from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< smb.conf‎ | manpage‎ | 2006‎ | parameters
Jump to: navigation, search
      unix charset (G)
             Specifies the charset the unix machine Samba runs on uses. Samba
             needs to know this in order to be able to convert  text  to  the
             charsets other SMB clients use.
             This  is  also  the charset Samba will use when specifying argu-
             ments to scripts that it invokes.
             Default: _�u_�n_�i_�x _�c_�h_�a_�r_�s_�e_�t = UTF8
             Example: _�u_�n_�i_�x _�c_�h_�a_�r_�s_�e_�t = ASCII

      unix extensions (G)
             This boolean parameter controls whether Samba implments the CIFS
             UNIX extensions, as defined by HP. These extensions enable Samba
             to better serve UNIX CIFS clients by supporting features such as
             symbolic  links,  hard  links, etc... These extensions require a
             similarly enabled client, and are of no current use  to  Windows
             Default: _�u_�n_�i_�x _�e_�x_�t_�e_�n_�s_�i_�o_�n_�s = yes

      unix password sync (G)
             This  boolean  parameter controls whether Samba attempts to syn-
             chronize the UNIX  password  with  the  SMB  password  when  the
             encrypted SMB password in the smbpasswd file is changed. If this
             is set to y�ye�es�s the program specified in the _�p_�a_�s_�s_�w_�d _�p_�r_�o_�g_�r_�a_�mparame-
             ter is called A�AS�S R�RO�OO�OT�T - to allow the new UNIX password to be set
             without access to the old UNIX password  (as  the  SMB  password
             change  code  has  no access to the old password cleartext, only
             the new).
             Default: _�u_�n_�i_�x _�p_�a_�s_�s_�w_�o_�r_�d _�s_�y_�n_�c = no

      update encrypted (G)
             This boolean parameter allows a user logging on with a plaintext
             password  to  have their encrypted (hashed) password in the smb-
             passwd file to be updated automatically as  they  log  on.  This
             option  allows a site to migrate from plaintext password authen-
             tication (users authenticate with plaintext  password  over  the
             wire,  and  are  checked  against  a  UNIX  account database) to
             encrypted password authentication  (the  SMB  challenge/response
             authentication  mechanism) without forcing all users to re-enter
             their passwords via smbpasswd at the time the  change  is  made.
             This  is  a  convenience  option  to  allow  the  change over to
             encrypted passwords to be made over a longer  period.  Once  all
             users  have  encrypted representations of their passwords in the
             smbpasswd file this parameter should be set to n�no�o.
             In order for this parameter to work correctly the _�e_�n_�c_�r_�y_�p_�t  _�p_�a_�s_�s_�-
             _�w_�o_�r_�d_�s  parameter must be set to n�no�o when this parameter is set to
             Note that even when this parameter is set a user  authenticating
             to  s�sm�mb�bd�d  must  still enter a valid password in order to connect
             correctly, and to update their hashed (smbpasswd) passwords.
             Default: _�u_�p_�d_�a_�t_�e _�e_�n_�c_�r_�y_�p_�t_�e_�d = no

      use client driver (S)
             This parameter applies only to Windows NT/2000 clients.  It  has
             no effect on Windows 95/98/ME clients. When serving a printer to
             Windows NT/2000 clients without first installing a valid printer
             driver on the Samba host, the client will be required to install
             a local printer driver. From this  point  on,  the  client  will
             treat  the  print  as  a local printer and not a network printer
             connection. This is much the same behavior that will occur  when
             d�di�is�sa�ab�bl�le�e s�sp�po�oo�ol�ls�ss�s =�= y�ye�es�s.
             The  differentiating  factor is that under normal circumstances,
             the NT/2000 client will attempt  to  open  the  network  printer
             using  MS-RPC.  The problem is that because the client considers
             the printer to be local, it will attempt to issue the OpenPrint-
             erEx()  call requesting access rights associated with the logged
             on user. If the user possesses local administator rights but not
             root  privilegde  on  the Samba host (often the case), the Open-
             PrinterEx() call will fail. The result is that the  client  will
             now display an "Access Denied; Unable to connect" message in the
             printer queue window  (even  though  jobs  may  successfully  be
             If  this parameter is enabled for a printer, then any attempt to
             open the printer with  the  PRINTER_ACCESS_ADMINISTER  right  is
             mapped  to  PRINTER_ACCESS_USE  instead. Thus allowing the Open-
             PrinterEx() call to succeed. T�Th�hi�is�s p�pa�ar�ra�am�me�et�te�er�r  M�MU�US�ST�T  n�no�ot�t  b�be�e  a�ab�bl�le�e
             e�en�na�ab�bl�le�ed�d  o�on�n a�a p�pr�ri�in�nt�t s�sh�ha�ar�re�e w�wh�hi�ic�ch�h h�ha�as�s v�va�al�li�id�d p�pr�ri�in�nt�t d�dr�ri�iv�ve�er�r i�in�ns�st�ta�al�ll�le�ed�d
             o�on�n t�th�he�e S�Sa�am�mb�ba�a s�se�er�rv�ve�er�r.�.
             Default: _�u_�s_�e _�c_�l_�i_�e_�n_�t _�d_�r_�i_�v_�e_�r = no

