From 951fa9619c10959654b4f7d69c08722f1e76db71 Mon Sep 17 00:00:00 2001 From: vorlon Date: Wed, 21 Nov 2007 17:44:34 +0000 Subject: merge upstream 3.0.27a into svn git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@1586 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/using_samba/appb.html | 1840 +++++++++++++++++++++++++++++++++++ 1 file changed, 1840 insertions(+) create mode 100644 docs/htmldocs/using_samba/appb.html (limited to 'docs/htmldocs/using_samba/appb.html') diff --git a/docs/htmldocs/using_samba/appb.html b/docs/htmldocs/using_samba/appb.html new file mode 100644 index 0000000000..9cb6d957a8 --- /dev/null +++ b/docs/htmldocs/using_samba/appb.html @@ -0,0 +1,1840 @@ + + + + + +

Appendix B. Samba Configuration Option Quick Reference

+ + +

The first section of this appendix lists each option that can be used +in a Samba configuration file, which is usually named +smb.conf. Most configuration files contain a +global section of options that apply to all services (shares) and a +separate section for various individual shares. If an option applies +only to the global section, [global] appears to +the right of its name in the following reference section.

+ +

Except where noted, when specifying elements of a list, the elements +can be separated by spaces, tabs, commas, semicolons, escaped +newlines, or escaped carriage returns.

+ +

Following this reference section is a glossary of value types, and a +list of variables Samba recognizes.

+ + + +
+ +

Configuration File Options

+ +
+ + +
abort shutdown script = command[global] +

Allowable values: command

Default: NULL

Specifies a command that stops the shutdown procedure started by +shutdown script. The command will be run with the +UID of the connected user. New in Samba 3.0.

+
add printer command = command[global] +

Allowable values: command

Default: NULL

Specifies a command that creates a new +printer on the system hosting the Samba +server. This command runs as root when the Windows +NT/2000/XP Add Printer Wizard is run. The command will be passed a +printer name, share name, port name, driver name, Windows NT/2000/XP +driver location, and Windows 95/98/Me driver location, in that order. +It will need to add the printer to the system and a share definition +for the printer to smb.conf. See also +add printer wizard, printing, +and show add printer wizard.

+
add machine script = command[global] +

Allowable values: command

Default: NULL

Specifies a command that adds a computer to the Samba +server's domain. New in Samba 3.0.

+
add share command = command[global] +

Allowable values: command

Default: NULL

Specifies a command that creates a new +share on the Samba server. This command +runs as root when a share is created using the +Windows NT/2000/XP Server Manager. The client user must be logged on +as the root user. The command will be passed the +name of the Samba configuration file, the name of the share to be +created, the full pathname of a directory on the Samba server (which +must already exist), and a string to use as a comment for the share, +in that order. The command must add a share definition for the share +to smb.conf. See also add printer +command, for adding a print share.

+
add user script = command[global] +

Allowable values: command

Default: NULL

Specifies a command that creates a new +user on the system hosting the Samba +server. This command runs as root when access to a +Samba share is attempted by a Windows user who does not have an +account on the hosting system, but does have an account maintained by +a primary domain controller on a different system. The command should +accept the name of the user as a single argument that matches the +behavior of typical adduser commands. Samba +honors the %u value (username) as the argument to +the command. Requires security += server or +security = +domain. See also delete user +script.

+
admin users = user list

Allowable values: user list

Default: NULL

Specifies users who will be granted +root +permissions on the share by Samba.

+
ads server = value[global] +

Allowable values: DNS hostname or IP address

Default: NONE

Specifies the Active Directory server, used by +Samba 3.0 for authenticating clients. Requires +security = ads. New in Samba +3.0.

+
algorithmic rid base = number[global] +

Allowable values: positive integer

Default: 1000

Specifies the base value that Samba uses when calculating Windows +domain security identifier equivalents to Unix UIDs. See also +non unix account range. New in Samba 3.0.

+
allow hosts = host list

Allowable values: list of hosts or networks

Default: NULL

Specifies systems that can connect to the share or +shares. If NULL, any +system can access the share unless there is a hosts +deny option. Synonym for hosts +allow.

+
allow trusted domains = boolean[global] +

Allowable values: YES, NO

Default: YES

Allows access to users who lack accounts on the Samba server but have +accounts in another, trusted domain. +Requires security = server or +security = +domain.

+
announce as = value[global] +

Allowable values: NT, Win95, Wf W

Default: NT

Has Samba announce itself as something other than an NT server. +Discouraged because it interferes with serving browse lists.

+
announce version = value[global] +

Allowable values: two numbers separated by a dot character

Default: 4.5

Instructs Samba to announce itself as a different version SMB server. +Discouraged.

+
auth methods = list[global] +

Allowable values: guest, sam, ntdomain

Default: NONE

Specifies what methods Samba tries in turn to +authenticate users. New in Samba +3.0.

+
auto services = service list[global] +

Allowable values: service list

Default: NULL

Specifies a list of shares that always appear in +browse lists. Also called preload.

+
available = boolean

Allowable values: YES, NO

Default: YES

If set to NO, denies access to a share. The +share appears in the browse list, but +attempts to access it will fail.

+
bind interfaces only = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, shares and browsing are provided only on interfaces in +an interfaces list (see +interfaces). If you set this option to YES, be +sure to add 127.0.0.1 to the interfaces list to allow +smbpasswd to connect to the local system to +change passwords. This is a convenience option; it does not improve +security.

+
block size = number

Allowable values: integer

Default: 1024

Sets the size of disk blocks as reported by smbd +to the client. Obsolete +starting with Samba 3.0.

+
blocking locks = boolean

Allowable values: YES, NO

Default: YES

If YES, honors byte range lock requests with time limits. Samba will +queue the requests and retry them until the time period expires.

+
browsable = boolean

Allowable values: YES, NO

Default: YES

Allows a share to be announced +in browse lists. Also called browseable.

+
browse list = boolean[global] +

Allowable values: YES, NO

Default: YES

If YES, serves the browse list to other systems on the network. Avoid +changing.

+
browseable = boolean

Allowable values: YES, NO

Default: YES

Synonym for browsable.

+
case sensitive = boolean[global] +

Allowable values: YES, NO

Default: NO

If YES, uses the exact case the client supplied when trying to +resolve a filename. If NO, matches either upper- or lowercase name. +Avoid changing. Also called casesignames.

+
casesignames = boolean[global] +

Allowable values: YES, NO

Default: NO

Synonym for case sensitive.

+
change notify timeout = number[global] +

Allowable values: positive number

Default: 60

Sets the number of seconds between checks when a client asks for +notification of changes in a directory. Avoid lowering.

+
change share command = command[global] +

Allowable values: command

Default: NULL

Specifies a command that modifies a +share +definition on the Samba server. This command runs as +root when a share is created using the Windows +NT/2000/XP Server Manager. The client user must be logged on as the +root user. The command is passed the name of the +Samba configuration file, the name of the share to be modified, the +full pathname of a directory on the Samba server (which must already +exist), and a string to use as a comment for the share, in that +order. The command modifies the share definition for the share in +smb.conf. See also add share +command and delete share command.

+
character set = name

Allowable values: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R

Default: NULL

If set, translates from DOS code +pages to the Western European (ISO8859-1), Eastern European +(ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian +(KOI8-R) character set. The client +code page option must be set to +850. Obsolete starting with Samba 3.0.

+
client code page = name

Allowable values: see Table 11-4 in Chapter 11

Default: 850 (MS-DOS Latin 1)

Sets the DOS code page explicitly, overriding any previous +valid chars settings. Examples +of values are 850 for Western European, 437 for the U.S. standard, +and 932 for Japanese Shift-JIS. Obsolete starting with Samba 3.0.

+
code page directory = directory[global] +

Allowable values: full directory name

Default: /usr/local/samba/lib/codepages

Specifies the directory that stores code pages. +Obsolete starting with Samba 3.0.

+
coding system = value[global] +

Allowable values: euc, cap, hex, hexN, sjis, j8bb, j8bj, jis8, j8bh, +j8@b, j8@j,j8@h, j7bb, j7bj, jis7, j7bh, j7@b, j7@j, j7@h, jubb, +jubj, junet, jubh, ju@b, ju@j, ju@h

Default: NULL

Sets the coding system used, notably for Kanji. This is employed for +filenames and should correspond to the code page in use. The +client code +page option must be set to 932 ( Japanese +Shift-JIS). Obsolete starting with Samba 3.0.

+
comment = string

Allowable values: string

Default: NULL

Sets the comment corresponding to a share. The comment appears in +places such as a net view listing or through the +Network Neighborhood. See also the server +string configuration option.

+
config file = filename[global] +

Allowable values: \filename

Default: NULL

Selects a new Samba configuration file to read instead of the +current one. Used to relocate the configuration file or used with +% variables to select custom configuration files +for some users or systems.

+
copy = section name

Allowable values: existing section's name

Default: NULL

Copies the configuration of an already defined share into the +share in which this option +appears. Used with % variables to select custom +configurations for systems, architectures, and users. Each option +specified or copied takes precedence over earlier specifications of +the option.

+
create mask = value

Allowable values: octal value from 0 to 0777

Default: 0744

Sets the maximum allowable permissions for new files (e.g., +0755). See also directory mask. +To require certain permissions to be set, see +force create +mask and force +directory mask. Also called +create mode.

