Ignore:
Timestamp:
Mar 25, 2007, 3:18:51 PM (14 years ago)
Author:
Yuri Dario
Message:

Source code upgrade to 3.0.25pre2.

Location:
trunk/samba/docs/htmldocs/manpages
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/samba/docs/htmldocs/manpages/eventlogadm.8.html

    r1 r22  
    77                <code class="literal">write</code>
    88                <em class="replaceable"><code>EVENTLOG</code></em>
    9                  </p></div></div><div class="refsect1" lang="en"><a name="id231177"></a><h2>DESCRIPTION</h2><p>This tool is part of the
    10         <a href="samba.1.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(1)</span></a> suite.</p><p><span><strong class="command">eventlogadm</strong></span> is a filter that accepts
     9                 </p></div></div><div class="refsect1" lang="en"><a name="id231177"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a href="samba.1.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(1)</span></a> suite.</p><p><span><strong class="command">eventlogadm</strong></span> is a filter that accepts
    1110        formatted event log records on standard input and writes them
    1211        to the Samba event log store. Windows client can then manipulate
    1312        these record using the usual administration tools.</p></div><div class="refsect1" lang="en"><a name="id231404"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term"><code class="option">-d</code></span></dt><dd><p>
    14                 The <span><strong class="command">-d</strong></span> option causes
    15                 <span><strong class="command">eventlogadm</strong></span> to emit debugging
     13                The <span><strong class="command">-d</strong></span> option causes <span><strong class="command">eventlogadm</strong></span> to emit debugging
    1614                information.
    1715                </p></dd><dt><span class="term">
     
    3937        and data separated by a colon character. Records are separated
    4038        by at least one or more blank line.</p><p>The event log record field are:</p><div class="itemizedlist"><ul type="disc"><li><p>
    41                 <span><strong class="command">LEN</strong></span> - This field should be 0, since
    42                 <span><strong class="command">eventlogadm</strong></span> will calculate this value.
     39                <span><strong class="command">LEN</strong></span> - This field should be 0, since <span><strong class="command">eventlogadm</strong></span> will calculate this value.
    4340                </p></li><li><p>
    4441                <span><strong class="command">RS1</strong></span> - This must be the value 1699505740.
     
    8481                </p></li><li><p>
    8582                <span><strong class="command">DAT</strong></span> - This field should be left unset.
    86                 </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id271754"></a><h2>EXAMPLES</h2><p>An example of the record format accepted by
    87         <span><strong class="command">eventlogadm</strong></span>:</p><pre class="programlisting">
     83                </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id271754"></a><h2>EXAMPLES</h2><p>An example of the record format accepted by <span><strong class="command">eventlogadm</strong></span>:</p><pre class="programlisting">
    8884        LEN: 0
    8985        RS1: 1699505740

  • trunk/samba/docs/htmldocs/manpages/index.html

    r1 r22  
    22</p></dd><dt><span class="term"><a href="findsmb.1.html" target="_top">findsmb(1)</a></span></dt><dd><p>list info about machines that respond to SMB
    33        name queries on a subnet
     4</p></dd><dt><span class="term"><a href="idmap_ad.8.html" target="_top">idmap_ad(8)</a></span></dt><dd><p>Samba's idmap_ad Backend for Winbind
     5</p></dd><dt><span class="term"><a href="idmap_ldap.8.html" target="_top">idmap_ldap(8)</a></span></dt><dd><p>Samba's idmap_ldap Backend for Winbind
     6</p></dd><dt><span class="term"><a href="idmap_nss.8.html" target="_top">idmap_nss(8)</a></span></dt><dd><p>Samba's idmap_nss Backend for Winbind
     7</p></dd><dt><span class="term"><a href="idmap_rid.8.html" target="_top">idmap_rid(8)</a></span></dt><dd><p>Samba's idmap_rid Backend for Winbind
     8</p></dd><dt><span class="term"><a href="idmap_tdb.8.html" target="_top">idmap_tdb(8)</a></span></dt><dd><p>Samba's idmap_tdb Backend for Winbind
    49</p></dd><dt><span class="term"><a href="libsmbclient.7.html" target="_top">libsmbclient(7)</a></span></dt><dd><p>An extension library for browsers and that can be used as a generic browsing API.
    510</p></dd><dt><span class="term"><a href="lmhosts.5.html" target="_top">lmhosts(5)</a></span></dt><dd><p>The Samba NetBIOS hosts file
     
    6065</p></dd><dt><span class="term"><a href="vfs_fam_notify.8.html" target="_top">vfs_fam_notify(8)</a></span></dt><dd><p>FAM support for file change notifications
    6166</p></dd><dt><span class="term"><a href="vfs_full_audit.8.html" target="_top">vfs_full_audit(8)</a></span></dt><dd><p>record Samba VFS operations in the system log
     67</p></dd><dt><span class="term"><a href="vfs_gpfs.8.html" target="_top">vfs_gpfs(8)</a></span></dt><dd><p>gpfs specific samba extensions like acls and prealloc
    6268</p></dd><dt><span class="term"><a href="vfs_netatalk.8.html" target="_top">vfs_netatalk(8)</a></span></dt><dd><p>hide .AppleDouble files from CIFS clients
    6369</p></dd><dt><span class="term"><a href="vfs_prealloc.8.html" target="_top">vfs_prealloc(8)</a></span></dt><dd><p>preallocate matching files to a predetermined size

  • trunk/samba/docs/htmldocs/manpages/smb.conf.5.html

    r1 r22  
    301301                If the service is a guest service, a connection is made as the username given in the <code class="literal">guest account
    302302                =</code> for the service, irrespective of the supplied password.
    303                 </p></li></ol></div></div><div class="refsect1" lang="en"><a name="id272744"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="variablelist"><font color="red">&lt;xi:include&gt;&lt;/xi:include&gt;</font><dl><dt><span class="term"><a name="ABORTSHUTDOWNSCRIPT"></a>abort shutdown script (G)</span></dt><dd><p>This a full path name to a script called by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
     303                </p></li></ol></div></div><div class="refsect1" lang="en"><a name="id272744"></a><h2>EXPLANATION OF EACH PARAMETER</h2><div class="variablelist"><dl><dt><span class="term"><a name="ABORTSHUTDOWNSCRIPT"></a>abort shutdown script (G)</span></dt><dd><p>This a full path name to a script called by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> that
    304304        should stop a shutdown procedure issued by the <a class="indexterm" name="id272784"></a>shutdown script.</p><p>If the connected user posseses the <code class="constant">SeRemoteShutdownPrivilege</code>,
    305305        right, this command will be run as user.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>abort shutdown script</code></em> = ""
     
    910910    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = no
    911911</em></span>
     912</p></dd><dt><span class="term"><a name="DEBUGPREFIXTIMESTAMP"></a>debug prefix timestamp (G)</span></dt><dd><p>
     913    With this option enabled, the timestamp message header is prefixed to the debug message without the
     914    filename and function information that is included with the <a class="indexterm" name="id276315"></a>debug timestamp
     915    parameter. This gives timestamps to the messages without adding an additional line.
     916    </p><p>
     917    Note that this parameter overrides the <a class="indexterm" name="id276326"></a>debug timestamp parameter.
     918    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = no
     919</em></span>
    912920</p></dd><dt><span class="term"><a name="TIMESTAMPLOGS"></a>timestamp logs</span></dt><dd><p>This parameter is a synonym for debug timestamp.</p></dd><dt><span class="term"><a name="DEBUGTIMESTAMP"></a>debug timestamp (G)</span></dt><dd><p>
    913921    Samba debug log messages are timestamped by default. If you are running at a high
    914     <a class="indexterm" name="id276334"></a>debug level these timestamps can be distracting. This
     922    <a class="indexterm" name="id276388"></a>debug level these timestamps can be distracting. This
    915923    boolean parameter allows timestamping to be turned off.
    916924        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = yes
     
    920928    current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
    921929    </p><p>
    922     Note that the parameter <a class="indexterm" name="id276380"></a>debug timestamp must be on for this to have an effect.
     930    Note that the parameter <a class="indexterm" name="id276434"></a>debug timestamp must be on for this to have an effect.
    923931    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = no
    924932</em></span>
    925 </p></dd><dt><span class="term"><a name="DEFAULTCASE"></a>default case (S)</span></dt><dd><p>See the section on <a class="indexterm" name="id276420"></a>name mangling.
    926         Also note the <a class="indexterm" name="id276428"></a>short preserve case parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = lower
    927 </em></span>
    928 </p></dd><dt><span class="term"><a name="DEFAULTDEVMODE"></a>default devmode (S)</span></dt><dd><p>This parameter is only applicable to <a class="indexterm" name="id276468"></a>printable services.
     933</p></dd><dt><span class="term"><a name="DEFAULTCASE"></a>default case (S)</span></dt><dd><p>See the section on <a class="indexterm" name="id276474"></a>name mangling.
     934        Also note the <a class="indexterm" name="id276481"></a>short preserve case parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = lower
     935</em></span>
     936</p></dd><dt><span class="term"><a name="DEFAULTDEVMODE"></a>default devmode (S)</span></dt><dd><p>This parameter is only applicable to <a class="indexterm" name="id276522"></a>printable services.
    929937    When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
    930938    server has a Device Mode which defines things such as paper size and
     
    947955    </p><p>For more information on Windows NT/2k printing and Device Modes,
    948956    see the <a href="http://msdn.microsoft.com/" target="_top">MSDN documentation</a>.
    949 </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = no
     957</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default devmode</code></em> = yes
    950958</em></span>
    951959</p></dd><dt><span class="term"><a name="DEFAULT"></a>default</span></dt><dd><p>This parameter is a synonym for default service.</p></dd><dt><span class="term"><a name="DEFAULTSERVICE"></a>default service (G)</span></dt><dd><p>This parameter specifies the name of a service
     
    955963        parameter is not given, attempting to connect to a nonexistent
    956964        service results in an error.</p><p>
    957         Typically the default service would be a <a class="indexterm" name="id276575"></a>guest ok, <a class="indexterm" name="id276582"></a>read-only service.</p><p>Also note that the apparent service name will be changed to equal
     965        Typically the default service would be a <a class="indexterm" name="id276633"></a>guest ok, <a class="indexterm" name="id276640"></a>read-only service.</p><p>Also note that the apparent service name will be changed to equal
    958966        that of the requested service, this is very useful as it allows you to use macros like <em class="parameter"><code>%S</code></em> to make a wildcard service.
    959967        </p><p>Note also that any "_" characters in the name of the service
     
    987995    DeletePrinter() RPC call.</p><p>For a Samba host this means that the printer must be
    988996    physically deleted from underlying printing system.  The
    989     <a class="indexterm" name="id276753"></a>deleteprinter command defines a script to be run which
     997    <a class="indexterm" name="id276811"></a>deleteprinter command defines a script to be run which
    990998    will perform the necessary operations for removing the printer
    991999    from the print system and from <code class="filename">smb.conf</code>.
    992     </p><p>The <a class="indexterm" name="id276770"></a>deleteprinter command is
    993     automatically called with only one parameter: <a class="indexterm" name="id276778"></a>printer name.
    994         </p><p>Once the <a class="indexterm" name="id276788"></a>deleteprinter command has
     1000    </p><p>The <a class="indexterm" name="id276828"></a>deleteprinter command is
     1001    automatically called with only one parameter: <a class="indexterm" name="id276836"></a>printer name.
     1002        </p><p>Once the <a class="indexterm" name="id276846"></a>deleteprinter command has
    9951003    been executed, <span><strong class="command">smbd</strong></span> will reparse the <code class="filename">
    9961004    smb.conf</code> to associated printer no longer exists. 
     
    10221030                        </p></li></ul></div><p>
    10231031        This parameter is only used to remove file shares.  To delete printer shares,
    1024         see the <a class="indexterm" name="id276976"></a>deleteprinter command.
     1032        see the <a class="indexterm" name="id277034"></a>deleteprinter command.
    10251033        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> =
    10261034</em></span>
     
    10471055</p></dd><dt><span class="term"><a name="DELETEVETOFILES"></a>delete veto files (S)</span></dt><dd><p>This option is used when Samba is attempting to
    10481056        delete a directory that contains one or more vetoed directories
    1049         (see the <a class="indexterm" name="id277166"></a>veto files
     1057        (see the <a class="indexterm" name="id277224"></a>veto files
    10501058        option).  If this option is set to <code class="constant">no</code> (the default) then if a vetoed
    10511059        directory contains any non-vetoed files or directories then the
     
    10551063        serving systems such as NetAtalk which create meta-files within
    10561064        directories you might normally veto DOS/Windows users from seeing
    1057         (e.g. <code class="filename">.AppleDouble</code>)</p><p>Setting <a class="indexterm" name="id277197"></a>delete veto files = yes allows these
     1065        (e.g. <code class="filename">.AppleDouble</code>)</p><p>Setting <a class="indexterm" name="id277254"></a>delete veto files = yes allows these
    10581066        directories to be  transparently deleted when the parent directory
    10591067        is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = no
     
    10671075        This is a new parameter introduced in Samba version 3.0.21.  It specifies in seconds the time that smbd will
    10681076        cache the output of a disk free query. If set to zero (the default) no caching is done. This allows a heavily
    1069         loaded server to prevent rapid spawning of <a class="indexterm" name="id277251"></a>dfree command scripts increasing the load.
     1077        loaded server to prevent rapid spawning of <a class="indexterm" name="id277309"></a>dfree command scripts increasing the load.
    10701078        </p><p>
    10711079        By default this parameter is zero, meaning no caching will be done.
     
    10831091        </p><p>
    10841092        In Samba version 3.0.21 this parameter has been changed to be a per-share parameter, and in addition the
    1085         parameter <a class="indexterm" name="id277318"></a>dfree cache time was added to allow the output of this script to be cached
     1093        parameter <a class="indexterm" name="id277376"></a>dfree cache time was added to allow the output of this script to be cached
    10861094        for systems under heavy load.
    10871095        </p><p>
     
    11211129    and 'other' write bits from the UNIX mode, allowing only the
    11221130    user who owns the directory to modify it.</p><p>Following this Samba will bit-wise 'OR' the UNIX mode
    1123     created from this parameter with the value of the <a class="indexterm" name="id277446"></a>force directory mode parameter.
     1131    created from this parameter with the value of the <a class="indexterm" name="id277504"></a>force directory mode parameter.
    11241132    This parameter is set to 000 by default (i.e. no extra mode bits are added).</p><p>Note that this parameter does not apply to permissions
    11251133    set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
    1126     a mask on access control lists also, they need to set the <a class="indexterm" name="id277459"></a>directory security mask.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = 0755
     1134    a mask on access control lists also, they need to set the <a class="indexterm" name="id277517"></a>directory security mask.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = 0755
    11271135</em></span>
    11281136</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = 0775
     
    11331141    box.</p><p>
    11341142        This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not
    1135         in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id277518"></a>force  directory security mode, which works similar like this one but uses logical OR instead of AND.
     1143        in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id277576"></a>force  directory security mode, which works similar like this one but uses logical OR instead of AND.
    11361144        Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change.
    11371145        </p><p>If not set explicitly this parameter is set to 0777
     
    11671175        The default value is "LOCALE", which means automatically set, depending on the
    11681176        current locale. The value should generally be the same as the value of the parameter
    1169         <a class="indexterm" name="id277670"></a>unix charset.
     1177        <a class="indexterm" name="id277728"></a>unix charset.
    11701178        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = "LOCALE" or "ASCII" (depending on the system)
    11711179</em></span>
     
    11991207        If set to <code class="constant">yes</code>, the Samba server will
    12001208        provide the netlogon service for Windows 9X network logons for the
    1201         <a class="indexterm" name="id277830"></a>workgroup it is in.
     1209        <a class="indexterm" name="id277888"></a>workgroup it is in.
    12021210        This will also cause the Samba server to act as a domain
    12031211        controller for NT4 style domain services. For more details on
     
