smb.conf/manpage/2006/parameters/W
< smb.conf | manpage | 2006 | parameters
Jump to navigation
Jump to search
wide links (S)
This parameter controls whether or not links in the UNIX file
system may be followed by the server. Links that point to areas
within the directory tree exported by the server are always
allowed; this parameter controls access only to areas that are
outside the directory tree being exported.
Note that setting this parameter can have a negative effect on
your server performance due to the extra system calls that Samba
has to do in order to perform the link checks.
Default: _�w_�i_�d_�e _�l_�i_�n_�k_�s = yes
winbind cache time (G)
This parameter specifies the number of seconds the w�wi�in�nb�bi�in�nd�dd�d(8)
daemon will cache user and group information before querying a
Windows NT server again.
N�No�ot�te�e
This does not apply to authentication requests, these are always
evaluated in real time.
Default: _�w_�i_�n_�b_�i_�n_�d _�c_�a_�c_�h_�e _�t_�i_�m_�e = 300
winbind enable local accounts (G)
This parameter controls whether or not winbindd will act as a
stand in replacement for the various account management hooks in
smb.conf (e.g. 'add user script'). If enabled, winbindd will
support the creation of local users and groups as another source
of UNIX account information available via getpwnam() or get-
grgid(), etc...
Default: _�w_�i_�n_�b_�i_�n_�d _�e_�n_�a_�b_�l_�e _�l_�o_�c_�a_�l _�a_�c_�c_�o_�u_�n_�t_�s = no
winbind enum groups (G)
On large installations using w�wi�in�nb�bi�in�nd�dd�d(8) it may be necessary to
suppress the enumeration of groups through the s�se�et�tg�gr�re�en�nt�t(�()�),g�ge�et�t-�-
g�gr�re�en�nt�t(�()�) ande�en�nd�dg�gr�re�en�nt�t(�()�) group of system calls. If the _�w_�i_�n_�b_�i_�n_�d _�e_�n_�u_�m
_�g_�r_�o_�u_�p_�s parameter isn�no�o, calls to the g�ge�et�tg�gr�re�en�nt�t(�()�) system call will
not return any data.
W�Wa�ar�rn�ni�in�ng�g
Turning off group enumeration may cause some programs to behave
oddly.
Default: _�w_�i_�n_�b_�i_�n_�d _�e_�n_�u_�m _�g_�r_�o_�u_�p_�s = yes
winbind enum users (G)
On large installations using w�wi�in�nb�bi�in�nd�dd�d(8) it may be necessary to
suppress the enumeration of users through the s�se�et�tp�pw�we�en�nt�t(�()�),g�ge�et�tp�p-�-
w�we�en�nt�t(�()�) ande�en�nd�dp�pw�we�en�nt�t(�()�) group of system calls. If the _�w_�i_�n_�b_�i_�n_�d _�e_�n_�u_�m
_�u_�s_�e_�r_�s parameter isn�no�o, calls to the g�ge�et�tp�pw�we�en�nt�t system call will not
return any data.
W�Wa�ar�rn�ni�in�ng�g
Turning off user enumeration may cause some programs to behave
oddly. For example, the finger program relies on having access
to the full user list when searching for matching usernames.
Default: _�w_�i_�n_�b_�i_�n_�d _�e_�n_�u_�m _�u_�s_�e_�r_�s = yes
winbind nested groups (G)
If set to yes, this parameter activates the support for nested
groups. Nested groups are also called local groups or aliases.
They work like their counterparts in Windows: Nested groups are
defined locally on any machine (they are shared between DC's
through their SAM) and can contain users and global groups from
any trusted SAM. To be able to use nested groups, you need to
run nss_winbind.
Please note that per 3.0.3 this is a new feature, so handle with
care.
Default: _�w_�i_�n_�b_�i_�n_�d _�n_�e_�s_�t_�e_�d _�g_�r_�o_�u_�p_�s = no
winbind separator (G)
This parameter allows an admin to define the character used when
listing a username of the form of _�D_�O_�M_�A_�I_�N \_�u_�s_�e_�r. This parameter
is only applicable when using the _�p_�a_�m_�__�w_�i_�n_�b_�i_�n_�d_�._�s_�o and _�n_�s_�s_�__�w_�i_�n_�-
_�b_�i_�n_�d_�._�s_�o modules for UNIX services.
