other languages
SMB.CONF(5) | SMB.CONF(5) |
NAME¶
smb.conf - Samba组件的配置文件总览 SYNOPSIS¶
smb.conf是Samba组件的配置文件,包含Samba程序运行时的配置信 息. smb.conf被设计成可由swat (8)程序来配置和管理.本文件包含了 关于smb.conf的文件格式和可能出现的选项的完整描述以供参考.文件格式 FILE FORMAT¶
本文件由一系列段和选项构成.一个段由一对方括号中的段名开始,直到下一个段名结束.包含在段中的选项按以下格式定义:段描述 SECTION DESCRIPTIONS¶
配置文件的每一段([global]段除外)描述一项共享资源.段名就是共享名,段内的选项设置确定了该共享资源的属性.[foo] path = /home/bar read only = no
[aprinter] path = /usr/spool/public read only = yes printable = yes guest ok = yes
特殊段 SPECIAL SECTIONS¶
[global] 全局选项段 ¶
这一段中定义的选项是服务器的全局性设置,如果在其他段中没有再对这些选项进行重新设置的话还可以作为它们的缺省选项.更多的说明请参阅'PARAMETERS'部分的内容.[homes] 个人目录段¶
如果配置文件中包含名为'homes'的段,就可以建立客户到自己在服务器上的个人目录的连接.- 共享名从'homes'改为查到的用户名.
- 如果没有指定访问路径,则设置为该用户的个人目录.
-
[homes] read only = no
[printers] 打印机共享设置段¶
这一段很象[homes]段,不过是用于设置共享打印机的.- 共享名被设置为查找到的打印机名.
-
- 如果未给出打印机名,则把打印机名设为前面查找到的打印机名.
-
- 如果该共享资源不允许以guest身份进行访问,且没有给出用户名,那么用户名就被设为前面查找到的打印机名.
-
[printers] path = /usr/spool/public guest ok = yes printable = yes
别名1|别名2|别名3|别名4...
选项 PARAMETERS¶
选项定义了每个段的属性.变量替换 VARIABLE SUBSTITUTIONS¶
在配置文件中可以用很多字符串进行替换.例如,当用户以john的名称建立连接后,选项"path = /tmp/%u"就被解释成"path = /tmp/john".- %U
- 对话用户名(客户端想要的用户名不一定与取得的一致.)
- %G
- %U的用户组名
- %h
- 运行Samba的主机的internet主机名
- %m
- 客户机的NetBIOS名(非常有用)
- %L
- 服务器的NetBIOS名.这使得你可以根据调用的客户端来改变你的配置,这样你的服务器就可以拥有"双重个性".
- %M
- 客户端的internet主机名
- %R
- 协议协商后选择的协议,它可以是CORE,COREPLUS,LANMAN1,LANMAN2或NT1中的一种.
- %d
- 当前samba服务器的进程号.
- %a
- 远程主机的结构.现在只能认出来某些类型,并且不是100%可靠.目前支持的有Samba、WfWg、WinNT和Win95.任何其他的都被认作"UNKNOWN".如果出现错误就给samba-bugs@samba.org发一个3级的日志以便修复这个bug.
- %I
- 客户机的IP地址.
- %T
- 当前的日期和时间.
- %D
- Name of the domain or workgroup of the current user.
- %$(envvar)
- The value of the environment variable envar.
- %S
- 当前服务名
- %P
- 当前服务的根目录
- %u
- 当前服务的用户名
- %g
- %u的用户组名
- %H
- %u所表示的用户的宿主目录
- %N
- tNIS服务器的名字.它从auto.map获得.如果没有用--with-auto-mount选项编译samba,那么它的值和%L相同.
- %p
- 用户宿主目录的路径.它由NIS的auot.map得到.NIS的auot.map入口项被分为"%N:%p".
NAME¶
Samba支持"名称修正",这样dos和windows客户端就可以使用与8.3格式不一致的文件.也可以用来调整8.3格式文件名的大小写.- mangle case = yes/no
- 作用是控制是否对不符合缺省写法的名称进行修正.例如,如果设为yes,象"Mail"这样的文件名就会被修正.缺省设置是no.
- case sensitive = yes/no
- 控制文件名是否区分大小写.如果不区分的话,Samba就必须在传递名称时查找并匹配文件名.缺省设置是no.
- default case = upper/lower
- 控制新文件名大小写缺省值.缺省设置是小写.
- preserve case = yes/no
- 控制建新文件时是否用客户所提供的大小写形式,或强制用缺省形式.缺省为yes.
- short preserve case = yes/no
- 控制新建8.3格式的文件名时是全部用大写及合适长度,还是强制用缺省情况.它可以和上面的"preserve
case =
yes"联用以允许长文件名保持大小写不变,而短文件名为小写.本项的缺省设置是
yes.
用户名/口令检验中的注意事项 NOTE ABOUT USERNAME/PASSWORD VALIDATION¶
用户有多种连接到服务项的方式.服务器按照下面的步骤来确定是否允许客户对指定服务的连接.如果下面步骤全部失败,则拒绝用户的连接请求.如果某一步通过,余下的检验就不再进行.- 第一步:
- 如果客户端提供一对用户名和口令,且这对用户名和口令经unix系统口令程序检验为有效,那么就以该用户名建立连接.注意,这包括用\\server\service%username方式传递用户名.
- 第二步:
- 如果客户端事先在系统上注册了一个用户名,并且提供了正确的口令,就允许建立连接.
- 第三步:
- 根据提供的口令检查客户端的netbios名及以前用过的用户名,如匹配,就允许以该用户名建立连接.
- 第四步:
- 如果客户端以前有合法的用户名和口令,并获得了有效的令牌,就允许以该用户名建立连接.
- 第五步:
- 如果在smb.conf里设置了"user
=
"字段,且客户端提供了一个口令,口令经UNIX系统检验,并与"user="字段里某一个用户匹配,那么就允许以"user="里匹配到的用户名建立连接.如果"user="字段是以@开始,那么该名字会展开为同名组里的用户名列表
.
- 第六步:
- 如果这是一个提供给guest用的服务项,那么连接以"guest
account
="里给出的用户名建立,而不考虑提供的口令.
全局选项完整列表 COMPLETE LIST OF GLOBAL PARAMETERS¶
以下列出了所有的全局选项,各选项的详细说明请参看后面的相应段落.注意,有些选项的意义是相同的.- •
- abort shutdown script
- •
- add group script
- •
- add machine script
- •
- addprinter command
- •
- add share command
- •
- add user script
- •
- add user to group script
- •
- afs username map
- •
- algorithmic rid base
- •
- allow trusted domains
- •
- announce as
- •
- announce version
- •
- auth methods
- •
- auto services
- •
- bind interfaces only
- •
- browse list
- •
- change notify timeout
- •
- change share command
- •
- client lanman auth
- •
- client ntlmv2 auth
- •
- client plaintext auth
- •
- client schannel
- •
- client signing
- •
- client use spnego
- •
- config file
- •
- deadtime
- •
- debug hires timestamp
- •
- debuglevel
- •
- debug pid
- •
- debug timestamp
- •
- debug uid
- •
- default
- •
- default service
- •
- delete group script
- •
- deleteprinter command
- •
- delete share command
- •
- delete user from group script
- •
- delete user script
- •
- dfree command
- •
- disable netbios
- •
- disable spoolss
- •
- display charset
- •
- dns proxy
- •
- domain logons
- •
- domain master
- •
- dos charset
- •
- enable rid algorithm
- •
- encrypt passwords
- •
- enhanced browsing
- •
- enumports command
- •
- get quota command
- •
- getwd cache
- •
- guest account
- •
- hide local users
- •
- homedir map
- •
- host msdfs
- •
- hostname lookups
- •
- hosts equiv
- •
- idmap backend
- •
- idmap gid
- •
- idmap uid
- •
- include
- •
- interfaces
- •
- keepalive
- •
- kernel change notify
- •
- kernel oplocks
- •
- lanman auth
- •
- large readwrite
- •
- ldap admin dn
- •
- ldap delete dn
- •
- ldap filter
- •
- ldap group suffix
- •
- ldap idmap suffix
- •
- ldap machine suffix
- •
- ldap passwd sync
- •
- ldap port
- •
- ldap server
- •
- ldap ssl
- •
- ldap suffix
- •
- ldap user suffix
- •
- lm announce
- •
- lm interval
- •
- load printers
- •
- local master
- •
- lock dir
- •
- lock directory
- •
- lock spin count
- •
- lock spin time
- •
- log file
- •
- log level
- •
- logon drive
- •
- logon home
- •
- logon path
- •
- logon script
- •
- lpq cache time
- •
- machine password timeout
- •
- mangled stack
- •
- mangle prefix
- •
- mangling method
- •
- map to guest
- •
- max disk size
- •
- max log size
- •
- max mux
- •
- max open files
- •
- max protocol
- •
- max smbd processes
- •
- max ttl
- •
- max wins ttl
- •
- max xmit
- •
- message command
- •
- min passwd length
- •
- min password length
- •
- min protocol
- •
- min wins ttl
- •
- name cache timeout
- •
- name resolve order
- •
- netbios aliases
- •
- netbios name
- •
- netbios scope
- •
- nis homedir
- •
- ntlm auth
- •
- nt pipe support
- •
- nt status support
- •
- null passwords
- •
- obey pam restrictions
- •
- oplock break wait time
- •
- os2 driver map
- •
- os level
- •
- pam password change
- •
- panic action
- •
- paranoid server security
- •
- passdb backend
- •
- passwd chat
- •
- passwd chat debug
- •
- passwd program
- •
- password level
- •
- password server
- •
- pid directory
- •
- prefered master
- •
- preferred master
- •
- preload
- •
- preload modules
- •
- printcap
- •
- private dir
- •
- protocol
- •
- read bmpx
- •
- read raw
- •
- read size
- •
- realm
- •
- remote announce
- •
- remote browse sync
- •
- restrict anonymous
- •
- root
- •
- root dir
- •
- root directory
- •
- security
- •
- server schannel
- •
- server signing
- •
- server string
- •
- set primary group script
- •
- set quota command
- •
- show add printer wizard
- •
- shutdown script
- •
- smb passwd file
- •
- smb ports
- •
- socket address
- •
- socket options
- •
- source environment
- •
- stat cache
- •
- syslog
- •
- syslog only
- •
- template homedir
- •
- template primary group
- •
- template shell
- •
- time offset
- •
- time server
- •
- timestamp logs
- •
- unicode
- •
- unix charset
- •
- unix extensions
- •
- unix password sync
- •
- update encrypted
- •
- use mmap
- •
- username level
- •
- username map
- •
- use spnego
- •
- utmp
- •
- utmp directory
- •
- winbind cache time
- •
- winbind enable local accounts
- •
- winbind enum groups
- •
- winbind enum users
- •
- winbind gid
- •
- winbind separator
- •
- winbind trusted domains only
- •
- winbind uid
- •
- winbind use default domain
- •
- wins hook
- •
- wins partners
- •
- wins proxy
- •
- wins server
- •
- wins support
- •
- workgroup
- •
- write raw
- •
- wtmp directory
服务选项完整列表 COMPLETE LIST OF SERVICE PARAMETERS¶
以下列出了所有关于服务项的选项,各选项的详细说明请参见后面的相应段落.注意,有些选项的意义是相同的.- •
- acl compatibility
- •
- admin users
- •
- afs share
- •
- allow hosts
- •
- available
- •
- blocking locks
- •
- block size
- •
- browsable
- •
- browseable
- •
- case sensitive
- •
- casesignames
- •
- comment
- •
- copy
- •
- create mask
- •
- create mode
- •
- csc policy
- •
- default case
- •
- default devmode
- •
- delete readonly
- •
- delete veto files
- •
- deny hosts
- •
- directory
- •
- directory mask
- •
- directory mode
- •
- directory security mask
- •
- dont descend
- •
- dos filemode
- •
- dos filetime resolution
- •
- dos filetimes
- •
- exec
- •
- fake directory create times
- •
- fake oplocks
- •
- follow symlinks
- •
- force create mode
- •
- force directory mode
- •
- force directory security mode
- •
- force group
- •
- force security mode
- •
- force user
- •
- fstype
- •
- group
- •
- guest account
- •
- guest ok
- •
- guest only
- •
- hide dot files
- •
- hide files
- •
- hide special files
- •
- hide unreadable
- •
- hide unwriteable files
- •
- hosts allow
- •
- hosts deny
- •
- inherit acls