    12101218        WAN-wide browse list collation. Setting this option causes <span><strong class="command">nmbd</strong></span> to claim a
    12111219        special domain specific NetBIOS name that identifies it as a domain master browser for its given
    1212         <a class="indexterm" name="id277888"></a>workgroup. Local master browsers in the same <a class="indexterm" name="id277895"></a>workgroup on
     1220        <a class="indexterm" name="id277946"></a>workgroup. Local master browsers in the same <a class="indexterm" name="id277953"></a>workgroup on
    12131221        broadcast-isolated subnets will give this <span><strong class="command">nmbd</strong></span> their local browse lists,
    12141222        and then ask <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> for a
     
    12171225        broadcast-isolated subnet.
    12181226        </p><p>
    1219         Note that Windows NT Primary Domain Controllers expect to be able to claim this <a class="indexterm" name="id277923"></a>workgroup specific special NetBIOS name that identifies them as domain master browsers for that
    1220         <a class="indexterm" name="id277930"></a>workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting
     1227        Note that Windows NT Primary Domain Controllers expect to be able to claim this <a class="indexterm" name="id277981"></a>workgroup specific special NetBIOS name that identifies them as domain master browsers for that
     1228        <a class="indexterm" name="id277988"></a>workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting
    12211229        to do this). This means that if this parameter is set and <span><strong class="command">nmbd</strong></span> claims the
    1222         special name for a <a class="indexterm" name="id277945"></a>workgroup before a Windows NT PDC is able to do so then cross
     1230        special name for a <a class="indexterm" name="id278003"></a>workgroup before a Windows NT PDC is able to do so then cross
    12231231        subnet browsing will behave strangely and may fail.
    12241232        </p><p>
    1225         If <a class="indexterm" name="id277956"></a>domain logons = yes, then the default behavior is to enable the
    1226         <a class="indexterm" name="id277964"></a>domain master parameter.  If <a class="indexterm" name="id277971"></a>domain logons is not enabled (the
    1227         default setting), then neither will <a class="indexterm" name="id277978"></a>domain master be enabled by default.
    1228         </p><p>
    1229         When <a class="indexterm" name="id277989"></a>domain logons = Yes the default setting for this parameter is
    1230         Yes, with the result that Samba will be a PDC. If <a class="indexterm" name="id277997"></a>domain master = No,
     1233        If <a class="indexterm" name="id278014"></a>domain logons = yes, then the default behavior is to enable the
     1234        <a class="indexterm" name="id278021"></a>domain master parameter.  If <a class="indexterm" name="id278029"></a>domain logons is not enabled (the
     1235        default setting), then neither will <a class="indexterm" name="id278036"></a>domain master be enabled by default.
     1236        </p><p>
     1237        When <a class="indexterm" name="id278047"></a>domain logons = Yes the default setting for this parameter is
     1238        Yes, with the result that Samba will be a PDC. If <a class="indexterm" name="id278055"></a>domain master = No,
    12311239        Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC.
    12321240        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = auto
     
    13341342    <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> must either
    13351343    have access to a local <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> file (see the <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> program for information on how to set up
    1336     and maintain this file), or set the <a class="indexterm" name="id278473"></a>security = [server|domain|ads] parameter which
     1344    and maintain this file), or set the <a class="indexterm" name="id229365"></a>security = [server|domain|ads] parameter which
    13371345    causes <span><strong class="command">smbd</strong></span> to authenticate against another
    13381346        server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = yes
     
    14101418        file open/close operations. This can give enormous performance benefits.
    14111419        </p><p>When you set <span><strong class="command">fake oplocks = yes</strong></span>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will
    1412         always grant oplock requests no matter how many clients are using the file.</p><p>It is generally much better to use the real <a class="indexterm" name="id278781"></a>oplocks support rather
     1420        always grant oplock requests no matter how many clients are using the file.</p><p>It is generally much better to use the real <a class="indexterm" name="id278900"></a>oplocks support rather
    14131421        than this parameter.</p><p>If you enable this option on all read-only shares or
    14141422        shares that you know will only be accessed from one client at a
     
    14601468        </p><p>
    14611469        This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this
    1462         mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279024"></a>directory security mask, which works in a similar manner to this one, but uses a logical AND instead
     1470        mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279143"></a>directory security mask, which works in a similar manner to this one, but uses a logical AND instead
    14631471        of an OR.
    14641472        </p><p>
     
    14941502    primary group assigned to sys when accessing this Samba share. All
    14951503    other users will retain their ordinary primary group.</p><p>
    1496         If the <a class="indexterm" name="id279136"></a>force user parameter is also set the group specified in
     1504        If the <a class="indexterm" name="id279255"></a>force user parameter is also set the group specified in
    14971505    <em class="parameter"><code>force group</code></em> will override the primary group
    14981506    set in <em class="parameter"><code>force user</code></em>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> =
     
    15281536        </p><p>
    15291537        This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this
    1530         mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279278"></a>security mask, which works similar like this one but uses logical AND instead of OR.
     1538        mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279401"></a>security mask, which works similar like this one but uses logical AND instead of OR.
    15311539        </p><p>
    15321540        Essentially, one bits in this mask may be treated as a set of bits that, when modifying security on a file,
     
    15961604    caching algorithm will be used to reduce the time taken for getwd()
    15971605    calls. This can have a significant impact on performance, especially
    1598     when the <a class="indexterm" name="id279683"></a>wide smbconfoptions parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = yes
     1606    when the <a class="indexterm" name="id279805"></a>wide smbconfoptions parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = yes
    15991607</em></span>
    16001608</p></dd><dt><span class="term"><a name="GUESTACCOUNT"></a>guest account (G)</span></dt><dd><p>This is a username which will be used for access
    1601     to services which are specified as <a class="indexterm" name="id279727"></a>guest ok (see below). Whatever privileges this
     1609    to services which are specified as <a class="indexterm" name="id279850"></a>guest ok (see below). Whatever privileges this
    16021610    user has will be available to any client connecting to the guest service.
    16031611    This user must exist in the password file, but does not require
     
    16181626</p></dd><dt><span class="term"><a name="PUBLIC"></a>public</span></dt><dd><p>This parameter is a synonym for guest ok.</p></dd><dt><span class="term"><a name="GUESTOK"></a>guest ok (S)</span></dt><dd><p>If this parameter is <code class="constant">yes</code> for
    16191627    a service, then no password is required to connect to the service.
    1620     Privileges will be those of the <a class="indexterm" name="id279835"></a>guest account.</p><p>This paramater nullifies the benifits of setting
    1621     <a class="indexterm" name="id279846"></a>restrict anonymous = 2
    1622         </p><p>See the section below on <a class="indexterm" name="id279856"></a>security for more information about this option.
     1628    Privileges will be those of the <a class="indexterm" name="id279957"></a>guest account.</p><p>This paramater nullifies the benifits of setting
     1629    <a class="indexterm" name="id279968"></a>restrict anonymous = 2
     1630        </p><p>See the section below on <a class="indexterm" name="id279979"></a>security for more information about this option.
    16231631        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = no
    16241632</em></span>
    16251633</p></dd><dt><span class="term"><a name="ONLYGUEST"></a>only guest</span></dt><dd><p>This parameter is a synonym for guest only.</p></dd><dt><span class="term"><a name="GUESTONLY"></a>guest only (S)</span></dt><dd><p>If this parameter is <code class="constant">yes</code> for
    16261634    a service, then only guest connections to the service are permitted.
    1627     This parameter will have no effect if <a class="indexterm" name="id279922"></a>guest ok is not set for the service.</p><p>See the section below on <a class="indexterm" name="id279933"></a>security for more information about this option.
     1635    This parameter will have no effect if <a class="indexterm" name="id280044"></a>guest ok is not set for the service.</p><p>See the section below on <a class="indexterm" name="id280055"></a>security for more information about this option.
    16281636        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = no
    16291637</em></span>
     
    16671675</em></span>
    16681676</p></dd><dt><span class="term"><a name="HOMEDIRMAP"></a>homedir map (G)</span></dt><dd><p>
    1669         If <a class="indexterm" name="id280180"></a>nis homedir is <code class="constant">yes</code>, and <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting         as a Win95/98 <em class="parameter"><code>logon server</code></em>
     1677        If <a class="indexterm" name="id280303"></a>nis homedir is <code class="constant">yes</code>, and <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting         as a Win95/98 <em class="parameter"><code>logon server</code></em>
    16701678        then this parameter specifies the NIS (or YP) map from which the server for the user's  home directory should be extracted. 
    16711679        At present, only the Sun auto.home map format is understood. The form of the map is:
     
    16851693        Dfs trees hosted on the server.
    16861694        </p><p>
    1687         See also the <a class="indexterm" name="id280278"></a>msdfs root share  level  parameter.  For more  information  on
     1695        See also the <a class="indexterm" name="id280400"></a>msdfs root share  level  parameter.  For more  information  on
    16881696        setting  up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO.
    16891697        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = yes
     
    16971705</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = yes
    16981706</em></span>
    1699 </p></dd><dt><span class="term"><a name="ALLOWHOSTS"></a>allow hosts</span></dt><dd><p>This parameter is a synonym for hosts allow.</p></dd><dt><span class="term"><a name="HOSTSALLOW"></a>hosts allow (S)</span></dt><dd><p>A synonym for this parameter is <a class="indexterm" name="id280398"></a>allow hosts.</p><p>This parameter is a comma, space, or tab delimited
     1707</p></dd><dt><span class="term"><a name="ALLOWHOSTS"></a>allow hosts</span></dt><dd><p>This parameter is a synonym for hosts allow.</p></dd><dt><span class="term"><a name="HOSTSALLOW"></a>hosts allow (S)</span></dt><dd><p>A synonym for this parameter is <a class="indexterm" name="id280521"></a>allow hosts.</p><p>This parameter is a comma, space, or tab delimited
    17001708    set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will
    17011709    apply to all services, regardless of whether the individual
     
    17071715    page may not be present on your system, so a brief description will
    17081716    be given here also.</p><p>Note that the localhost address 127.0.0.1 will always
    1709     be allowed access unless specifically denied by a <a class="indexterm" name="id280437"></a>hosts deny option.</p><p>You can also specify hosts by network/netmask pairs and
     1717    be allowed access unless specifically denied by a <a class="indexterm" name="id280559"></a>hosts deny option.</p><p>You can also specify hosts by network/netmask pairs and
    17101718    by netgroup names if your system supports netgroups. The
    17111719    <span class="emphasis"><em>EXCEPT</em></span> keyword can also be used to limit a
     
    17241732        In the event that it is necessary to deny all by default, use the keyword
    17251733        ALL (or the netmask <code class="literal">0.0.0.0/0</code>) and then explicitly specify
    1726         to the <a class="indexterm" name="id280613"></a>hosts allow = hosts allow parameter those hosts
     1734        to the <a class="indexterm" name="id280736"></a>hosts allow = hosts allow parameter those hosts
    17271735        that should be permitted access.
    17281736        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> =
     
    17311739</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = 150.203.4. badhost.mynet.edu.au
    17321740</em></span>
    1733 </p></dd><dt><span class="term"><a name="IDMAPBACKEND"></a>idmap backend (G)</span></dt><dd><p>
    1734         The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
    1735         tdb file to obtain SID to UID / GID mappings for unmapped SIDs, but instead to obtain them from a common
    1736         LDAP backend. This way all domain members and controllers will have the same UID and GID
    1737         to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
    1738         systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
    1739         </p><p>
    1740         An alternate method of SID to UID / GID  mapping can be achieved using the rid
    1741         plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
    1742         RID to a base value specified. This utility requires that the parameter
    1743         &#8220;<span class="quote">allow trusted domains = No</span>&#8221; must be specified, as it is not compatible
    1744         with multiple domain environments. The idmap uid and idmap gid ranges must also be
    1745         specified.
    1746         </p><p>
    1747         Finally, using the ad module, the UID and GID can directly
    1748         be retrieved from an Active Directory LDAP Server that supports an
    1749         RFC2307 compliant LDAP schema. ad supports "Services for Unix"
    1750         (SFU) version 2.x and 3.0. 
    1751         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> =
    1752 </em></span>
    1753 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = ldap:ldap://ldapslave.example.com
    1754 </em></span>
    1755 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"
    1756 </em></span>
    1757 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = ad
    1758 </em></span>
    1759 </p></dd><dt><span class="term"><a name="WINBINDGID"></a>winbind gid</span></dt><dd><p>This parameter is a synonym for idmap gid.</p></dd><dt><span class="term"><a name="IDMAPGID"></a>idmap gid (G)</span></dt><dd><p>The idmap gid parameter specifies the range of group ids that are allocated for
    1760         the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no
    1761         existing local or NIS groups within it as strange conflicts can occur otherwise.</p><p>The availability of an idmap gid range is essential for correct operation of
    1762                 all group mapping.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> =
     1741</p></dd><dt><span class="term"><a name="IDMAPALLOCBACKEND"></a>idmap alloc backend (G)</span></dt><dd><p>
     1742        The idmap alloc backend provides a plugin interface for Winbind to use
     1743        when allocating Unix uids/gids for Windows SIDs.  This option is
     1744        to be used in conjunction with the <a class="indexterm" name="id280790"></a>idmap domains
     1745        parameter and refers to the name of the idmap module which will provide
     1746        the id allocation functionality.  Please refer to the man page
     1747        for each idmap plugin to determine whether or not the module implements
     1748        the allocation feature.  The most common plugins are the tdb (<a href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>)
     1749        and ldap (<a href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>) libraries.
     1750        </p><p>Also refer to the <a class="indexterm" name="id280819"></a>idmap alloc config option.
     1751        </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap alloc backend</code></em> = tdb
     1752</em></span>
     1753</p></dd><dt><span class="term"><a name="IDMAPALLOCCONFIG"></a>idmap alloc config (G)</span></dt><dd><p>
     1754        The idmap alloc config prefix provides a means of managing settings
     1755        for the backend defined by the <a class="indexterm" name="id280864"></a>idmap alloc backend
     1756        parameter.  Refer to the man page for each idmap plugin regarding
     1757        specific configuration details.
     1758        </p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="IDMAPBACKEND"></a>idmap backend (G)</span></dt><dd><p>
     1759        The idmap backend provides a plugin interface for Winbind to use
     1760        varying backends to store SID/uid/gid mapping tables.  This
     1761        option is mutually exclusive with the newer and more flexible
     1762        <a class="indexterm" name="id280899"></a>idmap domains parameter.  The main difference
     1763        between the "idmap backend" and the "idmap domains"
     1764        is that the former only allows on backend for all domains while the
     1765        latter supports configuring backends on a per domain basis.
     1766        </p><p>Examples of SID/uid/gid backends include tdb (<a href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>),
     1767        ldap (<a href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>), rid (<a href="idmap_rid.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_rid</span>(8)</span></a>),
     1768        and ad (<a href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>).
     1769        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap backend</code></em> = tdb
     1770</em></span>
     1771</p></dd><dt><span class="term"><a name="IDMAPCACHETIME"></a>idmap cache time (G)</span></dt><dd><p>This parameter specifies the number of seconds that Winbind's
     1772        idmap interface will cache positive SID/uid/gid query results.
     1773        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap cache time</code></em> = 900
     1774</em></span>
     1775</p></dd><dt><span class="term"><a name="IDMAPCONFIG"></a>idmap config (G)</span></dt><dd><p>
     1776        The idmap config prefix provides a means of managing each domain
     1777        defined by the <a class="indexterm" name="id281011"></a>idmap domains option using Samba's
     1778        parameteric option support.  The idmap config prefix should be
     1779        followed by the name of the domain, a colon, and a setting specific to
     1780        the chosen backend.  There are three options available for all domains:
     1781        </p><div class="variablelist"><dl><dt><span class="term">backend = backend_name</span></dt><dd><p>
     1782                        Specifies the name of the idmap plugin to use as the
     1783                        SID/uid/gid backend for this domain.
     1784                </p></dd><dt><span class="term">default = [yes|no]</span></dt><dd><p>
     1785                        The default domain/backend will be used for searching for
     1786                        users and groups not belonging to one of the explicitly
     1787                        listed domains (matched by comparing the account SID and the
     1788                        domain SID).
     1789                </p></dd><dt><span class="term">readonly = [yes|no]</span></dt><dd><p>
     1790                        Mark the domain as readonly which means that no attempts to
     1791                        allocate a uid or gid (by the <a class="indexterm" name="id281058"></a>idmap alloc     backend) for any user or group in that domain
     1792                        will be attempted.
     1793                </p></dd></dl></div><p>
     1794        The following example illustrates how to configure the <a href="idmap_ad.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ad</span>(8)</span></a>
     1795        for the CORP domain and the <a href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a> backend for all other domains.  The
     1796        TRUSTEDDOMAINS string is simply a key used to reference the "idmap
     1797        config" settings and does not represent the actual name of a domain.
     1798        </p><pre class="programlisting">
     1799        idmap domains = CORP TRUSTEDDOMAINS
     1800
     1801        idmap config CORP:backend  = ad
     1802        idmap config CORP:readonly = yes
     1803
     1804        idmap config TRUSTEDDOMAINS:backend = tdb
     1805        idmap config TRUSTEDDOMAINS:default = yes
     1806        idmap config TRUSTEDDOMAINS:range   = 1000 - 9999
     1807        </pre><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="IDMAPDOMAINS"></a>idmap domains (G)</span></dt><dd><p>
     1808        The idmap domains option defines a list of Windows domains which will each
     1809        have a separately configured backend for managing Winbind's SID/uid/gid
     1810        tables.  This parameter is mutually exclusive with the older <a class="indexterm" name="id281126"></a>idmap backend option.
     1811        </p><p>
     1812        Values consist of the short domain name for Winbind's primary or collection
     1813        of trusted domains.  You may also use an arbitrary string to represent a catchall
     1814        domain backend for any domain not explicitly listed.
     1815        </p><p>
     1816        Refer to the <a class="indexterm" name="id281141"></a>idmap config for details about
     1817        managing the SID/uid/gid backend for each domain.
     1818        </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap domains</code></em> = default AD CORP
     1819</em></span>
     1820</p></dd><dt><span class="term"><a name="WINBINDGID"></a>winbind gid</span></dt><dd><p>This parameter is a synonym for idmap gid.</p></dd><dt><span class="term"><a name="IDMAPGID"></a>idmap gid (G)</span></dt><dd><p>The idmap gid parameter specifies the range of group ids
     1821        that are allocated for the purpose of mapping UNX groups to NT group
     1822        SIDs. This range of group ids should have no
     1823        existing local or NIS groups within it as strange conflicts can
     1824        occur otherwise.</p><p>See also the <a class="indexterm" name="id281214"></a>idmap backend, <a class="indexterm" name="id281221"></a>idmap domains, and <a class="indexterm" name="id281228"></a>idmap config options.
     1825        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> =
    17631826</em></span>
    17641827</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = 10000-20000
    17651828</em></span>
    1766 </p></dd><dt><span class="term"><a name="WINBINDUID"></a>winbind uid</span></dt><dd><p>This parameter is a synonym for idmap uid.</p></dd><dt><span class="term"><a name="IDMAPUID"></a>idmap uid (G)</span></dt><dd><p>The idmap uid parameter specifies the range of user ids that are allocated for use
    1767         in mapping UNIX users to NT user SIDs. This range of ids should have no existing local
    1768         or NIS users within it as strange conflicts can occur otherwise.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> =
     1829</p></dd><dt><span class="term"><a name="IDMAPNEGATIVECACHETIME"></a>idmap negative cache time (G)</span></dt><dd><p>This parameter specifies the number of seconds that Winbind's
     1830        idmap interface will cache negative SID/uid/gid query results.
     1831        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap negative cache time</code></em> = 120
     1832</em></span>
     1833</p></dd><dt><span class="term"><a name="WINBINDUID"></a>winbind uid</span></dt><dd><p>This parameter is a synonym for idmap uid.</p></dd><dt><span class="term"><a name="IDMAPUID"></a>idmap uid (G)</span></dt><dd><p>
     1834        The idmap uid parameter specifies the range of user ids that are
     1835        allocated for use in mapping UNIX users to NT user SIDs. This
     1836        range of ids should have no existing local
     1837        or NIS users within it as strange conflicts can occur otherwise.</p><p>See also the <a class="indexterm" name="id281340"></a>idmap backend, <a class="indexterm" name="id281347"></a>idmap domains, and <a class="indexterm" name="id281354"></a>idmap config options.
     1838        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> =
    17691839</em></span>
    17701840</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = 10000-20000
     
