smb.conf/manpage/2006/parameters/S

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< smb.conf‎ | manpage‎ | 2006‎ | parameters
Jump to: navigation, search
      security (G)
             This option affects how clients respond to Samba and is  one  of
             the most important settings in the  _�s_�m_�b_�._�c_�o_�n_�f file.
             The  option  sets the "security mode bit" in replies to protocol
             negotiations with s�sm�mb�bd�d(8) to turn share  level  security  on  or
             off.  Clients  decide  based  on  this  bit whether (and how) to
             transfer user and password information to the server.
             The default is s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r, as this is the most common  set-
             ting needed when talking to Windows 98 and Windows NT.
             The  alternatives  are  s�se�ec�cu�ur�ri�it�ty�y  =�=  s�sh�ha�ar�re�e, s�se�ec�cu�ur�ri�it�ty�y =�= s�se�er�rv�ve�er�r or
             s�se�ec�cu�ur�ri�it�ty�y =�= d�do�om�ma�ai�in�n .
             In versions of Samba prior to 2.0.0, the default was s�se�ec�cu�ur�ri�it�ty�y  =�=
             s�sh�ha�ar�re�e mainly because that was the only option at one stage.
             There  is a bug in WfWg that has relevance to this setting. When
             in user or server level security  a  WfWg  client  will  totally
             ignore  the password you type in the "connect drive" dialog box.
             This makes it very difficult (if not impossible) to connect to a
             Samba service as anyone except the user that you are logged into
             WfWg as.
             If your PCs use usernames that are the same as  their  usernames
             on  the  UNIX machine then you will want to use s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r.
             If you mostly use usernames that don't exist  on  the  UNIX  box
             then use s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e.
             You should also use s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e if you want to mainly setup
             shares without a password (guest shares). This is commonly  used
             for a shared printer server. It is more difficult to setup guest
             shares with s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r, see the _�m_�a_�p _�t_�o  _�g_�u_�e_�s_�tparameter  for
             details.
             It  is possible to use s�sm�mb�bd�d in a  h�hy�yb�br�ri�id�d m�mo�od�de�e where it is offers
             both user and  share  level  security  under  different  _�N_�e_�t_�B_�I_�O_�S
             _�a_�l_�i_�a_�s_�e_�s.
             The different settings will now be explained.
             S�SE�EC�CU�UR�RI�IT�TY�Y =�= S�SH�HA�AR�RE�E
             When  clients connect to a share level security server they need
             not log onto the server  with  a  valid  username  and  password
             before attempting to connect to a shared resource (although mod-
             ern clients such as Windows 95/98 and Windows  NT  will  send  a
             logon  request with a username but no password when talking to a
             s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e  server). Instead, the clients send authentica-
             tion  information  (passwords) on a per-share basis, at the time
             they attempt to connect to that share.
             Note that s�sm�mb�bd�d  A�AL�LW�WA�AY�YS�S uses a valid UNIX user to act  on  behalf
             of the client, even in s�se�ec�cu�ur�ri�it�ty�y =�= s�sh�ha�ar�re�e level security.
             As  clients are not required to send a username to the server in
             share level security, s�sm�mb�bd�d uses several techniques to  determine
             the correct UNIX user to use on behalf of the client.
             A list of possible UNIX usernames to match with the given client
             password is constructed using the following methods :