+
create mode = value

Allowable values: octal value from 0 to 0777

Default: 0744

Synonym for create mask.

+
csc policy = value

Allowable values: manual, documents, programs, or disable

Default: manual

Sets the client-side caching policy, telling them how to +cache files offline if they are capable of doing so.

+
deadtime = number[global] +

Allowable values: number

Default: 0

Specifies the time in minutes before an unused +connection will be +terminated. Zero means never. Used to keep clients from tying up +server resources for long periods of time. If used, clients must +autoreconnect after the specified period of inactivity. See also +keepalive.

+
debug hires timestamp = boolean[global] +

Allowable values: YES, NO

Default: NO

Changes the timestamps in log entries from seconds +to microseconds. Useful for measuring performance.

+
debug pid = boolean[global] +

Allowable values: YES, NO

Default: NO

Adds the process ID of the Samba server to log lines, making it easier to +debug a particular server. Requires debug timestamp = +yes to work.

+
debug timestamp = boolean[global] +

Allowable values: YES, NO

Default: YES

Timestamps all log messages. Can be turned off when +it's not useful (e.g., in debugging ). Also called +timestamp logs.

+
debug uid = boolean[global] +

Allowable values: YES, NO

Default: NO

Adds the real and effective +user ID and group ID of the user being served to the logs, making it +easier to debug one particular user.

+
debuglevel = number[global] +

Allowable values: number

Default: 0

Sets the logging level used. Values of 3 or more slow Samba +noticeably. Also called log +level. Recommended value is 1.

+
default = service name[global] +

Allowable values: share name

Default: NULL

Specifies the name of a service (share) to provide if someone +requests a service he doesn't have permission to use +or that doesn't exist. The path is set from the name +the client specified, with any underscore ( _ ) characters changed to +slash ( / ) characters, allowing access to any directory on the Samba +server. Use is discouraged. See also load +printers. Also called default service.

+
default case = value

Allowable values: LOWER, UPPER

Default: LOWER

Sets the case in which to store new filenames. LOWER indicates +lowercase, and UPPER indicates uppercase.

+
default devmode = boolean

Allowable values: YES, NO

Default: NO

Used with printer shares being accessed by Windows NT/2000/XP clients +to set a default device mode for the +printer. Can be +problematic. Use with care.

+
default service = share name[global] +

Allowable values: share name

Default: NULL

Synonym for default.

+
delete printer command = command[global] +

Allowable values: command

Default: NULL

Specifies a command that removes a +printer from the system hosting the +Samba server and deletes its service definition from +smb.conf. The command is passed a printer name +as its only argument. See also add printer +command, printing, and show add +printer wizard.

+
delete readonly = boolean

Allowable values: NO, YES

Default: NO

If set to YES, allows delete requests to remove read-only files. This +is not allowed in MS-DOS/Windows, but it is normal in Unix, which has +separate directory permissions. Used with programs such as RCS.

+
delete share command = command

Allowable values: command

Default: NULL

Specifies a command that deletes a +share +from the Samba server. The command runs when a user logged in as the +root user on a Windows NT/2000/XP system deletes a +share using Server Manager. The command is passed the name of the +Samba configuration file and the name of the share to be deleted. The +command must remove the definition of the share from the +configuration file. See also add share command and +change share command.

+
delete user script = command[global] +

Allowable values: full path to script

Default: NULL

Sets the command to run as root when a user +connects who no longer has an account on the +domain's PDC. Honors %u. Can be +used to delete the +user account automatically from +the Samba server's host. Requires +security = +domain or security = user. Use +with caution. See also add user script.

+
delete veto files = boolean

Allowable values: NO, YES

Default: NO

If set to YES, allows delete requests for a +directory containing +files or subdirectories the user can't see due to +the veto files option. If set +to NO, the directory is not deleted and still contains invisible +files.

+
deny hosts = host list

Allowable values: hosts or networks

Default: NULL

Specifies a list of systems from which to refuse +connections. +Also called hosts deny.

+
dfree command = command[global] +

Allowable values: command

Default: varies

Specifies a command to run on the server to return free disk space. +Not needed unless the Samba host system's +dfree command does not work properly.

+
directory = directory

Allowable values: Unix directory name

Default: varies

Sets the path to the +directory provided by a file share or +used by a printer share. If the option is omitted in the +[homes] share, it is set automatically to the +user's home directory; otherwise, it defaults +to /tmp. For a printer share, the directory is +used to spool printer files. Honors the %u (user) +and %m (machine) variables. Synonym for +path.

+
directory mask = value

Allowable values: octal value from 0 to 0777

Default: 0755

Sets the maximum allowable permissions for newly created +directories. To require +that certain permissions be set, see the force +create mask and +force directory +mask options. Also called +directory mode.

+
directory mode = value

Allowable values: octal value from 0 to 0777

Default: 0755

Synonym for directory mask.

+
directory security mask = value

Allowable values: octal value from 0 to 0777

Default: same as directory mode

Controls which permission bits can be changed if a user edits the +Unix permissions of directories on the Samba server from a Windows +system. Any bit that is set in the mask can be changed by the user; +any bit that is clear remains the same on the directory even if the +user tries to change it. Requires nt +acl support += YES.

+
disable spools = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, Windows NT/2000/XP systems will downgrade to +Lanman-style printing. Prevents printer driver uploading and +downloading from working. Use with care. See also use client +driver.

+
dns proxy = boolean[global] +

Allowable values: YES, NO

Default: YES

If set to YES and if wins +server = +YES, looks up hostnames in DNS when they are not +found using WINS.

+
domain admin group = user list[global] +

Allowable values: usernames and/or group names

Default: NULL

Specifies users who are in the Domain Admins group and have +domain +administrator authority when Samba is the PDC. See also +domain guest group and domain +logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.

+
domain guest group = user/group list[global] +

Allowable values: list of usernames and/or group names

Default: NULL

Specifies users who are in the Domain Guest group when Samba is the PDC. +See also domain admin group and domain +logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.

+
domain logons = boolean[global] +

Allowable values: YES, NO

Default: NO

Causes Samba to serve domain logons. This is one of the basic +functions required when Samba is acting as the PDC.

+
domain master = boolean[global] +

Allowable values: YES, NO

Default: automatic

Makes Samba a domain master browser for its domain. When +domain logons are enabled, domain master defaults +to YES. Otherwise, it defaults to NO.

+
dont descend = list

Allowable values: list of directories

Default: NULL

Prohibits a change directory or search in the directories specified. +This is a browsing-convenience option; it doesn't +provide any extra security.

+
dos filemode = boolean

Allowable values: YES, NO

Default: NO

Allows anyone with write permissions to change permissions on a file, +as allowed by MS-DOS.

+
dos filetime resolution = boolean

Allowable values: YES, NO

Default: NO

Sets file times on Unix to match MS-DOS standards (rounding to the +next even second). Recommended if using Visual C++ or a PC +make program to avoid remaking the programs +unnecessarily. Use with the dos +filetimes option.

+
dos filetimes = boolean

Allowable values: YES, NO

Default: NO

Allows nonowners to change file times if they can write to the files, +matching the behavior of MS-DOS and Windows. See also +dos filetime +resolution.

+
encrypt passwords = boolean[global] +

Allowable values: YES, NO

Default: NO in Samba 2.2, YES in Samba 3.0

If enabled, Samba will use password encryption. Requires an +smbpasswd file on the Samba server.

+
enhanced browsing = boolean[global] +

Allowable values: YES, NO

Default: YES

Automatically synchronizes browse lists with all domain master +browsers known to the WINS server. Makes cross-subnet browsing more +reliable, but also can cause empty workgroups to persist forever in +browse lists.

+
enumports command = command[global] +

Allowable values: command

Default: NULL

Allows for a command to provide clients with customized +MS-DOS/Windows port names (e.g., PRN:) corresponding +to printers. Samba's default behavior is to return +Samba Printer Port. The command must return a +series of lines, with one port name per line.

+
exec = command

Allowable values: command

Default: NULL

Sets a command to run as the user before connecting to the share. +Synonym for preexec. See also the +postexec, root +preexec, and root postexec +options.

+
fake directory create times = boolean

Allowable values: YES, NO

Default: NO

A bug fix for users of Microsoft +nmake. If YES, Samba sets directory create +times such that nmake won't +remake all files every time.

+
fake oplocks = boolean

Allowable values: YES, NO

Default: NO

If set, returns YES whenever a client asks if it can lock a file and +cache it locally but does not enforce the lock on the server. Results +in performance improvement for read-only shares. Never use +with read/write shares! See also +oplocks and veto +oplock files.

+
follow symlinks = boolean

Allowable values: YES, NO

Default: YES

If set to YES, Samba follows symlinks in a file share(s). See the +wide links option if you want +to restrict symlinks to just the current share.

+
force create mode = value

Allowable values: octal value from 0 to 0777

Default: 0

Takes effect when a user on a Windows client creates a file that +resides on the Samba server. This option ensures that bits set in +this mask will always be set on the new file. Used with the +create mask configuration option.

+
force directory mode = value

Allowable values: octal value from 0 to 0777

Default: 0

Takes effect when a user on a Windows client creates a directory on +the Samba server. This option ensures that bits set in the mask will +be set on every newly created directory. Used with directory +mask.