    17971867</em></span>
    17981868</p></dd><dt><span class="term"><a name="INHERITPERMISSIONS"></a>inherit permissions (S)</span></dt><dd><p>
    1799         The permissions on new files and directories are normally governed by <a class="indexterm" name="id281032"></a>create mask,
    1800         <a class="indexterm" name="id281039"></a>directory mask, <a class="indexterm" name="id281046"></a>force create mode and <a class="indexterm" name="id281054"></a>force directory mode but the boolean inherit permissions parameter overrides this.
     1869        The permissions on new files and directories are normally governed by <a class="indexterm" name="id281548"></a>create mask,
     1870        <a class="indexterm" name="id281555"></a>directory mask, <a class="indexterm" name="id281562"></a>force create mode and <a class="indexterm" name="id281570"></a>force directory mode but the boolean inherit permissions parameter overrides this.
    18011871        </p><p>New directories inherit the mode of the parent directory,
    18021872    including bits such as setgid.</p><p>
    18031873        New files inherit their read/write bits from the parent directory.  Their execute bits continue to be
    1804         determined by <a class="indexterm" name="id281070"></a>map archive, <a class="indexterm" name="id281077"></a>map hidden and <a class="indexterm" name="id281084"></a>map system as usual.
     1874        determined by <a class="indexterm" name="id281586"></a>map archive, <a class="indexterm" name="id281593"></a>map hidden and <a class="indexterm" name="id281600"></a>map system as usual.
    18051875        </p><p>Note that the setuid bit is <span class="emphasis"><em>never</em></span> set via
    18061876    inheritance (the code explicitly prohibits this).</p><p>This can be particularly useful on large systems with
     
    18531923</em></span>
    18541924</p></dd><dt><span class="term"><a name="IPRINTSERVER"></a>iprint server (G)</span></dt><dd><p>
    1855     This parameter is only applicable if <a class="indexterm" name="id281317"></a>printing is set to <code class="constant">iprint</code>.
     1925    This parameter is only applicable if <a class="indexterm" name="id281833"></a>printing is set to <code class="constant">iprint</code>.
    18561926    </p><p>
    18571927   If set, this option overrides the ServerName option in the CUPS <code class="filename">client.conf</code>. This is
     
    18661936    sent. Keepalive packets, if sent, allow the server to tell whether
    18671937    a client is still present and responding.</p><p>Keepalives should, in general, not be needed if the socket
    1868     has the SO_KEEPALIVE attribute set on it by default. (see <a class="indexterm" name="id281396"></a>socket options).
     1938    has the SO_KEEPALIVE attribute set on it by default. (see <a class="indexterm" name="id281912"></a>socket options).
    18691939Basically you should only use this option if you strike difficulties.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = 300
    18701940</em></span>
     
    18781948        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = yes
    18791949</em></span>
    1880 </p></dd><dt><span class="term"><a name="KERNELOPLOCKS"></a>kernel oplocks (G)</span></dt><dd><p>For UNIXes that support kernel based <a class="indexterm" name="id281486"></a>oplocks
     1950</p></dd><dt><span class="term"><a name="KERNELOPLOCKS"></a>kernel oplocks (G)</span></dt><dd><p>For UNIXes that support kernel based <a class="indexterm" name="id282002"></a>oplocks
    18811951        (currently only IRIX and the Linux 2.4 kernel), this parameter
    18821952        allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks
     
    19151985</em></span>
    19161986</p></dd><dt><span class="term"><a name="LDAPADMINDN"></a>ldap admin dn (G)</span></dt><dd><p>
    1917         The <a class="indexterm" name="id281679"></a>ldap admin dn defines the Distinguished  Name (DN) name used by Samba to contact
    1918         the ldap server when retreiving  user account information. The <a class="indexterm" name="id281687"></a>ldap admin dn is used
     1987        The <a class="indexterm" name="id282195"></a>ldap admin dn defines the Distinguished  Name (DN) name used by Samba to contact
     1988        the ldap server when retreiving  user account information. The <a class="indexterm" name="id282203"></a>ldap admin dn is used
    19191989        in conjunction with the admin dn password stored in the <code class="filename">private/secrets.tdb</code>
    19201990        file.  See the <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>
    19211991        man page for more information on how  to accomplish this.
    19221992        </p><p>
    1923         The <a class="indexterm" name="id281712"></a>ldap admin dn requires a fully specified DN. The <a class="indexterm" name="id281720"></a>ldap  suffix is not appended to the <a class="indexterm" name="id281727"></a>ldap admin dn.
     1993        The <a class="indexterm" name="id282228"></a>ldap admin dn requires a fully specified DN. The <a class="indexterm" name="id282236"></a>ldap  suffix is not appended to the <a class="indexterm" name="id282243"></a>ldap admin dn.
    19241994        </p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="LDAPDELETEDN"></a>ldap delete dn (G)</span></dt><dd><p> This parameter specifies whether a delete
    19251995        operation in the ldapsam deletes the complete entry or only the attributes
     
    19291999</p></dd><dt><span class="term"><a name="LDAPGROUPSUFFIX"></a>ldap group suffix (G)</span></dt><dd><p>This parameter specifies the suffix that is
    19302000        used for groups when these are added to the LDAP directory.
    1931         If this parameter is unset, the value of <a class="indexterm" name="id281795"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
    1932         <a class="indexterm" name="id281803"></a>ldap suffix string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> =
     2001        If this parameter is unset, the value of <a class="indexterm" name="id282311"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
     2002        <a class="indexterm" name="id282319"></a>ldap suffix string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> =
    19332003</em></span>
    19342004</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = ou=Groups
     
    19362006</p></dd><dt><span class="term"><a name="LDAPIDMAPSUFFIX"></a>ldap idmap suffix (G)</span></dt><dd><p>
    19372007        This parameters specifies the suffix that is used when storing idmap mappings. If this parameter
    1938         is unset, the value of <a class="indexterm" name="id281856"></a>ldap suffix will be used instead.  The suffix
    1939         string is pre-pended to the <a class="indexterm" name="id281863"></a>ldap suffix string so use a partial DN.
     2008        is unset, the value of <a class="indexterm" name="id282372"></a>ldap suffix will be used instead.  The suffix
     2009        string is pre-pended to the <a class="indexterm" name="id282379"></a>ldap suffix string so use a partial DN.
    19402010        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> =
    19412011</em></span>
     
    19442014</p></dd><dt><span class="term"><a name="LDAPMACHINESUFFIX"></a>ldap machine suffix (G)</span></dt><dd><p>
    19452015        It specifies where machines should be added to the ldap tree.  If this parameter is unset, the value of
    1946         <a class="indexterm" name="id281916"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
    1947         <a class="indexterm" name="id281923"></a>ldap suffix string so use a partial DN.
     2016        <a class="indexterm" name="id282432"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
     2017        <a class="indexterm" name="id282439"></a>ldap suffix string so use a partial DN.
    19482018        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> =
    19492019</em></span>
     
    19552025        change via SAMBA. 
    19562026        </p><p>
    1957         The <a class="indexterm" name="id281980"></a>ldap passwd sync can be set to one of three values:
     2027        The <a class="indexterm" name="id282496"></a>ldap passwd sync can be set to one of three values:
    19582028        </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Yes</code></em>  =  Try
    19592029                        to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>No</code></em> = Update NT and
     
    19822052        are used to deal with user and group attributes lack such optimization.
    19832053        </p><p>
    1984         To make Samba scale well in large environments, the <a class="indexterm" name="id282115"></a>ldapsam:trusted = yes
     2054        To make Samba scale well in large environments, the <a class="indexterm" name="id282636"></a>ldapsam:trusted = yes
    19852055        option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the
    19862056        standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are
    19872057        stored together with the POSIX data in the same LDAP object. If these assumptions are met,
    1988         <a class="indexterm" name="id282124"></a>ldapsam:trusted = yes can be activated and Samba can bypass the
     2058        <a class="indexterm" name="id282646"></a>ldapsam:trusted = yes can be activated and Samba can bypass the
    19892059        NSS system to query user group memberships. Optimized LDAP queries can greatly speed up domain logon and
    19902060        administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries
     
    19972067        Samba's previous SSL support which was enabled by specifying the
    19982068        <span><strong class="command">--with-ssl</strong></span> option to the <code class="filename">configure</code>
    1999         script.</p><p>The <a class="indexterm" name="id282187"></a>ldap ssl can be set to one of three values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never
     2069        script.</p><p>The <a class="indexterm" name="id282709"></a>ldap ssl can be set to one of three values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never
    20002070                        use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>Start_tls</code></em> = Use
    20012071                        the LDAPv3 StartTLS extended operation (RFC2830) for
     
    20032073                        on the ldaps port when contacting the <em class="parameter"><code>ldap server</code></em>. Only available when the
    20042074                        backwards-compatiblity <span><strong class="command">--with-ldapsam</strong></span> option is specified
    2005                 to configure. See <a class="indexterm" name="id282243"></a>passdb backend</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = start_tls
     2075                to configure. See <a class="indexterm" name="id282765"></a>passdb backend</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = start_tls
    20062076</em></span>
    20072077</p></dd><dt><span class="term"><a name="LDAPSUFFIX"></a>ldap suffix (G)</span></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
    2008         The ldap suffix will be appended to the values specified for the <a class="indexterm" name="id282291"></a>ldap user suffix,
    2009         <a class="indexterm" name="id282298"></a>ldap group suffix, <a class="indexterm" name="id282305"></a>ldap machine suffix, and the
    2010         <a class="indexterm" name="id282312"></a>ldap idmap suffix. Each of these should be given only a DN relative to the
    2011         <a class="indexterm" name="id282319"></a>ldap suffix.
     2078        The ldap suffix will be appended to the values specified for the <a class="indexterm" name="id282812"></a>ldap user suffix,
     2079        <a class="indexterm" name="id282819"></a>ldap group suffix, <a class="indexterm" name="id282826"></a>ldap machine suffix, and the
     2080        <a class="indexterm" name="id282833"></a>ldap idmap suffix. Each of these should be given only a DN relative to the
     2081        <a class="indexterm" name="id282841"></a>ldap suffix.
    20122082        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> =
    20132083</em></span>
     
    20222092</p></dd><dt><span class="term"><a name="LDAPUSERSUFFIX"></a>ldap user suffix (G)</span></dt><dd><p>
    20232093        This parameter specifies where users are added to the tree. If this parameter is unset,
    2024         the value of <a class="indexterm" name="id282407"></a>ldap suffix will be used instead.  The suffix
    2025         string is pre-pended to the  <a class="indexterm" name="id282414"></a>ldap suffix string so use a partial DN.
     2094        the value of <a class="indexterm" name="id282931"></a>ldap suffix will be used instead.  The suffix
     2095        string is pre-pended to the  <a class="indexterm" name="id282938"></a>ldap suffix string so use a partial DN.
    20262096        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> =
    20272097</em></span>
     
    20422112        delete any read-ahead caches.</p><p>It is recommended that this parameter be turned on to
    20432113        speed access to shared executables.</p><p>For more discussions on level2 oplocks see the CIFS spec.</p><p>
    2044         Currently, if <a class="indexterm" name="id282492"></a>kernel oplocks are supported then
     2114        Currently, if <a class="indexterm" name="id283016"></a>kernel oplocks are supported then
    20452115        level2 oplocks are not granted (even if this parameter is set to
    2046         <code class="constant">yes</code>).  Note also, the <a class="indexterm" name="id282503"></a>oplocks
     2116        <code class="constant">yes</code>).  Note also, the <a class="indexterm" name="id283027"></a>oplocks
    20472117        parameter must be set to <code class="constant">yes</code> on this share in order for
    20482118        this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = yes
     