      use kerberos keytab (G)
             Specifies whether Samba should attempt to maintain service prin-
             cipals in the systems keytab file for h�ho�os�st�t/�/F�FQ�QD�DN�N and c�ci�if�fs�s/�/F�FQ�QD�DN�N.
             When you are using the heimdal Kerberos libraries, you must also
             specify the following in _�/_�e_�t_�c_�/_�k_�r_�b_�5_�._�c_�o_�n_�f:

               default_keytab_name = FILE:/etc/krb5.keytab
             Default: _�u_�s_�e _�k_�e_�r_�b_�e_�r_�o_�s _�k_�e_�y_�t_�a_�b = False

      use mmap (G)
             This global parameter determines if the tdb internals  of  Samba
             can  depend  on  mmap  working  correctly on the running system.
             Samba requires a coherent mmap/read-write system  memory  cache.
             Currently  only HPUX does not have such a coherent cache, and so
             this parameter is set to n�no�o by default on  HPUX.  On  all  other
             systems  this  parameter should be left alone. This parameter is
             provided to help the Samba developers track down  problems  with
             the tdb internal code.
             Default: _�u_�s_�e _�m_�m_�a_�p = yes

      user   This parameter is a synonym for username.

      users  This parameter is a synonym for username.

      username (S)
             Multiple  users  may  be specified in a comma-delimited list, in
             which case the supplied password will  be  tested  against  each
             username in turn (left to right).
             The _�u_�s_�e_�r_�n_�a_�m_�e line is needed only when the PC is unable to supply
             its own username. This is the case for the COREPLUS protocol  or
             where  your  users  have  different WfWg usernames to UNIX user-
             names. In both these cases you may  also  be  better  using  the
             \\server\share%user syntax instead.
             The  _�u_�s_�e_�r_�n_�a_�m_�e  line  is not a great solution in many cases as it
             means Samba will try to validate the supplied  password  against
             each of the usernames in the _�u_�s_�e_�r_�n_�a_�m_�e line in turn. This is slow
             and a bad idea for lots of users in case of duplicate passwords.
             You  may  get timeouts or security breaches using this parameter
             Samba relies on the underlying  UNIX  security.  This  parameter
             does  not  restrict  who  can login, it just offers hints to the
             Samba server as to what usernames might correspond to  the  sup-
             plied  password. Users can login as whoever they please and they
             will be able to do no more damage than if they started a  telnet
             session.  The  daemon  runs  as the user that they log in as, so
             they cannot do anything that user cannot do.
             To restrict a service to a particular set of users you  can  use
             the _�v_�a_�l_�i_�d _�u_�s_�e_�r_�s  parameter.
             If  any  of the usernames begin with a '@' then the name will be
             looked up first in the NIS netgroups list (if Samba is  compiled
             with  netgroup support), followed by a lookup in the UNIX groups
             database and will expand to a list of all users in the group  of
             that name.
             If  any  of the usernames begin with a '+' then the name will be
             looked up only in the UNIX groups database and will expand to  a
             list of all users in the group of that name.
             If  any  of the usernames begin with a '&' then the name will be
             looked up only in the NIS netgroups database (if Samba  is  com-
             piled  with  netgroup  support) and will expand to a list of all
             users in the netgroup group of that name.
             Note that searching though a groups database can take quite some
             time, and some clients may time out during the search.
             See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION for more
             information on how this parameter determines access to the  ser-
             Default: _�u_�s_�e_�r_�n_�a_�m_�e = # The guest account if a guest service, else
             <empty string>.
             Example: _�u_�s_�e_�r_�n_�a_�m_�e = fred, mary, jack, jane, @users, @pcgroup

