<para>
The <filename moreinfo="none">smb.conf</filename> file is a configuration file for the Samba suite. <filename
moreinfo="none">smb.conf</filename> contains runtime configuration information for the Samba programs. The
- <filename moreinfo="none">smb.conf</filename> file is designed to be configured and administered by the
- <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> program. The
+ <filename moreinfo="none">smb.conf</filename> file is designed to be configured and administered by the
+ <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> program. The
complete description of the file format and possible parameters held within are here for reference purposes.
</para>
</refsect1>
<para>
There are three special sections, [global], [homes] and [printers], which are described under
- <emphasis>special sections</emphasis>. The following notes apply to ordinary section descriptions.
+ <emphasis>special sections</emphasis>. The following notes apply to ordinary section descriptions.
</para>
<para>
also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of
reading broadcast messages. If this option is not set then <command moreinfo="none">nmbd</command> will
service name requests on all of these sockets. If <smbconfoption name="bind interfaces only"/> is set then
- <command moreinfo="none">nmbd</command> will check the source address of any packets coming in on the
+ <command moreinfo="none">nmbd</command> will check the source address of any packets coming in on the
broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the
<smbconfoption name="interfaces"/> parameter list. As unicast packets are received on the other sockets it
allows <command moreinfo="none">nmbd</command> to refuse to serve names to machines that send packets that
arrive through any interfaces not listed in the <smbconfoption name="interfaces"/> list. IP Source address
spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for
- <command moreinfo="none">nmbd</command>.
+ <command moreinfo="none">nmbd</command>.
</para>
<para>
<para>
If <smbconfoption name="bind interfaces only"/> is set then unless the network address
- <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list
- <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> and
- <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> may not work as
+ <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list
+ <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> and
+ <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> may not work as
expected due to the reasons covered below.
</para>
<para>
To change a users SMB password, the <command moreinfo="none">smbpasswd</command> by default connects to the
- <emphasis>localhost - 127.0.0.1</emphasis> address as an SMB client to issue the password change request. If
+ <emphasis>localhost - 127.0.0.1</emphasis> address as an SMB client to issue the password change request. If
<smbconfoption name="bind interfaces only"/> is set then unless the network address
- <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list then <command
+ <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list then <command
moreinfo="none"> smbpasswd</command> will fail to connect in it's default mode. <command
moreinfo="none">smbpasswd</command> can be forced to use the primary IP interface of the local host by using
its <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> <parameter
use SSL when connecting to the ldap server
This is <emphasis>NOT</emphasis> related to
Samba's previous SSL support which was enabled by specifying the
- <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename>
+ <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename>
script.</para>
<para>The <smbconfoption name="ldap ssl"/> can be set to one of three values:</para>
moreinfo="none">ldap server</parameter>. Only available when the
backwards-compatiblity <command
moreinfo="none">--with-ldapsam</command> option is specified
- to configure. See <smbconfoption name="passdb backend"/></para>
+ to configure. See <smbconfoption name="passdb backend"/></para>.
</listitem>
</itemizedlist>
</description>
<para>
The ldap suffix will be appended to the values specified for the <smbconfoption name="ldap user suffix"/>,
- <smbconfoption name="ldap group suffix"/>, <smbconfoption name="ldap machine suffix"/>, and the
- <smbconfoption name="ldap idmap suffix"/>. Each of these should be given only a DN relative to the
- <smbconfoption name ="ldap suffix"/>.
+ <smbconfoption name="ldap group suffix"/>, <smbconfoption name="ldap machine suffix"/>, and the
+ <smbconfoption name="ldap idmap suffix"/>. Each of these should be given only a DN relative to the
+ <smbconfoption name ="ldap suffix"/>.
</para>
</description>
<value type="default"></value>
UNIX doesn't support shared memory (almost all do).</para>
<para>The share modes that are enabled by this option are
- <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>,
+ <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>,
<constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>,
<constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>.
</para>
<para>
Well-behaved clients always ask for lock checks when it is important. So in the vast majority of cases,
- <command moreinfo="none">strict locking = Auto</command> or
- <command moreinfo="none">strict locking = no</command> is acceptable.
+ <command moreinfo="none">strict locking = Auto</command> or
+ <command moreinfo="none">strict locking = no</command> is acceptable.
</para>
</description>
<value type="default">Auto</value>
<description>
<para>
This is the full pathname to a script that will be run by
- <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> when a machine is
+ <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> when a machine is
added to Samba's domain and a Unix account matching the machine's name appended with a "$" does not
already exist.
</para>
files on this server. For sites that use Windows NT account databases as their primary
user database creating these users and keeping the user list in sync with the Windows
NT PDC is an onerous task. This option allows smbd to create the required UNIX users
- <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.
+ <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.
</para>
<para>
<description>
<para>
This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
- <command>net rpc rights</command> or one of the Windows user and group manager tools. This parameter is
+ <command>net rpc rights</command> or one of the Windows user and group manager tools. This parameter is
enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
assign privileges to users or groups which can then result in certain smbd operations running as root that
would normally run under the context of the connected user.
<para>
This tells Samba to return the above string, with substitutions made when a client requests the info, generally
in a NetUserGetInfo request. Win9X clients truncate the info to \\server\share when a user does
- <command moreinfo="none">net use /home</command> but use the whole string when dealing with profiles.
+ <command moreinfo="none">net use /home</command> but use the whole string when dealing with profiles.
</para>
<para>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This a full path name to a script called by
- <citerefentry><refentrytitle>smbd</refentrytitle>
+ <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> that should
start a shutdown procedure.</para>
<para>
This boolean parameter is only available if Samba has been configured and compiled
with the option <command moreinfo="none">--with-utmp</command>. If set to
- <constant>yes</constant> then Samba will attempt to add utmp or utmpx records
+ <constant>yes</constant> then Samba will attempt to add utmp or utmpx records
(depending on the UNIX system) whenever a connection is made to a Samba server.
Sites may use this to record the user connecting to a Samba share.
</para>
<para>
In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
- <emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs
+ <emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs
on that file.
</para>
<para>
<description>
<para>
This option only takes effect when the <smbconfoption name="security"/> option is set to
- <constant>server</constant>,<constant>domain</constant> or <constant>ads</constant>.
+ <constant>server</constant>, <constant>domain</constant> or <constant>ads</constant>.
If it is set to no, then attempts to connect to a resource from
a domain or workgroup other than the one which smbd is running
in will fail, even if that domain is trusted by the remote server
<para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> it may be
necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>,
- <command moreinfo="none">getpwent()</command> and
- <command moreinfo="none">endpwent()</command> group of system calls. If
+ <command moreinfo="none">getpwent()</command> and
+ <command moreinfo="none">endpwent()</command> group of system calls. If
the <parameter moreinfo="none">winbind enum users</parameter> parameter is
- <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call
+ <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call
will not return any data. </para>
<warning><para>Turning off user
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter specifies whether the
- <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon should operate on users
without domain component in their username. Users without a domain
component are treated as is part of the winbindd server's own
git.samba.org / ira / wip.git / commitdiff