smb.conf/manpage/2006/parameters/S
< smb.conf | manpage | 2006 | parameters
Jump to navigation
Jump to search
security (G)
This option affects how clients respond to Samba and is one of
the most important settings in the _�s_�m_�b_�._�c_�o_�n_�f file.
The option sets the "security mode bit" in replies to protocol
negotiations with s�sm�mb�bd�d(8) to turn share level security on or
off. Clients decide based on this bit whether (and how) to
transfer user and password information to the server.
The default is s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r, as this is the most common set-
ting needed when talking to Windows 98 and Windows NT.
The alternatives are s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e, s�se�ec�cu�ur�ri�it�ty�y =�= s�se�er�rv�ve�er�r or
s�se�ec�cu�ur�ri�it�ty�y =�= d�do�om�ma�ai�in�n .
In versions of Samba prior to 2.0.0, the default was s�se�ec�cu�ur�ri�it�ty�y =�=
s�sh�ha�ar�re�e mainly because that was the only option at one stage.
There is a bug in WfWg that has relevance to this setting. When
in user or server level security a WfWg client will totally
ignore the password you type in the "connect drive" dialog box.
This makes it very difficult (if not impossible) to connect to a
Samba service as anyone except the user that you are logged into
WfWg as.
If your PCs use usernames that are the same as their usernames
on the UNIX machine then you will want to use s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r.
If you mostly use usernames that don't exist on the UNIX box
then use s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e.
You should also use s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e if you want to mainly setup
shares without a password (guest shares). This is commonly used
for a shared printer server. It is more difficult to setup guest
shares with s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r, see the _�m_�a_�p _�t_�o _�g_�u_�e_�s_�tparameter for
details.
It is possible to use s�sm�mb�bd�d in a h�hy�yb�br�ri�id�d m�mo�od�de�e where it is offers
both user and share level security under different _�N_�e_�t_�B_�I_�O_�S
_�a_�l_�i_�a_�s_�e_�s.
The different settings will now be explained.
S�SE�EC�CU�UR�RI�IT�TY�Y =�= S�SH�HA�AR�RE�E
When clients connect to a share level security server they need
not log onto the server with a valid username and password
before attempting to connect to a shared resource (although mod-
ern clients such as Windows 95/98 and Windows NT will send a
logon request with a username but no password when talking to a
s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e server). Instead, the clients send authentica-
tion information (passwords) on a per-share basis, at the time
they attempt to connect to that share.
Note that s�sm�mb�bd�d A�AL�LW�WA�AY�YS�S uses a valid UNIX user to act on behalf
of the client, even in s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e level security.
As clients are not required to send a username to the server in
share level security, s�sm�mb�bd�d uses several techniques to determine
the correct UNIX user to use on behalf of the client.
A list of possible UNIX usernames to match with the given client
password is constructed using the following methods :
· If the _�g_�u_�e_�s_�t _�o_�n_�l_�y parameter is set, then all the other stages
are missed and only the _�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t username is checked.
· Is a username is sent with the share connection request, then
this username (after mapping - see _�u_�s_�e_�r_�n_�a_�m_�e _�m_�a_�p), is added as
a potential username.
· If the client did a previous l�lo�og�go�on�n request (the SessionSetup
SMB call) then the username sent in this SMB will be added as
a potential username.
· The name of the service the client requested is added as a
potential username.
· The NetBIOS name of the client is added to the list as a
potential username.
· Any users on the _�u_�s_�e_�r list are added as potential usernames.
If the _�g_�u_�e_�s_�t _�o_�n_�l_�y parameter is not set, then this list is then tried
with the supplied password. The first user for whom the password
matches will be used as the UNIX user.
If the _�g_�u_�e_�s_�t _�o_�n_�l_�y parameter is set, or no username can be determined
then if the share is marked as available to the _�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t, then
this guest user will be used, otherwise access is denied.
Note that it can be v�ve�er�ry�y confusing in share-level security as to which
UNIX username will eventually be used in granting access.
See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
S�SE�EC�CU�UR�RI�IT�TY�Y =�= U�US�SE�ER�R
This is the default security setting in Samba 3.0. With user-level
security a client must first "log-on" with a valid username and pass-
word (which can be mapped using the _�u_�s_�e_�r_�n_�a_�m_�e _�m_�a_�p parameter). Encrypted
passwords (see the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s parameter) can also be used in
this security mode. Parameters such as _�u_�s_�e_�r and _�g_�u_�e_�s_�t _�o_�n_�l_�y if set are
then applied and may change the UNIX user to use on this connection,
but only after the user has been successfully authenticated.
