smb.conf/manpage/2006/parameters/M
< smb.conf | manpage | 2006 | parameters
Jump to navigation
Jump to search
machine password timeout
machine password timeout (G) If a Samba server is a member of a Windows NT Domain (see the security = domain parameter) then periodically a running smbd process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called _�p_�r_�i_�v_�a_�t_�e_�/_�s_�e_�c_�r_�e_�t_�s_�._�t_�d_�b . This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in seconds), the same as a Windows NT Domain member server.
See also s�sm�mb�bp�pa�as�ss�sw�wd�d(8), and the security = domain parameter.
Default: _�m_�a_�c_�h_�i_�n_�e _�p_�a_�s_�s_�w_�o_�r_�d _�t_�i_�m_�e_�o_�u_�t = 604800
magic output
magic output (S) This parameter specifies the name of a file which will contain output created by a magic script (see the_�m_�a_�g_�i_�c _�s_�c_�r_�i_�p_�t parameter below).
W�Wa�ar�rn�ni�in�ng�g
If two clients use the same _�m_�a_�g_�i_�c _�s_�c_�r_�i_�p_�t in the same directory the output file content is undefined.
Default: _�m_�a_�g_�i_�c _�o_�u_�t_�p_�u_�t = <magic script name>.out
Example: _�m_�a_�g_�i_�c _�o_�u_�t_�p_�u_�t = myfile.txt
magic script
magic script (S) This parameter specifies the name of a file which, if opened, will be executed by the server when the file is closed. This allows a UNIX script to be sent to the Samba host and executed on behalf of the connected user.
Scripts executed in this way will be deleted upon completion assuming that the user has the appropriate level of privilege and the file permissions allow the deletion.
If the script generates output, output will be sent to the file specified by the _�m_�a_�g_�i_�c _�o_�u_�t_�p_�u_�t parameter (see above).
Note that some shells are unable to interpret scripts containing CR/LF instead of CR as the end-of-line marker. Magic scripts must be executablea�as�s i�is�s on the host, which for some hosts and some shells will require filtering at the DOS end.
Magic scripts are E�EX�XP�PE�ER�RI�IM�ME�EN�NT�TA�AL�L and should N�NO�OT�T be relied upon.
Default: _�m_�a_�g_�i_�c _�s_�c_�r_�i_�p_�t =
Example: _�m_�a_�g_�i_�c _�s_�c_�r_�i_�p_�t = user.csh
mangled map
mangled map (S) This is for those who want to directly map UNIX file names which cannot be represented on Windows/DOS. The mangling of names is not always what is needed. In particular you may have documents with file extensions that differ between DOS and UNIX. For example, under UNIX it is common to use _�._�h_�t_�m_�l for HTML files, whereas under Windows/DOS _�._�h_�t_�m is more commonly used.
So to map _�h_�t_�m_�l to _�h_�t_�m you would use:
m�ma�an�ng�gl�le�ed�d m�ma�ap�p =�= (�(*�*.�.h�ht�tm�ml�l *�*.�.h�ht�tm�m)�)
One very useful case is to remove the annoying _�;_�1 off the ends of filenames on some CDROMs (only visible under some UNIXes). To do this use a map of (*;1 *;).
Default: _�m_�a_�n_�g_�l_�e_�d _�m_�a_�p = # no mangled map
Example: _�m_�a_�n_�g_�l_�e_�d _�m_�a_�p = (*;1 *;)
mangled names
mangled names (S) This controls whether non-DOS names under UNIX should be mapped to DOS-compatible names ("mangled") and made visible, or whether non-DOS names should simply be ignored.
See the section on NAME MANGLING for details on how to control the mangling process.
If mangling is used then the mangling algorithm is as follows:
· The first (up to) five alphanumeric characters before the rightmost dot of the filename are preserved, forced to upper case, and appear as the first (up to) five characters of the mangled name.
· A tilde "~" is appended to the first part of the mangled name, followed by a two-character unique sequence, based on the original root name (i.e., the original filename minus its final extension). The final extension is included in the hash calculation only if it contains any upper case characters or is longer than three characters.
Note that the character to use may be specified using the _�m_�a_�n_�g_�l_�i_�n_�g _�c_�h_�a_�r option, if you don't like '~'.
· The first three alphanumeric characters of the final extension are preserved, forced to upper case and appear as the extension of the mangled name. The final extension is defined as that part of the original filename after the rightmost dot. If there are no dots in the filename, the mangled name will have no extension (except in the case of "hidden files" - see below).
