

vfs_audit(8)

record selected Samba VFS operations in the system log

vfs_cacheprime(8)

prime the kernel file data cache

vfs_cap(8)

CAP encode filenames diff --git a/docs/htmldocs/manpages/libsmbclient.7.html b/docs/htmldocs/manpages/libsmbclient.7.html index daa6ba92ec..279c0a2887 100644 --- a/docs/htmldocs/manpages/libsmbclient.7.html +++ b/docs/htmldocs/manpages/libsmbclient.7.html @@ -25,7 +25,7 @@ responsibility of the application that calls this library to set this to a sensible value. This is a compile-time option. This value determines the maximum number of local master browsers to query for the list of workgroups. In order to ensure that the list is complete for those present - on the network, all master browsers must be querried. If there are a large number of workgroups + on the network, all master browsers must be queried. If there are a large number of workgroups on the network, the time spent querying will be significant. For small networks (just a few workgroups), it is suggested to set this value to 0, instructing libsmbclient to query all local master browsers. In an environment that has many workgroups a more reasonable setting may be around 3. diff --git a/docs/htmldocs/manpages/net.8.html b/docs/htmldocs/manpages/net.8.html index 207090e76a..8f913d0624 100644 --- a/docs/htmldocs/manpages/net.8.html +++ b/docs/htmldocs/manpages/net.8.html @@ -596,7 +596,7 @@ See the net dom join - Join a remote computer into a domain.net dom unjoin - Unjoin a remote computer from a domain.net dom renamecomputer - Renames a remote computer joined to a domain.

DOM JOIN domain=DOMAIN ou=OU account=ACCOUNT password=PASSWORD reboot

Joins a computer into a domain. This command supports the following additional parameters: -

  • DOMAIN can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The DOMAIN parameter cannot be NULL.

  • OU can be set to a RFC 1779 LDAP DN, like ou=mymachines,cn=Users,dc=example,dc=com in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.

  • ACCOUNT defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.

  • PASSWORD defines the password for the domain account defined with ACCOUNT.

  • REBOOT is an optional parameter that can be set to reboot the remote machine after successful join to the domain.

+

  • DOMAIN can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The DOMAIN parameter cannot be NULL.

  • OU can be set to a RFC 1779 LDAP DN, like ou=mymachines,cn=Users,dc=example,dc=com in order to create the machine account in a non-default LDAP container. This optional parameter is only supported when joining Active Directory Domains.

  • ACCOUNT defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.

  • PASSWORD defines the password for the domain account defined with ACCOUNT.

  • REBOOT is an optional parameter that can be set to reboot the remote machine after successful join to the domain.

Note that you also need to use standard net parameters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user.

Example: diff --git a/docs/htmldocs/manpages/ntlm_auth.1.html b/docs/htmldocs/manpages/ntlm_auth.1.html index a5317e191a..11c0db20a7 100644 --- a/docs/htmldocs/manpages/ntlm_auth.1.html +++ b/docs/htmldocs/manpages/ntlm_auth.1.html @@ -60,7 +60,7 @@ finished supplying data to the other. (Which in turn could cause the helper to authenticate the user).

Currently implemented parameters from the - external program to the helper are:

Warning

Implementors should take care to base64 encode + external program to the helper are:

Warning

Implementers should take care to base64 encode any data (such as usernames/passwords) that may contain malicous user data, such as a newline. They may also need to decode strings from the helper, which likewise may have been base64 encoded.
Username

The username, expected to be in @@ -74,7 +74,7 @@ generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client. -

Example 7. 

LANMAN-Challege: 0102030405060708


LANMAN-Response

The 24 byte LANMAN Response value, +

Example 7. 

LANMAN-Challenge: 0102030405060708


LANMAN-Response

The 24 byte LANMAN Response value, calculated from the user's password and the supplied LANMAN Challenge. Typically, this is provided over the network by a client wishing to authenticate. @@ -86,9 +86,9 @@ provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way. -

Example 10. 

Password: samba2


Example 11. 

Password:: c2FtYmEy


Request-User-Session-Key

Apon sucessful authenticaiton, return +

Example 10. 

Password: samba2


Example 11. 

Password:: c2FtYmEy


Request-User-Session-Key

Upon successful authenticaiton, return the user session key associated with the login. -

Example 12. 

Request-User-Session-Key: Yes


Request-LanMan-Session-Key

Apon sucessful authenticaiton, return +

Example 12. 

Request-User-Session-Key: Yes


Request-LanMan-Session-Key

Upon successful authenticaiton, return the LANMAN session key associated with the login.

Example 13. 

Request-LanMan-Session-Key: Yes


--username=USERNAME

Specify username of user to authenticate @@ -100,7 +100,7 @@ not specified on the command line, this is prompted for when required.

For the NTLMSSP based server roles, this parameter specifies the expected password, allowing testing without - winbindd operational.

--request-lm-key

Retreive LM session key

--request-nt-key

Request NT key

--diagnostics

Perform Diagnostics on the authentication + winbindd operational.

--request-lm-key

Retrieve LM session key

--request-nt-key

Request NT key

--diagnostics

Perform Diagnostics on the authentication chain. Uses the password from --password or prompts for one.

--require-membership-of={SID|Name}

Require that a user be a member of specified group (either name or SID) for authentication to succeed.

-d|--debuglevel=level

level is an integer @@ -128,7 +128,7 @@ compile time.

-l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

-h|--help

Print a summary of command line options. -

EXAMPLE SETUP

To setup ntlm_auth for use by squid 2.5, with both basic and +

EXAMPLE SETUP

To setup ntlm_auth for use by squid 2.5, with both basic and NTLMSSP authentication, the following should be placed in the squid.conf file. 

@@ -145,7 +145,7 @@ auth_param basic credentialsttl 2 hours
 auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users'
 auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'

TROUBLESHOOTING

If you're experiencing problems with authenticating Internet Explorer running - under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication + under MS Windows 9X or Millennium Edition against ntlm_auth's NTLMSSP authentication helper (--helper-protocol=squid-2.5-ntlmssp), then please read the Microsoft Knowledge Base article #239869 and follow instructions described there. diff --git a/docs/htmldocs/manpages/pdbedit.8.html b/docs/htmldocs/manpages/pdbedit.8.html index 7414ca47c2..6b4259c841 100644 --- a/docs/htmldocs/manpages/pdbedit.8.html +++ b/docs/htmldocs/manpages/pdbedit.8.html @@ -3,7 +3,7 @@ independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool).

There are five main ways to use pdbedit: adding a user account, - removing a user account, modifing a user account, listing user + removing a user account, modifying a user account, listing user accounts, importing users accounts.

OPTIONS

-L|--list

This option lists all the user accounts present in the users database. This option prints a list of user/uid pairs separated by @@ -47,18 +47,18 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE: It is required in add, remove and modify operations and optional in list operations.

-f|--fullname fullname

This option can be used while adding or - modifing a user account. It will specify the user's full + modifying a user account. It will specify the user's full name.

Example: -f "Simo Sorce"

-h|--homedir homedir

This option can be used while adding or - modifing a user account. It will specify the user's home + modifying a user account. It will specify the user's home directory network path.

