<html> <body bgcolor="#ffffff"> <img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" hspace="10" align="left" /> <h1 class="head0">Appendix B. Samba Configuration Option Quick Reference</h1> <p>The first section of this appendix lists each option that can be used in a Samba configuration file, which is usually named <em class="filename">smb.conf</em>. Most configuration files contain a global section of options that apply to all services (shares) and a separate section for various individual shares. If an option applies only to the global section, <tt class="literal">[global]</tt> appears to the right of its name in the following reference section.</p> <p>Except where noted, when specifying elements of a list, the elements can be separated by spaces, tabs, commas, semicolons, escaped newlines, or escaped carriage returns.</p> <p>Following this reference section is a glossary of value types, and a list of variables Samba recognizes.</p> <div class="sect1"><a name="samba2-APP-B-SECT-1"/> <h2 class="head1">Configuration File Options</h2> </div> <a name="INDEX-1"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>abort shutdown script = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that stops the shutdown procedure started by <tt class="literal">shutdown script</tt>. The command will be run with the UID of the connected user. New in Samba 3.0.</p></div> <a name="INDEX-2"/><a name="INDEX-3"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add printer command = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that creates a new <a name="INDEX-3"/>printer on the system hosting the Samba server. This command runs as <tt class="literal">root</tt> when the Windows NT/2000/XP Add Printer Wizard is run. The command will be passed a printer name, share name, port name, driver name, Windows NT/2000/XP driver location, and Windows 95/98/Me driver location, in that order. It will need to add the printer to the system and a share definition for the printer to <em class="filename">smb.conf.</em> See also <tt class="literal">add printer wizard</tt>, <tt class="literal">printing</tt>, and <tt class="literal">show add printer wizard</tt>.</p></div> <a name="INDEX-4"/><a name="INDEX-5"/><a name="INDEX-6"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add machine script = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that adds a computer to the Samba server's <a name="INDEX-5"/><a name="INDEX-6"/>domain. New in Samba 3.0.</p></div> <a name="INDEX-7"/><a name="INDEX-8"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add share command = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that creates a new <a name="INDEX-8"/>share on the Samba server. This command runs as <tt class="literal">root</tt> when a share is created using the Windows NT/2000/XP Server Manager. The client user must be logged on as the <tt class="literal">root</tt> user. The command will be passed the name of the Samba configuration file, the name of the share to be created, the full pathname of a directory on the Samba server (which must already exist), and a string to use as a comment for the share, in that order. The command must add a share definition for the share to <em class="filename">smb.conf.</em> See also <tt class="literal">add printer command</tt>, for adding a print share.</p></div> <a name="INDEX-9"/><a name="INDEX-10"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add user script = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that creates a new <a name="INDEX-10"/>user on the system hosting the Samba server. This command runs as <tt class="literal">root</tt> when access to a Samba share is attempted by a Windows user who does not have an account on the hosting system, but does have an account maintained by a primary domain controller on a different system. The command should accept the name of the user as a single argument that matches the behavior of typical <em class="emphasis">adduser</em> commands. Samba honors the <tt class="literal">%u</tt> value (username) as the argument to the command. Requires <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">server</tt> or <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">domain</tt>. See also <tt class="literal">delete user</tt> <tt class="literal">script</tt>.</p></div> <a name="INDEX-11"/><a name="INDEX-12"/><a name="INDEX-13"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>admin users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p><a name="INDEX-12"/>Specifies users who will be granted <a name="INDEX-13"/><tt class="literal">root</tt> permissions on the share by Samba.</p></div> <a name="INDEX-14"/><a name="INDEX-15"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ads server = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: DNS hostname or IP address</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies the <a name="INDEX-15"/>Active Directory server, used by Samba 3.0 for authenticating clients. Requires <tt class="literal">security</tt> <tt class="literal">= ads</tt>. New in Samba 3.0.</p></div> <a name="INDEX-16"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>algorithmic rid base = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 1000</p><p>Specifies the base value that Samba uses when calculating Windows domain security identifier equivalents to Unix UIDs. See also <tt class="literal">non unix account range</tt>. New in Samba 3.0.</p></div> <a name="INDEX-17"/><a name="INDEX-18"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>allow hosts = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies systems that can connect to the share or <a name="INDEX-18"/>shares. If NULL, any system can access the share unless there is a <tt class="literal">hosts deny</tt> option. Synonym for <tt class="literal">hosts</tt> <tt class="literal">allow</tt>.</p></div> <a name="INDEX-19"/><a name="INDEX-20"/><a name="INDEX-21"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>allow trusted domains = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows access to users who lack accounts on the Samba server but have accounts in another, trusted <a name="INDEX-20"/><a name="INDEX-21"/>domain. Requires <tt class="literal">security</tt> <tt class="literal">= server</tt> or <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">domain</tt>.</p></div> <a name="INDEX-22"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>announce as = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NT, Win95, Wf W</p><p><b class="emphasis-bold">Default</b>: NT</p><p>Has Samba announce itself as something other than an NT server. Discouraged because it interferes with serving browse lists.</p></div> <a name="INDEX-23"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>announce version = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: two numbers separated by a dot character</p><p><b class="emphasis-bold">Default</b>: 4.5</p><p>Instructs Samba to announce itself as a different version SMB server. Discouraged.</p></div> <a name="INDEX-24"/><a name="INDEX-25"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>auth methods = list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: guest, sam, ntdomain</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies what methods Samba tries in turn to <a name="INDEX-25"/>authenticate users. New in Samba 3.0.</p></div> <a name="INDEX-26"/><a name="INDEX-27"/><a name="INDEX-28"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>auto services = service list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: service list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of <a name="INDEX-27"/><a name="INDEX-28"/>shares that always appear in browse lists. Also called <tt class="literal">preload</tt>.</p></div> <a name="INDEX-29"/><a name="INDEX-30"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>available = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to NO, denies access to a share. The <a name="INDEX-30"/>share appears in the browse list, but attempts to access it will fail.</p></div> <a name="INDEX-31"/><a name="INDEX-32"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>bind interfaces only = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, shares and browsing are provided only on interfaces in an <a name="INDEX-32"/>interfaces list (see <tt class="literal">interfaces</tt>). If you set this option to YES, be sure to add 127.0.0.1 to the interfaces list to allow <em class="emphasis">smbpasswd</em> to connect to the local system to change passwords. This is a convenience option; it does not improve security.</p></div> <a name="INDEX-33"/><a name="INDEX-34"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>block size = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 1024</p><p>Sets the size of disk blocks as reported by <em class="emphasis">smbd</em> to the client. <a name="INDEX-34"/>Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-35"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>blocking locks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, honors byte range lock requests with time limits. Samba will queue the requests and retry them until the time period expires.</p></div> <a name="INDEX-36"/><a name="INDEX-37"/><a name="INDEX-38"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>browsable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p><a name="INDEX-37"/><a name="INDEX-38"/>Allows a share to be announced in browse lists. Also called <tt class="literal">browseable</tt>.</p></div> <a name="INDEX-39"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>browse list = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, serves the browse list to other systems on the network. Avoid changing.</p></div> <a name="INDEX-40"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>browseable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Synonym for <tt class="literal">browsable</tt>.</p></div> <a name="INDEX-41"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>case sensitive = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, uses the exact case the client supplied when trying to resolve a filename. If NO, matches either upper- or lowercase name. Avoid changing. Also called <tt class="literal">casesignames</tt>.</p></div> <a name="INDEX-42"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>casesignames = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Synonym for <tt class="literal">case</tt> <tt class="literal">sensitive</tt>.</p></div> <a name="INDEX-43"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>change notify timeout = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive number</p><p><b class="emphasis-bold">Default</b>: 60</p><p>Sets the number of seconds between checks when a client asks for notification of changes in a directory. Avoid lowering.</p></div> <a name="INDEX-44"/><a name="INDEX-45"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>change share command = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that modifies a <a name="INDEX-45"/>share definition on the Samba server. This command runs as <tt class="literal">root</tt> when a share is created using the Windows NT/2000/XP Server Manager. The client user must be logged on as the <tt class="literal">root</tt> user. The command is passed the name of the Samba configuration file, the name of the share to be modified, the full pathname of a directory on the Samba server (which must already exist), and a string to use as a comment for the share, in that order. The command modifies the share definition for the share in <em class="filename">smb.conf.</em> See also <tt class="literal">add share command</tt> and <tt class="literal">delete share command</tt>.</p></div> <a name="INDEX-46"/><a name="INDEX-47"/><a name="INDEX-48"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>character set = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R</p><p><b class="emphasis-bold">Default</b>: NULL</p><p><a name="INDEX-47"/>If set, translates from DOS code pages to the Western European (ISO8859-1), Eastern European (ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian (KOI8-R) character set. The <tt class="literal">client</tt> <tt class="literal">code</tt> <tt class="literal">page</tt> option must be set to 850. <a name="INDEX-48"/>Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-49"/><a name="INDEX-50"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>client code page = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: see <a href="ch11.html#samba2-CHP-11-TABLE-4">Table 11-4</a> in <a href="ch11.html">Chapter 11</a></p><p><b class="emphasis-bold">Default</b>: 850 (MS-DOS Latin 1)</p><p>Sets the DOS code page explicitly, overriding any previous <tt class="literal">valid</tt> <tt class="literal">chars</tt> settings. Examples of values are 850 for Western European, 437 for the U.S. standard, and 932 for Japanese Shift-JIS. <a name="INDEX-50"/>Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-51"/><a name="INDEX-52"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>code page directory = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full directory name</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/lib/codepages</em></p><p>Specifies the directory that stores code pages. <a name="INDEX-52"/>Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-53"/><a name="INDEX-54"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>coding system = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: euc, cap, hex, hexN, sjis, j8bb, j8bj, jis8, j8bh, j8@b, j8@j,j8@h, j7bb, j7bj, jis7, j7bh, j7@b, j7@j, j7@h, jubb, jubj, junet, jubh, ju@b, ju@j, ju@h</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the coding system used, notably for Kanji. This is employed for filenames and should correspond to the code page in use. The <tt class="literal">client</tt> <tt class="literal">code</tt> <tt class="literal">page</tt> option must be set to 932 ( Japanese Shift-JIS). <a name="INDEX-54"/>Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-55"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>comment = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: string</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the comment corresponding to a share. The comment appears in places such as a <em class="emphasis">net view</em> listing or through the Network Neighborhood. See also the <tt class="literal">server</tt> <tt class="literal">string</tt> configuration option.</p></div> <a name="INDEX-56"/><a name="INDEX-57"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>config file = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: \filename</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Selects a new Samba <a name="INDEX-57"/>configuration file to read instead of the current one. Used to relocate the configuration file or used with <tt class="literal">%</tt> variables to select custom configuration files for some users or systems.</p></div> <a name="INDEX-58"/><a name="INDEX-59"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>copy = section name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: existing section's name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Copies the configuration of an already defined share into the <a name="INDEX-59"/>share in which this option appears. Used with <tt class="literal">%</tt> variables to select custom configurations for systems, architectures, and users. Each option specified or copied takes precedence over earlier specifications of the option.</p></div> <a name="INDEX-60"/><a name="INDEX-61"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>create mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0744</p><p>Sets the maximum allowable <a name="INDEX-61"/>permissions for new files (e.g., 0755). See also <tt class="literal">directory</tt> <tt class="literal">mask</tt>. To require certain permissions to be set, see <tt class="literal">force</tt> <tt class="literal">create</tt> <tt class="literal">mask</tt> and <tt class="literal">force</tt> <tt class="literal">directory</tt> <tt class="literal">mask</tt>. Also called <tt class="literal">create</tt> <tt class="literal">mode</tt>.</p></div> <a name="INDEX-62"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>create mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0744</p><p>Synonym for <tt class="literal">create</tt> <tt class="literal">mask</tt>.