N�No�ot�te�e that the name of the resource being requested is n�no�ot�t sent to the
server until after the server has successfully authenticated the
client. This is why guest shares don't work in user level security
without allowing the server to automatically map unknown users into the
_�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t. See the _�m_�a_�p _�t_�o _�g_�u_�e_�s_�t parameter for details on doing
this.
See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
S�SE�EC�CU�UR�RI�IT�TY�Y =�= D�DO�OM�MA�AI�IN�N
This mode will only work correctly if n�ne�et�t(8) has been used to add this
machine into a Windows NT Domain. It expects the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s
parameter to be set to y�ye�es�s. In this mode Samba will try to validate the
username/password by passing it to a Windows NT Primary or Backup
Domain Controller, in exactly the same way that a Windows NT Server
would do.
N�No�ot�te�e that a valid UNIX user must still exist as well as the account on
the Domain Controller to allow Samba to have a valid UNIX account to
map file access to.
N�No�ot�te�e that from the client's point of view s�se�ec�cu�ur�ri�it�ty�y =�= d�do�om�ma�ai�in�n is the same
as s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r. It only affects how the server deals with the
authentication, it does not in any way affect what the client sees.
N�No�ot�te�e that the name of the resource being requested is n�no�ot�t sent to the
server until after the server has successfully authenticated the
client. This is why guest shares don't work in user level security
without allowing the server to automatically map unknown users into the
_�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t. See the _�m_�a_�p _�t_�o _�g_�u_�e_�s_�t parameter for details on doing
this.
See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
See also the _�p_�a_�s_�s_�w_�o_�r_�d _�s_�e_�r_�v_�e_�r parameter and the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s
parameter.
S�SE�EC�CU�UR�RI�IT�TY�Y =�= S�SE�ER�RV�VE�ER�R
In this mode Samba will try to validate the username/password by pass-
ing it to another SMB server, such as an NT box. If this fails it will
revert to s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r. It expects the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s parameter
to be set to y�ye�es�s, unless the remote server does not support them. How-
ever note that if encrypted passwords have been negotiated then Samba
cannot revert back to checking the UNIX password file, it must have a
valid _�s_�m_�b_�p_�a_�s_�s_�w_�d file to check users against. See the chapter about the
User Database in the Samba HOWTO Collection for details on how to set
this up.
N�No�ot�te�e
This mode of operation has significant pitfalls, due to the fact
that is activly initiates a man-in-the-middle attack on the
remote SMB server. In particular, this mode of operation can
cause significant resource consuption on the PDC, as it must
maintain an active connection for the duration of the user's
session. Furthermore, if this connection is lost, there is no
way to reestablish it, and futher authenticaions to the Samba
server may fail. (From a single client, till it disconnects).
N�No�ot�te�e
From the client's point of view s�se�ec�cu�ur�ri�it�ty�y =�= s�se�er�rv�ve�er�r is the same as
s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r. It only affects how the server deals with the
authentication, it does not in any way affect what the client
sees.
N�No�ot�te�e that the name of the resource being requested is n�no�ot�t sent to the
server until after the server has successfully authenticated the
client. This is why guest shares don't work in user level security
without allowing the server to automatically map unknown users into the
_�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t. See the _�m_�a_�p _�t_�o _�g_�u_�e_�s_�t parameter for details on doing
this.
See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
See also the _�p_�a_�s_�s_�w_�o_�r_�d _�s_�e_�r_�v_�e_�r parameter and the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s
parameter.
S�SE�EC�CU�UR�RI�IT�TY�Y =�= A�AD�DS�S
In this mode, Samba will act as a domain member in an ADS realm. To
operate in this mode, the machine running Samba will need to have Ker-
beros installed and configured and Samba will need to be joined to the
ADS realm using the net utility.
Note that this mode does NOT make Samba operate as a Active Directory
Domain Controller.
Read the chapter about Domain Membership in the HOWTO for details.
Default: _�s_�e_�c_�u_�r_�i_�t_�y = USER
Example: _�s_�e_�c_�u_�r_�i_�t_�y = DOMAIN
security mask (S)
This parameter controls what UNIX permission bits can be modi-
fied when a Windows NT client is manipulating the UNIX permis-
sion on a file using the native NT security dialog box.