    20562126        broadcasts. If set to <code class="constant">yes</code> Samba will produce
    20572127        Lanman announce broadcasts at a frequency set by the parameter
    2058         <a class="indexterm" name="id282578"></a>lm interval. If set to <code class="constant">auto</code>
     2128        <a class="indexterm" name="id283103"></a>lm interval. If set to <code class="constant">auto</code>
    20592129        Samba will not send Lanman announce broadcasts by default but will
    20602130        listen for them. If it hears such a broadcast on the wire it will
    20612131        then start sending them at a frequency set by the parameter
    2062         <a class="indexterm" name="id282591"></a>lm interval.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = auto
     2132        <a class="indexterm" name="id283115"></a>lm interval.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = auto
    20632133</em></span>
    20642134</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = yes
     
    20662136</p></dd><dt><span class="term"><a name="LMINTERVAL"></a>lm interval (G)</span></dt><dd><p>If Samba is set to produce Lanman announce
    20672137        broadcasts needed by OS/2 clients (see the
    2068                 <a class="indexterm" name="id282643"></a>lm announce parameter) then this
     2138                <a class="indexterm" name="id283167"></a>lm announce parameter) then this
    20692139        parameter defines the frequency in seconds with which they will be
    20702140        made.  If this is set to zero then no Lanman announcements will be
    2071         made despite the setting of the <a class="indexterm" name="id282651"></a>lm announce
     2141        made despite the setting of the <a class="indexterm" name="id283176"></a>lm announce
    20722142        parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = 60
    20732143</em></span>
     
    20762146</p></dd><dt><span class="term"><a name="LOADPRINTERS"></a>load printers (G)</span></dt><dd><p>A boolean variable that controls whether all
    20772147    printers in the printcap will be loaded for browsing by default.
    2078     See the <a class="indexterm" name="id282704"></a>printers section for
     2148    See the <a class="indexterm" name="id283229"></a>printers section for
    20792149    more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = yes
    20802150</em></span>
     
    20912161</p></dd><dt><span class="term"><a name="LOCKDIR"></a>lock dir</span></dt><dd><p>This parameter is a synonym for lock directory.</p></dd><dt><span class="term"><a name="LOCKDIRECTORY"></a>lock directory (G)</span></dt><dd><p>This option specifies the directory where lock
    20922162        files will be placed.  The lock files are used to implement the
    2093         <a class="indexterm" name="id282856"></a>max connections option.
     2163        <a class="indexterm" name="id283380"></a>max connections option.
    20942164        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = ${prefix}/var/locks
    20952165</em></span>
     
    21082178        You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="LOCKSPINCOUNT"></a>lock spin count (G)</span></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
    21092179        The functionality it contolled is now controlled by the parameter
    2110         <a class="indexterm" name="id282976"></a>lock spin time.
     2180        <a class="indexterm" name="id283500"></a>lock spin time.
    21112181        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = 0
    21122182</em></span>
     
    21152185        be granted. This parameter has changed in default
    21162186        value from Samba 3.0.23 from 10 to 200. The associated
    2117         <a class="indexterm" name="id283018"></a>lock spin count parameter is
     2187        <a class="indexterm" name="id283542"></a>lock spin count parameter is
    21182188        no longer used in Samba 3.0.24. You should not need
    21192189        to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = 200
     
    21362206</p></dd><dt><span class="term"><a name="LOGONDRIVE"></a>logon drive (G)</span></dt><dd><p>
    21372207        This parameter specifies the local path to which the home directory will be
    2138         connected (see <a class="indexterm" name="id283172"></a>logon home) and is only used by NT
     2208        connected (see <a class="indexterm" name="id283696"></a>logon home) and is only used by NT
    21392209        Workstations.
    21402210        </p><p>
     
    21632233        <span><strong class="command">net use /home</strong></span> but use the whole string when dealing with profiles.
    21642234        </p><p>
    2165         Note that in prior versions of Samba, the <a class="indexterm" name="id283280"></a>logon path was returned rather than
     2235        Note that in prior versions of Samba, the <a class="indexterm" name="id283804"></a>logon path was returned rather than
    21662236        <em class="parameter"><code>logon home</code></em>.  This broke <span><strong class="command">net use /home</strong></span>
    21672237        but allowed profiles outside the home directory. The current implementation is correct, and can be used for
    21682238        profiles if you use the above trick.
    21692239        </p><p>
    2170         Disable this feature by setting <a class="indexterm" name="id283304"></a>logon home = "" - using the empty string.
     2240        Disable this feature by setting <a class="indexterm" name="id283828"></a>logon home = "" - using the empty string.
    21712241        </p><p>
    21722242        This option is only useful if Samba is set up as a logon server.
     
    21792249        stored.  Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
    21802250        profiles.  To find out how to handle roaming profiles for Win 9X system, see the
    2181         <a class="indexterm" name="id283362"></a>logon home parameter.
     2251        <a class="indexterm" name="id283886"></a>logon home parameter.
    21822252        </p><p>
    21832253        This option takes the standard substitutions, allowing you to have separate logon scripts for each user or
     
    22082278        </p></div><p>Note that this option is only useful if Samba is set up as a domain controller.</p><p>
    22092279        Disable the use of roaming profiles by setting the value of this parameter to the empty string. For
    2210         example, <a class="indexterm" name="id283440"></a>logon path = "". Take note that even if the default setting
     2280        example, <a class="indexterm" name="id283964"></a>logon path = "". Take note that even if the default setting
    22112281        in the smb.conf file is the empty string, any value specified in the user account settings in the passdb
    22122282        backend will over-ride the effect of setting this parameter to null. Disabling of all roaming profile use
     
    22252295        </p><p>
    22262296        The script must be a relative path to the <em class="parameter"><code>[netlogon]</code></em> service.  If the [netlogon]
    2227         service specifies a <a class="indexterm" name="id283516"></a>path of <code class="filename">/usr/local/samba/netlogon</code>, and <a class="indexterm" name="id283529"></a>logon  script = STARTUP.BAT, then the file that will be downloaded is:
     2297        service specifies a <a class="indexterm" name="id284040"></a>path of <code class="filename">/usr/local/samba/netlogon</code>, and <a class="indexterm" name="id284054"></a>logon  script = STARTUP.BAT, then the file that will be downloaded is:
    22282298</p><pre class="programlisting">
    22292299        /usr/local/samba/netlogon/STARTUP.BAT
     
    22652335    in the lppause command as the PATH may not be available to the server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> =
    22662336# Currently no default value is given to
    2267     this string, unless the value of the <a class="indexterm" name="id283682"></a>printing
     2337    this string, unless the value of the <a class="indexterm" name="id284207"></a>printing
    22682338    parameter is <code class="constant">SYSV</code>, in which case the default is :
    22692339    <span><strong class="command">lp -i %p-%j -H hold</strong></span> or if the value of the
     
    22802350        <span><strong class="command">lpq</strong></span> commands for different users then they won't
    22812351        share cache information.</p><p>The cache files are stored in <code class="filename">/tmp/lpq.xxxx</code>
    2282         where xxxx is a hash of the <span><strong class="command">lpq</strong></span> command in use.</p><p>The default is 10 seconds, meaning that the cached results
     2352        where xxxx is a hash of the <span><strong class="command">lpq</strong></span> command in use.</p><p>The default is 30 seconds, meaning that the cached results
    22832353        of a previous identical <span><strong class="command">lpq</strong></span> command will be used
    2284         if the cached data is less than 10 seconds old. A large value may
    2285         be advisable if your <span><strong class="command">lpq</strong></span> command is very slow.</p><p>A value of 0 will disable caching completely.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = 10
    2286 </em></span>
    2287 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = 30
     2354        if the cached data is less than 30 seconds old. A large value may
     2355        be advisable if your <span><strong class="command">lpq</strong></span> command is very slow.</p><p>A value of 0 will disable caching completely.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = 30
     2356</em></span>
     2357</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lpq cache time</code></em> = 10
    22882358</em></span>
    22892359</p></dd><dt><span class="term"><a name="LPQCOMMAND"></a>lpq command (S)</span></dt><dd><p>This parameter specifies the command to be
     
    23132383    printing or spooling a specific print job.</p><p>This command should be a program or script which takes
    23142384    a printer name and job number to resume the print job. See
    2315     also the <a class="indexterm" name="id283959"></a>lppause command parameter.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
     2385    also the <a class="indexterm" name="id284484"></a>lppause command parameter.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name
    23162386    is put in its place. A <em class="parameter"><code>%j</code></em> is replaced with
    23172387    the job number (an integer).</p><p>Note that it is good practice to include the absolute path
    23182388    in the <em class="parameter"><code>lpresume command</code></em> as the PATH may not
    2319     be available to the server.</p><p>See also the <a class="indexterm" name="id283996"></a>printing parameter.</p><p>Default: Currently no default value is given
     2389    be available to the server.</p><p>See also the <a class="indexterm" name="id284520"></a>printing parameter.</p><p>Default: Currently no default value is given
    23202390    to this string, unless the value of the <em class="parameter"><code>printing</code></em>
    23212391    parameter is <code class="constant">SYSV</code>, in which case the default is :</p><p><span><strong class="command">lp -i %p-%j -H resume</strong></span></p><p>or if the value of the <em class="parameter"><code>printing</code></em> parameter
     
    23402410</em></span>
    23412411</p></dd><dt><span class="term"><a name="MACHINEPASSWORDTIMEOUT"></a>machine password timeout (G)</span></dt><dd><p>
    2342         If a Samba server is a member of a Windows NT Domain (see the <a class="indexterm" name="id284152"></a>security = domain parameter) then periodically a running smbd process will try and change
     2412        If a Samba server is a member of a Windows NT Domain (see the <a class="indexterm" name="id284676"></a>security = domain parameter) then periodically a running smbd process will try and change
    23432413        the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
    23442414        </code>.  This parameter specifies how often this password will be changed, in seconds. The default is one
     
    23462416        </p><p>
    23472417        See also <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>,
    2348         and the <a class="indexterm" name="id284178"></a>security = domain parameter.
     2418        and the <a class="indexterm" name="id284702"></a>security = domain parameter.
    23492419        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = 604800
    23502420</em></span>
    23512421</p></dd><dt><span class="term"><a name="MAGICOUTPUT"></a>magic output (S)</span></dt><dd><p>
    23522422        This parameter specifies the name of a file which will contain output created by a magic script (see the
    2353         <a class="indexterm" name="id284219"></a>magic script parameter below).
     2423        <a class="indexterm" name="id284743"></a>magic script parameter below).
    23542424        </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
    23552425        </code></em> in the same directory the output file content is undefined.
     
    23642434        completion assuming that the user has the appropriate level
    23652435        of privilege and the file permissions allow the deletion.</p><p>If the script generates output, output will be sent to
    2366         the file specified by the <a class="indexterm" name="id284293"></a>magic output
     2436        the file specified by the <a class="indexterm" name="id284817"></a>magic output
    23672437        parameter (see above).</p><p>Note that some shells are unable to interpret scripts
    23682438        containing CR/LF instead of CR as
     
    23852455        you would use:
    23862456        </p><p>
    2387         <a class="indexterm" name="id284397"></a>mangled map = (*.html *.htm).
     2457        <a class="indexterm" name="id284921"></a>mangled map = (*.html *.htm).
    23882458        </p><p>
    23892459        One very useful case is to remove the annoying <code class="filename">;1</code> off
     
    23972467</p></dd><dt><span class="term"><a name="MANGLEDNAMES"></a>mangled names (S)</span></dt><dd><p>This controls whether non-DOS names under UNIX
    23982468        should be mapped to DOS-compatible names ("mangled") and made visible,
    2399         or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="indexterm" name="id284464"></a>name mangling for
     2469        or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="indexterm" name="id284988"></a>name mangling for
    24002470        details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters
    24012471                        before the rightmost dot of the filename are preserved, forced
     
    24072477                        only if it contains any upper case characters or is longer than three
    24082478                        characters.</p><p>Note that the character to use may be specified using
    2409                                 the <a class="indexterm" name="id284498"></a>mangling char
     2479                                the <a class="indexterm" name="id285022"></a>mangling char
    24102480                        option, if you don't like '~'.</p></li><li><p>Files whose UNIX name begins with a dot will be
    24112481                        presented as DOS hidden files. The mangled name will be created as
     
    24312501</em></span>
    24322502</p></dd><dt><span class="term"><a name="MANGLINGCHAR"></a>mangling char (S)</span></dt><dd><p>This controls what character is used as
    2433         the <span class="emphasis"><em>magic</em></span> character in <a class="indexterm" name="id284618"></a>name mangling. The
     2503        the <span class="emphasis"><em>magic</em></span> character in <a class="indexterm" name="id285143"></a>name mangling. The
    24342504        default is a '~' but this may interfere with some software. Use this option to set
    24352505        it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = ~
     
    24642534        be quite annoying for shared source code, documents, etc...
    24652535        </p><p>
    2466         Note that this requires the <a class="indexterm" name="id284772"></a>create mask        parameter to be set such that owner
     2536        Note that this requires the <a class="indexterm" name="id285296"></a>create mask        parameter to be set such that owner
    24672537        execute bit is not masked out (i.e. it must include 100). See the parameter
    2468         <a class="indexterm" name="id284780"></a>create mask for details.
     2538        <a class="indexterm" name="id285304"></a>create mask for details.
    24692539        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = yes
    24702540</em></span>
     
    24722542        This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
    24732543        </p><p>
    2474         Note that this requires the <a class="indexterm" name="id284824"></a>create mask to be set such that the world execute
    2475         bit is not masked out (i.e. it must include 001). See the parameter <a class="indexterm" name="id284832"></a>create mask
     2544        Note that this requires the <a class="indexterm" name="id285349"></a>create mask to be set such that the world execute
     2545        bit is not masked out (i.e. it must include 001). See the parameter <a class="indexterm" name="id285357"></a>create mask
    24762546        for details.
    24772547        </p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="MAPREADONLY"></a>map read only (S)</span></dt><dd><p>
     
    24792549        </p><p>
    24802550        This parameter can take three different values, which tell <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> how to display the read only attribute on files, where either
    2481         <a class="indexterm" name="id284878"></a>store dos attributes is set to <code class="constant">No</code>, or no extended attribute is
    2482         present. If <a class="indexterm" name="id284889"></a>store dos attributes is set to <code class="constant">yes</code> then this
     2551        <a class="indexterm" name="id285402"></a>store dos attributes is set to <code class="constant">No</code>, or no extended attribute is
     2552        present. If <a class="indexterm" name="id285413"></a>store dos attributes is set to <code class="constant">yes</code> then this
    24832553        parameter is <span class="emphasis"><em>ignored</em></span>. This is a new parameter introduced in Samba version 3.0.21.
    24842554        </p><p>The three settings are :</p><div class="itemizedlist"><ul type="disc"><li><p>
     
    24932563                </p></li><li><p>
    24942564                <code class="constant">No</code> - The read only DOS attribute is unaffected by permissions, and can only be set by
    2495                 the <a class="indexterm" name="id284946"></a>store dos attributes method. This may be useful for exporting mounted CDs.
     2565                the <a class="indexterm" name="id285470"></a>store dos attributes method. This may be useful for exporting mounted CDs.
    24962566                </p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = yes
    24972567</em></span>
     
    24992569        This controls whether DOS style system files should be mapped to the UNIX group execute bit.
    25002570        </p><p>
    2501         Note that this requires the <a class="indexterm" name="id284992"></a>create mask        to be set such that the group
     2571        Note that this requires the <a class="indexterm" name="id285516"></a>create mask        to be set such that the group
    25022572        execute bit is not masked out (i.e. it must include 010). See the parameter
    2503         <a class="indexterm" name="id285000"></a>create mask for details.
     2573        <a class="indexterm" name="id285524"></a>create mask for details.
    25042574        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = no
    25052575</em></span>
    2506 </p></dd><dt><span class="term"><a name="MAPTOGUEST"></a>map to guest (G)</span></dt><dd><p>This parameter is only useful in <a class="indexterm" name="id285040"></a>SECURITY =
     2576</p></dd><dt><span class="term"><a name="MAPTOGUEST"></a>map to guest (G)</span></dt><dd><p>This parameter is only useful in <a class="indexterm" name="id285564"></a>SECURITY =
    25072577    security modes other than <em class="parameter"><code>security = share</code></em>
    25082578    - i.e. <code class="constant">user</code>, <code class="constant">server</code>,
     
