Questions about smb.conf parameters and variables
Carlos Miguel Bustillo Rodriguez
cbustillo at uclv.edu.cu
Tue Jul 3 12:22:06 MDT 2012
Hello Marc
>
>in my test environment my log is filled with several "Unknown parameter
>encountered" messages. Is there already a list, which parameters are gone/new
>in s4? But some of the parameters, samba complains, are still used by the smbd
>process for s3fs, I guess, right (like "guest ok" or "writeable")?
>
>
The following parameters have been removed:
- passdb backend: accounts are now stored in a LDB-based SAM database
- update encrypted
- public
- guest ok
- client schannel
- server schannel
- allow trusted domains
- hosts equiv
- map to guest
- smb passwd file
- algorithmic rid base
- root directory
- root dir
- root
- guest account
- enable privileges
- pam password change
- passwd program
- passwd chat debug
- passwd chat timeout
- check password script
- username map
- username level
- unix password sync
- restrict anonymous
- username
- user
- users
- invalid users
- valid users
- admin users
- read list
- write list
- printer admin
- force user
- force group
- group
- write ok
- writeable
- writable
- acl check permissions
- acl group control
- acl map full control
- create mask
- create mode
- force create mode
- security mask
- force security mode
- directory mask
- directory mode
- force directory mode
- directory security mask
- force directory security mode
- force unknown acl user
- inherit permissions
- inherit acls
- inherit owner
- guest only
- only guest
- only user
- allow hosts
- deny hosts
- preload modules
- use kerberos keytab
- syslog
- syslog only
- max log size
- debug timestamp
- timestamp logs
- debug hires timestamp
- debug pid
- debug uid
- allocation roundup size
- aio read size
- aio write size
- aio write behind
- large readwrite
- protocol
- read bmpx
- reset on zero vc
- acl compatibility
- defer sharing violations
- ea support
- nt acl support
- nt pipe support
- profile acls
- map acl inherit
- afs share
- max ttl
- client use spnego
- enable asu support
- svcctl list
- block size
- change notify timeout
- deadtime
- getwd cache
- keepalive
- kernel change notify
- lpq cache time
- max smbd processes
- max disk size
- max open files
- min print space
- strict allocate
- sync always
- use mmap
- use sendfile
- hostname lookups
- write cache size
- name cache timeout
- max reported print jobs
- load printers
- printcap cache time
- printcap name
- printcap
- printing
- cups options
- cups server
- iprint server
- print command
- disable spoolss
- enable spoolss
- lpq command
- lprm command
- lppause command
- lpresume command
- queuepause command
- queueresume command
- enumports command
- addprinter command
- deleteprinter command
- show add printer wizard
- os2 driver map
- use client driver
- default devmode
- force printername
- mangling method
- mangle prefix
- default case
- case sensitive
- casesignames
- preserve case
- short preserve case
- mangling char
- hide dot files
- hide special files
- hide unreadable
- hide unwriteable files
- delete veto files
- veto files
- hide files
- veto oplock files
- map readonly
- mangled names
- mangled map
- max stat cache size
- stat cache
- store dos attributes
- machine password timeout
- add user script
- rename user script
- delete user script
- add group script
- delete group script
- add user to group script
- delete user from group script
- set primary group script
- add machine script
- shutdown script
- abort shutdown script
- username map script
- logon script
- logon path
- logon drive
- logon home
- domain logons
- os level
- lm announce
- lm interval
- domain master
- browse list
- enhanced browsing
- wins proxy
- wins hook
- wins partners
- blocking locks
- fake oplocks
- kernel oplocks
- locking
- lock spin count
- lock spin time
- level2 oplocks
- oplock break wait time
- oplock contention limit
- posix locking
- share modes
- ldap server
- ldap port
- ldap admin dn
- ldap delete dn
- ldap group suffix
- ldap idmap suffix
- ldap machine suffix
- ldap passwd sync
- ldap password sync
- ldap replication sleep
- ldap suffix
- ldap ssl
- ldap timeout
- ldap page size
- ldap user suffix
- add share command
- change share command
- delete share command
- eventlog list
- utmp directory
- wtmp directory
- utmp
- default service
- default
- message command
- dfree cache time
- dfree command
- get quota command
- set quota command
- remote announce
- remote browse sync
- homedir map
- afs username map
- afs token lifetime
- log nt token command
- time offset
- NIS homedir
- preexec
- exec
- preexec close
- postexec
- root preexec
- root preexec close
- root postexec
- set directory
- wide links
- follow symlinks
- dont descend
- magic script
- magic output
- delete readonly
- dos filemode
- dos filetimes
- dos filetime resolution
- fake directory create times
- panic action
- vfs objects
- vfs object
- msdfs root
- msdfs proxy
- host msdfs
- enable rid algorithm
- passdb expand explicit
- idmap backend
- idmap uid
- winbind uid
- idmap gid
- winbind gid
- template homedir
- template shell
- winbind separator
- winbind cache time
- winbind enum users
- winbind enum groups
- winbind use default domain
- winbind trusted domains only
- winbind nested groups
- winbind max idle children
- winbind nss info
The following parameters have been added:
+ rpc big endian (G)
Make Samba fake it is running on a bigendian machine when using DCE/RPC.