</p></div> <a name="INDEX-63"/><a name="INDEX-64"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>csc policy = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: manual, documents, programs, or disable</p><p><b class="emphasis-bold">Default</b>: manual</p><p>Sets the client-side <a name="INDEX-64"/>caching policy, telling them how to cache files offline if they are capable of doing so.</p></div> <a name="INDEX-65"/><a name="INDEX-66"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>deadtime = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Specifies the time in minutes before an unused <a name="INDEX-66"/>connection will be terminated. Zero means never. Used to keep clients from tying up server resources for long periods of time. If used, clients must autoreconnect after the specified period of inactivity. See also <tt class="literal">keepalive</tt>.</p></div> <a name="INDEX-67"/><a name="INDEX-68"/><a name="INDEX-69"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug hires timestamp = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Changes the <a name="INDEX-68"/><a name="INDEX-69"/>timestamps in log entries from seconds to microseconds. Useful for measuring performance.</p></div> <a name="INDEX-70"/><a name="INDEX-71"/><a name="INDEX-72"/><a name="INDEX-73"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug pid = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Adds the process ID of the Samba server to <a name="INDEX-71"/><a name="INDEX-72"/><a name="INDEX-73"/>log lines, making it easier to debug a particular server. Requires debug <tt class="literal">timestamp = yes</tt> to work.</p></div> <a name="INDEX-74"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug timestamp = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Timestamps all log messages. Can be turned off when it's not useful (e.g., in debugging ). Also called <tt class="literal">timestamp</tt> <tt class="literal">logs</tt>.</p></div> <a name="INDEX-75"/><a name="INDEX-76"/><a name="INDEX-77"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug uid = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-76"/><a name="INDEX-77"/>Adds the real and effective user ID and group ID of the user being served to the logs, making it easier to debug one particular user.</p></div> <a name="INDEX-78"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debuglevel = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Sets the logging level used. Values of 3 or more slow Samba noticeably. Also called <tt class="literal">log</tt> <tt class="literal">level</tt>. Recommended value is 1.</p></div> <a name="INDEX-79"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default = service name</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the name of a service (share) to provide if someone requests a service he doesn't have permission to use or that doesn't exist. The path is set from the name the client specified, with any underscore ( _ ) characters changed to slash ( / ) characters, allowing access to any directory on the Samba server. Use is discouraged. See also <tt class="literal">load printers</tt>. Also called <tt class="literal">default service</tt>.</p></div> <a name="INDEX-80"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default case = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: LOWER, UPPER</p><p><b class="emphasis-bold">Default</b>: LOWER</p><p>Sets the case in which to store new filenames. LOWER indicates lowercase, and UPPER indicates uppercase.</p></div> <a name="INDEX-81"/><a name="INDEX-82"/><a name="INDEX-83"/><a name="INDEX-84"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default devmode = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Used with printer shares being accessed by Windows NT/2000/XP clients to set a default device mode for the <a name="INDEX-82"/><a name="INDEX-83"/><a name="INDEX-84"/>printer. Can be problematic. Use with care.</p></div> <a name="INDEX-85"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default service = share name</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">default</tt>.</p></div> <a name="INDEX-86"/><a name="INDEX-87"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete printer command = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that removes a <a name="INDEX-87"/>printer from the system hosting the Samba server and deletes its service definition from <em class="filename">smb.conf</em>. The command is passed a printer name as its only argument. See also <tt class="literal">add printer command</tt>, <tt class="literal">printing</tt>, and <tt class="literal">show add printer wizard</tt>.</p></div> <a name="INDEX-88"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete readonly = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NO, YES</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, allows delete requests to remove read-only files. This is not allowed in MS-DOS/Windows, but it is normal in Unix, which has separate directory permissions. Used with programs such as RCS.</p></div> <a name="INDEX-89"/><a name="INDEX-90"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete share command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that deletes a <a name="INDEX-90"/>share from the Samba server. The command runs when a user logged in as the <tt class="literal">root</tt> user on a Windows NT/2000/XP system deletes a share using Server Manager. The command is passed the name of the Samba configuration file and the name of the share to be deleted. The command must remove the definition of the share from the configuration file. See also <tt class="literal">add share command</tt> and <tt class="literal">change share command</tt>.</p></div> <a name="INDEX-91"/><a name="INDEX-92"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete user script = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the command to run as <tt class="literal">root</tt> when a user connects who no longer has an account on the domain's PDC. Honors <tt class="literal">%u</tt>. Can be used to delete the <a name="INDEX-92"/>user account automatically from the Samba server's host. Requires <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">domain</tt> or <tt class="literal">security = user</tt>. Use with caution. See also <tt class="literal">add user script</tt>.</p></div> <a name="INDEX-93"/><a name="INDEX-94"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete veto files = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NO, YES</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, allows delete requests for a <a name="INDEX-94"/>directory containing files or subdirectories the user can't see due to the <tt class="literal">veto</tt> <tt class="literal">files</tt> option. If set to NO, the directory is not deleted and still contains invisible files.</p></div> <a name="INDEX-95"/><a name="INDEX-96"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>deny hosts = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of systems from which to refuse <a name="INDEX-96"/>connections. Also called <tt class="literal">hosts</tt> <tt class="literal">deny</tt>.</p></div> <a name="INDEX-97"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dfree command = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Specifies a command to run on the server to return free disk space. Not needed unless the Samba host system's <em class="emphasis">dfree</em> command does not work properly.</p></div> <a name="INDEX-98"/><a name="INDEX-99"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory = directory</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Unix directory name</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the path to the <a name="INDEX-99"/>directory provided by a file share or used by a printer share. If the option is omitted in the <tt class="literal">[homes]</tt> share, it is set automatically to the user's home directory; otherwise, it defaults to<em class="filename"> /tmp</em>. For a printer share, the directory is used to spool printer files. Honors the <tt class="literal">%u</tt> (user) and <tt class="literal">%m</tt> (machine) variables. Synonym for <tt class="literal">path</tt>.</p></div> <a name="INDEX-100"/><a name="INDEX-101"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0755</p><p>Sets the maximum allowable permissions for newly created <a name="INDEX-101"/>directories. To require that certain permissions be set, see the <tt class="literal">force</tt> <tt class="literal">create</tt> <tt class="literal">mask</tt> and <tt class="literal">force</tt> <tt class="literal">directory</tt> <tt class="literal">mask</tt> options. Also called <tt class="literal">directory</tt> <tt class="literal">mode</tt>.</p></div> <a name="INDEX-102"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0755</p><p>Synonym for <tt class="literal">directory</tt> <tt class="literal">mask</tt>.</p></div> <a name="INDEX-103"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory security mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: same as <tt class="literal">directory</tt> <tt class="literal">mode</tt></p><p>Controls which permission bits can be changed if a user edits the Unix permissions of directories on the Samba server from a Windows system. Any bit that is set in the mask can be changed by the user; any bit that is clear remains the same on the directory even if the user tries to change it. Requires <tt class="literal">nt</tt> <tt class="literal">acl</tt> <tt class="literal">support</tt> <tt class="literal">=</tt> <tt class="literal">YES</tt>.</p></div> <a name="INDEX-104"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>disable spools = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, Windows NT/2000/XP systems will downgrade to Lanman-style printing. Prevents printer driver uploading and downloading from working. Use with care. See also <tt class="literal">use client driver</tt>.</p></div> <a name="INDEX-105"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dns proxy = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES and if <tt class="literal">wins</tt> <tt class="literal">server</tt> <tt class="literal">=</tt> <tt class="literal">YES</tt>, looks up hostnames in DNS when they are not found using WINS.</p></div> <a name="INDEX-106"/><a name="INDEX-107"/><a name="INDEX-108"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain admin group = user list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: usernames and/or group names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies users who are in the <a name="INDEX-107"/>Domain Admins group and have <a name="INDEX-108"/>domain administrator authority when Samba is the PDC. See also <tt class="literal">domain guest group</tt> and <tt class="literal">domain logons</tt>. Useful in Samba 2.2 only. Obsolete in Samba 3.0.</p></div> <a name="INDEX-109"/><a name="INDEX-110"/><a name="INDEX-111"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain guest group = user/group list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of usernames and/or group names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies users who are in the <a name="INDEX-110"/>Domain Guest group when Samba is the PDC. See also <tt class="literal">domain admin group</tt> and <tt class="literal">domain logons</tt>. Useful in Samba 2.2 only. <a name="INDEX-111"/>Obsolete in Samba 3.0.</p></div> <a name="INDEX-112"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain logons = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Causes Samba to serve domain logons. This is one of the basic functions required when Samba is acting as the PDC.</p></div> <a name="INDEX-113"/><a name="INDEX-114"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain master = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: automatic</p><p>Makes Samba a <a name="INDEX-114"/>domain master browser for its domain. When domain logons are enabled, <tt class="literal">domain master</tt> defaults to YES. Otherwise, it defaults to NO.</p></div> <a name="INDEX-115"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dont descend = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of directories</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Prohibits a change directory or search in the directories specified. This is a browsing-convenience option; it doesn't provide any extra security.</p></div> <a name="INDEX-116"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dos filemode = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Allows anyone with write permissions to change permissions on a file, as allowed by MS-DOS.</p></div> <a name="INDEX-117"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dos filetime resolution = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Sets file times on Unix to match MS-DOS standards (rounding to the next even second). Recommended if using Visual C++ or a PC <em class="emphasis">make</em> program to avoid remaking the programs unnecessarily. Use with the <tt class="literal">dos</tt> <tt class="literal">filetimes</tt> option.</p></div> <a name="INDEX-118"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dos filetimes = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Allows nonowners to change file times if they can write to the files, matching the behavior of MS-DOS and Windows. See also <tt class="literal">dos</tt> <tt class="literal">filetime</tt> <tt class="literal">resolution</tt>.</p></div> <a name="INDEX-119"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>encrypt passwords = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO in Samba 2.2, YES in Samba 3.0</p><p>If enabled, Samba will use password encryption. Requires an <em class="filename">smbpasswd</em> file on the Samba server.</p></div> <a name="INDEX-120"/><a name="INDEX-121"/><a name="INDEX-122"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>enhanced browsing = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Automatically synchronizes <a name="INDEX-121"/><a name="INDEX-122"/>browse lists with all domain master browsers known to the WINS server. Makes cross-subnet browsing more reliable, but also can cause empty workgroups to persist forever in browse lists.</p></div> <a name="INDEX-123"/><a name="INDEX-124"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>enumports command = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Allows for a command to provide clients with customized MS-DOS/Windows <a name="INDEX-124"/>port names (e.g., PRN:) corresponding to printers. Samba's default behavior is to return <tt class="literal">Samba Printer Port</tt>. The command must return a series of lines, with one port name per line.</p></div> <a name="INDEX-125"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>exec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as the user before connecting to the share. Synonym for <tt class="literal">preexec</tt>. See also the <tt class="literal">postexec</tt>, <tt class="literal">root</tt> <tt class="literal">preexec</tt>, and <tt class="literal">root postexec</tt> options.</p></div> <a name="INDEX-126"/><a name="INDEX-127"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>fake directory create times = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>A bug fix for users of Microsoft <em class="emphasis">nmake</em><a name="INDEX-127"/>. If YES, Samba sets directory create times such that <em class="emphasis">nmake</em> won't remake all files every time.</p></div> <a name="INDEX-128"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>fake oplocks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, returns YES whenever a client asks if it can lock a file and cache it locally but does not enforce the lock on the server. Results in performance improvement for read-only shares. <em class="emphasis">Never use with read/write shares!</em> See also <tt class="literal">oplocks</tt> and <tt class="literal">veto</tt> <tt class="literal">oplock</tt> <tt class="literal">files</tt>.</p></div> <a name="INDEX-129"/><a name="INDEX-130"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>follow symlinks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, Samba follows <a name="INDEX-130"/>symlinks in a file share(s). See the <tt class="literal">wide</tt> <tt class="literal">links</tt> option if you want to restrict symlinks to just the current share.