    25142584            logins with an invalid password are rejected, unless the username
    25152585            does not exist, in which case it is treated as a guest login and
    2516             mapped into the <a class="indexterm" name="id285101"></a>guest account.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins
     2586            mapped into the <a class="indexterm" name="id285625"></a>guest account.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins
    25172587            with an invalid password are treated as a guest login and mapped
    2518             into the <a class="indexterm" name="id285118"></a>guest account. Note that
     2588            into the <a class="indexterm" name="id285642"></a>guest account. Note that
    25192589            this can cause problems as it means that any user incorrectly typing
    25202590            their password will be silently logged on as "guest" - and
     
    25462616    will be refused if this number of connections to the service are already open. A value
    25472617    of zero mean an unlimited number of connections may be made.</p><p>Record lock files are used to implement this feature. The lock files will be stored in
    2548     the directory specified by the <a class="indexterm" name="id285236"></a>lock directory option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = 0
     2618    the directory specified by the <a class="indexterm" name="id285760"></a>lock directory option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = 0
    25492619</em></span>
    25502620</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = 10
     
    26372707</em></span>
    26382708</p></dd><dt><span class="term"><a name="MAXWINSTTL"></a>max wins ttl (G)</span></dt><dd><p>This option tells <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
    2639         (<a class="indexterm" name="id285902"></a>wins support = yes) what the maximum
     2709        (<a class="indexterm" name="id286427"></a>wins support = yes) what the maximum
    26402710    'time to live' of NetBIOS names that <span><strong class="command">nmbd</strong></span>
    26412711    will grant will be (in seconds). You should never need to change this
     
    26982768</p></dd><dt><span class="term"><a name="MINPROTOCOL"></a>min protocol (G)</span></dt><dd><p>The value of the parameter (a string) is the
    26992769    lowest SMB protocol dialect than Samba will support.  Please refer
    2700     to the <a class="indexterm" name="id286225"></a>max protocol
     2770    to the <a class="indexterm" name="id286749"></a>max protocol
    27012771    parameter for a list of valid protocol names and a brief description
    27022772    of each.  You may also wish to refer to the C source code in
    27032773    <code class="filename">source/smbd/negprot.c</code> for a listing of known protocol
    27042774    dialects supported by clients.</p><p>If you are viewing this parameter as a security measure, you should
    2705     also refer to the <a class="indexterm" name="id286244"></a>lanman auth parameter.  Otherwise, you should never need
     2775    also refer to the <a class="indexterm" name="id286768"></a>lanman auth parameter.  Otherwise, you should never need
    27062776    to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = CORE
    27072777</em></span>
     
    27092779</em></span>
    27102780</p></dd><dt><span class="term"><a name="MINWINSTTL"></a>min wins ttl (G)</span></dt><dd><p>This option tells <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
    2711     when acting as a WINS server (<a class="indexterm" name="id286304"></a>wins support = yes) what the minimum 'time to live'
     2781    when acting as a WINS server (<a class="indexterm" name="id286828"></a>wins support = yes) what the minimum 'time to live'
    27122782    of NetBIOS names that <span><strong class="command">nmbd</strong></span> will grant will be (in
    27132783    seconds). You should never need to change this parameter.  The default
     
    27192789        this share, they are redirected to the proxied share using
    27202790        the SMB-Dfs protocol.</p><p>Only Dfs roots can act as proxy shares. Take a look at the
    2721         <a class="indexterm" name="id286358"></a>msdfs root and <a class="indexterm" name="id286365"></a>host msdfs
     2791        <a class="indexterm" name="id286882"></a>msdfs root and <a class="indexterm" name="id286889"></a>host msdfs
    27222792        options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = \\otherserver\someshare
    27232793</em></span>
     
    27552825                _ldap._tcp.domain.
    27562826        </p></li><li><p><code class="constant">wins</code> : Query a name with
    2757             the IP address listed in the <a class="indexterm" name="id286556"></a>WINSSERVER parameter.  If no WINS server has
     2827            the IP address listed in the <a class="indexterm" name="id287080"></a>WINSSERVER parameter.  If no WINS server has
    27582828            been specified this method will be ignored.</p></li><li><p><code class="constant">bcast</code> : Do a broadcast on
    2759             each of the known local interfaces listed in the <a class="indexterm" name="id286573"></a>interfaces
     2829            each of the known local interfaces listed in the <a class="indexterm" name="id287097"></a>interfaces
    27602830            parameter. This is the least reliable of the name resolution
    27612831            methods as it depends on the target host being on a locally
     
    28092879        server. When Samba is returning the home share to the client, it
    28102880        will consult the NIS map specified in
    2811         <a class="indexterm" name="id286823"></a>homedir map and return the server
     2881        <a class="indexterm" name="id287347"></a>homedir map and return the server
    28122882        listed there.</p><p>Note that for this option to work there must be a working
    28132883        NIS system and the Samba server with this option must also
     
    28482918    default behavior is to use PAM for clear text authentication only
    28492919    and to ignore any account or session management.  Note that Samba
    2850     always ignores PAM for authentication in the case of <a class="indexterm" name="id287109"></a>encrypt passwords = yes.  The reason
     2920    always ignores PAM for authentication in the case of <a class="indexterm" name="id287633"></a>encrypt passwords = yes.  The reason
    28512921    is that PAM modules cannot support the challenge/response
    28522922    authentication mechanism needed in the presence of SMB password encryption.
     
    28592929    this parameter will force the server to only use the login
    28602930    names from the <em class="parameter"><code>user</code></em> list and is only really
    2861     useful in <a class="indexterm" name="id287165"></a>security = share level security.</p><p>Note that this also means Samba won't try to deduce
     2931    useful in <a class="indexterm" name="id287689"></a>security = share level security.</p><p>Note that this also means Samba won't try to deduce
    28622932    usernames from the service name. This can be annoying for
    28632933    the [homes] section. To get around this you could use <span><strong class="command">user =
     
    29072977        </p><p>
    29082978        Oplocks may be selectively turned off on certain files with a share. See
    2909         the <a class="indexterm" name="id287410"></a>veto oplock files parameter. On some systems
     2979        the <a class="indexterm" name="id287934"></a>veto oplock files parameter. On some systems
    29102980        oplocks are recognized by the underlying operating system. This
    29112981        allows data synchronization between all access to oplocked files,
    29122982        whether it be via Samba or NFS or a local UNIX process. See the
    2913         <a class="indexterm" name="id287419"></a>kernel oplocks parameter for details.
     2983        <a class="indexterm" name="id287943"></a>kernel oplocks parameter for details.
    29142984        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = yes
    29152985</em></span>
     
    29262996</p></dd><dt><span class="term"><a name="OSLEVEL"></a>os level (G)</span></dt><dd><p>
    29272997        This integer value controls what level Samba advertises itself as for browse elections. The value of this
    2928         parameter determines whether <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="indexterm" name="id287522"></a>workgroup in the local broadcast area.
     2998        parameter determines whether <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="indexterm" name="id288046"></a>workgroup in the local broadcast area.
    29292999</p><p><span class="emphasis"><em>
    29303000        Note :</em></span>By default, Samba will win a local master browsing election over all Microsoft operating
     
    29413011    flag for Samba.  If enabled, then PAM will be used for password
    29423012    changes when requested by an SMB client instead of the program listed in
    2943     <a class="indexterm" name="id287587"></a>passwd program.
     3013    <a class="indexterm" name="id288111"></a>passwd program.
    29443014    It should be possible to enable this without changing your
    2945     <a class="indexterm" name="id287594"></a>passwd chat parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = no
     3015    <a class="indexterm" name="id288118"></a>passwd chat parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = no
    29463016</em></span>
    29473017</p></dd><dt><span class="term"><a name="PANICACTION"></a>panic action (G)</span></dt><dd><p>This is a Samba developer option that allows a
     
    29693039                </p></li><li><p><span><strong class="command">tdbsam</strong></span> - The TDB based password storage
    29703040                backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb
    2971                 in the <a class="indexterm" name="id287771"></a>private dir directory.</p></li><li><p><span><strong class="command">ldapsam</strong></span> - The LDAP based passdb
     3041                in the <a class="indexterm" name="id288295"></a>private dir directory.</p></li><li><p><span><strong class="command">ldapsam</strong></span> - The LDAP based passdb
    29723042                backend.  Takes an LDAP URL as an optional argument (defaults to
    29733043                <span><strong class="command">ldap://localhost</strong></span>)</p><p>LDAP connections should be secured where possible.  This may be done using either
    2974                 Start-TLS (see <a class="indexterm" name="id287802"></a>ldap ssl) or by
     3044                Start-TLS (see <a class="indexterm" name="id288325"></a>ldap ssl) or by
    29753045                specifying <em class="parameter"><code>ldaps://</code></em> in
    29763046                the URL argument. </p><p>Multiple servers may also be specified in double-quotes, if your
     
    29993069    strings passed to and received from the passwd chat are printed
    30003070    in the <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a
    3001     <a class="indexterm" name="id287912"></a>debug level
     3071    <a class="indexterm" name="id288435"></a>debug level
    30023072    of 100. This is a dangerous option as it will allow plaintext passwords
    30033073    to be seen in the <span><strong class="command">smbd</strong></span> log. It is available to help
     
    30053075    when calling the <em class="parameter"><code>passwd program</code></em> and should
    30063076    be turned off after this has been done. This option has no effect if the
    3007     <a class="indexterm" name="id287939"></a>pam password change
     3077    <a class="indexterm" name="id288462"></a>pam password change
    30083078        paramter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = no
    30093079</em></span>
     
    30173087    program to change the user's password. The string describes a
    30183088    sequence of response-receive pairs that <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the
    3019     <a class="indexterm" name="id288036"></a>passwd program and what to expect back. If the expected output is not
     3089    <a class="indexterm" name="id288559"></a>passwd program and what to expect back. If the expected output is not
    30203090    received then the password is not changed.</p><p>This chat sequence is often quite site specific, depending
    30213091    on what local methods are used for password control (such as NIS
    3022     etc).</p><p>Note that this parameter only is only used if the <a class="indexterm" name="id288052"></a>unix password sync parameter is set  to <code class="constant">yes</code>. This sequence is
     3092    etc).</p><p>Note that this parameter only is only used if the <a class="indexterm" name="id288575"></a>unix password sync parameter is set  to <code class="constant">yes</code>. This sequence is
    30233093    then called <span class="emphasis"><em>AS ROOT</em></span> when the SMB password  in the
    30243094    smbpasswd file is being changed, without access to the old password
    30253095    cleartext. This means that root must be able to reset the user's password without
    30263096    knowing the text of the previous password. In the presence of
    3027     NIS/YP,  this means that the <a class="indexterm" name="id288069"></a>passwd program must
     3097    NIS/YP,  this means that the <a class="indexterm" name="id288592"></a>passwd program must
    30283098    be executed on the NIS master.
    30293099    </p><p>The string can contain the macro <em class="parameter"><code>%n</code></em> which is substituted
     
    30343104    in them into a single string.</p><p>If the send string in any part of the chat sequence  is a full
    30353105    stop ".",  then no string is sent. Similarly,  if the
    3036     expect string is a full stop then no string is expected.</p><p>If the <a class="indexterm" name="id288097"></a>pam password change parameter is set to <code class="constant">yes</code>, the
     3106    expect string is a full stop then no string is expected.</p><p>If the <a class="indexterm" name="id288620"></a>pam password change parameter is set to <code class="constant">yes</code>, the
    30373107        chat pairs may be matched in any order, and success is determined by the PAM result, not any particular
    30383108        output. The \n macro is ignored for PAM conversions.
     
    30803150    made - the password as is and the password in all-lower case.</p><p>This parameter is used only when using plain-text passwords. It is
    30813151    not at all used when encrypted passwords as in use (that is the default
    3082     since samba-3.0.0). Use this only when <a class="indexterm" name="id288324"></a>encrypt passwords = No.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = 0
     3152    since samba-3.0.0). Use this only when <a class="indexterm" name="id288846"></a>encrypt passwords = No.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = 0
    30833153</em></span>
    30843154</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = 4
     
    30963166    have no effect on password servers for Windows NT 4.0 domains or netbios
    30973167    connections.</p><p>If parameter is a name, it is looked up using the
    3098     parameter <a class="indexterm" name="id288395"></a>name resolve order and so may resolved
     3168    parameter <a class="indexterm" name="id288918"></a>name resolve order and so may resolved
    30993169    by any method and order described in that parameter.</p><p>The password server must be a machine capable of using
    31003170    the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
     
    31583228        will be replaced by the NetBIOS name of the machine they are
    31593229        connecting from. These replacements are very useful for setting
    3160         up pseudo home directories for users.</p><p>Note that this path will be based on <a class="indexterm" name="id288679"></a>root dir
     3230        up pseudo home directories for users.</p><p>Note that this path will be based on <a class="indexterm" name="id289202"></a>root dir
    31613231         if one was specified.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>path</code></em> =
    31623232</em></span>
     
    31863256</em></span>
    31873257</p></dd><dt><span class="term"><a name="PREEXECCLOSE"></a>preexec close (S)</span></dt><dd><p>
    3188         This boolean option controls whether a non-zero return code from <a class="indexterm" name="id288877"></a>preexec
     3258        This boolean option controls whether a non-zero return code from <a class="indexterm" name="id289400"></a>preexec
    31893259        should close the service being connected to.
    31903260        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = no
     
    31973267        /usr/local/samba/bin/smbclient -M %m -I %I' &amp; </strong></span>
    31983268        </p><p>Of course, this could get annoying after a while :-)</p><p>
    3199         See also <a class="indexterm" name="id288961"></a>preexec close and <a class="indexterm" name="id288968"></a>postexec.
     3269        See also <a class="indexterm" name="id289484"></a>preexec close and <a class="indexterm" name="id289491"></a>postexec.
    32003270        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> =
    32013271</em></span>
     
    32073277        If this is set to <code class="constant">yes</code>, on startup, <span><strong class="command">nmbd</strong></span> will force
    32083278        an election, and it will have a slight advantage in winning the election.  It is recommended that this
    3209         parameter is used in conjunction with <a class="indexterm" name="id289065"></a>domain master = yes, so that
     3279        parameter is used in conjunction with <a class="indexterm" name="id289588"></a>domain master = yes, so that
    32103280        <span><strong class="command">nmbd</strong></span> can guarantee becoming a domain master.
    32113281        </p><p>
     
    32273297        visible.</p><p>
    32283298        Note that if you just want all printers in your
    3229         printcap file loaded then the <a class="indexterm" name="id289190"></a>load printers
     3299        printcap file loaded then the <a class="indexterm" name="id289713"></a>load printers
    32303300         option is easier.
    32313301        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> =
     
    32353305</p></dd><dt><span class="term"><a name="PRESERVECASE"></a>preserve case (S)</span></dt><dd><p>
    32363306        This controls if new filenames are created with the case that the client passes, or if
    3237         they are forced to be the <a class="indexterm" name="id289242"></a>default case.
     3307        they are forced to be the <a class="indexterm" name="id289765"></a>default case.
    32383308        </p><p>
    32393309        See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion.
     
    32443314    specified for the service. </p><p>Note that a printable service will ALWAYS allow writing
    32453315    to the service path (user privileges permitting) via the spooling
    3246     of print data. The <a class="indexterm" name="id289427"></a>read only parameter controls only non-printing access to
     3316    of print data. The <a class="indexterm" name="id289950"></a>read only parameter controls only non-printing access to
    32473317    the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = no
    32483318</em></span>
     
    32513321    is greater than 60 the initial waiting time is set to 60 seconds
    32523322    to allow an earlier first rescan of the printing subsystem.
    3253     </p><p>Setting this parameter to 0 (the default) disables any
    3254     rescanning for new or removed printers after the initial startup.
    3255     </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = 0
     3323    </p><p>Setting this parameter to 0 disables any rescanning for new
     3324    or removed printers after the initial startup.
     3325    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = 750
    32563326</em></span>
    32573327</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printcap cache time</code></em> = 600
     
    32623332        </p><p>
    32633333        To use the CUPS printing interface set <span><strong class="command">printcap name = cups </strong></span>. This should
    3264         be supplemented by an addtional setting <a class="indexterm" name="id289565"></a>printing = cups in the [global]
     3334        be supplemented by an addtional setting <a class="indexterm" name="id290088"></a>printing = cups in the [global]
    32653335        section.  <span><strong class="command">printcap name = cups</strong></span> will use the  "dummy" printcap
    32663336        created by CUPS, as specified in your CUPS configuration file.
     