· Files whose UNIX name begins with a dot will be presented as DOS hidden files. The mangled name will be created as for other filenames, but with the leading dot removed and "___" as its extension regardless of actual original extension (that's three underscores).
The two-digit hash value consists of upper case alphanumeric characters.
This algorithm can cause name collisions only if files in a directory share the same first five alphanumeric characters. The probability of such a clash is 1/1300.
The name mangling (if enabled) allows a file to be copied between UNIX directories from Windows/DOS while retaining the long UNIX filename. UNIX files can be renamed to a new extension from Windows/DOS and will retain the same basename. Mangled names do not change between sessions.
Default: _�m_�a_�n_�g_�l_�e_�d _�n_�a_�m_�e_�s = yes
mangle prefix
mangle prefix (G) controls the number of prefix characters from the original name used when generating the mangled names. A larger value will give a weaker hash and therefore more name collisions. The minimum value is 1 and the maximum value is 6.
mangle prefix is effective only when mangling method is hash2.
Default: _�m_�a_�n_�g_�l_�e _�p_�r_�e_�f_�i_�x = 1
Example: _�m_�a_�n_�g_�l_�e _�p_�r_�e_�f_�i_�x = 4
mangling char
mangling char (S) This controls what character is used as the m�ma�ag�gi�ic�c character in name mangling. The default is a '~' but this may interfere with some software. Use this option to set it to whatever you prefer. This is effective only when mangling method is hash.
Default: _�m_�a_�n_�g_�l_�i_�n_�g _�c_�h_�a_�r = ~
Example: _�m_�a_�n_�g_�l_�i_�n_�g _�c_�h_�a_�r = ^
mangling method
mangling method (G) controls the algorithm used for the generating the mangled names. Can take two different values, "hash" and "hash2". "hash" is the algorithm that was used used in Samba for many years and was the default in Samba 2.2.x "hash2" is now the default and is newer and considered a better algorithm (generates less collisions) in the names. Many Win32 applications store the mangled names and so changing to algorithms must not be done lightly as these applications may break unless reinstalled.
Default: _�m_�a_�n_�g_�l_�i_�n_�g _�m_�e_�t_�h_�o_�d = hash2
Example: _�m_�a_�n_�g_�l_�i_�n_�g _�m_�e_�t_�h_�o_�d = hash
map acl inherit
map acl inherit (S) This boolean parameter controls whether s�sm�mb�bd�d(8) will attempt to map the 'inherit' and 'protected' access control entry flags stored in Windows ACLs into an extended attribute called user.SAMBA_PAI. This parameter only takes effect if Samba is being run on a platform that supports extended attributes (Linux and IRIX so far) and allows the Windows 2000 ACL editor to correctly use inheritance with the Samba POSIX ACL mapping code.
Default: _�m_�a_�p _�a_�c_�l _�i_�n_�h_�e_�r_�i_�t = no
map archive
map archive (S) This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit. The DOS archive bit is set when a file has been modified since its last backup. One motivation for this option it to keep Samba/your PC from making any file it touches from becoming executable under UNIX. This can be quite annoying for shared source code, documents, etc...
Note that this requires the _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k parameter to be set such that owner execute bit is not masked out (i.e. it must include 100). See the parameter _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k for details.
Default: _�m_�a_�p _�a_�r_�c_�h_�i_�v_�e = yes
map hidden (S) This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
Note that this requires the _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k to be set such that the world execute bit is not masked out (i.e. it must include 001). See the parameter _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k for details.
N�No�o d�de�ef�fa�au�ul�lt�t
map system
map system (S) This controls whether DOS style system files should be mapped to the UNIX group execute bit.
Note that this requires the _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k to be set such that the group execute bit is not masked out (i.e. it must include 010). See the parameter _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k for details.
Default: _�m_�a_�p _�s_�y_�s_�t_�e_�m = no
map to guest
map to guest (G) This parameter is only useful in security modes other than _�s_�e_�c_�u_�r_�i_�t_�y _�= _�s_�h_�a_�r_�e - i.e. u�us�se�er�r, s�se�er�rv�ve�er�r, and d�do�om�ma�ai�in�n.
This parameter can take three different values, which tell s�sm�mb�bd�d(8) what to do with user login requests that don't match a valid UNIX user in some way.
The three settings are :
· N�Ne�ev�ve�er�r - Means user login requests with an invalid password are rejected. This is the default.
