smb.conf/manpage/2006/parameters/I
< smb.conf | manpage | 2006 | parameters
Jump to navigation
Jump to search
idmap backend
idmap backend (G)
The purpose of the idmap backend parameter is to allow idmap to
NOT use the local idmap tdb file to obtain SID to UID / GID map-
pings, but instead to obtain them from a common LDAP backend.
This way all domain members and controllers will have the same
UID and GID to SID mappings. This avoids the risk of UID / GID
inconsistencies across UNIX / Linux systems that are sharing
information over protocols other than SMB/CIFS (ie: NFS).
An alternate method of SID to UID / GID mapping can be achieved
using the idmap_rid plug-in. This plug-in uses the account RID
to derive the UID and GID by adding the RID to a base value
specified. This utility requires that the parameter``a�al�ll�lo�ow�w
t�tr�ru�us�st�te�ed�d d�do�om�ma�ai�in�ns�s =�= N�No�o must be specified, as it is not compati-
ble with multiple domain environments. The idmap uid and idmap
gid ranges must also be specified.
Default: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d =
Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = ldap:ldap://ldapslave.example.com
Example: _�i_�d_�m_�a_�p _�b_�a_�c_�k_�e_�n_�d = idmap_rid:DOMNAME=1000-100000000
idmap gid
winbind gid
This parameter is a synonym for idmap gid.
idmap gid (G)
The idmap gid parameter specifies the range of group ids that
are allocated for the purpose of mapping UNX groups to NT group
SIDs. This range of group ids should have no existing local or
NIS groups within it as strange conflicts can occur otherwise.
The availability of an idmap gid range is essential for correct
operation of all group mapping.
Default: _�i_�d_�m_�a_�p _�g_�i_�d =
Example: _�i_�d_�m_�a_�p _�g_�i_�d = 10000-20000
idmap uid
winbind uid
This parameter is a synonym for idmap uid.
idmap uid (G)
The idmap uid parameter specifies the range of user ids that are
allocated for use in mapping UNIX users to NT user SIDs. This
range of ids should have no existing local or NIS users within
it as strange conflicts can occur otherwise.
Default: _�i_�d_�m_�a_�p _�u_�i_�d =
Example: _�i_�d_�m_�a_�p _�u_�i_�d = 10000-20000
include
include (G)
This allows you to include one config file inside another. The
file is included literally, as though typed in place.
It takes the standard substitutions, except _�%_�u , _�%_�P and _�%_�S.
Default: _�i_�n_�c_�l_�u_�d_�e =
Example: _�i_�n_�c_�l_�u_�d_�e = /usr/local/samba/lib/admin_smb.conf
inherit acls
inherit acls (S)
This parameter can be used to ensure that if default acls exist
on parent directories, they are always honored when creating a
subdirectory. The default behavior is to use the mode specified
when creating the directory. Enabling this option sets the mode
to 0777, thus guaranteeing that default directory acls are prop-
agated.
Default: _�i_�n_�h_�e_�r_�i_�t _�a_�c_�l_�s = no
inherit permissions
inherit permissions (S)
The permissions on new files and directories are normally gov-
erned by _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k, _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k, _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e and
_�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e but the boolean inherit permissions parame-
ter overrides this.
New directories inherit the mode of the parent directory,
including bits such as setgid.
New files inherit their read/write bits from the parent direc-
tory. Their execute bits continue to be determined by _�m_�a_�p
_�a_�r_�c_�h_�i_�v_�e, _�m_�a_�p _�h_�i_�d_�d_�e_�n and _�m_�a_�p _�s_�y_�s_�t_�e_�m as usual.
Note that the setuid bit is n�ne�ev�ve�er�r set via inheritance (the code
explicitly prohibits this).
This can be particularly useful on large systems with many
users, perhaps several thousand, to allow a single [homes] share
to be used flexibly by each user.
Default: _�i_�n_�h_�e_�r_�i_�t _�p_�e_�r_�m_�i_�s_�s_�i_�o_�n_�s = no
interfaces
interfaces (G)
This option allows you to override the default network inter-
faces list that Samba will use for browsing, name registration
and other NBT traffic. By default Samba will query the kernel
for the list of all active interfaces and use any interfaces
except 127.0.0.1 that are broadcast capable.
The option takes a list of interface strings. Each string can be
in any of the following forms:
· a network interface name (such as eth0). This may include
shell-like wildcards so eth* will match any interface start-
ing with the substring "eth"
· an IP address. In this case the netmask is determined from
the list of interfaces obtained from the kernel
· an IP/mask pair.
· a broadcast/mask pair.
The "mask" parameters can either be a bit length (such as 24 for a C
class network) or a full netmask in dotted decimal form.
The "IP" parameters above can either be a full dotted decimal IP
address or a hostname which will be looked up via the OS's normal host-
name resolution mechanisms.
Default: _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s = # all active interfaces except 127.0.0.1 that are
broadcast capable
Example: _�i_�n_�t_�e_�r_�f_�a_�c_�e_�s = # This would configure three network interfaces
corresponding to the eth0 device and IP addresses 192.168.2.10 and
192.168.3.10. The netmasks of the latter two interfaces would be set to
255.255.255.0. eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
invalid users
invalid users (S)
This is a list of users that should not be allowed to login to
this service. This is really a p�pa�ar�ra�an�no�oi�id�d check to absolutely
ensure an improper setting does not breach your security.
A name starting with a '@' is interpreted as an NIS netgroup
first (if your system supports NIS), and then as a UNIX group if
the name was not found in the NIS netgroup database.
A name starting with '+' is interpreted only by looking in the
UNIX group database. A name starting with '&' is interpreted
only by looking in the NIS netgroup database (this requires NIS
to be working on your system). The characters '+' and '&' may be
used at the start of the name in either order so the value
_�+_�&_�g_�r_�o_�u_�p means check the UNIX group database, followed by the NIS
netgroup database, and the value _�&_�+_�g_�r_�o_�u_�p means check the NIS
netgroup database, followed by the UNIX group database (the same
as the '@' prefix).
The current servicename is substituted for _�%_�S. This is useful in
the [homes] section.
Default: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = # no invalid users
Example: _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s = root fred admin @wheel