-.TH SMB.CONF 5 "16 Dec 1997" "smb.conf 1.9.18alpha13"
+.TH SMB.CONF 5 "08 Jan 1998" "smb.conf 1.9.18"
.SH NAME
smb.conf \- configuration file for smbd
.SH SYNOPSIS
your NIS auto.map entry. If you have not compiled Samba with -DAUTOMOUNT
then this value will be the same as %L.
+%p = the path of the service's home directory, obtained from your NIS
+auto.map entry. The NIS auto.map entry is split up as "%N:%p".
+
%R = the selected protocol level after protocol negotiation. As of
Samba 1.9.18 it can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1.
min wins ttl
+name resolve order
+
netbios aliases
netbios name
valid chars
-veto files
+wins proxy
+
+wins server
+
+wins support
workgroup
dos filetimes
+dos filetime resolution
+
exec
+fake directory create times
+
fake oplocks
follow symlinks
min print space
+networkstation user login
+
only guest
only user
valid users
+veto files
+
veto oplock files
volume
.SS alternate permissions (S)
-This option affects the way the "read only" DOS attribute is produced
-for UNIX files. If this is false then the read only bit is set for
-files on writeable shares which the user cannot write to.
-
-If this is true then it is set for files whos user write bit is not set.
-
-The latter behaviour is useful for when users copy files from each
-others directories, and use a file manager that preserves
-permissions. Without this option they may get annoyed as all copied
-files will have the "read only" bit set.
-
-.B Default:
- alternate permissions = no
-
-.B Example:
- alternate permissions = yes
+This option is deprecated and is only included for backward
+compatibility.
.SS available (S)
This parameter lets you 'turn off' a service. If 'available = no', then
See
.B create mask.
-.SS dead time (G)
+.SS deadtime (G)
The value of the parameter (a decimal integer) represents the number of
minutes of inactivity before a connection is considered dead, and it
is disconnected. The deadtime only takes effect if the number of open files
A deadtime of zero indicates that no auto-disconnection should be performed.
.B Default:
- dead time = 0
+ deadtime = 0
.B Example:
- dead time = 15
+ deadtime = 15
.SS debug level (G)
The value of the parameter (an integer) allows the debug level
(logging level) to be specified in the
.B Example:
dos filetimes = True
+.SS dos filetime resolution (S)
+Under the DOS and Windows FAT filesystem, the finest granulatity on
+time resolution is two seconds. Setting this parameter for a share
+causes Samba to round the reported time down to the nearest two
+second boundary when a query call that requires one second resolution
+is made to smbd.
+
+This option is mainly used as a compatibility option for Visual C++
+when used against Samba shares. If oplocks are enabled on a share,
+Visual C++ uses two different time reading calls to check if a file
+has changed since it was last read. One of these calls uses a one-second
+granularity, the other uses a two second granularity. As the two second
+call rounds any odd second down, then if the file has a timestamp of an
+odd number of seconds then the two timestamps will not match and Visual
+C++ will keep reporting the file has changed. Setting this option causes
+the two timestamps to match, and Visual C++ is happy.
+
+.B Default:
+ dos filetime resolution = False
+
+.B Example:
+ dos filetime resolution = True
+
.SS encrypt passwords (G)
This boolean controls whether encrypted passwords will be negotiated
-with the client. Note that this option has no effect if you haven't
-compiled in the necessary des libraries and encryption code. It
-defaults to no.
+with the client. Note that Windows NT 4.0 SP3 and above will by default
+expect encrypted passwords unless a registry entry is changed. To use
+encrypted passwords in Samba see the file docs/ENCRYPTION.txt.
.SS exec (S)
This is an alias for preexec
+.SS fake directory create times (S)
+NTFS and Windows VFAT file systems keep a create time for all files
+and directories. This is not the same as the ctime - status change
+time - that Unix keeps, so Samba by default reports the earliest
+of the various times Unix does keep. Setting this parameter for a
+share causes Samba to always report midnight 1-1-1980 as
+the create time for directories.
+
+This option is mainly used as a compatibility option for Visual C++
+when used against Samba shares. Visual C++ generated makefiles
+have the object directory as a dependency for each object file,
+and a make rule to create the directory. Also, when NMAKE
+compares timestamps it uses the creation time when examining
+a directory. Thus the object directory will be created if it does
+not exist, but once it does exist it will always have an earlier
+timestamp than the object files it contains.
+
+However, Unix time semantics mean that the create time reported
+by Samba will be updated whenever a file is created or deleted
+in the directory. NMAKE therefore finds all object files in the
+object directory bar the last one built are out of date compared
+to the directory and rebuilds them. Enabling this option ensures
+directories always predate their contents and an NMAKE build will
+proceed as expected.
