Contents
- 1 環境
- 2 サーバの構築
- 3 Sambaの構築
- 4 管理
- 5 設定
- 5.1 設定ファイルの初期状態
- 5.2 設定ファイルの記法
- 5.3 globalセクション
- 5.3.1 workgroup
- 5.3.2 netbios name
- 5.3.3 server string
- 5.3.4 interfaces
- 5.3.5 hosts allow
- 5.3.6 hosts deny
- 5.3.7 guest account
- 5.3.8 map to guest
- 5.3.9 log file
- 5.3.10 max log size
- 5.3.11 encrypt passwords = (Yes|No)
- 5.3.12 smb passwd file
- 5.3.13 unix password sync
- 5.3.14 passwd program
- 5.3.15 passwd chat
- 5.3.16 username map
- 5.3.17 logon script
- 5.3.18 wins support
- 5.3.19 wins server
- 5.3.20 security
- 5.3.21 null passwords
- 5.3.22 enable privileges
- 5.3.23 unix extensions
- 5.4 個別セクション共通設定
- 5.4.1 comment
- 5.4.2 browsable
- 5.4.3 writable/writeable
- 5.4.4 read only
- 5.4.5 path
- 5.4.6 force user
- 5.4.7 force group
- 5.4.8 write list
- 5.4.9 hide dot files
- 5.4.10 hide files
- 5.4.11 veto files
- 5.4.12 create mask
- 5.4.13 directory mask
- 5.4.14 force create mode
- 5.4.15 force directory mode
- 5.4.16 valid users
- 5.4.17 guest ok
- 5.4.18 public
- 5.4.19 wide links
- 5.5 homesセクション
- 5.6 printers
- 5.7 lmhosts
- 6 Sambaクライアント
環境
- OS
CentOS release 6.4 (64bit)
- Samba Version
Version 3.6.9-168.el6_5
サーバの構築
vi /etc/sysconfig/iptables -A INPUT -p udp --dport 137 -j ACCEPT -A INPUT -p udp --dport 138 -j ACCEPT -A INPUT -p tcp --dport 139 -j ACCEPT -A INPUT -p tcp --dport 445 -j ACCEPT service iptables restart
Sambaの構築
インストール
パッケージからインストール
- インストールされていないことを確認
yum list installed | grep samba
- インストール
yum install samba
- 出力例
[root@samba1 ~]# yum install samba Loaded plugins: fastestmirror, presto Determining fastest mirrors * base: ftp.nara.wide.ad.jp * extras: ftp.nara.wide.ad.jp * updates: ftp.nara.wide.ad.jp base | 3.7 kB 00:00 extras | 3.4 kB 00:00 treasuredata | 951 B 00:00 updates | 3.4 kB 00:00 updates/primary_db | 3.1 MB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package samba.x86_64 0:3.6.9-168.el6_5 will be installed --> Processing Dependency: samba-winbind-clients = 3.6.9-168.el6_5 for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: samba-common = 3.6.9-168.el6_5 for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtevent.so.0(TEVENT_0.9.9)(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtdb.so.1(TDB_1.2.5)(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtdb.so.1(TDB_1.2.2)(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtdb.so.1(TDB_1.2.1)(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtalloc.so.2(TALLOC_2.0.2)(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libwbclient.so.0()(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtevent.so.0()(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtdb.so.1()(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Processing Dependency: libtalloc.so.2()(64bit) for package: samba-3.6.9-168.el6_5.x86_64 --> Running transaction check ---> Package libtalloc.x86_64 0:2.0.7-2.el6 will be installed ---> Package libtdb.x86_64 0:1.2.10-1.el6 will be installed ---> Package libtevent.x86_64 0:0.9.18-3.el6 will be installed ---> Package samba-common.x86_64 0:3.6.9-168.el6_5 will be installed ---> Package samba-winbind-clients.x86_64 0:3.6.9-168.el6_5 will be installed --> Processing Dependency: samba-winbind = 3.6.9-168.el6_5 for package: samba-winbind-clients-3.6.9-168.el6_5.x86_64 --> Running transaction check ---> Package samba-winbind.x86_64 0:3.6.9-168.el6_5 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================================================================================================== Package Arch Version Repository Size ===================================================================================================================================================================================== Installing: samba x86_64 3.6.9-168.el6_5 updates 5.0 M Installing for dependencies: libtalloc x86_64 2.0.7-2.el6 base 20 k libtdb x86_64 1.2.10-1.el6 base 33 k libtevent x86_64 0.9.18-3.el6 base 26 k samba-common x86_64 3.6.9-168.el6_5 updates 10 M samba-winbind x86_64 3.6.9-168.el6_5 updates 2.1 M samba-winbind-clients x86_64 3.6.9-168.el6_5 updates 2.0 M Transaction Summary ===================================================================================================================================================================================== Install 7 Package(s) Total download size: 19 M Installed size: 68 M Is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata updates/prestodelta | 271 kB 00:00 Processing delta metadata Package(s) data still to download: 19 M (1/7): libtalloc-2.0.7-2.el6.x86_64.rpm | 20 kB 00:00 (2/7): libtdb-1.2.10-1.el6.x86_64.rpm | 33 kB 00:00 (3/7): libtevent-0.9.18-3.el6.x86_64.rpm | 26 kB 00:00 (4/7): samba-3.6.9-168.el6_5.x86_64.rpm | 5.0 MB 00:00 (5/7): samba-common-3.6.9-168.el6_5.x86_64.rpm | 10 MB 00:02 (6/7): samba-winbind-3.6.9-168.el6_5.x86_64.rpm | 2.1 MB 00:00 (7/7): samba-winbind-clients-3.6.9-168.el6_5.x86_64.rpm | 2.0 MB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 5.6 MB/s | 19 MB 00:03 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : libtalloc-2.0.7-2.el6.x86_64 1/7 Installing : libtevent-0.9.18-3.el6.x86_64 2/7 Installing : libtdb-1.2.10-1.el6.x86_64 3/7 Installing : samba-common-3.6.9-168.el6_5.x86_64 4/7 Installing : samba-winbind-clients-3.6.9-168.el6_5.x86_64 5/7 Installing : samba-winbind-3.6.9-168.el6_5.x86_64 6/7 Installing : samba-3.6.9-168.el6_5.x86_64 7/7 Verifying : samba-winbind-3.6.9-168.el6_5.x86_64 1/7 Verifying : libtdb-1.2.10-1.el6.x86_64 2/7 Verifying : samba-common-3.6.9-168.el6_5.x86_64 3/7 Verifying : samba-winbind-clients-3.6.9-168.el6_5.x86_64 4/7 Verifying : samba-3.6.9-168.el6_5.x86_64 5/7 Verifying : libtevent-0.9.18-3.el6.x86_64 6/7 Verifying : libtalloc-2.0.7-2.el6.x86_64 7/7 Installed: samba.x86_64 0:3.6.9-168.el6_5 Dependency Installed: libtalloc.x86_64 0:2.0.7-2.el6 libtdb.x86_64 0:1.2.10-1.el6 libtevent.x86_64 0:0.9.18-3.el6 samba-common.x86_64 0:3.6.9-168.el6_5 samba-winbind.x86_64 0:3.6.9-168.el6_5 samba-winbind-clients.x86_64 0:3.6.9-168.el6_5 Complete!