- •
- inherit permissions
- •
- invalid users
- •
- level2 oplocks
- •
- locking
- •
- lppause command
- •
- lpq command
- •
- lpresume command
- •
- lprm command
- •
- magic output
- •
- magic script
- •
- mangle case
- •
- mangled map
- •
- mangled names
- •
- mangling char
- •
- map acl inherit
- •
- map archive
- •
- map hidden
- •
- map system
- •
- max connections
- •
- max print jobs
- •
- max reported print jobs
- •
- min print space
- •
- msdfs proxy
- •
- msdfs root
- •
- nt acl support
- •
- only guest
- •
- only user
- •
- oplock contention limit
- •
- oplocks
- •
- path
- •
- posix locking
- •
- postexec
- •
- preexec
- •
- preexec close
- •
- preserve case
- •
- printable
- •
- printcap name
- •
- print command
- •
- printer
- •
- printer admin
- •
- printer name
- •
- printing
- •
- print ok
- •
- profile acls
- •
- public
- •
- queuepause command
- •
- queueresume command
- •
- read list
- •
- read only
- •
- root postexec
- •
- root preexec
- •
- root preexec close
- •
- security mask
- •
- set directory
- •
- share modes
- •
- short preserve case
- •
- strict allocate
- •
- strict locking
- •
- strict sync
- •
- sync always
- •
- use client driver
- •
- user
- •
- username
- •
- users
- •
- use sendfile
- •
- -valid
- •
- valid users
- •
- veto files
- •
- veto oplock files
- •
- vfs object
- •
- vfs objects
- •
- volume
- •
- wide links
- •
- writable
- •
- writeable
- •
- write cache size
- •
- write list
- •
- write ok
每一个选项的详细解释 EXPLANATION OF EACH PARAMETER¶
- abort shutdown script (G)
- This parameter only exists in the HEAD cvs branch
This a full path name to a script called by smbd(8) that should
stop a shutdown procedure issued by the shutdown script.
- acl compatibility (S)
- This parameter specifies what OS ACL semantics should be
compatible with. Possible values are winnt for Windows NT 4,
win2k for Windows 2000 and above and auto. If you specify
auto, the value for this parameter will be based upon the version
of the client. There should be no reason to change this parameter from the
default.
- add group script (G)
- This is the full pathname to a script that will be run
AS ROOT by smbd(8) when a new group is requested. It will
expand any %g to the group name passed. This script is only useful
for installations using the Windows NT domain administration tools. The
script is free to create a group with an arbitrary name to circumvent unix
group name restrictions. In that case the script must print the numeric
gid of the created group on stdout.
- add machine script (G)
- This is the full pathname to a script that will be run by
smbd(8) when a machine is added to it's domain using the
administrator username and password method.
- addprinter command (G)
- With the introduction of MS-RPC based printing support for
Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon
is now also available in the "Printers..." folder displayed a
share listing. The APW allows for printers to be add remotely to a Samba
or Windows NT/2000 print server.
- add share command (G)
- Samba 2.2.0 introduced the ability to dynamically add and
delete shares via the Windows NT 4.0 Server Manager. The add share
command is used to define an external program or script which will add
a new service definition to smb.conf. In order to successfully
execute the add share command, smbd requires that the
administrator be connected using a root account (i.e. uid == 0).
- add user script (G)
- 这个选项指出一个脚本的完整文件路径,这个脚本将在特定环境下(下面有详细解释)由smbd
(8) 以root身份执行.
- add user to group script (G)
- Full path to the script that will be called when a user is
added to a group using the Windows NT domain administration tools. It will
be run by smbd(8) AS ROOT. Any %g will be replaced
with the group name and any %u will be replaced with the user name.
- admin users (S)
- admin
users定义一组对共享有管理特权的用户.就相当于这些用户可以象超级用户那样操作所有的文件.
- afs share (S)
- This parameter controls whether special AFS features are
enabled for this share. If enabled, it assumes that the directory exported
via the path parameter is a local AFS import. The special AFS
features include the attempt to hand-craft an AFS token if you enabled
--with-fake-kaserver in configure.
- afs username map (G)
- If you are using the fake kaserver AFS feature, you might
want to hand-craft the usernames you are creating tokens for. For example
this is necessary if you have users from several domain in your AFS
Protection Database. One possible scheme to code users as DOMAIN+User as
it is done by winbind with the + as a separator.
- algorithmic rid base (G)
- This determines how Samba will use its algorithmic mapping
from uids/gid to the RIDs needed to construct NT Security Identifiers.
- allow hosts (S)
- 和hosts allow同义.
- allow trusted domains (G)
- 这个选项只在security选项被设成server或domain模式时才有效果.如果设为no的话,尝试联接到smbd运行的域或工作组以外的资源时会失败,即使那个域是由远程服务器验证为可信的也不行.
- announce as (G)
- 这个选项定义nmbd(8)
对网络邻居声称的服务器类型.缺省为windows
NT.可选项有"NT",它与"NT
Server"同义,"NT Server","NT
Workstation","Win95"或"WfW",它们分别代表Windows
NT Server,Windows NT Workstation,Windows 95和Windows for
Workgroups.除非有特殊的需要不想让samba以windows
NT的身份出现,一般不要改动这个选项,因为这可能会影响samba作为浏览服务器的正确性.
- announce version (G)
- 此选项定义nmbd用于声明服务器版本号的主版本号和次版本号.缺省版本号的是4.9。除非有特殊的必要想将samba设为低版本,一般不要改动这个选项.
- auth methods (G)
- This option allows the administrator to chose what
authentication methods smbd will use when authenticating a user.
This option defaults to sensible values based on security. This
should be considered a developer option and used only in rare
circumstances. In the majority (if not all) of production servers, the
default setting should be adequate.
- auto services (G)
- 与 preload 同义.
- available (S)
- 这个选项可以用来关掉一个服务项.如果available
= no,那么
所有对该服务的连接都会失败.而这些失败会被记录下来.
- bind interfaces only (G)
- 这个全局选项允许samba管理员限制一台主机的某一个网络接口用于响应请求.这会对于smbd(8)文件服务和nmbd(8)名字服务造成些许影响.
- blocking locks (S)
- 此项控制在客户为了在打开文件处获得一个字节范围的锁定而发出请求时smbd(8)的动作,同时
该请求会有一个与之相关的时限.
- block size (S)
- This parameter controls the behavior of smbd(8) when
reporting disk free sizes. By default, this reports a disk block size of
1024 bytes.
- browsable (S)
- 与 browseable 同义。
- browseable (S)
- 这个选项控制共享资源在可获得共享列表、net
view命令及浏览列表里是否可见.
- browse list (G)
- 它控制smbd(8)是否执行一个NetServerEnum调用来为客户提供一个浏览列表.正常情况它被设为yes.这个选项可能永远不需要改动.
- case sensitive (S)
- 参见NAME
MANGLING段的讨论.
- casesignames (S)
- 与 case sensitive 同义.
- change notify timeout (G)
- samba允许客户端告诉服务器监视某个特定目录的任何变化,仅当有变化发生的时候回复SMB请求.这种连续不断的扫描在unix系统上代价很高,因此,smbd(8)只在等待change
notify
timeout时间后才对每个请求的目录执行一次扫描.
- change share command (G)
- Samba 2.2.0 introduced the ability to dynamically add and
delete shares via the Windows NT 4.0 Server Manager. The change share
command is used to define an external program or script which will
modify an existing service definition in smb.conf. In order to
successfully execute the change share command, smbd requires
that the administrator be connected using a root account (i.e. uid == 0).
- client lanman auth (G)
- This parameter determines whether or not
smbclient(8) and other samba client tools will attempt to
authenticate itself to servers using the weaker LANMAN password hash. If
disabled, only server which support NT password hashes (e.g. Windows
NT/2000, Samba, etc... but not Windows 95/98) will be able to be connected
from the Samba client.
- client ntlmv2 auth (G)
- This parameter determines whether or not
smbclient(8) will attempt to authenticate itself to servers using
the NTLMv2 encrypted password response.
- client plaintext auth (G)
- Specifies whether a client should send a plaintext password
if the server does not support encrypted passwords.
- client schannel (G)
- This controls whether the client offers or even demands the
use of the netlogon schannel. client schannel = no does not offer
the schannel, server schannel = auto offers the schannel but does
not enforce it, and server schannel = yes denies access if the
server is not able to speak netlogon schannel.
- client signing (G)
- This controls whether the client offers or requires the
server it talks to to use SMB signing. Possible values are auto,
mandatory and disabled.
- client use spnego (G)
- This variable controls controls whether samba clients will
try to use Simple and Protected NEGOciation (as specified by rfc2478) with
WindowsXP and Windows2000 servers to agree upon an authentication
mechanism. SPNEGO client support for SMB Signing is currently broken, so
you might want to turn this option off when operating with Windows 2003
domain controllers in particular.
- comment (S)
- 这是一段当客户用网上邻居(net
view)察看服务器上共享资源时显示的说明文字.