+
+.B Default:
+ fake directory create times = False
+
+.B Example:
+ fake directory create times = True
+
.SS fake oplocks (S)
Oplocks are the way that SMB clients get permission from a server to
.B Example
invalid users = root fred admin @wheel
-.SS keep alive (G)
+.SS keepalive (G)
The value of the parameter (an integer) represents the number of seconds
between 'keepalive' packets. If this parameter is zero, no keepalive packets
will be sent. Keepalive packets, if sent, allow the server to tell whether a
client is still present and responding.
-Keepalives should, in general, not be needed if the socket being used
-has the SO_KEEPALIVE attribute set on it (see "socket
-options"). Basically you should only use this option if you strike
-difficulties.
-
.B Default:
- keep alive = 0
+ keep alive = 300
.B Example:
keep alive = 60
.B Default:
min wins ttl = 21600
+.SS name resolve order (G)
+
+This option is used by the programs smbd, nmbd and smbclient to determine
+what naming services and in what order to resolve host names to IP addresses.
+This option is most useful in smbclient. The option takes a space separated
+string of different name resolution options. These are "lmhosts", "host",
+"wins" and "bcast". They cause names to be resolved as follows :
+
+lmhosts : Lookup an IP address in the Samba lmhosts file.
+host : Do a standard host name to IP address resolution, using the
+ system /etc/hosts, NIS, or DNS lookups. This method of name
+ resolution is operating system depended (for instance on Solaris
+ this may be controlled by the /etc/nsswitch.conf file).
+wins : Query a name with the IP address listed in the "wins server ="
+ parameter. If no WINS server has been specified this method will
+ be ignored.
+bcast : Do a broadcast on each of the known local interfaces listed in
+ the "interfaces =" parameter. This is the least reliable of the
+ name resolution methods as it depends on the target host being
+ on a locally connected subnet.
+
+The default order is lmhosts, host, wins, bcast and these name resolution
+methods will be attempted in this order.
+
+This option was first introduced in Samba 1.9.18p4.
+
+.B Default:
+ name resolve order = lmhosts host wins bcast
+
+.Example:
+ name resolve order = lmhosts bcast host
+
+This will cause the local lmhosts file to be examined first, followed
+by a broadcast attempt, followed by a normal system hostname lookup.
.SS netbios aliases (G)
.B Example:
nis homedir = true
+.SS networkstation user login (G)
+This global parameter (new for 1.9.18p3) affects server level security.
+With this set (recommended) samba will do a full NetWkstaUserLogon to
+confirm that the client really should have login rights. This can cause
+problems with machines in trust relationships in which case you can
+disable it here, but be warned, we have heard that some NT machines
+will then allow anyone in with any password! Make sure you test it.
+
+.B Default:
+ networkstation user login = yes
+
+.B Example:
+ networkstation user login = no
+
.SS null passwords (G)
Allow or disallow access to accounts that have null passwords.
internet name then you may have to add its netbios name to
/etc/hosts.
+Note that with Samba 1.9.18p4 and above the name of the password
+server is looked up using the parameter "name resolve order=" and
+so may resolved by any method and order described in that parameter.
+
The password server much be a machine capable of using the "LM1.2X002"
or the "LM NT 0.12" protocol, and it must be in user level security
mode.
set directory = yes
.SS shared file entries (G)
-This parameter is only useful when Samba has been compiled with FAST_SHARE_MODES.
-It specifies the number of hash bucket entries used for share file locking.
-You should never change this parameter unless you have studied the source
-and know what you are doing.
-
-.B Default
- shared file entries = 113
+This parameter has been removed (as of Samba 1.9.18 and above). The new
+System V shared memory code prohibits the user from allocating the
+share hash bucket size directly.
.SS shared mem size (G)
This parameter is only useful when Samba has been compiled with FAST_SHARE_MODES.
It specifies the size of the shared memory (in bytes) to use between smbd
processes. You should never change this parameter unless you have studied
-the source and know what you are doing.
+the source and know what you are doing. This parameter defaults to 1024
+multiplied by the setting of the maximum number of open files in the
+file local.h in the Samba source code. MAX_OPEN_FILES is normally set
+to 100, so this parameter defaults to 102400 bytes.
.B Default
shared mem size = 102400
.SS wins support (G)
-This boolean controls if Samba will act as a WINS server. You should
-not set this to true unless you have a multi-subnetted network and
+This boolean controls if the nmbd process in Samba will act as a WINS server.
+You should not set this to true unless you have a multi-subnetted network and
you wish a particular nmbd to be your WINS server. Note that you
should *NEVER* set this to true on more than one machine in your
network.
.B Example:
write raw = no
+
.SH NOTE ABOUT USERNAME/PASSWORD VALIDATION
There are a number of ways in which a user can connect to a
service. The server follows the following steps in determining if it