other languages
SMB.CONF(5) | SMB.CONF(5) |
NAME¶
smb.conf - Samba組件的配置檔案總覽 SYNOPSIS¶
smb.conf是Samba組件的配置檔案,包含Samba程式運行時的配置信 息. smb.conf被設計成可由swat (8)程式來配置和管理.本檔案包含了 關於smb.conf的檔案格式和可能出現的選項的完整描述以供參考.檔案格式 FILE FORMAT¶
本檔案由一系列段和選項構成.一個段由一對方括號中的段名開始,直到下一個段名結束.包含在段中的選項按以下格式定義:段描述 SECTION DESCRIPTIONS¶
配置檔案的每一段([global]段除外)描述一項共享資源.段名就是共享名,段內的選項設置確定了該共享資源的屬性.[foo] path = /home/bar read only = no
[aprinter] path = /usr/spool/public read only = yes printable = yes guest ok = yes
特殊段 SPECIAL SECTIONS¶
[global] 全局選項段 ¶
這一段中定義的選項是伺服器的全局性設置,如果在其他段中沒有再對這些選項進行重新設置的話還可以作為它們的預設選項.更多的說明請參閱'PARAMETERS'部分的內容.[homes] 個人目錄段¶
如果配置檔案中包含名為'homes'的段,就可以建立客戶到自己在伺服器上的個人目錄的連接.- 共享名從'homes'改為查到的使用者名.
- 如果沒有指定訪問路徑,則設置為該使用者的個人目錄.
-
[homes] read only = no
[printers] 列表機共享設置段¶
這一段很像[homes]段,不過是用於設置共享列表機的.- 共享名被設置為查找到的列表機名.
-
- 如果未給出列表機名,則把列表機名設為前面查找到的列表機名.
-
- 如果該共享資源不允許以guest身份進行訪問,且沒有給出使用者名,那麼使用者名就被設為前面查找到的列表機名.
-
[printers] path = /usr/spool/public guest ok = yes printable = yes
別名1|別名2|別名3|別名4...
選項 PARAMETERS¶
選項定義了每個段的屬性.變量替換 VARIABLE SUBSTITUTIONS¶
在配置檔案中可以用很多字符串進行替換.例如,當使用者以john的名稱建立連接後,選項"path = /tmp/%u"就被解釋成"path = /tmp/john".- %U
- 對話使用者名(客戶端想要的使用者名不一定與取得的一致.)
- %G
- %U的使用者組名
- %h
- 運行Samba的主機的internet主機名
- %m
- 客戶機的NetBIOS名(非常有用)
- %L
- 伺服器的NetBIOS名.這使得你可以根據調用的客戶端來改變你的配置,這樣你的伺服器就可以擁有"雙重個性".
- %M
- 客戶端的internet主機名
- %R
- 協議協商後選擇的協議,它可以是CORE,COREPLUS,LANMAN1,LANMAN2或NT1中的一種.
- %d
- 當前samba伺服器的進程號.
- %a
- 遠程主機的結構.現在只能認出來某些類型,並且不是100%可靠.目前支持的有Samba、WfWg、WinNT和Win95.任何其他的都被認作"UNKNOWN".如果出現錯誤就給samba-bugs@samba.org發一個3級的日誌以便修復這個bug.
- %I
- 客戶機的IP地址.
- %T
- 當前的日期和時間.
- %D
- Name of the domain or workgroup of the current user.
- %$(envvar)
- The value of the environment variable envar.
- %S
- 當前服務名
- %P
- 當前服務的根目錄
- %u
- 當前服務的使用者名
- %g
- %u的使用者組名
- %H
- %u所表示的使用者的宿主目錄
- %N
- tNIS伺服器的名字.它從auto.map獲得.如果沒有用--with-auto-mount選項編譯samba,那麼它的值和%L相同.
- %p
- 使用者宿主目錄的路徑.它由NIS的auot.map得到.NIS的auot.map入口項被分為"%N:%p".
NAME¶
Samba支持"名稱修正",這樣dos和windows客戶端就可以使用與8.3格式不一致的檔案.也可以用來調整8.3格式檔名的大小寫.- mangle case = yes/no
- 作用是控制是否對不符合預設寫法的名稱進行修正.例如,如果設為yes,像"Mail"這樣的檔名就會被修正.預設設置是no.
- case sensitive = yes/no
- 控制檔名是否區分大小寫.如果不區分的話,Samba就必須在傳遞名稱時查找並匹配檔名.預設設置是no.
- default case = upper/lower
- 控制新檔名大小寫預設值.預設設置是小寫.
- preserve case = yes/no
- 控制建新檔案時是否用客戶所提供的大小寫形式,或強制用預設形式.預設為yes.
- short preserve case = yes/no
- 控制新建8.3格式的檔名時是全部用大寫及合適長度,還是強制用預設情況.它可以和上面的"preserve
case =
yes"聯用以允許長檔名保持大小寫不變,而短檔名為小寫.本項的預設設置是
yes.
使用者名/口令檢驗中的注意事項 NOTE ABOUT USERNAME/PASSWORD VALIDATION¶
使用者有多種連接到服務項的方式.伺服器按照下面的步驟來確定是否允許客戶對指定服務的連接.如果下面步驟全部失敗,則拒絕使用者的連接請求.如果某一步通過,餘下的檢驗就不再進行.- 第一步:
- 如果客戶端提供一對使用者名和口令,且這對使用者名和口令經unix系統口令程式檢驗為有效,那麼就以該使用者名建立連接.注意,這包括用\\server\service%username方式傳遞使用者名.
- 第二步:
- 如果客戶端事先在系統上注冊了一個使用者名,並且提供了正確的口令,就允許建立連接.
- 第三步:
- 根據提供的口令檢查客戶端的netbios名及以前用過的使用者名,如匹配,就允許以該使用者名建立連接.
- 第四步:
- 如果客戶端以前有合法的使用者名和口令,並獲得了有效的令牌,就允許以該使用者名建立連接.
- 第五步:
- 如果在smb.conf裏設置了"user
=
"字段,且客戶端提供了一個口令,口令經UNIX系統檢驗,並與"user="字段裏某一個使用者匹配,那麼就允許以"user="裏匹配到的使用者名建立連接.如果"user="字段是以@開始,那麼該名字會展開為同名組裏的使用者名列表
.
- 第六步:
- 如果這是一個提供給guest用的服務項,那麼連接以"guest
account
="裏給出的使用者名建立,而不考慮提供的口令.
全局選項完整列表 COMPLETE LIST OF GLOBAL PARAMETERS¶
以下列出了所有的全局選項,各選項的詳細說明請參看後面的相應段落.注意,有些選項的意義是相同的.- •
- abort shutdown script
- •
- add group script
- •
- add machine script
- •
- addprinter command
- •
- add share command
- •
- add user script
- •
- add user to group script
- •
- afs username map
- •
- algorithmic rid base
- •
- allow trusted domains
- •
- announce as
- •
- announce version
- •
- auth methods
- •
- auto services
- •
- bind interfaces only
- •
- browse list
- •
- change notify timeout
- •
- change share command
- •
- client lanman auth
- •
- client ntlmv2 auth
- •
- client plaintext auth
- •
- client schannel
- •
- client signing
- •
- client use spnego
- •
- config file
- •
- deadtime
- •
- debug hires timestamp
- •
- debuglevel
- •
- debug pid
- •
- debug timestamp
- •
- debug uid
- •
- default
- •
- default service
- •
- delete group script
- •
- deleteprinter command
- •
- delete share command
- •
- delete user from group script
- •
- delete user script
- •
- dfree command
- •
- disable netbios
- •
- disable spoolss
- •
- display charset
- •
- dns proxy
- •
- domain logons
- •
- domain master
- •
- dos charset
- •
- enable rid algorithm
- •
- encrypt passwords
- •
- enhanced browsing
- •
- enumports command
- •
- get quota command
- •
- getwd cache
- •
- guest account
- •
- hide local users
- •
- homedir map
- •
- host msdfs
- •
- hostname lookups
- •
- hosts equiv
- •
- idmap backend
- •
- idmap gid
- •
- idmap uid
- •
- include
- •
- interfaces
- •
- keepalive
- •
- kernel change notify
- •
- kernel oplocks
- •
- lanman auth
- •
- large readwrite
- •
- ldap admin dn
- •
- ldap delete dn
- •
- ldap filter
- •
- ldap group suffix
- •
- ldap idmap suffix
- •
- ldap machine suffix
- •
- ldap passwd sync
- •
- ldap port
- •
- ldap server
- •
- ldap ssl
- •
- ldap suffix
- •
- ldap user suffix
- •
- lm announce
- •
- lm interval
- •
- load printers
- •
- local master
- •
- lock dir
- •
- lock directory
- •
- lock spin count
- •
- lock spin time
- •
- log file
- •
- log level
- •
- logon drive
- •
- logon home
- •
- logon path
- •
- logon script
- •
- lpq cache time
- •
- machine password timeout
- •
- mangled stack
- •
- mangle prefix
- •
- mangling method
- •
- map to guest
- •
- max disk size
- •
- max log size
- •
- max mux
- •
- max open files
- •
- max protocol
- •
- max smbd processes
- •
- max ttl
- •
- max wins ttl
- •
- max xmit
- •
- message command
- •
- min passwd length
- •
- min password length
- •
- min protocol
- •
- min wins ttl
- •
- name cache timeout
- •
- name resolve order
- •
- netbios aliases
- •
- netbios name
- •
- netbios scope
- •
- nis homedir
- •
- ntlm auth
- •
- nt pipe support
- •
- nt status support
- •
- null passwords
- •
- obey pam restrictions
- •
- oplock break wait time
- •
- os2 driver map
- •
- os level
- •
- pam password change
- •
- panic action
- •
- paranoid server security
- •
- passdb backend
- •
- passwd chat
- •
- passwd chat debug
- •
- passwd program
- •
- password level
- •
- password server
- •
- pid directory
- •
- prefered master
- •
- preferred master
- •
- preload
- •
- preload modules
- •
- printcap
- •
- private dir
- •
- protocol
- •
- read bmpx
- •
- read raw
- •
- read size
- •
- realm
- •
- remote announce
- •
- remote browse sync
- •
- restrict anonymous
- •
- root
- •
- root dir
- •
- root directory
- •
- security
- •
- server schannel
- •
- server signing
- •
- server string
- •
- set primary group script
- •
- set quota command
- •
- show add printer wizard
- •
- shutdown script
- •
- smb passwd file
- •
- smb ports
- •
- socket address
- •
- socket options
- •
- source environment
- •
- stat cache
- •
- syslog
- •
- syslog only
- •
- template homedir
- •
- template primary group
- •
- template shell
- •
- time offset
- •
- time server
- •
- timestamp logs
- •
- unicode
- •
- unix charset
- •
- unix extensions
- •
- unix password sync
- •
- update encrypted
- •
- use mmap
- •
- username level
- •
- username map
- •
- use spnego
- •
- utmp
- •
- utmp directory
- •
- winbind cache time
- •
- winbind enable local accounts
- •
- winbind enum groups
- •
- winbind enum users
- •
- winbind gid
- •
- winbind separator
- •
- winbind trusted domains only
- •
- winbind uid
- •
- winbind use default domain
- •
- wins hook
- •
- wins partners
- •
- wins proxy
- •
- wins server
- •
- wins support
- •
- workgroup
- •
- write raw
- •
- wtmp directory
服務選項完整列表 COMPLETE LIST OF SERVICE PARAMETERS¶
以下列出了所有關於服務項的選項,各選項的詳細說明請參見後面的相應段落.注意,有些選項的意義是相同的.- •
- acl compatibility
- •
- admin users
- •
- afs share
- •
- allow hosts
- •
- available
- •
- blocking locks
- •
- block size
- •
- browsable
- •
- browseable
- •
- case sensitive
- •
- casesignames
- •
- comment
- •
- copy
- •
- create mask
- •
- create mode
- •
- csc policy
- •
- default case
- •
- default devmode
- •
- delete readonly
- •
- delete veto files
- •
- deny hosts
- •
- directory
- •
- directory mask
- •
- directory mode
- •
- directory security mask
- •
- dont descend
- •
- dos filemode
- •
- dos filetime resolution
- •
- dos filetimes
- •
- exec
- •
- fake directory create times
- •
- fake oplocks
- •
- follow symlinks
- •
- force create mode
- •
- force directory mode
- •
- force directory security mode
- •
- force group
- •
- force security mode
- •
- force user
- •
- fstype
- •
- group
- •
- guest account
- •
- guest ok
- •
- guest only
- •
- hide dot files
- •
- hide files
- •
- hide special files
- •
- hide unreadable
- •
- hide unwriteable files
- •
- hosts allow
- •
- hosts deny
- •
- inherit acls
- •
- inherit permissions
- •
- invalid users
