This chapter wraps up our coverage of the smb.conf configuration file with some miscellaneous options that can perform a variety of tasks. We talk briefly about options for time synchronization, internationalization, messages, and common Windows bugs. For the most part, you will use these options only in isolated circumstances.
In a network of computers, the systems on the network must agree on the current time and also on what time files have been modified. One example of the importance of synchronization is the roaming profiles we covered in Chapter 4. It is vital for all clients accessing a roaming profile to agree on what time it is and which client last modified the user's profile.
[global] time server = yes dos filetimes = yes fake directory create times = yes dos filetime resolution = yes delete readonly = yes
In Chapter 4, we showed you how to create a logon script that used the net time command to synchronize clients' clocks automatically when they log on to the domain. If your network is configured as a workgroup rather than a domain, you can still make use of net time by placing the command:
net time \\sambaserver /set /yes
Proper time synchronization is also important when operating in an Active Directory domain because Active Directory uses Kerberos authentication. When a Kerberos domain controller creates an authentication ticket for a client, the time is encoded into the challenge-and-response exchanges between the client and domain controller. If the client's clock disagrees with the server's clock, authentication can fail.
To provide proper time synchronization in Active Directory domains, Microsoft has adopted Network Time Protocol (NTP), using the name Windows Time Service for its implementation. For further information, the Microsoft white paper entitled The Windows Time Service can be downloaded from http://www.microsoft.com.
The nice thing about this is that NTP is the standard method for synchronizing Unix hosts on a network, so you can synchronize all your Unix systems (including the Samba server) and Windows systems with the following method:
Run NTP on the Unix systems in your network. For more information on using NTP, refer to http://www.ntp.org.
Use one of the Unix systems (such as the Samba host system) as an NTP server to serve Windows 2000/XP clients.
For other Windows clients, you might have to download an update from Microsoft to add Windows Time Service client support or use a third-party application such as the free analogX Atomic TimeSync (http://www.analogx.com). Or you can use the net time command to update the client's clock periodically, as discussed previously.
To support roaming profiles, programmers accessing your Samba server, and other time-sensitive functions on your network, you'll want to be aware of the options listed in Table 11-1.
Option |
Parameters |
Function |
Default |
Scope |
---|---|---|---|---|
time server |
Boolean |
If yes, announces nmbd as an SMB time service to Windows clients |
no |
Global |
time offset |
numeric |
Adds a specified number of minutes to the reported time |
0 |
Global |
dos filetimes |
Boolean |
Allows non-owners of a file to change its time if they can write to it |
no |
Share |
dos filetime resolution |
Boolean |
Causes file times to be rounded to the next even second |
no |
Share |
fake directory create times |
Boolean |
Sets directory times to avoid an MS nmake bug |
no |
Share |
The dos filetime resolution parameter is a share-level option. If set to yes, Samba rounds file times to the closest 2-second boundary. This option exists primarily to satisfy a quirk in Windows that prevents Visual C++ from correctly recognizing that a file has not changed. You can enable it as follows:
[data] dos filetime resolution = yes
The fake directory create times option exists to keep PC make programs sane. VFAT and NTFS filesystems record the creation date of a specific directory, while Unix does not. Without this option, Samba takes the earliest recorded date it has for the directory (often the last-modified date of a file) and returns it to the client. If this is not sufficient, set the following option under a share definition:
[data] fake directory create times = yes
If set, Samba will adjust the directory create time it reports to the hardcoded value January 1, 1980. This is primarily used to convince the Visual C++ nmake program that any object files in its build directories are indeed younger than the creation date of the directory itself and need to be recompiled.
Table 11-2 lists the options that deal with magic scripts on the Samba server.
Option |
Parameters |
Function |
Default |
Scope |
---|---|---|---|---|
magic script |
string (filename) |
File to be executed by Samba, as the logged-on user, when closed |
None |
Share |
magic output |
string (filename) |
File to log output from the magic file |
scriptname.out |
Share |
If the magic script option is set to a filename and the client creates a file by that name in that share, Samba will run the file as soon as the user has opened and closed it. For example, let's assume that the following option was created in the share [accounting]:
[accounting] magic script = tally.sh
Starting with Samba 3.0, Samba supports Unicode "on the wire," requiring no additional effort on your part to support filenames and other text containing characters in international character sets.
Samba 2.2.x has a limited ability to speak foreign tongues: if you need to support filenames containing characters that aren't in standard ASCII, some options that can help you are shown in Table 11-3.
