|
|
The first section of this appendix lists each option that can be used in a Samba configuration file, which is usually named smb.conf. Most configuration files contain a global section of options that apply to all services (shares) and a separate section for various individual shares. If an option applies only to the global section, [global] appears to the right of its name in the following reference section.
Except where noted, when specifying elements of a list, the elements can be separated by spaces, tabs, commas, semicolons, escaped newlines, or escaped carriage returns.
Following this reference section is a glossary of value types, and a list of variables Samba recognizes.
| abort shutdown script = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that stops the shutdown procedure started by shutdown script. The command will be run with the UID of the connected user. New in Samba 3.0.
| add printer command = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that creates a new printer on the system hosting the Samba server. This command runs as root when the Windows NT/2000/XP Add Printer Wizard is run. The command will be passed a printer name, share name, port name, driver name, Windows NT/2000/XP driver location, and Windows 95/98/Me driver location, in that order. It will need to add the printer to the system and a share definition for the printer to smb.conf. See also add printer wizard, printing, and show add printer wizard.
| add machine script = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that adds a computer to the Samba server's domain. New in Samba 3.0.
| add share command = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that creates a new share on the Samba server. This command runs as root when a share is created using the Windows NT/2000/XP Server Manager. The client user must be logged on as the root user. The command will be passed the name of the Samba configuration file, the name of the share to be created, the full pathname of a directory on the Samba server (which must already exist), and a string to use as a comment for the share, in that order. The command must add a share definition for the share to smb.conf. See also add printer command, for adding a print share.
| add user script = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that creates a new user on the system hosting the Samba server. This command runs as root when access to a Samba share is attempted by a Windows user who does not have an account on the hosting system, but does have an account maintained by a primary domain controller on a different system. The command should accept the name of the user as a single argument that matches the behavior of typical adduser commands. Samba honors the %u value (username) as the argument to the command. Requires security = server or security = domain. See also delete user script.
| admin users = user list |
Allowable values: user list
Default: NULL
Specifies users who will be granted root permissions on the share by Samba.
| ads server = value | [global] |
Allowable values: DNS hostname or IP address
Default: NONE
Specifies the Active Directory server, used by Samba 3.0 for authenticating clients. Requires security = ads. New in Samba 3.0.
| algorithmic rid base = number | [global] |
Allowable values: positive integer
Default: 1000
Specifies the base value that Samba uses when calculating Windows domain security identifier equivalents to Unix UIDs. See also non unix account range. New in Samba 3.0.
| allow hosts = host list |
Allowable values: list of hosts or networks
Default: NULL
Specifies systems that can connect to the share or shares. If NULL, any system can access the share unless there is a hosts deny option. Synonym for hosts allow.
| allow trusted domains = boolean | [global] |
Allowable values: YES, NO
Default: YES
Allows access to users who lack accounts on the Samba server but have accounts in another, trusted domain. Requires security = server or security = domain.
| announce as = value | [global] |
Allowable values: NT, Win95, Wf W
Default: NT
Has Samba announce itself as something other than an NT server. Discouraged because it interferes with serving browse lists.
| announce version = value | [global] |
Allowable values: two numbers separated by a dot character
Default: 4.5
Instructs Samba to announce itself as a different version SMB server. Discouraged.
| auth methods = list | [global] |
Allowable values: guest, sam, ntdomain
Default: NONE
Specifies what methods Samba tries in turn to authenticate users. New in Samba 3.0.
| auto services = service list | [global] |
Allowable values: service list
Default: NULL
Specifies a list of shares that always appear in browse lists. Also called preload.
| available = boolean |
Allowable values: YES, NO
Default: YES
If set to NO, denies access to a share. The share appears in the browse list, but attempts to access it will fail.
| bind interfaces only = boolean | [global] |
Allowable values: YES, NO
Default: NO
If set to YES, shares and browsing are provided only on interfaces in an interfaces list (see interfaces). If you set this option to YES, be sure to add 127.0.0.1 to the interfaces list to allow smbpasswd to connect to the local system to change passwords. This is a convenience option; it does not improve security.
| block size = number |
Allowable values: integer
Default: 1024
Sets the size of disk blocks as reported by smbd to the client. Obsolete starting with Samba 3.0.
| blocking locks = boolean |
Allowable values: YES, NO
Default: YES
If YES, honors byte range lock requests with time limits. Samba will queue the requests and retry them until the time period expires.
| browsable = boolean |
Allowable values: YES, NO
Default: YES
Allows a share to be announced in browse lists. Also called browseable.