- •
- level2 oplocks
- •
- locking
- •
- lppause command
- •
- lpq command
- •
- lpresume command
- •
- lprm command
- •
- magic output
- •
- magic script
- •
- mangle case
- •
- mangled map
- •
- mangled names
- •
- mangling char
- •
- map acl inherit
- •
- map archive
- •
- map hidden
- •
- map system
- •
- max connections
- •
- max print jobs
- •
- max reported print jobs
- •
- min print space
- •
- msdfs proxy
- •
- msdfs root
- •
- nt acl support
- •
- only guest
- •
- only user
- •
- oplock contention limit
- •
- oplocks
- •
- path
- •
- posix locking
- •
- postexec
- •
- preexec
- •
- preexec close
- •
- preserve case
- •
- printable
- •
- printcap name
- •
- print command
- •
- printer
- •
- printer admin
- •
- printer name
- •
- printing
- •
- print ok
- •
- profile acls
- •
- public
- •
- queuepause command
- •
- queueresume command
- •
- read list
- •
- read only
- •
- root postexec
- •
- root preexec
- •
- root preexec close
- •
- security mask
- •
- set directory
- •
- share modes
- •
- short preserve case
- •
- strict allocate
- •
- strict locking
- •
- strict sync
- •
- sync always
- •
- use client driver
- •
- user
- •
- username
- •
- users
- •
- use sendfile
- •
- -valid
- •
- valid users
- •
- veto files
- •
- veto oplock files
- •
- vfs object
- •
- vfs objects
- •
- volume
- •
- wide links
- •
- writable
- •
- writeable
- •
- write cache size
- •
- write list
- •
- write ok
每一個選項的詳細解釋 EXPLANATION OF EACH PARAMETER¶
- abort shutdown script (G)
- This parameter only exists in the HEAD cvs branch
This a full path name to a script called by smbd(8) that should
stop a shutdown procedure issued by the shutdown script.
- acl compatibility (S)
- This parameter specifies what OS ACL semantics should be
compatible with. Possible values are winnt for Windows NT 4,
win2k for Windows 2000 and above and auto. If you specify
auto, the value for this parameter will be based upon the version
of the client. There should be no reason to change this parameter from the
default.
- add group script (G)
- This is the full pathname to a script that will be run
AS ROOT by smbd(8) when a new group is requested. It will
expand any %g to the group name passed. This script is only useful
for installations using the Windows NT domain administration tools. The
script is free to create a group with an arbitrary name to circumvent unix
group name restrictions. In that case the script must print the numeric
gid of the created group on stdout.
- add machine script (G)
- This is the full pathname to a script that will be run by
smbd(8) when a machine is added to it's domain using the
administrator username and password method.
- addprinter command (G)
- With the introduction of MS-RPC based printing support for
Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon
is now also available in the "Printers..." folder displayed a
share listing. The APW allows for printers to be add remotely to a Samba
or Windows NT/2000 print server.
- add share command (G)
- Samba 2.2.0 introduced the ability to dynamically add and
delete shares via the Windows NT 4.0 Server Manager. The add share
command is used to define an external program or script which will add
a new service definition to smb.conf. In order to successfully
execute the add share command, smbd requires that the
administrator be connected using a root account (i.e. uid == 0).
- add user script (G)
- 這個選項指出一個稿本的完整檔案路徑,這個稿本將在特定環境下(下面有詳細解釋)由smbd
(8) 以root身份執行.
- add user to group script (G)
- Full path to the script that will be called when a user is
added to a group using the Windows NT domain administration tools. It will
be run by smbd(8) AS ROOT. Any %g will be replaced
with the group name and any %u will be replaced with the user name.
- admin users (S)
- admin
users定義一組對共享有管理特權的使用者.就相當於這些使用者可以像超級使用者那樣操作所有的檔案.
- afs share (S)
- This parameter controls whether special AFS features are
enabled for this share. If enabled, it assumes that the directory exported
via the path parameter is a local AFS import. The special AFS
features include the attempt to hand-craft an AFS token if you enabled
--with-fake-kaserver in configure.
- afs username map (G)
- If you are using the fake kaserver AFS feature, you might
want to hand-craft the usernames you are creating tokens for. For example
this is necessary if you have users from several domain in your AFS
Protection Database. One possible scheme to code users as DOMAIN+User as
it is done by winbind with the + as a separator.
- algorithmic rid base (G)
- This determines how Samba will use its algorithmic mapping
from uids/gid to the RIDs needed to construct NT Security Identifiers.
- allow hosts (S)
- 和hosts allow同義.
- allow trusted domains (G)
- 這個選項只在security選項被設成server或domain模式時才有效果.如果設為no的話,嘗試聯接到smbd運行的域或工作組以外的資源時會失敗,即使那個域是由遠程伺服器驗証為可信的也不行.
- announce as (G)
- 這個選項定義nmbd(8)
對網路鄰居聲稱的伺服器類型.預設為windows
NT.可選項有"NT",它與"NT
Server"同義,"NT Server","NT
Workstation","Win95"或"WfW",它們分別代表Windows
NT Server,Windows NT Workstation,Windows 95和Windows for
Workgroups.除非有特殊的需要不想讓samba以windows
NT的身份出現,一般不要改動這個選項,因為這可能會影響samba作為瀏覽伺服器的正確性.
- announce version (G)
- 此選項定義nmbd用於聲明伺服器版本號的主版本號和次版本號.預設版本號的是4.9。除非有特殊的必要想將samba設為低版本,一般不要改動這個選項.
- auth methods (G)
- This option allows the administrator to chose what
authentication methods smbd will use when authenticating a user.
This option defaults to sensible values based on security. This
should be considered a developer option and used only in rare
circumstances. In the majority (if not all) of production servers, the
default setting should be adequate.
- auto services (G)
- 與 preload 同義.
- available (S)
- 這個選項可以用來關掉一個服務項.如果available
= no,那麼
所有對該服務的連接都會失敗.而這些失敗會被記錄下來.
- bind interfaces only (G)
- 這個全局選項允許samba管理員限制一台主機的某一個網路接口用於響應請求.這會對於smbd(8)檔案服務和nmbd(8)名字服務造成些許影響.
- blocking locks (S)
- 此項控制在客戶為了在打開檔案處獲得一個字節范圍的鎖定而發出請求時smbd(8)的動作,同時
該請求會有一個與之相關的時限.
- block size (S)
- This parameter controls the behavior of smbd(8) when
reporting disk free sizes. By default, this reports a disk block size of
1024 bytes.
- browsable (S)
- 與 browseable 同義。
- browseable (S)
- 這個選項控制共享資源在可獲得共享列表、net
view命令及瀏覽列表裏是否可見.
- browse list (G)
- 它控制smbd(8)是否執行一個NetServerEnum調用來為客戶提供一個瀏覽列表.正常情況它被設為yes.這個選項可能永遠不需要改動.
- case sensitive (S)
- 參見NAME
MANGLING段的討論.
- casesignames (S)
- 與 case sensitive 同義.
- change notify timeout (G)
- samba允許客戶端告訴伺服器監視某個特定目錄的任何變化,僅當有變化發生的時候回復SMB請求.這種連續不斷的掃描在unix系統上代價很高,因此,smbd(8)只在等待change
notify
timeout時間後才對每個請求的目錄執行一次掃描.
- change share command (G)
- Samba 2.2.0 introduced the ability to dynamically add and
delete shares via the Windows NT 4.0 Server Manager. The change share
command is used to define an external program or script which will
modify an existing service definition in smb.conf. In order to
successfully execute the change share command, smbd requires
that the administrator be connected using a root account (i.e. uid == 0).
- client lanman auth (G)
- This parameter determines whether or not
smbclient(8) and other samba client tools will attempt to
authenticate itself to servers using the weaker LANMAN password hash. If
disabled, only server which support NT password hashes (e.g. Windows
NT/2000, Samba, etc... but not Windows 95/98) will be able to be connected
from the Samba client.
- client ntlmv2 auth (G)
- This parameter determines whether or not
smbclient(8) will attempt to authenticate itself to servers using
the NTLMv2 encrypted password response.
- client plaintext auth (G)
- Specifies whether a client should send a plaintext password
if the server does not support encrypted passwords.
- client schannel (G)
- This controls whether the client offers or even demands the
use of the netlogon schannel. client schannel = no does not offer
the schannel, server schannel = auto offers the schannel but does
not enforce it, and server schannel = yes denies access if the
server is not able to speak netlogon schannel.
- client signing (G)
- This controls whether the client offers or requires the
server it talks to to use SMB signing. Possible values are auto,
mandatory and disabled.
- client use spnego (G)
- This variable controls controls whether samba clients will
try to use Simple and Protected NEGOciation (as specified by rfc2478) with
WindowsXP and Windows2000 servers to agree upon an authentication
mechanism. SPNEGO client support for SMB Signing is currently broken, so
you might want to turn this option off when operating with Windows 2003
domain controllers in particular.
- comment (S)
- 這是一段當客戶用網上鄰居(net
view)察看伺服器上共享資源時顯示的說明文字.
- config file (G)
- 這可以使samba使用指定的配置檔案來替代預設的配置檔案,(通常是smb.conf).如果設置了這個選項,會出現一個先有雞還是先有蛋的問題!