+
force directory security mode = value

Allowable values: octal value from 0 to 0777

Default: same as force +directory mode

Takes effect when a user on a Windows client edits the Unix +permissions of a directory on the Samba server. This option ensures +that bits set in this mask will be set on the directory. Requires +nt acl +support = +YES.

+
force group = value

Allowable values: a Unix group name

Default: NULL

Sets the effective group name assigned to all users accessing a +share. Used to override a +user's +normal group memberships.

+
force security mode = value

Allowable values: octal value from 0 to 0777

Default: same as force create +mode

Takes effect when a user on a Windows client edits the Unix +permissions of a file on the Samba server. This option ensures that +bits set in the mask will always be set on the file. Requires +nt acl +support = +YES. See also force directory security +mode for directories.

+
force unknown acl user = boolean

Allowable values: YES, NO

Default: NO

When set, unknown users or groups in Windows NT ACLs will be mapped +to the user or group of the connected user. Obsolete starting with Samba +3.0.

+
force user = value

Allowable values: a single username

Default: NULL

Sets the effective username assigned to all users accessing a share. +Discouraged.

+
fstype = string

Allowable values: NTFS, FAT, Samba

Default: NTFS

Sets the filesystem type reported to the client. Avoid changing.

+
getwd cache = boolean[global] +

Allowable values: YES, NO

Default: YES

Caches the current directory for performance. +Recommended with the wide links +option.

+
group = value

Allowable values: a Unix group name

Default: NULL

Synonym for force group.

+
guest account = value

Allowable values: a single username

Default: varies

Sets the name of the unprivileged Unix account to use for tasks such +as printing and for accessing shares marked with +guest ok. The default is +specified at compile time and is usually set to +nobody.

+
guest ok = boolean

Allowable values: YES, NO

Default: NO

If set to YES, doesn't need passwords for this +share. Used with security = share. Synonym for +public.

+
guest only = boolean

Allowable values: YES, NO

Default: NO

Forces users of a share to log on as the guest account. Requires +guest ok or +public to be YES. Also called +only guest.

+
hide dot files = boolean

Allowable values: YES, NO

Default: YES

Treats files with names beginning with a dot as if they had the +MS-DOS hidden +attribute set. The files are either not displayed on a Windows client +or appear grayed-out, depending on the settings on the client.

+
hide files = slash-separated list

Allowable values: patterns, separated by / +characters

Default: NULL

Specifies a list of file or directory names on which to set the +MS-DOS hidden attribute. Names can contain ? or +* pattern characters and % +variables. See also hide dot +files and veto +files.

+
hide local users = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, hides Unix-specific dummy accounts +(root, wheel, +floppy, etc.) from clients.

+
hide unreadable = boolean

Allowable values: YES, NO

Default: NO

If set to YES, hides all unreadable files.

+
homedir map = name[global] +

Allowable values: NIS map name

Default: NONE

Used with nis homedir to locate +a user's Unix home directory from Sun NIS (not +NIS+).

+
host msdfs = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES and Samba was +configured with the --with-msdfs option, provides +Microsoft Distributed filesystem (Dfs) service, allowing Dfs-capable +clients to browse Dfs trees on the Samba server. See also +msdfs root.

+
hosts allow = host list

Allowable values: list of hosts or networks

Default: NULL

Specifies a list of systems that can access the +share. If NULL, any system can access +the share unless there is a hosts +deny option. Synonym for allow +hosts.

+
hosts deny = host list

Allowable values: list of hosts or networks

Default: NULL

Specifies a list of systems that cannot connect to the share. Synonym +for deny hosts.

+
hosts equiv = filename[global] +

Allowable values: name of file

Default: NULL

Specifies the path to a file of trusted systems from which +passwordless logons are allowed. Strongly discouraged because Windows +NT/2000/XP users can always override the username—the only +security in this scheme.

+
include = filename

Allowable values: name of file

Default: NULL

Includes the named file in smb.conf at the line +where it appears. This option accepts most variables, but not +%u (user), %P (current +share's root directory), or +%S (current share's name) because +they are not set at the time the file is read.

+
inherit acls = boolean

Allowable values: YES, NO

Default: NO

If set, files and subdirectories are created with the same +ACLs +as their parent directories. Directories are given Unix permissions +of 0777 (full permissions) ensuring that the ACL on the directory +will govern the actual permissions given to clients. Requires +POSIX ACL +support to be provided on the Samba host system.

+
inherit permissions = boolean

Allowable values: YES, NO

Default: NO

If set, files and subdirectories are created with the same +permissions as their parent +directories. This allows Unix directory permissions to be propagated +automatically to new files and subdirectories, especially in the +[homes] share. This option overrides +create mask, +directory mask, +force create +mode, and force +directory mode, but not +map archive, +map hidden, or +map system. Samba never sets +the setuid bit when creating a file or directory.

+
interfaces = interface list[global] +

Allowable values: interface list

Default: NULL (all interfaces except 127.0.0.1)

Sets the interfaces to which Samba will respond. The default is the +system's primary interface only. Recommended on +multihomed systems or to override erroneous addresses and netmasks. +Allows interface names such as eth0, DNS names, +address/netmask pairs, and broadcast/netmask pairs. See also +bind interfaces only.

+
invalid users = user list

Allowable values: user list

Default: NULL

Specifies a list of users not permitted access to the share.

+
keepalive = number[global] +

Allowable values: number of seconds

Default: 300

Sets the number of seconds between checks for a crashed client. The +value of 0 causes no checks to be performed. Setting +keepalive = 3600 will turn on checks every hour. A +value of 600 (every 10 minutes) is recommended if you want more +frequent checks. See also socket +options for another approach.

+
kernel oplocks = boolean[global] +

Allowable values: YES, NO

Default: YES

Breaks the oplock when a local Unix process or NFS operation accesses +an oplocked file, thus preventing corruption. This works only on +operating systems that support kernel-based oplocks, such as Linux +2.4 and Irix. Avoid changing. See also oplocks and +level2 oplocks.

+
lanman auth = boolean[global] +

Allowable values: YES, NO

Default: YES

If set to YES, allows clients to use the (weak) LANMAN password hash +used by Windows 95/98/Me. If set to NO, allows only the better NT1 +hash used by Windows NT/2000/XP.

+
large readwrite = boolean[global] +

Allowable values: YES, NO

Default: NO in Samba 2.2, YES in Samba 3.0

If set to YES, allows Windows 2000/XP to read and write 64KB at a +time to improve performance. Requires Samba to be hosted by a 64-bit +OS, such as Linux 2.4, Irix, or Solaris. Somewhat experimental.

+
ldap admin dn = string[global] +

Allowable values: Distinguished Name

Default: NULL

Sets the Distinguished Name used by Samba when contacting the LDAP +server. Requires Samba to be configured with the +--with-ldapsam configuration option. Experimental +option added in Samba 2.2.3 and obsolete in Samba 3.0.

+
ldap filter = string[global] +

Allowable values: LDAP search filter

Default: (&(uid=%u)(objectclass=sambaAccount))

Sets the LDAP search filter. Requires that Samba be configured with +the --with-ldapsam configuration option. +Experimental option added in Samba 2.2.3 and +obsolete in Samba 3.0.

+
ldap port = number[global] +

Allowable values: positive integer

Default: In Samba 2.2, 636 if ldap ssl = on; +otherwise 389

Sets the TCP port number for contacting the LDAP server. Requires +that Samba be configured with the --with-ldapsam +configuration option. Experimental option added in Samba 2.2.3 and +obsolete +starting with Samba 3.0. See also ldap ssl.

+
ldap server = value[global] +

Allowable values: fully qualified domain name

Default: localhost

Sets the domain name of the LDAP server. Requires that Samba be +configured with the --with-ldapsam configuration +option. Experimental option added in Samba 2.2.3 and +obsolete starting with Samba 3.0.

+
ldap ssl = value[global] +

Allowable values: ON, OFF, START TLS

Default: ON

Sets whether Samba uses SSL to contact the LDAP server. ON and OFF +turn SSL encryption on or off. The START TLS setting causes Samba to +use LDAPv3 StartTLS extended operation. Requires that Samba be +configured with the --with-ldapsam configuration +option. Experimental option added in Samba 2.2.3 and +obsolete +in Samba 3.0.

+
ldap suffix = string[global] +

Allowable values: Distinguished Name

Default: NULL

Sets the base Distinguished Name to use for LDAP searches. Requires +that Samba be configured with the --with-ldapsam +configuration option. Experimental option added in Samba 2.2.3 and +obsolete in Samba 3.0.

+
level2 oplocks = boolean

Allowable values: YES, NO

Default: YES

Allows files to be cached read-only on the client when multiple +clients have opened the file. This allows executables to be cached +locally, improving performance.

+
lm announce = value[global] +

Allowable values: AUTO, YES, NO

Default: AUTO

Produces OS/2 SMB broadcasts at an interval specified by the +lm interval option. YES/NO +turns them on/off unconditionally. AUTO causes the Samba server to +wait for a LAN manager announcement from another client before +sending one out. Required for OS/2 client browsing.