| browse list = boolean | [global] |
Allowable values: YES, NO
Default: YES
If YES, serves the browse list to other systems on the network. Avoid changing.
| browseable = boolean |
Allowable values: YES, NO
Default: YES
Synonym for browsable.
| case sensitive = boolean | [global] |
Allowable values: YES, NO
Default: NO
If YES, uses the exact case the client supplied when trying to resolve a filename. If NO, matches either upper- or lowercase name. Avoid changing. Also called casesignames.
| casesignames = boolean | [global] |
Allowable values: YES, NO
Default: NO
Synonym for case sensitive.
| change notify timeout = number | [global] |
Allowable values: positive number
Default: 60
Sets the number of seconds between checks when a client asks for notification of changes in a directory. Avoid lowering.
| change share command = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that modifies a share definition on the Samba server. This command runs as root when a share is created using the Windows NT/2000/XP Server Manager. The client user must be logged on as the root user. The command is passed the name of the Samba configuration file, the name of the share to be modified, the full pathname of a directory on the Samba server (which must already exist), and a string to use as a comment for the share, in that order. The command modifies the share definition for the share in smb.conf. See also add share command and delete share command.
| character set = name |
Allowable values: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R
Default: NULL
If set, translates from DOS code pages to the Western European (ISO8859-1), Eastern European (ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian (KOI8-R) character set. The client code page option must be set to 850. Obsolete starting with Samba 3.0.
| client code page = name |
Allowable values: see Table 11-4 in Chapter 11
Default: 850 (MS-DOS Latin 1)
Sets the DOS code page explicitly, overriding any previous valid chars settings. Examples of values are 850 for Western European, 437 for the U.S. standard, and 932 for Japanese Shift-JIS. Obsolete starting with Samba 3.0.
| code page directory = directory | [global] |
Allowable values: full directory name
Default: /usr/local/samba/lib/codepages
Specifies the directory that stores code pages. Obsolete starting with Samba 3.0.
| coding system = value | [global] |
Allowable values: euc, cap, hex, hexN, sjis, j8bb, j8bj, jis8, j8bh, j8@b, j8@j,j8@h, j7bb, j7bj, jis7, j7bh, j7@b, j7@j, j7@h, jubb, jubj, junet, jubh, ju@b, ju@j, ju@h
Default: NULL
Sets the coding system used, notably for Kanji. This is employed for filenames and should correspond to the code page in use. The client code page option must be set to 932 ( Japanese Shift-JIS). Obsolete starting with Samba 3.0.
| comment = string |
Allowable values: string
Default: NULL
Sets the comment corresponding to a share. The comment appears in places such as a net view listing or through the Network Neighborhood. See also the server string configuration option.
| config file = filename | [global] |
Allowable values: \filename
Default: NULL
Selects a new Samba configuration file to read instead of the current one. Used to relocate the configuration file or used with % variables to select custom configuration files for some users or systems.
| copy = section name |
Allowable values: existing section's name
Default: NULL
Copies the configuration of an already defined share into the share in which this option appears. Used with % variables to select custom configurations for systems, architectures, and users. Each option specified or copied takes precedence over earlier specifications of the option.
| create mask = value |
Allowable values: octal value from 0 to 0777
Default: 0744
Sets the maximum allowable permissions for new files (e.g., 0755). See also directory mask. To require certain permissions to be set, see force create mask and force directory mask. Also called create mode.
| create mode = value |
Allowable values: octal value from 0 to 0777
Default: 0744
Synonym for create mask.
| csc policy = value |
Allowable values: manual, documents, programs, or disable
Default: manual
Sets the client-side caching policy, telling them how to cache files offline if they are capable of doing so.
| deadtime = number | [global] |
Allowable values: number
Default: 0
Specifies the time in minutes before an unused connection will be terminated. Zero means never. Used to keep clients from tying up server resources for long periods of time. If used, clients must autoreconnect after the specified period of inactivity. See also keepalive.
| debug hires timestamp = boolean | [global] |
Allowable values: YES, NO
Default: NO
Changes the timestamps in log entries from seconds to microseconds. Useful for measuring performance.
| debug pid = boolean | [global] |
Allowable values: YES, NO
Default: NO
Adds the process ID of the Samba server to log lines, making it easier to debug a particular server. Requires debug timestamp = yes to work.
| debug timestamp = boolean | [global] |
Allowable values: YES, NO
Default: YES
Timestamps all log messages. Can be turned off when it's not useful (e.g., in debugging ). Also called timestamp logs.
| debug uid = boolean | [global] |
Allowable values: YES, NO
Default: NO
Adds the real and effective user ID and group ID of the user being served to the logs, making it easier to debug one particular user.