Example: -h "\\\\BERSERKER\\sorce"

-D|--drive drive

This option can be used while adding or - modifing a user account. It will specify the windows drive + modifying a user account. It will specify the windows drive letter to be used to map the home directory.

Example: -D "H:"

-S|--script script

This option can be used while adding or - modifing a user account. It will specify the user's logon + modifying a user account. It will specify the user's logon script path.

Example: -S "\\\\BERSERKER\\netlogon\\sorce.bat"

-p|--profile profile

This option can be used while adding or - modifing a user account. It will specify the user's profile + modifying a user account. It will specify the user's profile directory.

Example: -p "\\\\BERSERKER\\netlogon"

-M|'--machine SID' SID|rid

This option can be used while adding or modifying a machine account. It @@ -125,19 +125,19 @@ account policy value for bad lockout attempt is now 3 tdb-store into a passdb backend, e.g. an LDAP directory server.

Example: pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host

--force-initialized-passwords

This option forces all users to change their password upon next login.

-N|--account-desc description

This option can be used while adding or - modifing a user account. It will specify the user's description + modifying a user account. It will specify the user's description field.

Example: -N "test description"

-Z|--logon-hours-reset

This option can be used while adding or - modifing a user account. It will reset the user's allowed logon + modifying a user account. It will reset the user's allowed logon hours. A user may login at any time afterwards.

Example: -Z

-z|--bad-password-count-reset

This option can be used while adding or - modifing a user account. It will reset the stored bad login + modifying a user account. It will reset the stored bad login counter from a specified user.

Example: -z

--policies-reset

This option can be used to reset the general password policies stored for a domain to their default values.

Example: --policies-reset

-I|--domain

This option can be used while adding or - modifing a user account. It will specify the user's domain field.

Example: -I "MYDOMAIN" + modifying a user account. It will specify the user's domain field.

Example: -I "MYDOMAIN"

--time-format

This option is currently not being used.

-h|--help

Print a summary of command line options.

-d|--debuglevel=level

level is an integer from 0 to 10. The default value if this parameter is diff --git a/docs/htmldocs/manpages/smb.conf.5.html b/docs/htmldocs/manpages/smb.conf.5.html index 45831824f5..5a1b39b25c 100644 --- a/docs/htmldocs/manpages/smb.conf.5.html +++ b/docs/htmldocs/manpages/smb.conf.5.html @@ -4053,7 +4053,7 @@ max stat cache size (G) to speed up case insensitive name mappings. It represents the number of kilobyte (1024) units the stat cache can use. A value of zero, meaning unlimited, is not advisable due to - increased memory useage. You should not need to change this + increased memory usage. You should not need to change this parameter.

Default: max stat cache size = 256 @@ -4245,7 +4245,7 @@ name resolve order (G) first, followed by a broadcast attempt, followed by a normal system hostname lookup.

When Samba is functioning in ADS security mode (security = ads) it is advised to use following settings for name resolve order:

name resolve order = wins bcast

DC lookups will still be done via DNS, but fallbacks to netbios names will - not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.

Default: name resolve order = lmhosts host wins bcast + not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.

Default: name resolve order = lmhosts wins host bcast

Example: name resolve order = lmhosts bcast host @@ -5086,12 +5086,15 @@ profile acls (S) the top level profile directory (named after the user) is created by the workstation profile code and has an ACL restricting entry to the directory tree to the owning user. +

+ Note that this parameter should be set to yes on dedicated profile shares only. + On other shares, it might cause incorrect file ownerships.

Default: profile acls = no -

+

queuepause command (S) -

This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to pause the printer queue.

This command should be a program or script which takes a printer name as its only parameter and stops the printer queue, such that no longer jobs are submitted to the printer.

This command is not supported by Windows for Workgroups, @@ -5102,10 +5105,10 @@ queuepause command (S) path in the command as the PATH may not be available to the server.

No default

Example: queuepause command = disable %p -

+

queueresume command (S) -

This parameter specifies the command to be +

This parameter specifies the command to be executed on the server host in order to resume the printer queue. It is the command to undo the behavior that is caused by the previous parameter (queuepause command).

This command should be a program or script which takes @@ -5120,10 +5123,10 @@ queueresume command (S)

Example: queueresume command = enable %p -

+

read list (S) -

+

This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the read only option is set to. The list can include group names using the syntax described in the invalid users @@ -5133,19 +5136,19 @@ read list (S)

Example: read list = mary, @students -

+

read only (S) -

An inverted synonym is writeable.

If this parameter is yes, then users +

An inverted synonym is writeable.

If this parameter is yes, then users of a service may not create or modify files in the service's directory.

Note that a printable service (printable = yes) will ALWAYS allow writing to the directory (user privileges permitting), but only via spooling operations.

Default: read only = yes -

+

read raw (G) -

This parameter controls whether or not the server +

This parameter controls whether or not the server will support the raw read SMB requests when transferring data to clients.

If enabled, raw reads allow reads of 65535 bytes in one packet. This typically provides a major performance benefit. @@ -5154,20 +5157,20 @@ read raw (G) sizes, and for these clients you may need to disable raw reads.

In general this parameter should be viewed as a system tuning tool and left severely alone.

Default: read raw = yes -

+

realm (G) -

This option specifies the kerberos realm to use. The realm is +

This option specifies the kerberos realm to use. The realm is used as the ADS equivalent of the NT4 domain. It is usually set to the DNS name of the kerberos server.

Default: realm =

Example: realm = mysambabox.mycompany.com -

+

registry shares (G) -

+

This turns on or off support for share definitions read from registry. Shares defined in smb.conf take precedence over shares with the same name defined in @@ -5182,10 +5185,10 @@ registry shares (G)

Example: registry shares = yes -

+

remote announce (G) -

+

This option allows you to setup nmbd(8) to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name.

@@ -5209,10 +5212,10 @@ remote announce (G) See the chapter on Network Browsing in the Samba-HOWTO book.

Default: remote announce = -

+

remote browse sync (G) -

+

This option allows you to setup nmbd(8) to periodically request synchronization of browse lists with the master browser of a Samba server that is on a remote segment. This option will allow you to @@ -5244,10 +5247,10 @@ remote browse sync (G) each network has its own WINS server.

Default: remote browse sync = -

+

rename user script (G) -

+

This is the full pathname to a script that will be run as root by smbd(8) under special circumstances described below.

When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager @@ -5265,10 +5268,10 @@ rename user script (G) needs to change for other applications using the same directory.

Default: rename user script = no -

+

reset on zero vc (G) -

+

This boolean option controls whether an incoming session setup should kill other connections coming from the same IP. This matches the default Windows 2003 behaviour. @@ -5287,10 +5290,10 @@ reset on zero vc (G)

Default: reset on zero vc = no -

+

restrict anonymous (G) -

The setting of this parameter determines whether user and +

The setting of this parameter determines whether user and group list information is returned for an anonymous connection. and mirrors the effects of the 

@@ -5313,16 +5316,16 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
     by setting guest ok = yes on any share.

Default: restrict anonymous = 0 -

+

root -

This parameter is a synonym for root directory.

+

This parameter is a synonym for root directory.

root dir -

This parameter is a synonym for root directory.