Useful for debugging.
Default: no
+ case insensitive filesystem (S)
Set to true if this share is located on a case-insensitive filesystem.
This disables looking for a filename by trying all possible combinations of
uppercase/lowercase characters and thus speeds up operations when a
file cannot be found.
Default: no
+ setup directory
Path to data used by provisioning script.
Default: Set at compile-time
+ ncalrpc dir
Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
Default: Set at compile-time
+ ntvfs handler
Backend to the NT VFS to use (more than one can be specified). Available
backends include:
- posix:
Maps POSIX FS semantics to NT semantics
- simple:
Very simple backend (original testing backend).
- unixuid:
Sets up user credentials based on POSIX gid/uid.
- cifs:
Proxies a remote CIFS FS. Mainly useful for testing.
- nbench:
Filter module that saves data useful to the nbench benchmark suite.
- ipc:
Allows using SMB for inter process communication. Only used for
the IPC$ share.
- print:
Allows printing over SMB. This is LANMAN-style printing (?), not
the be confused with the spoolss DCE/RPC interface used by later
versions of Windows.
Default: unixuid default
+ ntptr providor
FIXME
+ dcerpc endpoint servers
What DCE/RPC servers to start.
Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
+ server services
Services Samba should provide.
Default: smb rpc nbt wrepl ldap cldap web kdc
+ spoolss database
Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
Default: set at compile-time
+ wins config database
WINS configuration database location. This should be a LDB URL.
Default: set at compile-time
+ wins database
WINS database location. This should be a LDB URL.
Default: set at compile-time
+ client use spnego principal
Tells the client to use the Kerberos service principal specified by the
server during the security protocol negotation rather than
looking up the principal itself (cifs/hostname).
Default: false
+ nbt port
TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
Default: 137
+ dgram port
UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
Default: 138
+ cldap port
UDP/IP port used by the CLDAP protocol.
Default: 389
+ krb5 port
IP port used by the kerberos KDC.
Default: 88
+ kpasswd port
IP port used by the kerberos password change protocol.
Default: 464
+ web port
TCP/IP port SWAT should listen on.
Default: 901
+ tls enabled
Enable TLS support for SWAT
Default: true
+ tls keyfile
Path to TLS key file (PEM format) to be used by SWAT. If no
path is specified, Samba will create a key.
Default: none
+ tls certfile
Path to TLS certificate file (PEM format) to be used by SWAT. If no
path is specified, Samba will create a certificate.
Default: none
+ tls cafile
Path to CA authority file Samba will use to sign TLS keys it generates. If
no path is specified, Samba will create a self-signed CA certificate.
Default: none
+ tls crlfile
Path to TLS certificate revocation lists file.
Default: none
+ swat directory
SWAT data directory.
Default: set at compile-time
+ large readwrite
Indicate the CIFS server is able to do large reads/writes.
Default: true
+ unicode
Enable/disable unicode support in the protocol.
Default: true
>Also a question about the logs: In my s3 live environment I used
>log file = /var/log/samba/%m.log
>to have per-machine-logfiles what makes the logs very clearly. But variables
>seem not be supportet (yet) in s4. What are the new thoughts to have clear
>logfiles for easily finding problems (e.g. for one special machine) in samba4?
To enable support for logs during "configure" pass this option: "--with-syslog --with-logfilebase=/var/log/samba"
for example:
./configure.developer --with-syslog --with-logfilebase=/var/log/samba
Or edit your init script and add "--d2" option to samba deamon, for Debian/Ubuntu system:
[..]
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba --d2 >>/var/log/samba/samba.log -- -D
[..]
I don't try this way.
Regards, Carlos
La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Vis?tenos en: http://www.uclv.edu.cu
More information about the samba-technical
mailing list