- copy (S)
- 這使你可以克隆服務.
指定的服務以當前服務的名字進行簡單的複製,當前服務裏定義的選項將替代被拷服務裏任何相應的選項.
- create mask (S)
- 與 create mode 同義.
- create mode (S)
- 與 create mask 同義.
- csc policy (S)
- This stands for client-side caching policy, and
specifies how clients capable of offline caching will cache the files in
the share. The valid values are: manual, documents, programs, disable.
- deadtime (G)
- 這個值(十進制整數)定義連接發呆超時,單位是分鐘.如果一個連接發超過了這個時間就會被斷開.如果有檔案被打開了,這個時間就不起作用.
- debug hires timestamp (G)
- 有些時候記錄信息需要比秒更高層次的時間標識,用這個布爾量選項可以向時間標識信息頭中加入以微秒級的頻率.
- debuglevel (G)
- 與 log level 同義.
- debug pid (G)
- 為很多從smbd(8)fork出來的進程使用同一個記錄檔案時,很難精確地跟蹤信息是哪個進程輸出的.用這個布爾量選項向時間標識信息頭中自動添加進程號.
- debug timestamp (G)
- samba預設會給調試紀錄信息加上時間標識.如果運行的是高級別debug
level的調試,這個時間標識可以被轉移.用這個選項可以將時間標識關閉.
- debug uid (G)
- samba有時以root身份運行,而有時以已聯接的使用者來運行.使用這個布爾量選項可以向記錄檔案的時間標識信息頭中自動插入當前的euid,egid,uid和gid標識.
- default (G)
- 與 default service 同義.
- default case (S)
- 參見"NAME MANGLING"段.
也注意一下 short preserve
case選項.
- default devmode (S)
- This parameter is only applicable to printable services.
When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each
printer on the Samba server has a Device Mode which defines things such as
paper size and orientation and duplex settings. The device mode can only
correctly be generated by the printer driver itself (which can only be
executed on a Win32 platform). Because smbd is unable to execute the
driver code to generate the device mode, the default behavior is to set
this field to NULL.
- default service (G)
- 這個選項定義一個當指定服務找不到時的預設服務.注意,在選項值裏沒有方括號(看示例!).
[global] default service = pub [pub] path = /%S
- delete group script (G)
- This is the full pathname to a script that will be run
AS ROOT smbd(8) when a group is requested to be deleted. It
will expand any %g to the group name passed. This script is only
useful for installations using the Windows NT domain administration tools.
- deleteprinter command (G)
- With the introduction of MS-RPC based printer support for
Windows NT/2000 clients in Samba 2.2, it is now possible to delete printer
at run time by issuing the DeletePrinter() RPC call.
- delete readonly (S)
- 這個選項允許刪除只讀檔案,這個只讀不是通常dos裏的含義,而是unix中的.
- delete share command (G)
- Samba 2.2.0 introduced the ability to dynamically add and
delete shares via the Windows NT 4.0 Server Manager. The delete share
command is used to define an external program or script which will
remove an existing service definition from smb.conf. In order to
successfully execute the delete share command, smbd requires
that the administrator be connected using a root account (i.e. uid == 0).
- delete user from group script (G)
- Full path to the script that will be called when a user is
removed from a group using the Windows NT domain administration tools. It
will be run by smbd(8) AS ROOT. Any %g will be
replaced with the group name and any %u will be replaced with the
user name.
- delete user script (G)
- 它定義一個在使用RPC(NT)工具管理使用者時,fBsmbd(8)以root身份運行的包括路徑的一個稿本.
- delete veto files (S)
- 這個選項用於samba試圖刪除一個或多個包含禁止檔案的目錄的情況(參見veto
files選項).
如果這個選項設置為
no(預設情況),那麼如果一個禁止目錄裏包含了任何非禁止的檔案或目錄,刪除就會失敗.這通常正是你所希望的.
- deny hosts (S)
- 與 hosts deny 同義.
- dfree command (G)
- dfree
command只需在磁碟空間計算有問題的系統上使用.這個空間計算的問題僅在Ultrix系統上發生過,但在其他的作業系統上也有可能發生.發生這個問題的現象是在每個目錄列表最後發生錯誤並提示"Abort
Retry Ignore".
#!/bin/sh df $1 | tail -1 | awk '{print $2" "$4}'
#!/bin/sh /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
- directory (S)
- 與 path 同義.
- directory mask (S)
- 這個選項是8進制的模式。用來控制在生成UNIX目錄時,將其從dos模式轉換為unix模式。
- directory mode (S)
- 與 directory mask 同義。
- directory security mask (S)
- 此選項控制了NT客戶在他的本地NT安全對話框中操縱unix目錄權限時可以修改哪些權限位.
- disable netbios (G)
- Enabling this parameter will disable netbios support in
Samba. Netbios is the only available form of browsing in all windows
versions except for 2000 and XP.
- disable spoolss (G)
- Enabling this parameter will disable Samba's support for
the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba
2.0.x. Windows NT/2000 clients will downgrade to using Lanman style
printing commands. Windows 9x/ME will be uneffected by the
選項。 However, this will also disable the ability to
upload printer drivers to a Samba server via the Windows NT Add Printer
Wizard or by using the NT printer properties dialog window. It will also
disable the capability of Windows NT/2000 clients to download print
drivers from the Samba host upon demand. Be very careful about enabling
this 選項。
- display charset (G)
- Specifies the charset that samba will use to print messages
to stdout and stderr and SWAT will use. Should generally be the same as
the unix charset.
- dns proxy (G)
- 指定nmbd(8)像WINS伺服器那樣尋找沒有登記的NetBIOS名,像對待DNS名那樣逐字的對待NetBIOS名,向DNS伺服器查詢該名稱所代表的客戶端.
- domain logons (G)
- 如果這個選項為yes,Samba伺服器將為workgroup提供Windows
95/98 登陸域服務.Samba
2.2只能實現Windows NT 4
域中域控制器的有限功能。有關設置這個功能的更詳細信息參見Samba
文件中的Samba-PDC-HOWTO。
- domain master (G)
- 這個選項告訴smbd(8)收集廣域網內的瀏覽列表.設置這個選項後,nmbd用一個特定的NetBIOS名向它的工作組標識它自己是一個主控瀏覽器.在同一工作組不同子網中的本地主控瀏覽器將把自己的瀏覽列表傳給nmbd,然後向smbd(8)
請求整個網路上瀏覽列表的完整拷貝.客戶端將和他們的本地主控瀏覽器聯系,得到整個域范圍內的瀏覽列表,而不只是子網上的列表.
- dont descend (S)
- 有些系統上存在某些特殊的路徑(比如linux中的/proc),這些目錄不需要(也不希望)客戶端關心,甚至可能具有無限的層次深度(遞歸的).這個選項允許你指定一個由逗號分隔的列表,伺服器將把列表內包含的目錄始終顯示成空目錄.
- dos charset (G)
- DOS SMB clients assume the server has the same charset as
they do. This option specifies which charset Samba should talk to DOS
clients.
- dos filemode (S)
- The default behavior in Samba is to provide UNIX-like
behavior where only the owner of a file/directory is able to change the
permissions on it. However, this behavior is often confusing to
DOS/Windows users. Enabling this parameter allows a user who has write
access to the file (by whatever means) to modify the permissions on it.
Note that a user belonging to the group owning the file will not be
allowed to change permissions if the group is only granted read access.
Ownership of the file/directory is not changed, only the permissions are
modified.
- dos filetime resolution (S)
- 在DOS和Windows
FAT檔案系統中,時間的計量精度是2秒。對共享資源設置這個選項,可以使得在一個向
smbd(8)的查詢需要1秒精度時,Samba把報告的時間精度降低到2秒左右。
- dos filetimes (S)
- 在DOS和Windows作業系統中,如果使用者對檔案進行寫操作,就會改變檔案的時間記錄.而在POSIX規則中,只有檔案的所有者和root才有改變檔案時間記錄的能力.預設的,Samba按照POSIX規則運行,如果smbd的使用者不是檔案的所有者,那麼他對檔案的操作不會改變檔案的時間記錄.如果設置這個選項為
yes,那麼
smbd(8)就按照DOS的規則運行,並且按照DOS系統的要求改變檔案的時間記錄.
- enable rid algorithm (G)
- This option is used to control whether or not smbd in Samba
3.0 should fallback to the algorithm used by Samba 2.2 to generate user
and group RIDs. The longterm development goal is to remove the algorithmic
mappings of RIDs altogether, but this has proved to be difficult. This
parameter is mainly provided so that developers can turn the algorithm on
and off and see what breaks. This parameter should not be disabled by
non-developers because certain features in Samba will fail to work without
it.
- encrypt passwords (G)
- 這個布爾型值控制著是否與客戶端用加密口令進行交談.注意,NT4.0
SP3 及以上還有WINDOWS
98在預設情況下使用加密口令進行交談,除非改變了注冊表的相應健值.想要使用加密口令,清參閱Samba
HOWTO Collection中的 "User Database"
章節。
- enhanced browsing (G)
- This option enables a couple of enhancements to
cross-subnet browse propagation that have been added in Samba but which
are not standard in Microsoft implementations.
- enumports command (G)
- The concept of a "port" is fairly foreign to UNIX
hosts. Under Windows NT/2000 print servers, a port is associated with a
port monitor and generally takes the form of a local port (i.e. LPT1:,
COM1:, FILE:) or a remote port (i.e. LPD Port Monitor, etc...). By
default, Samba has only one port defined-- "Samba Printer
Port". Under Windows NT/2000, all printers must have a valid port
name. If you wish to have a list of ports displayed ( smbd does
not use a port name for anything) other than the default "Samba
Printer Port", you can define enumports command to point
to a program which should generate a list of ports, one per line, to
standard output. This listing will then be used in response to the level 1
and 2 EnumPorts() RPC.
- exec (S)
- 與 preexec 同義。
- fake directory create times (S)
- NTFS和Windows
VFAT檔案系統為每一個檔案和目錄保留一個創建時間.
這個時間和UNIX下的狀態改變時間--ctime不同.
所以, 在預設狀態下,
Samba將報告UNIX系統所保持的各種時間屬性中的最早的那個作為(檔案/目錄)建立時間.
如果在一個共享中設置了這個選項,
將會使得Samba偽造一個目錄生成時間,
這個時間就是1980.01.01的午夜.
- fake oplocks (S)
- oplocks是這樣一個選項,
它允許SMB客戶端在本地緩存對伺服器的檔案操作.
如果伺服器允許oplock(opportunistic
lock)操作,
客戶端可以簡單的認為,
它自己是唯一的檔案訪問者,
可以隨意的緩存檔案.
有些oplocks類型甚至允許緩存檔案的打開和關閉操作.
這個操作換來性能上的巨大提升.
- follow symlinks (S)
- 這個選項允許Samba管理員禁止某個特殊共享下smbd(8)對符號鏈接的訪問.
將這個選項設置為
no將會阻止這個共享下的任何鏈接形式的檔案或目錄被查看(使用者將會得到一個錯誤訊息).例如:
這個選項將阻止客戶將
/etc/passwd檔案鏈接到自己的主目錄.