+
lm interval = number[global] +

Allowable values: number of seconds

Default: 60

Sets the time period, in seconds, between OS/2 SMB broadcast +announcements.

+
load printers = boolean[global] +

Allowable values: YES, NO

Default: YES

Loads all printer names from the system's +printcap file into the +browse +list. Uses configuration options from the +[printers] section.

+
local master = boolean[global] +

Allowable values: YES, NO

Default: YES

Allows Samba to participate in elections for the local master +browser. See also domain master +and os level.

+
lock dir = directory[global] +

Allowable values: name of directory

Default: /usr/local/samba/var/locks

Synonym for lock directory.

+
lock directory = directory[global] +

Allowable values: name of directory

Default: /usr/local/samba/var/locks

Sets a directory in which to keep lock files. The directory must be +writable by Samba and readable by everyone. Also called +lock dir.

+
lock spin count = number[global] +

Allowable values: positive integer

Default: 2

Sets the number of attempts to attain a byte range lock. See also +lock spin time.

+
lock spin time = number[global] +

Allowable values: number of microseconds

Default: 10

Sets the number of microseconds between attempts to attain a lock. +See also lock spin +count.

+
locking = boolean

Allowable values: YES, NO

Default: YES

Performs file locking. If set to NO, Samba +accepts lock requests but won't actually lock +resources. Turn off for read-only filesystems.

+
log file = filename[global] +

Allowable values: name of file

Default: varies

Sets the name and location of the log file. Allows all % +variables.

+
log level = number[global] +

Allowable values: number

Default: 0

Sets the logging level used. Values of 3 or more slow the system +noticeably. Recommended value is 1. Synonym for +debug level.

+
logon drive = value[global] +

Allowable values: MS-DOS drive name

Default: Z:

Sets the drive to be used as a home directory for domain logons by +Windows NT/2000/XP clients. See also logon +home.

+
logon home = directory[global] +

Allowable values: UNC of shared directory

Default: \\ %N \ %U

Sets the home directory of a Windows 95/98/Me or +NT/2000/XP user. Allows NET USE +H:/HOME from the command prompt if Samba is acting +as a logon server. Append \profile or other +directory to the value of this parameter if storing Windows 95/98/Me +profiles in a subdirectory of the user's home +directory. See logon path for Windows NT/2000/XP +roaming profiles.

+
logon path = directory[global] +

Allowable values: UNC of shared directory

Default: \\ %N \ %U \ profile

Sets the path to the directory where Windows NT/2000/XP +roaming profiles are stored. See +also logon home for Windows 95/98/Me roaming +profiles.

+
logon script = directory[global] +

Allowable values: UNC of shared file

Default: NULL

Sets the pathname (relative to the [netlogon] +share) of an MS-DOS/NT command to run on the client at logon time. +Allows all % variables.

+
lppause command = command

Allowable values: command

Default: varies

Sets the command to pause a print job. +Honors the %p (printer name) and +%j (job number) variables.

+
lpq cache time = number[global] +

Allowable values: number of seconds

Default: 10

Sets how long to keep print queue status cached, in seconds.

+
lpq command = command

Allowable values: command

Default: varies

Sets the command used to get printer status. Usually +initialized to a default value by the printing +option. Honors the %p (printer name) variable.

+
lpresume command = command

Allowable values: command

Default: varies

Sets the command to resume a paused print job. +Honors the %p (printer name) and +%j ( job number) variables.

+
lprm command = command

Allowable values: command

Default: varies

Sets the command to delete a print job. +Usually initialized to a default value by the +printing option. Honors the %p +(printer name) and %j (job number) variables.

+
machine password timeout = number

Allowable values: number of seconds

Default: 604800 (1 week)

Sets the period between (NT domain) computer account password changes.

+
magic output = filename

Allowable values: name of file

Default: command.out

Sets the output file for the magic +scripts option. Default is the command name, +followed by the .out extension.

+
magic script = filename

Allowable values: name of file

Default: NULL

Sets a filename for execution via a shell whenever the file is closed +from the client, allowing clients to run commands on the server. The +scripts will be deleted on completion, if permissions allow. Use is +discouraged.

+
mangle case = boolean

Allowable values: YES, NO

Default: NO

Mangles a +name if it is in mixed case.

+
mangled map = map list

Allowable values: list of to/from pairs

Default: NULL

Sets up a table of names to remap (e.g., .html +to .htm).

+
mangled names = boolean

Allowable values: YES, NO

Default: YES

Sets Samba to abbreviate to the MS-DOS 8.3 style names that are too +long or have unsupported characters.

+
mangled stack = number[global] +

Allowable values: number

Default: 50

Sets the size of the cache of recently mangled filenames.

+
mangling char = character

Allowable values: character

Default: ~

Sets the unique mangling character used in all mangled names.

+
mangling method = string[global] +

Allowable values: hash, hash2

Default: hash

Sets the algorithm used to mangle filenames. The +hash2 method is a newer method introduced in Samba +2.2.x, and it creates different filenames than the +hash method.

+
map archive = boolean

Allowable values: YES, NO

Default: YES

If YES, Samba sets the executable-by-user (0100) bit on Unix files if +the MS-DOS archive attribute is set. If used, the +create mask must contain the +0100 bit.

+
map hidden = boolean

Allowable values: YES, NO

Default: NO

If YES, Samba sets the executable-by-other (0001) bit on Unix files +if the MS-DOS hidden attribute is set. If used, the create +mask option must contain the 0001 bit.

+
map system = boolean

Allowable values: YES, NO

Default: NO

If YES, Samba sets the executable-by-group (0010) bit on Unix files +if the MS-DOS system attribute is set. If used, the +create mask must contain the +0010 bit.

+
map to guest = value[global] +

Allowable values: Never, Bad User, Bad Password

Default: Never

If set to Bad User, allows users without accounts on the Samba system +to log in and be assigned the guest account. This option can be used +as part of making public shares for anyone to use. If set to Bad +Password, users who mistype their passwords will be logged in to the +guest account instead of their own. Because no warning is given, the +Bad Password value can be extremely confusing: we recommend against +it. The default setting of Never prevents users without accounts from +logging in.

+
max connections = number

Allowable values: number

Default: 0 (infinity)

Sets the maximum number of +share connections allowed from each +client system.

+
max disk size = number[global] +

Allowable values: size in MB

Default: 0 (no limit)

Sets the maximum disk size/free-space size (in megabytes) to return +to the client. Some clients or applications can't +understand large maximum disk sizes.

+
max log size = number[global] +

Allowable values: size in KB

Default: 5000

Sets the size (in kilobytes) at which Samba will start a new +log file. The current log file will be +renamed with a .old extension, replacing any +existing file with that name.

+
max mux = number[global] +

Allowable values: number

Default: 50

Sets the number of simultaneous SMB operations that Samba clients can +make. Avoid changing.

+
max open files = number[global] +

Allowable values: number

Default: 10000

Limits the number of files a Samba process will try to keep open at +one time. Samba allows you to set this to less than the maximum +imposed by the Unix host operating system. Avoid changing.

+
max print jobs = number

Allowable values: positive integer

Default: 1000

Limits the number of jobs that can be in the queue for this +printer share at any one time. The printer +will report out of space if the limit is exceeded. +See also total print jobs.

+
max protocol = name[global] +

Allowable values: CORE, COREPLUS, LANMAN1, LANMAN2, NT1

Default: NT1

If set, limits the negotiation to the protocol specified, or older. +See min protocol. Avoid using.

+
max smbd processes = number[global] +

Allowable values: integer

Default: 0 (no limit)

Limits the number of users who can connect to the server. Used to +prevent degraded service under an overload, at the cost of refusing +services entirely.

+
max ttl = number[global] +

Allowable values: number of seconds

Default: 259200 (3 days)

Sets the time to live (TTL) of NetBIOS names in the +nmbd WINS cache. Avoid changing.

+
max wins ttl = number[global] +

Allowable values: number of seconds

Default: 518400 (6 days)

Limits the TTL, in seconds, of a NetBIOS name in the +nmbd WINS cache. Avoid changing. See also +min wins ttl.

+
max xmit = number[global] +

Allowable values: size in bytes

Default: 65535

Sets the maximum packet size negotiated by Samba. This is a tuning +parameter for slow links and bugs in older clients. Values less than +2048 are discouraged.

+
message command = command[global] +

Allowable values: command

Default: NULL

Sets the command to run on the server when a WinPopup message arrives +from a client. If it does not complete quickly, the command must end +in & to allow immediate return. Honors all +% variables except %u (user) +and supports the extra variables %s (filename the +message is in), %t (destination system), and +%f (from).

+
min passwd length = number[global] +

Allowable values: integer

Default: 5

Synonym for min +password length.

+
min password length = number[global] +

Allowable values: integer

Default: 5

Sets the shortest Unix password allowed by Samba when updating a +user's password on its system. Also called +min passwd +length.

+
min print space = number

Allowable values: space in kilobytes

Default: 0 (unlimited)

Sets the minimum spool space required before accepting a print +request.

+
min protocol = name[global] +

Allowable values: CORE, COREPLUS, LANMAN1, LANMAN2, NT1

Default: CORE

If set, prevents use of old (less secure) protocols. Using NT1 +disables MS-DOS clients. See also lanman auth.