- 出力例
- インストールされていることを確認する
smbd --version
共有フォルダ作成
以下は共有フォルダを作成するサンプルである。
- 共有フォルダを作成する
mkdir -p /usr/local/samba_shared/public chmod 777 /usr/local/samba_shared/public
- 設定ファイルを作成する
cat > /etc/samba/smb.conf << EOT [global] log file = /var/log/samba/samba.log max log size = 50 security = user [public] read only = no path = /usr/local/samba_shared/public create mask = 660 force create mode = 660 directory mask = 770 force directory mode = 770 EOT
- ユーザを作成する
groupadd public useradd --no-create-home --shell /sbin/nologin -g public public pdbedit -a -u public # パスワードを入力する
- Sambaを起動する
service smb start
- WIndow PCからエクスプローラで「\\<IPアドレス>\」にアクセスする。
その際のユーザ名はpublicで、パスワードは上記で入力したものである。
管理
管理コマンド一覧
pdbedit
ユーザの追加・削除・一覧表示を行う。
- 使用方法
- 一覧表示
pdbedit -L
- 一覧表示
- 一覧詳細表示
pdbedit -L -v
- ユーザ作成
pdbedit -a -u <ユーザ名>
Sambaユーザ作成前に予め同名のLinuxユーザを作成しておく必要がある。
このユーザをsamba以外で使用しないのならパスワードの設定は不要。
useradd --user-group --no-create-home --shell /sbin/nologin <ユーザ名>
- ユーザ削除
pdbedit -x -u <ユーザ名>
- オプション一覧
- -L, –list list all users
- -v, –verbose be verbose
- -w, –smbpasswd-style give output in smbpasswd style
- -u, –user=USER use username
- -N, –account-desc=STRING set account description
- -f, –fullname=STRING set full name
- -h, –homedir=STRING set home directory
- -D, –drive=STRING set home drive
- -S, –script=STRING set logon script
- -p, –profile=STRING set profile path
- -I, –domain=STRING set a users’ domain
- -U, –user SID=STRING set user SID or RID
- -M, –machine SID=STRING set machine SID or RID
- -a, –create create user
- -r, –modify modify user
- -m, –machine account is a machine account
- -x, –delete delete user
- -b, –backend=STRING use different passdb backend as default backend
- -i, –import=STRING import user accounts from this backend
- -e, –export=STRING export user accounts to this backend
- -g, –group use -i and -e for groups
- -y, –policies use -i and -e to move account policies between backends
- –policies-reset restore default policies
- -P, –account-policy=STRING value of an account policy (like maximum password age)
- -C, –value=LONG set the account policy to this value
- -c, –account-control=STRING Values of account control
- –force-initialized-passwords Force initialization of corrupt password strings in a passdb backend
- -z, –bad-password-count-reset reset bad password count
- -Z, –logon-hours-reset reset logon hours
- –time-format=STRING The time format for time parameters
- -t, –password-from-stdin get password from standard in
- -K, –kickoff-time=STRING set the kickoff time
Common samba options:
- -d, –debuglevel=DEBUGLEVEL Set debug level
- -s, –configfile=CONFIGFILE Use alternate configuration file
- -l, –log-basename=LOGFILEBASE Base name for log files
- -V, –version Print version
- –option=name=value Set smb.conf option from command line
smbpasswd
ユーザの作成、パスワードの設定・変更が行える。
- アカウントの作成
smbpasswd -a <ユーザ名>
- アカウントの削除
smbpasswd -x <ユーザ名>
- パスワードの変更
smbpasswd <ユーザ名>
- アカウントの無効化
smbpasswd -d <ユーザ名>
- アカウントの有効化
smbpasswd -e <ユーザ名>
smbstatus
Sambaサーバに接続されているクライアント、利用中の共有、ロックされているファイルを表示できる。
nmblookup
ワークグループ内のホストやマスターブラウザを調べる
- 書式
- ホストを検索する
nmblookup <ワークグループ名>
- マスターブラウザを調べる
nmblookup -M <ワークグループ名>
- IPアドレスからNetBIOS名やMACアドレスを調べる
nmblookup -A <IPアドレス>
- ホストを検索する
eventlogadm
mksmbpasswd.sh
smbstatus
nmbd
smbd
net
pdbedit
profiles
smbcontrol
smbcquotas
smbpasswd
testparm
設定ファイル(smb.conf)の記載誤りの確認や、パラメータの表示などを行える。
- 書式
testparm [オプション] [設定ファイル]
設定ファイルの指定を省略した場合は/etc/samba/smb.confのファイルが読み込まれる。
実行途中で通常はエンターキーの押下が一度求められる。 - オプション
- -s
エンターキーを押さずにすべて表示する - -v
詳細表示を行う - –show-all-parameters
パラメータ、タイプ、値を表示する
- -s
一覧表示
- 設定した値のみ表示
testparm -s
- 設定していない値はデフォルト値を表示
testparm -s -v
設定確認
testparm -s
実行例
- パラメータ無し
[root@samba1 ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MYGROUP server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No
- testparm -s -v
[root@samba1 ~]# testparm -s -v Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Loaded services file OK. Server role: ROLE_STANDALONE [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = MYGROUP realm = netbios name = SAMBA1 netbios aliases = netbios scope = server string = Samba Server Version %v interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /var/lib/samba/private/smbpasswd private dir = /var/lib/samba/private passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No client use spnego principal = No send spnego principal = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No log writeable files on exit = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No ctdb timeout = 0 ctdb