    33153385    be created but not processed and (most importantly) not removed.</p><p>Note that printing may fail on some UNIXes from the
    33163386    <code class="constant">nobody</code> account. If this happens then create
    3317     an alternative guest account that can print and set the <a class="indexterm" name="id289777"></a>guest account
     3387    an alternative guest account that can print and set the <a class="indexterm" name="id290300"></a>guest account
    33183388    in the [global] section.</p><p>You can form quite complex print commands by realizing
    33193389    that they are just passed to a shell. For example the following
     
    33223392    /tmp/print.log; lpr -P %p %s; rm %s</strong></span></p><p>You may have to vary this command considerably depending
    33233393    on how you normally print files on your system. The default for
    3324     the parameter varies depending on the setting of the <a class="indexterm" name="id289803"></a>printing
     3394    the parameter varies depending on the setting of the <a class="indexterm" name="id290326"></a>printing
    33253395        parameter.</p><p>Default: For <span><strong class="command">printing = BSD, AIX, QNX, LPRNG
    33263396    or PLP :</strong></span></p><p><span><strong class="command">print command = lpr -r -P%p %s</strong></span></p><p>For <span><strong class="command">printing = SYSV or HPUX :</strong></span></p><p><span><strong class="command">print command = lp -c -d%p %s; rm %s</strong></span></p><p>For <span><strong class="command">printing = SOFTQ :</strong></span></p><p><span><strong class="command">print command = lp -d%p -s %s; rm %s</strong></span></p><p>For printing = CUPS :   If SAMBA is compiled against
    3327     libcups, then <a class="indexterm" name="id289860"></a>printcap = cups
     3397    libcups, then <a class="indexterm" name="id290382"></a>printcap = cups
    33283398    uses the CUPS API to
    33293399    submit jobs, etc.  Otherwise it maps to the System V
     
    33573427        does not have its own printer name specified.
    33583428        </p><p>
    3359         The default value of the <a class="indexterm" name="id290001"></a>printer name may be <code class="literal">lp</code> on many
     3429        The default value of the <a class="indexterm" name="id290524"></a>printer name may be <code class="literal">lp</code> on many
    33603430        systems.
    33613431        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = none
     
    33773447    the value for the <em class="parameter"><code>printing</code></em> option since it will
    33783448    reset the printing commands to default values.</p><p>See also the discussion in the <a href="#PRINTERSSECT" title="The [printers] section">
    3379     [printers]</a> section.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="PRIVATEDIR"></a>private dir (G)</span></dt><dd><p>This parameters defines the directory
     3449    [printers]</a> section.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="PRINTJOBUSERNAME"></a>printjob username (S)</span></dt><dd><p>This parameter specifies which user information will be
     3450    passed to the printing system. Usually, the username is sent,
     3451    but in some cases, e.g. the domain prefix is useful, too.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = %U
     3452</em></span>
     3453</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>printjob username</code></em> = %D\%U
     3454</em></span>
     3455</p></dd><dt><span class="term"><a name="PRIVATEDIR"></a>private dir (G)</span></dt><dd><p>This parameters defines the directory
    33803456    smbd will use for storing such files as <code class="filename">smbpasswd</code>
    33813457    and <code class="filename">secrets.tdb</code>.
     
    34243500    executed on the server host in order to resume the printer queue. It
    34253501    is the command to undo the behavior that is caused by the
    3426     previous parameter (<a class="indexterm" name="id290359"></a>queuepause command).</p><p>This command should be a program or script which takes
     3502    previous parameter (<a class="indexterm" name="id290915"></a>queuepause command).</p><p>This command should be a program or script which takes
    34273503    a printer name as its only parameter and resumes the printer queue,
    34283504    such that queued jobs are resubmitted to the printer.</p><p>This command is not supported by Windows for Workgroups,
     
    34443520</p></dd><dt><span class="term"><a name="READLIST"></a>read list (S)</span></dt><dd><p>
    34453521        This is a list of users that are given read-only access to a service. If the connecting user is in this list
    3446         then they will not be given write access, no matter what the <a class="indexterm" name="id290481"></a>read only option is set
    3447         to. The list can include group names using the syntax described in the <a class="indexterm" name="id290489"></a>invalid users
     3522        then they will not be given write access, no matter what the <a class="indexterm" name="id291037"></a>read only option is set
     3523        to. The list can include group names using the syntax described in the <a class="indexterm" name="id291045"></a>invalid users
    34483524        parameter.
    3449         </p><p>This parameter will not work with the <a class="indexterm" name="id290500"></a>security = share in
     3525        </p><p>This parameter will not work with the <a class="indexterm" name="id291056"></a>security = share in
    34503526    Samba 3.0.  This is by design.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> =
    34513527</em></span>
    34523528</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = mary, @students
    34533529</em></span>
    3454 </p></dd><dt><span class="term"><a name="READONLY"></a>read only (S)</span></dt><dd><p>An inverted synonym is <a class="indexterm" name="id290552"></a>writeable.</p><p>If this parameter is <code class="constant">yes</code>, then users
     3530</p></dd><dt><span class="term"><a name="READONLY"></a>read only (S)</span></dt><dd><p>An inverted synonym is <a class="indexterm" name="id291107"></a>writeable.</p><p>If this parameter is <code class="constant">yes</code>, then users
    34553531    of a service may not create or modify files in the service's
    34563532    directory.</p><p>Note that a printable service (<span><strong class="command">printable = yes</strong></span>)
     
    34883564        the above line would cause <span><strong class="command">nmbd</strong></span> to announce itself
    34893565        to the two given IP addresses using the given workgroup names. If you leave out the
    3490         workgroup name then the one given in the <a class="indexterm" name="id290749"></a>workgroup parameter
     3566        workgroup name then the one given in the <a class="indexterm" name="id291305"></a>workgroup parameter
    34913567        is used instead.
    34923568        </p><p>
     
    35253601        is in fact the browse master on its segment.
    35263602        </p><p>
    3527         The <a class="indexterm" name="id290847"></a>remote browse sync may be used on networks
     3603        The <a class="indexterm" name="id291402"></a>remote browse sync may be used on networks
    35283604        where there is no WINS server, and may be used on disjoint networks where
    35293605        each network has its own WINS server.
     
    35873663        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    35883664    The security advantage of using restrict anonymous = 2 is removed
    3589     by setting <a class="indexterm" name="id291027"></a>guest ok = yes on any share.
     3665    by setting <a class="indexterm" name="id291576"></a>guest ok = yes on any share.
    35903666        </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = 0
    35913667</em></span>
     
    35973673    parts of the filesystem, or attempts to use ".." in file names
    35983674    to access other directories (depending on the setting of the
    3599         <a class="indexterm" name="id291120"></a>wide smbconfoptions parameter).
     3675        <a class="indexterm" name="id291669"></a>wide smbconfoptions parameter).
    36003676    </p><p>Adding a <em class="parameter"><code>root directory</code></em> entry other
    36013677    than "/" adds an extra level of security, but at a price. It
     
    36333709        </p><p>
    36343710        This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not
    3635         in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id291334"></a>force  security mode, which works in a manner similar to this one but uses a logical OR instead of an AND.
     3711        in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id291883"></a>force  security mode, which works in a manner similar to this one but uses a logical OR instead of an AND.
    36363712        </p><p>
    36373713        Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change.
     
    36703746    is commonly used for a shared printer server. It is more difficult
    36713747    to setup guest shares with <span><strong class="command">security = user</strong></span>, see
    3672     the <a class="indexterm" name="id291508"></a>map to guestparameter for details.</p><p>It is possible to use <span><strong class="command">smbd</strong></span> in a <span class="emphasis"><em>
     3748    the <a class="indexterm" name="id292056"></a>map to guestparameter for details.</p><p>It is possible to use <span><strong class="command">smbd</strong></span> in a <span class="emphasis"><em>
    36733749    hybrid mode</em></span> where it is offers both user and share
    3674     level security under different <a class="indexterm" name="id291529"></a>NetBIOS aliases. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they
     3750    level security under different <a class="indexterm" name="id292077"></a>NetBIOS aliases. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they
    36753751    need not log onto the server with a valid username and password before
    36763752    attempting to connect to a shared resource (although modern clients
     
    36853761    techniques to determine the correct UNIX user to use on behalf
    36863762    of the client.</p><p>A list of possible UNIX usernames to match with the given
    3687     client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="indexterm" name="id291604"></a>guest only parameter is set, then all the other
    3688             stages are missed and only the <a class="indexterm" name="id291611"></a>guest account username is checked.
     3763    client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="indexterm" name="id292153"></a>guest only parameter is set, then all the other
     3764            stages are missed and only the <a class="indexterm" name="id292160"></a>guest account username is checked.
    36893765            </p></li><li><p>Is a username is sent with the share connection
    3690             request, then this username (after mapping - see <a class="indexterm" name="id291626"></a>username map),
     3766            request, then this username (after mapping - see <a class="indexterm" name="id292175"></a>username map),
    36913767            is added as a potential username.
    36923768            </p></li><li><p>If the client did a previous <span class="emphasis"><em>logon
     
    36973773            </p></li><li><p>The NetBIOS name of the client is added to
    36983774            the list as a potential username.
    3699             </p></li><li><p>Any users on the <a class="indexterm" name="id291666"></a>user list are added as potential usernames.
     3775            </p></li><li><p>Any users on the <a class="indexterm" name="id292215"></a>user list are added as potential usernames.
    37003776            </p></li></ul></div><p>If the <em class="parameter"><code>guest only</code></em> parameter is
    37013777    not set, then this list is then tried with the supplied password.
     
    37093785    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba 3.0.
    37103786    With user-level security a client must first "log-on" with a
    3711     valid username and password (which can be mapped using the <a class="indexterm" name="id291736"></a>username map
    3712     parameter). Encrypted passwords (see the <a class="indexterm" name="id291743"></a>encrypted passwords parameter) can also
    3713     be used in this security mode. Parameters such as <a class="indexterm" name="id291751"></a>user and <a class="indexterm" name="id291758"></a>guest only if set      are then applied and
     3787    valid username and password (which can be mapped using the <a class="indexterm" name="id292284"></a>username map
     3788    parameter). Encrypted passwords (see the <a class="indexterm" name="id292292"></a>encrypted passwords parameter) can also
     3789    be used in this security mode. Parameters such as <a class="indexterm" name="id292300"></a>user and <a class="indexterm" name="id292307"></a>guest only if set      are then applied and
    37143790    may change the UNIX user to use on this connection, but only after
    37153791    the user has been successfully authenticated.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being
     
    37173793    the server has successfully authenticated the client. This is why
    37183794    guest shares don't work in user level security without allowing
    3719     the server to automatically map unknown users into the <a class="indexterm" name="id291778"></a>guest account.
    3720     See the <a class="indexterm" name="id291785"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this
    3721     machine into a Windows NT Domain. It expects the <a class="indexterm" name="id291823"></a>encrypted passwords
     3795    the server to automatically map unknown users into the <a class="indexterm" name="id292326"></a>guest account.
     3796    See the <a class="indexterm" name="id292334"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this
     3797    machine into a Windows NT Domain. It expects the <a class="indexterm" name="id292372"></a>encrypted passwords
    37223798        parameter to be set to <code class="constant">yes</code>. In this
    37233799    mode Samba will try to validate the username/password by passing
     
    37333809    the server has successfully authenticated the client. This is why
    37343810    guest shares don't work in user level security without allowing
    3735     the server to automatically map unknown users into the <a class="indexterm" name="id291873"></a>guest account.
    3736     See the <a class="indexterm" name="id291880"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
    3737     NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id291902"></a>password server parameter and
    3738          the <a class="indexterm" name="id291909"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p>
     3811    the server to automatically map unknown users into the <a class="indexterm" name="id292422"></a>guest account.
     3812    See the <a class="indexterm" name="id292429"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
     3813    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id292450"></a>password server parameter and
     3814         the <a class="indexterm" name="id292458"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p>
    37393815        In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an
    37403816        NT box. If this fails it will revert to <span><strong class="command">security = user</strong></span>. It expects the
    3741         <a class="indexterm" name="id291936"></a>encrypted passwords parameter to be set to <code class="constant">yes</code>, unless the remote
     3817        <a class="indexterm" name="id292484"></a>encrypted passwords parameter to be set to <code class="constant">yes</code>, unless the remote
    37423818        server does not support them.  However note that if encrypted passwords have been negotiated then Samba cannot
    37433819        revert back to checking the UNIX password file, it must have a valid <code class="filename">smbpasswd</code> file to check users against. See the chapter about the User Database in
     
    37593835    the server has successfully authenticated the client. This is why
    37603836    guest shares don't work in user level security without allowing
    3761     the server to automatically map unknown users into the <a class="indexterm" name="id291993"></a>guest account.
    3762     See the <a class="indexterm" name="id292000"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
    3763     NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id292021"></a>password server parameter and the
    3764         <a class="indexterm" name="id292028"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSADS"></a><span class="emphasis"><em>SECURITY = ADS</em></span></p><p>In this mode, Samba will act as a domain member in an ADS realm. To operate
     3837    the server to automatically map unknown users into the <a class="indexterm" name="id292542"></a>guest account.
     3838    See the <a class="indexterm" name="id292549"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
     3839    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id292570"></a>password server parameter and the
     3840        <a class="indexterm" name="id292577"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSADS"></a><span class="emphasis"><em>SECURITY = ADS</em></span></p><p>In this mode, Samba will act as a domain member in an ADS realm. To operate
    37653841                in this mode, the machine running Samba will need to have Kerberos installed
    37663842                and configured and Samba will need to be joined to the ADS realm using the
     
    37723848</p></dd><dt><span class="term"><a name="SERVERSCHANNEL"></a>server schannel (G)</span></dt><dd><p>
    37733849        This controls whether the server offers or even demands the use of the netlogon schannel.
    3774         <a class="indexterm" name="id292104"></a>server schannel = no does not offer the schannel, <a class="indexterm" name="id292111"></a>server schannel = auto offers the schannel but does not enforce it, and <a class="indexterm" name="id292119"></a>server schannel = yes denies access if the client is not able to speak netlogon schannel.
     3850        <a class="indexterm" name="id292653"></a>server schannel = no does not offer the schannel, <a class="indexterm" name="id292660"></a>server schannel = auto offers the schannel but does not enforce it, and <a class="indexterm" name="id292668"></a>server schannel = yes denies access if the client is not able to speak netlogon schannel.
    37753851        This is only the case for Windows NT4 before SP4.
    37763852        </p><p>
     
    38453921</p></dd><dt><span class="term"><a name="SHORTPRESERVECASE"></a>short preserve case (S)</span></dt><dd><p>
    38463922        This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
    3847         suitable length, are created upper case, or if they are forced to be the <a class="indexterm" name="id292653"></a>default case.
    3848         This  option can be use with <a class="indexterm" name="id292660"></a>preserve case = yes to permit long filenames
     3923        suitable length, are created upper case, or if they are forced to be the <a class="indexterm" name="id293202"></a>default case.
     3924        This  option can be use with <a class="indexterm" name="id293209"></a>preserve case = yes to permit long filenames
    38493925        to retain their case, while short names are lowered.
    38503926        </p><p>See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = yes
     
    39464022        If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
    39474023        READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
    3948         as occurs with <a class="indexterm" name="id293263"></a>map hidden and <a class="indexterm" name="id293270"></a>map readonly).  When set, DOS
     4024        as occurs with <a class="indexterm" name="id293812"></a>map hidden and <a class="indexterm" name="id293818"></a>map readonly).  When set, DOS
    39494025        attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or
    3950         directory.  For no other mapping to occur as a fall-back, the parameters <a class="indexterm" name="id293278"></a>map hidden,
    3951         <a class="indexterm" name="id293285"></a>map system, <a class="indexterm" name="id293292"></a>map archive and <a class="indexterm" name="id293299"></a>map  readonly must be set to off.  This parameter writes the DOS attributes as a string into the extended
     4026        directory.  For no other mapping to occur as a fall-back, the parameters <a class="indexterm" name="id293827"></a>map hidden,
     4027        <a class="indexterm" name="id293834"></a>map system, <a class="indexterm" name="id293841"></a>map archive and <a class="indexterm" name="id293848"></a>map  readonly must be set to off.  This parameter writes the DOS attributes as a string into the extended
    39524028        attribute named "user.DOSATTRIB". This extended attribute is explicitly hidden from smbd clients requesting an
    39534029        EA list. On Linux the filesystem must have been mounted with the mount option user_xattr in order for
     