This parameter is applied as a mask (AND'ed with) to the changed
permission bits, thus preventing any bits not in this mask from
being modified. Essentially, zero bits in this mask may be
treated as a set of bits the user is not allowed to change.
If not set explicitly this parameter is 0777, allowing a user to
modify all the user/group/world permissions on a file.
N�No�ot�te�e that users who can access the Samba server through other
means can easily bypass this restriction, so it is primarily
useful for standalone "appliance" systems. Administrators of
most normal systems will probably want to leave it set to 0�07�77�77�7.
Default: _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0777
Example: _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0770
server schannel (G)
This controls whether the server offers or even demands the use
of the netlogon schannel. _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l _�= _�n_�o does not offer
the schannel, _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l _�= _�a_�u_�t_�o offers the schannel but
does not enforce it, and _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l _�= _�y_�e_�s denies access if
the client is not able to speak netlogon schannel. This is only
the case for Windows NT4 before SP4.
Please note that with this set to _�n_�o you will have to apply the
WindowsXP requireSignOrSeal-Registry patch found in the
docs/Registry subdirectory.
Default: _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l = auto
Example: _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l = yes
server signing (G)
This controls whether the server offers or requires the client
it talks to to use SMB signing. Possible values are a�au�ut�to�o, m�ma�an�nd�da�a-�-
t�to�or�ry�y and d�di�is�sa�ab�bl�le�ed�d.
When set to auto, SMB signing is offered, but not enforced. When
set to mandatory, SMB signing is required and if set to dis-
abled, SMB signing is not offered either.
Default: _�s_�e_�r_�v_�e_�r _�s_�i_�g_�n_�i_�n_�g = Disabled
server string (G)
This controls what string will show up in the printer comment
box in print manager and next to the IPC connection in n�ne�et�t v�vi�ie�ew�w.
It can be any string that you wish to show to your users.
It also sets what will appear in browse lists next to the
machine name.
A _�%_�v will be replaced with the Samba version number.
A _�%_�h will be replaced with the hostname.
Default: _�s_�e_�r_�v_�e_�r _�s_�t_�r_�i_�n_�g = Samba %v
Example: _�s_�e_�r_�v_�e_�r _�s_�t_�r_�i_�n_�g = University of GNUs Samba Server
set directory (S)
If s�se�et�t d�di�ir�re�ec�ct�to�or�ry�y =�= n�no�o, then users of the service may not use the
setdir command to change directory.
The s�se�et�td�di�ir�r command is only implemented in the Digital Pathworks
client. See the Pathworks documentation for details.
Default: _�s_�e_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = no
set primary group script (G)
Thanks to the Posix subsystem in NT a Windows User has a primary
group in addition to the auxiliary groups. This script sets the
primary group in the unix userdatase when an administrator sets
the primary group from the windows user manager or when fetching
a SAM with n�ne�et�t r�rp�pc�c v�va�am�mp�pi�ir�re�e. _�%_�u will be replaced with the user
whose primary group is to be set._�%_�g will be replaced with the
group to set.
Default: _�s_�e_�t _�p_�r_�i_�m_�a_�r_�y _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t =
Example: _�s_�e_�t _�p_�r_�i_�m_�a_�r_�y _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t = /usr/sbin/usermod -g '%g'
'%u'
set quota command (G)
The s�se�et�t q�qu�uo�ot�ta�a c�co�om�mm�ma�an�nd�d should only be used whenever there is no
operating system API available from the OS that samba can use.
This option is only available if Samba was configured with the
argument -�--�-w�wi�it�th�h-�-s�sy�ys�s-�-q�qu�uo�ot�ta�as�s or on linux when .�./�/c�co�on�nf�fi�ig�gu�ur�re�e
-�--�-w�wi�it�th�h-�-q�qu�uo�ot�ta�as�s was used and a working quota api was found in the
system. Most packages are configured with these options already.
This parameter should specify the path to a script that can set
quota for the specified arguments.
The specified script should take the following arguments:
· 1 - quota type
· 1 - user quotas
· 2 - user default quotas (uid = -1)
· 3 - group quotas
· 4 - group default quotas (gid = -1)
· 2 - id (uid for user, gid for group, -1 if N/A)
· 3 - quota state (0 = disable, 1 = enable, 2 = enable and
enforce)
· 4 - block softlimit
· 5 - block hardlimit
· 6 - inode softlimit
· 7 - inode hardlimit
· 8(optional) - block size, defaults to 1024
The script should output at least one line of data on success. And
nothing on failure.