| debuglevel = number | [global] |
Allowable values: number
Default: 0
Sets the logging level used. Values of 3 or more slow Samba noticeably. Also called log level. Recommended value is 1.
| default = service name | [global] |
Allowable values: share name
Default: NULL
Specifies the name of a service (share) to provide if someone requests a service he doesn't have permission to use or that doesn't exist. The path is set from the name the client specified, with any underscore ( _ ) characters changed to slash ( / ) characters, allowing access to any directory on the Samba server. Use is discouraged. See also load printers. Also called default service.
| default case = value |
Allowable values: LOWER, UPPER
Default: LOWER
Sets the case in which to store new filenames. LOWER indicates lowercase, and UPPER indicates uppercase.
| default devmode = boolean |
Allowable values: YES, NO
Default: NO
Used with printer shares being accessed by Windows NT/2000/XP clients to set a default device mode for the printer. Can be problematic. Use with care.
| default service = share name | [global] |
Allowable values: share name
Default: NULL
Synonym for default.
| delete printer command = command | [global] |
Allowable values: command
Default: NULL
Specifies a command that removes a printer from the system hosting the Samba server and deletes its service definition from smb.conf. The command is passed a printer name as its only argument. See also add printer command, printing, and show add printer wizard.
| delete readonly = boolean |
Allowable values: NO, YES
Default: NO
If set to YES, allows delete requests to remove read-only files. This is not allowed in MS-DOS/Windows, but it is normal in Unix, which has separate directory permissions. Used with programs such as RCS.
| delete share command = command |
Allowable values: command
Default: NULL
Specifies a command that deletes a share from the Samba server. The command runs when a user logged in as the root user on a Windows NT/2000/XP system deletes a share using Server Manager. The command is passed the name of the Samba configuration file and the name of the share to be deleted. The command must remove the definition of the share from the configuration file. See also add share command and change share command.
| delete user script = command | [global] |
Allowable values: full path to script
Default: NULL
Sets the command to run as root when a user connects who no longer has an account on the domain's PDC. Honors %u. Can be used to delete the user account automatically from the Samba server's host. Requires security = domain or security = user. Use with caution. See also add user script.
| delete veto files = boolean |
Allowable values: NO, YES
Default: NO
If set to YES, allows delete requests for a directory containing files or subdirectories the user can't see due to the veto files option. If set to NO, the directory is not deleted and still contains invisible files.
| deny hosts = host list |
Allowable values: hosts or networks
Default: NULL
Specifies a list of systems from which to refuse connections. Also called hosts deny.
| dfree command = command | [global] |
Allowable values: command
Default: varies
Specifies a command to run on the server to return free disk space. Not needed unless the Samba host system's dfree command does not work properly.
| directory = directory |
Allowable values: Unix directory name
Default: varies
Sets the path to the directory provided by a file share or used by a printer share. If the option is omitted in the [homes] share, it is set automatically to the user's home directory; otherwise, it defaults to /tmp. For a printer share, the directory is used to spool printer files. Honors the %u (user) and %m (machine) variables. Synonym for path.
| directory mask = value |
Allowable values: octal value from 0 to 0777
Default: 0755
Sets the maximum allowable permissions for newly created directories. To require that certain permissions be set, see the force create mask and force directory mask options. Also called directory mode.
| directory mode = value |
Allowable values: octal value from 0 to 0777
Default: 0755
Synonym for directory mask.
| directory security mask = value |
Allowable values: octal value from 0 to 0777
Default: same as directory mode
Controls which permission bits can be changed if a user edits the Unix permissions of directories on the Samba server from a Windows system. Any bit that is set in the mask can be changed by the user; any bit that is clear remains the same on the directory even if the user tries to change it. Requires nt acl support = YES.
| disable spools = boolean | [global] |
Allowable values: YES, NO
Default: NO
If set to YES, Windows NT/2000/XP systems will downgrade to Lanman-style printing. Prevents printer driver uploading and downloading from working. Use with care. See also use client driver.
| dns proxy = boolean | [global] |
Allowable values: YES, NO
Default: YES
If set to YES and if wins server = YES, looks up hostnames in DNS when they are not found using WINS.
| domain admin group = user list | [global] |
Allowable values: usernames and/or group names
Default: NULL
Specifies users who are in the Domain Admins group and have domain administrator authority when Samba is the PDC. See also domain guest group and domain logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.
| domain guest group = user/group list | [global] |
Allowable values: list of usernames and/or group names
Default: NULL
Specifies users who are in the Domain Guest group when Samba is the PDC. See also domain admin group and domain logons. Useful in Samba 2.2 only. Obsolete in Samba 3.0.