· B�Ba�ad�d U�Us�se�er�r - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and mapped into the _�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t.
· B�Ba�ad�d P�Pa�as�ss�sw�wo�or�rd�d - Means user logins with an invalid password are treated as a guest login and mapped into the guest account. Note that this can cause problems as it means that any user incorrectly typing their password will be silently logged on as "guest" - and will not know the reason they cannot access files they think they should - there will have been no message given to them that they got their password wrong. Helpdesk services will h�ha�at�te�e you if you set the _�m_�a_�p _�t_�o _�g_�u_�e_�s_�t parameter this way :-).
Note that this parameter is needed to set up "Guest" share services when using _�s_�e_�c_�u_�r_�i_�t_�y modes other than share. This is because in these modes the name of the resource being requested is n�no�ot�t sent to the server until after the server has successfully authenticated the client so the server cannot make authentication decisions at the correct time (connection to the share) for "Guest" shares.
For people familiar with the older Samba releases, this parameter maps to the old compile-time setting of the G�GU�UE�ES�ST�T_�_S�SE�ES�SS�SS�SE�ET�TU�UP�P value in local.h.
Default: _�m_�a_�p _�t_�o _�g_�u_�e_�s_�t = Never
Example: _�m_�a_�p _�t_�o _�g_�u_�e_�s_�t = Bad User
max connections
max connections (S) This option allows the number of simultaneous connections to a service to be limited. If _�m_�a_�x _�c_�o_�n_�n_�e_�c_�t_�i_�o_�n_�s is greater than 0 then connections will be refused if this number of connections to the service are already open. A value of zero mean an unlimited number of connections may be made.
Record lock files are used to implement this feature. The lock files will be stored in the directory specified by the _�l_�o_�c_�k _�d_�i_�r_�e_�c_�t_�o_�r_�y option.
Default: _�m_�a_�x _�c_�o_�n_�n_�e_�c_�t_�i_�o_�n_�s = 0
Default: _�m_�a_�x _�c_�o_�n_�n_�e_�c_�t_�i_�o_�n_�s = 10
max disk size
max disk size (G) This option allows you to put an upper limit on the apparent size of disks. If you set this option to 100 then all shares will appear to be not larger than 100 MB in size.
Note that this option does not limit the amount of data you can put on the disk. In the above case you could still store much more than 100 MB on the disk, but if a client ever asks for the amount of free disk space or the total disk size then the result will be bounded by the amount specified in _�m_�a_�x _�d_�i_�s_�k _�s_�i_�z_�e.
This option is primarily useful to work around bugs in some pieces of software that can't handle very large disks, particularly disks over 1GB in size.
A _�m_�a_�x _�d_�i_�s_�k _�s_�i_�z_�e of 0 means no limit.
Default: _�m_�a_�x _�d_�i_�s_�k _�s_�i_�z_�e = 0
Example: _�m_�a_�x _�d_�i_�s_�k _�s_�i_�z_�e = 1000
max log size
max log size (G) This option (an integer in kilobytes) specifies the max size the log file should grow to. Samba periodically checks the size and if it is exceeded it will rename the file, adding a _�._�o_�l_�d extension.
A size of 0 means no limit.
Default: _�m_�a_�x _�l_�o_�g _�s_�i_�z_�e = 5000
Default: _�m_�a_�x _�l_�o_�g _�s_�i_�z_�e = 1000
max mux
max mux (G) This option controls the maximum number of outstanding simultaneous SMB operations that Samba tells the client it will allow. You should never need to set this parameter.
Default: _�m_�a_�x _�m_�u_�x = 50
max open files
max open files (G) This parameter limits the maximum number of open files that one s�sm�mb�bd�d(8) file serving process may have open for a client at any one time. The default for this parameter is set very high (10,000) as Samba uses only one bit per unopened file.
The limit of the number of open files is usually set by the UNIX per-process file descriptor limit rather than this parameter so you should never need to touch this parameter.
Default: _�m_�a_�x _�o_�p_�e_�n _�f_�i_�l_�e_�s = 10000
max print jobs
max print jobs (S) This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. If this number is exceeded, s�sm�mb�bd�d(8) will remote "Out of Space" to the client.
Default: _�m_�a_�x _�p_�r_�i_�n_�t _�j_�o_�b_�s = 1000
Example: _�m_�a_�x _�p_�r_�i_�n_�t _�j_�o_�b_�s = 5000
max protocol
protocol This parameter is a synonym for max protocol.
max protocol (G) The value of the parameter (a string) is the highest protocol level that will be supported by the server.
