from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< smb.conf‎ | manpage‎ | 2006‎ | parameters
Jump to: navigation, search

idmap backend

      idmap backend (G)
             The  purpose of the idmap backend parameter is to allow idmap to
             NOT use the local idmap tdb file to obtain SID to UID / GID map-
             pings,  but  instead  to obtain them from a common LDAP backend.
             This way all domain members and controllers will have  the  same
             UID  and  GID to SID mappings. This avoids the risk of UID / GID
             inconsistencies across UNIX / Linux  systems  that  are  sharing
             information over protocols other than SMB/CIFS (ie: NFS).
             An  alternate method of SID to UID / GID mapping can be achieved
             using the idmap_rid plug-in. This plug-in uses the  account  RID
             to  derive  the  UID  and  GID by adding the RID to a base value
             specified.  This  utility  requires  that  the  parameter``a�al�ll�lo�ow�w
             t�tr�ru�us�st�te�ed�d  d�do�om�ma�ai�in�ns�s =�= N�No�o must be specified, as it is not compati-
             ble with multiple domain environments. The idmap uid  and  idmap
             gid ranges must also be specified.
             Default: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d =
             Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = ldap:ldap://
             Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = idmap_rid:DOMNAME=1000-100000000

idmap gid

      winbind gid
             This parameter is a synonym for idmap gid.

      idmap gid (G)
             The  idmap  gid  parameter specifies the range of group ids that
             are allocated for the purpose of mapping UNX groups to NT  group
             SIDs.  This  range of group ids should have no existing local or
             NIS groups within it as strange conflicts can occur otherwise.
             The availability of an idmap gid range is essential for  correct
             operation of all group mapping.
             Default: _�i_�d_�m_�a_�p _�g_�i_�d =
             Example: _�i_�d_�m_�a_�p _�g_�i_�d = 10000-20000

idmap uid

      winbind uid
             This parameter is a synonym for idmap uid.

      idmap uid (G)
             The idmap uid parameter specifies the range of user ids that are
             allocated for use in mapping UNIX users to NT  user  SIDs.  This
             range  of  ids should have no existing local or NIS users within
             it as strange conflicts can occur otherwise.
             Default: _�i_�d_�m_�a_�p _�u_�i_�d =
             Example: _�i_�d_�m_�a_�p _�u_�i_�d = 10000-20000


      include (G)
             This allows you to include one config file inside  another.  The
             file is included literally, as though typed in place.
             It takes the standard substitutions, except _�%_�u , _�%_�P and _�%_�S.
             Default: _�i_�n_�c_�l_�u_�d_�e =
             Example: _�i_�n_�c_�l_�u_�d_�e = /usr/local/samba/lib/admin_smb.conf

inherit acls

      inherit acls (S)
             This  parameter can be used to ensure that if default acls exist
             on parent directories, they are always honored when  creating  a
             subdirectory.  The default behavior is to use the mode specified
             when creating the directory. Enabling this option sets the  mode
             to 0777, thus guaranteeing that default directory acls are prop-
             Default: _�i_�n_�h_�e_�r_�i_�t _�a_�c_�l_�s = no

inherit permissions

      inherit permissions (S)
             The permissions on new files and directories are  normally  gov-
             erned  by   _�c_�r_�e_�a_�t_�e  _�m_�a_�s_�k,  _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k, _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e and
             _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e but the boolean inherit permissions parame-
             ter overrides this.
             New  directories  inherit  the  mode  of  the  parent directory,
             including bits such as setgid.
             New files inherit their read/write bits from the  parent  direc-
             tory.  Their  execute  bits  continue  to  be  determined by _�m_�a_�p
             _�a_�r_�c_�h_�i_�v_�e, _�m_�a_�p _�h_�i_�d_�d_�e_�n and _�m_�a_�p _�s_�y_�s_�t_�e_�m as usual.
             Note that the setuid bit is n�ne�ev�ve�er�r set via inheritance (the  code
             explicitly prohibits this).
             This  can  be  particularly  useful  on  large systems with many
             users, perhaps several thousand, to allow a single [homes] share
             to be used flexibly by each user.
             Default: _�i_�n_�h_�e_�r_�i_�t _�p_�e_�r_�m_�i_�s_�s_�i_�o_�n_�s = no


      interfaces (G)
             This  option  allows  you to override the default network inter-
             faces list that Samba will use for browsing,  name  registration
             and  other  NBT  traffic. By default Samba will query the kernel
             for the list of all active interfaces  and  use  any  interfaces
             except that are broadcast capable.
             The option takes a list of interface strings. Each string can be
             in any of the following forms:

             ·  a network interface name (such as  eth0).  This  may  include
                shell-like  wildcards so eth* will match any interface start-
                ing with the substring "eth"
             ·  an IP address. In this case the netmask  is  determined  from
                the list of interfaces obtained from the kernel
             ·  an IP/mask pair.
             ·  a broadcast/mask pair.
      The  "mask"  parameters  can either be a bit length (such as 24 for a C
      class network) or a full netmask in dotted decimal form.
      The "IP" parameters above can  either  be  a  full  dotted  decimal  IP
      address or a hostname which will be looked up via the OS's normal host-
      name resolution mechanisms.
      Default: _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s = # all active interfaces except that are
      broadcast capable
      Example:  _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s  = # This would configure three network interfaces
      corresponding to the eth0 device  and  IP  addresses  and The netmasks of the latter two interfaces would be set to eth0

invalid users

      invalid users (S)
             This is a list of users that should not be allowed to  login  to
             this  service.  This  is  really  a p�pa�ar�ra�an�no�oi�id�d check to absolutely
             ensure an improper setting does not breach your security.
             A name starting with a '@' is interpreted  as  an  NIS  netgroup
             first (if your system supports NIS), and then as a UNIX group if
             the name was not found in the NIS netgroup database.
             A name starting with '+' is interpreted only by looking  in  the
             UNIX  group  database.  A  name starting with '&' is interpreted
             only by looking in the NIS netgroup database (this requires  NIS
             to be working on your system). The characters '+' and '&' may be
             used at the start of the name  in  either  order  so  the  value
             _�+_�&_�g_�r_�o_�u_�p means check the UNIX group database, followed by the NIS
             netgroup database, and the value _�&_�+_�g_�r_�o_�u_�p  means  check  the  NIS
             netgroup database, followed by the UNIX group database (the same
             as the '@' prefix).
             The current servicename is substituted for _�%_�S. This is useful in
             the [homes] section.
             Default: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = # no invalid users
             Example: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = root fred admin @wheel