Default: _�s_�e_�t _�q_�u_�o_�t_�a _�c_�o_�m_�m_�a_�n_�d =
Example: _�s_�e_�t _�q_�u_�o_�t_�a _�c_�o_�m_�m_�a_�n_�d = /usr/local/sbin/set_quota
share modes (S)
This enables or disables the honoring of the _�s_�h_�a_�r_�e _�m_�o_�d_�e_�s during
a file open. These modes are used by clients to gain exclusive
read or write access to a file.
These open modes are not directly supported by UNIX, so they are
simulated using shared memory, or lock files if your UNIX
doesn't support shared memory (almost all do).
The share modes that are enabled by this option areD�DE�EN�NY�Y_�_D�DO�OS�S,
D�DE�EN�NY�Y_�_A�AL�LL�L,D�DE�EN�NY�Y_�_R�RE�EA�AD�D, D�DE�EN�NY�Y_�_W�WR�RI�IT�TE�E,D�DE�EN�NY�Y_�_N�NO�ON�NE�E and D�DE�EN�NY�Y_�_F�FC�CB�B.
This option gives full share compatibility and enabled by
default.
You should N�NE�EV�VE�ER�R turn this parameter off as many Windows appli-
cations will break if you do so.
Default: _�s_�h_�a_�r_�e _�m_�o_�d_�e_�s = yes
short preserve case (S)
This boolean parameter controls if new files which conform to
8.3 syntax, that is all in upper case and of suitable length,
are created upper case, or if they are forced to be the _�d_�e_�f_�a_�u_�l_�t
_�c_�a_�s_�e . This option can be use with p�pr�re�es�se�er�rv�ve�e c�ca�as�se�e =�= y�ye�es�s to permit
long filenames to retain their case, while short names are low-
ered.
See the section on NAME MANGLING.
Default: _�s_�h_�o_�r_�t _�p_�r_�e_�s_�e_�r_�v_�e _�c_�a_�s_�e = yes
show add printer wizard (G)
With the introduction of MS-RPC based printing support for Win-
dows NT/2000 client in Samba 2.2, a "Printers..." folder will
appear on Samba hosts in the share listing. Normally this folder
will contain an icon for the MS Add Printer Wizard (APW). How-
ever, it is possible to disable this feature regardless of the
level of privilege of the connected user.
Under normal circumstances, the Windows NT/2000 client will open
a handle on the printer server with OpenPrinterEx() asking for
Administrator privileges. If the user does not have administra-
tive access on the print server (i.e is not root or a member of
the _�p_�r_�i_�n_�t_�e_�r _�a_�d_�m_�i_�n group), the OpenPrinterEx() call fails and the
client makes another open call with a request for a lower privi-
lege level. This should succeed, however the APW icon will not
be displayed.
Disabling the _�s_�h_�o_�w _�a_�d_�d _�p_�r_�i_�n_�t_�e_�r _�w_�i_�z_�a_�r_�d parameter will always
cause the OpenPrinterEx() on the server to fail. Thus the APW
icon will never be displayed.
N�No�ot�te�e
This does not prevent the same user from having administrative
privilege on an individual printer.
Default: _�s_�h_�o_�w _�a_�d_�d _�p_�r_�i_�n_�t_�e_�r _�w_�i_�z_�a_�r_�d = yes
shutdown script (G)
T�Th�hi�is�s p�pa�ar�ra�am�me�et�te�er�r o�on�nl�ly�y e�ex�xi�is�st�ts�s i�in�n t�th�he�e H�HE�EA�AD�D c�cv�vs�s b�br�ra�an�nc�ch�h This a full
path name to a script called by s�sm�mb�bd�d(8) that should start a
shutdown procedure.
This command will be run as the user connected to the server.
%m %t %r %f parameters are expanded:
· _�%_�m will be substituted with the shutdown message sent to the
server.
· _�%_�t will be substituted with the number of seconds to wait
before effectively starting the shutdown procedure.
· _�%_�r will be substituted with the switch -�-r�r. It means reboot
after shutdown for NT.
· _�%_�f will be substituted with the switch -�-f�f. It means force the
shutdown even if applications do not respond for NT.
Shutdown script example:
#!/bin/bash
$time=0
let "time/60"
let "time++"
/sbin/shutdown $3 $4 +$time $1 &
Shutdown does not return so we need to launch it in background.