</p></div> <a name="INDEX-131"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force create mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Takes effect when a user on a Windows client creates a file that resides on the Samba server. This option ensures that bits set in this mask will always be set on the new file. Used with the <tt class="literal">create mask</tt> configuration option.</p></div> <a name="INDEX-132"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force directory mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Takes effect when a user on a Windows client creates a directory on the Samba server. This option ensures that bits set in the mask will be set on every newly created directory. Used with <tt class="literal">directory mask</tt>.</p></div> <a name="INDEX-133"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force directory security mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: same as <tt class="literal">force</tt> <tt class="literal">directory</tt> <tt class="literal">mode</tt></p><p>Takes effect when a user on a Windows client edits the Unix permissions of a directory on the Samba server. This option ensures that bits set in this mask will be set on the directory. Requires <tt class="literal">nt</tt> <tt class="literal">acl</tt> <tt class="literal">support</tt> <tt class="literal">=</tt> <tt class="literal">YES</tt>.</p></div> <a name="INDEX-134"/><a name="INDEX-135"/><a name="INDEX-136"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force group = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a Unix group name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the effective group name assigned to all users accessing a share. Used to override a <a name="INDEX-135"/><a name="INDEX-136"/>user's normal group memberships.</p></div> <a name="INDEX-137"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force security mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: same as <tt class="literal">force</tt> <tt class="literal">create</tt> <tt class="literal">mode</tt></p><p>Takes effect when a user on a Windows client edits the Unix permissions of a file on the Samba server. This option ensures that bits set in the mask will always be set on the file. Requires <tt class="literal">nt</tt> <tt class="literal">acl</tt> <tt class="literal">support</tt> <tt class="literal">=</tt> <tt class="literal">YES</tt>. See also <tt class="literal">force directory security mode</tt> for directories.</p></div> <a name="INDEX-138"/><a name="INDEX-139"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force unknown acl user = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>When set, unknown users or groups in Windows NT ACLs will be mapped to the user or group of the connected user. <a name="INDEX-139"/>Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-140"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force user = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a single username</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the effective username assigned to all users accessing a share. Discouraged.</p></div> <a name="INDEX-141"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>fstype = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NTFS, FAT, Samba</p><p><b class="emphasis-bold">Default</b>: NTFS</p><p>Sets the filesystem type reported to the client. Avoid changing.</p></div> <a name="INDEX-142"/><a name="INDEX-143"/><a name="INDEX-144"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>getwd cache = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Caches the current <a name="INDEX-143"/><a name="INDEX-144"/>directory for performance. Recommended with the <tt class="literal">wide</tt> <tt class="literal">links</tt> option.</p></div> <a name="INDEX-145"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>group = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a Unix group name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">force</tt> <tt class="literal">group</tt>.</p></div> <a name="INDEX-146"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>guest account = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a single username</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the name of the unprivileged Unix account to use for tasks such as printing and for accessing shares marked with <tt class="literal">guest</tt> <tt class="literal">ok</tt>. The default is specified at compile time and is usually set to <tt class="literal">nobody</tt>.</p></div> <a name="INDEX-147"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>guest ok = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, doesn't need passwords for this share. Used with <tt class="literal">security = share</tt>. Synonym for <tt class="literal">public</tt>.</p></div> <a name="INDEX-148"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>guest only = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Forces users of a share to log on as the guest account. Requires <tt class="literal">guest</tt> <tt class="literal">ok</tt> or <tt class="literal">public</tt> to be YES. Also called <tt class="literal">only</tt> <tt class="literal">guest</tt>.</p></div> <a name="INDEX-149"/><a name="INDEX-150"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide dot files = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Treats files with names beginning with a dot as if they had the MS-DOS <a name="INDEX-150"/>hidden attribute set. The files are either not displayed on a Windows client or appear grayed-out, depending on the settings on the client.</p></div> <a name="INDEX-151"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide files = slash-separated list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: patterns, separated by <tt class="literal">/</tt> characters</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of file or directory names on which to set the MS-DOS hidden attribute. Names can contain <tt class="literal">?</tt> or <tt class="literal">*</tt> pattern characters and <tt class="literal">%</tt> variables. See also <tt class="literal">hide</tt> <tt class="literal">dot</tt> <tt class="literal">files</tt> and <tt class="literal">veto</tt> <tt class="literal">files</tt>.</p></div> <a name="INDEX-152"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide local users = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, hides Unix-specific dummy accounts (<tt class="literal">root</tt>, <tt class="literal">wheel</tt>, <tt class="literal">floppy</tt>, etc.) from clients.</p></div> <a name="INDEX-153"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide unreadable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, hides all unreadable files.</p></div> <a name="INDEX-154"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>homedir map = name</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NIS map name</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Used with <tt class="literal">nis</tt> <tt class="literal">homedir</tt> to locate a user's Unix home directory from Sun NIS (not NIS+).</p></div> <a name="INDEX-155"/><a name="INDEX-156"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>host msdfs = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-156"/>If set to YES and Samba was configured with the <tt class="literal">--with-msdfs</tt> option, provides Microsoft Distributed filesystem (Dfs) service, allowing Dfs-capable clients to browse Dfs trees on the Samba server. See also <tt class="literal">msdfs root</tt>.</p></div> <a name="INDEX-157"/><a name="INDEX-158"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hosts allow = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of systems that can access the <a name="INDEX-158"/>share. If NULL, any system can access the share unless there is a <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option. Synonym for <tt class="literal">allow</tt> <tt class="literal">hosts</tt>.</p></div> <a name="INDEX-159"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hosts deny = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of systems that cannot connect to the share. Synonym for <tt class="literal">deny</tt> <tt class="literal">hosts</tt>.</p></div> <a name="INDEX-160"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hosts equiv = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the path to a file of trusted systems from which passwordless logons are allowed. Strongly discouraged because Windows NT/2000/XP users can always override the username—the only security in this scheme.</p></div> <a name="INDEX-161"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>include = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Includes the named file in <em class="filename">smb.conf</em> at the line where it appears. This option accepts most variables, but not <tt class="literal">%u</tt> (user), <tt class="literal">%P</tt> (current share's <tt class="literal">root</tt> directory), or <tt class="literal">%S</tt> (current share's name) because they are not set at the time the file is read.</p></div> <a name="INDEX-162"/><a name="INDEX-163"/><a name="INDEX-164"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>inherit acls = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, files and subdirectories are created with the same <a name="INDEX-163"/>ACLs as their parent directories. Directories are given Unix permissions of 0777 (full permissions) ensuring that the ACL on the directory will govern the actual permissions given to clients. Requires <a name="INDEX-164"/>POSIX ACL support to be provided on the Samba host system.</p></div> <a name="INDEX-165"/><a name="INDEX-166"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>inherit permissions = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, files and subdirectories are created with the same <a name="INDEX-166"/>permissions as their parent directories. This allows Unix directory permissions to be propagated automatically to new files and subdirectories, especially in the <tt class="literal">[homes]</tt> share. This option overrides <tt class="literal">create</tt> <tt class="literal">mask</tt>, <tt class="literal">directory</tt> <tt class="literal">mask</tt>, <tt class="literal">force</tt> <tt class="literal">create</tt> <tt class="literal">mode</tt>, and <tt class="literal">force</tt> <tt class="literal">directory</tt> <tt class="literal">mode</tt>, but not <tt class="literal">map</tt> <tt class="literal">archive</tt>, <tt class="literal">map</tt> <tt class="literal">hidden</tt>, or <tt class="literal">map</tt> <tt class="literal">system</tt>. Samba never sets the <tt class="literal">setuid</tt> bit when creating a file or directory.</p></div> <a name="INDEX-167"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>interfaces = interface list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: interface list</p><p><b class="emphasis-bold">Default</b>: NULL (all interfaces except 127.0.0.1)</p><p>Sets the interfaces to which Samba will respond. The default is the system's primary interface only. Recommended on multihomed systems or to override erroneous addresses and netmasks. Allows interface names such as <tt class="literal">eth0</tt>, DNS names, address/netmask pairs, and broadcast/netmask pairs. See also <tt class="literal">bind interfaces only</tt>.</p></div> <a name="INDEX-168"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>invalid users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of users not permitted access to the share.</p></div> <a name="INDEX-169"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>keepalive = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 300</p><p>Sets the number of seconds between checks for a crashed client. The value of 0 causes no checks to be performed. Setting <tt class="literal">keepalive = 3600</tt> will turn on checks every hour. A value of 600 (every 10 minutes) is recommended if you want more frequent checks. See also <tt class="literal">socket</tt> <tt class="literal">options</tt> for another approach.</p></div> <a name="INDEX-170"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>kernel oplocks = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Breaks the oplock when a local Unix process or NFS operation accesses an oplocked file, thus preventing corruption. This works only on operating systems that support kernel-based oplocks, such as Linux 2.4 and Irix. Avoid changing. See also <tt class="literal">oplocks</tt> and <tt class="literal">level2</tt> <tt class="literal">oplocks</tt>.</p></div> <a name="INDEX-171"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lanman auth = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, allows clients to use the (weak) LANMAN password hash used by Windows 95/98/Me. If set to NO, allows only the better NT1 hash used by Windows NT/2000/XP.</p></div> <a name="INDEX-172"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>large readwrite = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO in Samba 2.2, YES in Samba 3.0</p><p>If set to YES, allows Windows 2000/XP to read and write 64KB at a time to improve performance. Requires Samba to be hosted by a 64-bit OS, such as Linux 2.4, Irix, or Solaris. Somewhat experimental.</p></div> <a name="INDEX-173"/><a name="INDEX-174"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap admin dn = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Distinguished Name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the Distinguished Name used by Samba when contacting the LDAP server. Requires Samba to be configured with the <tt class="literal">--with-ldapsam</tt> configuration option. Experimental option added in Samba 2.2.3 and <a name="INDEX-174"/>obsolete in Samba 3.0.</p></div> <a name="INDEX-175"/><a name="INDEX-176"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap filter = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: LDAP search filter</p><p><b class="emphasis-bold">Default</b>: <tt class="literal">(&(uid=%u)(objectclass=sambaAccount))</tt></p><p>Sets the LDAP search filter. Requires that Samba be configured with the <tt class="literal">--with-ldapsam</tt> configuration option. Experimental option added in Samba 2.2.3 and <a name="INDEX-176"/>obsolete in Samba 3.0.</p></div> <a name="INDEX-177"/><a name="INDEX-178"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap port = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: In Samba 2.2, 636 if <tt class="literal">ldap ssl = on</tt>; otherwise 389</p><p>Sets the TCP port number for contacting the LDAP server. Requires that Samba be configured with the <tt class="literal">--with-ldapsam</tt> configuration option. Experimental option added in Samba 2.2.3 and <a name="INDEX-178"/>obsolete starting with Samba 3.0. See also <tt class="literal">ldap ssl</tt>.</p></div> <a name="INDEX-179"/><a name="INDEX-180"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap server = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: fully qualified domain name</p><p><b class="emphasis-bold">Default</b>: localhost</p><p>Sets the domain name of the LDAP server. Requires that Samba be configured with the <tt class="literal">--with-ldapsam</tt> configuration option. Experimental option added in Samba 2.2.3 and <a name="INDEX-180"/>obsolete starting with Samba 3.0.</p></div> <a name="INDEX-181"/><a name="INDEX-182"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap ssl = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: ON, OFF, START TLS</p><p><b class="emphasis-bold">Default</b>: ON</p><p>Sets whether Samba uses SSL to contact the LDAP server. ON and OFF turn SSL encryption on or off. The START TLS setting causes Samba to use LDAPv3 StartTLS extended operation. Requires that Samba be configured with the <tt class="literal">--with-ldapsam</tt> configuration option. Experimental option added in Samba 2.2.3 and <a name="INDEX-182"/>obsolete in Samba 3.0.</p></div> <a name="INDEX-183"/><a name="INDEX-184"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap suffix = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Distinguished Name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the base Distinguished Name to use for LDAP searches. Requires that Samba be configured with the <tt class="literal">--with-ldapsam</tt> configuration option. Experimental option added in Samba 2.2.3 and <a name="INDEX-184"/>obsolete in Samba 3.0.</p></div> <a name="INDEX-185"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>level2 oplocks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows files to be cached read-only on the client when multiple clients have opened the file. This allows executables to be cached locally, improving performance.