Possible values are :
· C�CO�OR�RE�E: Earliest version. No concept of user names.
· C�CO�OR�RE�EP�PL�LU�US�S: Slight improvements on CORE for efficiency.
· L�LA�AN�NM�MA�AN�N1�1: First m�mo�od�de�er�rn�n version of the protocol. Long filename support.
· L�LA�AN�NM�MA�AN�N2�2: Updates to Lanman1 protocol.
· N�NT�T1�1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol.
Default: _�m_�a_�x _�p_�r_�o_�t_�o_�c_�o_�l = NT1
Example: _�m_�a_�x _�p_�r_�o_�t_�o_�c_�o_�l = LANMAN1
max reported print jobs
max reported print jobs (S) This parameter limits the maximum number of jobs displayed in a port monitor for Samba printer queue at any given moment. If this number is exceeded, the excess jobs will not be shown. A value of zero means there is no limit on the number of print jobs reported.
Default: _�m_�a_�x _�r_�e_�p_�o_�r_�t_�e_�d _�p_�r_�i_�n_�t _�j_�o_�b_�s = 0
Example: _�m_�a_�x _�r_�e_�p_�o_�r_�t_�e_�d _�p_�r_�i_�n_�t _�j_�o_�b_�s = 1000
max smbd processes
max smbd processes (G) This parameter limits the maximum number of s�sm�mb�bd�d(8) processes concurrently running on a system and is intended as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections. Remember that under normal operating conditions, each user will have an s�sm�mb�bd�d(8) associated with him or her to handle connections to all shares from a given host.
Default: _�m_�a_�x _�s_�m_�b_�d _�p_�r_�o_�c_�e_�s_�s_�e_�s = 0
Example: _�m_�a_�x _�s_�m_�b_�d _�p_�r_�o_�c_�e_�s_�s_�e_�s = 1000
max ttl
max ttl (G) This option tells n�nm�mb�bd�d(8) what the default 'time to live' of NetBIOS names should be (in seconds) when n�nm�mb�bd�d is requesting a name using either a broadcast packet or from a WINS server. You should never need to change this parameter. The default is 3 days.
Default: _�m_�a_�x _�t_�t_�l = 259200
max wins ttl
max wins ttl (G) This option tells s�sm�mb�bd�d(8) when acting as a WINS server (_�w_�i_�n_�s _�s_�u_�p_�p_�o_�r_�t _�= _�y_�e_�s) what the maximum 'time to live' of NetBIOS names that n�nm�mb�bd�d will grant will be (in seconds). You should never need to change this parameter. The default is 6 days (518400 seconds).
Default: _�m_�a_�x _�w_�i_�n_�s _�t_�t_�l = 518400
max xmit
max xmit (G) This option controls the maximum packet size that will be negotiated by Samba. The default is 65535, which is the maximum. In some cases you may find you get better performance with a smaller value. A value below 2048 is likely to cause problems.
Default: _�m_�a_�x _�x_�m_�i_�t = 65535
Example: _�m_�a_�x _�x_�m_�i_�t = 8192
message command
message command (G) This specifies what command to run when the server receives a WinPopup style message.
This would normally be a command that would deliver the message somehow. How this is to be done is up to your imagination.
An example is:
m�me�es�ss�sa�ag�ge�e c�co�om�mm�ma�an�nd�d =�= c�cs�sh�h -�-c�c '�'x�xe�ed�di�it�t %�%s�s;�;r�rm�m %�%s�s'�' &�&
This delivers the message using x�xe�ed�di�it�t, then removes it afterwards. N�NO�OT�TE�E T�TH�HA�AT�T I�IT�T I�IS�S V�VE�ER�RY�Y I�IM�MP�PO�OR�RT�TA�AN�NT�T T�TH�HA�AT�T T�TH�HI�IS�S C�CO�OM�MM�MA�AN�ND�D R�RE�ET�TU�UR�RN�N I�IM�MM�ME�ED�DI�IA�AT�TE�EL�LY�Y. That's why I have the '&' on the end. If it doesn't return immediately then your PCs may freeze when sending messages (they should recover after 30 seconds, hopefully).
All messages are delivered as the global guest user. The command takes the standard substitutions, although _�%_�u won't work (_�%_�U may be better in this case).
Apart from the standard substitutions, some additional ones apply. In particular:
· _�%_�s = the filename containing the message.
· _�%_�t = the destination that the message was sent to (probably the server name).