             ·  If the _�g_�u_�e_�s_�t _�o_�n_�l_�y parameter is set, then all the other stages
                are missed and only the _�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t username is checked.
             ·  Is a username is sent with the share connection request, then
                this username (after mapping - see _�u_�s_�e_�r_�n_�a_�m_�e _�m_�a_�p), is added as
                a potential username.
             ·  If the client did a previous l�lo�og�go�on�n  request (the SessionSetup
                SMB call) then the username sent in this SMB will be added as
                a potential username.
             ·  The  name  of  the service the client requested is added as a
                potential username.
             ·  The NetBIOS name of the client is added  to  the  list  as  a
                potential username.
             ·  Any users on the  _�u_�s_�e_�r list are added as potential usernames.
      If the _�g_�u_�e_�s_�t _�o_�n_�l_�y parameter is not set, then this list  is  then  tried
      with  the  supplied  password.  The  first  user  for whom the password
      matches will be used as the UNIX user.
      If the _�g_�u_�e_�s_�t _�o_�n_�l_�y parameter is set, or no username  can  be  determined
      then  if  the  share  is marked as available to the _�g_�u_�e_�s_�t _�a_�c_�c_�o_�u_�n_�t, then
      this guest user will be used, otherwise access is denied.
      Note that it can be v�ve�er�ry�y confusing in share-level security as to  which
      UNIX username will eventually be used in granting access.
      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
      S�SE�EC�CU�UR�RI�IT�TY�Y =�= U�US�SE�ER�R
      This  is  the  default  security  setting in Samba 3.0. With user-level
      security a client must first "log-on" with a valid username  and  pass-
      word  (which can be mapped using the _�u_�s_�e_�r_�n_�a_�m_�e _�m_�a_�p parameter). Encrypted
      passwords (see the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s parameter) can also be  used  in
      this  security  mode. Parameters such as _�u_�s_�e_�r and _�g_�u_�e_�s_�t _�o_�n_�l_�y if set are
      then applied and may change the UNIX user to use  on  this  connection,
      but only after the user has been successfully authenticated.
      N�No�ot�te�e  that  the name of the resource being requested is n�no�ot�t sent to the
      server until  after  the  server  has  successfully  authenticated  the
      client.  This  is  why  guest  shares don't work in user level security
      without allowing the server to automatically map unknown users into the
      _�g_�u_�e_�s_�t  _�a_�c_�c_�o_�u_�n_�t.  See  the  _�m_�a_�p  _�t_�o _�g_�u_�e_�s_�t parameter for details on doing
      this.
      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
      S�SE�EC�CU�UR�RI�IT�TY�Y =�= D�DO�OM�MA�AI�IN�N
      This mode will only work correctly if n�ne�et�t(8) has been used to add  this
      machine  into  a  Windows NT Domain. It expects the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s
      parameter to be set to y�ye�es�s. In this mode Samba will try to validate the
      username/password  by  passing  it  to  a  Windows NT Primary or Backup
      Domain Controller, in exactly the same way that  a  Windows  NT  Server
      would do.
      N�No�ot�te�e  that a valid UNIX user must still exist as well as the account on
      the Domain Controller to allow Samba to have a valid  UNIX  account  to
      map file access to.
      N�No�ot�te�e that from the client's point of view s�se�ec�cu�ur�ri�it�ty�y =�= d�do�om�ma�ai�in�n is the same
      as s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r. It only affects  how  the  server  deals  with  the
      authentication, it does not in any way affect what the client sees.
      N�No�ot�te�e  that  the name of the resource being requested is n�no�ot�t sent to the
      server until  after  the  server  has  successfully  authenticated  the
      client.  This  is  why  guest  shares don't work in user level security
      without allowing the server to automatically map unknown users into the
      _�g_�u_�e_�s_�t  _�a_�c_�c_�o_�u_�n_�t.  See  the  _�m_�a_�p  _�t_�o _�g_�u_�e_�s_�t parameter for details on doing
      this.
      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
      See also the _�p_�a_�s_�s_�w_�o_�r_�d _�s_�e_�r_�v_�e_�r  parameter  and  the  _�e_�n_�c_�r_�y_�p_�t_�e_�d  _�p_�a_�s_�s_�w_�o_�r_�d_�s
      parameter.
      S�SE�EC�CU�UR�RI�IT�TY�Y =�= S�SE�ER�RV�VE�ER�R
      In  this mode Samba will try to validate the username/password by pass-
      ing it to another SMB server, such as an NT box. If this fails it  will
      revert to s�se�ec�cu�ur�ri�it�ty�y =�= u�us�se�er�r. It expects the _�e_�n_�c_�r_�y_�p_�t_�e_�d _�p_�a_�s_�s_�w_�o_�r_�d_�s parameter
      to be set to y�ye�es�s, unless the remote server does not support them.  How-
      ever  note  that if encrypted passwords have been negotiated then Samba
      cannot revert back to checking the UNIX password file, it must  have  a
      valid  _�s_�m_�b_�p_�a_�s_�s_�w_�d file to check users against. See the chapter about the
      User Database in the Samba HOWTO Collection for details on how  to  set
      this up.


             N�No�ot�te�e
             This mode of operation has significant pitfalls, due to the fact
             that is activly initiates  a  man-in-the-middle  attack  on  the
             remote  SMB  server.  In  particular, this mode of operation can
             cause significant resource consuption on the  PDC,  as  it  must
             maintain  an  active  connection  for the duration of the user's
             session. Furthermore, if this connection is lost,  there  is  no
             way  to  reestablish  it, and futher authenticaions to the Samba
             server may fail. (From a single client, till it disconnects).