+
min wins ttl = number[global] +

Allowable values: number of seconds

Default: 21600 (6 hours)

Sets the minimum TTL, in seconds, of a NetBIOS name in the +nmbd WINS cache. Avoid changing.

+
msdfs root = boolean

Allowable values: YES, NO

Default: NO

Makes the share a Dfs root. Requires the +--with-msdfs configure option. Any symbolic links +of the form msdfs:server\share will be seen as Dfs +links. See also host msdfs.

+
name resolve order = list[global] +

Allowable values: lmhosts, wins, host, bcast

Default: lmhosts, host, wins, bcast

Sets the order of lookup when trying to get IP addresses from names. +The host parameter carries out a regular name lookup using the +server's normal sources: +/etc/hosts, DNS, NIS, or a combination of these.

+
netbios aliases = list[global] +

Allowable values: list of NetBIOS names

Default: NULL

Adds additional NetBIOS names by which the Samba server will +advertise itself.

+
netbios name = value

Allowable values: local hostname

Default: DNS name of system

Sets the NetBIOS name by which a Samba server is known, or the +primary name if NetBIOS aliases exist. See also netbios +aliases.

+
netbios scope = string[global] +

Allowable values: string

Default: NULL

Sets the NetBIOS scope string, an early predecessor of workgroups. +Samba will not communicate with a system with a different scope. This +option is not recommended.

+
nis homedir = boolean[global] +

Allowable values: YES, NO

Default: NO

If YES, the homedir map is used +to look up the server hosting the user's home +directory and return it to the client. The client will contact that +system to connect to the share. This avoids mounting from a system +that doesn't actually have the directory, which +would cause the data to be transmitted twice. The system with the +home directories must be an SMB server.

+
non unix account range = numeric range[global] +

Allowable values: range of positive integers

Default: NONE

Specifies a range of Unix UIDs for Samba to use for user accounts and +computer accounts that are maintained outside of +/etc/passwd. The UIDs in this range must not +overlap those of regular Unix users in +/etc/passwd. See also algorithmic rid +base. New in Samba 3.0.

+
nt acl support = boolean

Allowable values: YES, NO

Default: YES

Causes the Samba server to map Unix +permissions to Windows NT +ACLs.

+
nt pipe support = boolean[global] +

Allowable values: YES, NO

Default: YES

Allows turning off of NT-specific pipe calls. This is a +developer/benchmarking option and might be removed in the future. +Avoid changing.

+
nt smb support = boolean[global] +

Allowable values: YES, NO

Default: YES

If YES, allows the use of NT-specific SMBs. This is a +developer/benchmarking option that is obsolete in Samba 3.0. Avoid changing.

+
nt status support = boolean[global] +

Allowable values: YES, NO

Default: YES

If YES, allows the use of NT-specific status messages. This is a +developer/benchmarking option and might be removed in the future. +Avoid changing.

+
null passwords = boolean[global] +

Allowable values: YES, NO

Default: NO

If YES, allows access to accounts that have null passwords. Strongly +discouraged.

+
obey pam restrictions = boolean[global] +

Allowable values: YES, NO

Default: NO

If set, Samba will adhere to the PAM's account and +session restrictions. Requires --with-pam +configuration option.

+
only guest = boolean

Allowable values: YES, NO

Default: NO

Forces users of a share to log on as the guest account. Synonym for +guest only. Requires +guest ok or +public to be YES.

+
only user = boolean

Allowable values: YES, NO

Default: NO

Requires that users of the share be in the list specified by the +user option.

+
oplock break wait time = number[global] +

Allowable values: number

Default: 0

This is an advanced tuning parameter and +is recommended only for experts who know how Samba handles oplocks. +This option might need to be set if a Windows system fails to release +an oplock in response to a break request from the Samba server. Due +to bugs on some Windows systems, they might fail to respond if Samba +responds too quickly; the default on this option can be lengthened in +such cases.

+
oplock contention limit = number

Allowable values: number of milliseconds

Default: 2

This is an advanced tuning +parameter and is recommended only for experts who know how Samba +handles oplocks. It causes Samba to refuse to grant an oplock if the +number of clients contending for a file exceeds the specified value.

+
oplocks = boolean

Allowable values: YES, NO

Default: YES

If YES, supports local caching of oplocked files on the client. This +option is recommended because it improves performance by about 30%. +See also fake oplocks and +veto oplock +files.

+
os level = number[global] +

Allowable values: integer

Default: 20

Sets the candidacy of the server when electing a browse master. Used +with the domain master or +local master options. You can +set a higher value than a competing operating system if you want +Samba to win. Windows for Workgroups and Windows 95/98/Me use 1. +Windows NT/2000/XP, when not acting as a PDC, use 16 and, when acting +as a PDC, use 32. Warning: this can override non-Samba browse masters +unexpectedly.

+
os2 driver map = filename[global] +

Allowable values: name of file

Default: NULL

Specifies a file containing mappings of Windows NT printer driver +names to OS/2 printer driver names.

+
pam password change = boolean[global] +

Allowable values: YES, NO

Default: NO

If YES, and if Samba is configured with +--with-pam, PAM is allowed to handle password +changes from clients, instead of using the program defined by the +passwd program parameter.

+
panic action = command[global] +

Allowable values: command

Default: NULL

Sets the command to run when Samba panics. Honors all +% variables. For Samba developers and testers, +/usr/bin/X11/xterm -display +:0 -e gdb +/samba/bin/smbd %d is a +possible value.

+
passdb backend = list[global] +

Allowable values: smbpasswd, smbpasswd_nua, tdbsam, tdbsam_nua, plugin

Default: smbpasswd

Specifies methods Samba uses to store and retrieve passwords when +using a method other than the Unix system's +/etc/passwd. See also non unix account +range. New in Samba 3.0.

+
passwd chat = string[global] +

Allowable values: sequence of strings

Default: compiled-in value

Sets the chat strings used to change passwords on the server. +Supports the variables %o (old password) and +%n (new password) and allows the escapes +\r, \n, \t, +and \s (space) in the sequence. See also +unix password sync, passwd +program, passwd chat debug, and +pam password change.

+
passwd chat debug = boolean[global] +

Allowable values: YES, NO

Default: NO

Logs an entire password chat, including passwords passed, with a log +level of 100. For debugging only. See also passwd +chat, pam password change, and +passwd program.

+
passwd program = command[global] +

Allowable values: command

Default: /bin/passwd

Sets the command used to change a user's password. +Will be run as root. Supports +%u (user). See also unix password +sync.

+
password level = number[global] +

Allowable values: number

Default: 0

Specifies the number of uppercase-letter permutations used to match +passwords. A workaround for clients that change passwords to a single +case before sending them to the Samba server. Causes repeated login +attempts with mixed-case passwords, which can trigger account +lockouts. Required for Windows 95/98/Me, plain-text passwords, and +mixed-case passwords. Try to avoid using.

+
password server = list

Allowable values: list of NetBIOS names

Default: NULL

Specifies a list of SMB servers that validate +passwords. Used with a Windows +NT/2000 password server (PDC or BDC) and the +security = +server or security += domain configuration options. +Caution: a Windows NT/2000 password server must allow logins from the +Samba server. If set to *, Samba will look up the +PDC by resolving the NetBIOS name WORKGROUP<1C>.

+
path = directory

Allowable values: name of directory

Default: varies

Sets the path to the directory provided by a file share or used by a +printer share. If the option is omitted, it is set automatically in +the [homes] share to the user's +home directory; otherwise, defaults to /tmp. +Honors the %u (user) and %m +(machine) variables.

+
pid directory = directory[global] +

Allowable values: name of directory

Default: /usr/local/samba/var/locks

Sets the path to the directory where PID files are located.

+
posix locking = boolean

Allowable values: YES, NO

Default: YES

If set to YES, Samba will map file locks owned by SMB clients to +POSIX locks. Avoid changing.

+
postexec = command

Allowable values: command

Default: NULL

Sets a command to run as the user after disconnecting from the share. +See also the preexec, root +preexec, and root +postexec options.

+
postscript = boolean

Allowable values: YES, NO

Default: NO

Forces a printer to recognize a file as PostScript by inserting +%! as the first line. Works only if the printer is +actually PostScript-compatible.

+
preexec = command

Allowable values: command

Default: NULL

Sets a command to run as the user before connecting to the share. +Synonym for exec. See also the +postexec, root +preexec, and root +postexec options.

+
preexec close = boolean

Allowable values: YES, NO

Default: NO

If set, allows the preexec command to decide if +the share can be accessed by the user. If the command returns a +nonzero return code, the user is denied permission to connect.

+
preferred master = boolean[global] +

Allowable values: YES, NO

Default: auto

If YES, Samba is the preferred master browser. Causes Samba to call a +browsing election when it comes online. See also os +level.

+
prefered master = boolean[global] +

Allowable values: YES, NO

Default: auto

Synonym for preferred master.

+
preload = service list

Allowable values: list of shares

Default: NULL

Specifies a list of shares that always appears in +browse lists. Synonym for +auto services. See also +load printers.

+
preserve case = boolean

Allowable values: YES, NO

Default: YES

Leaves filenames in the case +sent by the client. If NO, it forces filenames to the case specified +by the default case option. See +also short preserve +case.