+

This parameter is a synonym for root directory.

root directory (G) -

The server will chroot() (i.e. +

The server will chroot() (i.e. Change its root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the server will deny access to files not in one of the service entries. @@ -5345,34 +5348,34 @@ root directory (G)

Example: root directory = /homes/smb -

+

root postexec (S) -

+

This is the same as the postexec parameter except that the command is run as root. This is useful for unmounting filesystems (such as CDROMs) after a connection is closed.

Default: root postexec = -

+

root preexec close (S) -

This is the same as the preexec close +

This is the same as the preexec close parameter except that the command is run as root.

Default: root preexec close = no -

+

root preexec (S) -

+

This is the same as the preexec parameter except that the command is run as root. This is useful for mounting filesystems (such as CDROMs) when a connection is opened.

Default: root preexec = -

+

rpc_server (G) -

+

Defines what kind of rpc server to use for a named pipe. The rpc_server prefix must be followed by the pipe name, and a value.

@@ -5399,10 +5402,10 @@ rpc_server (G)

Default: rpc_server = none -

+

security mask (S) -

+

This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box.

@@ -5421,10 +5424,10 @@ security mask (S)

Example: security mask = 0770 -

+

security (G) -

This option affects how clients respond to +

This option affects how clients respond to Samba and is one of the most important settings in the smb.conf file.

The option sets the "security mode bit" in replies to protocol negotiations with smbd(8) to turn share level security on or off. Clients decide @@ -5539,10 +5542,10 @@ security (G)

Example: security = DOMAIN -

+

send spnego principal (G) -

This parameter determines whether or not +

This parameter determines whether or not smbd(8) will send the server-supplied principal sometimes given in the SPNEGO exchange.

If enabled, Samba can attempt to help clients to use @@ -5555,10 +5558,10 @@ send spnego principal (G)

Note that Windows XP SP2 and later versions already ignored this value in all circumstances.

Default: send spnego principal = no -

+

server schannel (G) -

+

This controls whether the server offers or even demands the use of the netlogon schannel. server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel. This is only the case for Windows NT4 before SP4. @@ -5569,20 +5572,20 @@ server schannel (G)

Example: server schannel = yes -

+

server signing (G) -

This controls whether the client is allowed or required to use SMB signing. Possible values +

This controls whether the client is allowed or required to use SMB signing. Possible values are auto, mandatory and disabled.

When set to auto, SMB signing is offered, but not enforced. When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either.

Default: server signing = Disabled -

+

server string (G) -

This controls what string will show up in the printer comment box in print +

This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view. It can be any string that you wish to show to your users.

It also sets what will appear in browse lists next to the machine name.

A %v will be replaced with the Samba @@ -5591,10 +5594,10 @@ server string (G)

Example: server string = University of GNUs Samba Server -

+

set directory (S) -

+

If set directory = no, then users of the service may not use the setdir command to change directory.

@@ -5603,10 +5606,10 @@ set directory (S) for details.

Default: set directory = no -

+

set primary group script (G) -

Thanks to the Posix subsystem in NT a Windows User has a +

Thanks to the Posix subsystem in NT a Windows User has a primary group in addition to the auxiliary groups. This script sets the primary group in the unix userdatase when an administrator sets the primary group from the windows user @@ -5618,10 +5621,10 @@ set primary group script (G)

Example: set primary group script = /usr/sbin/usermod -g '%g' '%u' -

+

set quota command (G) -

The set quota command should only be used +

The set quota command should only be used whenever there is no operating system API available from the OS that samba can use.

This option is only available if Samba was configured with the argument --with-sys-quotas or on linux when ./configure --with-quotas was used and a working quota api @@ -5631,10 +5634,10 @@ set quota command (G)

Example: set quota command = /usr/local/sbin/set_quota -

+

share:fake_fscaps (G) -

+

This is needed to support some special application that makes QFSINFO calls to check whether we set the SPARSE_FILES bit (0x40). If this bit is not set that particular application @@ -5644,10 +5647,10 @@ share:fake_fscaps (G) decimal values to specify the bitmask you need to fake.

Default: share:fake_fscaps = 0 -

+

share modes (S) -

This enables or disables the honoring of +

This enables or disables the honoring of the share modes during a file open. These modes are used by clients to gain exclusive read or write access to a file.

This is a deprecated option from old versions of @@ -5659,20 +5662,20 @@ share modes (S) by default.

You should NEVER turn this parameter off as many Windows applications will break if you do so.

Default: share modes = yes -

+

short preserve case (S) -

+

This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the default case. This option can be use with preserve case = yes to permit long filenames to retain their case, while short names are lowered.

See the section on NAME MANGLING.

Default: short preserve case = yes -

+

show add printer wizard (G) -

With the introduction of MS-RPC based printing support +

With the introduction of MS-RPC based printing support for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will appear on Samba hosts in the share listing. Normally this folder will contain an icon for the MS Add Printer Wizard (APW). However, it is @@ -5690,10 +5693,10 @@ show add printer wizard (G)

Note

This does not prevent the same user from having administrative privilege on an individual printer.

Default: show add printer wizard = yes -

+

shutdown script (G) -

This a full path name to a script called by +

This a full path name to a script called by smbd(8) that should start a shutdown procedure.

If the connected user posseses the SeRemoteShutdownPrivilege, right, this command will be run as root.

The %z %t %r %f variables are expanded as follows:

  • %z will be substituted with the @@ -5719,39 +5722,39 @@ let time="${time} + 1"

    Example: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f -

+

smb2 max credits (G) -

This option controls the maximum number of outstanding simultaneous SMB2 operations +

This option controls the maximum number of outstanding simultaneous SMB2 operations that Samba tells the client it will allow. This is similar to the max mux parameter for SMB1. You should never need to set this parameter.

The default is 8192 credits, which is the same as a Windows 2008R2 SMB2 server.

Default: smb2 max credits = 8192 -

+

smb2 max read (G) -

This option specifies the protocol value that smbd(8) will return to a client, informing the client of the largest +

This option specifies the protocol value that smbd(8) will return to a client, informing the client of the largest size that may be returned by a single SMB2 read call.

The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.

Default: smb2 max read = 65536 -

+

smb2 max trans (G) -

This option specifies the protocol value that smbd(8) will return to a client, informing the client of the largest +

This option specifies the protocol value that smbd(8) will return to a client, informing the client of the largest size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls.

The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.

Default: smb2 max trans = 65536 -

+

smb2 max write (G) -

This option specifies the protocol value that smbd(8) will return to a client, informing the client of the largest +

This option specifies the protocol value that smbd(8) will return to a client, informing the client of the largest size that may be sent to the server by a single SMB2 write call.

The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.

Default: smb2 max write = 65536 -

+

smb encrypt (S) -

This is a new feature introduced with Samba 3.2 and above. It is an +

This is a new feature introduced with Samba 3.2 and above. It is an extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions. SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt and sign every request/response in a SMB protocol stream. When @@ -5779,10 +5782,10 @@ smb encrypt (S) When set to mandatory, SMB encryption is required and if set to disabled, SMB encryption can not be negotiated.

Default: smb encrypt = auto -

+

smb passwd file (G) -

This option sets the path to the encrypted smbpasswd file. By +

This option sets the path to the encrypted smbpasswd file. By default the path to the smbpasswd file is compiled into Samba.