| domain logons = boolean | [global] |
Allowable values: YES, NO
Default: NO
Causes Samba to serve domain logons. This is one of the basic functions required when Samba is acting as the PDC.
| domain master = boolean | [global] |
Allowable values: YES, NO
Default: automatic
Makes Samba a domain master browser for its domain. When domain logons are enabled, domain master defaults to YES. Otherwise, it defaults to NO.
| dont descend = list |
Allowable values: list of directories
Default: NULL
Prohibits a change directory or search in the directories specified. This is a browsing-convenience option; it doesn't provide any extra security.
| dos filemode = boolean |
Allowable values: YES, NO
Default: NO
Allows anyone with write permissions to change permissions on a file, as allowed by MS-DOS.
| dos filetime resolution = boolean |
Allowable values: YES, NO
Default: NO
Sets file times on Unix to match MS-DOS standards (rounding to the next even second). Recommended if using Visual C++ or a PC make program to avoid remaking the programs unnecessarily. Use with the dos filetimes option.
| dos filetimes = boolean |
Allowable values: YES, NO
Default: NO
Allows nonowners to change file times if they can write to the files, matching the behavior of MS-DOS and Windows. See also dos filetime resolution.
| encrypt passwords = boolean | [global] |
Allowable values: YES, NO
Default: NO in Samba 2.2, YES in Samba 3.0
If enabled, Samba will use password encryption. Requires an smbpasswd file on the Samba server.
| enhanced browsing = boolean | [global] |
Allowable values: YES, NO
Default: YES
Automatically synchronizes browse lists with all domain master browsers known to the WINS server. Makes cross-subnet browsing more reliable, but also can cause empty workgroups to persist forever in browse lists.
| enumports command = command | [global] |
Allowable values: command
Default: NULL
Allows for a command to provide clients with customized MS-DOS/Windows port names (e.g., PRN:) corresponding to printers. Samba's default behavior is to return Samba Printer Port. The command must return a series of lines, with one port name per line.
| exec = command |
Allowable values: command
Default: NULL
Sets a command to run as the user before connecting to the share. Synonym for preexec. See also the postexec, root preexec, and root postexec options.
| fake directory create times = boolean |
Allowable values: YES, NO
Default: NO
A bug fix for users of Microsoft nmake. If YES, Samba sets directory create times such that nmake won't remake all files every time.
| fake oplocks = boolean |
Allowable values: YES, NO
Default: NO
If set, returns YES whenever a client asks if it can lock a file and cache it locally but does not enforce the lock on the server. Results in performance improvement for read-only shares. Never use with read/write shares! See also oplocks and veto oplock files.
| follow symlinks = boolean |
Allowable values: YES, NO
Default: YES
If set to YES, Samba follows symlinks in a file share(s). See the wide links option if you want to restrict symlinks to just the current share.
| force create mode = value |
Allowable values: octal value from 0 to 0777
Default: 0
Takes effect when a user on a Windows client creates a file that resides on the Samba server. This option ensures that bits set in this mask will always be set on the new file. Used with the create mask configuration option.
| force directory mode = value |
Allowable values: octal value from 0 to 0777
Default: 0
Takes effect when a user on a Windows client creates a directory on the Samba server. This option ensures that bits set in the mask will be set on every newly created directory. Used with directory mask.
| force directory security mode = value |
Allowable values: octal value from 0 to 0777
Default: same as force directory mode
Takes effect when a user on a Windows client edits the Unix permissions of a directory on the Samba server. This option ensures that bits set in this mask will be set on the directory. Requires nt acl support = YES.
| force group = value |
Allowable values: a Unix group name
Default: NULL
Sets the effective group name assigned to all users accessing a share. Used to override a user's normal group memberships.
| force security mode = value |
Allowable values: octal value from 0 to 0777
Default: same as force create mode
Takes effect when a user on a Windows client edits the Unix permissions of a file on the Samba server. This option ensures that bits set in the mask will always be set on the file. Requires nt acl support = YES. See also force directory security mode for directories.
| force unknown acl user = boolean |
Allowable values: YES, NO
Default: NO
When set, unknown users or groups in Windows NT ACLs will be mapped to the user or group of the connected user. Obsolete starting with Samba 3.0.
| force user = value |
Allowable values: a single username
Default: NULL
Sets the effective username assigned to all users accessing a share. Discouraged.
| fstype = string |
Allowable values: NTFS, FAT, Samba
Default: NTFS
Sets the filesystem type reported to the client. Avoid changing.
