The first section of this appendix lists each option that can be used in a Samba configuration file, which is usually named smb.conf. Most configuration files contain a global section of options that apply to all services (shares) and a separate section for various individual shares. If an option applies only to the global section, [global] appears to the right of its name in the following reference section.
Except where noted, when specifying elements of a list, the elements can be separated by spaces, tabs, commas, semicolons, escaped newlines, or escaped carriage returns.
Following this reference section is a glossary of value types, and a list of variables Samba recognizes.
abort shutdown script = command | [global] |
add printer command = command | [global] |
Specifies a command that creates a new printer on the system hosting the Samba server. This command runs as root when the Windows NT/2000/XP Add Printer Wizard is run. The command will be passed a printer name, share name, port name, driver name, Windows NT/2000/XP driver location, and Windows 95/98/Me driver location, in that order. It will need to add the printer to the system and a share definition for the printer to smb.conf. See also add printer wizard, printing, and show add printer wizard.
add machine script = command | [global] |
Specifies a command that adds a computer to the Samba server's domain. New in Samba 3.0.
add share command = command | [global] |
Specifies a command that creates a new share on the Samba server. This command runs as root when a share is created using the Windows NT/2000/XP Server Manager. The client user must be logged on as the root user. The command will be passed the name of the Samba configuration file, the name of the share to be created, the full pathname of a directory on the Samba server (which must already exist), and a string to use as a comment for the share, in that order. The command must add a share definition for the share to smb.conf. See also add printer command, for adding a print share.
add user script = command | [global] |
Specifies a command that creates a new user on the system hosting the Samba server. This command runs as root when access to a Samba share is attempted by a Windows user who does not have an account on the hosting system, but does have an account maintained by a primary domain controller on a different system. The command should accept the name of the user as a single argument that matches the behavior of typical adduser commands. Samba honors the %u value (username) as the argument to the command. Requires security = server or security = domain. See also delete user script.
ads server = value | [global] |
Allowable values: DNS hostname or IP address
Specifies the Active Directory server, used by Samba 3.0 for authenticating clients. Requires security = ads. New in Samba 3.0.
allow hosts = host list |
Allowable values: list of hosts or networks
Specifies systems that can connect to the share or shares. If NULL, any system can access the share unless there is a hosts deny option. Synonym for hosts allow.
allow trusted domains = boolean | [global] |
Allows access to users who lack accounts on the Samba server but have accounts in another, trusted domain. Requires security = server or security = domain.
announce version = value | [global] |
Allowable values: two numbers separated by a dot character
Instructs Samba to announce itself as a different version SMB server. Discouraged.
auth methods = list | [global] |
Allowable values: guest, sam, ntdomain
Specifies what methods Samba tries in turn to authenticate users. New in Samba 3.0.
auto services = service list | [global] |
Allowable values: service list
Specifies a list of shares that always appear in browse lists. Also called preload.
available = boolean |
If set to NO, denies access to a share. The share appears in the browse list, but attempts to access it will fail.
bind interfaces only = boolean | [global] |
If set to YES, shares and browsing are provided only on interfaces in an interfaces list (see interfaces). If you set this option to YES, be sure to add 127.0.0.1 to the interfaces list to allow smbpasswd to connect to the local system to change passwords. This is a convenience option; it does not improve security.
block size = number |
Sets the size of disk blocks as reported by smbd to the client. Obsolete starting with Samba 3.0.
blocking locks = boolean |
browse list = boolean | [global] |
If YES, serves the browse list to other systems on the network. Avoid changing.
case sensitive = boolean | [global] |
change share command = command | [global] |
Specifies a command that modifies a share definition on the Samba server. This command runs as root when a share is created using the Windows NT/2000/XP Server Manager. The client user must be logged on as the root user. The command is passed the name of the Samba configuration file, the name of the share to be modified, the full pathname of a directory on the Samba server (which must already exist), and a string to use as a comment for the share, in that order. The command modifies the share definition for the share in smb.conf. See also add share command and delete share command.
character set = name |
Allowable values: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R
If set, translates from DOS code pages to the Western European (ISO8859-1), Eastern European (ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian (KOI8-R) character set. The client code page option must be set to 850. Obsolete starting with Samba 3.0.
client code page = name |
Allowable values: see Table 11-4 in Chapter 11
Default: 850 (MS-DOS Latin 1)
Sets the DOS code page explicitly, overriding any previous valid chars settings. Examples of values are 850 for Western European, 437 for the U.S. standard, and 932 for Japanese Shift-JIS. Obsolete starting with Samba 3.0.
code page directory = directory | [global] |
Allowable values: full directory name
Default: /usr/local/samba/lib/codepages
Specifies the directory that stores code pages. Obsolete starting with Samba 3.0.
coding system = value | [global] |
Sets the coding system used, notably for Kanji. This is employed for filenames and should correspond to the code page in use. The client code page option must be set to 932 ( Japanese Shift-JIS). Obsolete starting with Samba 3.0.
comment = string |
config file = filename | [global] |
Selects a new Samba configuration file to read instead of the current one. Used to relocate the configuration file or used with % variables to select custom configuration files for some users or systems.