      username level (G)
             This option helps Samba to try and  'guess'  at  the  real  UNIX
             username, as many DOS clients send an all-uppercase username. By
             default Samba tries all lowercase, followed by the username with
             the  first  letter capitalized, and fails if the username is not
             found on the UNIX machine.
             If this parameter is set to non-zero the behavior changes.  This
             parameter  is  a  number  that specifies the number of uppercase
             combinations to try while trying  to  determine  the  UNIX  user
             name. The higher the number the more combinations will be tried,
             but the slower the discovery of  usernames  will  be.  Use  this
             parameter  when you have strange usernames on your UNIX machine,
             such as A�As�st�tr�ra�an�ng�ge�eU�Us�se�er�r .
             This parameter is needed only on UNIX  systems  that  have  case
             sensitive usernames.
             Default: _�u_�s_�e_�r_�n_�a_�m_�e _�l_�e_�v_�e_�l = 0
             Example: _�u_�s_�e_�r_�n_�a_�m_�e _�l_�e_�v_�e_�l = 5

      username map (G)
             This option allows you to specify a file containing a mapping of
             usernames from the clients to the server. This can be  used  for
             several purposes. The most common is to map usernames that users
             use on DOS or Windows machines to those that the UNIX box  uses.
             The  other is to map multiple users to a single username so that
             they can more easily share files.
             The map file is parsed line by line. Each line should contain  a
             single  UNIX  username on the left then a '=' followed by a list
             of usernames on the right. The list of usernames  on  the  right
             may  contain  names  of  the form @group in which case they will
             match any UNIX username in that group. The special  client  name
             '*'  is  a  wildcard  and matches any name. Each line of the map
             file may be up to 1023 characters long.
             The file is processed on each line by taking the supplied  user-
             name  and comparing it with each username on the right hand side
             of the '=' signs. If the supplied name matches any of the  names
             on  the right hand side then it is replaced with the name on the
             left. Processing then continues with the next line.
             If any line begins with a '#' or a ';' then it is ignored
             If any line begins with an '!' then  the  processing  will  stop
             after  that  line  if  a mapping was done by the line. Otherwise
             mapping continues with every line being processed. Using '!'  is
             most  useful  when you have a wildcard mapping line later in the
             For example to map from the name a�ad�dm�mi�in�n or a�ad�dm�mi�in�ni�is�st�tr�ra�at�to�or�r  to  the
             UNIX name  r�ro�oo�ot�t you would use:
             r�ro�oo�ot�t =�= a�ad�dm�mi�in�n a�ad�dm�mi�in�ni�is�st�tr�ra�at�to�or�r
             Or  to  map anyone in the UNIX group s�sy�ys�st�te�em�m to the UNIX name s�sy�ys�s
             you would use:
             s�sy�ys�s =�= @�@s�sy�ys�st�te�em�m
             You can have as many mappings as you  like  in  a  username  map
             If  your  system  supports the NIS NETGROUP option then the net-
             group database is checked before the  _�/_�e_�t_�c_�/_�g_�r_�o_�u_�p   database  for
             matching groups.
             You  can map Windows usernames that have spaces in them by using
             double quotes around the name. For example:
             t�tr�ri�id�dg�ge�e =�= "�"A�An�nd�dr�re�ew�w T�Tr�ri�id�dg�ge�el�ll�l"�"
             would map the windows username "Andrew  Tridgell"  to  the  unix
             username "tridge".
             The  following  example would map mary and fred to the unix user
             sys, and map the rest to guest. Note the use of the '!' to  tell
             Samba to stop processing if it gets a match on that line.