- config file (G)
- 这可以使samba使用指定的配置文件来替代缺省的配置文件,(通常是smb.conf).如果设置了这个选项,会出现一个先有鸡还是先有蛋的问题!
- copy (S)
- 这使你可以克隆服务.
指定的服务以当前服务的名字进行简单的复制,当前服务里定义的选项将替代被拷服务里任何相应的选项.
- create mask (S)
- 与 create mode 同义.
- create mode (S)
- 与 create mask 同义.
- csc policy (S)
- This stands for client-side caching policy, and
specifies how clients capable of offline caching will cache the files in
the share. The valid values are: manual, documents, programs, disable.
- deadtime (G)
- 这个值(十进制整数)定义连接发呆超时,单位是分钟.如果一个连接发超过了这个时间就会被断开.如果有文件被打开了,这个时间就不起作用.
- debug hires timestamp (G)
- 有些时候记录信息需要比秒更高层次的时间标识,用这个布尔量选项可以向时间标识信息头中加入以微秒级的频率.
- debuglevel (G)
- 与 log level 同义.
- debug pid (G)
- 为很多从smbd(8)fork出来的进程使用同一个记录文件时,很难精确地跟踪信息是哪个进程输出的.用这个布尔量选项向时间标识信息头中自动添加进程号.
- debug timestamp (G)
- samba缺省会给调试纪录信息加上时间标识.如果运行的是高级别debug
level的调试,这个时间标识可以被转移.用这个选项可以将时间标识关闭.
- debug uid (G)
- samba有时以root身份运行,而有时以已联接的用户来运行.使用这个布尔量选项可以向记录文件的时间标识信息头中自动插入当前的euid,egid,uid和gid标识.
- default (G)
- 与 default service 同义.
- default case (S)
- 参见"NAME MANGLING"段.
也注意一下 short preserve
case选项.
- default devmode (S)
- This parameter is only applicable to printable services.
When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each
printer on the Samba server has a Device Mode which defines things such as
paper size and orientation and duplex settings. The device mode can only
correctly be generated by the printer driver itself (which can only be
executed on a Win32 platform). Because smbd is unable to execute the
driver code to generate the device mode, the default behavior is to set
this field to NULL.
- default service (G)
- 这个选项定义一个当指定服务找不到时的缺省服务.注意,在选项值里没有方括号(看示例!).
[global] default service = pub [pub] path = /%S
- delete group script (G)
- This is the full pathname to a script that will be run
AS ROOT smbd(8) when a group is requested to be deleted. It
will expand any %g to the group name passed. This script is only
useful for installations using the Windows NT domain administration tools.
- deleteprinter command (G)
- With the introduction of MS-RPC based printer support for
Windows NT/2000 clients in Samba 2.2, it is now possible to delete printer
at run time by issuing the DeletePrinter() RPC call.
- delete readonly (S)
- 这个选项允许删除只读文件,这个只读不是通常dos里的含义,而是unix中的.
- delete share command (G)
- Samba 2.2.0 introduced the ability to dynamically add and
delete shares via the Windows NT 4.0 Server Manager. The delete share
command is used to define an external program or script which will
remove an existing service definition from smb.conf. In order to
successfully execute the delete share command, smbd requires
that the administrator be connected using a root account (i.e. uid == 0).
- delete user from group script (G)
- Full path to the script that will be called when a user is
removed from a group using the Windows NT domain administration tools. It
will be run by smbd(8) AS ROOT. Any %g will be
replaced with the group name and any %u will be replaced with the
user name.
- delete user script (G)
- 它定义一个在使用RPC(NT)工具管理用户时,fBsmbd(8)以root身份运行的包括路径的一个脚本.
- delete veto files (S)
- 这个选项用于samba试图删除一个或多个包含禁止文件的目录的情况(参见veto
files选项).
如果这个选项设置为
no(缺省情况),那么如果一个禁止目录里包含了任何非禁止的文件或目录,删除就会失败.这通常正是你所希望的.
- deny hosts (S)
- 与 hosts deny 同义.
- dfree command (G)
- dfree
command只需在磁盘空间计算有问题的系统上使用.这个空间计算的问题仅在Ultrix系统上发生过,但在其他的操作系统上也有可能发生.发生这个问题的现象是在每个目录列表最后发生错误并提示"Abort
Retry Ignore".
#!/bin/sh df $1 | tail -1 | awk '{print $2" "$4}'
#!/bin/sh /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
- directory (S)
- 与 path 同义.
- directory mask (S)
- 这个选项是8进制的模式。用来控制在生成UNIX目录时,将其从dos模式转换为unix模式。
- directory mode (S)
- 与 directory mask 同义。
- directory security mask (S)
- 此选项控制了NT客户在他的本地NT安全对话框中操纵unix目录权限时可以修改哪些权限位.
- disable netbios (G)
- Enabling this parameter will disable netbios support in
Samba. Netbios is the only available form of browsing in all windows
versions except for 2000 and XP.
- disable spoolss (G)
- Enabling this parameter will disable Samba's support for
the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba
2.0.x. Windows NT/2000 clients will downgrade to using Lanman style
printing commands. Windows 9x/ME will be uneffected by the
选项。 However, this will also disable the ability to
upload printer drivers to a Samba server via the Windows NT Add Printer
Wizard or by using the NT printer properties dialog window. It will also
disable the capability of Windows NT/2000 clients to download print
drivers from the Samba host upon demand. Be very careful about enabling
this 选项。
- display charset (G)
- Specifies the charset that samba will use to print messages
to stdout and stderr and SWAT will use. Should generally be the same as
the unix charset.
- dns proxy (G)
- 指定nmbd(8)象WINS服务器那样寻找没有登记的NetBIOS名,象对待DNS名那样逐字的对待NetBIOS名,向DNS服务器查询该名称所代表的客户端.
- domain logons (G)
- 如果这个选项为yes,Samba服务器将为workgroup提供Windows
95/98 登陆域服务.Samba
2.2只能实现Windows NT 4
域中域控制器的有限功能。有关设置这个功能的更详细信息参见Samba
文档中的Samba-PDC-HOWTO。
- domain master (G)
- 这个选项告诉smbd(8)收集广域网内的浏览列表.设置这个选项后,nmbd用一个特定的NetBIOS名向它的工作组标识它自己是一个主控浏览器.在同一工作组不同子网中的本地主控浏览器将把自己的浏览列表传给nmbd,然后向smbd(8)
请求整个网络上浏览列表的完整拷贝.客户端将和他们的本地主控浏览器联系,得到整个域范围内的浏览列表,而不只是子网上的列表.
- dont descend (S)
- 有些系统上存在某些特殊的路径(比如linux中的/proc),这些目录不需要(也不希望)客户端关心,甚至可能具有无限的层次深度(递归的).这个选项允许你指定一个由逗号分隔的列表,服务器将把列表内包含的目录始终显示成空目录.
- dos charset (G)
- DOS SMB clients assume the server has the same charset as
they do. This option specifies which charset Samba should talk to DOS
clients.
- dos filemode (S)
- The default behavior in Samba is to provide UNIX-like
behavior where only the owner of a file/directory is able to change the
permissions on it. However, this behavior is often confusing to
DOS/Windows users. Enabling this parameter allows a user who has write
access to the file (by whatever means) to modify the permissions on it.
Note that a user belonging to the group owning the file will not be
allowed to change permissions if the group is only granted read access.
Ownership of the file/directory is not changed, only the permissions are
modified.
- dos filetime resolution (S)
- 在DOS和Windows
FAT文件系统中,时间的计量精度是2秒。对共享资源设置这个选项,可以使得在一个向
smbd(8)的查询需要1秒精度时,Samba把报告的时间精度降低到2秒左右。
- dos filetimes (S)
- 在DOS和Windows操作系统中,如果用户对文件进行写操作,就会改变文件的时间记录.而在POSIX规则中,只有文件的所有者和root才有改变文件时间记录的能力.缺省的,Samba按照POSIX规则运行,如果smbd的用户不是文件的所有者,那么他对文件的操作不会改变文件的时间记录.如果设置这个选项为
yes,那么
smbd(8)就按照DOS的规则运行,并且按照DOS系统的要求改变文件的时间记录.
- enable rid algorithm (G)
- This option is used to control whether or not smbd in Samba
3.0 should fallback to the algorithm used by Samba 2.2 to generate user
and group RIDs. The longterm development goal is to remove the algorithmic
mappings of RIDs altogether, but this has proved to be difficult. This
parameter is mainly provided so that developers can turn the algorithm on
and off and see what breaks. This parameter should not be disabled by
non-developers because certain features in Samba will fail to work without
it.
- encrypt passwords (G)
- 这个布尔型值控制着是否与客户端用加密口令进行交谈.注意,NT4.0
SP3 及以上还有WINDOWS
98在缺省情况下使用加密口令进行交谈,除非改变了注册表的相应健值.想要使用加密口令,清参阅Samba
HOWTO Collection中的 "User Database"
章节。
- enhanced browsing (G)
- This option enables a couple of enhancements to
cross-subnet browse propagation that have been added in Samba but which
are not standard in Microsoft implementations.
- enumports command (G)
- The concept of a "port" is fairly foreign to UNIX
hosts. Under Windows NT/2000 print servers, a port is associated with a
port monitor and generally takes the form of a local port (i.e. LPT1:,
COM1:, FILE:) or a remote port (i.e. LPD Port Monitor, etc...). By
default, Samba has only one port defined-- "Samba Printer
Port". Under Windows NT/2000, all printers must have a valid port
name. If you wish to have a list of ports displayed ( smbd does
not use a port name for anything) other than the default "Samba
Printer Port", you can define enumports command to point
to a program which should generate a list of ports, one per line, to
standard output. This listing will then be used in response to the level 1
and 2 EnumPorts() RPC.
- exec (S)
- 与 preexec 同义。
- fake directory create times (S)
- NTFS和Windows
VFAT文件系统为每一个文件和目录保留一个创建时间.
这个时间和UNIX下的状态改变时间--ctime不同.
所以, 在缺省状态下,
Samba将报告UNIX系统所保持的各种时间属性中的最早的那个作为(文件/目录)建立时间.
如果在一个共享中设置了这个选项,
将会使得Samba伪造一个目录生成时间,
这个时间就是1980.01.01的午夜.
- fake oplocks (S)
- oplocks是这样一个选项,
它允许SMB客户端在本地缓存对服务器的文件操作.
如果服务器允许oplock(opportunistic
lock)操作,
客户端可以简单的认为,
它自己是唯一的文件访问者,
可以随意的缓存文件.
有些oplocks类型甚至允许缓存文件的打开和关闭操作.
这个操作换来性能上的巨大提升.
- follow symlinks (S)
- 这个选项允许Samba管理员禁止某个特殊共享下smbd(8)对符号链接的访问.