copy = section name |
Allowable values: existing section's name
Copies the configuration of an already defined share into the share in which this option appears. Used with % variables to select custom configurations for systems, architectures, and users. Each option specified or copied takes precedence over earlier specifications of the option.
create mask = value |
Allowable values: octal value from 0 to 0777
Sets the maximum allowable permissions for new files (e.g., 0755). See also directory mask. To require certain permissions to be set, see force create mask and force directory mask. Also called create mode.
csc policy = value |
Allowable values: manual, documents, programs, or disable
Sets the client-side caching policy, telling them how to cache files offline if they are capable of doing so.
deadtime = number | [global] |
Specifies the time in minutes before an unused connection will be terminated. Zero means never. Used to keep clients from tying up server resources for long periods of time. If used, clients must autoreconnect after the specified period of inactivity. See also keepalive.
debug hires timestamp = boolean | [global] |
Changes the timestamps in log entries from seconds to microseconds. Useful for measuring performance.
debug pid = boolean | [global] |
Adds the process ID of the Samba server to log lines, making it easier to debug a particular server. Requires debug timestamp = yes to work.
debug timestamp = boolean | [global] |
debug uid = boolean | [global] |
Adds the real and effective user ID and group ID of the user being served to the logs, making it easier to debug one particular user.
debuglevel = number | [global] |
default = service name | [global] |
default devmode = boolean |
Used with printer shares being accessed by Windows NT/2000/XP clients to set a default device mode for the printer. Can be problematic. Use with care.
delete printer command = command | [global] |
Specifies a command that removes a printer from the system hosting the Samba server and deletes its service definition from smb.conf. The command is passed a printer name as its only argument. See also add printer command, printing, and show add printer wizard.
delete readonly = boolean |
delete share command = command |
Specifies a command that deletes a share from the Samba server. The command runs when a user logged in as the root user on a Windows NT/2000/XP system deletes a share using Server Manager. The command is passed the name of the Samba configuration file and the name of the share to be deleted. The command must remove the definition of the share from the configuration file. See also add share command and change share command.
delete user script = command | [global] |
Allowable values: full path to script
Sets the command to run as root when a user connects who no longer has an account on the domain's PDC. Honors %u. Can be used to delete the user account automatically from the Samba server's host. Requires security = domain or security = user. Use with caution. See also add user script.
delete veto files = boolean |
If set to YES, allows delete requests for a directory containing files or subdirectories the user can't see due to the veto files option. If set to NO, the directory is not deleted and still contains invisible files.
deny hosts = host list |
Allowable values: hosts or networks
Specifies a list of systems from which to refuse connections. Also called hosts deny.
dfree command = command | [global] |
directory = directory |
Allowable values: Unix directory name
Sets the path to the directory provided by a file share or used by a printer share. If the option is omitted in the [homes] share, it is set automatically to the user's home directory; otherwise, it defaults to /tmp. For a printer share, the directory is used to spool printer files. Honors the %u (user) and %m (machine) variables. Synonym for path.
directory mask = value |
Allowable values: octal value from 0 to 0777
Sets the maximum allowable permissions for newly created directories. To require that certain permissions be set, see the force create mask and force directory mask options. Also called directory mode.
directory security mask = value |
Allowable values: octal value from 0 to 0777
disable spools = boolean | [global] |
dns proxy = boolean | [global] |
domain admin group = user list | [global] |
Allowable values: usernames and/or group names
Specifies users who are in the Domain Admins group and have domain administrator authority when Samba is the PDC. See also domain guest group and domain logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.
domain guest group = user/group list | [global] |
Allowable values: list of usernames and/or group names
Specifies users who are in the Domain Guest group when Samba is the PDC. See also domain admin group and domain logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.
domain logons = boolean | [global] |
domain master = boolean | [global] |
Makes Samba a domain master browser for its domain. When domain logons are enabled, domain master defaults to YES. Otherwise, it defaults to NO.
dos filemode = boolean |
Allows anyone with write permissions to change permissions on a file, as allowed by MS-DOS.
dos filetime resolution = boolean |
dos filetimes = boolean |
encrypt passwords = boolean | [global] |
Default: NO in Samba 2.2, YES in Samba 3.0
If enabled, Samba will use password encryption. Requires an smbpasswd file on the Samba server.
enhanced browsing = boolean | [global] |
Automatically synchronizes browse lists with all domain master browsers known to the WINS server. Makes cross-subnet browsing more reliable, but also can cause empty workgroups to persist forever in browse lists.
enumports command = command | [global] |
Allows for a command to provide clients with customized MS-DOS/Windows port names (e.g., PRN:) corresponding to printers. Samba's default behavior is to return Samba Printer Port. The command must return a series of lines, with one port name per line.
exec = command |
fake directory create times = boolean |
A bug fix for users of Microsoft nmake. If YES, Samba sets directory create times such that nmake won't remake all files every time.
fake oplocks = boolean |
follow symlinks = boolean |
If set to YES, Samba follows symlinks in a file share(s). See the wide links option if you want to restrict symlinks to just the current share.