</p></div> <a name="INDEX-186"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lm announce = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: AUTO, YES, NO</p><p><b class="emphasis-bold">Default</b>: AUTO</p><p>Produces OS/2 SMB broadcasts at an interval specified by the <tt class="literal">lm</tt> <tt class="literal">interval</tt> option. YES/NO turns them on/off unconditionally. AUTO causes the Samba server to wait for a LAN manager announcement from another client before sending one out. Required for OS/2 client browsing.</p></div> <a name="INDEX-187"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lm interval = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 60</p><p>Sets the time period, in seconds, between OS/2 SMB broadcast announcements.</p></div> <a name="INDEX-188"/><a name="INDEX-189"/><a name="INDEX-190"/><a name="INDEX-191"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>load printers = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Loads all printer names from the system's <em class="emphasis">printcap</em><a name="INDEX-189"/> file into the <a name="INDEX-190"/><a name="INDEX-191"/>browse list. Uses configuration options from the <tt class="literal">[printers]</tt> section.</p></div> <a name="INDEX-192"/><a name="INDEX-193"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>local master = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows Samba to participate in <a name="INDEX-193"/>elections for the local master browser. See also <tt class="literal">domain</tt> <tt class="literal">master</tt> and <tt class="literal">os</tt> <tt class="literal">level</tt>.</p></div> <a name="INDEX-194"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock dir = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/usr/local/samba/var/locks</em></p><p>Synonym for <tt class="literal">lock</tt> <tt class="literal">directory</tt>.</p></div> <a name="INDEX-195"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock directory = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/usr/local/samba/var/locks</em></p><p>Sets a directory in which to keep lock files. The directory must be writable by Samba and readable by everyone. Also called <tt class="literal">lock</tt> <tt class="literal">dir</tt>.</p></div> <a name="INDEX-196"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock spin count = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 2</p><p>Sets the number of attempts to attain a byte range lock. See also <tt class="literal">lock spin time</tt>.</p></div> <a name="INDEX-197"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock spin time = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of microseconds</p><p><b class="emphasis-bold">Default</b>: 10</p><p>Sets the number of microseconds between attempts to attain a lock. See also <tt class="literal">lock</tt> <tt class="literal">spin</tt> <tt class="literal">count</tt>.</p></div> <a name="INDEX-198"/><a name="INDEX-199"/><a name="INDEX-200"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>locking = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Performs <a name="INDEX-199"/><a name="INDEX-200"/>file locking. If set to NO, Samba accepts lock requests but won't actually lock resources. Turn off for read-only filesystems.</p></div> <a name="INDEX-201"/><a name="INDEX-202"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>log file = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the name and location of the <a name="INDEX-202"/>log file. Allows all <tt class="literal">%</tt> variables.</p></div> <a name="INDEX-203"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>log level = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Sets the logging level used. Values of 3 or more slow the system noticeably. Recommended value is 1. Synonym for <tt class="literal">debug</tt> <tt class="literal">level</tt>.</p></div> <a name="INDEX-204"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon drive = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: MS-DOS drive name</p><p><b class="emphasis-bold">Default</b>: Z:</p><p>Sets the drive to be used as a home directory for domain logons by Windows NT/2000/XP clients. See also <tt class="literal">logon</tt> <tt class="literal">home</tt>.</p></div> <a name="INDEX-205"/><a name="INDEX-206"/><a name="INDEX-207"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon home = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">\\ %N \ %U</em></p><p>Sets the home <a name="INDEX-206"/><a name="INDEX-207"/>directory of a Windows 95/98/Me or NT/2000/XP user. Allows <tt class="literal">NET</tt> <tt class="literal">USE</tt> <tt class="literal">H:/HOME</tt> from the command prompt if Samba is acting as a logon server. Append <tt class="literal">\profile</tt> or other directory to the value of this parameter if storing Windows 95/98/Me profiles in a subdirectory of the user's home directory. See <tt class="literal">logon path</tt> for Windows NT/2000/XP roaming profiles.</p></div> <a name="INDEX-208"/><a name="INDEX-209"/><a name="INDEX-210"/><a name="INDEX-211"/><a name="INDEX-212"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon path = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">\\ %N \ %U \ profile</em></p><p>Sets the path to the directory where Windows NT/2000/XP <a name="INDEX-209"/><a name="INDEX-210"/><a name="INDEX-211"/><a name="INDEX-212"/>roaming profiles are stored. See also <tt class="literal">logon home</tt> for Windows 95/98/Me roaming profiles.</p></div> <a name="INDEX-213"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon script = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the pathname (relative to the <tt class="literal">[netlogon]</tt> share) of an MS-DOS/NT command to run on the client at logon time. Allows all <tt class="literal">%</tt> variables.</p></div> <a name="INDEX-214"/><a name="INDEX-215"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lppause command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command to pause a <a name="INDEX-215"/>print job. Honors the <tt class="literal">%p</tt> (printer name) and <tt class="literal">%j</tt> (job number) variables.</p></div> <a name="INDEX-216"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lpq cache time = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 10</p><p>Sets how long to keep print queue status cached, in seconds.</p></div> <a name="INDEX-217"/><a name="INDEX-218"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lpq command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to get <a name="INDEX-218"/>printer status. Usually initialized to a default value by the <tt class="literal">printing</tt> option. Honors the <tt class="literal">%p</tt> (printer name) variable.</p></div> <a name="INDEX-219"/><a name="INDEX-220"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lpresume command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command to resume a paused <a name="INDEX-220"/>print job. Honors the <tt class="literal">%p</tt> (printer name) and <tt class="literal">%j</tt> ( job number) variables.</p></div> <a name="INDEX-221"/><a name="INDEX-222"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lprm command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command to delete a <a name="INDEX-222"/>print job. Usually initialized to a default value by the <tt class="literal">printing</tt> option. Honors the <tt class="literal">%p</tt> (printer name) and <tt class="literal">%j</tt> (job number) variables.</p></div> <a name="INDEX-223"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>machine password timeout = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 604800 (1 week)</p><p>Sets the period between (NT domain) computer account password changes.</p></div> <a name="INDEX-224"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>magic output = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="replaceable">command</em><em class="emphasis">.out</em></p><p>Sets the output file for the <tt class="literal">magic</tt> <tt class="literal">scripts</tt> option. Default is the command name, followed by the <em class="emphasis">.out</em> extension.</p></div> <a name="INDEX-225"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>magic script = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a filename for execution via a shell whenever the file is closed from the client, allowing clients to run commands on the server. The scripts will be deleted on completion, if permissions allow. Use is discouraged.</p></div> <a name="INDEX-226"/><a name="INDEX-227"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangle case = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-227"/>Mangles a name if it is in mixed case.</p></div> <a name="INDEX-228"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangled map = map list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of to/from pairs</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets up a table of names to remap (e.g., <em class="emphasis">.html</em> to <em class="emphasis">.htm</em>).</p></div> <a name="INDEX-229"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangled names = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Sets Samba to abbreviate to the MS-DOS 8.3 style names that are too long or have unsupported characters.</p></div> <a name="INDEX-230"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangled stack = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 50</p><p>Sets the size of the cache of recently mangled filenames.</p></div> <a name="INDEX-231"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangling char = character</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: character</p><p><b class="emphasis-bold">Default</b>: ~</p><p>Sets the unique mangling character used in all mangled names.</p></div> <a name="INDEX-232"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangling method = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: hash, hash2</p><p><b class="emphasis-bold">Default</b>: hash</p><p>Sets the algorithm used to mangle filenames. The <tt class="literal">hash2</tt> method is a newer method introduced in Samba 2.2.x, and it creates different filenames than the <tt class="literal">hash</tt> method.</p></div> <a name="INDEX-233"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map archive = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, Samba sets the executable-by-user (0100) bit on Unix files if the MS-DOS archive attribute is set. If used, the <tt class="literal">create</tt> <tt class="literal">mask</tt> must contain the 0100 bit.</p></div> <a name="INDEX-234"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map hidden = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, Samba sets the executable-by-other (0001) bit on Unix files if the MS-DOS hidden attribute is set. If used, the <tt class="literal">create mask</tt> option must contain the 0001 bit.</p></div> <a name="INDEX-235"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map system = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, Samba sets the executable-by-group (0010) bit on Unix files if the MS-DOS system attribute is set. If used, the <tt class="literal">create</tt> <tt class="literal">mask</tt> must contain the 0010 bit.</p></div> <a name="INDEX-236"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map to guest = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Never, Bad User, Bad Password</p><p><b class="emphasis-bold">Default</b>: Never</p><p>If set to Bad User, allows users without accounts on the Samba system to log in and be assigned the guest account. This option can be used as part of making public shares for anyone to use. If set to Bad Password, users who mistype their passwords will be logged in to the guest account instead of their own. Because no warning is given, the Bad Password value can be extremely confusing: we recommend against it. The default setting of Never prevents users without accounts from logging in.</p></div> <a name="INDEX-237"/><a name="INDEX-238"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max connections = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0 (infinity)</p><p>Sets the maximum number of <a name="INDEX-238"/>share connections allowed from each client system.</p></div> <a name="INDEX-239"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max disk size = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: size in MB</p><p><b class="emphasis-bold">Default</b>: 0 (no limit)</p><p>Sets the maximum disk size/free-space size (in megabytes) to return to the client. Some clients or applications can't understand large maximum disk sizes.</p></div> <a name="INDEX-240"/><a name="INDEX-241"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max log size = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: size in KB</p><p><b class="emphasis-bold">Default</b>: 5000</p><p>Sets the size (in kilobytes) at which Samba will start a new <a name="INDEX-241"/>log file. The current log file will be renamed with a <em class="emphasis">.old</em> extension, replacing any existing file with that name.</p></div> <a name="INDEX-242"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max mux = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 50</p><p>Sets the number of simultaneous SMB operations that Samba clients can make. Avoid changing.</p></div> <a name="INDEX-243"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max open files = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 10000</p><p>Limits the number of files a Samba process will try to keep open at one time. Samba allows you to set this to less than the maximum imposed by the Unix host operating system. Avoid changing.</p></div> <a name="INDEX-244"/><a name="INDEX-245"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max print jobs = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 1000</p><p>Limits the number of jobs that can be in the queue for this <a name="INDEX-245"/>printer share at any one time. The printer will report <tt class="literal">out of space</tt> if the limit is exceeded. See also <tt class="literal">total print jobs</tt>.</p></div> <a name="INDEX-246"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max protocol = name</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: CORE, COREPLUS, LANMAN1, LANMAN2, NT1</p><p><b class="emphasis-bold">Default</b>: NT1</p><p>If set, limits the negotiation to the protocol specified, or older. See <tt class="literal">min protocol</tt>. Avoid using.</p></div> <a name="INDEX-247"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max smbd processes = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 0 (no limit)</p><p>Limits the number of users who can connect to the server. Used to prevent degraded service under an overload, at the cost of refusing services entirely.</p></div> <a name="INDEX-248"/><a name="INDEX-249"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max ttl = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 259200 (3 days)</p><p>Sets the <a name="INDEX-249"/>time to live (TTL) of NetBIOS names in the <em class="emphasis">nmbd</em> WINS cache. Avoid changing.</p></div> <a name="INDEX-250"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max wins ttl = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 518400 (6 days)</p><p>Limits the TTL, in seconds, of a NetBIOS name in the <em class="emphasis">nmbd</em> WINS cache. Avoid changing. See also <tt class="literal">min wins ttl</tt>.</p></div> <a name="INDEX-251"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max xmit = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: size in bytes</p><p><b class="emphasis-bold">Default</b>: 65535</p><p>Sets the maximum packet size negotiated by Samba. This is a tuning parameter for slow links and bugs in older clients. Values less than 2048 are discouraged.</p></div> <a name="INDEX-252"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>message command = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the command to run on the server when a WinPopup message arrives from a client. If it does not complete quickly, the command must end in <tt class="literal">&</tt> to allow immediate return. Honors all <tt class="literal">%</tt> variables except <tt class="literal">%u</tt> (user) and supports the extra variables <tt class="literal">%s</tt> (filename the message is in), <tt class="literal">%t</tt> (destination system), and <tt class="literal">%f</tt> (from).