https://htyp.org/mw/index.php?action=history&feed=atom&title=smb.conf%2Fmanpage%2F2006%2Fparameters%2FIsmb.conf/manpage/2006/parameters/I - Revision history2026-06-25T21:33:34ZRevision history for this page on the wikiMediaWiki 1.45.3https://htyp.org/mw/index.php?title=smb.conf/manpage/2006/parameters/I&diff=14077&oldid=prevWoozle: splitting into subpages2010-09-05T14:52:07Z<p>splitting into subpages</p>
<p><b>New page</b></p><div>==idmap backend==<br />
idmap backend (G)<br />
The purpose of the idmap backend parameter is to allow idmap to<br />
NOT use the local idmap tdb file to obtain SID to UID / GID map-<br />
pings, but instead to obtain them from a common LDAP backend.<br />
This way all domain members and controllers will have the same<br />
UID and GID to SID mappings. This avoids the risk of UID / GID<br />
inconsistencies across UNIX / Linux systems that are sharing<br />
information over protocols other than SMB/CIFS (ie: NFS).<br />
<br />
An alternate method of SID to UID / GID mapping can be achieved<br />
using the idmap_rid plug-in. This plug-in uses the account RID<br />
to derive the UID and GID by adding the RID to a base value<br />
specified. This utility requires that the parameter``a�al�ll�lo�ow�w<br />
t�tr�ru�us�st�te�ed�d d�do�om�ma�ai�in�ns�s =�= N�No�o'' must be specified, as it is not compati-<br />
ble with multiple domain environments. The idmap uid and idmap<br />
gid ranges must also be specified.<br />
<br />
Default: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d =<br />
<br />
Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = ldap:ldap://ldapslave.example.com<br />
<br />
Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = idmap_rid:DOMNAME=1000-100000000<br />
<br />
==idmap gid==<br />
winbind gid<br />
This parameter is a synonym for idmap gid.<br />
<br />
<br />
idmap gid (G)<br />
The idmap gid parameter specifies the range of group ids that<br />
are allocated for the purpose of mapping UNX groups to NT group<br />
SIDs. This range of group ids should have no existing local or<br />
NIS groups within it as strange conflicts can occur otherwise.<br />
<br />
The availability of an idmap gid range is essential for correct<br />
operation of all group mapping.<br />
<br />
Default: _�i_�d_�m_�a_�p _�g_�i_�d =<br />
<br />
Example: _�i_�d_�m_�a_�p _�g_�i_�d = 10000-20000<br />
<br />
==idmap uid==<br />
winbind uid<br />
This parameter is a synonym for idmap uid.<br />
<br />
<br />
idmap uid (G)<br />
The idmap uid parameter specifies the range of user ids that are<br />
allocated for use in mapping UNIX users to NT user SIDs. This<br />
range of ids should have no existing local or NIS users within<br />
it as strange conflicts can occur otherwise.<br />
<br />
Default: _�i_�d_�m_�a_�p _�u_�i_�d =<br />
<br />
Example: _�i_�d_�m_�a_�p _�u_�i_�d = 10000-20000<br />
<br />
==include==<br />
include (G)<br />
This allows you to include one config file inside another. The<br />
file is included literally, as though typed in place.<br />
<br />
It takes the standard substitutions, except _�%_�u , _�%_�P and _�%_�S.<br />
<br />
Default: _�i_�n_�c_�l_�u_�d_�e =<br />
<br />
Example: _�i_�n_�c_�l_�u_�d_�e = /usr/local/samba/lib/admin_smb.conf<br />
<br />
==inherit acls==<br />
inherit acls (S)<br />
This parameter can be used to ensure that if default acls exist<br />
on parent directories, they are always honored when creating a<br />
subdirectory. The default behavior is to use the mode specified<br />
when creating the directory. Enabling this option sets the mode<br />
to 0777, thus guaranteeing that default directory acls are prop-<br />
agated.<br />
<br />
Default: _�i_�n_�h_�e_�r_�i_�t _�a_�c_�l_�s = no<br />
<br />
==inherit permissions==<br />
inherit permissions (S)<br />
The permissions on new files and directories are normally gov-<br />
erned by _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k, _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k, _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e and<br />
_�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e but the boolean inherit permissions parame-<br />
ter overrides this.<br />
<br />
New directories inherit the mode of the parent directory,<br />
including bits such as setgid.<br />
<br />
New files inherit their read/write bits from the parent direc-<br />
tory. Their execute bits continue to be determined by _�m_�a_�p<br />
_�a_�r_�c_�h_�i_�v_�e, _�m_�a_�p _�h_�i_�d_�d_�e_�n and _�m_�a_�p _�s_�y_�s_�t_�e_�m as usual.<br />
<br />
Note that the setuid bit is n�ne�ev�ve�er�r set via inheritance (the code<br />
explicitly prohibits this).<br />
<br />
This can be particularly useful on large systems with many<br />
users, perhaps several thousand, to allow a single [homes] share<br />
to be used flexibly by each user.<br />
<br />
Default: _�i_�n_�h_�e_�r_�i_�t _�p_�e_�r_�m_�i_�s_�s_�i_�o_�n_�s = no<br />
<br />
==interfaces==<br />
interfaces (G)<br />
This option allows you to override the default network inter-<br />
faces list that Samba will use for browsing, name registration<br />
and other NBT traffic. By default Samba will query the kernel<br />
for the list of all active interfaces and use any interfaces<br />
except 127.0.0.1 that are broadcast capable.<br />
<br />
The option takes a list of interface strings. Each string can be<br />
in any of the following forms:<br />
<br />
<br />
<br />
· a network interface name (such as eth0). This may include<br />
shell-like wildcards so eth* will match any interface start-<br />
ing with the substring "eth"<br />
<br />
· an IP address. In this case the netmask is determined from<br />
the list of interfaces obtained from the kernel<br />
<br />
· an IP/mask pair.<br />
<br />
· a broadcast/mask pair.<br />
<br />
The "mask" parameters can either be a bit length (such as 24 for a C<br />
class network) or a full netmask in dotted decimal form.<br />
<br />
The "IP" parameters above can either be a full dotted decimal IP<br />
address or a hostname which will be looked up via the OS's normal host-<br />
name resolution mechanisms.<br />
<br />
Default: _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s = # all active interfaces except 127.0.0.1 that are<br />
broadcast capable<br />
<br />
Example: _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s = # This would configure three network interfaces<br />
corresponding to the eth0 device and IP addresses 192.168.2.10 and<br />
192.168.3.10. The netmasks of the latter two interfaces would be set to<br />
255.255.255.0. eth0 192.168.2.10/24 192.168.3.10/255.255.255.0<br />
<br />
<br />
==invalid users==<br />
invalid users (S)<br />
This is a list of users that should not be allowed to login to<br />
this service. This is really a p�pa�ar�ra�an�no�oi�id�d check to absolutely<br />
ensure an improper setting does not breach your security.<br />
<br />
A name starting with a '@' is interpreted as an NIS netgroup<br />
first (if your system supports NIS), and then as a UNIX group if<br />
the name was not found in the NIS netgroup database.<br />
<br />
A name starting with '+' is interpreted only by looking in the<br />
UNIX group database. A name starting with '&' is interpreted<br />
only by looking in the NIS netgroup database (this requires NIS<br />
to be working on your system). The characters '+' and '&' may be<br />
used at the start of the name in either order so the value<br />
_�+_�&_�g_�r_�o_�u_�p means check the UNIX group database, followed by the NIS<br />
netgroup database, and the value _�&_�+_�g_�r_�o_�u_�p means check the NIS<br />
netgroup database, followed by the UNIX group database (the same<br />
as the '@' prefix).<br />
<br />
The current servicename is substituted for _�%_�S. This is useful in<br />
the [homes] section.<br />
<br />
Default: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = # no invalid users<br />
<br />
Example: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = root fred admin @wheel</div>Woozle