             N�No�ot�te�e
             From the client's point of view s�se�ec�cu�ur�ri�it�ty�y =�= s�se�er�rv�ve�er�r is the same as
             s�se�ec�cu�ur�ri�it�ty�y  =�=  u�us�se�er�r. It only affects how the server deals with the
             authentication, it does not in any way affect  what  the  client
             sees.
      N�No�ot�te�e  that  the name of the resource being requested is n�no�ot�t sent to the
      server until  after  the  server  has  successfully  authenticated  the
      client.  This  is  why  guest  shares don't work in user level security
      without allowing the server to automatically map unknown users into the
      _�g_�u_�e_�s_�t  _�a_�c_�c_�o_�u_�n_�t.  See  the  _�m_�a_�p  _�t_�o _�g_�u_�e_�s_�t parameter for details on doing
      this.
      See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
      See also the _�p_�a_�s_�s_�w_�o_�r_�d _�s_�e_�r_�v_�e_�r  parameter  and  the  _�e_�n_�c_�r_�y_�p_�t_�e_�d  _�p_�a_�s_�s_�w_�o_�r_�d_�s
      parameter.
      S�SE�EC�CU�UR�RI�IT�TY�Y =�= A�AD�DS�S
      In  this  mode,  Samba  will act as a domain member in an ADS realm. To
      operate in this mode, the machine running Samba will need to have  Ker-
      beros  installed and configured and Samba will need to be joined to the
      ADS realm using the net utility.
      Note that this mode does NOT make Samba operate as a  Active  Directory
      Domain Controller.
      Read the chapter about Domain Membership in the HOWTO for details.
      Default: _�s_�e_�c_�u_�r_�i_�t_�y = USER
      Example: _�s_�e_�c_�u_�r_�i_�t_�y = DOMAIN


      security mask (S)
             This  parameter  controls what UNIX permission bits can be modi-
             fied when a Windows NT client is manipulating the  UNIX  permis-
             sion on a file using the native NT security dialog box.
             This parameter is applied as a mask (AND'ed with) to the changed
             permission bits, thus preventing any bits not in this mask  from
             being  modified.  Essentially,  zero  bits  in  this mask may be
             treated as a set of bits the user is not allowed to change.
             If not set explicitly this parameter is 0777, allowing a user to
             modify all the user/group/world permissions on a file.
             N�No�ot�te�e  that  users  who can access the Samba server through other
             means can easily bypass this restriction,  so  it  is  primarily
             useful  for  standalone  "appliance"  systems. Administrators of
             most normal systems will probably want to leave it set to  0�07�77�77�7.
             Default: _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0777
             Example: _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0770


      server schannel (G)
             This  controls whether the server offers or even demands the use
             of the netlogon schannel. _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l _�= _�n_�o  does  not  offer
             the  schannel,  _�s_�e_�r_�v_�e_�r  _�s_�c_�h_�a_�n_�n_�e_�l  _�= _�a_�u_�t_�o offers the schannel but
             does not enforce it, and _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l _�= _�y_�e_�s denies access  if
             the  client is not able to speak netlogon schannel. This is only
             the case for Windows NT4 before SP4.
             Please note that with this set to _�n_�o you will have to apply  the
             WindowsXP   requireSignOrSeal-Registry   patch   found   in  the
             docs/Registry subdirectory.
             Default: _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l = auto
             Example: _�s_�e_�r_�v_�e_�r _�s_�c_�h_�a_�n_�n_�e_�l = yes


      server signing (G)
             This controls whether the server offers or requires  the  client
             it talks to to use SMB signing. Possible values are a�au�ut�to�o, m�ma�an�nd�da�a-�-
             t�to�or�ry�y and d�di�is�sa�ab�bl�le�ed�d.
             When set to auto, SMB signing is offered, but not enforced. When
             set  to  mandatory,  SMB  signing is required and if set to dis-
             abled, SMB signing is not offered either.
             Default: _�s_�e_�r_�v_�e_�r _�s_�i_�g_�n_�i_�n_�g = Disabled