</p></div> <a name="INDEX-253"/><a name="INDEX-254"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min passwd length = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 5</p><p><a name="INDEX-254"/>Synonym for <tt class="literal">min</tt> <tt class="literal">password</tt> <tt class="literal">length</tt>.</p></div> <a name="INDEX-255"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min password length = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 5</p><p>Sets the shortest Unix password allowed by Samba when updating a user's password on its system. Also called <tt class="literal">min</tt> <tt class="literal">passwd</tt> <tt class="literal">length</tt>.</p></div> <a name="INDEX-256"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min print space = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: space in kilobytes</p><p><b class="emphasis-bold">Default</b>: 0 (unlimited)</p><p>Sets the minimum spool space required before accepting a print request.</p></div> <a name="INDEX-257"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min protocol = name</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: CORE, COREPLUS, LANMAN1, LANMAN2, NT1</p><p><b class="emphasis-bold">Default</b>: CORE</p><p>If set, prevents use of old (less secure) protocols. Using NT1 disables MS-DOS clients. See also <tt class="literal">lanman auth</tt>.</p></div> <a name="INDEX-258"/><a name="INDEX-259"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min wins ttl = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 21600 (6 hours)</p><p>Sets the minimum <a name="INDEX-259"/>TTL, in seconds, of a NetBIOS name in the <em class="emphasis">nmbd</em> WINS cache. Avoid changing.</p></div> <a name="INDEX-260"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>msdfs root = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Makes the share a Dfs <tt class="literal">root</tt>. Requires the <tt class="literal">--with-msdfs</tt> configure option. Any symbolic links of the form <tt class="literal">msdfs:server\share</tt> will be seen as Dfs links. See also <tt class="literal">host msdfs</tt>.</p></div> <a name="INDEX-261"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>name resolve order = list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: lmhosts, wins, host, bcast</p><p><b class="emphasis-bold">Default</b>: lmhosts, host, wins, bcast</p><p>Sets the order of lookup when trying to get IP addresses from names. The host parameter carries out a regular name lookup using the server's normal sources: <em class="emphasis">/etc/hosts</em>, DNS, NIS, or a combination of these.</p></div> <a name="INDEX-262"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>netbios aliases = list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of NetBIOS names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Adds additional NetBIOS names by which the Samba server will advertise itself.</p></div> <a name="INDEX-263"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>netbios name = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: local hostname</p><p><b class="emphasis-bold">Default</b>: DNS name of system</p><p>Sets the NetBIOS name by which a Samba server is known, or the primary name if NetBIOS aliases exist. See also <tt class="literal">netbios aliases</tt>.</p></div> <a name="INDEX-264"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>netbios scope = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: string</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the NetBIOS scope string, an early predecessor of workgroups. Samba will not communicate with a system with a different scope. This option is not recommended.</p></div> <a name="INDEX-265"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nis homedir = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, the <tt class="literal">homedir</tt> <tt class="literal">map</tt> is used to look up the server hosting the user's home directory and return it to the client. The client will contact that system to connect to the share. This avoids mounting from a system that doesn't actually have the directory, which would cause the data to be transmitted twice. The system with the home directories must be an SMB server.</p></div> <a name="INDEX-266"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>non unix account range = numeric range</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: range of positive integers</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies a range of Unix UIDs for Samba to use for user accounts and computer accounts that are maintained outside of <em class="filename">/etc/passwd</em>. The UIDs in this range must not overlap those of regular Unix users in <em class="filename">/etc/passwd</em>. See also <tt class="literal">algorithmic rid base</tt>. New in Samba 3.0.</p></div> <a name="INDEX-267"/><a name="INDEX-268"/><a name="INDEX-269"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt acl support = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Causes the Samba server to map Unix <a name="INDEX-268"/><a name="INDEX-269"/>permissions to Windows NT ACLs.</p></div> <a name="INDEX-270"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt pipe support = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows turning off of NT-specific pipe calls. This is a developer/benchmarking option and might be removed in the future. Avoid changing.</p></div> <a name="INDEX-271"/><a name="INDEX-272"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt smb support = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, allows the use of NT-specific SMBs. This is a developer/benchmarking option that is <a name="INDEX-272"/>obsolete in Samba 3.0. Avoid changing.</p></div> <a name="INDEX-273"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt status support = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, allows the use of NT-specific status messages. This is a developer/benchmarking option and might be removed in the future. Avoid changing.</p></div> <a name="INDEX-274"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>null passwords = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, allows access to accounts that have null passwords. Strongly discouraged.</p></div> <a name="INDEX-275"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>obey pam restrictions = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, Samba will adhere to the PAM's account and session restrictions. Requires <tt class="literal">--with-pam</tt> configuration option.</p></div> <a name="INDEX-276"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>only guest = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Forces users of a share to log on as the guest account. Synonym for <tt class="literal">guest</tt> <tt class="literal">only</tt>. Requires <tt class="literal">guest</tt> <tt class="literal">ok</tt> or <tt class="literal">public</tt> to be YES.</p></div> <a name="INDEX-277"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>only user = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Requires that users of the share be in the list specified by the <tt class="literal">user</tt> option.</p></div> <a name="INDEX-278"/><a name="INDEX-279"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>oplock break wait time = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p><a name="INDEX-279"/>This is an advanced tuning parameter and is recommended only for experts who know how Samba handles oplocks. This option might need to be set if a Windows system fails to release an oplock in response to a break request from the Samba server. Due to bugs on some Windows systems, they might fail to respond if Samba responds too quickly; the default on this option can be lengthened in such cases.</p></div> <a name="INDEX-280"/><a name="INDEX-281"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>oplock contention limit = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of milliseconds</p><p><b class="emphasis-bold">Default</b>: 2</p><p><a name="INDEX-281"/>This is an advanced tuning parameter and is recommended only for experts who know how Samba handles oplocks. It causes Samba to refuse to grant an oplock if the number of clients contending for a file exceeds the specified value.</p></div> <a name="INDEX-282"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>oplocks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, supports local caching of oplocked files on the client. This option is recommended because it improves performance by about 30%. See also <tt class="literal">fake</tt> <tt class="literal">oplocks</tt> and <tt class="literal">veto</tt> <tt class="literal">oplock</tt> <tt class="literal">files</tt>.</p></div> <a name="INDEX-283"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>os level = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 20</p><p>Sets the candidacy of the server when electing a browse master. Used with the <tt class="literal">domain</tt> <tt class="literal">master</tt> or <tt class="literal">local</tt> <tt class="literal">master</tt> options. You can set a higher value than a competing operating system if you want Samba to win. Windows for Workgroups and Windows 95/98/Me use 1. Windows NT/2000/XP, when not acting as a PDC, use 16 and, when acting as a PDC, use 32. Warning: this can override non-Samba browse masters unexpectedly.</p></div> <a name="INDEX-284"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>os2 driver map = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a file containing mappings of Windows NT printer driver names to OS/2 printer driver names.</p></div> <a name="INDEX-285"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>pam password change = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, and if Samba is configured with <tt class="literal">--with-pam</tt>, PAM is allowed to handle password changes from clients, instead of using the program defined by the <tt class="literal">passwd</tt> <tt class="literal">program</tt> parameter.</p></div> <a name="INDEX-286"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>panic action = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the command to run when Samba panics. Honors all <tt class="literal">%</tt> variables. For Samba developers and testers, <tt class="literal">/usr/bin/X11/xterm</tt> <tt class="literal">-display</tt> <tt class="literal">:0</tt> <tt class="literal">-e</tt> <tt class="literal">gdb</tt> <tt class="literal">/samba/bin/smbd</tt> <tt class="literal">%d</tt> is a possible value.</p></div> <a name="INDEX-287"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passdb backend = list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: smbpasswd, smbpasswd_nua, tdbsam, tdbsam_nua, plugin</p><p><b class="emphasis-bold">Default</b>: smbpasswd</p><p>Specifies methods Samba uses to store and retrieve passwords when using a method other than the Unix system's <em class="filename">/etc/passwd</em>. See also <tt class="literal">non unix account range</tt>. New in Samba 3.0.</p></div> <a name="INDEX-288"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passwd chat = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: sequence of strings</p><p><b class="emphasis-bold">Default</b>: compiled-in value</p><p>Sets the chat strings used to change passwords on the server. Supports the variables <tt class="literal">%o</tt> (old password) and <tt class="literal">%n</tt> (new password) and allows the escapes <tt class="literal">\r</tt>, <tt class="literal">\n</tt>, <tt class="literal">\t</tt>, and <tt class="literal">\s</tt> (space) in the sequence. See also <tt class="literal">unix password sync</tt>, <tt class="literal">passwd program</tt>, <tt class="literal">passwd chat debug</tt>, and <tt class="literal">pam</tt> <tt class="literal">password change</tt>.</p></div> <a name="INDEX-289"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passwd chat debug = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Logs an entire password chat, including passwords passed, with a log level of 100. For debugging only. See also <tt class="literal">passwd chat</tt>, <tt class="literal">pam password change</tt>, and <tt class="literal">passwd program</tt>.</p></div> <a name="INDEX-290"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passwd program = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/bin/passwd</em></p><p>Sets the command used to change a user's password. Will be run as <tt class="literal">root</tt>. Supports <tt class="literal">%u</tt> (user). See also <tt class="literal">unix password sync</tt>.</p></div> <a name="INDEX-291"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>password level = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Specifies the number of uppercase-letter permutations used to match passwords. A workaround for clients that change passwords to a single case before sending them to the Samba server. Causes repeated login attempts with mixed-case passwords, which can trigger account lockouts. Required for Windows 95/98/Me, plain-text passwords, and mixed-case passwords. Try to avoid using.</p></div> <a name="INDEX-292"/><a name="INDEX-293"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>password server = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of NetBIOS names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of SMB servers that validate <a name="INDEX-293"/>passwords. Used with a Windows NT/2000 password server (PDC or BDC) and the <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">server</tt> or <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">domain</tt> configuration options. Caution: a Windows NT/2000 password server must allow logins from the Samba server. If set to <tt class="literal">*</tt>, Samba will look up the PDC by resolving the NetBIOS name WORKGROUP<1C>.</p></div> <a name="INDEX-294"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>path = directory</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the path to the directory provided by a file share or used by a printer share. If the option is omitted, it is set automatically in the <tt class="literal">[homes]</tt> share to the user's home directory; otherwise, defaults to<em class="filename"> /tmp</em>. Honors the <tt class="literal">%u</tt> (user) and <tt class="literal">%m</tt> (machine) variables.</p></div> <a name="INDEX-295"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>pid directory = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/var/locks</em></p><p>Sets the path to the directory where PID files are located.</p></div> <a name="INDEX-296"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>posix locking = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, Samba will map file locks owned by SMB clients to POSIX locks. Avoid changing.</p></div> <a name="INDEX-297"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>postexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as the user after disconnecting from the share. See also the <tt class="literal">preexec</tt>, <tt class="literal">root</tt> <tt class="literal">preexec</tt>, and <tt class="literal">root</tt> <tt class="literal">postexec</tt> options.</p></div> <a name="INDEX-298"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>postscript = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Forces a printer to recognize a file as PostScript by inserting <tt class="literal">%!</tt> as the first line. Works only if the printer is actually PostScript-compatible.</p></div> <a name="INDEX-299"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as the user before connecting to the share. Synonym for <tt class="literal">exec</tt>. See also the <tt class="literal">postexec</tt>, <tt class="literal">root</tt> <tt class="literal">preexec</tt>, and <tt class="literal">root</tt> <tt class="literal">postexec</tt> options.</p></div> <a name="INDEX-300"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preexec close = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, allows the <tt class="literal">preexec</tt> command to decide if the share can be accessed by the user. If the command returns a nonzero return code, the user is denied permission to connect.