smb.conf.5

samba-3.0.22.tar.gz 编译smb服务器的源码

.TP
casesignames
This parameter is a synonym for case sensitive\&.

.TP
case sensitive (S)
See the discussion in the section name mangling\&.

Default: \fB\fIcase sensitive\fR = no \fR 

.TP
change notify timeout (G)
This SMB allows a client to tell a server to "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred\&. Such constant scanning of a directory is expensive under UNIX, hence an \fBsmbd\fR(8) daemon only performs such a scan on each requested directory once every \fIchange notify timeout\fR seconds\&.

Default: \fB\fIchange notify timeout\fR = 60 \fR 

Example: \fB\fIchange notify timeout\fR = 300 # Would change the scan time to every 5 minutes\&. \fR 

.TP
change share command (G)
Samba 2\&.2\&.0 introduced the ability to dynamically add and delete shares via the Windows NT 4\&.0 Server Manager\&. The\fIchange share command\fR is used to define an external program or script which will modify an existing service definition in \fIsmb\&.conf\fR\&. In order to successfully execute the \fIchange share command\fR, \fBsmbd\fR requires that the administrator be connected using a root account (i\&.e\&. uid == 0)\&.

When executed, \fBsmbd\fR will automatically invoke the\fIchange share command\fR with four parameters\&.


.RS
.TP 3
\(bu
\fIconfigFile\fR \- the location of the global \fIsmb\&.conf\fR file\&.
.TP
\(bu
\fIshareName\fR \- the name of the new share\&.
.TP
\(bu
\fIpathName\fR \- path to an **existing** directory on disk\&.
.TP
\(bu
\fIcomment\fR \- comment string to associate with the new share\&.
.LP
.RE
.IP
This parameter is only used modify existing file shares definitions\&. To modify printer shares, use the "Printers\&.\&.\&." folder as seen when browsing the Samba host\&.

Default: \fB\fIchange share command\fR = \fR 

Example: \fB\fIchange share command\fR = /usr/local/bin/addshare \fR 

.TP
check password script (G)
The name of a program that can be used to check password complexity\&. The password is sent to the program's standrad input\&.

The program must return 0 on good password any other value otherwise\&. In case the password is considered weak (the program do not return 0) the user will be notified and the password change will fail\&.

Note: In the example directory there is a sample program called crackcheck that uses cracklib to checkpassword quality

\&.


Default: \fB\fIcheck password script\fR = Disabled \fR 

Example: \fB\fIcheck password script\fR = check password script = /usr/local/sbin/crackcheck \fR 

.TP
client lanman auth (G)
This parameter determines whether or not \fBsmbclient\fR(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash\&. If disabled, only server which support NT password hashes (e\&.g\&. Windows NT/2000, Samba, etc\&.\&.\&. but not Windows 95/98) will be able to be connected from the Samba client\&.

The LANMAN encrypted response is easily broken, due to it's case\-insensitive nature, and the choice of algorithm\&. Clients without Windows 95/98 servers are advised to disable this option\&.

Disabling this option will also disable the \fBclient plaintext auth\fR option

Likewise, if the \fBclient ntlmv2 auth\fR parameter is enabled, then only NTLMv2 logins will be attempted\&.

Default: \fB\fIclient lanman auth\fR = yes \fR 

.TP
client ntlmv2 auth (G)
This parameter determines whether or not \fBsmbclient\fR(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response\&.

If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent\&. Many servers (including NT4 < SP4, Win9x and Samba 2\&.2) are not compatible with NTLMv2\&.

Similarly, if enabled, NTLMv1, \fBclient lanman auth\fR and \fBclient plaintext auth\fR authentication will be disabled\&. This also disables share\-level authentication\&.

If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of \fBclient lanman auth\fR\&.

Note that some sites (particularly those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&.

Default: \fB\fIclient ntlmv2 auth\fR = no \fR 

.TP
client plaintext auth (G)
Specifies whether a client should send a plaintext password if the server does not support encrypted passwords\&.

Default: \fB\fIclient plaintext auth\fR = yes \fR 

.TP
client schannel (G)
This controls whether the client offers or even demands the use of the netlogon schannel\&. client schannel = no does not offer the schannel, client schannel = auto offers the schannel but does not enforce it, and client schannel = yes denies access if the server is not able to speak netlogon schannel\&.

Default: \fB\fIclient schannel\fR = auto \fR 

Example: \fB\fIclient schannel\fR = yes \fR 

.TP
client signing (G)
This controls whether the client offers or requires the server it talks to to use SMB signing\&. Possible values are \fBauto\fR, \fBmandatory\fR and \fBdisabled\fR\&.

When set to auto, SMB signing is offered, but not enforced\&. When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either\&.

Default: \fB\fIclient signing\fR = auto \fR 

.TP
client use spnego (G)
This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with supporting servers (including WindowsXP, Windows2000 and Samba 3\&.0) to agree upon an authentication mechanism\&. This enables Kerberos authentication in particular\&.

