smb.conf/manpage/2006/parameters/I

idmap backend
idmap backend (G) The purpose of the idmap backend parameter is to allow idmap to              NOT use the local idmap tdb file to obtain SID to UID / GID map- pings, but  instead  to obtain them from a common LDAP backend. This way all domain members and controllers will have the  same UID and  GID to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux systems  that  are  sharing information over protocols other than SMB/CIFS (ie: NFS).

An alternate method of SID to UID / GID mapping can be achieved using the idmap_rid plug-in. This plug-in uses the account  RID to derive  the  UID  and  GID by adding the RID to a base value specified. This utility  requires  that  the  parameter``a�al�ll�lo�ow�w t�tr�ru�us�st�te�ed�d d�do�om�ma�ai�in�ns�s =�= N�No�o'' must be specified, as it is not compati- ble with multiple domain environments. The idmap uid and  idmap gid ranges must also be specified.

Default: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d =

Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = ldap:ldap://ldapslave.example.com

Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = idmap_rid:DOMNAME=1000-100000000

idmap gid
winbind gid This parameter is a synonym for idmap gid.

idmap gid (G) The idmap  gid  parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or              NIS groups within it as strange conflicts can occur otherwise.

The availability of an idmap gid range is essential for correct operation of all group mapping.

Default: _�i_�d_�m_�a_�p _�g_�i_�d =

Example: _�i_�d_�m_�a_�p _�g_�i_�d = 10000-20000

idmap uid
winbind uid This parameter is a synonym for idmap uid.

idmap uid (G) The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user  SIDs. This range of  ids should have no existing local or NIS users within it as strange conflicts can occur otherwise.

Default: _�i_�d_�m_�a_�p _�u_�i_�d =

Example: _�i_�d_�m_�a_�p _�u_�i_�d = 10000-20000

include
include (G) This allows you to include one config file inside another. The file is included literally, as though typed in place.

It takes the standard substitutions, except _�%_�u, _�%_�P and _�%_�S.

Default: _�i_�n_�c_�l_�u_�d_�e =

Example: _�i_�n_�c_�l_�u_�d_�e = /usr/local/samba/lib/admin_smb.conf

inherit acls
inherit acls (S) This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating  a              subdirectory. The default behavior is to use the mode specified when creating the directory. Enabling this option sets the mode to 0777, thus guaranteeing that default directory acls are prop- agated.

Default: _�i_�n_�h_�e_�r_�i_�t _�a_�c_�l_�s = no

inherit permissions
inherit permissions (S) The permissions on new files and directories are normally  gov- erned by   _�c_�r_�e_�a_�t_�e  _�m_�a_�s_�k,  _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k, _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e and _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e but the boolean inherit permissions parame- ter overrides this.

New directories  inherit  the  mode  of  the  parent directory, including bits such as setgid.

New files inherit their read/write bits from the parent  direc- tory. Their execute  bits  continue  to  be  determined by _�m_�a_�p _�a_�r_�c_�h_�i_�v_�e, _�m_�a_�p _�h_�i_�d_�d_�e_�n and _�m_�a_�p _�s_�y_�s_�t_�e_�m as usual.

Note that the setuid bit is n�ne�ev�ve�er�r set via inheritance (the code              explicitly prohibits this).

This can  be  particularly  useful  on  large systems with many users, perhaps several thousand, to allow a single [homes] share to be used flexibly by each user.

Default: _�i_�n_�h_�e_�r_�i_�t _�p_�e_�r_�m_�i_�s_�s_�i_�o_�n_�s = no

interfaces
interfaces (G) This option  allows  you to override the default network inter- faces list that Samba will use for browsing, name  registration and other  NBT  traffic. By default Samba will query the kernel for the list of all active interfaces and  use  any  interfaces except 127.0.0.1 that are broadcast capable.

The option takes a list of interface strings. Each string can be             in any of the following forms:

· a network interface name (such as  eth0). This may  include shell-like wildcards so eth* will match any interface start- ing with the substring "eth"

· an IP address. In this case the netmask is  determined  from the list of interfaces obtained from the kernel

· an IP/mask pair.

· a broadcast/mask pair.

The "mask"  parameters  can either be a bit length (such as 24 for a C       class network) or a full netmask in dotted decimal form.

The "IP" parameters above can either  be  a  full  dotted  decimal  IP       address or a hostname which will be looked up via the OS's normal host- name resolution mechanisms.

Default: _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s = # all active interfaces except 127.0.0.1 that are broadcast capable

Example: _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s  = # This would configure three network interfaces corresponding to the eth0 device and  IP  addresses  192.168.2.10  and 192.168.3.10. The netmasks of the latter two interfaces would be set to      255.255.255.0. eth0 192.168.2.10/24 192.168.3.10/255.255.255.0

invalid users
invalid users (S) This is a list of users that should not be allowed to login  to              this  service. This is  really  a p�pa�ar�ra�an�no�oi�id�d check to absolutely ensure an improper setting does not breach your security.

A name starting with a '@' is interpreted as  an  NIS  netgroup first (if your system supports NIS), and then as a UNIX group if             the name was not found in the NIS netgroup database.

A name starting with '+' is interpreted only by looking in  the UNIX group  database. A name starting with '&' is interpreted only by looking in the NIS netgroup database (this requires NIS              to be working on your system). The characters '+' and '&' may be             used at the start of the name  in  either  order  so  the  value _�+_�&_�g_�r_�o_�u_�p means check the UNIX group database, followed by the NIS netgroup database, and the value _�&_�+_�g_�r_�o_�u_�p means  check  the  NIS netgroup database, followed by the UNIX group database (the same             as the '@' prefix).

The current servicename is substituted for _�%_�S. This is useful in             the [homes] section.

Default: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = # no invalid users

Example: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = root fred admin @wheel