</p></div> <a name="INDEX-301"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preferred master = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: auto</p><p>If YES, Samba is the preferred master browser. Causes Samba to call a browsing election when it comes online. See also <tt class="literal">os level</tt>.</p></div> <a name="INDEX-302"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>prefered master = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: auto</p><p>Synonym for <tt class="literal">preferred master</tt>.</p></div> <a name="INDEX-303"/><a name="INDEX-304"/><a name="INDEX-305"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preload = service list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of shares</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of shares that always appears in <a name="INDEX-304"/><a name="INDEX-305"/>browse lists. Synonym for <tt class="literal">auto</tt> <tt class="literal">services</tt>. See also <tt class="literal">load printers</tt>.</p></div> <a name="INDEX-306"/><a name="INDEX-307"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preserve case = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p><a name="INDEX-307"/>Leaves filenames in the case sent by the client. If NO, it forces filenames to the case specified by the <tt class="literal">default</tt> <tt class="literal">case</tt> option. See also <tt class="literal">short</tt> <tt class="literal">preserve</tt> <tt class="literal">case</tt>.</p></div> <a name="INDEX-308"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Sets a share to be a print share. Required for all printers. Synonym for <tt class="literal">print</tt> <tt class="literal">ok</tt>.</p></div> <a name="INDEX-309"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printcap name = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/etc/printcap</em></p><p>Sets the path to the printer capabilities file used by the <tt class="literal">[printers]</tt> share. The default value changes to <em class="filename">/etc/qconfig</em> under AIX and <em class="filename">lpstat</em> on System V. Also called <tt class="literal">printcap</tt>.</p></div> <a name="INDEX-310"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>print command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to send a spooled file to the printer. Usually initialized to a default value corresponding to the <tt class="literal">printing</tt> option. This option honors the <tt class="literal">%p</tt> (printer name), <tt class="literal">%s</tt> (spool file), and <tt class="literal">%f</tt> (spool file as a relative path) variables. The command must delete the spool file.</p></div> <a name="INDEX-311"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: printer name</p><p><b class="emphasis-bold">Default</b>: lp</p><p>Sets the name of the Unix printer used by the share. Also called <tt class="literal">printer</tt> <tt class="literal">name</tt>.</p></div> <a name="INDEX-312"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer admin = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies users who can administer a printer using the remote printer administration interface on a Windows system. The <tt class="literal">root</tt> user always has these privileges.</p></div> <a name="INDEX-313"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer driver = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: exact printer driver string used by Windows</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the string to pass to Windows when asked which driver to use to prepare files for a printer share. Note that the value is case-sensitive. Part of pre-2.2 printing system. Deprecated.</p></div> <a name="INDEX-314"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer driver file = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/usr/local/samba/printers/printers.def</em></p><p>Sets the location of a <em class="emphasis">msprint.def</em> file. Usable by Windows 95/98/Me. Part of pre-2.2 printing system. Deprecated.</p></div> <a name="INDEX-315"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer driver location = directory</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">\\ server\ PRINTER$</em></p><p>Sets the location of the driver for a particular printer. The value is the pathname of the share that stores the printer driver files. Part of pre-2.2 printing system. Deprecated.</p></div> <a name="INDEX-316"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer name = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">printer</tt>.</p></div> <a name="INDEX-317"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printing = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: bsd, sysv, hpux, aix, qnx, plp, softq, lprng, cups</p><p><b class="emphasis-bold">Default</b>: bsd</p><p>Sets the printing style to a value other than that in which you've compiled. This sets initial values of at least <tt class="literal">print</tt> <tt class="literal">command</tt> , <tt class="literal">lpq</tt> <tt class="literal">command</tt> , and <tt class="literal">lprm</tt> <tt class="literal">command</tt>.</p></div> <a name="INDEX-318"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>print ok = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Synonym for <tt class="literal">printable</tt>.</p></div> <a name="INDEX-319"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>private directory = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/private</em></p><p>Specifies the directory used for storing security-sensitive files such as <em class="filename">smbpasswd</em> and <em class="filename">secrets.tdb</em>. New in Samba 3.0.</p></div> <a name="INDEX-320"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>protocol = name</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NT1, LANMAN2, LANMAN1, COREPLUS, CORE</p><p><b class="emphasis-bold">Default</b>: NT1</p><p>Synonym for <tt class="literal">max protocol</tt>.</p></div> <a name="INDEX-321"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>public = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, passwords are not needed for this share. Also called <tt class="literal">guest</tt> <tt class="literal">ok</tt>.</p></div> <a name="INDEX-322"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>queuepause command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to pause a print queue. Usually initialized to a default value by the <tt class="literal">printing</tt> option.</p></div> <a name="INDEX-323"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>queueresume command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to resume a print queue. Usually initialized to a default value by the <tt class="literal">printing</tt> option.</p></div> <a name="INDEX-324"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read bmpx = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, supports the "Read Block Multiplex" message. Avoid changing.</p></div> <a name="INDEX-325"/><a name="INDEX-326"/><a name="INDEX-327"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read list = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of user and/or group names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of <a name="INDEX-326"/><a name="INDEX-327"/>users given read-only access to a writable share.</p></div> <a name="INDEX-328"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read only = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Sets a share to read-only. Antonym of <tt class="literal">writable</tt>, <tt class="literal">writeable</tt>, and <tt class="literal">write ok</tt>.</p></div> <a name="INDEX-329"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read raw = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows clients to read data using a 64K packet size. Recommended.</p></div> <a name="INDEX-330"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read size = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 16384</p><p>Allows disk reads and writes to overlap network reads and writes. A tuning parameter. Do not set larger than the default.</p></div> <a name="INDEX-331"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>realm = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Kerberos realm name</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies the realm name for Kerberos 5 authentication. Requires the <tt class="literal">--with-krb5</tt> configure option. New in Samba 3.0.</p></div> <a name="INDEX-332"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>remote announce = remote list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of remote addresses</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Adds workgroups to the list on which the Samba server will announce itself. Specified as an IP address and optional workgroup (for instance, 192.168.220.215/SIMPLE) with multiple entries separated by spaces. Addresses can be the specific address of the browse master on a subnet or on directed broadcasts (i.e., ###.###.###.255). The server will appear on those workgroups' browse lists. Does not require WINS.</p></div> <a name="INDEX-333"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>remote browse sync = list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: IP addresses</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Perform browse list synchronization with other Samba local master browsers. Addresses can be specific addresses or directed broadcasts (i.e., ###.###.###.255). The latter causes Samba to locate the local master browser on that subnet.</p></div> <a name="INDEX-334"/><a name="INDEX-335"/><a name="INDEX-336"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>restrict anonymous = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-335"/><a name="INDEX-336"/>Denies access to users who do not supply a username. This is disabled by default because when the Samba server acts as the domain's PDC, the option can keep a client from revalidating its computer account when someone new logs in. Use of the option is recommended only when all clients are Windows NT/2000/XP systems.</p></div> <a name="INDEX-337"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">root</tt> <tt class="literal">directory</tt>.</p></div> <a name="INDEX-338"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root dir = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">root</tt> <tt class="literal">directory</tt>.</p></div> <a name="INDEX-339"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root directory = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: /</p><p>Specifies a directory to <em class="emphasis">chroot( )</em> before starting daemons. Prevents any access outside that directory tree. See also the <tt class="literal">wide</tt> <tt class="literal">links</tt> configuration option. Also called <tt class="literal">root</tt> and <tt class="literal">root</tt> <tt class="literal">dir</tt>.</p></div> <a name="INDEX-340"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root postexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as <tt class="literal">root</tt> after disconnecting from the share. See also the <tt class="literal">preexec</tt>, <tt class="literal">postexec</tt>, and <tt class="literal">root</tt> <tt class="literal">preexec</tt> configuration options. Runs after the user's <tt class="literal">postexec</tt> command. Use with caution.</p></div> <a name="INDEX-341"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root preexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as <tt class="literal">root</tt> before connecting to the share. See also the <tt class="literal">preexec</tt>, <tt class="literal">postexec</tt>, and <tt class="literal">root</tt> <tt class="literal">postexec</tt> configuration options. Runs before the user's <tt class="literal">preexec</tt> command. Use with caution.</p></div> <a name="INDEX-342"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root preexec close = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, allows the <tt class="literal">root</tt> <tt class="literal">preexec</tt> command to decide if the share can be accessed by the user. If the command returns a nonzero return code, the user will be denied permission to connect.</p></div> <a name="INDEX-343"/><a name="INDEX-344"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>security = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share, user, server, domain</p><p><b class="emphasis-bold">Default</b>: user</p><p>Sets the client <a name="INDEX-344"/>authentication method. If <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">share</tt>, services are password-protected, available to everyone who knows the password. If <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">user</tt>, users have accounts and passwords, and are required to authenticate with the server before accessing services. If <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">server</tt>, users have accounts and passwords as with <tt class="literal">security = user</tt>, and a separate system authenticates them for Samba. If <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">domain</tt>, Windows NT domain authentication is implemented using a Windows NT/2000 or other Samba server to validate accounts. See also the <tt class="literal">password server</tt> and <tt class="literal">encrypted</tt> <tt class="literal">passwords</tt> configuration options.</p></div> <a name="INDEX-345"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>security mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0777</p><p>Controls which permission bits can be changed if a user on a Windows NT/2000/XP system edits the Unix permissions of files on the Samba server using the Windows system's ACL editing dialog box. Any bit that is set in the mask can be changed by the user; any bit that is clear remains the same on the file even if the user tries to change it. Requires <tt class="literal">nt</tt> <tt class="literal">acl</tt> <tt class="literal">support</tt> <tt class="literal">=</tt> <tt class="literal">YES</tt>. Note that some rarely used bits map to the DOS system, hidden, and archive bits in the file attributes in a nonintuitive way.</p></div> <a name="INDEX-346"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>server string = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: string</p><p><b class="emphasis-bold">Default</b>: Samba <tt class="literal">%v</tt></p><p>Sets the name that corresponds to the Samba server in browse lists. Honors the <tt class="literal">%v</tt> (Samba version number) and <tt class="literal">%h</tt> (hostname) variables.</p></div> <a name="INDEX-347"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>set directory = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Allows the DEC Pathworks client to use the <em class="emphasis">set dir</em> command.</p></div> <a name="INDEX-348"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>share modes = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Directs Samba to support Windows-style whole-file (deny mode) locks. Do not change.</p></div> <a name="INDEX-349"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>short preserve case = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, leaves mangled 8.3-style filenames in the case sent by the client. If NO, forces the case to that specified by the <tt class="literal">default</tt> <tt class="literal">case</tt> option. See also <tt class="literal">preserve</tt> <tt class="literal">case</tt>.</p></div> <a name="INDEX-350"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>show add printer wizard = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set, tells clients that the Add Printer Wizard can be used to add a Samba printer from Windows NT/2000/XP clients. See also <tt class="literal">add printer command</tt>, <tt class="literal">delete printer</tt> <tt class="literal">comamnd</tt>, and <tt class="literal">printer admin</tt>.</p></div> <a name="INDEX-351"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>shutdown script = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies a command that initiates a system shutdown. The command is run with the UID of the connected user. The <tt class="literal">%m</tt> (message), <tt class="literal">%t</tt> (delay time), <tt class="literal">%r</tt> (reboot), and <tt class="literal">%f</tt> (force) options are supported. See also <tt class="literal">abort shutdown script</tt>. New in Samba 3.0.