Option |
Parameters |
Function |
Default |
Scope |
---|---|---|---|---|
client code page |
Described in this section |
Sets a code page to expect from clients |
850 |
Global |
character set |
Described in this section |
Translates code pages into alternate Unix character sets |
None |
Global |
coding system |
Described in this section |
Translates code page 932 into an Asian character set |
None |
Global |
valid chars |
string (set of characters) |
Adds individual characters to a code page |
None |
Global |
The character sets on Windows platforms hark back to the original concept of a code page. These code pages are used by DOS and Windows clients to determine rules for mapping lowercase letters to uppercase letters. Samba can be instructed to use a variety of code pages through the use of the global client code page option to match the corresponding code page in use on the client. This option loads a code page definition file and can take the values specified in Table 11-4.
Code page |
Definition |
---|---|
437 |
MS-DOS Latin (United States) |
737 |
Windows 95 Greek |
850 |
MS-DOS Latin 1 (Western European) |
852 |
MS-DOS Latin 2 (Eastern European) |
861 |
MS-DOS Icelandic |
866 |
MS-DOS Cyrillic (Russian) |
932 |
MS-DOS Japanese Shift-JIS |
936 |
MS-DOS Simplified Chinese |
949 |
MS-DOS Korean Hangul |
950 |
MS-DOS Traditional Chinese |
You can set the client code page as follows:
[global] client code page = 852
The global character set option can be used to convert filenames offered through a DOS code page (see the previous section, Section 11.3.1.1) to equivalents that can be represented by Unix character sets other than those in the United States. For example, if you want to convert the Western European MS-DOS character set on the client to a Western European Unix character set on the server, you can use the following in your configuration file:
[global] client code page = 850 character set = ISO8859-1
Note that you must include a client code page option to specify the character set from which you are converting. The valid character sets (and their matching code pages) that Samba accepts are listed in Table 11-5.
Character set |
Matching code page |
Definition |
---|---|---|
ISO8859-1 |
850 |
Western European Unix |
ISO8859-2 |
852 |
Eastern European Unix |
ISO8859-5 |
866 |
Russian Cyrillic Unix |
ISO8859-7 |
737 |
Greek Unix |
KOI8-R |
866 |
Alternate Russian Cyrillic Unix |
The coding system option is similar to the character set option. However, its purpose is to determine how to convert a Japanese Shift JIS code page into an appropriate Unix character set. To use this option, the client code page option described previously must be set to page 932. The valid coding systems that Samba accepts are listed in Table 11-6.
Character set |
Definition |
---|---|
SJIS |
Standard Shift JIS |
JIS8 |
Eight-bit JIS codes |
J8BB |
Eight-bit JIS codes |
J8BH |
Eight-bit JIS codes |
J8@B |
Eight-bit JIS codes |
J8@J |
Eight-bit JIS codes |
J8@H |
Eight-bit JIS codes |
JIS7 |
Seven-bit JIS codes |
J7BB |
Seven-bit JIS codes |
J7BH |
Seven-bit JIS codes |
J7@B |
Seven-bit JIS codes |
J7@J |
Seven-bit JIS codes |
J7@H |
Seven-bit JIS codes |
JUNET |
JUNET codes |
JUBB |
JUNET codes |
JUBH |
JUNET codes |
JU@B |
JUNET codes |
JU@J |
JUNET codes |
JU@H |
JUNET codes |
EUC |
EUC codes |
HEX |
Three-byte hexadecimal code |
CAP |
Three-byte hexadecimal code (Columbia AppleTalk Program) |
The valid chars option can be used to add individual characters to a code page. You can use this option as follows:
valid chars = Î valid chars = 0450:0420 0x0A20:0x0A00 valid chars = A:a
If you use this option, it must be listed after the client code page to which you wish to add the character.
One of the odd features of SMB protocol is its ability to send text messages between computers. Although both the name and functionality are similar to that of Windows Messenger, the two are not the same. Windows Messenger (also called MSN Messenger) is an Internet-oriented instant messenging service, while Windows Messenger Service is an older and simpler LAN-oriented service. Using the Windows Messenger Service, messages can be addressed to users, individual computers, or entire workgroups on the network.
The WinPopup tool (Winpopup.exe), shown in Figure 11-1, can be used on Windows 95/98/Me to send or receive messages. WinPopup is a handy tool for sending messages. However, to receive messages, it must already be running when the message is sent from the remote system.
On Windows NT/2000/XP, the messenger service lets you receive messages without having an application already running; messages will automatically appear in a small dialog box on the screen when received, as shown in Figure 11-2.
C:\> net send maya "Who's There?" The message was successfully sent to MAYA.
Samba has a single option to handle Windows Messenger Service, message command, as shown in Table 11-7.