将这个选项设置为
no将会阻止这个共享下的任何链接形式的文件或目录被查看(用户将会得到一个错误信息).例如:
这个选项将阻止客户将
/etc/passwd文件链接到自己的主目录.
(我们看到,
这是很有用的). 但是,
它将会使文件名字的查找速度慢一些.
- force create mode (S)
- 这个选项设置一组UNIX格式的权限代码,
当Samba建立新文档的时候,
总是会使用这个权限设置新文档,
通过将新文档的权限位和这组权限代码做逐位与,
就完成了设置工作.缺省状态下,
这个选项设置为八进制000,在
create
mask加到新建立的文件的权限位上后,
与这个值进行按位与操作,
就得到文件建立时的权限设置.
- force directory mode (S)
- 这个选项设置一组UNIX格式的权限代码,
当Samba建立新目录的时候,
总是会使用这个权限设置新目录,
通过将新目录的权限位和这组权限代码做逐位与,
就完成了设置工作.缺省状态下,
这个选项设置为八进制000,在
directory
mask加到新建立的目录的权限位上后,与这个值进行按位与操作,
就得到目录建立时的权限设置.
- force directory security mode (S)
- 此选项控制NT用户通过本地NT安全对话框可以操作哪些目录上的unix权限位.
- force group (S)
- 这个选项指定一个UNIX组,
所有连接到服务上的用户都被强迫使用这个组作为"主组".
所有访问文件的用户都使用这个组的访问权限做权限检查.
因此,
通过分配文件和目录的访问权限给这个用户组,
Samba的管理员可以限制或允许对共享文件的访问.
- force security mode (S)
- 此选项控制NT用户通过本地NT安全对话框可以操作哪些目录上的unix权限位.
- force user (S)
- 这个选项指定一个UNIX用户的名字,
所有连接到服务上的用户的缺省名字就使用这个名字.
(由于权限的原因)在共享文件时这个选项是有用的.你必须小心使用这个选项,
它有可能带来安全上的问题.
- fstype (S)
- 这个选项允许管理员设置一个字符串说明共享的文件系统的类型,
当客户端有查询时,
smbd(8)将这个字符串作为正在使用的文件系统的类型报告给客户端.
为了和 Windows
NT兼容缺省值设置是
NTFS,
当然,如果必要的话,也可以改变为其它的字符串,例如
Samba或FAT.
- get quota command (G)
- The get quota command should only be used whenever
there is no operating system API available from the OS that samba can use.
- getwd cache (G)
- 这是一个性能调节选项.
当这个选项允许时,
一个高速缓冲算法将被用来减少调用"getwd()"的时间.
这个选项对性能会产生很大的影响,
特别是在 wide
links选项设为
no的时候.
- group (S)
- 与 force group 同义。
- guest account (G,S)
- 这是一个用来访问服务的用户名(作为客户来访账户,区别于系统上的用户),
当然,
被访问的服务必须先设置了选项fI
guest ok.
这个账户所拥有的所有权利都会反映到以"访问客户(guest)"身份连接进来的客户身上.
典型的,
这个客户必须在passwd文件中存在,
但是没有有效的登录权限.通常系统中存在着名为"ftp"的账户,把这个账户名使用在这里是个好主意.注意:如果一个服务指定了一个专用的访问用户名,这个专用名将代替这里的用户名.
- guest ok (S)
- 如果一个服务的这个选项的值设为yes,
那末,
连接到这个服务不需要口令,
权限设置为 guest
account的权限.
- guest only (S)
- 如果一个服务的这个选项设置为
yes, 那末,
只有客户(guest)访问被允许,
也就是说,
不允许以其他用户的身份访问.如果没有设置
guest ok选项,
则此选项无效.
- hide dot files (S)
- 这是一个布尔值选项.
控制文件名最前面一个字符为"."的文件是否表现为隐含文件(UNIX文件系统中,
最前面为"."的文件是隐含文件).
- hide files (S)
- 这是一个隐藏文件或目录的列表.这些文件不能被看见但是能被访问.列表中的文件或目录将被赋予DOS下的"隐藏"属性.
- hide local users (G)
- This parameter toggles the hiding of local UNIX users
(root, wheel, floppy, etc) from remote clients.
- hide special files (S)
- This parameter prevents clients from seeing special files
such as sockets, devices and fifo's in directory listings.
- hide unreadable (S)
- This parameter prevents clients from seeing the existance
of files that cannot be read. Defaults to off.
- hide unwriteable files (S)
- This parameter prevents clients from seeing the existance
of files that cannot be written to. Defaults to off. Note that unwriteable
directories are shown as usual.
- homedir map (G)
- 如果nis homedir
选项的值为 yes,同时,
smbd(8)也作为win95/98的登录服务器,那么,这个选项指明一个NIS(或者YP)映射.指向用户主目录所在的服务器.目前,只认识Sun的auto.home映射格式.映射格式如下:
- host msdfs (G)
- If set to yes, Samba will act as a Dfs server, and
allow Dfs-aware clients to browse Dfs trees hosted on the server.
- hostname lookups (G)
- Specifies whether samba should use (expensive) hostname
lookups or use the ip addresses instead. An example place where hostname
lookups are currently used is when checking the hosts deny and
hosts allow.
- hosts allow (S)
- 与allow hosts 同义.
- hosts deny (S)
- hosts
allow选项的反义词.所有被列入这个选项中的主机的服务都
不允许被访问,除非这个被访问的服务定义了自己的允许列表.当允许的主机列表和禁止的主机列表发生冲突的时候,allow优先.
- hosts equiv (G)
- 如果这个选项值不是空字符串,就指定了一个文件名.这个文件中列出了可以不用口令就允许访问的主机和用户的名字.
- idmap backend (G)
- The purpose of the idmap backend parameter is to allow
idmap to NOT use the local idmap tdb file to obtain SID to UID / GID
mappings, but instead to obtain them from a common LDAP backend. This way
all domain members and controllers will have the same UID and GID to SID
mappings. This avoids the risk of UID / GID inconsistencies across UNIX /
Linux systems that are sharing information over protocols other than
SMB/CIFS (ie: NFS).
- idmap gid (G)
- The idmap gid parameter specifies the range of group ids
that are allocated for the purpose of mapping UNX groups to NT group SIDs.
This range of group ids should have no existing local or NIS groups within
it as strange conflicts can occur otherwise.
- idmap uid (G)
- The idmap uid parameter specifies the range of user ids
that are allocated for use in mapping UNIX users to NT user SIDs. This
range of ids should have no existing local or NIS users within it as
strange conflicts can occur otherwise.
- include (G)
- 这个选项使得你可以把一个配置文件插入到另一个配置文件中去.这只是一种文本替换,就在好像被插入的文件的那个位置直接写入那个插入文件一样.
- inherit acls (S)
- This parameter can be used to ensure that if default acls
exist on parent directories, they are always honored when creating a
subdirectory. The default behavior is to use the mode specified when
creating the directory. Enabling this option sets the mode to 0777, thus
guaranteeing that default directory acls are propagated.
- inherit permissions (S)
- The permissions on new files and directories are normally
governed by create mask, directory mask, force create
mode and force directory mode but the boolean inherit
permissions parameter overrides this.
- interfaces (G)
- 这个选项允许你超越默认的Samba用来处理浏览,名字注册和其他NBT网络流量的网络借口列表.
默认情况Samba向内核查询所有活动的接口列表并且使用除了127.0.0.1
之外的接口.
- invalid users (S)
- 这是一个不允许在这个服务上登录的用户的名单.这的确是一个非常严格的(paranoid)检查,确保任何可能的不适当的设置都不会破坏你的系统的安全.
- keepalive (G)
- 这个选项是一个整数,它表示用于keepalive包间隔的秒数.如果这个选项是0,那么就不发送保持连接的包.发送保持连接的包使得主机可以确定客户端是否还在响应。
- kernel change notify (G)
- This parameter specifies whether Samba should ask the
kernel for change notifications in directories so that SMB clients can
refresh whenever the data on the server changes.
- kernel oplocks (G)
- 在支持基于内核的
oplocks(opportunistic
lock)的UNIX系统上(目前只有IRIX
和Linux2.4内核),这个选项允许打开或关闭对这个特性的利用.
- lanman auth (G)
- This parameter determines whether or not smbd(8)
will attempt to authenticate users using the LANMAN password hash. If
disabled, only clients which support NT password hashes (e.g. Windows
NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS
network client) will be able to connect to the Samba host.
- large readwrite (G)
- This parameter determines whether or not smbd(8)
supports the new 64k streaming read and write varient SMB requests
introduced with Windows 2000. Note that due to Windows 2000 client
redirector bugs this requires Samba to be running on a 64-bit capable
operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve
performance by 10% with Windows 2000 clients. Defaults to on. Not as
tested as some other Samba code paths.
- ldap admin dn (G)
- The ldap admin dn defines the Distinguished Name
(DN) name used by Samba to contact the ldap server when retreiving user
account information. The ldap admin dn is used in conjunction with
the admin dn password stored in the private/secrets.tdb file. See
the smbpasswd(8) man page for more information on how to accmplish
this.
- ldap delete dn (G)
- This parameter specifies whether a delete operation in the
ldapsam deletes the complete entry or only the attributes specific to
Samba.
- ldap filter (G)
- 这个选项指定了RFC2254兼容的LDAP搜索过滤器。默认对所有匹配sambaAccount对象类的条目进行登录名和
uid
属性之间的匹配。注意这个过滤器只应当返回一个条目.
- ldap group suffix (G)
- This parameters specifies the suffix that is used for
groups when these are added to the LDAP directory. If this parameter is
unset, the value of ldap suffix will be used instead.
- ldap idmap suffix (G)
- This parameters specifies the suffix that is used when
storing idmap mappings. If this parameter is unset, the value of ldap
suffix will be used instead.
- ldap machine suffix (G)
- It specifies where machines should be added to the ldap
tree.
- ldap passwd sync (G)
- This option is used to define whether or not Samba should
sync the LDAP password with the NT and LM hashes for normal accounts (NOT
for workstation, server or domain trusts) on a password change via SAMBA.
- ldap port (G)
- 这个选项只有在编译时配置了"--with-ldap"选项的情况下才可用.
- ldap server (G)
- 这个选项只有在编译时配置了"--with-ldapsam"选项的情况下才可用.
- ldap ssl (G)
- This option is used to define whether or not Samba should
use SSL when connecting to the ldap server This is NOT related to
Samba's previous SSL support which was enabled by specifying the
--with-ssl option to the configure script.
- ldap suffix (G)
- 指定用户和机器帐号从哪里加入树中。可以被ldap
user suffix和 ldap machine
suffix选项越过。它也用作所有ldap搜索的base
dn。
- ldap user suffix (G)
- This parameter specifies where users are added to the tree.