(我們看到,
這是很有用的). 但是,
它將會使檔案名字的查找速度慢一些.
- force create mode (S)
- 這個選項設置一組UNIX格式的權限代碼,
當Samba建立新文件的時候,
總是會使用這個權限設置新文件,
通過將新文件的權限位和這組權限代碼做逐位與,
就完成了設置工作.預設狀態下,
這個選項設置為八進制000,在
create
mask加到新建立的檔案的權限位上後,
與這個值進行按位與操作,
就得到檔案建立時的權限設置.
- force directory mode (S)
- 這個選項設置一組UNIX格式的權限代碼,
當Samba建立新目錄的時候,
總是會使用這個權限設置新目錄,
通過將新目錄的權限位和這組權限代碼做逐位與,
就完成了設置工作.預設狀態下,
這個選項設置為八進制000,在
directory
mask加到新建立的目錄的權限位上後,與這個值進行按位與操作,
就得到目錄建立時的權限設置.
- force directory security mode (S)
- 此選項控制NT使用者通過本地NT安全對話框可以操作哪些目錄上的unix權限位.
- force group (S)
- 這個選項指定一個UNIX組,
所有連接到服務上的使用者都被強迫使用這個組作為"主組".
所有訪問檔案的使用者都使用這個組的訪問權限做權限檢查.
因此,
通過分配檔案和目錄的訪問權限給這個使用者組,
Samba的管理員可以限制或允許對共享檔案的訪問.
- force security mode (S)
- 此選項控制NT使用者通過本地NT安全對話框可以操作哪些目錄上的unix權限位.
- force user (S)
- 這個選項指定一個UNIX使用者的名字,
所有連接到服務上的使用者的預設名字就使用這個名字.
(由於權限的原因)在共享檔案時這個選項是有用的.你必須小心使用這個選項,
它有可能帶來安全上的問題.
- fstype (S)
- 這個選項允許管理員設置一個字符串說明共享的檔案系統的類型,
當客戶端有查詢時,
smbd(8)將這個字符串作為正在使用的檔案系統的類型報告給客戶端.
為了和 Windows
NT相容預設值設置是
NTFS,
當然,如果必要的話,也可以改變為其它的字符串,例如
Samba或FAT.
- get quota command (G)
- The get quota command should only be used whenever
there is no operating system API available from the OS that samba can use.
- getwd cache (G)
- 這是一個性能調節選項.
當這個選項允許時,
一個高速緩沖算法將被用來減少調用"getwd()"的時間.
這個選項對性能會產生很大的影響,
特別是在 wide
links選項設為
no的時候.
- group (S)
- 與 force group 同義。
- guest account (G,S)
- 這是一個用來訪問服務的使用者名(作為客戶來訪賬戶,區別於系統上的使用者),
當然,
被訪問的服務必須先設置了選項fI
guest ok.
這個賬戶所擁有的所有權利都會反映到以"訪問客戶(guest)"身份連接進來的客戶身上.
典型的,
這個客戶必須在passwd檔案中存在,
但是沒有有效的登入權限.通常系統中存在著名為"ftp"的賬戶,把這個賬戶名使用在這裏是個好主意.注意:如果一個服務指定了一個專用的訪問使用者名,這個專用名將代替這裏的使用者名.
- guest ok (S)
- 如果一個服務的這個選項的值設為yes,
那末,
連接到這個服務不需要口令,
權限設置為 guest
account的權限.
- guest only (S)
- 如果一個服務的這個選項設置為
yes, 那末,
只有客戶(guest)訪問被允許,
也就是說,
不允許以其他使用者的身份訪問.如果沒有設置
guest ok選項,
則此選項無效.
- hide dot files (S)
- 這是一個布爾值選項.
控制檔名最前面一個字符為"."的檔案是否表現為隱含檔案(UNIX檔案系統中,
最前面為"."的檔案是隱含檔案).
- hide files (S)
- 這是一個隱藏檔案或目錄的列表.這些檔案不能被看見但是能被訪問.列表中的檔案或目錄將被賦予DOS下的"隱藏"屬性.
- hide local users (G)
- This parameter toggles the hiding of local UNIX users
(root, wheel, floppy, etc) from remote clients.
- hide special files (S)
- This parameter prevents clients from seeing special files
such as sockets, devices and fifo's in directory listings.
- hide unreadable (S)
- This parameter prevents clients from seeing the existance
of files that cannot be read. Defaults to off.
- hide unwriteable files (S)
- This parameter prevents clients from seeing the existance
of files that cannot be written to. Defaults to off. Note that unwriteable
directories are shown as usual.
- homedir map (G)
- 如果nis homedir
選項的值為 yes,同時,
smbd(8)也作為win95/98的登入伺服器,那麼,這個選項指明一個NIS(或者YP)映射.指向使用者主目錄所在的伺服器.目前,只認識Sun的auto.home映射格式.映射格式如下:
- host msdfs (G)
- If set to yes, Samba will act as a Dfs server, and
allow Dfs-aware clients to browse Dfs trees hosted on the server.
- hostname lookups (G)
- Specifies whether samba should use (expensive) hostname
lookups or use the ip addresses instead. An example place where hostname
lookups are currently used is when checking the hosts deny and
hosts allow.
- hosts allow (S)
- 與allow hosts 同義.
- hosts deny (S)
- hosts
allow選項的反義詞.所有被列入這個選項中的主機的服務都
不允許被訪問,除非這個被訪問的服務定義了自己的允許列表.當允許的主機列表和禁止的主機列表發生沖突的時候,allow優先.
- hosts equiv (G)
- 如果這個選項值不是空字符串,就指定了一個檔名.這個檔案中列出了可以不用口令就允許訪問的主機和使用者的名字.
- idmap backend (G)
- The purpose of the idmap backend parameter is to allow
idmap to NOT use the local idmap tdb file to obtain SID to UID / GID
mappings, but instead to obtain them from a common LDAP backend. This way
all domain members and controllers will have the same UID and GID to SID
mappings. This avoids the risk of UID / GID inconsistencies across UNIX /
Linux systems that are sharing information over protocols other than
SMB/CIFS (ie: NFS).
- idmap gid (G)
- The idmap gid parameter specifies the range of group ids
that are allocated for the purpose of mapping UNX groups to NT group SIDs.
This range of group ids should have no existing local or NIS groups within
it as strange conflicts can occur otherwise.
- idmap uid (G)
- The idmap uid parameter specifies the range of user ids
that are allocated for use in mapping UNIX users to NT user SIDs. This
range of ids should have no existing local or NIS users within it as
strange conflicts can occur otherwise.
- include (G)
- 這個選項使得你可以把一個配置檔案插入到另一個配置檔案中去.這只是一種文本替換,就在好像被插入的檔案的那個位置直接寫入那個插入檔案一樣.
- inherit acls (S)
- This parameter can be used to ensure that if default acls
exist on parent directories, they are always honored when creating a
subdirectory. The default behavior is to use the mode specified when
creating the directory. Enabling this option sets the mode to 0777, thus
guaranteeing that default directory acls are propagated.
- inherit permissions (S)
- The permissions on new files and directories are normally
governed by create mask, directory mask, force create
mode and force directory mode but the boolean inherit
permissions parameter overrides this.
- interfaces (G)
- 這個選項允許你超越預設的Samba用來處理瀏覽,名字注冊和其他NBT網路流量的網路借口列表.
預設情況Samba向核心查詢所有活動的接口列表並且使用除了127.0.0.1
之外的接口.
- invalid users (S)
- 這是一個不允許在這個服務上登入的使用者的名單.這的確是一個非常嚴格的(paranoid)檢查,確保任何可能的不適當的設置都不會破壞你的系統的安全.
- keepalive (G)
- 這個選項是一個整數,它表示用於keepalive包間隔的秒數.如果這個選項是0,那麼就不發送保持連接的包.發送保持連接的包使得主機可以確定客戶端是否還在響應。
- kernel change notify (G)
- This parameter specifies whether Samba should ask the
kernel for change notifications in directories so that SMB clients can
refresh whenever the data on the server changes.
- kernel oplocks (G)
- 在支持基於核心的
oplocks(opportunistic
lock)的UNIX系統上(目前只有IRIX
和Linux2.4核心),這個選項允許打開或關閉對這個特性的利用.
- lanman auth (G)
- This parameter determines whether or not smbd(8)
will attempt to authenticate users using the LANMAN password hash. If
disabled, only clients which support NT password hashes (e.g. Windows
NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS
network client) will be able to connect to the Samba host.
- large readwrite (G)
- This parameter determines whether or not smbd(8)
supports the new 64k streaming read and write varient SMB requests
introduced with Windows 2000. Note that due to Windows 2000 client
redirector bugs this requires Samba to be running on a 64-bit capable
operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve
performance by 10% with Windows 2000 clients. Defaults to on. Not as
tested as some other Samba code paths.
- ldap admin dn (G)
- The ldap admin dn defines the Distinguished Name
(DN) name used by Samba to contact the ldap server when retreiving user
account information. The ldap admin dn is used in conjunction with
the admin dn password stored in the private/secrets.tdb file. See
the smbpasswd(8) man page for more information on how to accmplish
this.
- ldap delete dn (G)
- This parameter specifies whether a delete operation in the
ldapsam deletes the complete entry or only the attributes specific to
Samba.
- ldap filter (G)
- 這個選項指定了RFC2254相容的LDAP搜索過濾器。預設對所有匹配sambaAccount對象類的條目進行登入名和
uid
屬性之間的匹配。注意這個過濾器只應當返回一個條目.
- ldap group suffix (G)
- This parameters specifies the suffix that is used for
groups when these are added to the LDAP directory. If this parameter is
unset, the value of ldap suffix will be used instead.
- ldap idmap suffix (G)
- This parameters specifies the suffix that is used when
storing idmap mappings. If this parameter is unset, the value of ldap
suffix will be used instead.
- ldap machine suffix (G)
- It specifies where machines should be added to the ldap
tree.
- ldap passwd sync (G)
- This option is used to define whether or not Samba should
sync the LDAP password with the NT and LM hashes for normal accounts (NOT
for workstation, server or domain trusts) on a password change via SAMBA.
- ldap port (G)
- 這個選項只有在編譯時配置了"--with-ldap"選項的情況下才可用.
- ldap server (G)
- 這個選項只有在編譯時配置了"--with-ldapsam"選項的情況下才可用.
- ldap ssl (G)
- This option is used to define whether or not Samba should
use SSL when connecting to the ldap server This is NOT related to
Samba's previous SSL support which was enabled by specifying the
--with-ssl option to the configure script.
- ldap suffix (G)
- 指定使用者和機器帳號從哪裏加入樹中。可以被ldap
user suffix和 ldap machine
suffix選項越過。它也用作所有ldap搜索的base
dn。
- ldap user suffix (G)
- This parameter specifies where users are added to the tree.
If this parameter is not specified, the value from ldap suffix.
