from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< smb.conf‎ | manpage‎ | 2006‎ | parameters
Jump to: navigation, search


deadtime (G)
The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead and is disconnected. The deadtime only takes effect if the number of open files is zero.
  • This is useful to stop a server's resources being exhausted by a large number of inactive connections.
  • Most clients have an auto-reconnect feature when a connection is broken so in most cases this parameter should be transparent to users.
  • Using this parameter with a timeout of a few minutes is recommended for most systems.
  • A deadtime of zero indicates that no auto-disconnection should be performed.
  • Default: deadtime = 0
  • Example: deadtime = 15
debug hires timestamp (G)
Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp message header when turned on.
  • Note that the parameter debug timestamp must be on for this to have an effect.
  • Default: debug hires timestamp = no

debug pid

debug pid (G)
When using only one log file for more then one forked smbd(8)-process there may be hard to follow which process outputs which message.
  • This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on.
  • Note that the parameter debug timestamp must be on for this to have an effect.
  • Default: debug pid = no

debug timestamp

timestamp logs
This parameter is a synonym for debug timestamp.
debug timestamp (G)
Samba debug log messages are timestamped by default. If you are running at a high debug level these timestamps can be distracting. This boolean parameter allows timestamping to be turned off.
  • Default: debug timestamp = yes
debug uid (G)
Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
  • Note that the parameter debug timestamp must be on for this to have an effect.
  • Default: debug uid = no
default case (S)
See the section on NAME MANGLING. Also note the short preserve case parameter.
  • Default: default case = lower

default devmode

default devmode (S)
This parameter is only applicable to printable services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba server has a Device Mode which defines things such as paper size and orientation and duplex settings. The device mode can only correctly be generated by the printer driver itself (which can only be executed on a Win32 platform). Because smbd is unable to execute the driver code to generate the device mode, the default behavior is to set this field to NULL.
  • Most problems with serving printer drivers to Windows NT/2k/XP clients can be traced to a problem with the generated device mode. Certain drivers will do things such as crashing the client's Explorer.exe with a NULL devmode. However, other printer drivers can cause the client's spooler service (spoolsv.exe) to die if the devmode was not created by the driver itself (i.e. smbd generates a default devmode).
  • This parameter should be used with care and tested with the printer driver in question. It is better to leave the device mode to NULL and let the Windows client set the correct values. Because drivers do not do this all the time, setting default devmode = yes will instruct smbd to generate a default one.
  • For more information on Windows NT/2k printing and Device Modes, see the MSDN documentation.
  • Default: default devmode = no

default service

This parameter is a synonym for default service.
default service (G)
This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are NOT given in the parameter value (see example below).
  • There is no default value for this parameter. If this parameter is not given, attempting to connect to a nonexistent service results in an error.
  • Typically the default service would be a guest ok, read-only service.
  • Also note that the apparent service name will be changed to equal that of the requested service, this is very useful as it allows you to use macros like %S to make a wildcard service.
  • Note also that any "_" characters in the name of the service used in the default service will get mapped to a "/". This allows for interesting things.
  • Default: default service =
  • Example: default service = pub

defer sharing violations

defer sharing violations (G)
Windows allows specifying how a file will be shared with other processes when it is opened. Sharing violations occur when a file is opened by a different process using options that violate the share settings specified by other processes. This parameter causes smbd to act as a Windows server does, and defer returning a "sharing violation" error message for up to one second, allowing the client to close the file causing the violation in the meantime.
  • Unix by default does not have this behaviour.
  • There should be no reason to turn off this parameter, as it is designed to enable Samba to more correctly emulate Windows.
  • Default: defer sharing violations = True

delete group script

delete group script (G)
This is the full pathname to a script that will be run AS ROOT smbd(8) when a group is requested to be deleted. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
  • Default: delete group script =