Default: _�s_�h_�u_�t_�d_�o_�w_�n _�s_�c_�r_�i_�p_�t =
Example: _�s_�h_�u_�t_�d_�o_�w_�n _�s_�c_�r_�i_�p_�t = /usr/local/samba/sbin/shutdown %m %t %r %f
smb passwd file (G)
This option sets the path to the encrypted smbpasswd file. By
default the path to the smbpasswd file is compiled into Samba.
Default: _�s_�m_�b _�p_�a_�s_�s_�w_�d _�f_�i_�l_�e = ${prefix}/private/smbpasswd
Example: _�s_�m_�b _�p_�a_�s_�s_�w_�d _�f_�i_�l_�e = /etc/samba/smbpasswd
smb ports (G)
Specifies which ports the server should listen on for SMB traf-
fic.
Default: _�s_�m_�b _�p_�o_�r_�t_�s = 445 139
socket address (G)
This option allows you to control what address Samba will listen
for connections on. This is used to support multiple virtual
interfaces on the one server, each with a different configura-
tion.
By default Samba will accept connections on any address.
Default: _�s_�o_�c_�k_�e_�t _�a_�d_�d_�r_�e_�s_�s =
Example: _�s_�o_�c_�k_�e_�t _�a_�d_�d_�r_�e_�s_�s = 192.168.2.20
socket options (G)
This option allows you to set socket options to be used when
talking with the client.
Socket options are controls on the networking layer of the oper-
ating systems which allow the connection to be tuned.
This option will typically be used to tune your Samba server for
optimal performance for your local network. There is no way that
Samba can know what the optimal parameters are for your net, so
you must experiment and choose them yourself. We strongly sug-
gest you read the appropriate documentation for your operating
system first (perhaps m�ma�an�n s�se�et�ts�so�oc�ck�ko�op�pt�t will help).
You may find that on some systems Samba will say "Unknown socket
option" when you supply an option. This means you either incor-
rectly typed it or you need to add an include file to includes.h
for your OS. If the latter is the case please send the patch to
samba-technical@samba.org.
Any of the supported socket options may be combined in any way
you like, as long as your OS allows it.
This is the list of socket options currently settable using this
option:
· SO_KEEPALIVE
· SO_REUSEADDR
· SO_BROADCAST
· TCP_NODELAY
· IPTOS_LOWDELAY
· IPTOS_THROUGHPUT
· SO_SNDBUF *
· SO_RCVBUF *
· SO_SNDLOWAT *
· SO_RCVLOWAT *
Those marked with a '�'*�*'�' take an integer argument. The others can
optionally take a 1 or 0 argument to enable or disable the option, by
default they will be enabled if you don't specify 1 or 0.
To specify an argument use the syntax SOME_OPTION = VALUE for example
S�SO�O_�_S�SN�ND�DB�BU�UF�F =�= 8�81�19�92�2. Note that you must not have any spaces before or
after the = sign.
If you are on a local network then a sensible option might be:
s�so�oc�ck�ke�et�t o�op�pt�ti�io�on�ns�s =�= I�IP�PT�TO�OS�S_�_L�LO�OW�WD�DE�EL�LA�AY�Y
If you have a local network then you could try:
s�so�oc�ck�ke�et�t o�op�pt�ti�io�on�ns�s =�= I�IP�PT�TO�OS�S_�_L�LO�OW�WD�DE�EL�LA�AY�Y T�TC�CP�P_�_N�NO�OD�DE�EL�LA�AY�Y
If you are on a wide area network then perhaps try setting
IPTOS_THROUGHPUT.
Note that several of the options may cause your Samba server to fail
completely. Use these options with caution!
Default: _�s_�o_�c_�k_�e_�t _�o_�p_�t_�i_�o_�n_�s = TCP_NODELAY
Example: _�s_�o_�c_�k_�e_�t _�o_�p_�t_�i_�o_�n_�s = IPTOS_LOWDELAY
stat cache (G)
This parameter determines if s�sm�mb�bd�d(8) will use a cache in order
to speed up case insensitive name mappings. You should never
need to change this parameter.
Default: _�s_�t_�a_�t _�c_�a_�c_�h_�e = yes
store dos attributes (S)
If this parameter is set Samba no longer attempts to map DOS
attributes like SYSTEM, HIDDEN, ARCHIVE or READ-ONLY to UNIX
permission bits (such as the _�m_�a_�p _�h_�i_�d_�d_�e_�n. Instead, DOS attributes
will be stored onto an extended attribute in the UNIX filesys-
tem, associated with the file or directory. For this to operate
correctly, the parameters _�m_�a_�p _�h_�i_�d_�d_�e_�n, _�m_�a_�p _�s_�y_�s_�t_�e_�m, _�m_�a_�p _�a_�r_�c_�h_�i_�v_�e
must be set to off. This parameter writes the DOS attributes as
a string into the extended attribute named "user.DOSATTRIB".