             !sys = mary fred
             guest = *

             Note  that  the remapping is applied to all occurrences of user-
             names. Thus  if  you  connect  to  \\server\fred  and   f�fr�re�ed�d  is
             remapped  to  m�ma�ar�ry�y  then  you  will  actually  be  connecting to
             \\server\mary and will need to supply a  password  suitable  for
             m�ma�ar�ry�y not f�fr�re�ed�d. The only exception to this is the username passed
             to the  _�p_�a_�s_�s_�w_�o_�r_�d _�s_�e_�r_�v_�e_�r (if you have one). The  password  server
             will receive whatever username the client supplies without modi-
             Also note that no reverse mapping is done. The main effect  this
             has  is with printing. Users who have been mapped may have trou-
             ble deleting print jobs as PrintManager under  WfWg  will  think
             they don't own the print job.
             Samba  versions  prior  to  3.0.8 would only support reading the
             fully qualified username (e.g.: DOMAIN\user) from  the  username
             map  when  performing  a  kerberos login from a client. However,
             when looking  up  a  map  entry  for  a  user  authenticated  by
             NTLM[SSP],  only  the login name would be used for matches. This
             resulted in inconsistent behavior sometimes  even  on  the  same
             The  following  functionality  is  obeyed  in  version 3.0.8 and
             When  performing  local  authentication,  the  username  map  is
             applied  to the login name before attempting to authenticate the
             When relying upon a external domain  controller  for  validating
             authentication requests, smbd will apply the username map to the
             fully qualified username (i.e. DOMAIN\user) only after the  user
             has been successfully authenticated.
             Default: _�u_�s_�e_�r_�n_�a_�m_�e _�m_�a_�p = # no username map
             Example: _�u_�s_�e_�r_�n_�a_�m_�e _�m_�a_�p = /usr/local/samba/lib/

      use sendfile (S)
             If this parameter is y�ye�es�s, and the s�se�en�nd�df�fi�il�le�e(�()�) system call is sup-
             ported by the underlying operating system, then  some  SMB  read
             calls  (mainly ReadAndX and ReadRaw) will use the more efficient
             sendfile system call for files that  are  exclusively  oplocked.
             This  may  make more efficient use of the system CPU's and cause
             Samba to be faster.  Samba  automatically  turns  this  off  for
             clients  that use protocol levels lower than NT LM 0.12 and when
             it detects a client is Windows 9x  (using  sendfile  from  Linux
             will cause these clients to fail).
             Default: _�u_�s_�e _�s_�e_�n_�d_�f_�i_�l_�e = yes

      use spnego (G)
             This  variable  controls  controls whether samba will try to use
             Simple and Protected NEGOciation (as specified by rfc2478)  with
             WindowsXP  and  Windows2000 clients to agree upon an authentica-
             tion mechanism.
             Unless further issues are discovered with our SPNEGO implementa-
             tion, there is no reason this should ever be disabled.
             Default: _�u_�s_�e _�s_�p_�n_�e_�g_�o = yes

      utmp (G)
             This  boolean parameter is only available if Samba has been con-
             figured and compiled with the option  -�--�-w�wi�it�th�h-�-u�ut�tm�mp�p. If set to y�ye�es�s
             then  Samba will attempt to add utmp or utmpx records (depending
             on the UNIX system) whenever a connection is  made  to  a  Samba
             server.  Sites  may  use this to record the user connecting to a
             Samba share.
             Due to the requirements of the utmp record, we are  required  to
             create  a unique identifier for the incoming user. Enabling this
             option creates an n^2 algorithm to find this  number.  This  may
             impede performance on large installations.
             Default: _�u_�t_�m_�p = no

      utmp directory (G)
             This  parameter  is  only available if Samba has been configured
             and compiled with the option  -�--�-w�wi�it�th�h-�-u�ut�tm�mp�p. It specifies a direc-
             tory  pathname  that  is  used  to store the utmp or utmpx files
             (depending on the UNIX system) that record user connections to a
             Samba  server.  By  default  this is not set, meaning the system
             will use whatever utmp file the native  system  is  set  to  use
             (usually_�/_�v_�a_�r_�/_�r_�u_�n_�/_�u_�t_�m_�p on Linux).
             Default: _�u_�t_�m_�p _�d_�i_�r_�e_�c_�t_�o_�r_�y = # Determined automatically
             Example: _�u_�t_�m_�p _�d_�i_�r_�e_�c_�t_�o_�r_�y = /var/run/utmp