· _�%_�f = who the message is from.
You could make this command send mail, or whatever else takes your fancy. Please let us know of any really interesting ideas you have.
Here's a way of sending the messages as mail to root:
m�me�es�ss�sa�ag�ge�e c�co�om�mm�ma�an�nd�d =�= /�/b�bi�in�n/�/m�ma�ai�il�l -�-s�s '�'m�me�es�ss�sa�ag�ge�e f�fr�ro�om�m %�%f�f o�on�n %�%m�m'�' r�ro�oo�ot�t <�< %�%s�s;�; r�rm�m %�%s�s
If you don't have a message command then the message won't be delivered and Samba will tell the sender there was an error. Unfortunately WfWg totally ignores the error code and carries on regardless, saying that the message was delivered.
If you want to silently delete it then try:
m�me�es�ss�sa�ag�ge�e c�co�om�mm�ma�an�nd�d =�= r�rm�m %�%s�s
Default: _�m_�e_�s_�s_�a_�g_�e _�c_�o_�m_�m_�a_�n_�d =
Example: _�m_�e_�s_�s_�a_�g_�e _�c_�o_�m_�m_�a_�n_�d = csh -c 'xedit %s; rm %s' &
min password length
min passwd length This parameter is a synonym for min password length.
min password length (G) This option sets the minimum length in characters of a plaintext password that s�sm�mb�bd�d will accept when performing UNIX password changing.
Default: _�m_�i_�n _�p_�a_�s_�s_�w_�o_�r_�d _�l_�e_�n_�g_�t_�h = 5
min print space
min print space (S) This sets the minimum amount of free disk space that must be available before a user will be able to spool a print job. It is specified in kilobytes. The default is 0, which means a user can always spool a print job.
Default: _�m_�i_�n _�p_�r_�i_�n_�t _�s_�p_�a_�c_�e = 0
Example: _�m_�i_�n _�p_�r_�i_�n_�t _�s_�p_�a_�c_�e = 2000
min protocol
min protocol (G) The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer to the _�m_�a_�x _�p_�r_�o_�t_�o_�c_�o_�l parameter for a list of valid protocol names and a brief description of each. You may also wish to refer to the C source code in _�s_�o_�u_�r_�c_�e_�/_�s_�m_�b_�d_�/_�n_�e_�g_�p_�r_�o_�t_�._�c for a listing of known protocol dialects supported by clients.
If you are viewing this parameter as a security measure, you should also refer to the _�l_�a_�n_�m_�a_�n _�a_�u_�t_�h parameter. Otherwise, you should never need to change this parameter.
Default: _�m_�i_�n _�p_�r_�o_�t_�o_�c_�o_�l = CORE
Example: _�m_�i_�n _�p_�r_�o_�t_�o_�c_�o_�l = NT1
min wins ttl
min wins ttl (G) This option tells n�nm�mb�bd�d(8) when acting as a WINS server ( _�w_�i_�n_�s _�s_�u_�p_�p_�o_�r_�t _�= _�y_�e_�s) what the minimum 'time to live' of NetBIOS names that n�nm�mb�bd�d will grant will be (in seconds). You should never need to change this parameter. The default is 6 hours (21600 seconds).
Default: _�m_�i_�n _�w_�i_�n_�s _�t_�t_�l = 21600
msdfs proxy
msdfs proxy (S) This parameter indicates that the share is a stand-in for another CIFS share whose location is specified by the value of the parameter. When clients attempt to connect to this share, they are redirected to the proxied share using the SMB-Dfs protocol.
Only Dfs roots can act as proxy shares. Take a look at the_�m_�s_�d_�f_�s _�r_�o_�o_�t and _�h_�o_�s_�t _�m_�s_�d_�f_�s options to find out how to set up a Dfs root share.
N�No�o d�de�ef�fa�au�ul�lt�t
Example: _�m_�s_�d_�f_�s _�p_�r_�o_�x_�y = \otherserver\someshare
=msdfs root
msdfs root (S) If set to y�ye�es�s, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic links of the form _�m_�s_�d_�f_�s_�:_�s_�e_�r_�v_�e_�r_�A_�\_�\_�s_�h_�a_�r_�e_�A_�,_�s_�e_�r_�v_�e_�r_�B_�\_�\_�s_�h_�a_�r_�e_�B and so on. For more information on setting up a Dfs tree on Samba, refer to ???.
Default: _�m_�s_�d_�f_�s _�r_�o_�o_�t = no