| getwd cache = boolean | [global] |
Allowable values: YES, NO
Default: YES
Caches the current directory for performance. Recommended with the wide links option.
| group = value |
Allowable values: a Unix group name
Default: NULL
Synonym for force group.
| guest account = value |
Allowable values: a single username
Default: varies
Sets the name of the unprivileged Unix account to use for tasks such as printing and for accessing shares marked with guest ok. The default is specified at compile time and is usually set to nobody.
| guest ok = boolean |
Allowable values: YES, NO
Default: NO
If set to YES, doesn't need passwords for this share. Used with security = share. Synonym for public.
| guest only = boolean |
Allowable values: YES, NO
Default: NO
Forces users of a share to log on as the guest account. Requires guest ok or public to be YES. Also called only guest.
| hide dot files = boolean |
Allowable values: YES, NO
Default: YES
Treats files with names beginning with a dot as if they had the MS-DOS hidden attribute set. The files are either not displayed on a Windows client or appear grayed-out, depending on the settings on the client.
| hide files = slash-separated list |
Allowable values: patterns, separated by / characters
Default: NULL
Specifies a list of file or directory names on which to set the MS-DOS hidden attribute. Names can contain ? or * pattern characters and % variables. See also hide dot files and veto files.
| hide local users = boolean | [global] |
Allowable values: YES, NO
Default: NO
If set to YES, hides Unix-specific dummy accounts (root, wheel, floppy, etc.) from clients.
| hide unreadable = boolean |
Allowable values: YES, NO
Default: NO
If set to YES, hides all unreadable files.
| homedir map = name | [global] |
Allowable values: NIS map name
Default: NONE
Used with nis homedir to locate a user's Unix home directory from Sun NIS (not NIS+).
| host msdfs = boolean | [global] |
Allowable values: YES, NO
Default: NO
If set to YES and Samba was configured with the --with-msdfs option, provides Microsoft Distributed filesystem (Dfs) service, allowing Dfs-capable clients to browse Dfs trees on the Samba server. See also msdfs root.
| hosts allow = host list |
Allowable values: list of hosts or networks
Default: NULL
Specifies a list of systems that can access the share. If NULL, any system can access the share unless there is a hosts deny option. Synonym for allow hosts.
| hosts deny = host list |
Allowable values: list of hosts or networks
Default: NULL
Specifies a list of systems that cannot connect to the share. Synonym for deny hosts.
| hosts equiv = filename | [global] |
Allowable values: name of file
Default: NULL
Specifies the path to a file of trusted systems from which passwordless logons are allowed. Strongly discouraged because Windows NT/2000/XP users can always override the username—the only security in this scheme.
| include = filename |
Allowable values: name of file
Default: NULL
Includes the named file in smb.conf at the line where it appears. This option accepts most variables, but not %u (user), %P (current share's root directory), or %S (current share's name) because they are not set at the time the file is read.
| inherit acls = boolean |
Allowable values: YES, NO
Default: NO
If set, files and subdirectories are created with the same ACLs as their parent directories. Directories are given Unix permissions of 0777 (full permissions) ensuring that the ACL on the directory will govern the actual permissions given to clients. Requires POSIX ACL support to be provided on the Samba host system.
| inherit permissions = boolean |
Allowable values: YES, NO
Default: NO
If set, files and subdirectories are created with the same permissions as their parent directories. This allows Unix directory permissions to be propagated automatically to new files and subdirectories, especially in the [homes] share. This option overrides create mask, directory mask, force create mode, and force directory mode, but not map archive, map hidden, or map system. Samba never sets the setuid bit when creating a file or directory.
| interfaces = interface list | [global] |
Allowable values: interface list
Default: NULL (all interfaces except 127.0.0.1)
Sets the interfaces to which Samba will respond. The default is the system's primary interface only. Recommended on multihomed systems or to override erroneous addresses and netmasks. Allows interface names such as eth0, DNS names, address/netmask pairs, and broadcast/netmask pairs. See also bind interfaces only.
| invalid users = user list |
Allowable values: user list
Default: NULL
Specifies a list of users not permitted access to the share.
| keepalive = number | [global] |
Allowable values: number of seconds
Default: 300
Sets the number of seconds between checks for a crashed client. The value of 0 causes no checks to be performed. Setting keepalive = 3600 will turn on checks every hour. A value of 600 (every 10 minutes) is recommended if you want more frequent checks. See also socket options for another approach.