- level2 oplocks (S)
- 這個參數控制了是否Samba在一個共享上支持第二級(只讀)oplocks。
- lm announce (G)
- 這個選項決定nmbd(8)是否產生"Lanman宣告廣播",OS/2的客戶端需要這個廣播用以在它們的瀏覽列表裏看到Samba伺服器.這個選項有3個值:yes、no、auto.預設值是auto.如果這值為no,Samba將不會產生這種廣播.如果設置為yes,Samba將以lm
interval選項的值為頻率產生這種廣播.如果設置為
auto,Samba並不發出這類廣播,但是偵聽他們.如果收到這樣的廣播,它就開始發送這種廣播,頻率還是以lm
interval選項設定的為準.
- lm interval (G)
- 如果Samba設置為產生"Lanman宣告廣播(給OS/2客戶端使用,參見lm
announce選項).那麼,這裏的選項設定了以秒為單位的發生頻率.如果這個選項設置為"0",則不管
lm
announce選項的值,永遠不會發出任何"Lanman宣告廣播".
- load printers (G)
- 這個布爾值控制是否在"printcap"檔案中的所有列表機將會被預設的安裝到Samba環境,並且可以被瀏覽.參見"printers"段獲得更多細節.
- local master (G)
- 這個選項允許nmbd(8)試著去成為本地子網的主控瀏覽器.如果選項值為no,
nmbd不會去爭取這個權利.在預設情況下,這個值為
yes.設置這個值為yes,並不意味著become
就一定會成為本地的主瀏覽器,只是意味著
become
會參加成為主瀏覽器的選舉.
- lock dir (G)
- 與 lock directory 同義.
- lock directory (G)
- 這個選項指出"加鎖檔案"放置的目錄.加鎖檔案用以實現最大連接數max
connections.
- locking (S)
- 這個選項控制當客戶端發出鎖定請求時,伺服器是否執行"鎖定".
- lock spin count (G)
- This parameter controls the number of times that smbd
should attempt to gain a byte range lock on the behalf of a client
request. Experiments have shown that Windows 2k servers do not reply with
a failure if the lock could not be immediately granted, but try a few more
times in case the lock could later be aquired. This behavior is used to
support PC database formats such as MS Access and FoxPro.
- lock spin time (G)
- The time in microseconds that smbd should pause before
attempting to gain a failed lock. See lock spin count for more
details.
- log file (G)
- 這個選項允許設置其它的檔案名字來替代Samba日誌檔案(也就是調試檔案).
- log level (G)
- 這個值(字符串)允許在smb.conf裏定義調試水平(記錄水平).This
parameter has been extended since the 2.2.x series, now it allow to
specify the debug level for multiple debug classes.
這給系統配置帶來更大的靈活性.
- logon drive (G)
- 這個選項設置一個本地路徑(可以理解為網路映射盤),當登入時,使用者的主目錄就連接到這個本地路徑(參見logon
home).
- logon home (G)
- 當Win95/98或Win
NT工作站登入到Samba
PDC時,它們的主目錄的位置.設置了這個選項,就允許在(DOS)提示符下使用形如:
- logon path (G)
- 這個選項指定了存放roaming
profile(WindowsNT的NTuser.dat
等檔案)的使用者目錄.Contrary
to previous versions of these manual pages, it has nothing to do with Win
9X roaming profiles. To find out how to handle roaming profiles for Win 9X
system, see the logon home parameter.
- logon script (G)
- 這個選項指明,當一個使用者成功的登入後,將會自動下載到本地執行的稿本檔案,這個稿本檔案可能是一個批處理檔案(.bat)或者一個NT命令檔案(.cmd).這個稿本檔案必須使用DOS風格的回車/換行(CR/LF)來結束每一行,因此,我們推薦使用DOS風格的文字編輯器來建立這個檔案.
NET USE Q:\SERVERISO9001_QA
- lppause command (S)
- 這個選項指定在伺服器上中斷指定的列印作業的列印或假脫機列印操作所使用的指令.
- lpq cache time (G)
- 此選項控制了lpq信息多長時間被緩沖一次,以防止頻繁調用lpq命令.每一次系統使用lpq命令會保留一個單獨的緩沖,所以如果不同的使用者分別使用了不同的lpq命令的話,他們不可能共享緩沖信息.
- lpq command (S)
- 這個選項指定為了獲得lpq風格的列表機狀態信息而要在伺服器上要執行的命令.
- lpresume command (S)
- 此選項指定為了繼續連續列印或假脫機一個指定的列印任務時要在伺服器上執行的命令.
- lprm command (S)
- 此選項指定為了要刪除一個列印任務而需要在伺服器上執行的命令.
- machine password timeout (G)
- 如果samba伺服器是Windows
NT域成員的話(參見
security=domain選項),那麼運行中的smbd進程會周期性地試著改變儲存在叫做
private/secrets.tdb的TDB中的MACHINE ACCOUNT
PASSWORD.這個參數指定了密碼將多久更換一次,以秒為單位。預設值是一個星期(當然要以秒來表示),這與NT域成員伺服器是一樣的.
- magic output (S)
- 此選項指定了一個用magic稿本輸出內容而建立的檔案的名稱,參見下面對magic
script選項的描述.
- magic script (S)
- 這個選項用來指定將被伺服器執行的檔案的名字,這個檔案如果已經打開,那麼,當這個檔案關閉後伺服器同樣也可以運行.這樣就允許了一個UNIX稿本可以傳送到samba主機,並為所連接的使用者運行.
- mangle case (S)
- 參見NAME MANGLING部分.
- mangled map (S)
- 這個選項是用來直接映射那些不能在Windows/DOS上描述的unix檔名.不過並不經常出現這樣的情況,只有一些特殊的擴展名在DOS和UNIX之間才會不同,例如,HTML檔案在UNIX下通常都是.html,而在Windows/DOS下通常卻是.htm.
- mangled names (S)
- 這個選項控制是否要把UNIX下的非DOS檔名映射為DOS相容的形式("mangled")並使得它們可以查閱,或者簡單地忽略掉這些非DOS檔名.
- mangled stack (G)
- 這個選項控制了映射檔名的數量,以便讓Samba伺服器smbd(8)對其進行緩存.
- mangle prefix (G)
- controls the number of prefix characters from the original
name used when generating the mangled names. A larger value will give a
weaker hash and therefore more name collisions. The minimum value is 1 and
the maximum value is 6.
- mangling char (S)
- 這個選項指定在name
mangling操作中使用什麼樣的字符作為
magic字符.預設是用了'~',不過有些軟體可能會在使用上受到某些妨礙.可以設定為你想要的字符.
- mangling method (G)
- controls the algorithm used for the generating the mangled
names. Can take two different values, "hash" and
"hash2". "hash" is the default and is the algorithm
that has been used in Samba for many years. "hash2" is a newer
and considered a better algorithm (generates less collisions) in the
names. However, many Win32 applications store the mangled names and so
changing to the new algorithm must not be done lightly as these
applications may break unless reinstalled.
- map acl inherit (S)
- This boolean parameter controls whether smbd(8) will
attempt to map the 'inherit' and 'protected' access control entry flags
stored in Windows ACLs into an extended attribute called user.SAMBA_PAI.
This parameter only takes effect if Samba is being run on a platform that
supports extended attributes (Linux and IRIX so far) and allows the
Windows 2000 ACL editor to correctly use inheritance with the Samba POSIX
ACL mapping code.
- map archive (S)
- 這個選項決定了是否把DOS的歸檔屬性映射為UNIX可執行位.在檔案修改後DOS的歸檔位會被設定到檔案上.保持歸檔位的一個理由是使得Samba或者你的PC在新建任何檔案的時候,不會為它們設置UNIX可執行屬性。那樣對於共享原始碼、文件等等非常讓人厭煩。
- map hidden (S)
- 這個選項決定DOS下的隱藏檔案是否要映射為UNIX全局可執行位.
- map system (S)
- 這個選項決定DOS下的系統檔案是否要映射為UNIX組可執行位.
- map to guest (G)
- 這個選項只在安全模式不是共享級(security=share)時才有用,也就是選用了使用者安全級,伺服器安全級或者域安全級(user,
server, 和domain).
- max connections (S)
- 最大聯接數就是允許同時聯接到一個資源服務的最大數量限制.在max
connections大於0的情況下,如果聯接數超過了最大聯接數設定時,超出的聯接將被拒絕.如果設為0的話就沒有這樣的聯接限制了.
- max disk size (G)
- 控制磁碟使用的上限.如果把它設為100的話,所有的共享資源容量都不會超過100M.
- max log size (G)
- 這個選項(一個kB為單位的整數)用來指定使用的記錄檔案最大到多少容量.samba會周期性地檢查這個容量,如果超過這個選項值就把老的檔案換名成擴展名為.old的檔案.
- max mux (G)
- 這個選項控制了對使用者允許的最大SMB並發操作數.你應該不需要設定這個選項的.
- max open files (G)
- 這個選項限定了在任意時間客戶端用一個
smbd(8)檔案服務進程可以打開的最大檔案數.預設的值非常高(10,000),因為對於每個未打開的檔案只使用其中的一位.
- max print jobs (S)
- This parameter limits the maximum number of jobs allowable
in a Samba printer queue at any given moment. If this number is exceeded,
smbd(8) will remote "Out of Space" to the client. See all
total print jobs.
- max protocol (G)
- 此項的值是一個字符串,定義了伺服器支持的最高協議等級.
- max reported print jobs (S)
- This parameter limits the maximum number of jobs displayed
in a port monitor for Samba printer queue at any given moment. If this
number is exceeded, the excess jobs will not be shown. A value of zero
means there is no limit on the number of print jobs reported. See all
total print jobs and max print jobs parameters.
- max smbd processes (G)
- This parameter limits the maximum number of smbd(8)
processes concurrently running on a system and is intended as a stopgap to
prevent degrading service to clients in the event that the server has
insufficient resources to handle more than this number of connections.
Remember that under normal operating conditions, each user will have an
smbd(8) associated with him or her to handle connections to all
shares from a given host.
- max ttl (G)
- 這個選項通知nmbd(8)
當它用廣播或從WINS伺服器請求一個名字時,這個NetBIOS名字的有效時間('time
to live',
以秒計)是多長.你不需要去碰這個選項,預設值是3天.
- max wins ttl (G)
- 這個選項通知smbd(8)程式當它作為一個WINS伺服器時(wins
support
=true),nmbd承認的最長NetBIOS名字生存時間('time
to
live',以秒計).你不需要去改變這個選項的,預設值是6天(518400秒).
- max xmit (G)
- 這個選項控制通過samba的最大包容量.預設值是65535,同時這也是最大值.有時你可能用一個較小的值可以得到更好的性能.不過低於2048通常會有一些問題.
- message command (G)
- 當伺服器接收到一個WinPopup類似的信息時運行一個指定的命令.
- min passwd length (G)
- 與 min password length 同義.
- min password length (G)
- 此項設定當執行變更UNIX口令時smbd接受的明文口令的最小字符長度.
