Библиотека сайта rus-linux.net
Appendix B. Samba Configuration Option Quick Reference
The first section of this appendix lists each option that can be used
in a Samba configuration file, which is usually named
smb.conf. Most configuration files contain a
global section of options that apply to all services (shares) and a
separate section for various individual shares. If an option applies
only to the global section, [global] appears to
the right of its name in the following reference section.
Except where noted, when specifying elements of a list, the elements can be separated by spaces, tabs, commas, semicolons, escaped newlines, or escaped carriage returns.
Following this reference section is a glossary of value types, and a list of variables Samba recognizes.
| abort shutdown script = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that stops the shutdown procedure started by
shutdown script. The command will be run with the
UID of the connected user. New in Samba 3.0.
| add printer command = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that creates a new printer on the system hosting the Samba
server. This command runs as root when the Windows
NT/2000/XP Add Printer Wizard is run. The command will be passed a
printer name, share name, port name, driver name, Windows NT/2000/XP
driver location, and Windows 95/98/Me driver location, in that order.
It will need to add the printer to the system and a share definition
for the printer to smb.conf. See also
add printer wizard, printing,
and show add printer wizard.
| add machine script = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that adds a computer to the Samba server's domain. New in Samba 3.0.
| add share command = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that creates a new share on the Samba server. This command
runs as root when a share is created using the
Windows NT/2000/XP Server Manager. The client user must be logged on
as the root user. The command will be passed the
name of the Samba configuration file, the name of the share to be
created, the full pathname of a directory on the Samba server (which
must already exist), and a string to use as a comment for the share,
in that order. The command must add a share definition for the share
to smb.conf. See also add printer
command, for adding a print share.
| add user script = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that creates a new user on the system hosting the Samba
server. This command runs as root when access to a
Samba share is attempted by a Windows user who does not have an
account on the hosting system, but does have an account maintained by
a primary domain controller on a different system. The command should
accept the name of the user as a single argument that matches the
behavior of typical adduser commands. Samba
honors the %u value (username) as the argument to
the command. Requires security
= server or
security =
domain. See also delete user
script.
| admin users = user list |
Allowable values: user list
Default: NULL
Specifies users who will be granted root
permissions on the share by Samba.
| ads server = value | [global] |
Allowable values: DNS hostname or IP address
Default: NONE
Specifies the Active Directory server, used by
Samba 3.0 for authenticating clients. Requires
security = ads. New in Samba
3.0.
| algorithmic rid base = number | [global] |
Allowable values: positive integer
Default: 1000
Specifies the base value that Samba uses when calculating Windows
domain security identifier equivalents to Unix UIDs. See also
non unix account range. New in Samba 3.0.
| allow hosts = host list |
Allowable values: list of hosts or networks
Default: NULL
Specifies systems that can connect to the share or shares. If NULL, any
system can access the share unless there is a hosts
deny option. Synonym for hosts
allow.
| allow trusted domains = boolean | [global] |
Allowable values: YES, NO
Default: YES
Allows access to users who lack accounts on the Samba server but have
accounts in another, trusted domain.
Requires security = server or
security =
domain.
| announce as = value | [global] |
Allowable values: NT, Win95, Wf W
Default: NT
Has Samba announce itself as something other than an NT server. Discouraged because it interferes with serving browse lists.
| announce version = value | [global] |
Allowable values: two numbers separated by a dot character
Default: 4.5
Instructs Samba to announce itself as a different version SMB server. Discouraged.
| auth methods = list | [global] |
Allowable values: guest, sam, ntdomain
Default: NONE
Specifies what methods Samba tries in turn to authenticate users. New in Samba 3.0.
| auto services = service list | [global] |
Allowable values: service list
Default: NULL
Specifies a list of shares that always appear in
browse lists. Also called preload.
| available = boolean |
Allowable values: YES, NO
Default: YES
If set to NO, denies access to a share. The share appears in the browse list, but attempts to access it will fail.
| bind interfaces only = boolean | [global] |
Allowable values: YES, NO
Default: NO
If set to YES, shares and browsing are provided only on interfaces in
an interfaces list (see
interfaces). If you set this option to YES, be
sure to add 127.0.0.1 to the interfaces list to allow
smbpasswd to connect to the local system to
change passwords. This is a convenience option; it does not improve
security.