Option |
Parameter |
Function |
Default |
Scope |
---|---|---|---|---|
message command |
string (shell command) |
Sets a command to run on Unix when a WinPopup message is received |
None |
Global |
Samba's message command option defines the command that will run on the server when a Windows Messenger Service message arrives. The command will be executed as the guest account user. What to do with messages is questionable because most Samba hosts run as unattended servers. One solution is to mail the messages to root like this:
[global] message command = /bin/mail -s "SMB Message From %f on %m" root <%s; rm %s
In addition to the standard variables, Table 11-8 shows the three unique variables that you can use in a message command.
Variable |
Definition |
---|---|
%s |
The name of the file in which the message resides |
%f |
The name of the system that sent the message |
%t |
The name of the system that is the destination of the message |
Many Samba options are available to deal with operating system issues on either Unix or Windows. In particular, some of these options are used for setting limits for clients' use of resources on the Unix server. The options shown in Table 11-9 deal with some of these issues.
Option |
Parameters |
Function |
Default |
Scope |
---|---|---|---|---|
deadtime |
numeric (minutes) |
Number of minutes of inactivity before a connection should be terminated. |
0 |
Global |
dfree command |
string (command) |
Used to specify a command that returns free disk space in a format recognized by Samba. |
None |
Global |
fstype |
NTFS, FAT, or Samba |
Filesystem type reported by the server to the client. |
NTFS |
Global |
keepalive |
numeric (seconds) |
Number of seconds between checks for an inoperative client. |
300 (none) |
Global |
max disk size |
numeric (MB) |
Largest disk size to return to a client, some of which have limits. Does not affect actual operations on the disk. |
0 (infinity) |
Global |
max mux |
numeric |
Maximum number of simultaneous SMB operations that clients can make. |
50 |
Global |
max open files |
numeric |
Limits number of open files to be below Unix limits. |
10000 |
Global |
max xmit |
numeric |
Specifies the maximum packet size that Samba will send. |
65535 or 16644 |
Global |
nt pipe support |
Boolean |
Turns off an NT/2000/XP support feature; for benchmarking or in case of an error. |
yes |
Global |
nt smb support |
Boolean |
Turns off an NT/2000/XP support feature; for benchmarking or in case of an error. |
yes |
Global |
ole locking compatibility |
Boolean |
Remaps out-of-range lock requests used on Windows to fit in allowable range on Unix. Turning it off causes Unix lock errors. |
yes |
Global |
panic action |
string |
Command to run if Samba server fails; for debugging. |
None |
Global |
set directory |
Boolean |
If yes, allows VMS clients to issue set dir commands. |
no |
Global |
status |
Boolean |
If yes, allows Samba to monitor status for smbstatus command. |
yes |
Global |
strict sync |
Boolean |
If no, ignores Windows application requests to perform a sync-to-disk. |
no |
Global |
sync always |
Boolean |
If yes, forces all client writes to be committed to disk before returning from the call. |
no |
Global |
strip dot |
Boolean |
If yes, strips trailing dots from Unix filenames. |
no |
Global |
change notify timeout |
numeric (seconds) |
Interval between checks when a client asks to wait for a change in a specified directory. |
60 |
Global |
stat cache |
Boolean |
If yes, Samba will cache recent name mappings. |
yes |
Global |
stat cache size |
numeric |
Number of entries in the stat cache. |
50 |
Global |
[global] deadtime = 10
[global] dfree command = /usr/local/bin/dfree
#!/bin/sh df $1 | tail -1 | awk '{print $2" "$4}'
On System V machines, the following will work:
#!/bin/sh /usr/bin/df $1 | tail -1 | awk '{print $3" "$5}'
This share-level option sets the type of filesystem that Samba reports when queried by the client. Three strings can be used as a value to this configuration option, as listed in Table 11-10.
Value |
Definition |
---|---|
NTFS |
Microsoft Windows NT filesystem |
FAT |
DOS FAT filesystem |
Samba |
Samba filesystem |
[data] fstype = FAT
[global] max disk size = 1000
The default value for this option is 0, which means there is no upper limit.
This global option is used by developers to allow or disallow Windows NT/2000/XP clients the ability to make connections to NT-specific SMB IPC$ pipes. As a user, you should never need to override the default:
[global] nt pipe support = yes
This Boolean share-level option allows Digital Pathworks clients to use the setdir command to change directories on the server. If you are not using the Digital Pathworks client, you should not need to alter this option. The default value for this option is no. You can override it per share as follows:
[data] set directory = yes
The change notify timeout global option emulates a Windows NT/2000 SMB feature called change notification. This allows a client to request that a Windows NT/2000 server periodically monitor a specific directory on a share for any changes. If changes occur, the server will notify the client.
[global] change notify timeout = 30