+
printable = boolean

Allowable values: YES, NO

Default: NO

Sets a share to be a print share. Required for all printers. Synonym +for print ok.

+
printcap name = filename[global] +

Allowable values: name of file

Default: /etc/printcap

Sets the path to the printer capabilities file used by the +[printers] share. The default value changes to +/etc/qconfig under AIX and +lpstat on System V. Also called +printcap.

+
print command = command

Allowable values: command

Default: varies

Sets the command used to send a spooled file to the printer. Usually +initialized to a default value corresponding to the +printing option. This option honors the +%p (printer name), %s (spool +file), and %f (spool file as a relative path) +variables. The command must delete the spool file.

+
printer = name

Allowable values: printer name

Default: lp

Sets the name of the Unix printer used by the share. Also called +printer name.

+
printer admin = user list

Allowable values: user list

Default: NULL

Specifies users who can administer a printer using the remote printer +administration interface on a Windows system. The +root user always has these privileges.

+
printer driver = name

Allowable values: exact printer driver string used by Windows

Default: NULL

Sets the string to pass to Windows when asked which driver to use to +prepare files for a printer share. Note that the value is +case-sensitive. Part of pre-2.2 printing system. Deprecated.

+
printer driver file = filename[global] +

Allowable values: name of file

Default: /usr/local/samba/printers/printers.def

Sets the location of a msprint.def file. Usable +by Windows 95/98/Me. Part of pre-2.2 printing system. Deprecated.

+
printer driver location = directory

Allowable values: UNC of shared directory

Default: \\ server\ PRINTER$

Sets the location of the driver for a particular printer. The value +is the pathname of the share that stores the printer driver files. +Part of pre-2.2 printing system. Deprecated.

+
printer name = name

Allowable values: name

Default: NULL

Synonym for printer.

+
printing = value

Allowable values: bsd, sysv, hpux, aix, qnx, plp, softq, lprng, cups

Default: bsd

Sets the printing style to a value other than that in which +you've compiled. This sets initial values of at +least print command , +lpq command , and +lprm command.

+
print ok = boolean

Allowable values: YES, NO

Default: NO

Synonym for printable.

+
private directory = directory[global] +

Allowable values: name of directory

Default: /usr/local/samba/private

Specifies the directory used for storing security-sensitive files +such as smbpasswd and +secrets.tdb. New in Samba 3.0.

+
protocol = name[global] +

Allowable values: NT1, LANMAN2, LANMAN1, COREPLUS, CORE

Default: NT1

Synonym for max protocol.

+
public = boolean

Allowable values: YES, NO

Default: NO

If YES, passwords are not needed for this share. Also called +guest ok.

+
queuepause command = command

Allowable values: full path to script

Default: varies

Sets the command used to pause a print queue. Usually initialized to +a default value by the printing option.

+
queueresume command = command

Allowable values: full path to script

Default: varies

Sets the command used to resume a print queue. Usually initialized to +a default value by the printing option.

+
read bmpx = boolean

Allowable values: YES, NO

Default: NO

If set to YES, supports the "Read Block +Multiplex" message. Avoid changing.

+
read list = list

Allowable values: list of user and/or group names

Default: NULL

Specifies a list of users given read-only access +to a writable share.

+
read only = boolean

Allowable values: YES, NO

Default: NO

Sets a share to read-only. Antonym of writable, +writeable, and write ok.

+
read raw = boolean[global] +

Allowable values: YES, NO

Default: YES

Allows clients to read data using a 64K packet size. Recommended.

+
read size = number[global] +

Allowable values: positive integer

Default: 16384

Allows disk reads and writes to overlap network reads and writes. A +tuning parameter. Do not set larger than the default.

+
realm = string[global] +

Allowable values: Kerberos realm name

Default: NONE

Specifies the realm name for Kerberos 5 authentication. Requires the +--with-krb5 configure option. New in Samba 3.0.

+
remote announce = remote list[global] +

Allowable values: list of remote addresses

Default: NULL

Adds workgroups to the list on which the Samba server will announce +itself. Specified as an IP address and optional workgroup (for +instance, 192.168.220.215/SIMPLE) with multiple entries separated by +spaces. Addresses can be the specific address of the browse master on +a subnet or on directed broadcasts (i.e., ###.###.###.255). The +server will appear on those workgroups' browse +lists. Does not require WINS.

+
remote browse sync = list[global] +

Allowable values: IP addresses

Default: NULL

Perform browse list synchronization with other Samba local master +browsers. Addresses can be specific addresses or directed broadcasts +(i.e., ###.###.###.255). The latter causes Samba to locate the local +master browser on that subnet.

+
restrict anonymous = boolean[global] +

Allowable values: YES, NO

Default: NO

Denies access to users who do not +supply a username. This is disabled by default because when the Samba +server acts as the domain's PDC, the option can keep +a client from revalidating its computer account when someone new logs +in. Use of the option is recommended only when all clients are +Windows NT/2000/XP systems.

+
root = directory[global] +

Allowable values: name of directory

Default: NULL

Synonym for root directory.

+
root dir = directory[global] +

Allowable values: name of directory

Default: NULL

Synonym for root directory.

+
root directory = directory[global] +

Allowable values: name of directory

Default: /

Specifies a directory to chroot( ) before +starting daemons. Prevents any access outside that directory tree. +See also the wide links +configuration option. Also called root and +root dir.

+
root postexec = command

Allowable values: command

Default: NULL

Sets a command to run as root after disconnecting +from the share. See also the preexec, +postexec, and root +preexec configuration options. Runs after the +user's postexec command. Use with +caution.

+
root preexec = command

Allowable values: command

Default: NULL

Sets a command to run as root before connecting to +the share. See also the preexec, +postexec, and root +postexec configuration options. Runs before the +user's preexec command. Use with +caution.

+
root preexec close = boolean

Allowable values: YES, NO

Default: NO

If set, allows the root preexec +command to decide if the share can be accessed by the user. If the +command returns a nonzero return code, the user will be denied +permission to connect.

+
security = value[global] +

Allowable values: share, user, server, domain

Default: user

Sets the client +authentication method. If +security = +share, services are password-protected, available +to everyone who knows the password. If security += user, users have accounts and +passwords, and are required to authenticate with the server before +accessing services. If security += server, users have accounts +and passwords as with security = user, and a +separate system authenticates them for Samba. If +security = +domain, Windows NT domain authentication is +implemented using a Windows NT/2000 or other Samba server to validate +accounts. See also the password server and +encrypted passwords +configuration options.

+
security mask = value

Allowable values: octal value from 0 to 0777

Default: 0777

Controls which permission bits can be changed if a user on a Windows +NT/2000/XP system edits the Unix permissions of files on the Samba +server using the Windows system's ACL editing dialog +box. Any bit that is set in the mask can be changed by the user; any +bit that is clear remains the same on the file even if the user tries +to change it. Requires nt acl +support = +YES. Note that some rarely used bits map to the +DOS system, hidden, and archive bits in the file attributes in a +nonintuitive way.

+
server string = string[global] +

Allowable values: string

Default: Samba %v

Sets the name that corresponds to the Samba server in browse lists. +Honors the %v (Samba version number) and +%h (hostname) variables.

+
set directory = boolean

Allowable values: YES, NO

Default: NO

Allows the DEC Pathworks client to use the set +dir command.

+
share modes = boolean

Allowable values: YES, NO

Default: YES

Directs Samba to support Windows-style whole-file (deny mode) locks. +Do not change.

+
short preserve case = boolean

Allowable values: YES, NO

Default: YES

If set to YES, leaves mangled 8.3-style filenames in the case sent by +the client. If NO, forces the case to that specified by the +default case option. See also +preserve case.

+
show add printer wizard = boolean[global] +

Allowable values: YES, NO

Default: YES

If set, tells clients that the Add Printer Wizard can be used to add +a Samba printer from Windows NT/2000/XP clients. See also +add printer command, delete +printer comamnd, and printer +admin.

+
shutdown script = command[global] +

Allowable values: command

Default: NONE

Specifies a command that initiates a system shutdown. The command is +run with the UID of the connected user. The %m +(message), %t (delay time), %r +(reboot), and %f (force) options are supported. +See also abort shutdown script. New in Samba 3.0.

+
smb passwd file = filename[global] +

Allowable values: name of file

Default: /usr/local/samba/private/smbpasswd

Overrides the compiled-in path to the encrypted password file. See +also encrypted passwords and +private dir.

+
socket address = value[global] +

Allowable values: IP address

Default: NULL

Sets the address on which to listen for connections. Default is to +listen to all addresses.

+
socket options = list[global] +

Allowable values: socket option list

Default: TCP_NODELAY

Sets OS-specific socket options. SO_KEEPALIVE makes TCP check clients +every four hours to see if they are still accessible. TCP_NODELAY +sends even tiny packets to keep delay low. Both are recommended +wherever the operating system supports them.

+
source environment = filename[global] +

Allowable values: name of file

Default: NULL

Causes Samba to read a list of environment variables from a file upon +startup. This can be useful when setting up Samba in a +clustered environment. The +filename can begin with a "|" +(pipe) character, in which case it causes Samba to run the file as a +command to obtain the variables.

The file must be owned by root and must not be +world-writable. If the filename begins with a +"|" character, it must point to a +command that is neither world-writable nor resides in a +world-writable directory.