      server string (G)
             This controls what string will show up in  the  printer  comment
             box in print manager and next to the IPC connection in n�ne�et�t v�vi�ie�ew�w.
             It can be any string that you wish to show to your users.
             It also sets what will  appear  in  browse  lists  next  to  the
             machine name.
             A _�%_�v will be replaced with the Samba version number.
             A _�%_�h will be replaced with the hostname.
             Default: _�s_�e_�r_�v_�e_�r _�s_�t_�r_�i_�n_�g = Samba %v
             Example: _�s_�e_�r_�v_�e_�r _�s_�t_�r_�i_�n_�g = University of GNUs Samba Server


      set directory (S)
             If s�se�et�t d�di�ir�re�ec�ct�to�or�ry�y =�= n�no�o, then users of the service may not use the
             setdir command to change directory.
             The s�se�et�td�di�ir�r command is only implemented in the Digital  Pathworks
             client. See the Pathworks documentation for details.
             Default: _�s_�e_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = no


      set primary group script (G)
             Thanks to the Posix subsystem in NT a Windows User has a primary
             group in addition to the auxiliary groups. This script sets  the
             primary  group in the unix userdatase when an administrator sets
             the primary group from the windows user manager or when fetching
             a  SAM  with  n�ne�et�t r�rp�pc�c v�va�am�mp�pi�ir�re�e. _�%_�u will be replaced with the user
             whose primary group is to be set._�%_�g will be  replaced  with  the
             group to set.
             Default: _�s_�e_�t _�p_�r_�i_�m_�a_�r_�y _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t =
             Example:  _�s_�e_�t  _�p_�r_�i_�m_�a_�r_�y  _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t = /usr/sbin/usermod -g '%g'
             '%u'


      set quota command (G)
             The s�se�et�t q�qu�uo�ot�ta�a c�co�om�mm�ma�an�nd�d should only be used whenever there  is  no
             operating system API available from the OS that samba can use.
             This  option  is only available if Samba was configured with the
             argument  -�--�-w�wi�it�th�h-�-s�sy�ys�s-�-q�qu�uo�ot�ta�as�s  or  on   linux   when   .�./�/c�co�on�nf�fi�ig�gu�ur�re�e
             -�--�-w�wi�it�th�h-�-q�qu�uo�ot�ta�as�s  was used and a working quota api was found in the
             system. Most packages are configured with these options already.
             This  parameter should specify the path to a script that can set
             quota for the specified arguments.
             The specified script should take the following arguments:


             ·  1 - quota type


                ·  1 - user quotas
                ·  2 - user default quotas (uid = -1)
                ·  3 - group quotas
                ·  4 - group default quotas (gid = -1)


             ·  2 - id (uid for user, gid for group, -1 if N/A)
             ·  3 - quota state (0 = disable, 1 =  enable,  2  =  enable  and
                enforce)
             ·  4 - block softlimit
             ·  5 - block hardlimit
             ·  6 - inode softlimit
             ·  7 - inode hardlimit
             ·  8(optional) - block size, defaults to 1024
      The  script  should  output  at  least one line of data on success. And
      nothing on failure.
      Default: _�s_�e_�t _�q_�u_�o_�t_�a _�c_�o_�m_�m_�a_�n_�d =
      Example: _�s_�e_�t _�q_�u_�o_�t_�a _�c_�o_�m_�m_�a_�n_�d = /usr/local/sbin/set_quota


      share modes (S)
             This enables or disables the honoring of the _�s_�h_�a_�r_�e _�m_�o_�d_�e_�s  during
             a  file  open. These modes are used by clients to gain exclusive
             read or write access to a file.
             These open modes are not directly supported by UNIX, so they are
             simulated  using  shared  memory,  or  lock  files  if your UNIX
             doesn't support shared memory (almost all do).
             The share modes that are enabled  by  this  option  areD�DE�EN�NY�Y_�_D�DO�OS�S,
             D�DE�EN�NY�Y_�_A�AL�LL�L,D�DE�EN�NY�Y_�_R�RE�EA�AD�D, D�DE�EN�NY�Y_�_W�WR�RI�IT�TE�E,D�DE�EN�NY�Y_�_N�NO�ON�NE�E and D�DE�EN�NY�Y_�_F�FC�CB�B.
             This  option  gives  full  share  compatibility  and  enabled by
             default.
             You should N�NE�EV�VE�ER�R turn this parameter off as many Windows  appli-
             cations will break if you do so.
             Default: _�s_�h_�a_�r_�e _�m_�o_�d_�e_�s = yes


