<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smb.conf.5" xmlns:xi="http://www.w3.org/2003/XInclude"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-
+
<refmeta>
<refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum>
</para>
<para>
- Any line beginning with a semicolon (<quote>;</quote>) or a hash (<quote>#</quote>)
+ Any line beginning with a semicolon (<quote>;</quote>) or a hash (<quote>#</quote>)
character is ignored, as are lines containing only whitespace.
</para>
A share consists of a directory to which access is being given plus a description of the access rights
which are granted to the user of the service. Some housekeeping options are also specifiable.
</para>
-
+
<para>
Sections are either file share services (used by the client as an extension of their native file systems)
or printable services (used by the client to access print services on the host running the server).
</para>
-
+
<para>
Sections may be designated <emphasis>guest</emphasis> services, in which case no password is required to
access them. A specified UNIX <emphasis>guest account</emphasis> is used to define access privileges in this
username. As older clients only provide passwords and not usernames, you may specify a list of usernames to
check against the password using the <literal>user =</literal> option in the share definition. For modern clients
such as Windows 95/98/ME/NT/2000, this should not be necessary.
- </para>
+ </para>
<para>
The access rights granted by the server are masked by the access rights granted to the specified or guest
UNIX user by the host system. The server does not grant more access than the host system grants.
</para>
-
+
<para>
The following sample section defines a file space share. The user has write access to the path <filename
moreinfo="none">/home/bar</filename>. The share is accessed via the share name <literal>foo</literal>:
<refsect1>
<title>SPECIAL SECTIONS</title>
-
+
<refsect2>
<title>The [global] section</title>
-
+
<para>
Parameters in this section apply to the server as a whole, or are defaults for sections that do not
specifically define certain items. See the notes under PARAMETERS for more information.
</para>
</refsect2>
-
+
<refsect2 id="HOMESECT">
<title>The [homes] section</title>
-
+
<para>
If a section called [homes] is included in the configuration file, services connecting clients
to their home directories can be created on the fly by the server.
password file. If the name exists and the correct password has been given, a share is created by cloning the
[homes] section.
</para>
-
+
<para>
Some modifications are then made to the newly created share:
</para>
-
+
<itemizedlist>
<listitem><para>
The share name is changed from homes to the located username.
</itemizedlist>
<para>
- If you decide to use a <emphasis>path =</emphasis> line in your [homes] section, it may be useful
+ If you decide to use a <emphasis>path =</emphasis> line in your [homes] section, it may be useful
to use the %S macro. For example:
<programlisting>
<userinput moreinfo="none">path = /data/pchome/%S</userinput>
</para>
<para>
- This is a fast and simple way to give a large number of clients access to their home directories with a minimum
+ This is a fast and simple way to give a large number of clients access to their home directories with a minimum
of fuss.
</para>
name is not changed to that of the requesting user. This method of using the [homes] section works well if
different users share a client PC.
</para>
-
+
<para>
- The [homes] section can specify all the parameters a normal service section can specify, though some make more sense
+ The [homes] section can specify all the parameters a normal service section can specify, though some make more sense
than others. The following is a typical and suitable [homes] section:
<programlisting>
<smbconfsection name="[homes]"/>
<smbconfoption name="read only">no</smbconfoption>
</programlisting>
</para>
-
+
<para>
- An important point is that if guest access is specified in the [homes] section, all home directories will be
+ An important point is that if guest access is specified in the [homes] section, all home directories will be
visible to all clients <emphasis>without a password</emphasis>. In the very unlikely event that this is actually
desirable, it is wise to also specify <emphasis>read only access</emphasis>.
</para>
<para>
- The <emphasis>browseable</emphasis> flag for auto home directories will be inherited from the global browseable
+ The <emphasis>browseable</emphasis> flag for auto home directories will be inherited from the global browseable
flag, not the [homes] browseable flag. This is useful as it means setting <emphasis>browseable = no</emphasis> in
the [homes] section will hide the [homes] share but make any auto home directories visible.
</para>
<refsect2 id="PRINTERSSECT">
<title>The [printers] section</title>
-
+
<para>
This section works like [homes], but for printers.
</para>
<para>
- If a [printers] section occurs in the configuration file, users are able to connect to any printer
+ If a [printers] section occurs in the configuration file, users are able to connect to any printer
specified in the local host's printcap file.
</para>
</itemizedlist>
<para>
- The [printers] service MUST be printable - if you specify otherwise, the server will refuse
+ The [printers] service MUST be printable - if you specify otherwise, the server will refuse
to load the configuration file.
</para>
-
+
<para>
- Typically the path specified is that of a world-writeable spool directory with the sticky bit set on
+ Typically the path specified is that of a world-writeable spool directory with the sticky bit set on
it. A typical [printers] entry looks like this:
<programlisting>
<smbconfsection name="[printers]"/>
</para>
<para>
- All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned.
+ All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned.
If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file
consisting of one or more lines like this:
<programlisting>
-alias|alias|alias|alias...
+alias|alias|alias|alias...
</programlisting>
</para>
An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines,
components (if there are more than one) are separated by vertical bar symbols (<literal>|</literal>).