An example of use is: 

@@ -5790,15 +5793,15 @@ smb passwd file = /etc/samba/smbpasswd

Default: smb passwd file = ${prefix}/private/smbpasswd -

+

smb ports (G) -

Specifies which ports the server should listen on for SMB traffic.

Default: smb ports = 445 139 +

Specifies which ports the server should listen on for SMB traffic.

Default: smb ports = 445 139 -

+

socket address (G) -

This option allows you to control what +

This option allows you to control what address Samba will listen for connections on. This is used to support multiple virtual interfaces on the one server, each with a different configuration.

Setting this option should never be necessary on usual Samba @@ -5807,10 +5810,10 @@ socket address (G)

Example: socket address = 192.168.2.20 -

+

socket options (G) -

This option allows you to set socket options +

This option allows you to set socket options to be used when talking with the client.

Socket options are controls on the networking layer of the operating systems which allow the connection to be tuned.

This option will typically be used to tune your Samba server @@ -5838,17 +5841,17 @@ socket options (G)

Example: socket options = IPTOS_LOWDELAY -

+

stat cache (G) -

This parameter determines if smbd(8) will use a cache in order to +

This parameter determines if smbd(8) will use a cache in order to speed up case insensitive name mappings. You should never need to change this parameter.

Default: stat cache = yes -

+

state directory (G) -

Usually, most of the TDB files are stored in the +

Usually, most of the TDB files are stored in the lock directory. Since Samba 3.4.0, it is possible to differentiate between TDB files with persistent data and TDB files with non-persistent data using @@ -5860,10 +5863,10 @@ state directory (G)

Example: state directory = /var/run/samba/locks/state -

+

store dos attributes (S) -

+

If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such as occurs with map hidden and map readonly). When set, DOS @@ -5882,10 +5885,10 @@ store dos attributes (S) allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.

Default: store dos attributes = no -

+

strict allocate (S) -

This is a boolean that controls the handling of +

This is a boolean that controls the handling of disk space allocation in the server. When this is set to yes the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour @@ -5910,10 +5913,10 @@ strict allocate (S) files. Examples are ext3, ZFS, HFS+ and most others, so be aware if you activate this setting on those filesystems.

Default: strict allocate = no -

+

strict locking (S) -

+

This is an enumerated type that controls the handling of file locking in the server. When this is set to yes, the server will check every read and write access for file locks, and deny access if locks exist. This can be slow on some systems. @@ -5929,10 +5932,10 @@ strict locking (S) strict locking = no is acceptable.

Default: strict locking = Auto -

+

strict sync (S) -

Many Windows applications (including the Windows 98 explorer +

Many Windows applications (including the Windows 98 explorer shell) seem to confuse flushing buffer contents to disk with doing a sync to disk. Under UNIX, a sync call forces the process to be suspended until the kernel has ensured that all outstanding data in @@ -5946,10 +5949,10 @@ strict sync (S) addition, this fixes many performance problems that people have reported with the new Windows98 explorer shell file copies.

Default: strict sync = no -

+

svcctl list (G) -

This option defines a list of init scripts that smbd +

This option defines a list of init scripts that smbd will use for starting and stopping Unix services via the Win32 ServiceControl API. This allows Windows administrators to utilize the MS Management Console plug-ins to manage a @@ -5962,10 +5965,10 @@ svcctl list (G)

Example: svcctl list = cups postfix portmap httpd -

+

sync always (S) -

This is a boolean parameter that controls +

This is a boolean parameter that controls whether writes will always be written to stable storage before the write call returns. If this is no then the server will be guided by the client's request in each write call (clients can @@ -5976,19 +5979,19 @@ sync always (S) yes in order for this parameter to have any effect.

Default: sync always = no -

+

syslog only (G) -

+

If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files. There still will be some logging to log.[sn]mbd even if syslog only is enabled.

Default: syslog only = no -

+

syslog (G) -

+

This parameter maps how Samba debug messages are logged onto the system syslog logging levels. Samba debug level zero maps onto syslog LOG_ERR, debug level one maps onto LOG_WARNING, debug level two maps onto LOG_NOTICE, @@ -5999,10 +6002,10 @@ syslog (G) logging to log.[sn]mbd even if syslog only is enabled.

Default: syslog = 1 -

+

template homedir (G) -

When filling out the user information for a Windows NT +

When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this parameter to fill in the home directory for that user. If the string %D is present it @@ -6010,31 +6013,31 @@ template homedir (G) string %U is present it is substituted with the user's Windows NT user name.

Default: template homedir = /home/%D/%U -

+

template shell (G) -

When filling out the user information for a Windows NT +

When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this - parameter to fill in the login shell for that user.

No default

+ parameter to fill in the login shell for that user.

No default

time offset (G) -

This deprecated parameter is a setting in minutes to add +

This deprecated parameter is a setting in minutes to add to the normal GMT to local time conversion. This is useful if you are serving a lot of PCs that have incorrect daylight saving time handling.

Note

This option is deprecated, and will be removed in the next major release

Default: time offset = 0

Example: time offset = 60 -

+

time server (G) -

This parameter determines if nmbd(8) advertises itself as a time server to Windows +

This parameter determines if nmbd(8) advertises itself as a time server to Windows clients.

Default: time server = no -

+

unix charset (G) -

Specifies the charset the unix machine +

Specifies the charset the unix machine Samba runs on uses. Samba needs to know this in order to be able to convert text to the charsets other SMB clients use.

This is also the charset Samba will use when specifying arguments @@ -6043,10 +6046,10 @@ unix charset (G)

Example: unix charset = ASCII -

+

unix extensions (G) -

This boolean parameter controls whether Samba +

This boolean parameter controls whether Samba implements the CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX CIFS clients by supporting features such as symbolic links, hard links, etc... @@ -6059,10 +6062,10 @@ unix extensions (G) if you wish to change this coupling between the two parameters.

Default: unix extensions = yes -

+

unix password sync (G) -

This boolean parameter controls whether Samba +

This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. If this is set to yes the program specified in the passwd @@ -6071,10 +6074,10 @@ unix password sync (G) old UNIX password (as the SMB password change code has no access to the old password cleartext, only the new).

Default: unix password sync = no -

+

use client driver (S) -

This parameter applies only to Windows NT/2000 +

This parameter applies only to Windows NT/2000 clients. It has no effect on Windows 95/98/ME clients. When serving a printer to Windows NT/2000 clients without first installing a valid printer driver on the Samba host, the client will be required @@ -6099,10 +6102,10 @@ use client driver (S) on a print share which has valid print driver installed on the Samba server.

Default: use client driver = no -

+

use mmap (G) -

This global parameter determines if the tdb internals of Samba can +

This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a coherent cache, and so this parameter is set to no by @@ -6111,10 +6114,10 @@ use mmap (G) the tdb internal code.

Default: use mmap = yes -

+

username level (G) -

This option helps Samba to try and 'guess' at +

This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the username with the first letter capitalized, and fails if the @@ -6129,10 +6132,10 @@ username level (G)

Example: username level = 5 -

+

username map cache time (G) -

+

Mapping usernames with the username map or username map script features of Samba can be relatively expensive. @@ -6149,10 +6152,10 @@ username map cache time (G)

Example: username map cache time = 60 -

+

username map script (G) -

This script is a mutually exclusive alternative to the +

This script is a mutually exclusive alternative to the username map parameter. This parameter specifies and external program or script that must accept a single command line option (the username transmitted in the authentication @@ -6163,10 +6166,10 @@ username map script (G)

Example: username map script = /etc/samba/scripts/mapusers.sh -

+

username map (G) -

+

This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they @@ -6250,16 +6253,16 @@ username map = /usr/local/samba/lib/users.map

Default: username map = # no username map -

+

user -

This parameter is a synonym for username.