- min print space (S)
- 此項設定一個使用者假脫機列印作業必須的最小剩餘磁碟空間.當然是用kB
為單位.預設設為0,就是說使用者總是可以假脫機列印作業.
- min protocol (G)
- The value of the parameter (a string) is the lowest SMB
protocol dialect than Samba will support. Please refer to the max
protocol parameter for a list of valid protocol names and a brief
description of each. You may also wish to refer to the C source code in
source/smbd/negprot.c for a listing of known protocol dialects
supported by clients.
- min wins ttl (G)
- 此項通知nmbd(8)當以WINS伺服器的形式(wins
support =
yes)執行時,它所承認的NetBIOS名字的最小有效時間(以秒為單位).這個選項無需更改,預設是6小時(21600秒)
- msdfs proxy (S)
- This parameter indicates that the share is a stand-in for
another CIFS share whose location is specified by the value of the
選項。 When clients attempt to connect to this share,
they are redirected to the proxied share using the SMB-Dfs protocol.
- msdfs root (S)
- If set to yes, Samba treats the share as a Dfs root
and allows clients to browse the distributed file system tree rooted at
the share directory. Dfs links are specified in the share directory by
symbolic links of the form msdfs:serverA\\shareA,serverB\\shareB
and so on. For more information on setting up a Dfs tree on Samba, refer
to ???.
- name cache timeout (G)
- Specifies the number of seconds it takes before entries in
samba's hostname resolve cache time out. If the timeout is set to 0. the
caching is disabled.
- name resolve order (G)
- samba套件中的一些程式使用此項來決定使用的名字服務以及解析主機名到IP地址的次序.主要目的是控制netbios名稱怎樣解析。此選項列出不同的名字解析選項,以空格為分隔符.
- netbios aliases (G)
- 此項指定一串NetBIOS名字讓nmbd作為附加的名字進行宣布.這樣就使一個機器在可瀏覽列表中可以出現多個名字形式.如果主機是瀏覽伺服器或登入伺服器,
就不會出現這些附加的別名,而只會使用它的初始名字.
- netbios name (G)
- 此項對一已知的samba伺服器設置它的NetBIOS名.預設情況下會使用此主機DNS名字的主機名部分.如果這個伺服器是作瀏覽伺服器或登入伺服器時(或是主機DNS名的第一個成分時),這個伺服器名將成為這些服務對外宣布時所用的名字.
- netbios scope (G)
- This sets the NetBIOS scope that Samba will operate under.
This should not be set unless every machine on your LAN also sets this
value.
- nis homedir (G)
- 此項從NIS映射表中取得有效共享伺服器.對於用自動裝載程式的UNIX系統來說,使用者的主目錄經常根據需要從遠程伺服器裝載到一個需要的工作站上.
- nt acl support (S)
- 此布爾量選項控制是否讓smbd(8)嘗試把UNIX權限映射到NT的訪問控制列表.這個參數在2.2.2之前是一個全局選項。
- ntlm auth (G)
- This parameter determines whether or not smbd(8)
will attempt to authenticate users using the NTLM encrypted password
response. If disabled, either the lanman password hash or an NTLMv2
response will need to be sent by the client.
- nt pipe support (G)
- 此布爾量選項控制是否讓smbd(8)允許Windows
NT使用者聯接到NT的特殊SMB管道
IPC$.這通常是開發者所用的調試項,其它使用者可以不管.
- nt status support (G)
- This boolean parameter controls whether smbd(8) will
negotiate NT specific status support with Windows NT/2k/XP clients. This
is a developer debugging option and should be left alone. If this option
is set to no then Samba offers exactly the same DOS error codes
that versions prior to Samba 2.2.3 reported.
- null passwords (G)
- Allow or disallow client access to accounts that have null
passwords.
允許或禁止使用者以空口令使用賬號.
- obey pam restrictions (G)
- When Samba 3.0 is configured to enable PAM support (i.e.
--with-pam), this parameter will control whether or not Samba should obey
PAM's account and session management directives. The default behavior is
to use PAM for clear text authentication only and to ignore any account or
session management. Note that Samba always ignores PAM for authentication
in the case of encrypt passwords = yes. The reason is that PAM
modules cannot support the challenge/response authentication mechanism
needed in the presence of SMB password encryption.
- only guest (S)
- 與 guest only同義.
- only user (S)
- 此布爾量選項控制是否允許當前進行聯接所用的使用者名沒有列在user列表中.預設情況下此項是被禁止了,這樣使用者只要提供服務需要的使用者名就可以了.設置這個選項將強制伺服器使用user列表中的登入使用者名,這只在共享級安全中有效。
- oplock break wait time (G)
- 此項調整性的選項以適應在Windows
9x和WinNT中可能出現的錯誤.當使用者發起一個會導致oplock暫停請求(oplock
break
request)的SMB對話時,如果samba對其響應太快的話,客戶端將會失敗並且不能響應此請求.這個可調整的選項(以毫秒為單位)是一個samba在向這樣的客戶發送oplock暫停請求前等待的時間量.
- oplock contention limit (S)
- 這是個非常高級的smbd(8)調整選項,用以改進在多個使用者爭奪相同檔案時oplocks認可操作的效率.
- oplocks (S)
- 此布爾量通知smbd是否對當前請求的共享資源上的檔案打開操作啟用oplocks(機會性的鎖定操作).oplock代碼可以明顯改善訪問samba伺服器檔案的速度(approx.30%
甚至更多).它允許本地緩存檔案,對於不可信賴的網路環境來說可能需要禁止掉這個選項(在Windows
NT伺服器上它是預設打開的).請參考samba
docs/目錄下的Speed.txt檔案.
- os2 driver map (G)
- The parameter is used to define the absolute path to a file
containing a mapping of Windows NT printer driver names to OS/2 printer
driver names. The format is:
- os level (G)
- 這個整數值控制在瀏覽器選舉中Samba宣布它本身是什麼系統級別.
此選項的值決定了
nmbd(8是否有機會成為本地廣播區域內工作組
WORKGROUP中的主控瀏覽器.
- pam password change (G)
- With the addition of better PAM support in Samba 2.2, this
parameter, it is possible to use PAM's password change control flag for
Samba. If enabled, then PAM will be used for password changes when
requested by an SMB client instead of the program listed in passwd
program. It should be possible to enable this without changing your
passwd chat parameter for most setups.
- panic action (G)
- 此項是一個samba開發者使用的選項以允許當smbd(8)或smbd(8)程式崩潰時可以調用一個系統命令.通常這種功能被用於發出對問題的警告.
- paranoid server security (G)
- Some version of NT 4.x allow non-guest users with a bad
passowrd. When this option is enabled, samba will not use a broken NT 4.x
server as password server, but instead complain to the logs and exit.
- passdb backend (G)
- This option allows the administrator to chose which
backends to retrieve and store passwords with. This allows (for example)
both smbpasswd and tdbsam to be used without a recompile. Multiple
backends can be specified, separated by spaces. The backends will be
searched in the order they are specified. New users are always added to
the first backend specified.
- passwd chat (G)
- 這個字串控制在smbd(8)和本地口令更改程式間更使用者口令時發生的"chat"對話.字符串描述一個應答接收對的序列,讓smbd(8)用於決定對passwd
program發送並等待接收哪些具體的內容.如果沒有收到預計的輸出時不會更改口令.
- passwd chat debug (G)
- 此布爾量指定口令對話稿本選項是否以
debug模式運行.在調試模式下,發送和接收的口令對話字符串會列印到debug
level為100時的
smbd(8)記錄檔案中.由於在
smbd
記錄中允許使用明文口令,所以這是個危險的選項.不過這個選項可以幫助Samba管理員在調用
passwd
program設好的口令程式時調試其
passwd chat
對話稿本,並且應該在完成以後把它關閉.這個選項在設置了
pam password
change選項時無效。預設情況下這個選項是關閉的.
- passwd program (G)
- 指定用於設定UNIX使用者口令的程式名.出現%u的地方表示以使用者名替換.在調用口令更改程式前會先檢查使用者名是否存在.
- password level (G)
- 在一些客戶端/伺服器群體中使用大小寫混合口令存在著困難.其中比較麻煩的一類客戶是WfWg,因為它在使用LANMAN1協議時出於某些理由而強調要使用大寫口令.不過當使用COREPLUS時不要修改它!
另外在Windows95/98
作業系統中會出問題:
即使選擇了會話中的NTLM0.12協議,這些客戶端也會將明文口令轉為大寫。
- password server (G)
- 通過在這裏指定其它的SMB伺服器或者活動目錄域控制器,同時使用security
=
[ads|domain|server],能把聯接samba的使用者名/口令合法性驗証交給指定的遠程伺服器去幹.
- path (S)
- 此項指定給出的服務項所用的系統路徑.在服務項具有可列印屬性時,列印假脫機數據會先存放在這個路徑所指的位置中.
This parameter specifies a directory to which the user of the service is
to be given access. In the case of printable services, this is where print
data will spool prior to being submitted to the host for printing.
- pid directory (G)
- This option specifies the directory where pid files will be
placed.
- posix locking (S)
- The smbd(8) daemon maintains an database of file
locks obtained by SMB clients. The default behavior is to map this
internal database to POSIX locks. This means that file locks obtained by
SMB clients are consistent with those seen by POSIX compliant applications
accessing the files via a non-SMB method (e.g. NFS or local file access).
You should never need to disable this 選項。
- postexec (S)
- 此項指定在斷開服務時運行的一個命令.它使用通常的替換項.此命令在一些系統中可能是以root身份來運行的.
- preexec (S)
- 此項指定在聯接到服務時運行一個命令.通常這也可以用一些替換項.
- preexec close (S)
- 此布爾量選項控制是否從preexec
返回的非零代碼會關閉所聯接的服務.
- prefered master (G)
- 這是為拼寫錯誤準備的。請查看
preferred master :-)
- preferred master (G)
- 此布爾量選項控制nmbd(8)是否作為工作組裏的首選主瀏覽器.
- preload (G)
- 此選項定義了要自動加入到瀏覽列表的服務項清單.這對於homes和printers服務項非常有用,否則這些服務將是不可見的.
- preload modules (G)
- This is a list of paths to modules that should be loaded
into smbd before a client connects. This improves the speed of smbd when
reacting to new connections somewhat.
- preserve case (S)
- 此項控制建立新的檔案時取名是否使用使用者傳遞的大小寫,還是強制使用default
case .
- printable (S)
- 如果此項設為yes,那麼使用者可以讀寫並發送列印緩存檔案到服務項指定的目錄中.
- printcap (G)
- 與 printcap name 同義.
- printcap name (S)
- 此項用於覆蓋掉編譯時產生的預設printcap名(通常是/etc/printcap).參見[printers]段的討論,它說明了為什麼要這樣做的理由.
print1|My Printer 1 print2|My Printer 2 print3|My Printer 3 print4|My Printer 4 print5|My Printer 5
- print command (S)
- 當一個列印作業完全緩沖到了服務項時,此項指定的命令就能過調用system()來處理那些緩存檔案.通常我們指定典型的命令來發送緩存檔案到主機的列印子系統,不過也不一定要這樣.伺服器不會刪除那些緩存檔案,所以你指定的任何命令都應當在處理完以後刪除檔案,否則的話就需要手動來刪除舊的緩存檔案了.