      short preserve case (S)
             This  boolean  parameter  controls if new files which conform to
             8.3 syntax, that is all in upper case and  of  suitable  length,
             are  created upper case, or if they are forced to be the _�d_�e_�f_�a_�u_�l_�t
             _�c_�a_�s_�e . This option can be use with p�pr�re�es�se�er�rv�ve�e c�ca�as�se�e =�= y�ye�es�s to permit
             long  filenames to retain their case, while short names are low-
             ered.
             See the section on NAME MANGLING.
             Default: _�s_�h_�o_�r_�t _�p_�r_�e_�s_�e_�r_�v_�e _�c_�a_�s_�e = yes


      show add printer wizard (G)
             With the introduction of MS-RPC based printing support for  Win-
             dows  NT/2000  client  in Samba 2.2, a "Printers..." folder will
             appear on Samba hosts in the share listing. Normally this folder
             will  contain  an icon for the MS Add Printer Wizard (APW). How-
             ever, it is possible to disable this feature regardless  of  the
             level of privilege of the connected user.
             Under normal circumstances, the Windows NT/2000 client will open
             a handle on the printer server with OpenPrinterEx()  asking  for
             Administrator  privileges. If the user does not have administra-
             tive access on the print server (i.e is not root or a member  of
             the _�p_�r_�i_�n_�t_�e_�r _�a_�d_�m_�i_�n group), the OpenPrinterEx() call fails and the
             client makes another open call with a request for a lower privi-
             lege  level.  This should succeed, however the APW icon will not
             be displayed.
             Disabling the _�s_�h_�o_�w _�a_�d_�d  _�p_�r_�i_�n_�t_�e_�r  _�w_�i_�z_�a_�r_�d  parameter  will  always
             cause  the  OpenPrinterEx()  on the server to fail. Thus the APW
             icon will never be displayed.


             N�No�ot�te�e
             This does not prevent the same user from  having  administrative
             privilege on an individual printer.
      Default: _�s_�h_�o_�w _�a_�d_�d _�p_�r_�i_�n_�t_�e_�r _�w_�i_�z_�a_�r_�d = yes


      shutdown script (G)
             T�Th�hi�is�s  p�pa�ar�ra�am�me�et�te�er�r  o�on�nl�ly�y  e�ex�xi�is�st�ts�s i�in�n t�th�he�e H�HE�EA�AD�D c�cv�vs�s b�br�ra�an�nc�ch�h This a full
             path name to a script called by  s�sm�mb�bd�d(8)  that  should  start  a
             shutdown procedure.
             This command will be run as the user connected to the server.
             %m %t %r %f parameters are expanded:


             ·  _�%_�m  will be substituted with the shutdown message sent to the
                server.
             ·  _�%_�t will be substituted with the number  of  seconds  to  wait
                before effectively starting the shutdown procedure.
             ·  _�%_�r  will  be  substituted with the switch -�-r�r. It means reboot
                after shutdown for NT.
             ·  _�%_�f will be substituted with the switch -�-f�f. It means force the
                shutdown even if applications do not respond for NT.
      Shutdown script example:
      #!/bin/bash
      $time=0
      let "time/60"
      let "time++"
      /sbin/shutdown $3 $4 +$time $1 &
       Shutdown does not return so we need to launch it in background.
      Default: _�s_�h_�u_�t_�d_�o_�w_�n _�s_�c_�r_�i_�p_�t =
      Example: _�s_�h_�u_�t_�d_�o_�w_�n _�s_�c_�r_�i_�p_�t = /usr/local/samba/sbin/shutdown %m %t %r %f


      smb passwd file (G)
             This  option  sets  the path to the encrypted smbpasswd file. By
             default the path to the smbpasswd file is compiled into Samba.
             Default: _�s_�m_�b _�p_�a_�s_�s_�w_�d _�f_�i_�l_�e = ${prefix}/private/smbpasswd
             Example: _�s_�m_�b _�p_�a_�s_�s_�w_�d _�f_�i_�l_�e = /etc/samba/smbpasswd


      smb ports (G)
             Specifies which ports the server should listen on for SMB  traf-
             fic.
             Default: _�s_�m_�b _�p_�o_�r_�t_�s = 445 139