</p></div> <a name="INDEX-352"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smb passwd file = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/private/smbpasswd</em></p><p>Overrides the compiled-in path to the encrypted password file. See also <tt class="literal">encrypted</tt> <tt class="literal">passwords</tt> and <tt class="literal">private dir</tt>.</p></div> <a name="INDEX-353"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>socket address = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: IP address</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the address on which to listen for connections. Default is to listen to all addresses.</p></div> <a name="INDEX-354"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>socket options = list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: socket option list</p><p><b class="emphasis-bold">Default</b>: TCP_NODELAY</p><p>Sets OS-specific socket options. SO_KEEPALIVE makes TCP check clients every four hours to see if they are still accessible. TCP_NODELAY sends even tiny packets to keep delay low. Both are recommended wherever the operating system supports them.</p></div> <a name="INDEX-355"/><a name="INDEX-356"/><a name="INDEX-357"/><a name="INDEX-358"/><a name="INDEX-359"/><a name="INDEX-360"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>source environment = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Causes Samba to read a list of <a name="INDEX-356"/>environment variables from a file upon startup. This can be useful when setting up Samba in a <a name="INDEX-357"/><a name="INDEX-358"/><a name="INDEX-359"/><a name="INDEX-360"/>clustered environment. The filename can begin with a "|" (pipe) character, in which case it causes Samba to run the file as a command to obtain the variables.</p><p>The file must be owned by <tt class="literal">root</tt> and must not be world-writable. If the filename begins with a "|" character, it must point to a command that is neither world-writable nor resides in a world-writable directory.</p><p>The data should be in the form of lines such as SAMBA_NETBIOS_NAME=<em class="replaceable">myhostname</em>. This value will then be available in the <em class="filename">smb.conf</em> files as %$SAMBA_NETBIOS_NAME.</p></div> <a name="INDEX-361"/><a name="INDEX-362"/><a name="INDEX-363"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-362"/><a name="INDEX-363"/>Makes Samba use SSL for data exchange with some or all hosts. Requires <tt class="literal">--with-ssl</tt> configure option.Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-364"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl CA certDir = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/certs</em></p><p>Specifies a directory containing a file for each Certification Authority (CA) that the Samba server trusts so that Samba can verify client certificates. Part of SSL support. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-365"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl CA certFile = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/certs/trustedCAs.pem</em></p><p>Specifies a file that contains information for each CA that the Samba server trusts so that Samba can verify client certificates. Part of SSL support. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-366"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl ciphers = list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of ciphers</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies which ciphers should be offered during SSL negotiation. Not recommended. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-367"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl client cert = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/certs/smbclient.pem</em></p><p>Specifies a file containing the server's SSL certificate, for use by <em class="emphasis">smbclient</em> if certificates are required in this environment. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-368"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl client key = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/private/smbclient.pem</em></p><p>Specifies a file containing the server's private SSL key, for use by <em class="emphasis">smbclient</em>. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-369"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl compatibility = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Determines whether SSLeay should be configured for bug compatibility with other SSL implementations. Not recommended. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-370"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl hosts = host list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Requires that SSL be used with the hosts listed. By default, if the <tt class="literal">ssl</tt> option is set, the server requires SSL with all hosts. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-371"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl hosts resign = host list</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Suppresses the use of SSL with the hosts listed. By default, if the <tt class="literal">ssl</tt> option is set, the server requires SSL with all hosts. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-372"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl require clientcert = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Requires clients to use certificates when SSL is in use. This option is recommended if SSL is used. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-373"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl require servercert = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>When SSL is in use, <em class="emphasis">smbclient</em> requires servers to use certificates. This option is recommended if SSL is used. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-374"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl server cert = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a file containing the server's SSL certificate. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-375"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl server key = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a file containing the server's private SSL key. If no file is specified and SSL is in use, the server looks up its key in its server certificate. Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-376"/><a name="INDEX-377"/><a name="INDEX-378"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl version = string</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: "ssl2", "ssl3", "ssl2or3", "tls1"</p><p><b class="emphasis-bold">Default</b>: "ssl2or3"</p><p>Defines which versions of the SSL protocol the server can use: Version 2 only ("ssl2"), Version 3 only ("ssl3"), Version 2 or 3 dynamically negotiated ("ssl2or3"), or Transport Layer Security ("tls1"). Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete starting with Samba 3.0.<a name="INDEX-377"/><a name="INDEX-378"/></p></div> <a name="INDEX-379"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>stat cache = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Makes the Samba server cache client names for faster resolution. Should not be changed.</p></div> <a name="INDEX-380"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>stat cache size = number </i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 50</p><p>Determines the number of client names cached for faster resolution. Should not be changed.</p></div> <a name="INDEX-381"/><a name="INDEX-382"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>status = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, logs connections to a file (or shared memory) accessible to <em class="filename">smbstatus</em>. <a name="INDEX-382"/>Obsolete starting with Samba 3.0.</p></div> <a name="INDEX-383"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strict allocate = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, allocates all disk blocks when creating or extending the size of files, instead of using the normal sparse file allocation used on Unix. This slows the server, but results in behavior that matches that of Windows and helps Samba correctly report "out of quota" messages.</p></div> <a name="INDEX-384"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strict locking = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, checks locks on every access, not just on demand and at open time. Not recommended.</p></div> <a name="INDEX-385"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strict sync = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, Samba synchronizes to disk whenever the client sets the sync bit in a packet. If set to NO, Samba flushes data to disk whenever buffers fill. Defaults to NO because Windows 98 Explorer sets the bit (incorrectly) in all packets.</p></div> <a name="INDEX-386"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strip dot = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Removes trailing dots from filenames. Dysfunctional in Samba 2.2; use <tt class="literal">mangled</tt> <tt class="literal">map</tt> instead.</p></div> <a name="INDEX-387"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>sync always = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, Samba forces the data to disk through <em class="emphasis">fsync</em> (3) after every write. Avoid except to debug crashing servers.</p></div> <a name="INDEX-388"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>syslog = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 1</p><p>Sets the level of Samba log messages to send to <em class="filename">syslog</em>. Higher is more verbose. The <em class="filename">syslog.conf</em> file must have suitable logging enabled.</p></div> <a name="INDEX-389"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>syslog only = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, logs only to <em class="emphasis">syslog</em> instead of the standard Samba log files.</p></div> <a name="INDEX-390"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>template homedir = path</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to directory</p><p><b class="emphasis-bold">Default</b>: /home/<tt class="literal">%D</tt>/<tt class="literal">%U</tt></p><p>Sets the home directory for Unix login sessions for users authenticated through winbind. <tt class="literal">%D</tt> will be replaced with user's domain name; <tt class="literal">%U</tt> by the username.</p></div> <a name="INDEX-391"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>template shell = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to shell</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/bin/false</em></p><p>Sets the shell for Unix login sessions for users authenticated through winbind. The default value prevents all Windows domain user logins.</p></div> <a name="INDEX-392"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>time offset = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of minutes</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Sets the number of minutes to add to the system time-zone calculation. Provided to fix a client daylight-savings bug. Not recommended.</p></div> <a name="INDEX-393"/><a name="INDEX-394"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>time server = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, <em class="emphasis">nmbd</em><a name="INDEX-394"/> advertises itself as a provider of SMB time service to clients. This option only affects whether the time service is advertised. It does not enable or disable time service.</p></div> <a name="INDEX-395"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>timestamp logs = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Synonym for <tt class="literal">debug</tt> <tt class="literal">timestamp</tt>.</p></div> <a name="INDEX-396"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>total print jobs = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0 (no limit)</p><p>Limits total number of current print jobs on server. See also <tt class="literal">max print jobs</tt>.</p></div> <a name="INDEX-397"/><a name="INDEX-398"/><a name="INDEX-399"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>unix extensions = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, supports <a name="INDEX-398"/>CIFS Unix extensions, providing better filesystem support for Unix clients. <a name="INDEX-399"/>Obsolete in Samba 3.0, which always offers support.</p></div> <a name="INDEX-400"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>unix password sync = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, attempts to change the user's Unix password whenever the user changes her SMB password. Used to ease synchronization of Unix and Microsoft password databases. See also <tt class="literal">password program</tt> and <tt class="literal">passwd</tt> <tt class="literal">chat</tt>.</p></div> <a name="INDEX-401"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>update encrypted = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Updates the encrypted password file when a user logs on with an unencrypted password. Provided to ease conversion from unencrypted to encrypted passwords.</p></div> <a name="INDEX-402"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use client driver = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Used for avoiding <tt class="literal">Access Denied; Unable to connect</tt> messages when connecting to a Samba printer from Windows NT/2000/XP clients. Necessary only when the client has a local printer driver for the Samba printer.</p></div> <a name="INDEX-403"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use mmap = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Tells Samba whether the <em class="emphasis">mmap( )</em> system call works correctly on the Samba host. Default is automatically set correctly. Do not change.</p></div> <a name="INDEX-404"/><a name="INDEX-405"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use rhosts = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, users' <em class="filename">~/.rhosts</em> files will be used to identify systems from which users can connect without providing a password. Discouraged. <a name="INDEX-405"/>Obsolete in Samba 3.0.</p></div> <a name="INDEX-406"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use sendfile = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If yes, Samba will perform some data transfers for exclusively oplocked files using the <em class="emphasis">sendfile( )</em> system call, which results in significant performance improvements. This is available if Samba has been configured with the <tt class="literal">--with-sendfile-support</tt> option. This is an experimental option and is new in Samba 2.2.5.</p></div> <a name="INDEX-407"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>user = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">username</tt>.</p></div> <a name="INDEX-408"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>username = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a list of users that are tried when logging on with share-level security in effect. Also called <tt class="literal">user</tt> or <tt class="literal">users</tt>. Discouraged. Use <tt class="literal">NET</tt> <tt class="literal">USE</tt> <tt class="literal">\\</tt><em class="replaceable">server</em><tt class="literal">\</tt><em class="replaceable">share </em><tt class="literal">%</tt><em class="replaceable">user</em> from the client instead.</p></div> <a name="INDEX-409"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>username level = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Specifies the number of uppercase-letter permutations allowed to match Unix usernames. A workaround for Windows' single-case usernames. Use is discouraged.</p></div> <a name="INDEX-410"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>username map = filename</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Names a file of Unix-to-Windows name pairs; used to map different spellings of account names and Windows usernames longer than eight characters.</p></div> <a name="INDEX-411"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">username</tt>.</p></div> <a name="INDEX-412"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>utmp = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>This is available if Samba has been configured with the <tt class="literal">--with-utmp</tt> option. If set, Samba adds <em class="emphasis">utmp</em>/<em class="emphasis">utmpx</em> records whenever a connection is made to a Samba server. Sites can use this option to record each connection to a Samba share as a system login.