If this parameter is not specified, the value from ldap suffix.
- level2 oplocks (S)
- 这个参数控制了是否Samba在一个共享上支持第二级(只读)oplocks。
- lm announce (G)
- 这个选项决定nmbd(8)是否产生"Lanman宣告广播",OS/2的客户端需要这个广播用以在它们的浏览列表里看到Samba服务器.这个选项有3个值:yes、no、auto.缺省值是auto.如果这值为no,Samba将不会产生这种广播.如果设置为yes,Samba将以lm
interval选项的值为频率产生这种广播.如果设置为
auto,Samba并不发出这类广播,但是侦听他们.如果收到这样的广播,它就开始发送这种广播,频率还是以lm
interval选项设定的为准.
- lm interval (G)
- 如果Samba设置为产生"Lanman宣告广播(给OS/2客户端使用,参见lm
announce选项).那么,这里的选项设定了以秒为单位的发生频率.如果这个选项设置为"0",则不管
lm
announce选项的值,永远不会发出任何"Lanman宣告广播".
- load printers (G)
- 这个布尔值控制是否在"printcap"文件中的所有打印机将会被缺省的安装到Samba环境,并且可以被浏览.参见"printers"段获得更多细节.
- local master (G)
- 这个选项允许nmbd(8)试着去成为本地子网的主控浏览器.如果选项值为no,
nmbd不会去争取这个权利.在缺省情况下,这个值为
yes.设置这个值为yes,并不意味着become
就一定会成为本地的主浏览器,只是意味着
become
会参加成为主浏览器的选举.
- lock dir (G)
- 与 lock directory 同义.
- lock directory (G)
- 这个选项指出"加锁文件"放置的目录.加锁文件用以实现最大连接数max
connections.
- locking (S)
- 这个选项控制当客户端发出锁定请求时,服务器是否执行"锁定".
- lock spin count (G)
- This parameter controls the number of times that smbd
should attempt to gain a byte range lock on the behalf of a client
request. Experiments have shown that Windows 2k servers do not reply with
a failure if the lock could not be immediately granted, but try a few more
times in case the lock could later be aquired. This behavior is used to
support PC database formats such as MS Access and FoxPro.
- lock spin time (G)
- The time in microseconds that smbd should pause before
attempting to gain a failed lock. See lock spin count for more
details.
- log file (G)
- 这个选项允许设置其它的文件名字来替代Samba日志文件(也就是调试文件).
- log level (G)
- 这个值(字符串)允许在smb.conf里定义调试水平(记录水平).This
parameter has been extended since the 2.2.x series, now it allow to
specify the debug level for multiple debug classes.
这给系统配置带来更大的灵活性.
- logon drive (G)
- 这个选项设置一个本地路径(可以理解为网络映射盘),当登录时,用户的主目录就连接到这个本地路径(参见logon
home).
- logon home (G)
- 当Win95/98或Win
NT工作站登录到Samba
PDC时,它们的主目录的位置.设置了这个选项,就允许在(DOS)提示符下使用形如:
- logon path (G)
- 这个选项指定了存放roaming
profile(WindowsNT的NTuser.dat
等文件)的用户目录.Contrary
to previous versions of these manual pages, it has nothing to do with Win
9X roaming profiles. To find out how to handle roaming profiles for Win 9X
system, see the logon home parameter.
- logon script (G)
- 这个选项指明,当一个用户成功的登录后,将会自动下载到本地执行的脚本文件,这个脚本文件可能是一个批处理文件(.bat)或者一个NT命令文件(.cmd).这个脚本文件必须使用DOS风格的回车/换行(CR/LF)来结束每一行,因此,我们推荐使用DOS风格的文本编辑器来建立这个文件.
NET USE Q:\SERVERISO9001_QA
- lppause command (S)
- 这个选项指定在服务器上中断指定的打印作业的打印或假脱机打印操作所使用的指令.
- lpq cache time (G)
- 此选项控制了lpq信息多长时间被缓冲一次,以防止频繁调用lpq命令.每一次系统使用lpq命令会保留一个单独的缓冲,所以如果不同的用户分别使用了不同的lpq命令的话,他们不可能共享缓冲信息.
- lpq command (S)
- 这个选项指定为了获得lpq风格的打印机状态信息而要在服务器上要执行的命令.
- lpresume command (S)
- 此选项指定为了继续连续打印或假脱机一个指定的打印任务时要在服务器上执行的命令.
- lprm command (S)
- 此选项指定为了要删除一个打印任务而需要在服务器上执行的命令.
- machine password timeout (G)
- 如果samba服务器是Windows
NT域成员的话(参见
security=domain选项),那么运行中的smbd进程会周期性地试着改变储存在叫做
private/secrets.tdb的TDB中的MACHINE ACCOUNT
PASSWORD.这个参数指定了密码将多久更换一次,以秒为单位。缺省值是一个星期(当然要以秒来表示),这与NT域成员服务器是一样的.
- magic output (S)
- 此选项指定了一个用magic脚本输出内容而建立的文件的名称,参见下面对magic
script选项的描述.
- magic script (S)
- 这个选项用来指定将被服务器执行的文件的名字,这个文件如果已经打开,那么,当这个文件关闭后服务器同样也可以运行.这样就允许了一个UNIX脚本可以传送到samba主机,并为所连接的用户运行.
- mangle case (S)
- 参见NAME MANGLING部分.
- mangled map (S)
- 这个选项是用来直接映射那些不能在Windows/DOS上描述的unix文件名.不过并不经常出现这样的情况,只有一些特殊的扩展名在DOS和UNIX之间才会不同,例如,HTML文件在UNIX下通常都是.html,而在Windows/DOS下通常却是.htm.
- mangled names (S)
- 这个选项控制是否要把UNIX下的非DOS文件名映射为DOS兼容的形式("mangled")并使得它们可以查阅,或者简单地忽略掉这些非DOS文件名.
- mangled stack (G)
- 这个选项控制了映射文件名的数量,以便让Samba服务器smbd(8)对其进行缓存.
- mangle prefix (G)
- controls the number of prefix characters from the original
name used when generating the mangled names. A larger value will give a
weaker hash and therefore more name collisions. The minimum value is 1 and
the maximum value is 6.
- mangling char (S)
- 这个选项指定在name
mangling操作中使用什么样的字符作为
magic字符.缺省是用了'~',不过有些软件可能会在使用上受到某些妨碍.可以设定为你想要的字符.
- mangling method (G)
- controls the algorithm used for the generating the mangled
names. Can take two different values, "hash" and
"hash2". "hash" is the default and is the algorithm
that has been used in Samba for many years. "hash2" is a newer
and considered a better algorithm (generates less collisions) in the
names. However, many Win32 applications store the mangled names and so
changing to the new algorithm must not be done lightly as these
applications may break unless reinstalled.
- map acl inherit (S)
- This boolean parameter controls whether smbd(8) will
attempt to map the 'inherit' and 'protected' access control entry flags
stored in Windows ACLs into an extended attribute called user.SAMBA_PAI.
This parameter only takes effect if Samba is being run on a platform that
supports extended attributes (Linux and IRIX so far) and allows the
Windows 2000 ACL editor to correctly use inheritance with the Samba POSIX
ACL mapping code.
- map archive (S)
- 这个选项决定了是否把DOS的归档属性映射为UNIX可执行位.在文件修改后DOS的归档位会被设定到文件上.保持归档位的一个理由是使得Samba或者你的PC在新建任何文件的时候,不会为它们设置UNIX可执行属性。那样对于共享源代码、文档等等非常让人厌烦。
- map hidden (S)
- 这个选项决定DOS下的隐藏文件是否要映射为UNIX全局可执行位.
- map system (S)
- 这个选项决定DOS下的系统文件是否要映射为UNIX组可执行位.
- map to guest (G)
- 这个选项只在安全模式不是共享级(security=share)时才有用,也就是选用了用户安全级,服务器安全级或者域安全级(user,
server, 和domain).
- max connections (S)
- 最大联接数就是允许同时联接到一个资源服务的最大数量限制.在max
connections大于0的情况下,如果联接数超过了最大联接数设定时,超出的联接将被拒绝.如果设为0的话就没有这样的联接限制了.
- max disk size (G)
- 控制磁盘使用的上限.如果把它设为100的话,所有的共享资源容量都不会超过100M.
- max log size (G)
- 这个选项(一个kB为单位的整数)用来指定使用的记录文件最大到多少容量.samba会周期性地检查这个容量,如果超过这个选项值就把老的文件换名成扩展名为.old的文件.
- max mux (G)
- 这个选项控制了对用户允许的最大SMB并发操作数.你应该不需要设定这个选项的.
- max open files (G)
- 这个选项限定了在任意时间客户端用一个
smbd(8)文件服务进程可以打开的最大文件数.缺省的值非常高(10,000),因为对于每个未打开的文件只使用其中的一位.
- max print jobs (S)
- This parameter limits the maximum number of jobs allowable
in a Samba printer queue at any given moment. If this number is exceeded,
smbd(8) will remote "Out of Space" to the client. See all
total print jobs.
- max protocol (G)
- 此项的值是一个字符串,定义了服务器支持的最高协议等级.
- max reported print jobs (S)
- This parameter limits the maximum number of jobs displayed
in a port monitor for Samba printer queue at any given moment. If this
number is exceeded, the excess jobs will not be shown. A value of zero
means there is no limit on the number of print jobs reported. See all
total print jobs and max print jobs parameters.
- max smbd processes (G)
- This parameter limits the maximum number of smbd(8)
processes concurrently running on a system and is intended as a stopgap to
prevent degrading service to clients in the event that the server has
insufficient resources to handle more than this number of connections.
Remember that under normal operating conditions, each user will have an
smbd(8) associated with him or her to handle connections to all
shares from a given host.
- max ttl (G)
- 这个选项通知nmbd(8)
当它用广播或从WINS服务器请求一个名字时,这个NetBIOS名字的有效时间('time
to live',
以秒计)是多长.你不需要去碰这个选项,缺省值是3天.
- max wins ttl (G)
- 这个选项通知smbd(8)程序当它作为一个WINS服务器时(wins
support
=true),nmbd承认的最长NetBIOS名字生存时间('time
to
live',以秒计).你不需要去改变这个选项的,缺省值是6天(518400秒).
- max xmit (G)
- 这个选项控制通过samba的最大包容量.缺省值是65535,同时这也是最大值.有时你可能用一个较小的值可以得到更好的性能.不过低于2048通常会有一些问题.
- message command (G)
- 当服务器接收到一个WinPopup类似的信息时运行一个指定的命令.
- min passwd length (G)
- 与 min password length 同义.