| block size = number |
Allowable values: integer
Default: 1024
Sets the size of disk blocks as reported by smbd to the client. Obsolete starting with Samba 3.0.
| blocking locks = boolean |
Default: YES
If YES, honors byte range lock requests with time limits. Samba will queue the requests and retry them until the time period expires.
| browsable = boolean |
Allowable values: YES, NO
Default: YES
Allows a share to be announced
in browse lists. Also called browseable.
| browse list = boolean | [global] |
Allowable values: YES, NO
Default: YES
If YES, serves the browse list to other systems on the network. Avoid changing.
| browseable = boolean |
Allowable values: YES, NO
Default: YES
Synonym for browsable.
| case sensitive = boolean | [global] |
Allowable values: YES, NO
Default: NO
If YES, uses the exact case the client supplied when trying to
resolve a filename. If NO, matches either upper- or lowercase name.
Avoid changing. Also called casesignames.
| casesignames = boolean | [global] |
Allowable values: YES, NO
Default: NO
Synonym for case sensitive.
| change notify timeout = number | [global] |
Allowable values: positive number
Default: 60
Sets the number of seconds between checks when a client asks for notification of changes in a directory. Avoid lowering.
| change share command = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that modifies a share
definition on the Samba server. This command runs as
root when a share is created using the Windows
NT/2000/XP Server Manager. The client user must be logged on as the
root user. The command is passed the name of the
Samba configuration file, the name of the share to be modified, the
full pathname of a directory on the Samba server (which must already
exist), and a string to use as a comment for the share, in that
order. The command modifies the share definition for the share in
smb.conf. See also add share
command and delete share command.
| character set = name |
Allowable values: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R
If set, translates from DOS code
pages to the Western European (ISO8859-1), Eastern European
(ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian
(KOI8-R) character set. The client
code page option must be set to 850.
Obsolete starting with Samba 3.0.
| client code page = name |
Allowable values: see Table 11-4 in Chapter 11
Default: 850 (MS-DOS Latin 1)
Sets the DOS code page explicitly, overriding any previous
valid chars settings. Examples
of values are 850 for Western European, 437 for the U.S. standard,
and 932 for Japanese Shift-JIS. Obsolete starting with Samba 3.0.
| code page directory = directory | [global] |
Allowable values: full directory name
Default: /usr/local/samba/lib/codepages
Specifies the directory that stores code pages. Obsolete starting with Samba 3.0.
| coding system = value | [global] |
Allowable values: euc, cap, hex, hexN, sjis, j8bb, j8bj, jis8, j8bh, j8@b, j8@j,j8@h, j7bb, j7bj, jis7, j7bh, j7@b, j7@j, j7@h, jubb, jubj, junet, jubh, ju@b, ju@j, ju@h
Default: NULL
Sets the coding system used, notably for Kanji. This is employed for
filenames and should correspond to the code page in use. The
client code
page option must be set to 932 ( Japanese
Shift-JIS). Obsolete starting with Samba 3.0.
| comment = string |
Allowable values: string
Default: NULL
Sets the comment corresponding to a share. The comment appears in
places such as a net view listing or through the
Network Neighborhood. See also the server
string configuration option.
| config file = filename | [global] |
Selects a new Samba configuration file to read instead of the
current one. Used to relocate the configuration file or used with
% variables to select custom configuration files
for some users or systems.
| copy = section name |
Allowable values: existing section's name
Copies the configuration of an already defined share into the
share in which this option
appears. Used with % variables to select custom
configurations for systems, architectures, and users. Each option
specified or copied takes precedence over earlier specifications of
the option.
| create mask = value |
Allowable values: octal value from 0 to 0777
Sets the maximum allowable permissions for new files (e.g.,
0755). See also directory mask.