</p></div> <a name="INDEX-413"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>utmp directory = directory</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>This is available if Samba has been configured with the <tt class="literal">--with-utmp</tt> option. If this option and <tt class="literal">utmp</tt> are set, Samba will look in the specified directory rather than the default system directory for <em class="filename">utmp</em>/<em class="filename">utmpx</em> files.</p></div> <a name="INDEX-414"/><a name="INDEX-415"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>valid chars = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of numeric values</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Adds national characters to a character set map. See also <tt class="literal">client</tt> <tt class="literal">code</tt> <tt class="literal">page</tt>. <a name="INDEX-415"/>Obsolete in Samba 3.0.</p></div> <a name="INDEX-416"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>valid users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL (allows everyone)</p><p>Specifies a list of users that can connect to a share. See also <tt class="literal">invalid users</tt>.</p></div> <a name="INDEX-417"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>veto files = slash-separated list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: slash-separated list of filenames</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of files that the client will not see when listing a directory's contents. See also <tt class="literal">delete</tt> <tt class="literal">veto</tt> <tt class="literal">files</tt> and <tt class="literal">hide files</tt>.</p></div> <a name="INDEX-418"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>veto oplock files = slash-separated list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: slash-separated list of filenames</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of files not to oplock (and cache on clients). See also <tt class="literal">oplocks</tt> and <tt class="literal">fake</tt> <tt class="literal">oplocks</tt>.</p></div> <a name="INDEX-419"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>vfs object = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to shared library</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the shared library to use for Samba's Virtual File System (VFS). Requires the <tt class="literal">--with-vfs</tt> configure option.</p></div> <a name="INDEX-420"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>vfs options = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: space-separated list of options</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies parameters to the VFS. Requires the <tt class="literal">--with-vfs</tt> configure option. See <tt class="literal">vfs object</tt>.</p></div> <a name="INDEX-421"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>volume = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the volume label of a disk share. Especially useful with shared CD-ROMs.</p></div> <a name="INDEX-422"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wide links = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set, Samba follows symlinks out of the disk share. See also the <tt class="literal">root</tt> <tt class="literal">dir</tt> and <tt class="literal">follow</tt> <tt class="literal">symlinks</tt> options.</p></div> <a name="INDEX-423"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind cache time = number</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 15</p><p>Sets the amount of time that the <em class="emphasis">winbindd</em> daemon caches user and group information.</p></div> <a name="INDEX-424"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind enum users = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES/NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to NO, enumeration of users is suppressed by winbind. Discouraged.</p></div> <a name="INDEX-425"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind enum groups = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES/NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to NO, enumeration of groups is suppressed by winbind. Discouraged.</p></div> <a name="INDEX-426"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind gid = numeric range</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer-integer</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the group ID range winbind uses for Windows NT domain users connecting to Samba.</p></div> <a name="INDEX-427"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind separator = character</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: ASCII character</p><p><b class="emphasis-bold">Default</b>: \</p><p>Specifies the character winbind uses to separate a domain name and username.</p></div> <a name="INDEX-428"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind uid = numeric range</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer-integer</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the user ID range winbind will use for Windows NT domain users connecting to Samba.</p></div> <a name="INDEX-429"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins hook = command</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command to run whenever the WINS server updates its database. Allows WINS to be synchronized with DNS or other services. The command is passed one of the arguments <tt class="literal">add</tt>, <tt class="literal">delete</tt>, or <tt class="literal">refresh</tt>, followed by the NetBIOS name, the name type (two hexadecimal digits), the TTL in seconds, and the IP addresses corresponding to the NetBIOS name. Requires <tt class="literal">wins</tt> <tt class="literal">service</tt> <tt class="literal">=</tt> <tt class="literal">YES</tt>.</p></div> <a name="INDEX-430"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins proxy = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, <em class="emphasis">nmbd</em> proxies resolution requests to WINS servers on behalf of old clients, which use broadcasts. The WINS server is typically on another subnet.</p></div> <a name="INDEX-431"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins server = value</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: hostname or IP address</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the DNS name or IP address of the WINS server.</p></div> <a name="INDEX-432"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins support = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, activates the WINS service. The <tt class="literal">wins</tt> <tt class="literal">server</tt> option must not be set if <tt class="literal">wins</tt> <tt class="literal">support</tt> <tt class="literal">=</tt> <tt class="literal">YES</tt>.</p></div> <a name="INDEX-433"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>workgroup = name</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: workgroup name</p><p><b class="emphasis-bold">Default</b>: compiled-in</p><p>Sets the workgroup or domain to which the Samba server belongs. Overrides the compiled-in default of WORKGROUP. Choosing a name other than WORKGROUP is highly recommended.</p></div> <a name="INDEX-434"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>writable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Antonym for <tt class="literal">read</tt> <tt class="literal">only</tt>; <tt class="literal">writeable</tt> and <tt class="literal">write</tt> <tt class="literal">ok</tt> are synonyms.</p></div> <a name="INDEX-435"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>writeable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Antonym for <tt class="literal">read</tt> <tt class="literal">only</tt>; <tt class="literal">writable</tt> and <tt class="literal">write</tt> <tt class="literal">ok</tt> are synonyms.</p></div> <a name="INDEX-436"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write cache size = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: decimal number of bytes</p><p><b class="emphasis-bold">Default</b>: 0 (disabled)</p><p>Allocates a write buffer of the specified size in which Samba accumulates data before a write to disk. This option can be used to ensure that each write has the optimal size for a given filesystem. It is typically used with RAID drives, which have a preferred write size, and with systems that have large memory and slow disks.</p></div> <a name="INDEX-437"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write list = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of users that are given read/write access to a read-only share. See also <tt class="literal">read</tt> <tt class="literal">list</tt>.</p></div> <a name="INDEX-438"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write ok = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Synonym for <tt class="literal">writable</tt>.</p></div> <a name="INDEX-439"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write raw = boolean</i></b></font></td><td align="right"><i>[global] </i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows fast-streaming writes over TCP using 64KB buffers. Recommended.</p></div> <div class="sect1"><a name="samba2-APP-B-SECT-2"/> <h2 class="head1">Glossary of Configuration Value Types</h2> <dl> <dt><b><a name="INDEX-440"/><em class="emphasis">boolean</em></b></dt> <dd> <p>One of two values, either YES or NO.</p> </dd> <dt><b>character</b></dt> <dd> <p>A single ASCII character.</p> </dd> <dt><b>command</b></dt> <dd> <p>A Unix script or compiled program, with an absolute path specified for the executable and parameters.</p> </dd> <dt><b>directory</b></dt> <dd> <p>An absolute path specification to a directory. For example:</p> <blockquote><pre class="code">/usr/local/samba/lib</pre></blockquote> </dd> </dl> <dl> <dt><b>filename</b></dt> <dd> <p>An absolute path specification to a file. For example:</p> <blockquote><pre class="code">/etc/printcap</pre></blockquote> </dd> <dt><b>host list</b></dt> <dd> <p>A list of hosts. Allows IP addresses, address masks, domain names, ALL, and EXCEPT.</p> </dd> <dt><b>interface list</b></dt> <dd> <p>A list of interfaces, in either address/netmask or address/n-bits format. For example:</p> <blockquote><pre class="code">192.168.2.10/255.255.255.0, 192.168.2.10/24</pre></blockquote> </dd> <dt><b>map list</b></dt> <dd> <p>A list of filename remapping strings such as <tt class="literal">(*.html</tt> <tt class="literal">*.htm)</tt>.</p> </dd> <dt><b>name</b></dt> <dd> <p>A single name of a type of object, as specified in the option's description.</p> </dd> <dt><b>number</b></dt> <dd> <p>A positive integer.</p> </dd> <dt><b>numeric range</b></dt> <dd> <p>Two numbers separated by a dash, specifying a minimum and a maximum value. For example:</p> <blockquote><pre class="code">100-250</pre></blockquote> </dd> <dt><b>remote list</b></dt> <dd> <p>A list of subnet-broadcast-address/workgroup pairs. For example:</p> <blockquote><pre class="code">192.168.2.255/SERVERS 192.168.4.255/STAFF</pre></blockquote> </dd> <dt><b>service (share) list</b></dt> <dd> <p>A list of service (share) names, without the enclosing parentheses.</p> </dd> <dt><b>slash-separated list</b></dt> <dd> <p>A list of filenames, separated by "/" characters to allow embedded spaces. For example:</p> <blockquote><pre class="code">/.*/My Documents/*.doc/</pre></blockquote> </dd> <dt><b>string</b></dt> <dd> <p>One line of arbitrary text.</p> </dd> <dt><b>user list</b></dt> <dd> <p>A list of usernames and/or group names. <tt class="literal">@</tt><em class="replaceable">group_name</em> includes whomever is in the NIS netgroup <em class="replaceable">group_name</em>, if one exists, or otherwise whomever is in the Unix group <em class="replaceable">group_name</em>. In addition, <tt class="literal">+</tt><em class="replaceable">group_name</em> is a Unix group, <tt class="literal">&</tt><em class="replaceable">group_name</em> is an NIS netgroup, and <tt class="literal">&+</tt> and <tt class="literal">+&</tt> cause an ordered search of both Unix and NIS groups.</p> </dd> <dt><b>value</b></dt> <dd> <p>A value of some miscellaneous type, as specified in the option's description.<a name="INDEX-441"/></p> </dd> </dl> </div> <div class="sect1"><a name="samba2-APP-B-SECT-3"/> <h2 class="head1">Configuration File Variables</h2> <p><a href="appb.html#samba2-APP-B-TABLE-1">Table B-1</a> lists the Samba configuration file variables.</p> <a name="samba2-APP-B-TABLE-1"/><h4 class="head4">Table B-1. Configuration file variables</h4><table border="1"> <tr> <th> <p>Name</p> </th> <th> <p>Meaning</p> </th> </tr> <tr> <td> <p><tt class="literal">%a</tt></p> </td> <td> <p>Client's architecture (Samba, WfWg, WinNT, Win95, or UNKNOWN)</p> </td> </tr> <tr> <td> <p><tt class="literal">%d</tt></p> </td> <td> <p>Current server process's process ID</p> </td> </tr> <tr> <td> <p><tt class="literal">%D</tt></p> </td> <td> <p>User's Windows NT Domain</p> </td> </tr> <tr> <td> <p><tt class="literal">%f</tt></p> </td> <td> <p>Printer spool file as a relative path (printing only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%f</tt></p> </td> <td> <p>User from which a message was sent (messages only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%G</tt></p> </td> <td> <p>Primary group name of <tt class="literal">%U</tt> (requested username)</p> </td> </tr> <tr> <td> <p><tt class="literal">%g</tt></p> </td> <td> <p>Primary group name of <tt class="literal">%u</tt> (actual username)</p> </td> </tr> <tr> <td> <p><tt class="literal">%H</tt></p> </td> <td> <p>Home directory of <tt class="literal">%u</tt> (actual username)</p> </td> </tr> <tr> <td> <p><tt class="literal">%h</tt></p> </td> <td> <p>Samba server's (Internet) hostname</p> </td> </tr> <tr> <td> <p><tt class="literal">%I</tt></p> </td> <td> <p>Client's IP address</p> </td> </tr> <tr> <td> <p><tt class="literal">%j</tt></p> </td> <td> <p>Print job number (printing only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%L</tt></p> </td> <td> <p>Samba server's NetBIOS name (virtual servers have multiple names)</p> </td> </tr> <tr> <td> <p><tt class="literal">%M</tt></p> </td> <td> <p>Client's (Internet) hostname</p> </td> </tr> <tr> <td> <p><tt class="literal">%m</tt></p> </td> <td> <p>Client's NetBIOS name</p> </td> </tr> <tr> <td> <p><tt class="literal">%N</tt></p> </td> <td> <p>Name of the NIS home directory server (without NIS, same as <tt class="literal">%L</tt>)</p> </td> </tr> <tr> <td> <p><tt class="literal">%n</tt></p> </td> <td> <p>New password (password change only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%o</tt></p> </td> <td> <p>Old password (password change only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%P</tt></p> </td> <td> <p>Current share's root directory (actual)</p> </td> </tr> <tr> <td> <p><tt class="literal">%p</tt></p> </td> <td> <p>Current share's root directory (in an NIS homedir map)</p> </td> </tr> <tr> <td> <p><tt class="literal">%p</tt></p> </td> <td> <p>Print filename (printing only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%R</tt></p> </td> <td> <p>Protocol level in use (CORE, COREPLUS, LANMAN1, LANMAN2, or NT1)</p> </td> </tr> <tr> <td> <p><tt class="literal">%S</tt></p> </td> <td> <p>Current share's name</p> </td> </tr> <tr> <td> <p><tt class="literal">%s</tt></p> </td> <td> <p>Name of the file in which the message resides (messages only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%s</tt></p> </td> <td> <p>Printer spool filename (printing only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%T</tt></p> </td> <td> <p>Current date and time</p> </td> </tr> <tr> <td> <p><tt class="literal">%t</tt></p> </td> <td> <p>Destination system (messages only)</p> </td> </tr> <tr> <td> <p><tt class="literal">%U</tt></p> </td> <td> <p>Requested username for current share</p> </td> </tr> <tr> <td> <p><tt class="literal">%u</tt></p> </td> <td> <p>Current share's username</p> </td> </tr> <tr> <td> <p><tt class="literal">%v</tt></p> </td> <td> <p>Samba version</p> </td> </tr> <tr> <td> <p>%$<em class="replaceable">name</em></p> </td> <td> <p>Value of environment variable <em class="replaceable">name</em></p> </td> </tr> </table> </div> <hr/><h4 class="head4"><a href="toc.html">TOC</a></h4> </body></html>