+

This parameter is a synonym for username.

users -

This parameter is a synonym for username.

+

This parameter is a synonym for username.

username (S) -

Multiple users may be specified in a comma-delimited +

Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right).

The deprecated username line is needed only when the PC is unable to supply its own username. This is the case @@ -6297,28 +6300,28 @@ username (S)

Example: username = fred, mary, jack, jane, @users, @pcgroup -

+

usershare allow guests (G) -

This parameter controls whether user defined shares are allowed +

This parameter controls whether user defined shares are allowed to be accessed by non-authenticated users or not. It is the equivalent of allowing people who can create a share the option of setting guest ok = yes in a share definition. Due to its security sensitive nature, the default is set to off.

Default: usershare allow guests = no -

+

usershare max shares (G) -

This parameter specifies the number of user defined shares +

This parameter specifies the number of user defined shares that are allowed to be created by users belonging to the group owning the usershare directory. If set to zero (the default) user defined shares are ignored.

Default: usershare max shares = 0 -

+

usershare owner only (G) -

This parameter controls whether the pathname exported by +

This parameter controls whether the pathname exported by a user defined shares must be owned by the user creating the user defined share or not. If set to True (the default) then smbd checks that the directory path being shared is owned by @@ -6328,10 +6331,10 @@ usershare owner only (G) regardless of who owns it.

Default: usershare owner only = True -

+

usershare path (G) -

This parameter specifies the absolute path of the directory on the +

This parameter specifies the absolute path of the directory on the filesystem used to store the user defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the @@ -6352,10 +6355,10 @@ usershare path (G) In this case, only members of the group "power_users" can create user defined shares.

Default: usershare path = NULL -

+

usershare prefix allow list (G) -

This parameter specifies a list of absolute pathnames +

This parameter specifies a list of absolute pathnames the root of which are allowed to be exported by user defined share definitions. If the pathname to be exported doesn't start with one of the strings in this list, the user defined share will not be allowed. This allows the Samba @@ -6370,10 +6373,10 @@ usershare prefix allow list (G)

Example: usershare prefix allow list = /home /data /space -

+

usershare prefix deny list (G) -

This parameter specifies a list of absolute pathnames +

This parameter specifies a list of absolute pathnames the root of which are NOT allowed to be exported by user defined share definitions. If the pathname exported starts with one of the strings in this list the user defined share will not be allowed. Any pathname not @@ -6389,10 +6392,10 @@ usershare prefix deny list (G)

Example: usershare prefix deny list = /etc /dev /private -

+

usershare template share (G) -

User defined shares only have limited possible parameters +

User defined shares only have limited possible parameters such as path, guest ok, etc. This parameter allows usershares to "cloned" from an existing share. If "usershare template share" is set to the name of an existing share, then all usershares @@ -6407,10 +6410,10 @@ usershare template share (G)

Example: usershare template share = template_share -

+

use sendfile (S) -

If this parameter is yes, and the sendfile() +

If this parameter is yes, and the sendfile() system call is supported by the underlying operating system, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked. This may make more efficient use of the system CPU's @@ -6419,10 +6422,10 @@ use sendfile (S) Windows 9x (using sendfile from Linux will cause these clients to fail).

Default: use sendfile = false -

+

use spnego (G) -

This deprecated variable controls controls whether samba will try +

This deprecated variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism.

@@ -6430,10 +6433,10 @@ use spnego (G) implementation, there is no reason this should ever be disabled.

Default: use spnego = yes -

+

utmp directory (G) -

This parameter is only available if Samba has +

This parameter is only available if Samba has been configured and compiled with the option --with-utmp. It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that @@ -6445,10 +6448,10 @@ utmp directory (G)

Example: utmp directory = /var/run/utmp -

+

utmp (G) -

+

This boolean parameter is only available if Samba has been configured and compiled with the option --with-utmp. If set to yes then Samba will attempt to add utmp or utmpx records @@ -6460,10 +6463,10 @@ utmp (G) to find this number. This may impede performance on large installations.

Default: utmp = no -

+

valid users (S) -

+

This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the invalid users parameter. @@ -6479,10 +6482,10 @@ valid users (S)

Example: valid users = greg, @pcusers -

+

-valid (S) -

This parameter indicates whether a share is +

This parameter indicates whether a share is valid and thus can be used. When this parameter is set to false, the share will be in no way visible nor accessible.

@@ -6491,10 +6494,10 @@ valid users (S) Samba uses this option internally to mark shares as deleted.

Default: -valid = yes -

+

veto files (S) -

+

This is a list of files and directories that are neither visible nor accessible. Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards. @@ -6525,10 +6528,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/

Default: veto files = No files or directories are vetoed. -

+

veto oplock files (S) -

+

This parameter is only valid when the oplocks parameter is turned on for a share. It allows the Samba administrator to selectively turn off the granting of oplocks on selected files that @@ -6549,31 +6552,31 @@ veto oplock files = /.*SEM/

Default: veto oplock files = # No files are vetoed for oplock grants -

+

vfs object -

This parameter is a synonym for vfs objects.

+

This parameter is a synonym for vfs objects.

vfs objects (S) -

This parameter specifies the backend names which +

This parameter specifies the backend names which are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects.

Default: vfs objects =

Example: vfs objects = extd_audit recycle -

+

volume (S) -

This allows you to override the volume label +

This allows you to override the volume label returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.

Default: volume = # the name of the share -

+

wide links (S) -

This parameter controls whether or not links +

This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the server are always allowed; this parameter controls access only @@ -6589,10 +6592,10 @@ wide links (S) if you wish to change this coupling between the two parameters.

Default: wide links = no -

+

winbind cache time (G) -

This parameter specifies the number of +

This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again.

@@ -6600,10 +6603,10 @@ winbind cache time (G) evaluated in real time unless the winbind offline logon option has been enabled.

Default: winbind cache time = 300 -

+

winbind enum groups (G) -

On large installations using winbindd(8) it may be necessary to suppress +

On large installations using winbindd(8) it may be necessary to suppress the enumeration of groups through the setgrent(), getgrent() and endgrent() group of system calls. If @@ -6611,10 +6614,10 @@ winbind enum groups (G) no, calls to the getgrent() system call will not return any data.

Warning

Turning off group enumeration may cause some programs to behave oddly.

Default: winbind enum groups = no -

+

winbind enum users (G) -

On large installations using winbindd(8) it may be +

On large installations using winbindd(8) it may be necessary to suppress the enumeration of users through the setpwent(), getpwent() and endpwent() group of system calls. If @@ -6626,10 +6629,10 @@ winbind enum users (G) full user list when searching for matching usernames.

Default: winbind enum users = no -

+

winbind expand groups (G) -

This option controls the maximum depth that winbindd +

This option controls the maximum depth that winbindd will traverse when flattening nested group memberships of Windows domain groups. This is different from the winbind nested groups option @@ -6641,17 +6644,17 @@ winbind expand groups (G) must perform the group unrolling and will be unable to answer incoming NSS or authentication requests during this time.