      socket address (G)
             This option allows you to control what address Samba will listen
             for connections on. This is used  to  support  multiple  virtual
             interfaces  on  the one server, each with a different configura-
             tion.
             By default Samba will accept connections on any address.
             Default: _�s_�o_�c_�k_�e_�t _�a_�d_�d_�r_�e_�s_�s =
             Example: _�s_�o_�c_�k_�e_�t _�a_�d_�d_�r_�e_�s_�s = 192.168.2.20


      socket options (G)
             This option allows you to set socket options  to  be  used  when
             talking with the client.
             Socket options are controls on the networking layer of the oper-
             ating systems which allow the connection to be tuned.
             This option will typically be used to tune your Samba server for
             optimal performance for your local network. There is no way that
             Samba can know what the optimal parameters are for your net,  so
             you  must  experiment and choose them yourself. We strongly sug-
             gest you read the appropriate documentation for  your  operating
             system first (perhaps m�ma�an�n s�se�et�ts�so�oc�ck�ko�op�pt�t will help).
             You may find that on some systems Samba will say "Unknown socket
             option" when you supply an option. This means you either  incor-
             rectly typed it or you need to add an include file to includes.h
             for your OS. If the latter is the case please send the patch  to
             samba-technical@samba.org.
             Any  of  the supported socket options may be combined in any way
             you like, as long as your OS allows it.
             This is the list of socket options currently settable using this
             option:


             ·  SO_KEEPALIVE
             ·  SO_REUSEADDR
             ·  SO_BROADCAST
             ·  TCP_NODELAY
             ·  IPTOS_LOWDELAY
             ·  IPTOS_THROUGHPUT
             ·  SO_SNDBUF *
             ·  SO_RCVBUF *
             ·  SO_SNDLOWAT *
             ·  SO_RCVLOWAT *
      Those  marked  with  a  '�'*�*'�'  take  an  integer argument. The others can
      optionally take a 1 or 0 argument to enable or disable the  option,  by
      default they will be enabled if you don't specify 1 or 0.
      To  specify  an argument use the syntax SOME_OPTION = VALUE for example
      S�SO�O_�_S�SN�ND�DB�BU�UF�F =�= 8�81�19�92�2. Note that you must not  have  any  spaces  before  or
      after the = sign.
      If you are on a local network then a sensible option might be:
      s�so�oc�ck�ke�et�t o�op�pt�ti�io�on�ns�s =�= I�IP�PT�TO�OS�S_�_L�LO�OW�WD�DE�EL�LA�AY�Y
      If you have a local network then you could try:
      s�so�oc�ck�ke�et�t o�op�pt�ti�io�on�ns�s =�= I�IP�PT�TO�OS�S_�_L�LO�OW�WD�DE�EL�LA�AY�Y T�TC�CP�P_�_N�NO�OD�DE�EL�LA�AY�Y
      If   you   are  on  a  wide  area  network  then  perhaps  try  setting
      IPTOS_THROUGHPUT.
      Note that several of the options may cause your Samba  server  to  fail
      completely. Use these options with caution!
      Default: _�s_�o_�c_�k_�e_�t _�o_�p_�t_�i_�o_�n_�s = TCP_NODELAY
      Example: _�s_�o_�c_�k_�e_�t _�o_�p_�t_�i_�o_�n_�s = IPTOS_LOWDELAY


      stat cache (G)
             This  parameter  determines if s�sm�mb�bd�d(8) will use a cache in order
             to speed up case insensitive name  mappings.  You  should  never
             need to change this parameter.
             Default: _�s_�t_�a_�t _�c_�a_�c_�h_�e = yes


      store dos attributes (S)
             If  this  parameter  is  set Samba no longer attempts to map DOS
             attributes like SYSTEM, HIDDEN, ARCHIVE  or  READ-ONLY  to  UNIX
             permission bits (such as the _�m_�a_�p _�h_�i_�d_�d_�e_�n. Instead, DOS attributes
             will be stored onto an extended attribute in the  UNIX  filesys-
             tem,  associated with the file or directory. For this to operate
             correctly, the parameters _�m_�a_�p _�h_�i_�d_�d_�e_�n, _�m_�a_�p  _�s_�y_�s_�t_�e_�m,  _�m_�a_�p  _�a_�r_�c_�h_�i_�v_�e
             must  be set to off. This parameter writes the DOS attributes as
             a string into the  extended  attribute  named  "user.DOSATTRIB".
             This  extended  attribute is explicitly hidden from smbd clients
             requesting an EA list. On Linux the filesystem  must  have  been
             mounted  with  the mount option user_xattr in order for extended
             attributes to work, also extended attributes  must  be  compiled
             into the Linux kernel.
             Default: _�s_�t_�o_�r_�e _�d_�o_�s _�a_�t_�t_�r_�i_�b_�u_�t_�e_�s = no


