smb.conf.5

samba-3.0.22.tar.gz 编译smb服务器的源码

.RS
.TP 3
\(bu
\fIprinter name\fR
.TP
\(bu
\fIshare name\fR
.TP
\(bu
\fIport name\fR
.TP
\(bu
\fIdriver name\fR
.TP
\(bu
\fIlocation\fR
.TP
\(bu
\fIWindows 9x driver location\fR
.LP
.RE
.IP
All parameters are filled in from the PRINTER_INFO_2 structure sent by the Windows NT/2000 client with one exception\&. The "Windows 9x driver location" parameter is included for backwards compatibility only\&. The remaining fields in the structure are generated from answers to the APW questions\&.

Once the \fIaddprinter command\fR has been executed, \fBsmbd\fR will reparse the \fI smb\&.conf\fR to determine if the share defined by the APW exists\&. If the sharename is still invalid, then \fBsmbd \fR will return an ACCESS_DENIED error to the client\&.

The "add printer command" program can output a single line of text, which Samba will set as the port the new printer is connected to\&. If this line isn't output, Samba won't reload its printer shares\&.

Default: \fB\fIadd printer command\fR = \fR 

Example: \fB\fIadd printer command\fR = /usr/bin/addprinter \fR 

.TP
add share command (G)
Samba 2\&.2\&.0 introduced the ability to dynamically add and delete shares via the Windows NT 4\&.0 Server Manager\&. The\fIadd share command\fR is used to define an external program or script which will add a new service definition to \fIsmb\&.conf\fR\&. In order to successfully execute the \fIadd share command\fR, \fBsmbd\fR requires that the administrator be connected using a root account (i\&.e\&. uid == 0)\&.

When executed, \fBsmbd\fR will automatically invoke the\fIadd share command\fR with four parameters\&.


.RS
.TP 3
\(bu
\fIconfigFile\fR \- the location of the global \fIsmb\&.conf\fR file\&.
.TP
\(bu
\fIshareName\fR \- the name of the new share\&.
.TP
\(bu
\fIpathName\fR \- path to an **existing** directory on disk\&.
.TP
\(bu
\fIcomment\fR \- comment string to associate with the new share\&.
.LP
.RE
.IP
This parameter is only used for add file shares\&. To add printer shares, see the addprinter command\&.

Default: \fB\fIadd share command\fR = \fR 

Example: \fB\fIadd share command\fR = /usr/local/bin/addshare \fR 

.TP
add user script (G)
This is the full pathname to a script that will be run \fBAS ROOT\fR by\fBsmbd\fR(8) under special circumstances described below\&.

Normally, a Samba server requires that UNIX users are created for all users accessing files on this server\&. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the Windows NT PDC is an onerous task\&. This option allows smbd to create the required UNIX users\fBON DEMAND\fR when a user accesses the Samba server\&.

In order to use this option, \fBsmbd\fR(8) must \fBNOT\fR be set tosecurity = share and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of\fI%u\fR, which expands into the UNIX user name to create\&.

When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, \fBsmbd\fR(8) contacts the password server and attempts to authenticate the given user with the given password\&. If the authentication succeeds then \fBsmbd\fR attempts to find a UNIX user in the UNIX password database to map the Windows user into\&. If this lookup fails, andadd user script is set then \fBsmbd\fR will call the specified script \fBAS ROOT\fR, expanding any\fI%u\fR argument to be the user name to create\&.

If this script successfully creates the user then \fBsmbd\fR will continue on as though the UNIX user already existed\&. In this way, UNIX users are dynamically created to match existing Windows NT accounts\&.

See also security, password server,delete user script\&.

Default: \fB\fIadd user script\fR = \fR 

Example: \fB\fIadd user script\fR = /usr/local/samba/bin/add_user %u \fR 

.TP
add user to group script (G)
Full path to the script that will be called when a user is added to a group using the Windows NT domain administration tools\&. It will be run by \fBsmbd\fR(8) \fBAS ROOT\fR\&. Any \fI%g\fR will be replaced with the group name and any \fI%u\fR will be replaced with the user name\&.

Note that the \fBadduser\fR command used in the example below does not support the used syntax on all systems\&.

Default: \fB\fIadd user to group script\fR = \fR 

Example: \fB\fIadd user to group script\fR = /usr/sbin/adduser %u %g \fR 

.TP
admin users (S)
This is a list of users who will be granted administrative privileges on the share\&. This means that they will do all file operations as the super\-user (root)\&.

You should use this option very carefully, as any user in this list will be able to do anything they like on the share, irrespective of file permissions\&.

This parameter will not work with the security = share in Samba 3\&.0\&. This is by design\&.

