from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< smb.conf‎ | manpage‎ | 2006‎ | parameters
Jump to: navigation, search
abort shutdown script (G)
This parameter only exists in the HEAD cvs branch This a full path name to a script called by smbd(8) that should stop a shutdown procedure issued by the shutdown script.
  • This command will be run as user.
  • Default: abort shutdown script =
  • Example: abort shutdown script = /sbin/shutdown -c
acl compatibility (S)
This parameter specifies what OS ACL semantics should be compatible with. Possible values are winnt for Windows NT 4,win2k for Windows 2000 and above and auto. If you specify auto, the value for this parameter will be based upon the version of the client. There should be no reason to change this parameter from the default.
  • Default: acl compatibility = Auto
  • Example: acl compatibility = win2k
add group script (G)
This is the full pathname to a script that will be runAS ROOT by smbd(8) when a new group is requested. It will expand any  %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. The script is free to create a group with an arbitrary name to circumvent unix group name restrictions. In that case the script must print the numeric gid of the created group on stdout.
  • No default
add machine script (G)
This is the full pathname to a script that will be run bysmbd(8) when a machine is added to it's domain using the administrator username and password method.
  • This option is only required when using sam back-ends tied to the Unix uid method of RID calculation such as smbpasswd. This option is only available in Samba 3.0.
  • Default: add machine script =
  • Example: add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
addprinter command (G)
With the introduction of MS-RPC based printing support for Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon is now also available in the "Printers..." folder displayed a share listing. The APW allows for printers to be add remotely to a Samba or Windows NT/2000 print server.
  • For a Samba host this means that the printer must be physically added to the underlying printing system. The add printer command defines a script to be run which will perform the necessary operations for adding the printer to the print system and to add the appropriate service definition to the smb.conf file in order that it can be shared by smbd(8).
  • The addprinter command is automatically invoked with the following parameter (in order):
    • printer name
    • share name
    • port name
    • driver name
    • location
    • Windows 9x driver location
  • All parameters are filled in from the PRINTER_INFO_2 structure sent by the Windows NT/2000 client with one exception. The "Windows 9x driver location" parameter is included for backwards compatibility only. The remaining fields in the structure are generated from answers to the APW questions.
  • Once the addprinter command has been executed, smbd will reparse the smb.conf to determine if the share defined by the APW exists. If the sharename is still invalid, then smbd will return an ACCESS_DENIED error to the client.
  • The "add printer command" program can output a single line of text, which Samba will set as the port the new printer is connected to. If this line isn't output, Samba won't reload its printer shares.
  • Default: addprinter command =
  • Example: addprinter command = /usr/bin/addprinter
add share command (G)
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. Theadd share command is used to define an external program or script which will add a new service definition to smb.conf. In order to successfully execute the add share command, smbd requires that the administrator be connected using a root account (i.e. uid == 0).
  • When executed, smbd will automatically invoke theadd share command with four parameters.
    • configFile - the location of the global smb.conf file.
    • shareName - the name of the new share.
    • pathName - path to an existing directory on disk.
    • comment - comment string to associate with the new share.
  • This parameter is only used for add file shares. To add printer shares, see the addprinter command.
  • Default: add share command =
  • Example: add share command = /usr/local/bin/addshare
add user script (G)
This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances described below.
  • Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX usersON DEMAND when a user accesses the Samba server.
  • In order to use this option, smbd(8) must NOT be set to security = share and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of %u, which expands into the UNIX user name to create.
  • When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, smbd(8) contacts the password server and attempts to authenticate the given user with the given password. If the authentication succeeds then smbd attempts to find a UNIX user in the UNIX password database to map the Windows user into. If this lookup fails, and add user script is set then smbd will call the specified script AS ROOT, expanding any %u argument to be the user name to create.
  • If this script successfully creates the user then smbd will continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts.
  • See also: security, password server, delete user script.