- printer (S)
- 與 printer name 同義。
- printer admin (S)
- This is a list of users that can do anything to printers
via the remote administration interfaces offered by MS-RPC (usually using
a NT workstation). Note that the root user always has admin rights.
- printer name (S)
- 此選項指定可列印性服務項用來列印緩存作業數據的列表機.
- printing (S)
- 此選項控制系統上如何解釋列表機狀態信息,而如果在[global]段中定義,它也會影響print
command, lpq command,lppause command,lpresume
command和 lprm
command這些選項的預設值
- print ok (S)
- 與 printable 同義。
- private dir (G)
- This parameters defines the directory smbd will use for
storing such files as smbpasswd and secrets.tdb.
- profile acls (S)
- This boolean parameter controls whether smbd(8) This
boolean parameter was added to fix the problems that people have been
having with storing user profiles on Samba shares from Windows 2000 or
Windows XP clients. New versions of Windows 2000 or Windows XP service
packs do security ACL checking on the owner and ability to write of the
profile directory stored on a local workstation when copied from a Samba
share.
- protocol (G)
- 與 max protocol 同義
- public (S)
- 與 guest ok 同義
- queuepause command (S)
- 定義伺服器暫停列印隊列時要執行的命令.
- queueresume command (S)
- 定義伺服器恢復暫停了的列印隊列時要執行的命令.就是用於恢復因為上面的選項(
queuepause
command)而導致的結果的.
- read bmpx (G)
- 此布爾量選項控制是否讓smbd(8)支持"多工讀塊"(Read
Block
Multiplex)的SMB.現在這種方式已經很少用了,所以預設是
no.一般你不需要設定此選項.
- read list (S)
- 此處給出對服務項有只讀權限的使用者清單.如果正在聯接的使用者屬於此列表,那麼他們將沒有寫權限,此時是不管read
only選項是否設置的.此列表可以包括用在
invalid users
選項中描述的語法定義的組名稱.
- read only (S)
- 注意它與 writeable
反義.
- read raw (G)
- 此選項控制著是否讓伺服器在傳送數據到客戶端時支持讀取原始的SMB請求.
- read size (G)
- 此項影響著磁碟讀/寫與網路讀/寫的輪流交替.如果在若幹個SMB命令(通常是SMBwrite,SMBwriteX和SMBreadbraw)中傳送的數據量超過此項設定的值時,伺服器開始就會在從網路接收整個數據包之前進行寫操作;在執行SMBreadbraw的情況下,伺服器在從磁碟上讀出所有數據之前就開始向網路中寫數據.
- realm (G)
- This option specifies the kerberos realm to use. The realm
is used as the ADS equivalent of the NT4 domain. It is usually set
to the DNS name of the kerberos server.
- remote announce (G)
- 此項允許你設置nmbd(8)周期性地向任意工作組的任意IP地址申明自己的存在.
- remote browse sync (G)
- 此項允許你設定nmbd(8)周期性地同步位於遠程(remote
segment)的Samba主瀏覽器上的瀏覽列表.同時也允許你收集位於具有交叉路由子網中主瀏覽器上的瀏覽列表.這是以一種和其他非Samba的伺服器不相容的方式進行的。
- restrict anonymous (G)
- 這個選項限制了是否在匿名連接中返回使用者和組列表信息,仿照了Windows2000
和NT在注冊表鍵值
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous
中的做法。設置為0的時候,任何請求都返回使用者和組列表。設置為1的時候,只有認証的使用者可以獲得使用者和組列表。設置為2的時候,只有Windows2000/XP和Samba支持,不允許匿名連接。這樣做會阻止需要匿名操作的M$或第三方程式運行。
- root (G)
- 與 root directory" 同義
- root dir (G)
- 與 root directory" 同義.
- root directory (G)
- 伺服器將在啟動時對此項所設之目錄進行chroot()(也就是改變根目錄)
操作.對於安全操作來說,這並不是十分必要的.如果沒有這步操作,伺服器會拒絕對服務項以外的檔案進行訪問.同時也檢查並拒絕那些檔案系統其它部分的軟鏈接或者嘗試在其它目錄(取決於選項
wide
links的設置情況)中使用".."這些操作.
- root postexec (S)
- 此項與
postexec選項含義相同,只是以root身份來運行命令而已.在一次聯接關閉之後對檔案系統,特別是光碟驅動器進行卸載是非常有用的.
- root preexec (S)
- 此項與
preexec選項含義相同,只是以root身份來運行命令而已.在一次聯接穩定建立之後裝載檔案系統,特別是光碟驅動器是非常有用的.
- root preexec close (S)
- 此項與preexec close
選項含義相同,只是以root身份來運行命令而已.
- security (G)
- 此項是smb.conf檔案中最重要的一個設定之一,它影響了客戶是如何應答Samba伺服器的.
2.0.0版本之前的Samba中,預設值是 security = share 主要因為當時只有這一個值可選。
- security mask (S)
- 此選項控制NT客戶用本地NT安全對話框操作UNIX權限時對權限所作的修改情況.
This parameter controls what UNIX permission bits can be modified when a
Windows NT client is manipulating the UNIX permission on a file using the
native NT security dialog box.
- server schannel (G)
- This controls whether the server offers or even demands the
use of the netlogon schannel. server schannel = no does not offer
the schannel, server schannel = auto offers the schannel but does
not enforce it, and server schannel = yes denies access if the
client is not able to speak netlogon schannel. This is only the case for
Windows NT4 before SP4.
- server signing (G)
- This controls whether the server offers or requires the
client it talks to to use SMB signing. Possible values are auto,
mandatory and disabled.
- server string (G)
- 此選項在列印管理器中的列表機信息對話框以及在net
view(網上鄰居)的IPC連接中顯示的伺服器信息.它可以是任何你希望向使用者顯示的字串.
- set directory (S)
- 如果 set directory =
no,則使用服務的使用者不能用setdir命令更變目錄.
- set primary group script (G)
- Thanks to the Posix subsystem in NT a Windows User has a
primary group in addition to the auxiliary groups. This script sets the
primary group in the unix userdatase when an administrator sets the
primary group from the windows user manager or when fetching a SAM with
net rpc vampire. %u will be replaced with the user whose
primary group is to be set. %g will be replaced with the group to
set.
- set quota command (G)
- The set quota command should only be used whenever
there is no operating system API available from the OS that samba can use.
- share modes (S)
- 此選項在一個檔案打開時允許或禁止share
modes.此模式可用於使客戶獲得對一個檔案獨佔的讀或寫訪問.
- short preserve case (S)
- 此布爾值選項控制著如果新檔案符合8.3檔名格式(所有字母都為大寫且長度適當),則以大寫字母建立檔案,否則就轉換為default
case .此選項可與 preserve case =
yes選項聯用,以允許長檔名保留大小寫,同時短檔名轉換為小寫。
- show add printer wizard (G)
- With the introduction of MS-RPC based printing support for
Windows NT/2000 client in Samba 2.2, a "Printers..." folder will
appear on Samba hosts in the share listing. Normally this folder will
contain an icon for the MS Add Printer Wizard (APW). However, it is
possible to disable this feature regardless of the level of privilege of
the connected user.
- shutdown script (G)
- This parameter only exists in the HEAD cvs branch
This a full path name to a script called by smbd(8) that should
start a shutdown procedure.
#!/bin/bash $time=0 let "time/60" let "time++" /sbin/shutdown $3 $4 +$time $1 &
- smb passwd file (G)
- 此選項設置加密口令檔案smbpasswd的路徑.預設路徑在編譯samba時指定.
- smb ports (G)
- Specifies which ports the server should listen on for SMB
traffic.
- socket address (G)
- 此選項允許你控制samba監聽連接所用的地址.它用於在一個伺服器上支持多個配置不同的虛擬接口.預設情況下samba會在任何地址上都接受連接請求.
- socket options (G)
- 此選項設置用於與客戶端交談的套接字選項.
- source environment (G)
- This parameter causes Samba to set environment variables as
per the content of the file named.
- stat cache (G)
- 此選項檢測smbd(8)是否使用緩存以提升映射不分大小寫名稱的速度.你無須更改此選項.
- strict allocate (S)
- This is a boolean that controls the handling of disk space
allocation in the server. When this is set to yes the server will
change from UNIX behaviour of not committing real disk storage blocks when
a file is extended to the Windows behaviour of actually forcing the disk
system to allocate real storage blocks when a file is created or extended
to be a given size. In UNIX terminology this means that Samba will stop
creating sparse files. This can be slow on some systems.
- strict locking (S)
- 此布爾量選項控制伺服器對檔案鎖的處理.當設為yes,則伺服器對檔案鎖檢查每次讀寫訪問,並拒絕鎖存在時的訪問.在有些系統上這可能會很慢.
- strict sync (S)
- 很多Windows應用(包括Windows
98瀏覽器)都會幹擾對刷新緩沖區內容到磁碟的操作.在UNIX下,一次同步調用強制進程掛起,直到核心確保把所有磁碟緩存區中的未完成數據安全地存到固定存儲設備中為止.此操作很慢,而且只能很少用到.把此選項設為
no (預設值)說明smbd(8)
忽略Windows應用請求的一次同步調用.這樣只有在Samba運行的作業系統崩潰時才可能丟失數據,因此預設設置危險性很小.另外,它修正人們報告的很多關於Windows98瀏覽器拷貝檔案的性能問題.
- sync always (S)
- 此布爾量選項控制是否在寫操作結束前把所寫的內容寫到固定存儲設備上.如果為no則伺服器將在每次寫調用中讓客戶請求來操縱它(客戶可以設置一個位碼來指出要同步一次特殊的寫操作).如果為yes則在每次寫操作後調用一次fsync()
以確保將數據寫到磁碟上.注意必須把
strict
sync選項設為yes以使本選項產生效果.
- syslog (G)
- 此選項決定samba調試信息號如何映射為系統syslog的記錄等級.調試級0映射為syslog的LOG_ERR,調試級1映射為
LOG_WARNING,調試級2映射為LOG_NOTICE,調試級3映射為LOG_INFO.所有更高的級別號映射為
LOG_DEBUG.
- syslog only (G)
- 此選項使samba只把調試級別號記錄到系統syslog,而不是調試記錄檔案.
- template homedir (G)
- When filling out the user information for a Windows NT
user, the winbindd(8) daemon uses this parameter to fill in the
home directory for that user. If the string %D is present it is
substituted with the user's Windows NT domain name. If the string
%U is present it is substituted with the user's Windows NT user
name.
- template primary group (G)
- This option defines the default primary group for each user
created by winbindd(8)'s local account management functions
(similar to the 'add user script').
- template shell (G)
- When filling out the user information for a Windows NT
user, the winbindd(8) daemon uses this parameter to fill in the
login shell for that user.