deleteprinter command (G)
With the introduction of MS-RPC based printer support for Windows NT/2000 clients in Samba 2.2, it is now possible to delete printer at run time by issuing the DeletePrinter() RPC call.
  • For a Samba host this means that the printer must be physically deleted from underlying printing system. The deleteprinter command defines a script to be run which will perform the necessary operations for removing the printer from the print system and from smb.conf.
  • The deleteprinter command is automatically called with only one parameter: "printer name".
  • Once the deleteprinter command has been executed, smbd will reparse the smb.conf to associated printer no longer exists. If the sharename is still valid, then smbd will return an ACCESS_DENIED error to the client.
  • Default: deleteprinter command =
  • Example: deleteprinter command = /usr/bin/removeprinter
delete readonly (S)
This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.
  • This option may be useful for running applications such as rcs, where UNIX file ownership prevents changing file permissions, and DOS semantics prevent deletion of a read only file.
  • Default: delete readonly = no

delete share command

      delete share command (G)
             Samba 2.2.0 introduced the ability to dynamically add and delete
             shares via the Windows NT 4.0 Server  Manager.  The_�d_�e_�l_�e_�t_�e  _�s_�h_�a_�r_�e
             _�c_�o_�m_�m_�a_�n_�d  is  used  to define an external program or script which
             will remove an existing service  definition  from  _�s_�m_�b_�._�c_�o_�n_�f.  In
             order  to  successfully  execute  the _�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e _�c_�o_�m_�m_�a_�n_�d, s�sm�mb�bd�d
             requires that  the  administrator  be  connected  using  a  root
             account (i.e. uid == 0).
             When  executed,  s�sm�mb�bd�d  will automatically invoke the_�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e
             _�c_�o_�m_�m_�a_�n_�d with two parameters.

             ·  _�c_�o_�n_�f_�i_�g_�F_�i_�l_�e - the location of the global _�s_�m_�b_�._�c_�o_�n_�f file.
             ·  _�s_�h_�a_�r_�e_�N_�a_�m_�e - the name of the existing service.
      This parameter is only used to remove file shares.  To  delete  printer
      shares, see the _�d_�e_�l_�e_�t_�e_�p_�r_�i_�n_�t_�e_�r _�c_�o_�m_�m_�a_�n_�d.
      Default: _�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e _�c_�o_�m_�m_�a_�n_�d =
      Example: _�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e _�c_�o_�m_�m_�a_�n_�d = /usr/local/bin/delshare

delete user from group script

      delete user from group script (G)
             Full  path  to  the  script  that  will be called when a user is
             removed from a group using the Windows NT domain  administration
             tools.  It  will  be  run  by  s�sm�mb�bd�d(8)   A�AS�S R�RO�OO�OT�T. Any _�%_�g will be
             replaced with the group name and any _�%_�u will  be  replaced  with
             the user name.
             Default: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�f_�r_�o_�m _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t =
             Example: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�f_�r_�o_�m _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t = /usr/sbin/deluser %u %g

delete user script

      delete user script (G)
             This is the full pathname to  a  script  that  will  be  run  by
             s�sm�mb�bd�d(8) when managing users with remote RPC (NT) tools.
             This  script  is called when a remote client removes a user from
             the server, normally using 'User  Manager  for  Domains'  orr�rp�pc�c-�-
             This script should delete the given UNIX username.
             Default: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�s_�c_�r_�i_�p_�t =
             Example: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�s_�c_�r_�i_�p_�t = /usr/local/samba/bin/del_user %u

delete veto files

      delete veto files (S)
             This  option is used when Samba is attempting to delete a direc-
             tory that contains one or more vetoed directories (see the  _�v_�e_�t_�o
             _�f_�i_�l_�e_�s option). If this option is set to n�no�o (the default) then if
             a vetoed directory contains any non-vetoed files or  directories
             then  the  directory  delete will fail. This is usually what you
             If this option is set to y�ye�es�s, then Samba will attempt to  recur-
             sively delete any files and directories within the vetoed direc-
             tory. This can be useful for integration with file serving  sys-
             tems such as NetAtalk which create meta-files within directories
             you might normally veto  DOS/Windows  users  from  seeing  (e.g.
             Setting  d�de�el�le�et�te�e  v�ve�et�to�o f�fi�il�le�es�s =�= y�ye�es�s allows these directories to be
             transparently deleted when the parent directory is  deleted  (so
             long as the user has permissions to do so).
             Default: _�d_�e_�l_�e_�t_�e _�v_�e_�t_�o _�f_�i_�l_�e_�s = no