locktime warn threshold = 0 smb2 max read = 65536 smb2 max write = 65536 smb2 max trans = 65536 smb2 max credits = 8192 load printers = Yes printcap cache time = 750 printcap name = cups server = cups encrypt = No cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = username map script = username map cache time = 0 logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No init logon delayed hosts = init logon delay = 100 os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = wins support = No wins hook = kernel oplocks = Yes lock spin time = 200 oplock break wait time = 0 ldap admin dn = ldap delete dn = No ldap group suffix = ldap idmap suffix = ldap machine suffix = ldap passwd sync = no ldap replication sleep = 1000 ldap suffix = ldap ssl = start tls ldap ssl ads = No ldap deref = auto ldap follow referral = Auto ldap timeout = 15 ldap connection timeout = 2 ldap page size = 1024 ldap user suffix = ldap debug level = 0 ldap debug threshold = 10 eventlog list = add share command = change share command = delete share command = preload = lock directory = /var/lib/samba state directory = /var/lib/samba cache directory = /var/lib/samba pid directory = /var/run utmp directory = wtmp directory = utmp = No default service = message command = get quota command = set quota command = remote announce = remote browse sync = socket address = 0.0.0.0 nmbd bind explicit broadcast = Yes homedir map = auto.home afs username map = afs token lifetime = 604800 log nt token command = time offset = 0 NIS homedir = No registry shares = No usershare allow guests = No usershare max shares = 0 usershare owner only = Yes usershare path = /var/lib/samba/usershares usershare prefix allow list = usershare prefix deny list = usershare template share = allow insecure wide links = No async smb echo handler = No multicast dns register = Yes panic action = perfcount module = host msdfs = Yes passdb expand explicit = No idmap backend = tdb idmap cache time = 604800 idmap negative cache time = 120 idmap uid = idmap gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 300 winbind reconnect delay = 30 winbind max clients = 200 winbind enum users = No winbind enum groups = No winbind use default domain = No winbind trusted domains only = No winbind nested groups = Yes winbind expand groups = 1 winbind nss info = template winbind refresh tickets = No winbind offline logon = No winbind normalize names = No winbind rpc only = No create krb5 conf = Yes ncalrpc dir = /var/ncalrpc winbind max domain connections = 1 idmap config * : backend = tdb comment = path = username = invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes acl check permissions = Yes acl group control = No acl map full control = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = No inherit permissions = No inherit acls = No inherit owner = No guest only = No administrative share = No guest ok = No only user = No hosts allow = hosts deny = allocation roundup size = 1048576 aio read size = 0 aio write size = 0 aio write behind = ea support = No nt acl support = Yes profile acls = No map acl inherit = No afs share = No smb encrypt = auto block size = 1024 change notify = Yes directory name cache size = 100 kernel change notify = Yes max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No use sendfile = No write cache size = 0 max reported print jobs = 0 max print jobs = 1000 printable = No print notify backchannel = Yes print ok = No printing = cups cups options = raw print command = lpq command = %p lprm command = lppause command = lpresume command = queuepause command = queueresume command = printer name = use client driver = No default devmode = Yes force printername = No printjob username = %U default case = lower case sensitive = Auto preserve case = Yes short preserve case = Yes mangling char = ~ hide dot files = Yes hide special files = No hide unreadable = No hide unwriteable files = No delete veto files = No veto files = hide files = veto oplock files = map archive = Yes map hidden = No map system = No map readonly = yes mangled names = Yes store dos attributes = No dmapi support = No browseable = Yes access based share enum = No blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = Auto share modes = Yes dfree cache time = 0 dfree command = copy = preexec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = No follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = Yes dos filetime resolution = No fake directory create times = No vfs objects = msdfs root = No msdfs proxy = [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No