    40914167        in the smbpasswd file this parameter should be set to <code class="constant">no</code>.
    40924168        </p><p>
    4093         In order for this parameter to be operative the <a class="indexterm" name="id294134"></a>encrypt passwords parameter must
    4094     be set to <code class="constant">no</code>. The default value of <a class="indexterm" name="id294144"></a>encrypt  passwords = Yes. Note: This must be set to <code class="constant">no</code> for this <a class="indexterm" name="id294155"></a>update encrypted to work.
     4169        In order for this parameter to be operative the <a class="indexterm" name="id294608"></a>encrypt passwords parameter must
     4170    be set to <code class="constant">no</code>. The default value of <a class="indexterm" name="id294618"></a>encrypt  passwords = Yes. Note: This must be set to <code class="constant">no</code> for this <a class="indexterm" name="id294629"></a>update encrypted to work.
    40954171        </p><p>
    40964172        Note that even when this parameter is set a user authenticating to <span><strong class="command">smbd</strong></span>
     
    41614237</em></span>
    41624238</p></dd><dt><span class="term"><a name="USERNAMEMAPSCRIPT"></a>username map script (G)</span></dt><dd><p>This script is a mutually exclusive alternative to the
    4163         <a class="indexterm" name="id294427"></a>username map parameter.  This parameter
     4239        <a class="indexterm" name="id294901"></a>username map parameter.  This parameter
    41644240        specifies and external program or script that must accept a single
    41654241        command line option (the username transmitted in the authentication
     
    42274303        <code class="constant">fred</code> is remapped to <code class="constant">mary</code> then you will actually be connecting to
    42284304        \\server\mary and will need to supply a password suitable for <code class="constant">mary</code> not
    4229         <code class="constant">fred</code>. The only exception to this is the username passed to the <a class="indexterm" name="id294623"></a>password server (if you have one). The password server will receive whatever username the client
     4305        <code class="constant">fred</code>. The only exception to this is the username passed to the <a class="indexterm" name="id295094"></a>password server (if you have one). The password server will receive whatever username the client
    42304306        supplies without  modification.
    42314307    </p><p>
     
    42734349    telnet session. The daemon runs as the user that they log in as,
    42744350    so they cannot do anything that user cannot do.</p><p>To restrict a service to a particular set of users you
    4275     can use the <a class="indexterm" name="id294784"></a>valid users parameter.</p><p>If any of the usernames begin with a '@' then the name
     4351    can use the <a class="indexterm" name="id295255"></a>valid users parameter.</p><p>If any of the usernames begin with a '@' then the name
    42764352    will be looked up first in the NIS netgroups list (if Samba
    42774353    is compiled with netgroup support), followed by a lookup in
     
    44554531        unix directory  separator '/'.
    44564532        </p><p>
    4457         Note that the <a class="indexterm" name="id295522"></a>case sensitive option is applicable in vetoing files.
     4533        Note that the <a class="indexterm" name="id295996"></a>case sensitive option is applicable in vetoing files.
    44584534        </p><p>
    44594535        One feature of the veto files parameter that it is important to be aware of is Samba's behaviour when
    44604536        trying to delete a directory. If a directory that is to be deleted contains nothing but veto files this
    4461         deletion will <span class="emphasis"><em>fail</em></span> unless you also set the <a class="indexterm" name="id295538"></a>delete veto files
     4537        deletion will <span class="emphasis"><em>fail</em></span> unless you also set the <a class="indexterm" name="id296012"></a>delete veto files
    44624538        parameter to <em class="parameter"><code>yes</code></em>.
    44634539        </p><p>
     
    44794555</em></span>
    44804556</p></dd><dt><span class="term"><a name="VETOOPLOCKFILES"></a>veto oplock files (S)</span></dt><dd><p>
    4481         This parameter is only valid when the <a class="indexterm" name="id295601"></a>oplocks
     4557        This parameter is only valid when the <a class="indexterm" name="id296075"></a>oplocks
    44824558        parameter is turned on for a share. It allows the Samba administrator
    44834559        to selectively turn off the granting of oplocks on selected files that
    44844560        match a wildcarded list, similar to the wildcarded list used in the
    4485         <a class="indexterm" name="id295610"></a>veto files parameter.
     4561        <a class="indexterm" name="id296084"></a>veto files parameter.
    44864562        </p><p>
    44874563        You might want to do this on files that you know will be heavily contended
     
    45224598        seconds the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon will cache
    45234599        user and group information before querying a Windows NT server
    4524         again.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This does not apply to authentication requests,
    4525         these are always evaluated in real time.</p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = 300
     4600        again.</p><p>
     4601        This does not apply to authentication requests, these are always
     4602        evaluated in real time unless the <a class="indexterm" name="id296302"></a>winbind   offline logon option has been enabled.
     4603        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = 300
    45264604</em></span>
    45274605</p></dd><dt><span class="term"><a name="WINBINDENUMGROUPS"></a>winbind enum groups (G)</span></dt><dd><p>On large installations using <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> it may be necessary to suppress
     
    46124690</em></span>
    46134691</p></dd><dt><span class="term"><a name="WINBINDTRUSTEDDOMAINSONLY"></a>winbind trusted domains only (G)</span></dt><dd><p>
    4614         This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use
    4615         UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
    4616         Therefore, the user <code class="literal">DOMAIN\user1</code> would be mapped to the account user1 in /etc/passwd
    4617         instead of allocating a new uid for him or her.
     4692        This parameter is designed to allow Samba servers that are members
     4693        of a Samba controlled domain to use UNIX accounts distributed via NIS,
     4694        rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
     4695        Therefore, the user <code class="literal">DOMAIN\user1</code> would be mapped to
     4696        the account user1 in /etc/passwd instead of allocating a new uid for him or her.
     4697        </p><p>
     4698        This parameter is not deprecated in favor of the newer idmap_nss backend.
     4699        Refer to the <a class="indexterm" name="id296873"></a>idmap domains smb.conf option and
     4700        the <a href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a> man page for more information.
    46184701        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = no
    46194702</em></span>
     
    46814764        appear to be in when queried by clients. Note that this parameter
    46824765        also controls the Domain name used with
    4683         the <a class="indexterm" name="id296766"></a>security = domain
     4766        the <a class="indexterm" name="id297262"></a>security = domain
    46844767                setting.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = WORKGROUP
    46854768</em></span>
    46864769</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = MYGROUP
    46874770</em></span>
    4688 </p></dd><dt><span class="term"><a name="WRITABLE"></a>writable</span></dt><dd><p>This parameter is a synonym for writeable.</p></dd><dt><span class="term"><a name="WRITEABLE"></a>writeable (S)</span></dt><dd><p>Inverted synonym for <a class="indexterm" name="id296839"></a>read only.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="WRITECACHESIZE"></a>write cache size (S)</span></dt><dd><p>If this integer parameter is set to non-zero value,
     4771</p></dd><dt><span class="term"><a name="WRITABLE"></a>writable</span></dt><dd><p>This parameter is a synonym for writeable.</p></dd><dt><span class="term"><a name="WRITEABLE"></a>writeable (S)</span></dt><dd><p>Inverted synonym for <a class="indexterm" name="id297335"></a>read only.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="WRITECACHESIZE"></a>write cache size (S)</span></dt><dd><p>If this integer parameter is set to non-zero value,
    46894772    Samba will create an in-memory cache for each oplocked file
    46904773    (it does <span class="emphasis"><em>not</em></span> do this for
     
    47074790    This is a list of users that are given read-write access to a service. If the
    47084791    connecting user is in this list then they will be given write access, no matter
    4709     what the <a class="indexterm" name="id296936"></a>read only option is set to. The list can
     4792    what the <a class="indexterm" name="id297432"></a>read only option is set to. The list can
    47104793    include group names using the @group syntax.
    47114794    </p><p>
     
    47144797    </p><p>
    47154798    By design, this parameter will not work with the
    4716     <a class="indexterm" name="id296952"></a>security = share in Samba 3.0.
     4799    <a class="indexterm" name="id297448"></a>security = share in Samba 3.0.
    47174800    </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> =
    47184801</em></span>
     
    47354818</p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = /var/log/wtmp
    47364819</em></span>
    4737 </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id297085"></a><h2>WARNINGS</h2><p>
     4820</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id297581"></a><h2>WARNINGS</h2><p>
    47384821        Although the configuration file permits service names to contain spaces, your client software may not.
    47394822        Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
     
    47484831        care when designing these sections. In particular, ensure that the permissions on spool directories are
    47494832        correct.
    4750         </p></div><div class="refsect1" lang="en"><a name="id297128"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id297139"></a><h2>SEE ALSO</h2><p>
    4751         <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id297218"></a><h2>AUTHOR</h2><p>
     4833        </p></div><div class="refsect1" lang="en"><a name="id297624"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id297635"></a><h2>SEE ALSO</h2><p>
     4834        <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id297714"></a><h2>AUTHOR</h2><p>
    47524835        The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
    47534836        by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

  • trunk/samba/docs/htmldocs/manpages/vfs_extd_audit.8.html

    r1 r22  
    66        <a href="syslog.3.html"><span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span></a>).</p><p>Other than logging to the
    77        <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log,
    8         <span><strong class="command">vfs_ext_audit</strong></span> is identical to
    9         <a href="vfs_ext_audit.8.html"><span class="citerefentry"><span class="refentrytitle">vfs_ext_audit</span>(8)</span></a>.
     8        <span><strong class="command">vfs_extd_audit</strong></span> is identical to
     9        <a href="vfs_audit.8.html"><span class="citerefentry"><span class="refentrytitle">vfs_audit</span>(8)</span></a>.
    1010        </p><p>This module is stackable.</p></div><div class="refsect1" lang="en"><a name="id231159"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
    1111        </p></div><div class="refsect1" lang="en"><a name="id231170"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities

  • trunk/samba/docs/htmldocs/manpages/vfs_full_audit.8.html

    r1 r22  
    33        client operations to the system log using
    44        <a href="syslog.3.html"><span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span></a>.</p><p><span><strong class="command">vfs_full_audit</strong></span> is able to record the
    5         complete set of Samba VFS operations:</p><table class="simplelist" border="0" summary="Simple list"><tr><td>connect</td></tr><tr><td>disconnect</td></tr><tr><td>disk_free</td></tr><tr><td>get_quota</td></tr><tr><td>set_quota</td></tr><tr><td>get_shadow_copy_data</td></tr><tr><td>statvfs</td></tr><tr><td>opendir</td></tr><tr><td>readdir</td></tr><tr><td>seekdir</td></tr><tr><td>telldir</td></tr><tr><td>rewinddir</td></tr><tr><td>mkdir</td></tr><tr><td>rmdir</td></tr><tr><td>closedir</td></tr><tr><td>open</td></tr><tr><td>close</td></tr><tr><td>read</td></tr><tr><td>pread</td></tr><tr><td>write</td></tr><tr><td>pwrite</td></tr><tr><td>lseek</td></tr><tr><td>sendfile</td></tr><tr><td>rename</td></tr><tr><td>fsync</td></tr><tr><td>stat</td></tr><tr><td>fstat</td></tr><tr><td>lstat</td></tr><tr><td>unlink</td></tr><tr><td>chmod</td></tr><tr><td>fchmod</td></tr><tr><td>chown</td></tr><tr><td>fchown</td></tr><tr><td>chdir</td></tr><tr><td>getwd</td></tr><tr><td>utime</td></tr><tr><td>ftruncate</td></tr><tr><td>lock</td></tr><tr><td>kernel_flock</td></tr><tr><td>linux_setlease</td></tr><tr><td>getlock</td></tr><tr><td>symlink</td></tr><tr><td>readlink</td></tr><tr><td>link</td></tr><tr><td>mknod</td></tr><tr><td>realpath</td></tr><tr><td>fget_nt_acl</td></tr><tr><td>get_nt_acl</td></tr><tr><td>fset_nt_acl</td></tr><tr><td>set_nt_acl</td></tr><tr><td>chmod_acl</td></tr><tr><td>fchmod_acl</td></tr><tr><td>sys_acl_get_entry</td></tr><tr><td>sys_acl_get_tag_type</td></tr><tr><td>sys_acl_get_permset</td></tr><tr><td>sys_acl_get_qualifier</td></tr><tr><td>sys_acl_get_file</td></tr><tr><td>sys_acl_get_fd</td></tr><tr><td>sys_acl_clear_perms</td></tr><tr><td>sys_acl_add_perm</td></tr><tr><td>sys_acl_to_text</td></tr><tr><td>sys_acl_init</td></tr><tr><td>sys_acl_create_entry</td></tr><tr><td>sys_acl_set_tag_type</td></tr><tr><td>sys_acl_set_qualifier</td></tr><tr><td>sys_acl_set_permset</td></tr><tr><td>sys_acl_valid</td></tr><tr><td>sys_acl_set_file</td></tr><tr><td>sys_acl_set_fd</td></tr><tr><td>sys_acl_delete_def_file</td></tr><tr><td>sys_acl_get_perm</td></tr><tr><td>sys_acl_free_text</td></tr><tr><td>sys_acl_free_acl</td></tr><tr><td>sys_acl_free_qualifier</td></tr><tr><td>getxattr</td></tr><tr><td>lgetxattr</td></tr><tr><td>fgetxattr</td></tr><tr><td>listxattr</td></tr><tr><td>llistxattr</td></tr><tr><td>flistxattr</td></tr><tr><td>removexattr</td></tr><tr><td>lremovexattr</td></tr><tr><td>fremovexattr</td></tr><tr><td>setxattr</td></tr><tr><td>lsetxattr</td></tr><tr><td>fsetxattr</td></tr><tr><td>aio_read</td></tr><tr><td>aio_write</td></tr><tr><td>aio_return</td></tr><tr><td>aio_cancel</td></tr><tr><td>aio_error</td></tr><tr><td>aio_fsync</td></tr><tr><td>aio_suspend</td></tr></table><p>In addition to these operations,
     5        complete set of Samba VFS operations:</p><table class="simplelist" border="0" summary="Simple list"><tr><td>aio_cancel</td></tr><tr><td>aio_error</td></tr><tr><td>aio_fsync</td></tr><tr><td>aio_read</td></tr><tr><td>aio_return</td></tr><tr><td>aio_suspend</td></tr><tr><td>aio_write</td></tr><tr><td>chdir</td></tr><tr><td>chflags</td></tr><tr><td>chmod</td></tr><tr><td>chmod_acl</td></tr><tr><td>chown</td></tr><tr><td>close</td></tr><tr><td>closedir</td></tr><tr><td>connect</td></tr><tr><td>disconnect</td></tr><tr><td>disk_free</td></tr><tr><td>fchmod</td></tr><tr><td>fchmod_acl</td></tr><tr><td>fchown</td></tr><tr><td>fget_nt_acl</td></tr><tr><td>fgetxattr</td></tr><tr><td>flistxattr</td></tr><tr><td>fremovexattr</td></tr><tr><td>fset_nt_acl</td></tr><tr><td>fsetxattr</td></tr><tr><td>fstat</td></tr><tr><td>fsync</td></tr><tr><td>ftruncate</td></tr><tr><td>get_nt_acl</td></tr><tr><td>get_quota</td></tr><tr><td>get_shadow_copy_data</td></tr><tr><td>getlock</td></tr><tr><td>getwd</td></tr><tr><td>getxattr</td></tr><tr><td>kernel_flock</td></tr><tr><td>lgetxattr</td></tr><tr><td>link</td></tr><tr><td>linux_setlease</td></tr><tr><td>listxattr</td></tr><tr><td>llistxattr</td></tr><tr><td>lock</td></tr><tr><td>lremovexattr</td></tr><tr><td>lseek</td></tr><tr><td>lsetxattr</td></tr><tr><td>lstat</td></tr><tr><td>mkdir</td></tr><tr><td>mknod</td></tr><tr><td>open</td></tr><tr><td>opendir</td></tr><tr><td>pread</td></tr><tr><td>pwrite</td></tr><tr><td>read</td></tr><tr><td>readdir</td></tr><tr><td>readlink</td></tr><tr><td>realpath</td></tr><tr><td>removexattr</td></tr><tr><td>rename</td></tr><tr><td>rewinddir</td></tr><tr><td>rmdir</td></tr><tr><td>seekdir</td></tr><tr><td>sendfile</td></tr><tr><td>set_nt_acl</td></tr><tr><td>set_quota</td></tr><tr><td>setxattr</td></tr><tr><td>stat</td></tr><tr><td>statvfs</td></tr><tr><td>symlink</td></tr><tr><td>sys_acl_add_perm</td></tr><tr><td>sys_acl_clear_perms</td></tr><tr><td>sys_acl_create_entry</td></tr><tr><td>sys_acl_delete_def_file</td></tr><tr><td>sys_acl_free_acl</td></tr><tr><td>sys_acl_free_qualifier</td></tr><tr><td>sys_acl_free_text</td></tr><tr><td>sys_acl_get_entry</td></tr><tr><td>sys_acl_get_fd</td></tr><tr><td>sys_acl_get_file</td></tr><tr><td>sys_acl_get_perm</td></tr><tr><td>sys_acl_get_permset</td></tr><tr><td>sys_acl_get_qualifier</td></tr><tr><td>sys_acl_get_tag_type</td></tr><tr><td>sys_acl_init</td></tr><tr><td>sys_acl_set_fd</td></tr><tr><td>sys_acl_set_file</td></tr><tr><td>sys_acl_set_permset</td></tr><tr><td>sys_acl_set_qualifier</td></tr><tr><td>sys_acl_set_tag_type</td></tr><tr><td>sys_acl_to_text</td></tr><tr><td>sys_acl_valid</td></tr><tr><td>telldir</td></tr><tr><td>unlink</td></tr><tr><td>utime</td></tr><tr><td>write</td></tr></table><p>In addition to these operations,
    66        <span><strong class="command">vfs_full_audit</strong></span> recognizes the special operation
    77        names "all" and "none ", which refer to all
     