- time offset (G)
- 此選項是個加入到轉換標準GMT為當地時間操作的分鐘數.如果你向很多有不正確保存時間操作的主機提供服務時這就很有用了.
- time server (G)
- 此選項檢測nmbd(8)
是否以時間伺服器身份向Windows客戶通告自身.
- timestamp logs (G)
- 與 debug timestamp 同義.
- unicode (G)
- Specifies whether Samba should try to use unicode on the
wire by default. Note: This does NOT mean that samba will assume that the
unix machine uses unicode!
- unix charset (G)
- Specifies the charset the unix machine Samba runs on uses.
Samba needs to know this in order to be able to convert text to the
charsets other SMB clients use.
- unix extensions (G)
- This boolean parameter controls whether Samba implments the
CIFS UNIX extensions, as defined by HP. These extensions enable Samba to
better serve UNIX CIFS clients by supporting features such as symbolic
links, hard links, etc... These extensions require a similarly enabled
client, and are of no current use to Windows clients.
- unix password sync (G)
- 此布爾量選項控制samba是否在smbpasswd檔案中的加密SMB口令被更改時嘗試用SMB口令來同步UNIX口令.如設為yes則以root身份調用passwd
program選項中指定的程式
-
以允許設置新的UNIX口令而無需訪問原UNIX口令(因為更改SMB口令時代碼不訪問明文的原口令而只涉及新口令).
- update encrypted (G)
- 此布爾量選項使以明文口令登入的使用者在登入時自動更新smbpasswd檔案中的加密
(散列計算過的)口令.此選項允許一個站點從明文口令驗証方式(以明文口令驗証用
戶賬號並再次檢查UNIX賬號數據庫)移植到加密口令驗証方式(SMB的詢問/響應驗証
機制)而無需強制所有使用者在移植時通過smbpasswd重新輸入他們的口令.這對改變加
密口令移交要較長周期這種狀況來說很方便.一旦所有使用者都在smbpasswd檔案中擁
有他們加密過的口令,則此應該把此選項設為
no.
- use client driver (S)
- This parameter applies only to Windows NT/2000 clients. It
has no effect on Windows 95/98/ME clients. When serving a printer to
Windows NT/2000 clients without first installing a valid printer driver on
the Samba host, the client will be required to install a local printer
driver. From this point on, the client will treat the print as a local
printer and not a network printer connection. This is much the same
behavior that will occur when disable spoolss = yes.
- use mmap (G)
- This global parameter determines if the tdb internals of
Samba can depend on mmap working correctly on the running system. Samba
requires a coherent mmap/read-write system memory cache. Currently only
HPUX does not have such a coherent cache, and so this parameter is set to
no by default on HPUX. On all other systems this parameter should
be left alone. This parameter is provided to help the Samba developers
track down problems with the tdb internal code.
- user (S)
- 與 username 同義
- username (S)
- 在逗號分隔的列表中指定多個使用者以用於輪流(從左到右)測試所提供的口令.
- username level (G)
- 此選項在很多DOS客戶發送全大寫的使用者名時,幫助samba嘗試和“猜測”實際
UNIX使用者名.對於預設情況,Samba嘗試所有小寫形式,然後是首字母大寫形式,如果該
使用者名在UNIX主機上沒有找到則失敗.
- username map (G)
- 此選項允許你指定一個包含對客戶機到伺服器上的使用者名映射的檔案.它可用於幾個目的.最常見的是把用DOS或Windows主機的使用者的名稱映射到UNIX主機上的使用者.其它還有把多個使用者映射到單個使用者名上以使他們可以更簡單地共享檔案.
!sys = mary fred guest = *
- users (S)
- 與 username 同義.
- use sendfile (S)
- If this parameter is yes, and Samba was built with
the --with-sendfile-support option, and the underlying operating system
supports sendfile system call, then some SMB read calls (mainly ReadAndX
and ReadRaw) will use the more efficient sendfile system call for files
that are exclusively oplocked. This may make more efficient use of the
system CPU's and cause Samba to be faster. This is off by default as it's
effects are unknown as yet.
- use spnego (G)
- This variable controls controls whether samba will try to
use Simple and Protected NEGOciation (as specified by rfc2478) with
WindowsXP and Windows2000 clients to agree upon an authentication
mechanism. Unless further issues are discovered with our SPNEGO
implementation, there is no reason this should ever be disabled.
- utmp (G)
- This boolean parameter is only available if Samba has been
configured and compiled with the option --with-utmp. If set to
yes then Samba will attempt to add utmp or utmpx records (depending
on the UNIX system) whenever a connection is made to a Samba server. Sites
may use this to record the user connecting to a Samba share.
- utmp directory (G)
- This parameter is only available if Samba has been
configured and compiled with the option --with-utmp. It specifies
a directory pathname that is used to store the utmp or utmpx files
(depending on the UNIX system) that record user connections to a Samba
server. 參見 utmp 選項。 By default
this is not set, meaning the system will use whatever utmp file the native
system is set to use (usually /var/run/utmp on Linux).
- -valid (S)
- This parameter indicates whether a share is valid and thus
can be used. When this parameter is set to false, the share will be in no
way visible nor accessible.
- valid users (S)
- 這是一份允許登入服務項的使用者列表.以'@','+'和'&'開始的名稱用invalid
users
選項中的規則進行解析.
- veto files (S)
- 這是一份既不可見又不可訪問的檔案及目錄的列表.在列表中的每一項必須用'/'進行分隔,項目中允許有空格.可以用DOS通配符'*'和'?'來指定多個檔案或目錄.
; 隱藏任何檔名帶有'Security'的檔案, ; 任何擴展名是.tmp的檔案,任何檔名帶有'root'的檔案 veto files = /*Security*/*.tmp/*root*/ ; 隱藏NetAtalk伺服器創建的Apple專用的檔案 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
- veto oplock files (S)
- 此選項只在對一個共享打開了oplocks選項時才有效.它允許Samba管理員在所選檔案上選擇性地關閉允許oplocks,這些檔案可以用通配符列表來匹配,類擬於在veto
files
選項中所用的通配符列表.
- vfs object (S)
- 與 vfs objects 同義.
- vfs objects (S)
- This parameter specifies the backend names which are used
for Samba VFS I/O operations. By default, normal disk I/O operations are
used but these can be overloaded with one or more VFS objects.
- volume (S)
- 此選項允許你忽略共享項提供的卷標.這對於那些堅持要使用一個特殊卷標的安裝程式光碟來說很有用.預設就是共享項的卷標.
- wide links (S)
- 此選項控制伺服器是否跟蹤UNIX檔案系統中的符號鏈接.指向伺服器導出的目錄樹的鏈接總是被允許的;此選項只是控制對導出目錄樹以外的區域的訪問情況.
- winbind cache time (G)
- This parameter specifies the number of seconds the
winbindd(8) daemon will cache user and group information before
querying a Windows NT server again.
- winbind enable local accounts (G)
- This parameter controls whether or not winbindd will act as
a stand in replacement for the various account management hooks in
smb.conf (e.g. 'add user script'). If enabled, winbindd will support the
creation of local users and groups as another source of UNIX account
information available via getpwnam() or getgrgid(), etc...
- winbind enum groups (G)
- On large installations using winbindd(8) it may be
necessary to suppress the enumeration of groups through the
setgrent(), getgrent() and endgrent() group of system
calls. If the winbind enum groups parameter is no, calls to
the getgrent() system call will not return any data.
- winbind enum users (G)
- On large installations using winbindd(8) it may be
necessary to suppress the enumeration of users through the
setpwent(), getpwent() and endpwent() group of system
calls. If the winbind enum users parameter is no, calls to
the getpwent system call will not return any data.
- winbind gid (G)
- This parameter is now an alias for idmap gid
- winbind separator (G)
- This parameter allows an admin to define the character used
when listing a username of the form of DOMAIN \user. This
parameter is only applicable when using the pam_winbind.so and
nss_winbind.so modules for UNIX services.
- winbind trusted domains only (G)
- This parameter is designed to allow Samba servers that are
members of a Samba controlled domain to use UNIX accounts distributed vi
NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary
domain. Therefore, the user 'SAMBA\user1' would be mapped to the account
'user1' in /etc/passwd instead of allocating a new uid for him or her.
- winbind uid (G)
- This parameter is now an alias for idmap uid
- winbind use default domain (G)
- This parameter specifies whether the winbindd(8)
daemon should operate on users without domain component in their username.
Users without a domain component are treated as is part of the winbindd
server's own domain. While this does not benifit Windows users, it makes
SSH, FTP and e-mail function in a way much closer to the way they would in
a native unix system.
- wins hook (G)
- 當把Samba作為一台WINS伺服器運行時,此選項允許你調用一個外部程式更改WINS數據庫.此項主要用於動態更新外部名字解析數據庫,如動態DNS.
- wins partners (G)
- A space separated list of partners' IP addresses for WINS
replication. WINS partners are always defined as push/pull partners as
defining only one way WINS replication is unreliable. WINS replication is
currently experimental and unreliable between samba servers.
- wins proxy (G)
- 此布爾量選項控制nmbd(8)
是否代替其它主機響應廣播名字查詢.對一些舊版本客戶就可能需要把它設為
yes .
- wins server (G)
- 此選項指定nmbd要注冊的WINS伺服器的IP地址(或DNS域名:IP地址優先(for
preference)).如果在你的網路上有一台WINS伺服器,就應該把此項設為該伺服器的IP地址.
- wins support (G)
- 此布爾量選項控制nmbd(8)進程是否作為WINS伺服器.你不應該把它設為yes,除非有多子網或希望特定的nmbd作為你的WINS伺服器.注意在網路上有多台WINS伺服器時不應把它設為yes.
- workgroup (G)
- 此選項規定Samba所在的工作組以便讓客戶查詢.注意它也規定在使用security
= domain時所用的域名.
- writable (S)
- 與 writeable
相同,是為拼寫錯誤者準備的
:-)
- writeable (S)
- 注意它與 read only
反義.
- write cache size (S)
- If this integer parameter is set to non-zero value, Samba
will create an in-memory cache for each oplocked file (it does not
do this for non-oplocked files). All writes that the client does not
request to be flushed directly to disk will be stored in this cache if
possible. The cache is flushed onto disk when a write comes in whose
offset would not fit into the cache or when the file is closed by the
client. Reads for the file are also served from this cache if the data is
stored within it.
- write list (S)
- 此選項設置對服務項有讀寫權的使用者列表.如果正在連接的使用者屬於此列表,那他們就可以有寫入權,而不管read
only為何值.此列表可以用@group形式描述組名.
- write ok (S)
- 注意它與 read only
反義.
- write raw (G)
- 此選項規定伺服器是否在從客戶端傳輸數據時支持原始方式寫SMB消息塊.你不應該更改它.
- wtmp directory (G)
- This parameter is only available if Samba has been
configured and compiled with the option --with-utmp. It specifies
a directory pathname that is used to store the wtmp or wtmpx files
(depending on the UNIX system) that record user connections to a Samba
server. The difference with the utmp directory is the fact that user info
is kept after a user has logged out.