  • Default: add user script =
  • Example: add user script = /usr/local/samba/bin/add_user %u
add user to group script (G)
Full path to the script that will be called when a user is added to a group using the Windows NT domain administration tools. It will be run by smbd(8)AS ROOT. Any %g will be replaced with the group name and any %u will be replaced with the user name.
  • Note that the adduser command used in the example below does not support the used syntax on all systems.
  • Default: add user to group script =
  • Example: add user to group script = /usr/sbin/adduser %u %g
admin users (S)
This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root).
  • You should use this option very carefully, as any user in this list will be able to do anything they like on the share, irrespective of file permissions.
  • Default: admin users =
  • Example: admin users = jason
afs share (S)
This parameter controls whether special AFS features are enabled for this share. If enabled, it assumes that the directory exported via the path parameter is a local AFS import. The special AFS features include the attempt to hand-craft an AFS token if you enabled --with-fake-kaserver in configure.
  • Default: afs share = no
afs username map (G)
If you are using the fake kaserver AFS feature, you might want to hand-craft the usernames you are creating tokens for. For example this is necessary if you have users from several domain in your AFS Protection Database. One possible scheme to code users as DOMAIN+User as it is done by winbind with the + as a separator.
  • The mapped user name must contain the cell name to log into, so without setting this parameter there will be no token.
  • Default: afs username map =
  • Example: afs username map =
algorithmic rid base (G)
This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers.
  • Setting this option to a larger value could be useful to sites transitioning from WinNT and Win2k, as existing user and group rids would otherwise clash with sytem users etc.
  • All UIDs and GIDs must be able to be resolved into SIDs for the correct operation of ACLs on the server. As such the algorithmic mapping can't be "turned off", but pushing it "out of the way" should resolve the issues. Users and groups can then be assigned "low" RIDs in arbitary-rid supporting backends.
  • Default: algorithmic rid base = 1000
  • Example: algorithmic rid base = 100000
allow trusted domains (G)
This option only takes effect when the security option is set to server or domain. If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication.
  • This is useful if you only want your Samba server to serve resources to users in the domain it is a member of. As an example, suppose that there are two domains DOMA and DOMB. DOMB is trusted by DOMA, which contains the Samba server. Under normal circumstances, a user with an account in DOMB can then access the resources of a UNIX account with the same account name on the Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.
  • Default: allow trusted domains = yes
announce as (G)
This specifies what type of server nmbd(8) will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, Windows NT Workstation, Windows 95 and Windows for Workgroups respectively. Do not change this parameter unless you have a specific need to stop Samba appearing as an NT server as this may prevent Samba servers from participating as browser servers correctly.
  • Default: announce as = NT Server
  • Example: announce as = Win95
announce version (G)
This specifies the major and minor version numbers that nmbd will use when announcing itself as a server. The default is 4.9. Do not change this parameter unless you have a specific need to set a Samba server to be a downlevel server.
  • Default: announce version = 4.9
  • Example: announce version = 2.0
auth methods (G)
This option allows the administrator to chose what authentication methods smbd will use when authenticating a user. This option defaults to sensible values based on security. This should be considered a developer option and used only in rare circumstances. In the majority (if not all) of production servers, the default setting should be adequate.
  • Each entry in the list attempts to authenticate the user in turn, until the user authenticates. In practice only one method will ever actually be able to complete the authentication.
  • Possible options include guest (anonymous access), sam (lookups in local list of accounts based on netbios name or domain name), winbind (relay authentication requests for remote users through winbindd), ntdomain (pre-winbindd method of authentication for remote domain users; deprecated in favour of winbind method), trustdomain (authenticate trusted users by contacting the remote DC directly from smbd; deprecated in favour of winbind method).
  • Default: auth methods =
  • Example: auth methods = guest sam winbind
available (S)
This parameter lets you "turn off" a service. If available = no, then ALL attempts to connect to the service will fail. Such failures are logged.
  • Default: available = yes