    1111        format is: </p><pre class="programlisting">
    1212                smbd_audit: PREFIX|OPERATION|RESULT|FILE
    13         </pre><p>The record fields are:</p><div class="itemizedlist"><ul type="disc"><li><p><span><strong class="command">PREFIX</strong></span> - the result of the full_audit:prefix string after variable substitutions</p></li><li><p><span><strong class="command">OPERATION</strong></span> - the name of the VFS operation</p></li><li><p><span><strong class="command">RESULT</strong></span> - whether the operation succeeded or failed</p></li><li><p><span><strong class="command">FILE</strong></span> - the name of the file or directory the operation was performed on</p></li></ul></div><p>This module is stackable.</p></div><div class="refsect1" lang="en"><a name="id271774"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">vfs_full_audit:prefix = STRING</span></dt><dd><p>Prepend audit messages with STRING. STRING is
     13        </pre><p>The record fields are:</p><div class="itemizedlist"><ul type="disc"><li><p><span><strong class="command">PREFIX</strong></span> - the result of the full_audit:prefix string after variable substitutions</p></li><li><p><span><strong class="command">OPERATION</strong></span> - the name of the VFS operation</p></li><li><p><span><strong class="command">RESULT</strong></span> - whether the operation succeeded or failed</p></li><li><p><span><strong class="command">FILE</strong></span> - the name of the file or directory the operation was performed on</p></li></ul></div><p>This module is stackable.</p></div><div class="refsect1" lang="en"><a name="id271778"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">vfs_full_audit:prefix = STRING</span></dt><dd><p>Prepend audit messages with STRING. STRING is
    1414                processed for standard substitution variables listed in
    1515                <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>. The default
     
    2525                </p></dd><dt><span class="term">full_audit:priority = PRIORITY</span></dt><dd><p>Log messages with the named
    2626                <a href="syslog.3.html"><span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span></a> priority.
    27                 </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id271879"></a><h2>EXAMPLES</h2><p>Log file and directory open operations on the [records]
     27                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id271883"></a><h2>EXAMPLES</h2><p>Log file and directory open operations on the [records]
    2828        share using the LOCAL7 facility and ALERT priority, including
    2929        the username and IP address:</p><pre class="programlisting">
    3030        <em class="parameter"><code>[records]</code></em>
    31         <a class="indexterm" name="id271900"></a>path = /data/records
    32         <a class="indexterm" name="id271907"></a>vfs objects = full_audit
    33         <a class="indexterm" name="id271914"></a>full_audit:prefix = %u|%I
    34         <a class="indexterm" name="id271921"></a>full_audit:success = open opendir
    35         <a class="indexterm" name="id271928"></a>full_audit:failure = all
    36         <a class="indexterm" name="id271935"></a>full_audit:facility = LOCAL7
    37         <a class="indexterm" name="id271943"></a>full_audit:priority = ALERT
    38 </pre></div><div class="refsect1" lang="en"><a name="id271952"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
    39         </p></div><div class="refsect1" lang="en"><a name="id271962"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     31        <a class="indexterm" name="id271903"></a>path = /data/records
     32        <a class="indexterm" name="id271910"></a>vfs objects = full_audit
     33        <a class="indexterm" name="id271917"></a>full_audit:prefix = %u|%I
     34        <a class="indexterm" name="id271925"></a>full_audit:success = open opendir
     35        <a class="indexterm" name="id271932"></a>full_audit:failure = all
     36        <a class="indexterm" name="id271939"></a>full_audit:facility = LOCAL7
     37        <a class="indexterm" name="id271946"></a>full_audit:priority = ALERT
     38</pre></div><div class="refsect1" lang="en"><a name="id271956"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
     39        </p></div><div class="refsect1" lang="en"><a name="id271966"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    4040        were created by Andrew Tridgell. Samba is now developed
    4141        by the Samba Team as an Open Source project similar

  • trunk/samba/docs/htmldocs/manpages/vfs_recycle.8.html

    r1 r22  
    3333                </p></dd><dt><span class="term">recycle:touch_mtime = BOOL</span></dt><dd><p>Specifies whether a file's last modified date should be
    3434                updated when the file is moved to the repository.
     35                </p></dd><dt><span class="term">recycle:minsize = BYTES</span></dt><dd><p>Files that are smaller than the number of bytes
     36                specified by this parameter will not be put into the
     37                repository.
    3538                </p></dd><dt><span class="term">recycle:maxsize = BYTES</span></dt><dd><p>Files that are larger than the number of bytes
    3639                specified by this parameter will not be put into the
     
    4447                and ? are supported) for which no versioning should
    4548                be used. Only useful when recycle:versions is enabled.
    46                 </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id231506"></a><h2>EXAMPLES</h2><p>Log operations on all shares using the LOCAL1 facility
     49                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id231520"></a><h2>EXAMPLES</h2><p>Log operations on all shares using the LOCAL1 facility
    4750        and NOTICE priority:</p><pre class="programlisting">
    4851        <em class="parameter"><code>[global]</code></em>
    49         <a class="indexterm" name="id231525"></a>vfs objects = recycle
    50         <a class="indexterm" name="id231532"></a>recycle:facility = LOCAL1
    51         <a class="indexterm" name="id231539"></a>recycle:priority = NOTICE
    52 </pre></div><div class="refsect1" lang="en"><a name="id230495"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
    53         </p></div><div class="refsect1" lang="en"><a name="id230506"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     52        <a class="indexterm" name="id231539"></a>vfs objects = recycle
     53        <a class="indexterm" name="id230493"></a>recycle:facility = LOCAL1
     54        <a class="indexterm" name="id230500"></a>recycle:priority = NOTICE
     55</pre></div><div class="refsect1" lang="en"><a name="id230510"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
     56        </p></div><div class="refsect1" lang="en"><a name="id230520"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    5457        were created by Andrew Tridgell. Samba is now developed
    5558        by the Samba Team as an Open Source project similar

  • trunk/samba/docs/htmldocs/manpages/winbindd.8.html

    r1 r22  
    44        in most modern C libraries, to arbitary applications via PAM
    55        and <span><strong class="command">ntlm_auth</strong></span> and to Samba itself.</p><p>Even if winbind is not used for nsswitch, it still provides a
    6     service to <span><strong class="command">smbd</strong></span>, <span><strong class="command">ntlm_auth</strong></span>
    7     and the <span><strong class="command">pam_winbind.so</strong></span> PAM module, by managing connections to
    8     domain controllers.  In this configuraiton the
    9     <a class="indexterm" name="id231194"></a>idmap uid and
    10     <a class="indexterm" name="id231201"></a>idmap gid
    11     parameters are not required. (This is known as `netlogon proxy only mode'.)</p><p> The Name Service Switch allows user
     6        service to <span><strong class="command">smbd</strong></span>, <span><strong class="command">ntlm_auth</strong></span>
     7        and the <span><strong class="command">pam_winbind.so</strong></span> PAM module, by managing connections to
     8        domain controllers.  In this configuraiton the
     9        <a class="indexterm" name="id231194"></a>idmap uid and
     10        <a class="indexterm" name="id231201"></a>idmap gid
     11        parameters are not required. (This is known as `netlogon proxy only mode'.)</p><p> The Name Service Switch allows user
    1212        and system information to be obtained from different databases
    1313        services such as NIS or DNS.  The exact behaviour can be configured
     
    8585use only by developers and generate HUGE amounts of log
    8686data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
    87 override the <a class="indexterm" name="id271776"></a> parameter
     87override the <a class="indexterm" name="id271775"></a> parameter
    8888in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-l|--logfile=logdirectory</span></dt><dd><p>Base directory name for log/debug files. The extension
    8989<code class="constant">".progname"</code> will be appended (e.g. log.smbclient,
     
    116116        users and groups will be mapped as soon as a client performs a user
    117117        or group enumeration command.  The allocated unix ids are stored
    118         in a database file under the Samba lock directory and will be
    119         remembered. </p><p>WARNING: The SID to unix id database is the only location
     118        in a database and will be remembered. </p><p>WARNING: The SID to unix id database is the only location
    120119        where the user and group mappings are stored by winbindd.  If this
    121         file is deleted or corrupted, there is no way for winbindd to
     120        store is deleted or corrupted, there is no way for winbindd to
    122121        determine which user and group ids correspond to Windows NT user
    123         and group rids. </p><p>See the <a class="indexterm" name="id271915"></a> parameter in
     122        and group rids. </p><p>See the <a class="indexterm" name="id271914"></a> or the old <a class="indexterm" name="id271920"></a> parameters in
    124123        <code class="filename">smb.conf</code> for options for sharing this
    125         database, such as via LDAP.</p></div><div class="refsect1" lang="en"><a name="id271929"></a><h2>CONFIGURATION</h2><p>Configuration of the <span><strong class="command">winbindd</strong></span> daemon
     124        database, such as via LDAP.</p></div><div class="refsect1" lang="en"><a name="id271934"></a><h2>CONFIGURATION</h2><p>Configuration of the <span><strong class="command">winbindd</strong></span> daemon
    126125        is done through configuration parameters in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.  All parameters should be specified in the
    127126        [global] section of smb.conf. </p><div class="itemizedlist"><ul type="disc"><li><p>
    128                 <a class="indexterm" name="id271959"></a>winbind separator</p></li><li><p>
    129                 <a class="indexterm" name="id271971"></a>idmap uid</p></li><li><p>
    130                 <a class="indexterm" name="id271982"></a>idmap gid</p></li><li><p>
    131                 <a class="indexterm" name="id271993"></a>idmap backend</p></li><li><p>
    132                 <a class="indexterm" name="id272005"></a>winbind cache time</p></li><li><p>
    133                 <a class="indexterm" name="id272016"></a>winbind enum users</p></li><li><p>
    134                 <a class="indexterm" name="id272027"></a>winbind enum groups</p></li><li><p>
    135                 <a class="indexterm" name="id272039"></a>template homedir</p></li><li><p>
    136                 <a class="indexterm" name="id272050"></a>template shell</p></li><li><p>
    137                 <a class="indexterm" name="id272061"></a>winbind use default domain</p></li></ul></div></div><div class="refsect1" lang="en"><a name="id272072"></a><h2>EXAMPLE SETUP</h2><p>
     127                <a class="indexterm" name="id271964"></a>winbind separator</p></li><li><p>
     128                <a class="indexterm" name="id271976"></a>idmap uid</p></li><li><p>
     129                <a class="indexterm" name="id271987"></a>idmap gid</p></li><li><p>
     130                <a class="indexterm" name="id271998"></a>idmap backend</p></li><li><p>
     131                <a class="indexterm" name="id272010"></a>winbind cache time</p></li><li><p>
     132                <a class="indexterm" name="id272021"></a>winbind enum users</p></li><li><p>
     133                <a class="indexterm" name="id272032"></a>winbind enum groups</p></li><li><p>
     134                <a class="indexterm" name="id272044"></a>template homedir</p></li><li><p>
     135                <a class="indexterm" name="id272055"></a>template shell</p></li><li><p>
     136                <a class="indexterm" name="id272066"></a>winbind use default domain</p></li></ul></div></div><div class="refsect1" lang="en"><a name="id272077"></a><h2>EXAMPLE SETUP</h2><p>
    138137        To setup winbindd for user and group lookups plus
    139138        authentication from a domain controller use something like the
     
    186185        the DOMAIN+user syntax for the username. You may wish to use the
    187186        commands <span><strong class="command">getent passwd</strong></span> and <span><strong class="command">getent group
    188         </strong></span> to confirm the correct operation of winbindd.</p></div><div class="refsect1" lang="en"><a name="id272263"></a><h2>NOTES</h2><p>The following notes are useful when configuring and
     187        </strong></span> to confirm the correct operation of winbindd.</p></div><div class="refsect1" lang="en"><a name="id272268"></a><h2>NOTES</h2><p>The following notes are useful when configuring and
    189188        running <span><strong class="command">winbindd</strong></span>: </p><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> must be running on the local machine
    190189        for <span><strong class="command">winbindd</strong></span> to work. </p><p>PAM is really easy to misconfigure.  Make sure you know what
     
    193192        then in general the user and groups ids allocated by winbindd will not
    194193        be the same.  The user and group ids will only be valid for the local
    195         machine, unless a shared <a class="indexterm" name="id272310"></a> is configured.</p><p>If the the Windows NT SID to UNIX user and group id mapping
    196         file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" lang="en"><a name="id272322"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the
     194        machine, unless a shared <a class="indexterm" name="id272315"></a> is configured.</p><p>If the the Windows NT SID to UNIX user and group id mapping
     195        file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" lang="en"><a name="id272327"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the
    197196        <span><strong class="command">winbindd</strong></span> daemon. </p><div class="variablelist"><dl><dt><span class="term">SIGHUP</span></dt><dd><p>Reload the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file and
    198197                apply any parameter changes to the running
     
    202201                winbindd</strong></span> to write status information to the winbind
    203202                log file.</p><p>Log files are stored in the filename specified by the
    204                 log file parameter.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id272385"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with
     203                log file parameter.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id272390"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with
    205204                the <span><strong class="command">winbindd</strong></span> program.  For security reasons, the
    206205                winbind client will only attempt to connect to the winbindd daemon
     
    223222                This directory is by default <code class="filename">/usr/local/samba/var/locks
    224223                </code>. </p></dd><dt><span class="term">$LOCKDIR/winbindd_cache.tdb</span></dt><dd><p>Storage for cached user and group information.
    225                 </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id272529"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of
    226         the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id272540"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" lang="en"><a name="id272597"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
     224                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id272534"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of
     225        the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id272545"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" lang="en"><a name="id272602"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
    227226        were created by Andrew Tridgell. Samba is now developed
    228227        by the Samba Team as an Open Source project similar
Note: See TracChangeset for help on using the changeset viewer.