      strict allocate (S)
             This is a boolean that controls the handling of disk space allo-
             cation in the server. When this is set to y�ye�es�s  the  server  will
             change  from  UNIX behaviour of not committing real disk storage
             blocks when a file is extended to the Windows behaviour of actu-
             ally  forcing  the  disk  system to allocate real storage blocks
             when a file is created or extended to be a given size.  In  UNIX
             terminology  this  means  that  Samba  will stop creating sparse
             files. This can be slow on some systems.
             When strict allocate is n�no�o the server  does  sparse  disk  block
             allocation when a file is extended.
             Setting  this to y�ye�es�s can help Samba return out of quota messages
             on systems that are restricting the disk quota of users.
             Default: _�s_�t_�r_�i_�c_�t _�a_�l_�l_�o_�c_�a_�t_�e = no


      strict locking (S)
             This is a boolean that controls the handling of file locking  in
             the server. When this is set to y�ye�es�s, the server will check every
             read and write access for file locks, and deny access  if  locks
             exist. This can be slow on some systems.
             When  strict  locking is disabled, the server performs file lock
             checks only when the client explicitly asks for them.
             Well-behaved clients always ask  for  lock  checks  when  it  is
             important. So in the vast majority of cases, s�st�tr�ri�ic�ct�t l�lo�oc�ck�ki�in�ng�g =�= n�no�o
             is preferable.
             Default: _�s_�t_�r_�i_�c_�t _�l_�o_�c_�k_�i_�n_�g = no


      strict sync (S)
             Many Windows applications (including  the  Windows  98  explorer
             shell)  seem  to  confuse  flushing buffer contents to disk with
             doing a sync to disk. Under UNIX, a sync call forces the process
             to  be suspended until the kernel has ensured that all outstand-
             ing data in kernel disk buffers has been safely stored onto sta-
             ble  storage.  This is very slow and should only be done rarely.
             Setting this parameter to n�no�o (the default)  means  that  s�sm�mb�bd�d(8)
             ignores the Windows applications requests for a sync call. There
             is only a possibility of losing data  if  the  operating  system
             itself that Samba is running on crashes, so there is little dan-
             ger in this default setting. In addition, this fixes  many  per-
             formance  problems  that  people have reported with the new Win-
             dows98 explorer shell file copies.
             Default: _�s_�t_�r_�i_�c_�t _�s_�y_�n_�c = no


      sync always (S)
             This is a boolean parameter that controls  whether  writes  will
             always  be  written  to  stable  storage  before  the write call
             returns. If this is n�no�o then the server will  be  guided  by  the
             client's request in each write call (clients can set a bit indi-
             cating that a particular write should be synchronous).  If  this
             is  y�ye�es�s  then every write will be followed by a f�fs�sy�yn�nc�c(�()�)  call to
             ensure the data is written to disk. Note that  the  _�s_�t_�r_�i_�c_�t  _�s_�y_�n_�c
             parameter must be set to y�ye�es�s in order for this parameter to have
             any affect.
             Default: _�s_�y_�n_�c _�a_�l_�w_�a_�y_�s = no


      syslog (G)
             This parameter maps how Samba debug messages are logged onto the
             system  syslog  logging levels. Samba debug level zero maps onto
             syslog L�LO�OG�G_�_E�ER�RR�R, debug level one  maps  onto  L�LO�OG�G_�_W�WA�AR�RN�NI�IN�NG�G,  debug
             level  two  maps  onto  L�LO�OG�G_�_N�NO�OT�TI�IC�CE�E,  debug level three maps onto
             LOG_INFO. All higher levels are mapped to  L�LO�OG�G_�_D�DE�EB�BU�UG�G.
             This parameter sets the threshold for sending messages  to  sys-
             log. Only messages with debug level less than this value will be
             sent to syslog.
             Default: _�s_�y_�s_�l_�o_�g = 1


      syslog only (G)
             If this parameter is set then Samba debug  messages  are  logged
             into the system syslog only, and not to the debug log files.
             Default: _�s_�y_�s_�l_�o_�g _�o_�n_�l_�y = no