Default: \fB\fIclient use spnego\fR = yes \fR 

.TP
comment (S)
This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via \fBnet view\fR to list what shares are available\&.

If you want to set the string that is displayed next to the machine name then see the server string parameter\&.

Default: \fB\fIcomment\fR = # No comment \fR 

Example: \fB\fIcomment\fR = Fred's Files \fR 

.TP
config file (G)
This allows you to override the config file to use, instead of the default (usually \fIsmb\&.conf\fR)\&. There is a chicken and egg problem here as this option is set in the config file!

For this reason, if the name of the config file has changed when the parameters are loaded then it will reload them from the new config file\&.

This option takes the usual substitutions, which can be very useful\&.

If the config file doesn't exist then it won't be loaded (allowing you to special case the config files of just a few clients)\&.

\fBNo default\fR

Example: \fB\fIconfig file\fR = /usr/local/samba/lib/smb\&.conf\&.%m \fR 

.TP
copy (S)
This parameter allows you to "clone" service entries\&. The specified service is simply duplicated under the current service's name\&. Any parameters specified in the current section will override those in the section being copied\&.

This feature lets you set up a 'template' service and create similar services easily\&. Note that the service being copied must occur earlier in the configuration file than the service doing the copying\&.

Default: \fB\fIcopy\fR = \fR 

Example: \fB\fIcopy\fR = otherservice \fR 

.TP
create mode
This parameter is a synonym for create mask\&.

.TP
create mask (S)
When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit\-wise 'AND'ed with this parameter\&. This parameter may be thought of as a bit\-wise MASK for the UNIX modes of a file\&. Any bit \fBnot\fR set here will be removed from the modes set on a file when it is created\&.

The default value of this parameter removes the group and other write and execute bits from the UNIX modes\&.

Following this Samba will bit\-wise 'OR' the UNIX mode created from this parameter with the value of theforce create mode parameter which is set to 000 by default\&.

This parameter does not affect directory masks\&. See the parameter directory mask for details\&.

Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors\&. If the administrator wishes to enforce a mask on access control lists also, they need to set the security mask\&.

Default: \fB\fIcreate mask\fR = 0744 \fR 

Example: \fB\fIcreate mask\fR = 0775 \fR 

.TP
csc policy (S)
This stands for \fBclient\-side caching policy\fR, and specifies how clients capable of offline caching will cache the files in the share\&. The valid values are: manual, documents, programs, disable\&.

These values correspond to those used on Windows servers\&.

For example, shares containing roaming profiles can have offline caching disabled usingcsc policy = disable\&.

Default: \fB\fIcsc policy\fR = manual \fR 

Example: \fB\fIcsc policy\fR = programs \fR 

.TP
cups options (S)
This parameter is only applicable if printing is set to \fBcups\fR\&. Its value is a free form string of options passed directly to the cups library\&.

You can pass any generic print option known to CUPS (as listed in the CUPS "Software Users' Manual")\&. You can also pass any printer specific option (as listed in "lpoptions \-d printername \-l") valid for the target queue\&.

You should set this parameter to \fBraw\fR if your CUPS server \fIerror_log\fR file contains messages such as "Unsupported format 'application/octet\-stream'" when printing from a Windows client through Samba\&. It is no longer necessary to enable system wide raw printing in \fI/etc/cups/mime\&.{convs,types}\fR\&.

Default: \fB\fIcups options\fR = "" \fR 

Example: \fB\fIcups options\fR = "raw,media=a4,job\-sheets=secret,secret" \fR 

.TP
cups server (G)
This parameter is only applicable if printing is set to \fBcups\fR\&.

If set, this option overrides the ServerName option in the CUPS \fIclient\&.conf\fR\&. This is necessary if you have virtual samba servers that connect to different CUPS daemons\&.

Default: \fB\fIcups server\fR = "" \fR 

Example: \fB\fIcups server\fR = MYCUPSSERVER \fR 

.TP
deadtime (G)
The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected\&. The deadtime only takes effect if the number of open files is zero\&.

This is useful to stop a server's resources being exhausted by a large number of inactive connections\&.

Most clients have an auto\-reconnect feature when a connection is broken so in most cases this parameter should be transparent to users\&.

Using this parameter with a timeout of a few minutes is recommended for most systems\&.

A deadtime of zero indicates that no auto\-disconnection should be performed\&.

Default: \fB\fIdeadtime\fR = 0 \fR 

Example: \fB\fIdeadtime\fR = 15 \fR 

.TP
debug hires timestamp (G)
Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp message header when turned on\&.

Note that the parameter debug timestamp must be on for this to have an effect\&.

Default: \fB\fIdebug hires timestamp\fR = no \fR 

.TP
debug pid (G)
When using only one log file for more then one forked \fBsmbd\fR(8)\-process there may be hard to follow which process outputs which message\&. This boolean parameter is adds the process\-id to the timestamp message headers in the logfile when turned on\&.