| kernel oplocks = boolean | [global] |
Allowable values: YES, NO
Default: YES
Breaks the oplock when a local Unix process or NFS operation accesses an oplocked file, thus preventing corruption. This works only on operating systems that support kernel-based oplocks, such as Linux 2.4 and Irix. Avoid changing. See also oplocks and level2 oplocks.
| lanman auth = boolean | [global] |
Allowable values: YES, NO
Default: YES
If set to YES, allows clients to use the (weak) LANMAN password hash used by Windows 95/98/Me. If set to NO, allows only the better NT1 hash used by Windows NT/2000/XP.
| large readwrite = boolean | [global] |
Allowable values: YES, NO
Default: NO in Samba 2.2, YES in Samba 3.0
If set to YES, allows Windows 2000/XP to read and write 64KB at a time to improve performance. Requires Samba to be hosted by a 64-bit OS, such as Linux 2.4, Irix, or Solaris. Somewhat experimental.
| ldap admin dn = string | [global] |
Allowable values: Distinguished Name
Default: NULL
Sets the Distinguished Name used by Samba when contacting the LDAP server. Requires Samba to be configured with the --with-ldapsam configuration option. Experimental option added in Samba 2.2.3 and obsolete in Samba 3.0.
| ldap filter = string | [global] |
Allowable values: LDAP search filter
Default: (&(uid=%u)(objectclass=sambaAccount))
Sets the LDAP search filter. Requires that Samba be configured with the --with-ldapsam configuration option. Experimental option added in Samba 2.2.3 and obsolete in Samba 3.0.
| ldap port = number | [global] |
Allowable values: positive integer
Default: In Samba 2.2, 636 if ldap ssl = on; otherwise 389
Sets the TCP port number for contacting the LDAP server. Requires that Samba be configured with the --with-ldapsam configuration option. Experimental option added in Samba 2.2.3 and obsolete starting with Samba 3.0. See also ldap ssl.
| ldap server = value | [global] |
Allowable values: fully qualified domain name
Default: localhost
Sets the domain name of the LDAP server. Requires that Samba be configured with the --with-ldapsam configuration option. Experimental option added in Samba 2.2.3 and obsolete starting with Samba 3.0.
| ldap ssl = value | [global] |
Allowable values: ON, OFF, START TLS
Default: ON
Sets whether Samba uses SSL to contact the LDAP server. ON and OFF turn SSL encryption on or off. The START TLS setting causes Samba to use LDAPv3 StartTLS extended operation. Requires that Samba be configured with the --with-ldapsam configuration option. Experimental option added in Samba 2.2.3 and obsolete in Samba 3.0.
| ldap suffix = string | [global] |
Allowable values: Distinguished Name
Default: NULL
Sets the base Distinguished Name to use for LDAP searches. Requires that Samba be configured with the --with-ldapsam configuration option. Experimental option added in Samba 2.2.3 and obsolete in Samba 3.0.
| level2 oplocks = boolean |
Allowable values: YES, NO
Default: YES
Allows files to be cached read-only on the client when multiple clients have opened the file. This allows executables to be cached locally, improving performance.
| lm announce = value | [global] |
Allowable values: AUTO, YES, NO
Default: AUTO
Produces OS/2 SMB broadcasts at an interval specified by the lm interval option. YES/NO turns them on/off unconditionally. AUTO causes the Samba server to wait for a LAN manager announcement from another client before sending one out. Required for OS/2 client browsing.
| lm interval = number | [global] |
Allowable values: number of seconds
Default: 60
Sets the time period, in seconds, between OS/2 SMB broadcast announcements.
| load printers = boolean | [global] |
Allowable values: YES, NO
Default: YES
Loads all printer names from the system's printcap file into the browse list. Uses configuration options from the [printers] section.
| local master = boolean | [global] |
Allowable values: YES, NO
Default: YES
Allows Samba to participate in elections for the local master browser. See also domain master and os level.
| lock dir = directory | [global] |
Allowable values: name of directory
Default: /usr/local/samba/var/locks
Synonym for lock directory.
| lock directory = directory | [global] |
Allowable values: name of directory
Default: /usr/local/samba/var/locks
Sets a directory in which to keep lock files. The directory must be writable by Samba and readable by everyone. Also called lock dir.
| lock spin count = number | [global] |
Allowable values: positive integer
Default: 2
Sets the number of attempts to attain a byte range lock. See also lock spin time.
| lock spin time = number | [global] |
Allowable values: number of microseconds
Default: 10
Sets the number of microseconds between attempts to attain a lock. See also lock spin count.
| locking = boolean |
Allowable values: YES, NO
Default: YES
Performs file locking. If set to NO, Samba accepts lock requests but won't actually lock resources. Turn off for read-only filesystems.