Default: winbind expand groups = 1 -

+

winbind max clients (G) -

This parameter specifies the maximum number of clients +

This parameter specifies the maximum number of clients the winbindd(8) daemon can connect with.

Default: winbind max clients = 200 -

+

winbind max domain connections (G) -

This parameter specifies the maximum number of simultaneous +

This parameter specifies the maximum number of simultaneous connections that the winbindd(8) daemon should open to the domain controller of one domain. Setting this parameter to a value greater than 1 can improve @@ -6665,10 +6668,10 @@ winbind max domain connections (G)

Example: winbind max domain connections = 10 -

+

winbind nested groups (G) -

If set to yes, this parameter activates the support for nested +

If set to yes, this parameter activates the support for nested groups. Nested groups are also called local groups or aliases. They work like their counterparts in Windows: Nested groups are defined locally on any machine (they are shared @@ -6676,10 +6679,10 @@ winbind nested groups (G) global groups from any trusted SAM. To be able to use nested groups, you need to run nss_winbind.

Default: winbind nested groups = yes -

+

winbind normalize names (G) -

This parameter controls whether winbindd will replace +

This parameter controls whether winbindd will replace whitespace in user and group names with an underscore (_) character. For example, whether the name "Space Kadet" should be replaced with the string "space_kadet". @@ -6699,10 +6702,10 @@ winbind normalize names (G)

Example: winbind normalize names = yes -

+

winbind nss info (G) -

This parameter is designed to control how Winbind retrieves Name +

This parameter is designed to control how Winbind retrieves Name Service Information to construct a user's home directory and login shell. Currently the following settings are available: @@ -6723,10 +6726,10 @@ winbind nss info (G)

Example: winbind nss info = sfu -

+

winbind offline logon (G) -

This parameter is designed to control whether Winbind should +

This parameter is designed to control whether Winbind should allow to login with the pam_winbind module using Cached Credentials. If enabled, winbindd will store user credentials from successful logins encrypted in a local cache. @@ -6734,37 +6737,37 @@ winbind offline logon (G)

Example: winbind offline logon = true -

+

winbind reconnect delay (G) -

This parameter specifies the number of +

This parameter specifies the number of seconds the winbindd(8) daemon will wait between attempts to contact a Domain controller for a domain that is determined to be down or not contactable.

Default: winbind reconnect delay = 30 -

+

winbind refresh tickets (G) -

This parameter is designed to control whether Winbind should refresh Kerberos Tickets +

This parameter is designed to control whether Winbind should refresh Kerberos Tickets retrieved using the pam_winbind module.

Default: winbind refresh tickets = false

Example: winbind refresh tickets = true -

+

winbind rpc only (G) -

+

Setting this parameter to yes forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers.

Default: winbind rpc only = no -

+

winbind separator (G) -

This parameter allows an admin to define the character +

This parameter allows an admin to define the character used when listing a username of the form of DOMAIN \user. This parameter is only applicable when using the pam_winbind.so @@ -6775,10 +6778,10 @@ winbind separator (G)

Example: winbind separator = + -

+

winbind trusted domains only (G) -

+

This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain. @@ -6789,10 +6792,10 @@ winbind trusted domains only (G) Refer to the idmap_nss(8) man page for more information.

Default: winbind trusted domains only = no -

+

winbind use default domain (G) -

This parameter specifies whether the +

This parameter specifies whether the winbindd(8) daemon should operate on users without domain component in their username. Users without a domain component are treated as is part of the winbindd server's own @@ -6805,10 +6808,10 @@ winbind use default domain (G)

Example: winbind use default domain = yes -

+

wins hook (G) -

When Samba is running as a WINS server this +

When Samba is running as a WINS server this allows you to call an external program for all changes to the WINS database. The primary use for this option is to allow the dynamic update of external name resolution databases such as @@ -6829,17 +6832,17 @@ wins hook (G) addresses currently registered for that name. If this list is empty then the name should be deleted.

An example script that calls the BIND dynamic DNS update program nsupdate is provided in the examples - directory of the Samba source code.

No default

+ directory of the Samba source code.

No default

wins proxy (G) -

This is a boolean that controls if nmbd(8) will respond to broadcast name +

This is a boolean that controls if nmbd(8) will respond to broadcast name queries on behalf of other hosts. You may need to set this to yes for some older clients.

Default: wins proxy = no -

+

wins server (G) -

This specifies the IP address (or DNS name: IP +

This specifies the IP address (or DNS name: IP address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on your network then you should set this to the WINS server's IP.

You should point this at your WINS server if you have a multi-subnetted network.

If you want to work in multiple namespaces, you can @@ -6858,19 +6861,19 @@ wins server (G)

Example: wins server = 192.9.200.1 192.168.2.61 -

+

wins support (G) -

This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should +

This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should not set this to yes unless you have a multi-subnetted network and you wish a particular nmbd to be your WINS server. Note that you should NEVER set this to yes on more than one machine in your network.

Default: wins support = no -

+

workgroup (G) -

This controls what workgroup your server will +

This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with the security = domain @@ -6878,18 +6881,18 @@ workgroup (G)

Example: workgroup = MYGROUP -

+

writable -

This parameter is a synonym for writeable.

+

This parameter is a synonym for writeable.

writeable (S) -

Inverted synonym for read only.

Default: writeable = no +

Inverted synonym for read only.

Default: writeable = no -

+

write cache size (S) -

If this integer parameter is set to non-zero value, +

If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file (it does not do this for non-oplocked files). All writes that the client does not request @@ -6907,10 +6910,10 @@ write cache size (S)

Example: write cache size = 262144 # for a 256k cache size per file -

+

write list (S) -

+

This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can @@ -6925,17 +6928,17 @@ write list (S)

Example: write list = admin, root, @staff -

+

write raw (G) -

This parameter controls whether or not the server +

This parameter controls whether or not the server will support raw write SMB's when transferring data from clients. You should never need to change this parameter.

Default: write raw = yes -

+

wtmp directory (G) -

+

This parameter is only available if Samba has been configured and compiled with the option --with-utmp. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on the UNIX system) that record user connections to a Samba server. The difference with the utmp directory is the fact @@ -6947,7 +6950,7 @@ wtmp directory (G)

Example: wtmp directory = /var/log/wtmp -

WARNINGS

+

WARNINGS

Although the configuration file permits service names to contain spaces, your client software may not. Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.

@@ -6960,8 +6963,8 @@ wtmp directory (G) for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme care when designing these sections. In particular, ensure that the permissions on spool directories are correct. -

VERSION

This man page is correct for version 3 of the Samba suite.

SEE ALSO

- samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

AUTHOR

+

VERSION

This man page is correct for version 3 of the Samba suite.

SEE ALSO

+ samba(7), smbpasswd(8), swat(8), smbd(8), nmbd(8), smbclient(1), nmblookup(1), testparm(1), testprns(1).