Default: \fB\fIadmin users\fR = \fR 

Example: \fB\fIadmin users\fR = jason \fR 

.TP
afs share (S)
This parameter controls whether special AFS features are enabled for this share\&. If enabled, it assumes that the directory exported via the \fIpath\fR parameter is a local AFS import\&. The special AFS features include the attempt to hand\-craft an AFS token if you enabled \-\-with\-fake\-kaserver in configure\&.

Default: \fB\fIafs share\fR = no \fR 

.TP
afs username map (G)
If you are using the fake kaserver AFS feature, you might want to hand\-craft the usernames you are creating tokens for\&. For example this is necessary if you have users from several domain in your AFS Protection Database\&. One possible scheme to code users as DOMAIN+User as it is done by winbind with the + as a separator\&.

The mapped user name must contain the cell name to log into, so without setting this parameter there will be no token\&.

Default: \fB\fIafs username map\fR = \fR 

Example: \fB\fIafs username map\fR = %u@afs\&.samba\&.org \fR 

.TP
algorithmic rid base (G)
This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers\&.

Setting this option to a larger value could be useful to sites transitioning from WinNT and Win2k, as existing user and group rids would otherwise clash with sytem users etc\&.

All UIDs and GIDs must be able to be resolved into SIDs for the correct operation of ACLs on the server\&. As such the algorithmic mapping can't be 'turned off', but pushing it 'out of the way' should resolve the issues\&. Users and groups can then be assigned 'low' RIDs in arbitary\-rid supporting backends\&.

Default: \fB\fIalgorithmic rid base\fR = 1000 \fR 

Example: \fB\fIalgorithmic rid base\fR = 100000 \fR 

.TP
allocation roundup size (S)
This parameter allows an administrator to tune the allocation size reported to Windows clients\&. The default size of 1Mb generally results in improved Windows client performance\&. However, rounding the allocation size may cause difficulties for some applications, e\&.g\&. MS Visual Studio\&. If the MS Visual Studio compiler starts to crash with an internal error, set this parameter to zero for this share\&.

The integer parameter specifies the roundup size in bytes\&.

Default: \fB\fIallocation roundup size\fR = 1048576 \fR 

Example: \fB\fIallocation roundup size\fR = 0 # (to disable roundups) \fR 

.TP
allow trusted domains (G)
This option only takes effect when the security option is set to \fBserver\fR,\fBdomain\fR or \fBads\fR\&. If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication\&.

This is useful if you only want your Samba server to serve resources to users in the domain it is a member of\&. As an example, suppose that there are two domains DOMA and DOMB\&. DOMB is trusted by DOMA, which contains the Samba server\&. Under normal circumstances, a user with an account in DOMB can then access the resources of a UNIX account with the same account name on the Samba server even if they do not have an account in DOMA\&. This can make implementing a security boundary difficult\&.

Default: \fB\fIallow trusted domains\fR = yes \fR 

.TP
announce as (G)
This specifies what type of server \fBnmbd\fR(8) will announce itself as, to a network neighborhood browse list\&. By default this is set to Windows NT\&. The valid options are : "NT Server" (which can also be written as "NT"), "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, Windows NT Workstation, Windows 95 and Windows for Workgroups respectively\&. Do not change this parameter unless you have a specific need to stop Samba appearing as an NT server as this may prevent Samba servers from participating as browser servers correctly\&.

Default: \fB\fIannounce as\fR = NT Server \fR 

Example: \fB\fIannounce as\fR = Win95 \fR 

.TP
announce version (G)
This specifies the major and minor version numbers that nmbd will use when announcing itself as a server\&. The default is 4\&.9\&. Do not change this parameter unless you have a specific need to set a Samba server to be a downlevel server\&.

Default: \fB\fIannounce version\fR = 4\&.9 \fR 

Example: \fB\fIannounce version\fR = 2\&.0 \fR 

.TP
auth methods (G)
This option allows the administrator to chose what authentication methods \fBsmbd\fR will use when authenticating a user\&. This option defaults to sensible values based on security\&. This should be considered a developer option and used only in rare circumstances\&. In the majority (if not all) of production servers, the default setting should be adequate\&.

Each entry in the list attempts to authenticate the user in turn, until the user authenticates\&. In practice only one method will ever actually be able to complete the authentication\&.

Possible options include \fBguest\fR (anonymous access), \fBsam\fR (lookups in local list of accounts based on netbios name or domain name), \fBwinbind\fR (relay authentication requests for remote users through winbindd), \fBntdomain\fR (pre\-winbindd method of authentication for remote domain users; deprecated in favour of winbind method), \fBtrustdomain\fR (authenticate trusted users by contacting the remote DC directly from smbd; deprecated in favour of winbind method)\&.