Please note that setting this parameter to + causes problems
with group membership at least on glibc systems, as the charac-
ter + is used as a special character for NIS in /etc/group.
Default: _�w_�i_�n_�b_�i_�n_�d _�s_�e_�p_�a_�r_�a_�t_�o_�r = '\'
Example: _�w_�i_�n_�b_�i_�n_�d _�s_�e_�p_�a_�r_�a_�t_�o_�r = +
winbind trusted domains only (G)
This parameter is designed to allow Samba servers that are mem-
bers of a Samba controlled domain to use UNIX accounts dis-
tributed via NIS, rsync, or LDAP as the uid's for winbindd users
in the hosts primary domain. Therefore, the user DOMAIN\user1
would be mapped to the account user1 in /etc/passwd instead of
allocating a new uid for him or her.
Default: _�w_�i_�n_�b_�i_�n_�d _�t_�r_�u_�s_�t_�e_�d _�d_�o_�m_�a_�i_�n_�s _�o_�n_�l_�y = no
winbind use default domain (G)
This parameter specifies whether thew�wi�in�nb�bi�in�nd�dd�d(8) daemon should
operate on users without domain component in their username.
Users without a domain component are treated as is part of the
winbindd server's own domain. While this does not benifit Win-
dows users, it makes SSH, FTP and e-mail function in a way much
closer to the way they would in a native unix system.
Default: _�w_�i_�n_�b_�i_�n_�d _�u_�s_�e _�d_�e_�f_�a_�u_�l_�t _�d_�o_�m_�a_�i_�n = no
Example: _�w_�i_�n_�b_�i_�n_�d _�u_�s_�e _�d_�e_�f_�a_�u_�l_�t _�d_�o_�m_�a_�i_�n = yes
wins hook (G)
When Samba is running as a WINS server this allows you to call
an external program for all changes to the WINS database. The
primary use for this option is to allow the dynamic update of
external name resolution databases such as dynamic DNS.
The wins hook parameter specifies the name of a script or exe-
cutable that will be called as follows:
w�wi�in�ns�s_�_h�ho�oo�ok�k o�op�pe�er�ra�at�ti�io�on�n n�na�am�me�e n�na�am�me�et�ty�yp�pe�e t�tt�tl�l I�IP�P_�_l�li�is�st�t
· The first argument is the operation and is one of "add",
"delete", or "refresh". In most cases the operation can be
ignored as the rest of the parameters provide sufficient
information. Note that "refresh" may sometimes be called when
the name has not previously been added, in that case it
should be treated as an add.
· The second argument is the NetBIOS name. If the name is not a
legal name then the wins hook is not called. Legal names con-
tain only letters, digits, hyphens, underscores and periods.
· The third argument is the NetBIOS name type as a 2 digit hex-
adecimal number.
· The fourth argument is the TTL (time to live) for the name in
seconds.
· The fifth and subsequent arguments are the IP addresses cur-
rently registered for that name. If this list is empty then
the name should be deleted.
An example script that calls the BIND dynamic DNS update program n�ns�su�up�p-�-
d�da�at�te�e is provided in the examples directory of the Samba source code.
N�No�o d�de�ef�fa�au�ul�lt�t
wins proxy (G)
This is a boolean that controls if n�nm�mb�bd�d(8) will respond to
broadcast name queries on behalf of other hosts. You may need to
set this to y�ye�es�s for some older clients.
Default: _�w_�i_�n_�s _�p_�r_�o_�x_�y = no
wins server (G)
This specifies the IP address (or DNS name: IP address for pref-
erence) of the WINS server that n�nm�mb�bd�d(8) should register with. If
you have a WINS server on your network then you should set this
to the WINS server's IP.
You should point this at your WINS server if you have a
multi-subnetted network.
If you want to work in multiple namespaces, you can give every
wins server a 'tag'. For each tag, only one (working) server
will be queried for a name. The tag should be separated from the
ip address by a colon.
N�No�ot�te�e
You need to set up Samba to point to a WINS server if you have
multiple subnets and wish cross-subnet browsing to work cor-
rectly.
See the ???.