| log file = filename | [global] |
Allowable values: name of file
Default: varies
Sets the name and location of the log file. Allows all % variables.
| log level = number | [global] |
Allowable values: number
Default: 0
Sets the logging level used. Values of 3 or more slow the system noticeably. Recommended value is 1. Synonym for debug level.
| logon drive = value | [global] |
Allowable values: MS-DOS drive name
Default: Z:
Sets the drive to be used as a home directory for domain logons by Windows NT/2000/XP clients. See also logon home.
| logon home = directory | [global] |
Allowable values: UNC of shared directory
Default: \\ %N \ %U
Sets the home directory of a Windows 95/98/Me or NT/2000/XP user. Allows NET USE H:/HOME from the command prompt if Samba is acting as a logon server. Append \profile or other directory to the value of this parameter if storing Windows 95/98/Me profiles in a subdirectory of the user's home directory. See logon path for Windows NT/2000/XP roaming profiles.
| logon path = directory | [global] |
Allowable values: UNC of shared directory
Default: \\ %N \ %U \ profile
Sets the path to the directory where Windows NT/2000/XP roaming profiles are stored. See also logon home for Windows 95/98/Me roaming profiles.
| logon script = directory | [global] |
Allowable values: UNC of shared file
Default: NULL
Sets the pathname (relative to the [netlogon] share) of an MS-DOS/NT command to run on the client at logon time. Allows all % variables.
| lppause command = command |
Allowable values: command
Default: varies
Sets the command to pause a print job. Honors the %p (printer name) and %j (job number) variables.
| lpq cache time = number | [global] |
Allowable values: number of seconds
Default: 10
Sets how long to keep print queue status cached, in seconds.
| lpq command = command |
Allowable values: command
Default: varies
Sets the command used to get printer status. Usually initialized to a default value by the printing option. Honors the %p (printer name) variable.
| lpresume command = command |
Allowable values: command
Default: varies
Sets the command to resume a paused print job. Honors the %p (printer name) and %j ( job number) variables.
| lprm command = command |
Allowable values: command
Default: varies
Sets the command to delete a print job. Usually initialized to a default value by the printing option. Honors the %p (printer name) and %j (job number) variables.
| machine password timeout = number |
Allowable values: number of seconds
Default: 604800 (1 week)
Sets the period between (NT domain) computer account password changes.
| magic output = filename |
Allowable values: name of file
Default: command.out
Sets the output file for the magic scripts option. Default is the command name, followed by the .out extension.
| magic script = filename |
Allowable values: name of file
Default: NULL
Sets a filename for execution via a shell whenever the file is closed from the client, allowing clients to run commands on the server. The scripts will be deleted on completion, if permissions allow. Use is discouraged.
| mangled map = map list |
Allowable values: list of to/from pairs
Default: NULL
Sets up a table of names to remap (e.g., .html to .htm).
| mangled names = boolean |
Allowable values: YES, NO
Default: YES
Sets Samba to abbreviate to the MS-DOS 8.3 style names that are too long or have unsupported characters.
| mangled stack = number | [global] |
Allowable values: number
Default: 50
Sets the size of the cache of recently mangled filenames.
| mangling char = character |
Allowable values: character
Default: ~
Sets the unique mangling character used in all mangled names.
| mangling method = string | [global] |
Allowable values: hash, hash2
Default: hash
Sets the algorithm used to mangle filenames. The hash2 method is a newer method introduced in Samba 2.2.x, and it creates different filenames than the hash method.
| map archive = boolean |
Allowable values: YES, NO
Default: YES
If YES, Samba sets the executable-by-user (0100) bit on Unix files if the MS-DOS archive attribute is set. If used, the create mask must contain the 0100 bit.
| map hidden = boolean |
Allowable values: YES, NO
Default: NO
If YES, Samba sets the executable-by-other (0001) bit on Unix files if the MS-DOS hidden attribute is set. If used, the create mask option must contain the 0001 bit.
| map system = boolean |
Allowable values: YES, NO
Default: NO
If YES, Samba sets the executable-by-group (0010) bit on Unix files if the MS-DOS system attribute is set. If used, the create mask must contain the 0010 bit.
| map to guest = value | [global] |
Allowable values: Never, Bad User, Bad Password
Default: Never
If set to Bad User, allows users without accounts on the Samba system to log in and be assigned the guest account. This option can be used as part of making public shares for anyone to use. If set to Bad Password, users who mistype their passwords will be logged in to the guest account instead of their own. Because no warning is given, the Bad Password value can be extremely confusing: we recommend against it. The default setting of Never prevents users without accounts from logging in.