The data should be in the form of lines such as +SAMBA_NETBIOS_NAME=myhostname. This value +will then be available in the smb.conf files as +%$SAMBA_NETBIOS_NAME.

+
ssl = boolean[global] +

Allowable values: YES, NO

Default: NO

Makes +Samba use SSL for data exchange with some or all hosts. Requires +--with-ssl configure option.Obsolete starting with +Samba 3.0.

+
ssl CA certDir = directory[global] +

Allowable values: name of directory

Default: /usr/local/ssl/certs

Specifies a directory containing a file for each Certification +Authority (CA) that the Samba server trusts so that Samba can verify +client certificates. Part of SSL support. Requires +--with-ssl configure option. Obsolete starting +with Samba 3.0.

+
ssl CA certFile = filename[global] +

Allowable values: name of file

Default: /usr/local/ssl/certs/trustedCAs.pem

Specifies a file that contains information for each CA that the Samba +server trusts so that Samba can verify client certificates. Part of +SSL support. Requires --with-ssl configure option. +Obsolete starting with Samba 3.0.

+
ssl ciphers = list[global] +

Allowable values: list of ciphers

Default: NULL

Specifies which ciphers should be offered during SSL negotiation. Not +recommended. Requires --with-ssl configure option. +Obsolete starting with Samba 3.0.

+
ssl client cert = filename[global] +

Allowable values: name of file

Default: /usr/local/ssl/certs/smbclient.pem

Specifies a file containing the server's SSL +certificate, for use by smbclient if +certificates are required in this environment. Requires +--with-ssl configure option. Obsolete starting +with Samba 3.0.

+
ssl client key = filename[global] +

Allowable values: name of file

Default: /usr/local/ssl/private/smbclient.pem

Specifies a file containing the server's private SSL +key, for use by smbclient. Requires +--with-ssl configure option. Obsolete starting +with Samba 3.0.

+
ssl compatibility = boolean[global] +

Allowable values: YES, NO

Default: NO

Determines whether SSLeay should be configured for bug compatibility +with other SSL implementations. Not recommended. Requires +--with-ssl configure option. Obsolete starting +with Samba 3.0.

+
ssl hosts = host list[global] +

Allowable values: list of hosts or networks

Default: NULL

Requires that SSL be used with the hosts listed. By default, if the +ssl option is set, the server requires SSL with +all hosts. Requires --with-ssl configure option. +Obsolete starting with Samba 3.0.

+
ssl hosts resign = host list[global] +

Allowable values: list of hosts or networks

Default: NULL

Suppresses the use of SSL with the hosts listed. By default, if the +ssl option is set, the server requires SSL with +all hosts. Requires --with-ssl configure option. +Obsolete starting with Samba 3.0.

+
ssl require clientcert = boolean[global] +

Allowable values: YES, NO

Default: NO

Requires clients to use certificates when SSL is in use. This option +is recommended if SSL is used. Requires --with-ssl +configure option. Obsolete starting with Samba 3.0.

+
ssl require servercert = boolean[global] +

Allowable values: YES, NO

Default: NO

When SSL is in use, smbclient requires servers +to use certificates. This option is recommended if SSL is used. +Requires --with-ssl configure option. Obsolete +starting with Samba 3.0.

+
ssl server cert = filename[global] +

Allowable values: name of file

Default: NULL

Specifies a file containing the server's SSL +certificate. Requires --with-ssl configure option. +Obsolete starting with Samba 3.0.

+
ssl server key = filename[global] +

Allowable values: name of file

Default: NULL

Specifies a file containing the server's private SSL +key. If no file is specified and SSL is in use, the server looks up +its key in its server certificate. Requires +--with-ssl configure option. Obsolete starting +with Samba 3.0.

+
ssl version = string[global] +

Allowable values: "ssl2", +"ssl3", +"ssl2or3", +"tls1"

Default: "ssl2or3"

Defines which versions of the SSL protocol the server can use: +Version 2 only ("ssl2"), Version 3 +only ("ssl3"), Version 2 or 3 +dynamically negotiated ("ssl2or3"), +or Transport Layer Security +("tls1"). Requires +--with-ssl configure option. Obsolete starting +with Samba 3.0.

+
stat cache = boolean[global] +

Allowable values: YES, NO

Default: YES

Makes the Samba server cache client names for faster resolution. +Should not be changed.

+
stat cache size = number [global] +

Allowable values: number

Default: 50

Determines the number of client names cached for faster resolution. +Should not be changed.

+
status = boolean[global] +

Allowable values: YES, NO

Default: YES

If set to YES, logs connections to a file (or shared memory) +accessible to smbstatus. +Obsolete +starting with Samba 3.0.

+
strict allocate = boolean

Allowable values: YES, NO

Default: NO

If set to YES, allocates all disk blocks when creating or extending +the size of files, instead of using the normal sparse file allocation +used on Unix. This slows the server, but results in behavior that +matches that of Windows and helps Samba correctly report +"out of quota" messages.

+
strict locking = boolean

Allowable values: YES, NO

Default: NO

If set to YES, checks locks on every access, not just on demand and +at open time. Not recommended.

+
strict sync = boolean

Allowable values: YES, NO

Default: NO

If set to YES, Samba synchronizes to disk whenever the client sets +the sync bit in a packet. If set to NO, Samba flushes data to disk +whenever buffers fill. Defaults to NO because Windows 98 Explorer +sets the bit (incorrectly) in all packets.

+
strip dot = boolean[global] +

Allowable values: YES, NO

Default: NO

Removes trailing dots from filenames. Dysfunctional in Samba 2.2; use +mangled map instead.

+
sync always = boolean

Allowable values: YES, NO

Default: NO

If set to YES, Samba forces the data to disk through fsync +(3) after every write. Avoid except to debug crashing +servers.

+
syslog = number[global] +

Allowable values: number

Default: 1

Sets the level of Samba log messages to send to +syslog. Higher is more verbose. The +syslog.conf file must have suitable logging +enabled.

+
syslog only = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, logs only to syslog instead of +the standard Samba log files.

+
template homedir = path[global] +

Allowable values: full path to directory

Default: /home/%D/%U

Sets the home directory for Unix login sessions for users +authenticated through winbind. %D will be replaced +with user's domain name; %U by +the username.

+
template shell = filename[global] +

Allowable values: full path to shell

Default: /bin/false

Sets the shell for Unix login sessions for users authenticated +through winbind. The default value prevents all Windows domain user +logins.

+
time offset = number[global] +

Allowable values: number of minutes

Default: 0

Sets the number of minutes to add to the system time-zone +calculation. Provided to fix a client daylight-savings bug. Not +recommended.

+
time server = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, nmbd +advertises itself as a provider of SMB time service to clients. This +option only affects whether the time service is advertised. It does +not enable or disable time service.

+
timestamp logs = boolean[global] +

Allowable values: YES, NO

Default: YES

Synonym for debug timestamp.

+
total print jobs = number[global] +

Allowable values: number

Default: 0 (no limit)

Limits total number of current print jobs on server. See also +max print jobs.

+
unix extensions = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, supports +CIFS Unix extensions, providing +better filesystem support for Unix clients. Obsolete in Samba 3.0, which always +offers support.

+
unix password sync = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, attempts to change the user's Unix +password whenever the user changes her SMB password. Used to ease +synchronization of Unix and Microsoft password databases. See also +password program and passwd +chat.

+
update encrypted = boolean[global] +

Allowable values: YES, NO

Default: NO

Updates the encrypted password file when a user logs on with an +unencrypted password. Provided to ease conversion from unencrypted to +encrypted passwords.

+
use client driver = boolean[global] +

Allowable values: YES, NO

Default: NO

Used for avoiding Access Denied; Unable to connect +messages when connecting to a Samba printer from Windows NT/2000/XP +clients. Necessary only when the client has a local printer driver +for the Samba printer.

+
use mmap = boolean[global] +

Allowable values: YES, NO

Default: varies

Tells Samba whether the mmap( ) system call +works correctly on the Samba host. Default is automatically set +correctly. Do not change.

+
use rhosts = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, users' ~/.rhosts +files will be used to identify systems from which users can connect +without providing a password. Discouraged. Obsolete +in Samba 3.0.

+
use sendfile = boolean

Allowable values: YES, NO

Default: NO

If yes, Samba will perform some data transfers for exclusively +oplocked files using the sendfile( ) system +call, which results in significant performance improvements. This is +available if Samba has been configured with the +--with-sendfile-support option. This is an +experimental option and is new in Samba 2.2.5.

+
user = user list

Allowable values: user list

Default: NULL

Synonym for username.

+
username = user list

Allowable values: user list

Default: NULL

Sets a list of users that are tried when logging on with share-level +security in effect. Also called user or +users. Discouraged. Use NET +USE +\\server\share +%user +from the client instead.

+
username level = number[global] +

Allowable values: number

Default: 0

Specifies the number of uppercase-letter permutations allowed to +match Unix usernames. A workaround for Windows' +single-case usernames. Use is discouraged.

+
username map = filename[global] +

Allowable values: name of file

Default: NULL

Names a file of Unix-to-Windows name pairs; used to map different +spellings of account names and Windows usernames longer than eight +characters.

+
users = user list

Allowable values: user list

Default: NULL

Synonym for username.