dfree command

      dfree command (G)
             The _�d_�f_�r_�e_�e _�c_�o_�m_�m_�a_�n_�d setting should only be used on systems where a
             problem occurs with the internal disk space  calculations.  This
             has  been  known to happen with Ultrix, but may occur with other
             operating systems. The symptom that was seen  was  an  error  of
             "Abort Retry Ignore" at the end of each directory listing.
             This  setting allows the replacement of the internal routines to
             calculate the total disk space  and  amount  available  with  an
             external routine. The example below gives a possible script that
             might fulfill this function.
             The external program will be passed a single parameter  indicat-
             ing a directory in the filesystem being queried. This will typi-
             cally consist of the string _�._�/. The  script  should  return  two
             integers  in  ASCII. The first should be the total disk space in
             blocks, and the second should be the number of available blocks.
             An optional third return value can give the block size in bytes.
             The default blocksize is 1024 bytes.
             Note: Your script should N�NO�OT�T be setuid or setgid and  should  be
             owned by (and writeable only by) root!
             Where the script dfree (which must be made executable) could be:

             df $1 | tail -1 | awk '{print $2" "$4}'

             or perhaps (on Sys V based systems):

             /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'

             Note that you may have to replace the command  names  with  full
             path names on some systems.
             Default:  _�d_�f_�r_�e_�e  _�c_�o_�m_�m_�a_�n_�d  =  #  By default internal routines for
             determining the disk capacity and remaining space will be  used.
             Example: _�d_�f_�r_�e_�e _�c_�o_�m_�m_�a_�n_�d = /usr/local/samba/bin/dfree

directory mask

      directory mode
             This parameter is a synonym for directory mask.

      directory mask (S)
             This parameter is the octal modes which are used when converting
             DOS modes to UNIX modes when creating UNIX directories.
             When a directory  is  created,  the  necessary  permissions  are
             calculated  according to the mapping from DOS modes to UNIX per-
             missions, and the resulting UNIX mode is then  bit-wise  'AND'ed
             with  this  parameter.  This  parameter  may  be thought of as a
             bit-wise MASK for the UNIX modes of a directory. Any bit n�no�ot�t set
             here  will  be removed from the modes set on a directory when it
             is created.
             The default value of this  parameter  removes  the  'group'  and
             'other'  write  bits  from the UNIX mode, allowing only the user
             who owns the directory to modify it.
             Following this Samba will bit-wise 'OR' the  UNIX  mode  created
             from  this  parameter with the value of the _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e
             parameter. This parameter is set to  000  by  default  (i.e.  no
             extra mode bits are added).
             Note  that  this  parameter does not apply to permissions set by
             Windows NT/2000 ACL editors.  If  the  administrator  wishes  to
             enforce  a  mask  on access control lists also, they need to set
             the _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k.
             Default: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k = 0755
             Example: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k = 0775

directory security mask

      directory security mask (S)
             This parameter controls what UNIX permission bits can  be  modi-
             fied  when  a Windows NT client is manipulating the UNIX permis-
             sion on a directory using the native NT security dialog box.
             This parameter is applied as a mask (AND'ed with) to the changed
             permission  bits, thus preventing any bits not in this mask from
             being modified. Essentially, zero  bits  in  this  mask  may  be
             treated as a set of bits the user is not allowed to change.
             If  not  set  explicitly this parameter is set to 0777 meaning a
             user is allowed to modify all the  user/group/world  permissions
             on a directory.
             N�No�ot�te�e  that  users  who can access the Samba server through other
             means can easily bypass this restriction,  so  it  is  primarily
             useful  for  standalone  "appliance"  systems. Administrators of
             most normal systems will  probably  want  to  leave  it  as  the
             default of 0�07�77�77�7.
             Default: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0777
             Example: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0700

disable netbios

      disable netbios (G)
             Enabling  this  parameter will disable netbios support in Samba.
             Netbios is the only available form of browsing  in  all  windows
             versions except for 2000 and XP.