- min password length (G)
- 此项设定当执行变更UNIX口令时smbd接受的明文口令的最小字符长度.
- min print space (S)
- 此项设定一个用户假脱机打印作业必须的最小剩余磁盘空间.当然是用kB
为单位.缺省设为0,就是说用户总是可以假脱机打印作业.
- min protocol (G)
- The value of the parameter (a string) is the lowest SMB
protocol dialect than Samba will support. Please refer to the max
protocol parameter for a list of valid protocol names and a brief
description of each. You may also wish to refer to the C source code in
source/smbd/negprot.c for a listing of known protocol dialects
supported by clients.
- min wins ttl (G)
- 此项通知nmbd(8)当以WINS服务器的形式(wins
support =
yes)执行时,它所承认的NetBIOS名字的最小有效时间(以秒为单位).这个选项无需更改,缺省是6小时(21600秒)
- msdfs proxy (S)
- This parameter indicates that the share is a stand-in for
another CIFS share whose location is specified by the value of the
选项。 When clients attempt to connect to this share,
they are redirected to the proxied share using the SMB-Dfs protocol.
- msdfs root (S)
- If set to yes, Samba treats the share as a Dfs root
and allows clients to browse the distributed file system tree rooted at
the share directory. Dfs links are specified in the share directory by
symbolic links of the form msdfs:serverA\\shareA,serverB\\shareB
and so on. For more information on setting up a Dfs tree on Samba, refer
to ???.
- name cache timeout (G)
- Specifies the number of seconds it takes before entries in
samba's hostname resolve cache time out. If the timeout is set to 0. the
caching is disabled.
- name resolve order (G)
- samba套件中的一些程序使用此项来决定使用的名字服务以及解析主机名到IP地址的次序.主要目的是控制netbios名称怎样解析。此选项列出不同的名字解析选项,以空格为分隔符.
- netbios aliases (G)
- 此项指定一串NetBIOS名字让nmbd作为附加的名字进行宣布.这样就使一个机器在可浏览列表中可以出现多个名字形式.如果主机是浏览服务器或登录服务器,
就不会出现这些附加的别名,而只会使用它的初始名字.
- netbios name (G)
- 此项对一已知的samba服务器设置它的NetBIOS名.缺省情况下会使用此主机DNS名字的主机名部分.如果这个服务器是作浏览服务器或登录服务器时(或是主机DNS名的第一个成分时),这个服务器名将成为这些服务对外宣布时所用的名字.
- netbios scope (G)
- This sets the NetBIOS scope that Samba will operate under.
This should not be set unless every machine on your LAN also sets this
value.
- nis homedir (G)
- 此项从NIS映射表中取得有效共享服务器.对于用自动装载程序的UNIX系统来说,用户的主目录经常根据需要从远程服务器装载到一个需要的工作站上.
- nt acl support (S)
- 此布尔量选项控制是否让smbd(8)尝试把UNIX权限映射到NT的访问控制列表.这个参数在2.2.2之前是一个全局选项。
- ntlm auth (G)
- This parameter determines whether or not smbd(8)
will attempt to authenticate users using the NTLM encrypted password
response. If disabled, either the lanman password hash or an NTLMv2
response will need to be sent by the client.
- nt pipe support (G)
- 此布尔量选项控制是否让smbd(8)允许Windows
NT用户联接到NT的特殊SMB管道
IPC$.这通常是开发者所用的调试项,其它用户可以不管.
- nt status support (G)
- This boolean parameter controls whether smbd(8) will
negotiate NT specific status support with Windows NT/2k/XP clients. This
is a developer debugging option and should be left alone. If this option
is set to no then Samba offers exactly the same DOS error codes
that versions prior to Samba 2.2.3 reported.
- null passwords (G)
- Allow or disallow client access to accounts that have null
passwords.
允许或禁止用户以空口令使用账号.
- obey pam restrictions (G)
- When Samba 3.0 is configured to enable PAM support (i.e.
--with-pam), this parameter will control whether or not Samba should obey
PAM's account and session management directives. The default behavior is
to use PAM for clear text authentication only and to ignore any account or
session management. Note that Samba always ignores PAM for authentication
in the case of encrypt passwords = yes. The reason is that PAM
modules cannot support the challenge/response authentication mechanism
needed in the presence of SMB password encryption.
- only guest (S)
- 与 guest only同义.
- only user (S)
- 此布尔量选项控制是否允许当前进行联接所用的用户名没有列在user列表中.缺省情况下此项是被禁止了,这样用户只要提供服务需要的用户名就可以了.设置这个选项将强制服务器使用user列表中的登录用户名,这只在共享级安全中有效。
- oplock break wait time (G)
- 此项调整性的选项以适应在Windows
9x和WinNT中可能出现的错误.当用户发起一个会导致oplock暂停请求(oplock
break
request)的SMB对话时,如果samba对其响应太快的话,客户端将会失败并且不能响应此请求.这个可调整的选项(以毫秒为单位)是一个samba在向这样的客户发送oplock暂停请求前等待的时间量.
- oplock contention limit (S)
- 这是个非常高级的smbd(8)调整选项,用以改进在多个用户争夺相同文件时oplocks认可操作的效率.
- oplocks (S)
- 此布尔量通知smbd是否对当前请求的共享资源上的文件打开操作启用oplocks(机会性的锁定操作).oplock代码可以明显改善访问samba服务器文件的速度(approx.30%
甚至更多).它允许本地缓存文件,对于不可信赖的网络环境来说可能需要禁止掉这个选项(在Windows
NT服务器上它是缺省打开的).请参考samba
docs/目录下的Speed.txt文件.
- os2 driver map (G)
- The parameter is used to define the absolute path to a file
containing a mapping of Windows NT printer driver names to OS/2 printer
driver names. The format is:
- os level (G)
- 这个整数值控制在浏览器选举中Samba宣布它本身是什么系统级别.
此选项的值决定了
nmbd(8是否有机会成为本地广播区域内工作组
WORKGROUP中的主控浏览器.
- pam password change (G)
- With the addition of better PAM support in Samba 2.2, this
parameter, it is possible to use PAM's password change control flag for
Samba. If enabled, then PAM will be used for password changes when
requested by an SMB client instead of the program listed in passwd
program. It should be possible to enable this without changing your
passwd chat parameter for most setups.
- panic action (G)
- 此项是一个samba开发者使用的选项以允许当smbd(8)或smbd(8)程序崩溃时可以调用一个系统命令.通常这种功能被用于发出对问题的警告.
- paranoid server security (G)
- Some version of NT 4.x allow non-guest users with a bad
passowrd. When this option is enabled, samba will not use a broken NT 4.x
server as password server, but instead complain to the logs and exit.
- passdb backend (G)
- This option allows the administrator to chose which
backends to retrieve and store passwords with. This allows (for example)
both smbpasswd and tdbsam to be used without a recompile. Multiple
backends can be specified, separated by spaces. The backends will be
searched in the order they are specified. New users are always added to
the first backend specified.
- passwd chat (G)
- 这个字串控制在smbd(8)和本地口令更改程序间更用户口令时发生的"chat"对话.字符串描述一个应答接收对的序列,让smbd(8)用于决定对passwd
program发送并等待接收哪些具体的内容.如果没有收到预计的输出时不会更改口令.
- passwd chat debug (G)
- 此布尔量指定口令对话脚本选项是否以
debug模式运行.在调试模式下,发送和接收的口令对话字符串会打印到debug
level为100时的
smbd(8)记录文件中.由于在
smbd
记录中允许使用明文口令,所以这是个危险的选项.不过这个选项可以帮助Samba管理员在调用
passwd
program设好的口令程序时调试其
passwd chat
对话脚本,并且应该在完成以后把它关闭.这个选项在设置了
pam password
change选项时无效。缺省情况下这个选项是关闭的.
- passwd program (G)
- 指定用于设定UNIX用户口令的程序名.出现%u的地方表示以用户名替换.在调用口令更改程序前会先检查用户名是否存在.
- password level (G)
- 在一些客户端/服务器群体中使用大小写混合口令存在着困难.其中比较麻烦的一类客户是WfWg,因为它在使用LANMAN1协议时出于某些理由而强调要使用大写口令.不过当使用COREPLUS时不要修改它!
另外在Windows95/98
操作系统中会出问题:
即使选择了会话中的NTLM0.12协议,这些客户端也会将明文口令转为大写。
- password server (G)
- 通过在这里指定其它的SMB服务器或者活动目录域控制器,同时使用security
=
[ads|domain|server],能把联接samba的用户名/口令合法性验证交给指定的远程服务器去干.
- path (S)
- 此项指定给出的服务项所用的系统路径.在服务项具有可打印属性时,打印假脱机数据会先存放在这个路径所指的位置中.
This parameter specifies a directory to which the user of the service is
to be given access. In the case of printable services, this is where print
data will spool prior to being submitted to the host for printing.
- pid directory (G)
- This option specifies the directory where pid files will be
placed.
- posix locking (S)
- The smbd(8) daemon maintains an database of file
locks obtained by SMB clients. The default behavior is to map this
internal database to POSIX locks. This means that file locks obtained by
SMB clients are consistent with those seen by POSIX compliant applications
accessing the files via a non-SMB method (e.g. NFS or local file access).
You should never need to disable this 选项。
- postexec (S)
- 此项指定在断开服务时运行的一个命令.它使用通常的替换项.此命令在一些系统中可能是以root身份来运行的.
- preexec (S)
- 此项指定在联接到服务时运行一个命令.通常这也可以用一些替换项.
- preexec close (S)
- 此布尔量选项控制是否从preexec
返回的非零代码会关闭所联接的服务.
- prefered master (G)
- 这是为拼写错误准备的。请查看
preferred master :-)
- preferred master (G)
- 此布尔量选项控制nmbd(8)是否作为工作组里的首选主浏览器.
- preload (G)
- 此选项定义了要自动加入到浏览列表的服务项清单.这对于homes和printers服务项非常有用,否则这些服务将是不可见的.
- preload modules (G)
- This is a list of paths to modules that should be loaded
into smbd before a client connects. This improves the speed of smbd when
reacting to new connections somewhat.
- preserve case (S)
- 此项控制建立新的文件时取名是否使用用户传递的大小写,还是强制使用default
case .
- printable (S)
- 如果此项设为yes,那么用户可以读写并发送打印缓存文件到服务项指定的目录中.
- printcap (G)
- 与 printcap name 同义.
- printcap name (S)
- 此项用于覆盖掉编译时产生的缺省printcap名(通常是/etc/printcap).参见[printers]段的讨论,它说明了为什么要这样做的理由.
print1|My Printer 1 print2|My Printer 2 print3|My Printer 3 print4|My Printer 4 print5|My Printer 5
- print command (S)
- 当一个打印作业完全缓冲到了服务项时,此项指定的命令就能过调用system()来处理那些缓存文件.通常我们指定典型的命令来发送缓存文件到主机的打印子系统,不过也不一定要这样.服务器不会删除那些缓存文件,所以你指定的任何命令都应当在处理完以后删除文件,否则的话就需要手工来删除旧的缓存文件了.