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

diff --git a/docs/htmldocs/manpages/smbcacls.1.html b/docs/htmldocs/manpages/smbcacls.1.html index 0dd4cb4e3a..42f3f60156 100644 --- a/docs/htmldocs/manpages/smbcacls.1.html +++ b/docs/htmldocs/manpages/smbcacls.1.html @@ -1,4 +1,4 @@ -smbcacls

Name

smbcacls — Set or get ACLs on an NT file or directory names

Synopsis

smbcacls {//server/share} {filename} [-D|--delete acls] [-M|--modify acls] [-a|--add acls] [-S|--set acls] [-C|--chown name] [-G|--chgrp name] [-I allow|romove|copy] [--numeric] [-t] [-U username] [-h] [-d]

DESCRIPTION

This tool is part of the samba(7) suite.

The smbcacls program manipulates NT Access Control +smbcacls

Name

smbcacls — Set or get ACLs on an NT file or directory names

Synopsis

smbcacls {//server/share} {/filename} [-D|--delete acls] [-M|--modify acls] [-a|--add acls] [-S|--set acls] [-C|--chown name] [-G|--chgrp name] [-I allow|romove|copy] [--numeric] [-t] [-U username] [-h] [-d]

DESCRIPTION

This tool is part of the samba(7) suite.

The smbcacls program manipulates NT Access Control Lists (ACLs) on SMB file shares.

OPTIONS

The following options are available to the smbcacls program. The format of ACLs is described in the section ACL FORMAT

-a|--add acls

Add the ACLs specified to the ACL list. Existing access control entries are unchanged.

-M|--modify acls

Modify the mask value (permissions) for the ACLs diff --git a/docs/htmldocs/manpages/smbclient.1.html b/docs/htmldocs/manpages/smbclient.1.html index 1ec8062ac6..5b5ae85712 100644 --- a/docs/htmldocs/manpages/smbclient.1.html +++ b/docs/htmldocs/manpages/smbclient.1.html @@ -117,7 +117,7 @@ server support the UNIX extensions. Request that the connection be encrypted. This is new for Samba 3.2 and will only work with Samba 3.2 or above servers. Negotiates SMB encryption using GSSAPI. Uses - the given credentials for the encryption negotiaion (either kerberos + the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple. Fails the connection if encryption cannot be negotiated.

-d|--debuglevel=level

level is an integer @@ -250,7 +250,7 @@ options.

-T|--tar tar options

Tar Filenames

All file names can be given as DOS path names (with '\\' as the component separator) or as UNIX path names (with '/' as the component separator).

Examples

Restore from tar file backup.tar into myshare on mypc - (no password on share).

smbclient //mypc/yshare "" -N -Tx backup.tar + (no password on share).

smbclient //mypc/myshare "" -N -Tx backup.tar

Restore everything except users/docs

smbclient //mypc/myshare "" -N -TXx backup.tar users/docs

Create a tar file of the files beneath @@ -321,7 +321,7 @@ options.

-T|--tar tar options

to delete all files matching mask from the current working directory on the server.

dir <mask>

A list of the files matching mask in the current working directory on the server will be retrieved from the server - and displayed.

du <filename>

Does a directory listing and then prints out the current disk useage and free space on a share. + and displayed.

du <filename>

Does a directory listing and then prints out the current disk usage and free space on a share.

echo <number> <data>

Does an SMBecho request to ping the server. Used for internal Samba testing purposes.

exit

Terminate the connection with the server and exit from the program.

get <remote file name> [local file name]

Copy the file called remote file name from diff --git a/docs/htmldocs/manpages/smbcontrol.1.html b/docs/htmldocs/manpages/smbcontrol.1.html index e7254b3aa3..4a13cf0be2 100644 --- a/docs/htmldocs/manpages/smbcontrol.1.html +++ b/docs/htmldocs/manpages/smbcontrol.1.html @@ -58,7 +58,7 @@ compile time.

-i

Run interactiv message for the printer and unix jobid specified.

Note that this message only sends notification that an - event has occured. It doesn't actually cause the + event has occurred. It doesn't actually cause the event to happen.

This message can only be sent to smbd.

samsync

Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to smbd.

Note

Not working at the moment

samrepl

Send sam replication message, with specified serial. Can only be sent to smbd. Should not be used manually.

dmalloc-mark

Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support.

dmalloc-log-changed

Dump the pointers that have changed since the mark set by dmalloc-mark. diff --git a/docs/htmldocs/manpages/smbcquotas.1.html b/docs/htmldocs/manpages/smbcquotas.1.html index 7033b789de..88dc743a42 100644 --- a/docs/htmldocs/manpages/smbcquotas.1.html +++ b/docs/htmldocs/manpages/smbcquotas.1.html @@ -64,7 +64,7 @@ on the file restrict access from unwanted users. See the many systems the command line of a running process may be seen via the ps command. To be safe always allow rpcclient to prompt for a password and type -it in directly.

QUOTA_SET_COMAND

The format of an the QUOTA_SET_COMMAND is an operation +it in directly.

QUOTA_SET_COMMAND

The format of an the QUOTA_SET_COMMAND is an operation name followed by a set of parameters specific to that operation.

To set user quotas for the user specified by -u or for the current username:

diff --git a/docs/htmldocs/manpages/smbd.8.html b/docs/htmldocs/manpages/smbd.8.html index 7e8cbe3989..15c7a1572f 100644 --- a/docs/htmldocs/manpages/smbd.8.html +++ b/docs/htmldocs/manpages/smbd.8.html @@ -109,14 +109,14 @@ log.smbd, etc...). The log file is never removed by the client. is not specific to the server, however.

PAM INTERACTION

Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management. The degree too which samba supports PAM is restricted - by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater. When this is set, the following restrictions apply: + by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) parameter. When this is set, the following restrictions apply:

  • Account Validation: All accesses to a samba server are checked - against PAM to see if the account is vaild, not disabled and is permitted to + against PAM to see if the account is valid, not disabled and is permitted to login at this time. This also applies to encrypted logins.

  • Session Management: When not using share - level secuirty, users must pass PAM's session checks before access - is granted. Note however, that this is bypassed in share level secuirty. + level security, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level security. Note also that some older pam configuration files may need a line added for session support.

VERSION

This man page is correct for version 3 of diff --git a/docs/htmldocs/manpages/tdbbackup.8.html b/docs/htmldocs/manpages/tdbbackup.8.html index f98e7fc0ea..fce7a15982 100644 --- a/docs/htmldocs/manpages/tdbbackup.8.html +++ b/docs/htmldocs/manpages/tdbbackup.8.html @@ -5,11 +5,11 @@

OPTIONS

-h

Get help information.

-s suffix

- The -s option allows the adminisistrator to specify a file + The -s option allows the administrator to specify a file backup extension. This way it is possible to keep a history of tdb backup files by using a new suffix for each backup.

-v

- The -v will check the database for damages (currupt data) + The -v will check the database for damages (corrupt data) which if detected causes the backup to be restored.

COMMANDS

GENERAL INFORMATION

The tdbbackup utility can safely be run at any time. It was designed so diff --git a/docs/htmldocs/manpages/testparm.1.html b/docs/htmldocs/manpages/testparm.1.html index c04263c92e..699ab2df6c 100644 --- a/docs/htmldocs/manpages/testparm.1.html +++ b/docs/htmldocs/manpages/testparm.1.html @@ -22,7 +22,7 @@ Dumps the named parameter. If no section-name is set the view is limited by default to the global section. - It is also possible to dump a parametrical option. Therfore + It is also possible to dump a parametrical option. Therefore the option has to be separated by a colon from the parametername.