+
utmp = boolean[global] +

Allowable values: YES, NO

Default: NO

This is available if Samba has been configured with the +--with-utmp option. If set, Samba adds +utmp/utmpx records whenever +a connection is made to a Samba server. Sites can use this option to +record each connection to a Samba share as a system login.

+
utmp directory = directory[global] +

Allowable values: name of directory

Default: NULL

This is available if Samba has been configured with the +--with-utmp option. If this option and +utmp are set, Samba will look in the specified +directory rather than the default system directory for +utmp/utmpx files.

+
valid chars = list

Allowable values: list of numeric values

Default: NULL

Adds national characters to a character set map. See also +client code +page. Obsolete in Samba 3.0.

+
valid users = user list

Allowable values: user list

Default: NULL (allows everyone)

Specifies a list of users that can connect to a share. See also +invalid users.

+
veto files = slash-separated list

Allowable values: slash-separated list of filenames

Default: NULL

Specifies a list of files that the client will not see when listing a +directory's contents. See also +delete veto +files and hide files.

+
veto oplock files = slash-separated list

Allowable values: slash-separated list of filenames

Default: NULL

Specifies a list of files not to oplock (and cache on clients). See +also oplocks and fake +oplocks.

+
vfs object = filename

Allowable values: full path to shared library

Default: NULL

Specifies the shared library to use for Samba's +Virtual File System (VFS). Requires the --with-vfs +configure option.

+
vfs options = string

Allowable values: space-separated list of options

Default: NULL

Specifies parameters to the VFS. Requires the +--with-vfs configure option. See vfs +object.

+
volume = string

Allowable values: share name

Default: NULL

Sets the volume label of a disk share. Especially useful with shared +CD-ROMs.

+
wide links = boolean

Allowable values: YES, NO

Default: YES

If set, Samba follows symlinks out of the disk share. See also the +root dir and +follow symlinks options.

+
winbind cache time = number[global] +

Allowable values: number of seconds

Default: 15

Sets the amount of time that the winbindd daemon +caches user and group information.

+
winbind enum users = boolean[global] +

Allowable values: YES/NO

Default: YES

If set to NO, enumeration of users is suppressed by winbind. +Discouraged.

+
winbind enum groups = boolean[global] +

Allowable values: YES/NO

Default: YES

If set to NO, enumeration of groups is suppressed by winbind. +Discouraged.

+
winbind gid = numeric range[global] +

Allowable values: integer-integer

Default: NULL

Specifies the group ID range winbind uses for Windows NT domain users +connecting to Samba.

+
winbind separator = character[global] +

Allowable values: ASCII character

Default: \

Specifies the character winbind uses to separate a domain name and +username.

+
winbind uid = numeric range[global] +

Allowable values: integer-integer

Default: NULL

Specifies the user ID range winbind will use for Windows NT domain +users connecting to Samba.

+
wins hook = command[global] +

Allowable values: full path to script

Default: NULL

Specifies a command to run whenever the WINS server updates its +database. Allows WINS to be synchronized with DNS or other services. +The command is passed one of the arguments add, +delete, or refresh, followed by +the NetBIOS name, the name type (two hexadecimal digits), the TTL in +seconds, and the IP addresses corresponding to the NetBIOS name. +Requires wins service += YES.

+
wins proxy = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, nmbd proxies resolution requests +to WINS servers on behalf of old clients, which use broadcasts. The +WINS server is typically on another subnet.

+
wins server = value[global] +

Allowable values: hostname or IP address

Default: NULL

Sets the DNS name or IP address of the WINS server.

+
wins support = boolean[global] +

Allowable values: YES, NO

Default: NO

If set to YES, activates the WINS service. The +wins server option must not be +set if wins support += YES.

+
workgroup = name[global] +

Allowable values: workgroup name

Default: compiled-in

Sets the workgroup or domain to which the Samba server belongs. +Overrides the compiled-in default of WORKGROUP. Choosing a name other +than WORKGROUP is highly recommended.

+
writable = boolean

Allowable values: YES, NO

Default: YES

Antonym for read only; +writeable and write +ok are synonyms.

+
writeable = boolean

Allowable values: YES, NO

Default: YES

Antonym for read only; +writable and write +ok are synonyms.

+
write cache size = number

Allowable values: decimal number of bytes

Default: 0 (disabled)

Allocates a write buffer of the specified size in which Samba +accumulates data before a write to disk. This option can be used to +ensure that each write has the optimal size for a given filesystem. +It is typically used with RAID drives, which have a preferred write +size, and with systems that have large memory and slow disks.

+
write list = user list

Allowable values: user list

Default: NULL

Specifies a list of users that are given read/write access to a +read-only share. See also read +list.

+
write ok = boolean

Allowable values: YES, NO

Default: YES

Synonym for writable.

+
write raw = boolean[global] +

Allowable values: YES, NO

Default: YES

Allows fast-streaming writes over TCP using 64KB buffers. Recommended.

+ + + +
+ +

Glossary of Configuration Value Types

+ +
+
boolean
+
+

One of two values, either YES or NO.

+
+ + + +
character
+
+

A single ASCII character.

+
+ + + +
command
+
+

A Unix script or compiled program, with an absolute path specified +for the executable and parameters.

+
+ + + +
directory
+
+

An absolute path specification to a directory. For example:

+ +
/usr/local/samba/lib
+
+ +
+ +
+
filename
+
+

An absolute path specification to a file. For example:

+ +
/etc/printcap
+
+ + +
host list
+
+

A list of hosts. Allows IP addresses, address masks, domain names, +ALL, and EXCEPT.

+
+ + + +
interface list
+
+

A list of interfaces, in either address/netmask or address/n-bits +format. For example:

+ + +
192.168.2.10/255.255.255.0, 192.168.2.10/24
+
+ + +
map list
+
+

A list of filename remapping strings such as +(*.html *.htm).

+
+ + + +
name
+
+

A single name of a type of object, as specified in the +option's description.

+
+ + + +
number
+
+

A positive integer.

+
+ + + +
numeric range
+
+

Two numbers separated by a dash, specifying a minimum and a maximum +value. For example:

+ + +
100-250
+
+ + +
remote list
+
+

A list of subnet-broadcast-address/workgroup pairs. For example:

+ +
192.168.2.255/SERVERS 192.168.4.255/STAFF
+
+ + +
service (share) list
+
+

A list of service (share) names, without the enclosing parentheses.

+
+ + + +
slash-separated list
+
+

A list of filenames, separated by +"/" characters to allow embedded +spaces. For example:

+ + +
/.*/My Documents/*.doc/
+
+ + +
string
+
+

One line of arbitrary text.

+
+ + + +
user list
+
+

A list of usernames and/or group names. +@group_name includes +whomever is in the NIS netgroup +group_name, if one exists, or otherwise +whomever is in the Unix group group_name. +In addition, ++group_name is a Unix +group, &group_name +is an NIS netgroup, and &+ and ++& cause an ordered search of both Unix and +NIS groups.

+
+ + + +
value
+
+

A value of some miscellaneous type, as specified in the +option's description.

+
+ +
+ + +
+ + + +
+ +

Configuration File Variables

+ +

Table B-1 lists the Samba configuration file +variables.

+ +

Table B-1. Configuration file variables

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

Name

+		 +

Meaning

+
+

%a

+		 +

Client's architecture (Samba, WfWg, WinNT, Win95, or +UNKNOWN)

+
+

%d

+		 +

Current server process's process ID

+
+

%D

+		 +

User's Windows NT Domain

+
+

%f

+		 +

Printer spool file as a relative path (printing only)

+
+

%f

+		 +

User from which a message was sent (messages only)

+
+

%G

+		 +

Primary group name of %U (requested username)

+
+

%g

+		 +

Primary group name of %u (actual username)

+
+

%H

+		 +

Home directory of %u (actual username)

+
+

%h

+		 +

Samba server's (Internet) hostname

+
+

%I

+		 +

Client's IP address

+
+

%j

+		 +

Print job number (printing only)

+
+

%L

+		 +

Samba server's NetBIOS name (virtual servers have +multiple names)

+
+

%M

+		 +

Client's (Internet) hostname

+
+

%m

+		 +

Client's NetBIOS name

+
+

%N

+		 +

Name of the NIS home directory server (without NIS, same as +%L)

+
+

%n

+		 +

New password (password change only)

+
+

%o

+		 +

Old password (password change only)

+
+

%P

+		 +

Current share's root directory (actual)

+
+

%p

+		 +

Current share's root directory (in an NIS homedir +map)

+
+

%p

+		 +

Print filename (printing only)

+
+

%R

+		 +

Protocol level in use (CORE, COREPLUS, LANMAN1, LANMAN2, or NT1)

+
+

%S

+		 +

Current share's name

+
+

%s

+		 +

Name of the file in which the message resides (messages only)

+
+

%s

+		 +

Printer spool filename (printing only)

+
+

%T

+		 +

Current date and time

+
+

%t

+		 +

Destination system (messages only)

+
+

%U

+		 +

Requested username for current share

+
+

%u

+		 +

Current share's username

+
+

%v

+		 +

Samba version

+
+

%$name

+		 +

Value of environment variable name

+
+ + +
+ + +

TOC

+ + -- cgit v1.2.3