</para>
-
+
<note><para>
On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use
<literal>printcap name = lpstat</literal> to automatically obtain a list of printers. See the
chgrp foo /usr/local/samba/lib/usershares
chmod 1770 /usr/local/samba/lib/usershares
</programlisting>
-<para>Then add the parameters
+<para>Then add the parameters
<programlisting>
<smbconfoption name="usershare path">/usr/local/samba/lib/usershares</smbconfoption>
<smbconfoption name="usershare max shares">10</smbconfoption> # (or the desired number of shares)
-</programlisting>
+</programlisting>
to the global
section of your <filename>smb.conf</filename>. Members of the group foo may then manipulate the user defined shares
</varlistentry>
</variablelist>
</refsect1>
-
+
<refsect1>
<title>PARAMETERS</title>
<listitem><para>session username (the username that the client wanted, not
necessarily the same as the one they got).</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%G</term>
<listitem><para>primary group name of %U.</para></listitem>
</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%L</term>
<listitem><para>the NetBIOS name of the server. This allows you to change your config based on what
the client calls you. Your server can have a <quote>dual personality</quote>.
</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%M</term>
<listitem><para>the Internet name of the client machine.
</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%R</term>
<listitem><para>the selected protocol level after protocol negotiation. It can be one of
<listitem><para>the process id of the current server
process.</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%a</term>
<listitem><para>
The architecture of the remote
- machine. It currently recognizes Samba (<constant>Samba</constant>),
+ machine. It currently recognizes Samba (<constant>Samba</constant>),
the Linux CIFS file system (<constant>CIFSFS</constant>), OS/2, (<constant>OS2</constant>),
- Mac OS X (<constant>OSX</constant>), Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME
+ Mac OS X (<constant>OSX</constant>), Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME
(<constant>Win95</constant>), Windows NT (<constant>WinNT</constant>),
Windows 2000 (<constant>Win2K</constant>),
Windows XP (<constant>WinXP</constant>),
Windows XP 64-bit(<constant>WinXP64</constant>),
Windows 2003 including
2003R2 (<constant>Win2K3</constant>), and Windows
- Vista (<constant>Vista</constant>). Anything else will be known as
- <constant>UNKNOWN</constant>.</para>
+ Vista (<constant>Vista</constant>). Anything else will be known as
+ <constant>UNKNOWN</constant>.</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>%I</term>
<listitem><para>the IP address of the client machine.</para>
<term>%D</term>
<listitem><para>name of the domain or workgroup of the current user.</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%w</term>
<listitem><para>the winbind separator.</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%$(<replaceable>envvar</replaceable>)</term>
<listitem><para>the value of the environment variable
<listitem><para>the name of the current service, if any.</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>%P</term>
<listitem><para>the root directory of the current service, if any.</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%u</term>
<listitem><para>username of the current service, if any.</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>%g</term>
<listitem><para>primary group name of %u.</para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>%H</term>
<listitem><para>the home directory of the user given by %u.</para></listitem>
<listitem><para>This value is the same as %L.</para></listitem>
</varlistentry>
</variablelist>
-
+
<para>
There are some quite creative things that can be done with these substitutions and other
<filename moreinfo="none">smb.conf</filename> options.
<refsect1 id="NAMEMANGLINGSECT">
<title>NAME MANGLING</title>
-
+
<para>
Samba supports <literal>name mangling</literal> so that DOS and Windows clients can use files that don't
conform to the 8.3 format. It can also be set to adjust the case of 8.3 format filenames.
<para>
The options are:
</para>
-
+
<variablelist>
-
+
<varlistentry>
<term>case sensitive = yes/no/auto</term>
<listitem><para>
DOS system supports case-sensitive filename so setting this option to auto is that same as setting it to no
for them. Default <emphasis>auto</emphasis>.
</para></listitem>
- </varlistentry>
+ </varlistentry>
<varlistentry>
<term>default case = upper/lower</term>
<smbconfoption name="short preserve case">No</smbconfoption> are set, then the case of <emphasis>all</emphasis>
incoming client filenames, not just new filenames, will be modified. See additional notes below.
</para></listitem>
- </varlistentry>
-
+ </varlistentry>
+
<varlistentry>
<term>preserve case = yes/no</term>
<listitem><para>
that the client passes, or if they are forced to be the <literal>default</literal> case. Default
<emphasis>yes</emphasis>.
</para></listitem>
- </varlistentry>
+ </varlistentry>
<varlistentry>
<term>short preserve case = yes/no</term>
<literal>default</literal> case. This option can be used with <literal>preserve case = yes</literal> to permit
long filenames to retain their case, while short names are lowercased. Default <emphasis>yes</emphasis>.
</para></listitem>
- </varlistentry>
+ </varlistentry>
</variablelist>
-
+
<para>
By default, Samba 3.0 has the same semantics as a Windows NT server, in that it is case insensitive
but case preserving. As a special case for directories with large numbers of files, if the case
then the "default case" option will be applied and will modify all filenames sent from the client
when accessing this share.
</para>
-
+
</refsect1>
<refsect1>
<orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic">
<listitem><para>Share definitions stored in registry are used.
- This is triggered by setting the global
+ This is triggered by setting the global
parameter <parameter>registry shares</parameter>
to <quote>yes</quote> in <emphasis>smb.conf</emphasis>.
</para>
<refsect1>
<title>EXPLANATION OF EACH PARAMETER</title>
-
+
<samba:parameterlist>
<!-- The URI below is resolved to local generated version of parameters.all.xml //-->
<!-- WAF build places it in bin/default/docs-xml/smbdotconf/parameters.all.xml //-->
<refsect1>
<title>WARNINGS</title>
-
+
<para>
Although the configuration file permits service names to contain spaces, your client software may not.
Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
</para>
<para>
- Use of the <literal>[homes]</literal> and <literal>[printers]</literal> special sections make life
+ Use of the <literal>[homes]</literal> and <literal>[printers]</literal> special sections make life
for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
care when designing these sections. In particular, ensure that the permissions on spool directories are
correct.
<refsect1>
<title>AUTHOR</title>
-
+
<para>
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.