Default: \fB\fIauth methods\fR = \fR 

Example: \fB\fIauth methods\fR = guest sam winbind \fR 

.TP
available (S)
This parameter lets you "turn off" a service\&. If\fIavailable = no\fR, then \fBALL\fR attempts to connect to the service will fail\&. Such failures are logged\&.

Default: \fB\fIavailable\fR = yes \fR 

.TP
bind interfaces only (G)
This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests\&. It affects file service \fBsmbd\fR(8) and name service \fBnmbd\fR(8) in a slightly different ways\&.

For name service it causes \fBnmbd\fR to bind to ports 137 and 138 on the interfaces listed in the interfaces parameter\&. \fBnmbd\fR also binds to the "all addresses" interface (0\&.0\&.0\&.0) on ports 137 and 138 for the purposes of reading broadcast messages\&. If this option is not set then \fBnmbd\fR will service name requests on all of these sockets\&. If bind interfaces only is set then\fBnmbd\fR will check the source address of any packets coming in on the broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in theinterfaces parameter list\&. As unicast packets are received on the other sockets it allows \fBnmbd\fR to refuse to serve names to machines that send packets that arrive through any interfaces not listed in the interfaces list\&. IP Source address spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for\fBnmbd\fR\&.

For file service it causes \fBsmbd\fR(8) to bind only to the interface list given in the interfaces parameter\&. This restricts the networks that \fBsmbd\fR will serve to packets coming in those interfaces\&. Note that you should not use this parameter for machines that are serving PPP or other intermittent or non\-broadcast network interfaces as it will not cope with non\-permanent interfaces\&.

If bind interfaces only is set then unless the network address\fB127\&.0\&.0\&.1\fR is added to the interfaces parameter list\fBsmbpasswd\fR(8) and\fBswat\fR(8) may not work as expected due to the reasons covered below\&.

To change a users SMB password, the \fBsmbpasswd\fR by default connects to the\fBlocalhost \- 127\&.0\&.0\&.1\fR address as an SMB client to issue the password change request\&. Ifbind interfaces only is set then unless the network address\fB127\&.0\&.0\&.1\fR is added to the interfaces parameter list then \fB smbpasswd\fR will fail to connect in it's default mode\&. \fBsmbpasswd\fR can be forced to use the primary IP interface of the local host by using its \fBsmbpasswd\fR(8)\fI\-r \fIremote machine\fR\fR parameter, with \fIremote machine\fR set to the IP name of the primary interface of the local host\&.

The \fBswat\fR status page tries to connect with \fBsmbd\fR and \fBnmbd\fR at the address\fB127\&.0\&.0\&.1\fR to determine if they are running\&. Not adding \fB127\&.0\&.0\&.1\fR will cause \fB smbd\fR and \fBnmbd\fR to always show "not running" even if they really are\&. This can prevent \fB swat\fR from starting/stopping/restarting \fBsmbd\fR and \fBnmbd\fR\&.

Default: \fB\fIbind interfaces only\fR = no \fR 

.TP
blocking locks (S)
This parameter controls the behavior of \fBsmbd\fR(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it\&.

If this parameter is set and the lock range requested cannot be immediately satisfied, samba will internally queue the lock request, and periodically attempt to obtain the lock until the timeout period expires\&.

If this parameter is set to \fBno\fR, then samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained\&.

Default: \fB\fIblocking locks\fR = yes \fR 

.TP
block size (S)
This parameter controls the behavior of \fBsmbd\fR(8) when reporting disk free sizes\&. By default, this reports a disk block size of 1024 bytes\&.

Changing this parameter may have some effect on the efficiency of client writes, this is not yet confirmed\&. This parameter was added to allow advanced administrators to change it (usually to a higher value) and test the effect it has on client write performance without re\-compiling the code\&. As this is an experimental option it may be removed in a future release\&.

Changing this option does not change the disk free reporting size, just the block size unit reported to the client\&.

\fBNo default\fR

.TP
browsable
This parameter is a synonym for browseable\&.

.TP
browseable (S)
This controls whether this share is seen in the list of available shares in a net view and in the browse list\&.

Default: \fB\fIbrowseable\fR = yes \fR 

.TP
browse list (G)
This controls whether \fBsmbd\fR(8) will serve a browse list to a client doing a \fBNetServerEnum\fR call\&. Normally set to \fByes\fR\&. You should never need to change this\&.

Default: \fB\fIbrowse list\fR = yes \fR