- printer (S)
- 与 printer name 同义。
- printer admin (S)
- This is a list of users that can do anything to printers
via the remote administration interfaces offered by MS-RPC (usually using
a NT workstation). Note that the root user always has admin rights.
- printer name (S)
- 此选项指定可打印性服务项用来打印缓存作业数据的打印机.
- printing (S)
- 此选项控制系统上如何解释打印机状态信息,而如果在[global]段中定义,它也会影响print
command, lpq command,lppause command,lpresume
command和 lprm
command这些选项的缺省值
- print ok (S)
- 与 printable 同义。
- private dir (G)
- This parameters defines the directory smbd will use for
storing such files as smbpasswd and secrets.tdb.
- profile acls (S)
- This boolean parameter controls whether smbd(8) This
boolean parameter was added to fix the problems that people have been
having with storing user profiles on Samba shares from Windows 2000 or
Windows XP clients. New versions of Windows 2000 or Windows XP service
packs do security ACL checking on the owner and ability to write of the
profile directory stored on a local workstation when copied from a Samba
share.
- protocol (G)
- 与 max protocol 同义
- public (S)
- 与 guest ok 同义
- queuepause command (S)
- 定义服务器暂停打印队列时要执行的命令.
- queueresume command (S)
- 定义服务器恢复暂停了的打印队列时要执行的命令.就是用于恢复因为上面的选项(
queuepause
command)而导致的结果的.
- read bmpx (G)
- 此布尔量选项控制是否让smbd(8)支持"多工读块"(Read
Block
Multiplex)的SMB.现在这种方式已经很少用了,所以缺省是
no.一般你不需要设定此选项.
- read list (S)
- 此处给出对服务项有只读权限的用户清单.如果正在联接的用户属于此列表,那么他们将没有写权限,此时是不管read
only选项是否设置的.此列表可以包括用在
invalid users
选项中描述的语法定义的组名称.
- read only (S)
- 注意它与 writeable
反义.
- read raw (G)
- 此选项控制着是否让服务器在传送数据到客户端时支持读取原始的SMB请求.
- read size (G)
- 此项影响着磁盘读/写与网络读/写的轮流交替.如果在若干个SMB命令(通常是SMBwrite,SMBwriteX和SMBreadbraw)中传送的数据量超过此项设定的值时,服务器开始就会在从网络接收整个数据包之前进行写操作;在执行SMBreadbraw的情况下,服务器在从磁盘上读出所有数据之前就开始向网络中写数据.
- realm (G)
- This option specifies the kerberos realm to use. The realm
is used as the ADS equivalent of the NT4 domain. It is usually set
to the DNS name of the kerberos server.
- remote announce (G)
- 此项允许你设置nmbd(8)周期性地向任意工作组的任意IP地址申明自己的存在.
- remote browse sync (G)
- 此项允许你设定nmbd(8)周期性地同步位于远程(remote
segment)的Samba主浏览器上的浏览列表.同时也允许你收集位于具有交叉路由子网中主浏览器上的浏览列表.这是以一种和其他非Samba的服务器不兼容的方式进行的。
- restrict anonymous (G)
- 这个选项限制了是否在匿名连接中返回用户和组列表信息,仿照了Windows2000
和NT在注册表键值
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous
中的做法。设置为0的时候,任何请求都返回用户和组列表。设置为1的时候,只有认证的用户可以获得用户和组列表。设置为2的时候,只有Windows2000/XP和Samba支持,不允许匿名连接。这样做会阻止需要匿名操作的M$或第三方程序运行。
- root (G)
- 与 root directory" 同义
- root dir (G)
- 与 root directory" 同义.
- root directory (G)
- 服务器将在启动时对此项所设之目录进行chroot()(也就是改变根目录)
操作.对于安全操作来说,这并不是十分必要的.如果没有这步操作,服务器会拒绝对服务项以外的文件进行访问.同时也检查并拒绝那些文件系统其它部分的软链接或者尝试在其它目录(取决于选项
wide
links的设置情况)中使用".."这些操作.
- root postexec (S)
- 此项与
postexec选项含义相同,只是以root身份来运行命令而已.在一次联接关闭之后对文件系统,特别是光盘驱动器进行卸载是非常有用的.
- root preexec (S)
- 此项与
preexec选项含义相同,只是以root身份来运行命令而已.在一次联接稳定建立之后装载文件系统,特别是光盘驱动器是非常有用的.
- root preexec close (S)
- 此项与preexec close
选项含义相同,只是以root身份来运行命令而已.
- security (G)
- 此项是smb.conf文件中最重要的一个设定之一,它影响了客户是如何应答Samba服务器的.
2.0.0版本之前的Samba中,缺省值是 security = share 主要因为当时只有这一个值可选。
- security mask (S)
- 此选项控制NT客户用本地NT安全对话框操作UNIX权限时对权限所作的修改情况.
This parameter controls what UNIX permission bits can be modified when a
Windows NT client is manipulating the UNIX permission on a file using the
native NT security dialog box.
- server schannel (G)
- This controls whether the server offers or even demands the
use of the netlogon schannel. server schannel = no does not offer
the schannel, server schannel = auto offers the schannel but does
not enforce it, and server schannel = yes denies access if the
client is not able to speak netlogon schannel. This is only the case for
Windows NT4 before SP4.
- server signing (G)
- This controls whether the server offers or requires the
client it talks to to use SMB signing. Possible values are auto,
mandatory and disabled.
- server string (G)
- 此选项在打印管理器中的打印机信息对话框以及在net
view(网上邻居)的IPC连接中显示的服务器信息.它可以是任何你希望向用户显示的字串.
- set directory (S)
- 如果 set directory =
no,则使用服务的用户不能用setdir命令更变目录.
- set primary group script (G)
- Thanks to the Posix subsystem in NT a Windows User has a
primary group in addition to the auxiliary groups. This script sets the
primary group in the unix userdatase when an administrator sets the
primary group from the windows user manager or when fetching a SAM with
net rpc vampire. %u will be replaced with the user whose
primary group is to be set. %g will be replaced with the group to
set.
- set quota command (G)
- The set quota command should only be used whenever
there is no operating system API available from the OS that samba can use.
- share modes (S)
- 此选项在一个文件打开时允许或禁止share
modes.此模式可用于使客户获得对一个文件独占的读或写访问.
- short preserve case (S)
- 此布尔值选项控制着如果新文件符合8.3文件名格式(所有字母都为大写且长度适当),则以大写字母建立文件,否则就转换为default
case .此选项可与 preserve case =
yes选项联用,以允许长文件名保留大小写,同时短文件名转换为小写。
- show add printer wizard (G)
- With the introduction of MS-RPC based printing support for
Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
appear on Samba hosts in the share listing. Normally this folder will
contain an icon for the MS Add Printer Wizard (APW). However, it is
possible to disable this feature regardless of the level of privilege of
the connected user.
- shutdown script (G)
- This parameter only exists in the HEAD cvs branch
This a full path name to a script called by smbd(8) that should
start a shutdown procedure.
#!/bin/bash $time=0 let "time/60" let "time++" /sbin/shutdown $3 $4 +$time $1 &
- smb passwd file (G)
- 此选项设置加密口令文件smbpasswd的路径.缺省路径在编译samba时指定.
- smb ports (G)
- Specifies which ports the server should listen on for SMB
traffic.
- socket address (G)
- 此选项允许你控制samba监听连接所用的地址.它用于在一个服务器上支持多个配置不同的虚拟接口.缺省情况下samba会在任何地址上都接受连接请求.
- socket options (G)
- 此选项设置用于与客户端交谈的套接字选项.
- source environment (G)
- This parameter causes Samba to set environment variables as
per the content of the file named.
- stat cache (G)
- 此选项检测smbd(8)是否使用缓存以提升映射不分大小写名称的速度.你无须更改此选项.
- strict allocate (S)
- This is a boolean that controls the handling of disk space
allocation in the server. When this is set to yes the server will
change from UNIX behaviour of not committing real disk storage blocks when
a file is extended to the Windows behaviour of actually forcing the disk
system to allocate real storage blocks when a file is created or extended
to be a given size. In UNIX terminology this means that Samba will stop
creating sparse files. This can be slow on some systems.
- strict locking (S)
- 此布尔量选项控制服务器对文件锁的处理.当设为yes,则服务器对文件锁检查每次读写访问,并拒绝锁存在时的访问.在有些系统上这可能会很慢.
- strict sync (S)
- 很多Windows应用(包括Windows
98浏览器)都会干扰对刷新缓冲区内容到磁盘的操作.在UNIX下,一次同步调用强制进程挂起,直到内核确保把所有磁盘缓存区中的未完成数据安全地存到固定存储设备中为止.此操作很慢,而且只能很少用到.把此选项设为
no (缺省值)说明smbd(8)
忽略Windows应用请求的一次同步调用.这样只有在Samba运行的操作系统崩溃时才可能丢失数据,因此缺省设置危险性很小.另外,它修正人们报告的很多关于Windows98浏览器拷贝文件的性能问题.
- sync always (S)
- 此布尔量选项控制是否在写操作结束前把所写的内容写到固定存储设备上.如果为no则服务器将在每次写调用中让客户请求来操纵它(客户可以设置一个位码来指出要同步一次特殊的写操作).如果为yes则在每次写操作后调用一次fsync()
以确保将数据写到磁盘上.注意必须把
strict
sync选项设为yes以使本选项产生效果.
- syslog (G)
- 此选项决定samba调试信息号如何映射为系统syslog的记录等级.调试级0映射为syslog的LOG_ERR,调试级1映射为
LOG_WARNING,调试级2映射为LOG_NOTICE,调试级3映射为LOG_INFO.所有更高的级别号映射为
LOG_DEBUG.
- syslog only (G)
- 此选项使samba只把调试级别号记录到系统syslog,而不是调试记录文件.
- template homedir (G)
- When filling out the user information for a Windows NT
user, the winbindd(8) daemon uses this parameter to fill in the
home directory for that user. If the string %D is present it is
substituted with the user's Windows NT domain name. If the string
%U is present it is substituted with the user's Windows NT user
name.
- template primary group (G)
- This option defines the default primary group for each user
created by winbindd(8)'s local account management functions
(similar to the 'add user script').
- template shell (G)
- When filling out the user information for a Windows NT
user, the winbindd(8) daemon uses this parameter to fill in the
login shell for that user.