To require certain permissions to be set, see
force create
mask and force
directory mask. Also called
create mode.
| csc policy = value |
Allowable values: manual, documents, programs, or disable
Sets the client-side caching policy, telling them how to cache files offline if they are capable of doing so.
| deadtime = number | [global] |
Specifies the time in minutes before an unused
connection will be
terminated. Zero means never. Used to keep clients from tying up
server resources for long periods of time. If used, clients must
autoreconnect after the specified period of inactivity. See also
keepalive.
| debug hires timestamp = boolean | [global] |
Changes the timestamps in log entries from seconds to microseconds. Useful for measuring performance.
| debug pid = boolean | [global] |
Adds the process ID of the Samba server to log lines, making it easier to
debug a particular server. Requires debug timestamp =
yes to work.
| debug timestamp = boolean | [global] |
| debug uid = boolean | [global] |
Adds the real and effective user ID and group ID of the user being served to the logs, making it easier to debug one particular user.
| debuglevel = number | [global] |
| default = service name | [global] |
| default devmode = boolean |
Used with printer shares being accessed by Windows NT/2000/XP clients to set a default device mode for the printer. Can be problematic. Use with care.
| delete printer command = command | [global] |
Specifies a command that removes a
printer from the system hosting the
Samba server and deletes its service definition from
smb.conf. The command is passed a printer name
as its only argument. See also add printer
command, printing, and show add
printer wizard.
| delete readonly = boolean |
| delete share command = command |
Specifies a command that deletes a
share
from the Samba server. The command runs when a user logged in as the
root user on a Windows NT/2000/XP system deletes a
share using Server Manager. The command is passed the name of the
Samba configuration file and the name of the share to be deleted. The
command must remove the definition of the share from the
configuration file. See also add share command and
change share command.
| delete user script = command | [global] |
Allowable values: full path to script
Sets the command to run as root when a user
connects who no longer has an account on the
domain's PDC. Honors %u. Can be
used to delete the
user account automatically from
the Samba server's host. Requires
security =
domain or security = user. Use
with caution. See also add user script.
| delete veto files = boolean |
If set to YES, allows delete requests for a
directory containing
files or subdirectories the user can't see due to
the veto files option. If set
to NO, the directory is not deleted and still contains invisible
files.
| deny hosts = host list |
Allowable values: hosts or networks
Specifies a list of systems from which to refuse
connections.
Also called hosts deny.
| dfree command = command | [global] |
| directory = directory |
Allowable values: Unix directory name
Sets the path to the
directory provided by a file share or
used by a printer share. If the option is omitted in the
[homes] share, it is set automatically to the
user's home directory; otherwise, it defaults
to /tmp. For a printer share, the directory is
used to spool printer files. Honors the %u (user)
and %m (machine) variables. Synonym for
path.
| directory mask = value |
Allowable values: octal value from 0 to 0777
Sets the maximum allowable permissions for newly created
directories. To require
that certain permissions be set, see the force
create mask and
force directory
mask options. Also called
directory mode.
| directory security mask = value |
Allowable values: octal value from 0 to 0777
| disable spools = boolean | [global] |
| dns proxy = boolean | [global] |
| domain admin group = user list | [global] |
Allowable values: usernames and/or group names
Specifies users who are in the Domain Admins group and have
domain
administrator authority when Samba is the PDC. See also
domain guest group and domain
logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.
| domain guest group = user/group list | [global] |
Allowable values: list of usernames and/or group names
Specifies users who are in the Domain Guest group when Samba is the PDC.
See also domain admin group and domain
logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.
| domain logons = boolean | [global] |
| domain master = boolean | [global] |
Makes Samba a domain master browser for its domain. When
domain logons are enabled, domain master defaults
to YES. Otherwise, it defaults to NO.
| dos filemode = boolean |
Allows anyone with write permissions to change permissions on a file, as allowed by MS-DOS.
| dos filetime resolution = boolean |
| dos filetimes = boolean |
| encrypt passwords = boolean | [global] |
Default: NO in Samba 2.2, YES in Samba 3.0
If enabled, Samba will use password encryption. Requires an smbpasswd file on the Samba server.
| enhanced browsing = boolean | [global] |
Automatically synchronizes browse lists with all domain master browsers known to the WINS server. Makes cross-subnet browsing more reliable, but also can cause empty workgroups to persist forever in browse lists.
| enumports command = command | [global] |
Allows for a command to provide clients with customized
MS-DOS/Windows port names (e.g., PRN:) corresponding
to printers. Samba's default behavior is to return
Samba Printer Port. The command must return a
series of lines, with one port name per line.
| exec = command |
| fake directory create times = boolean |
A bug fix for users of Microsoft nmake. If YES, Samba sets directory create times such that nmake won't remake all files every time.
| fake oplocks = boolean |
| follow symlinks = boolean |
If set to YES, Samba follows symlinks in a file share(s). See the
wide links option if you want
to restrict symlinks to just the current share.