             Clients  that  only  support  netbios  won't be able to see your
             samba server when netbios support is disabled.
      Default: _�d_�i_�s_�a_�b_�l_�e _�n_�e_�t_�b_�i_�o_�s = no

disable spoolss

      disable spoolss (G)
             Enabling this parameter will disable  Samba's  support  for  the
             SPOOLSS  set  of  MS-RPC's  and will yield identical behavior as
             Samba 2.0.x. Windows NT/2000 clients  will  downgrade  to  using
             Lanman style printing commands. Windows 9x/ME will be uneffected
             by the parameter. However, this will also disable the ability to
             upload  printer drivers to a Samba server via the Windows NT Add
             Printer Wizard or by using the NT printer properties dialog win-
             dow.  It  will  also  disable  the capability of Windows NT/2000
             clients to download print  drivers  from  the  Samba  host  upon
             demand. B�Be�e v�ve�er�ry�y c�ca�ar�re�ef�fu�ul�l a�ab�bo�ou�ut�t e�en�na�ab�bl�li�in�ng�g t�th�hi�is�s p�pa�ar�ra�am�me�et�te�er�r.�.
             Default: _�d_�i_�s_�a_�b_�l_�e _�s_�p_�o_�o_�l_�s_�s = no

display charset

      display charset (G)
             Specifies  the  charset that samba will use to print messages to
             stdout and stderr and SWAT will use.  Should  generally  be  the
             same as the u�un�ni�ix�x c�ch�ha�ar�rs�se�et�t.
             Default: _�d_�i_�s_�p_�l_�a_�y _�c_�h_�a_�r_�s_�e_�t = ASCII
             Example: _�d_�i_�s_�p_�l_�a_�y _�c_�h_�a_�r_�s_�e_�t = UTF8

dns proxy

      dns proxy (G)
             Specifies  that n�nm�mb�bd�d(8) when acting as a WINS server and finding
             that a NetBIOS name has not been registered,  should  treat  the
             NetBIOS  name  word-for-word  as a DNS name and do a lookup with
             the DNS server for that name  on  behalf  of  the  name-querying
             Note  that  the  maximum length for a NetBIOS name is 15 charac-
             ters, so the DNS name (or DNS alias) can  likewise  only  be  15
             characters, maximum.
             n�nm�mb�bd�d  spawns  a  second copy of itself to do the DNS name lookup
             requests, as doing a name lookup is a blocking action.
             Default: _�d_�n_�s _�p_�r_�o_�x_�y = yes

domain logons

      domain logons (G)
             If set to y�ye�es�s, the Samba server will serve Windows 95/98  Domain
             logons  for  the _�w_�o_�r_�k_�g_�r_�o_�u_�p it is in. Samba 2.2 has limited capa-
             bility to act as a domain controller for Windows NT  4  Domains.
             For  more details on setting up this feature see the PDC chapter
             of the Samba HOWTO Collection.
             Default: _�d_�o_�m_�a_�i_�n _�l_�o_�g_�o_�n_�s = no

domain master

      domain master (G)
             Tell s�sm�mb�bd�d(8) to enable WAN-wide browse list  collation.  Setting
             this  option causes n�nm�mb�bd�d to claim a special domain specific Net-
             BIOS name that identifies it as a domain master browser for  its
             given  _�w_�o_�r_�k_�g_�r_�o_�u_�p. Local master browsers in the same _�w_�o_�r_�k_�g_�r_�o_�u_�p on
             broadcast-isolated subnets  will  give  this  n�nm�mb�bd�d  their  local
             browse  lists,  and  then ask s�sm�mb�bd�d(8) for a complete copy of the
             browse list for the whole wide  area  network.  Browser  clients
             will  then  contact their local master browser, and will receive
             the domain-wide browse list, instead of just the list for  their
             broadcast-isolated subnet.
             Note  that  Windows  NT  Primary Domain Controllers expect to be
             able to claim this _�w_�o_�r_�k_�g_�r_�o_�u_�p specific special NetBIOS name  that
             identifies  them as domain master browsers for that _�w_�o_�r_�k_�g_�r_�o_�u_�p by
             default (i.e. there is no way to prevent a Windows NT  PDC  from
             attempting to do this). This means that if this parameter is set
             and n�nm�mb�bd�d claims the special name for a _�w_�o_�r_�k_�g_�r_�o_�u_�p before  a  Win-
             dows  NT  PDC  is  able to do so then cross subnet browsing will
             behave strangely and may fail.
             If d�do�om�ma�ai�in�n l�lo�og�go�on�ns�s =�= y�ye�es�s, then the default behavior is  to  enable
             the  _�d_�o_�m_�a_�i_�n  _�m_�a_�s_�t_�e_�r  parameter.  If _�d_�o_�m_�a_�i_�n _�l_�o_�g_�o_�n_�s is not enabled
             (the default  setting),  then  neither  will  _�d_�o_�m_�a_�i_�n  _�m_�a_�s_�t_�e_�r  be
             enabled by default.
             Default: _�d_�o_�m_�a_�i_�n _�m_�a_�s_�t_�e_�r = auto