Default: _�w_�i_�n_�s _�s_�e_�r_�v_�e_�r =
Example: _�w_�i_�n_�s _�s_�e_�r_�v_�e_�r = mary:192.9.200.1 fred:192.168.3.199
mary:192.168.2.61 # For this example when querying a certain name,
192.19.200.1 will be asked first and if that doesn't respond
192.168.2.61. If either of those doesn't know the name 192.168.3.199
will be queried.
Example: _�w_�i_�n_�s _�s_�e_�r_�v_�e_�r = 192.9.200.1 192.168.2.61
wins support (G)
This boolean controls if the n�nm�mb�bd�d(8) process in Samba will act
as a WINS server. You should not set this to y�ye�es�s unless you have
a multi-subnetted network and you wish a particular n�nm�mb�bd�d to be
your WINS server. Note that you should N�NE�EV�VE�ER�R set this to y�ye�es�s on
more than one machine in your network.
Default: _�w_�i_�n_�s _�s_�u_�p_�p_�o_�r_�t = no
workgroup (G)
This controls what workgroup your server will appear to be in
when queried by clients. Note that this parameter also controls
the Domain name used with the s�se�ec�cu�ur�ri�it�ty�y =�= d�do�om�ma�ai�in�n setting.
Default: _�w_�o_�r_�k_�g_�r_�o_�u_�p = WORKGROUP
Example: _�w_�o_�r_�k_�g_�r_�o_�u_�p = MYGROUP
writable
This parameter is a synonym for writeable.
writeable (S)
Inverted synonym for _�r_�e_�a_�d _�o_�n_�l_�y.
N�No�o d�de�ef�fa�au�ul�lt�t
write cache size (S)
If this integer parameter is set to non-zero value, Samba will
create an in-memory cache for each oplocked file (it does n�no�ot�t do
this for non-oplocked files). All writes that the client does
not request to be flushed directly to disk will be stored in
this cache if possible. The cache is flushed onto disk when a
write comes in whose offset would not fit into the cache or when
the file is closed by the client. Reads for the file are also
served from this cache if the data is stored within it.
This cache allows Samba to batch client writes into a more effi-
cient write size for RAID disks (i.e. writes may be tuned to be
the RAID stripe size) and can improve performance on systems
where the disk subsystem is a bottleneck but there is free mem-
ory for userspace programs.
The integer parameter specifies the size of this cache (per
oplocked file) in bytes.
Default: _�w_�r_�i_�t_�e _�c_�a_�c_�h_�e _�s_�i_�z_�e = 0
Example: _�w_�r_�i_�t_�e _�c_�a_�c_�h_�e _�s_�i_�z_�e = 262144 # for a 256k cache size per
file
write list (S)
This is a list of users that are given read-write access to a
service. If the connecting user is in this list then they will
be given write access, no matter what the _�r_�e_�a_�d _�o_�n_�l_�y option is
set to. The list can include group names using the @group syn-
tax.
Note that if a user is in both the read list and the write list
then they will be given write access.
Default: _�w_�r_�i_�t_�e _�l_�i_�s_�t =
Example: _�w_�r_�i_�t_�e _�l_�i_�s_�t = admin, root, @staff
write raw (G)
This parameter controls whether or not the server will support
raw write SMB's when transferring data from clients. You should
never need to change this parameter.
Default: _�w_�r_�i_�t_�e _�r_�a_�w = yes
wtmp directory (G)
This parameter is only available if Samba has been configured
and compiled with the option -�--�-w�wi�it�th�h-�-u�ut�tm�mp�p. It specifies a direc-
tory pathname that is used to store the wtmp or wtmpx files
(depending on the UNIX system) that record user connections to a
Samba server. The difference with the utmp directory is the fact
that user info is kept after a user has logged out.
By default this is not set, meaning the system will use whatever
utmp file the native system is set to use (usually_�/_�v_�a_�r_�/_�r_�u_�n_�/_�w_�t_�m_�p
on Linux).
Default: _�w_�t_�m_�p _�d_�i_�r_�e_�c_�t_�o_�r_�y =
Example: _�w_�t_�m_�p _�d_�i_�r_�e_�c_�t_�o_�r_�y = /var/log/wtmp