- time offset (G)
- 此选项是个加入到转换标准GMT为当地时间操作的分钟数.如果你向很多有不正确保存时间操作的主机提供服务时这就很有用了.
- time server (G)
- 此选项检测nmbd(8)
是否以时间服务器身份向Windows客户通告自身.
- timestamp logs (G)
- 与 debug timestamp 同义.
- unicode (G)
- Specifies whether Samba should try to use unicode on the
wire by default. Note: This does NOT mean that samba will assume that the
unix machine uses unicode!
- unix charset (G)
- Specifies the charset the unix machine Samba runs on uses.
Samba needs to know this in order to be able to convert text to the
charsets other SMB clients use.
- unix extensions (G)
- This boolean parameter controls whether Samba implments the
CIFS UNIX extensions, as defined by HP. These extensions enable Samba to
better serve UNIX CIFS clients by supporting features such as symbolic
links, hard links, etc... These extensions require a similarly enabled
client, and are of no current use to Windows clients.
- unix password sync (G)
- 此布尔量选项控制samba是否在smbpasswd文件中的加密SMB口令被更改时尝试用SMB口令来同步UNIX口令.如设为yes则以root身份调用passwd
program选项中指定的程序
-
以允许设置新的UNIX口令而无需访问原UNIX口令(因为更改SMB口令时代码不访问明文的原口令而只涉及新口令).
- update encrypted (G)
- 此布尔量选项使以明文口令登录的用户在登录时自动更新smbpasswd文件中的加密
(散列计算过的)口令.此选项允许一个站点从明文口令验证方式(以明文口令验证用
户账号并再次检查UNIX账号数据库)移植到加密口令验证方式(SMB的询问/响应验证
机制)而无需强制所有用户在移植时通过smbpasswd重新输入他们的口令.这对改变加
密口令移交要较长周期这种状况来说很方便.一旦所有用户都在smbpasswd文件中拥
有他们加密过的口令,则此应该把此选项设为
no.
- use client driver (S)
- This parameter applies only to Windows NT/2000 clients. It
has no effect on Windows 95/98/ME clients. When serving a printer to
Windows NT/2000 clients without first installing a valid printer driver on
the Samba host, the client will be required to install a local printer
driver. From this point on, the client will treat the print as a local
printer and not a network printer connection. This is much the same
behavior that will occur when disable spoolss = yes.
- use mmap (G)
- This global parameter determines if the tdb internals of
Samba can depend on mmap working correctly on the running system. Samba
requires a coherent mmap/read-write system memory cache. Currently only
HPUX does not have such a coherent cache, and so this parameter is set to
no by default on HPUX. On all other systems this parameter should
be left alone. This parameter is provided to help the Samba developers
track down problems with the tdb internal code.
- user (S)
- 与 username 同义
- username (S)
- 在逗号分隔的列表中指定多个用户以用于轮流(从左到右)测试所提供的口令.
- username level (G)
- 此选项在很多DOS客户发送全大写的用户名时,帮助samba尝试和“猜测”实际
UNIX用户名.对于缺省情况,Samba尝试所有小写形式,然后是首字母大写形式,如果该
用户名在UNIX主机上没有找到则失败.
- username map (G)
- 此选项允许你指定一个包含对客户机到服务器上的用户名映射的文件.它可用于几个目的.最常见的是把用DOS或Windows主机的用户的名称映射到UNIX主机上的用户.其它还有把多个用户映射到单个用户名上以使他们可以更简单地共享文件.
!sys = mary fred guest = *
- users (S)
- 与 username 同义.
- use sendfile (S)
- If this parameter is yes, and Samba was built with
the --with-sendfile-support option, and the underlying operating system
supports sendfile system call, then some SMB read calls (mainly ReadAndX
and ReadRaw) will use the more efficient sendfile system call for files
that are exclusively oplocked. This may make more efficient use of the
system CPU's and cause Samba to be faster. This is off by default as it's
effects are unknown as yet.
- use spnego (G)
- This variable controls controls whether samba will try to
use Simple and Protected NEGOciation (as specified by rfc2478) with
WindowsXP and Windows2000 clients to agree upon an authentication
mechanism. Unless further issues are discovered with our SPNEGO
implementation, there is no reason this should ever be disabled.
- utmp (G)
- This boolean parameter is only available if Samba has been
configured and compiled with the option --with-utmp. If set to
yes then Samba will attempt to add utmp or utmpx records (depending
on the UNIX system) whenever a connection is made to a Samba server. Sites
may use this to record the user connecting to a Samba share.
- utmp directory (G)
- This parameter is only available if Samba has been
configured and compiled with the option --with-utmp. It specifies
a directory pathname that is used to store the utmp or utmpx files
(depending on the UNIX system) that record user connections to a Samba
server. 参见 utmp 选项。 By default
this is not set, meaning the system will use whatever utmp file the native
system is set to use (usually /var/run/utmp on Linux).
- -valid (S)
- This parameter indicates whether a share is valid and thus
can be used. When this parameter is set to false, the share will be in no
way visible nor accessible.
- valid users (S)
- 这是一份允许登录服务项的用户列表.以'@','+'和'&'开始的名称用invalid
users
选项中的规则进行解析.
- veto files (S)
- 这是一份既不可见又不可访问的文件及目录的列表.在列表中的每一项必须用'/'进行分隔,项目中允许有空格.可以用DOS通配符'*'和'?'来指定多个文件或目录.
; 隐藏任何文件名带有'Security'的文件, ; 任何扩展名是.tmp的文件,任何文件名带有'root'的文件 veto files = /*Security*/*.tmp/*root*/ ; 隐藏NetAtalk服务器创建的Apple专用的文件 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
- veto oplock files (S)
- 此选项只在对一个共享打开了oplocks选项时才有效.它允许Samba管理员在所选文件上选择性地关闭允许oplocks,这些文件可以用通配符列表来匹配,类拟于在veto
files
选项中所用的通配符列表.
- vfs object (S)
- 与 vfs objects 同义.
- vfs objects (S)
- This parameter specifies the backend names which are used
for Samba VFS I/O operations. By default, normal disk I/O operations are
used but these can be overloaded with one or more VFS objects.
- volume (S)
- 此选项允许你忽略共享项提供的卷标.这对于那些坚持要使用一个特殊卷标的安装程序光盘来说很有用.缺省就是共享项的卷标.
- wide links (S)
- 此选项控制服务器是否跟踪UNIX文件系统中的符号链接.指向服务器导出的目录树的链接总是被允许的;此选项只是控制对导出目录树以外的区域的访问情况.
- winbind cache time (G)
- This parameter specifies the number of seconds the
winbindd(8) daemon will cache user and group information before
querying a Windows NT server again.
- winbind enable local accounts (G)
- This parameter controls whether or not winbindd will act as
a stand in replacement for the various account management hooks in
smb.conf (e.g. 'add user script'). If enabled, winbindd will support the
creation of local users and groups as another source of UNIX account
information available via getpwnam() or getgrgid(), etc...
- winbind enum groups (G)
- On large installations using winbindd(8) it may be
necessary to suppress the enumeration of groups through the
setgrent(), getgrent() and endgrent() group of system
calls. If the winbind enum groups parameter is no, calls to
the getgrent() system call will not return any data.
- winbind enum users (G)
- On large installations using winbindd(8) it may be
necessary to suppress the enumeration of users through the
setpwent(), getpwent() and endpwent() group of system
calls. If the winbind enum users parameter is no, calls to
the getpwent system call will not return any data.
- winbind gid (G)
- This parameter is now an alias for idmap gid
- winbind separator (G)
- This parameter allows an admin to define the character used
when listing a username of the form of DOMAIN \user. This
parameter is only applicable when using the pam_winbind.so and
nss_winbind.so modules for UNIX services.
- winbind trusted domains only (G)
- This parameter is designed to allow Samba servers that are
members of a Samba controlled domain to use UNIX accounts distributed vi
NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary
domain. Therefore, the user 'SAMBA\user1' would be mapped to the account
'user1' in /etc/passwd instead of allocating a new uid for him or her.
- winbind uid (G)
- This parameter is now an alias for idmap uid
- winbind use default domain (G)
- This parameter specifies whether the winbindd(8)
daemon should operate on users without domain component in their username.
Users without a domain component are treated as is part of the winbindd
server's own domain. While this does not benifit Windows users, it makes
SSH, FTP and e-mail function in a way much closer to the way they would in
a native unix system.
- wins hook (G)
- 当把Samba作为一台WINS服务器运行时,此选项允许你调用一个外部程序更改WINS数据库.此项主要用于动态更新外部名字解析数据库,如动态DNS.
- wins partners (G)
- A space separated list of partners' IP addresses for WINS
replication. WINS partners are always defined as push/pull partners as
defining only one way WINS replication is unreliable. WINS replication is
currently experimental and unreliable between samba servers.
- wins proxy (G)
- 此布尔量选项控制nmbd(8)
是否代替其它主机响应广播名字查询.对一些旧版本客户就可能需要把它设为
yes .
- wins server (G)
- 此选项指定nmbd要注册的WINS服务器的IP地址(或DNS域名:IP地址优先(for
preference)).如果在你的网络上有一台WINS服务器,就应该把此项设为该服务器的IP地址.
- wins support (G)
- 此布尔量选项控制nmbd(8)进程是否作为WINS服务器.你不应该把它设为yes,除非有多子网或希望特定的nmbd作为你的WINS服务器.注意在网络上有多台WINS服务器时不应把它设为yes.
- workgroup (G)
- 此选项规定Samba所在的工作组以便让客户查询.注意它也规定在使用security
= domain时所用的域名.
- writable (S)
- 与 writeable
相同,是为拼写错误者准备的
:-)
- writeable (S)
- 注意它与 read only
反义.
- write cache size (S)
- If this integer parameter is set to non-zero value, Samba
will create an in-memory cache for each oplocked file (it does not
do this for non-oplocked files). All writes that the client does not
request to be flushed directly to disk will be stored in this cache if
possible. The cache is flushed onto disk when a write comes in whose
offset would not fit into the cache or when the file is closed by the
client. Reads for the file are also served from this cache if the data is
stored within it.
- write list (S)
- 此选项设置对服务项有读写权的用户列表.如果正在连接的用户属于此列表,那他们就可以有写入权,而不管read
only为何值.此列表可以用@group形式描述组名.
- write ok (S)
- 注意它与 read only
反义.
- write raw (G)
- 此选项规定服务器是否在从客户端传输数据时支持原始方式写SMB消息块.你不应该更改它.
- wtmp directory (G)
- This parameter is only available if Samba has been
configured and compiled with the option --with-utmp. It specifies
a directory pathname that is used to store the wtmp or wtmpx files
(depending on the UNIX system) that record user connections to a Samba
server. The difference with the utmp directory is the fact that user info
is kept after a user has logged out.