dont descend

      dont descend (S)
             There  are  certain directories on some systems (e.g., the _�/_�p_�r_�o_�c
             tree under Linux) that are either not of interest to clients  or
             are  infinitely  deep  (recursive). This parameter allows you to
             specify a comma-delimited list of directories  that  the  server
             should always show as empty.
             Note  that Samba can be very fussy about the exact format of the
             "dont descend" entries. For example you may need  _�._�/_�p_�r_�o_�c instead
             of just _�/_�p_�r_�o_�c. Experimentation is the best policy :-)
             Default: _�d_�o_�n_�t _�d_�e_�s_�c_�e_�n_�d =
             Example: _�d_�o_�n_�t _�d_�e_�s_�c_�e_�n_�d = /proc,/dev

dos charset

      dos charset (G)
             DOS  SMB  clients assume the server has the same charset as they
             do. This option specifies which charset Samba should talk to DOS
             The  default depends on which charsets you have installed. Samba
             tries to use charset 850 but falls back to ASCII in case  it  is
             not available. Run t�te�es�st�tp�pa�ar�rm�m(1) to check the default on your sys-
             N�No�o d�de�ef�fa�au�ul�lt�t

dos filemode

      dos filemode (S)
             The default behavior in Samba is to provide  UNIX-like  behavior
             where  only  the owner of a file/directory is able to change the
             permissions on it. However, this behavior is often confusing  to
             DOS/Windows users. Enabling this parameter allows a user who has
             write access to the file (by whatever means) to modify the  per-
             missions  on  it. Note that a user belonging to the group owning
             the file will not be allowed to change permissions if the  group
             is  only granted read access. Ownership of the file/directory is
             not changed, only the permissions are modified.
             Default: _�d_�o_�s _�f_�i_�l_�e_�m_�o_�d_�e = no

dos filetime resolution

      dos filetime resolution (S)
             Under the DOS and Windows FAT filesystem, the finest granularity
             on  time resolution is two seconds. Setting this parameter for a
             share causes Samba to round the reported time down to the  near-
             est two second boundary when a query call that requires one sec-
             ond resolution is made to s�sm�mb�bd�d(8).
             This option is mainly used as a compatibility option for  Visual
             C++  when used against Samba shares. If oplocks are enabled on a
             share, Visual C++ uses two different time reading calls to check
             if a file has changed since it was last read. One of these calls
             uses a one-second granularity, the other uses a two second gran-
             ularity. As the two second call rounds any odd second down, then
             if the file has a timestamp of an odd number of seconds then the
             two timestamps will not match and Visual C++ will keep reporting
             the file has changed. Setting this option causes the two  times-
             tamps to match, and Visual C++ is happy.
             Default: _�d_�o_�s _�f_�i_�l_�e_�t_�i_�m_�e _�r_�e_�s_�o_�l_�u_�t_�i_�o_�n = no

dos filetimes

      dos filetimes (S)
             Under  DOS  and  Windows, if a user can write to a file they can
             change the timestamp on it.  Under  POSIX  semantics,  only  the
             owner  of the file or root may change the timestamp. By default,
             Samba runs with POSIX semantics and refuses to change the times-
             tamp  on  a  file if the user s�sm�mb�bd�d is acting on behalf of is not
             the file owner. Setting this option to  y�ye�es�s allows DOS semantics
             and s�sm�mb�bd�d(8) will change the file timestamp as DOS requires.
             Default: _�d_�o_�s _�f_�i_�l_�e_�t_�i_�m_�e_�s = no