--section-name sectionname

diff --git a/docs/htmldocs/manpages/vfs_acl_tdb.8.html b/docs/htmldocs/manpages/vfs_acl_tdb.8.html index 3c068816ca..ba468876ff 100644 --- a/docs/htmldocs/manpages/vfs_acl_tdb.8.html +++ b/docs/htmldocs/manpages/vfs_acl_tdb.8.html @@ -6,9 +6,16 @@

The ACL settings are stored in $LOCKDIR/file_ntacls.tdb. -

This module is stackable.

OPTIONS

- There are no options for vfs_acl_tdb. -

AUTHOR

The original Samba software and related utilities +

This module is stackable.

OPTIONS

acl_tdb:ignore system acls = [yes|no]

+ When set to yes, a best effort mapping + from/to the POSIX ACL layer will not be + done by this module. The default is no, + which means that Samba keeps setting and evaluating both the + system ACLs and the NT ACLs. This is better if you need your + system ACLs be set for local or NFS file access, too. If you only + access the data via Samba you might set this to yes to achieve + better NT ACL compatibility. +

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

diff --git a/docs/htmldocs/manpages/vfs_acl_xattr.8.html b/docs/htmldocs/manpages/vfs_acl_xattr.8.html index 159278d320..778680b253 100644 --- a/docs/htmldocs/manpages/vfs_acl_xattr.8.html +++ b/docs/htmldocs/manpages/vfs_acl_xattr.8.html @@ -10,9 +10,16 @@ To show the current value, the name of the EA must be specified (e.g. getfattr -n security.NTACL filename ). -

This module is stackable.

OPTIONS

- There are no options for vfs_acl_xattr. -

AUTHOR

The original Samba software and related utilities +

This module is stackable.

OPTIONS

acl_xattr:ignore system acls = [yes|no]

+ When set to yes, a best effort mapping + from/to the POSIX ACL layer will not be + done by this module. The default is no, + which means that Samba keeps setting and evaluating both the + system ACLs and the NT ACLs. This is better if you need your + system ACLs be set for local or NFS file access, too. If you only + access the data via Samba you might set this to yes to achieve + better NT ACL compatibility. +

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

diff --git a/docs/htmldocs/manpages/vfs_aio_pthread.8.html b/docs/htmldocs/manpages/vfs_aio_pthread.8.html new file mode 100644 index 0000000000..899ff9051d --- /dev/null +++ b/docs/htmldocs/manpages/vfs_aio_pthread.8.html @@ -0,0 +1,42 @@ +vfs_aio_pthread

Name

vfs_aio_pthread — implement async I/O in Samba vfs using a pthread pool

Synopsis

vfs objects = aio_pthread

DESCRIPTION

This VFS module is part of the + samba(7) suite.

The aio_pthread VFS module enables asynchronous + I/O for Samba on platforms which have the pthreads API available, + without using the Posix AIO interface. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor which essentially makes Posix AIO useless on systems + using the glibc implementation.

To work around all these limitations, the aio_pthread module + was written. It uses a pthread pool instead of the + internal Posix AIO interface to allow read and write calls + to be process asynchronously. A pthread pool is created + which expands dynamically by creating new threads as work is + given to it to a maximum of 100 threads per smbd process. + To change this limit see the "aio num threads" parameter + below. New threads are not created if idle threads are + available when a new read or write request is received, + the new work is given to an existing idle thread. Threads + terminate themselves if idle for one second. +

+ Note that the smb.conf parameters aio read size + and aio write size must also be set appropriately + for this module to be active. +

This module MUST be listed last in any module stack as + the Samba VFS pread/pwrite interface is not thread-safe. This + module makes direct pread and pwrite system calls and does + NOT call the Samba VFS pread and pwrite interfaces.

EXAMPLES

Straight forward use:

+        [cooldata]
+	path = /data/ice
+	aio read size = 1024
+	aio write size = 1024
+	vfs objects = aio_pthread
+

OPTIONS

aio_pthread:aio num threads = INTEGER

Limit the maximum number of threads per smbd that + will be created in the thread pool to service IO requests. +

By default this is set to 100.

VERSION

This man page is correct for version 3.6.3 of the Samba suite. +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

diff --git a/docs/htmldocs/manpages/vfs_readonly.8.html b/docs/htmldocs/manpages/vfs_readonly.8.html index 1d74726d4d..8a03ddf81f 100644 --- a/docs/htmldocs/manpages/vfs_readonly.8.html +++ b/docs/htmldocs/manpages/vfs_readonly.8.html @@ -2,7 +2,7 @@ samba(7) suite.

The vfs_readonly VFS module marks a share as read only for all clients connecting within the configured time period. Clients connecting during this time will be denied - write access to all files in the share, irrespective of ther + write access to all files in the share, irrespective of their actual access privileges.

This module is stackable.

OPTIONS

readonly:period = BEGIN, END

Only mark the share as read only if the client connection was made between the times marked by the BEGIN and END date specifiers. diff --git a/docs/htmldocs/manpages/vfs_shadow_copy2.8.html b/docs/htmldocs/manpages/vfs_shadow_copy2.8.html index 9056b67f5c..41d5d9eac2 100644 --- a/docs/htmldocs/manpages/vfs_shadow_copy2.8.html +++ b/docs/htmldocs/manpages/vfs_shadow_copy2.8.html @@ -52,7 +52,7 @@

EXAMPLES

Add shadow copy support to user home directories:

         [homes]
 	vfs objects = shadow_copy2
-	shadow:snapdir = /data/snaphots
+	shadow:snapdir = /data/snapshots
 	shadow:basedir = /data/home
 	shadow:sort = desc

CAVEATS

This is not a backup, archival, or version control solution. diff --git a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html index 24c34a7ef6..0002cc6a00 100644 --- a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html +++ b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html @@ -19,12 +19,12 @@ by default.

Protocol version 1 documentation

vfs_smb_traffic_analyzer protocol version 1 is aware of the following VFS operations:

write
pwrite
read
pread

vfs_smb_traffic_analyzer sends the following data - in a fixed format seperated by a comma through either an internet or a + in a fixed format separated by a comma through either an internet or a unix domain socket:

 	BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP

Description of the records: -

  • BYTES - the length in bytes of the VFS operation

  • USER - the user who initiated the operation

  • DOMAIN - the domain of the user

  • READ/WRITE - either "W" for a write operation or "R" for read

  • SHARE - the name of the share on which the VFS operation occured

  • FILENAME - the name of the file that was used by the VFS operation

  • TIMESTAMP - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured

  • IP - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.

+

  • BYTES - the length in bytes of the VFS operation

  • USER - the user who initiated the operation

  • DOMAIN - the domain of the user

  • READ/WRITE - either "W" for a write operation or "R" for read

  • SHARE - the name of the share on which the VFS operation occurred

  • FILENAME - the name of the file that was used by the VFS operation

  • TIMESTAMP - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occurred

  • IP - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.

This module is stackable.

Drawbacks of protocol version 1

Several drawbacks have been seen with protocol version 1 over time.

  • Problematic parsing - -- cgit v1.2.3