| max connections = number |
Allowable values: number
Default: 0 (infinity)
Sets the maximum number of share connections allowed from each client system.
| max disk size = number | [global] |
Allowable values: size in MB
Default: 0 (no limit)
Sets the maximum disk size/free-space size (in megabytes) to return to the client. Some clients or applications can't understand large maximum disk sizes.
| max log size = number | [global] |
Allowable values: size in KB
Default: 5000
Sets the size (in kilobytes) at which Samba will start a new log file. The current log file will be renamed with a .old extension, replacing any existing file with that name.
| max mux = number | [global] |
Allowable values: number
Default: 50
Sets the number of simultaneous SMB operations that Samba clients can make. Avoid changing.
| max open files = number | [global] |
Allowable values: number
Default: 10000
Limits the number of files a Samba process will try to keep open at one time. Samba allows you to set this to less than the maximum imposed by the Unix host operating system. Avoid changing.
| max print jobs = number |
Allowable values: positive integer
Default: 1000
Limits the number of jobs that can be in the queue for this printer share at any one time. The printer will report out of space if the limit is exceeded. See also total print jobs.
| max protocol = name | [global] |
Allowable values: CORE, COREPLUS, LANMAN1, LANMAN2, NT1
Default: NT1
If set, limits the negotiation to the protocol specified, or older. See min protocol. Avoid using.
| max smbd processes = number | [global] |
Allowable values: integer
Default: 0 (no limit)
Limits the number of users who can connect to the server. Used to prevent degraded service under an overload, at the cost of refusing services entirely.
| max ttl = number | [global] |
Allowable values: number of seconds
Default: 259200 (3 days)
Sets the time to live (TTL) of NetBIOS names in the nmbd WINS cache. Avoid changing.
| max wins ttl = number | [global] |
Allowable values: number of seconds
Default: 518400 (6 days)
Limits the TTL, in seconds, of a NetBIOS name in the nmbd WINS cache. Avoid changing. See also min wins ttl.
| max xmit = number | [global] |
Allowable values: size in bytes
Default: 65535
Sets the maximum packet size negotiated by Samba. This is a tuning parameter for slow links and bugs in older clients. Values less than 2048 are discouraged.
| message command = command | [global] |
Allowable values: command
Default: NULL
Sets the command to run on the server when a WinPopup message arrives from a client. If it does not complete quickly, the command must end in & to allow immediate return. Honors all % variables except %u (user) and supports the extra variables %s (filename the message is in), %t (destination system), and %f (from).
| min passwd length = number | [global] |
Allowable values: integer
Default: 5
| min password length = number | [global] |
Allowable values: integer
Default: 5
Sets the shortest Unix password allowed by Samba when updating a user's password on its system. Also called min passwd length.
| min print space = number |
Allowable values: space in kilobytes
Default: 0 (unlimited)
Sets the minimum spool space required before accepting a print request.
| min protocol = name | [global] |
Allowable values: CORE, COREPLUS, LANMAN1, LANMAN2, NT1
Default: CORE
If set, prevents use of old (less secure) protocols. Using NT1 disables MS-DOS clients. See also lanman auth.
| min wins ttl = number | [global] |
Allowable values: number of seconds
Default: 21600 (6 hours)
Sets the minimum TTL, in seconds, of a NetBIOS name in the nmbd WINS cache. Avoid changing.
| msdfs root = boolean |
Allowable values: YES, NO
Default: NO
Makes the share a Dfs root. Requires the --with-msdfs configure option. Any symbolic links of the form msdfs:server\share will be seen as Dfs links. See also host msdfs.
| name resolve order = list | [global] |
Allowable values: lmhosts, wins, host, bcast
Default: lmhosts, host, wins, bcast
Sets the order of lookup when trying to get IP addresses from names. The host parameter carries out a regular name lookup using the server's normal sources: /etc/hosts, DNS, NIS, or a combination of these.
| netbios aliases = list | [global] |
Allowable values: list of NetBIOS names
Default: NULL
Adds additional NetBIOS names by which the Samba server will advertise itself.
| netbios name = value |
Allowable values: local hostname
Default: DNS name of system
Sets the NetBIOS name by which a Samba server is known, or the primary name if NetBIOS aliases exist. See also netbios aliases.
| netbios scope = string | [global] |
Allowable values: string
Default: NULL
Sets the NetBIOS scope string, an early predecessor of workgroups. Samba will not communicate with a system with a different scope. This option is not recommended.
| nis homedir = boolean | [global] |