This extended attribute is explicitly hidden from smbd clients
requesting an EA list. On Linux the filesystem must have been
mounted with the mount option user_xattr in order for extended
attributes to work, also extended attributes must be compiled
into the Linux kernel.
Default: _�s_�t_�o_�r_�e _�d_�o_�s _�a_�t_�t_�r_�i_�b_�u_�t_�e_�s = no
strict allocate (S)
This is a boolean that controls the handling of disk space allo-
cation in the server. When this is set to y�ye�es�s the server will
change from UNIX behaviour of not committing real disk storage
blocks when a file is extended to the Windows behaviour of actu-
ally forcing the disk system to allocate real storage blocks
when a file is created or extended to be a given size. In UNIX
terminology this means that Samba will stop creating sparse
files. This can be slow on some systems.
When strict allocate is n�no�o the server does sparse disk block
allocation when a file is extended.
Setting this to y�ye�es�s can help Samba return out of quota messages
on systems that are restricting the disk quota of users.
Default: _�s_�t_�r_�i_�c_�t _�a_�l_�l_�o_�c_�a_�t_�e = no
strict locking (S)
This is a boolean that controls the handling of file locking in
the server. When this is set to y�ye�es�s, the server will check every
read and write access for file locks, and deny access if locks
exist. This can be slow on some systems.
When strict locking is disabled, the server performs file lock
checks only when the client explicitly asks for them.
Well-behaved clients always ask for lock checks when it is
important. So in the vast majority of cases, s�st�tr�ri�ic�ct�t l�lo�oc�ck�ki�in�ng�g =�= n�no�o
is preferable.
Default: _�s_�t_�r_�i_�c_�t _�l_�o_�c_�k_�i_�n_�g = no
strict sync (S)
Many Windows applications (including the Windows 98 explorer
shell) seem to confuse flushing buffer contents to disk with
doing a sync to disk. Under UNIX, a sync call forces the process
to be suspended until the kernel has ensured that all outstand-
ing data in kernel disk buffers has been safely stored onto sta-
ble storage. This is very slow and should only be done rarely.
Setting this parameter to n�no�o (the default) means that s�sm�mb�bd�d(8)
ignores the Windows applications requests for a sync call. There
is only a possibility of losing data if the operating system
itself that Samba is running on crashes, so there is little dan-
ger in this default setting. In addition, this fixes many per-
formance problems that people have reported with the new Win-
dows98 explorer shell file copies.
Default: _�s_�t_�r_�i_�c_�t _�s_�y_�n_�c = no
sync always (S)
This is a boolean parameter that controls whether writes will
always be written to stable storage before the write call
returns. If this is n�no�o then the server will be guided by the
client's request in each write call (clients can set a bit indi-
cating that a particular write should be synchronous). If this
is y�ye�es�s then every write will be followed by a f�fs�sy�yn�nc�c(�()�) call to
ensure the data is written to disk. Note that the _�s_�t_�r_�i_�c_�t _�s_�y_�n_�c
parameter must be set to y�ye�es�s in order for this parameter to have
any affect.
Default: _�s_�y_�n_�c _�a_�l_�w_�a_�y_�s = no
syslog (G)
This parameter maps how Samba debug messages are logged onto the
system syslog logging levels. Samba debug level zero maps onto
syslog L�LO�OG�G_�_E�ER�RR�R, debug level one maps onto L�LO�OG�G_�_W�WA�AR�RN�NI�IN�NG�G, debug
level two maps onto L�LO�OG�G_�_N�NO�OT�TI�IC�CE�E, debug level three maps onto
LOG_INFO. All higher levels are mapped to L�LO�OG�G_�_D�DE�EB�BU�UG�G.
This parameter sets the threshold for sending messages to sys-
log. Only messages with debug level less than this value will be
sent to syslog.
Default: _�s_�y_�s_�l_�o_�g = 1
syslog only (G)
If this parameter is set then Samba debug messages are logged
into the system syslog only, and not to the debug log files.
Default: _�s_�y_�s_�l_�o_�g _�o_�n_�l_�y = no