- testparm -s –show-all-parameters
[root@samba1 ~]# testparm -s --show-all-parameters [local] comment=P_STRING,FLAG_BASIC|FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED path=P_STRING,FLAG_BASIC|FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED (synonyms: directory) directory=P_STRING,FLAG_HIDE (synonym of path) username=P_STRING,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED|FLAG_DEPRECATED (synonyms: user, users) user=P_STRING,FLAG_HIDE (synonym of username) users=P_STRING,FLAG_HIDE (synonym of username) invalid users=P_LIST,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED valid users=P_LIST,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED admin users=P_LIST,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED read list=P_LIST,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED write list=P_LIST,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED printer admin=P_LIST,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED|FLAG_DEPRECATED force user=P_STRING,FLAG_SHARE|FLAG_ADVANCED force group=P_STRING,FLAG_SHARE|FLAG_ADVANCED group=P_STRING,FLAG_ADVANCED read only=P_BOOL,FLAG_BASIC|FLAG_SHARE|FLAG_ADVANCED (synonyms: write ok[i], writeable[i], writable[i]) write ok=P_BOOLREV,FLAG_HIDE (inverse synonym of read only) writeable=P_BOOLREV,FLAG_HIDE (inverse synonym of read only) writable=P_BOOLREV,FLAG_HIDE (inverse synonym of read only) acl check permissions=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED acl group control=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED acl map full control=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED create mask=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED (synonyms: create mode) create mode=P_OCTAL,FLAG_HIDE (synonym of create mask) force create mode=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED security mask=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED force security mode=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED directory mask=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED directory mode=P_OCTAL,FLAG_GLOBAL|FLAG_ADVANCED force directory mode=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED directory security mask=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED force directory security mode=P_OCTAL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED force unknown acl user=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED inherit permissions=P_BOOL,FLAG_SHARE|FLAG_ADVANCED inherit acls=P_BOOL,FLAG_SHARE|FLAG_ADVANCED inherit owner=P_BOOL,FLAG_SHARE|FLAG_ADVANCED guest only=P_BOOL,FLAG_SHARE|FLAG_ADVANCED (synonyms: only guest) only guest=P_BOOL,FLAG_HIDE (synonym of guest only) administrative share=P_BOOL,FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED guest ok=P_BOOL,FLAG_BASIC|FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED (synonyms: public) public=P_BOOL,FLAG_HIDE (synonym of guest ok) only user=P_BOOL,FLAG_SHARE|FLAG_ADVANCED|FLAG_DEPRECATED hosts allow=P_LIST,FLAG_BASIC|FLAG_SHARE|FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED (synonyms: allow hosts) allow hosts=P_LIST,FLAG_HIDE (synonym of hosts allow) hosts deny=P_LIST,FLAG_BASIC|FLAG_SHARE|FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED (synonyms: deny hosts) deny hosts=P_LIST,FLAG_HIDE (synonym of hosts deny) allocation roundup size=P_INTEGER,FLAG_ADVANCED aio read size=P_INTEGER,FLAG_ADVANCED aio write size=P_INTEGER,FLAG_ADVANCED aio write behind=P_STRING,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED ea support=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED nt acl support=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED profile acls=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED map acl inherit=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED afs share=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED smb encrypt=P_ENUM,No|False|0|Off|disabled|Yes|True|1|On|enabled|auto|required|mandatory|force|forced|enforced,FLAG_ADVANCED block size=P_INTEGER,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED change notify=P_BOOL,FLAG_SHARE|FLAG_ADVANCED directory name cache size=P_INTEGER,FLAG_SHARE|FLAG_ADVANCED kernel change notify=P_BOOL,FLAG_SHARE|FLAG_ADVANCED max connections=P_INTEGER,FLAG_SHARE|FLAG_ADVANCED min print space=P_INTEGER,FLAG_PRINT|FLAG_ADVANCED strict allocate=P_BOOL,FLAG_SHARE|FLAG_ADVANCED strict sync=P_BOOL,FLAG_SHARE|FLAG_ADVANCED sync always=P_BOOL,FLAG_SHARE|FLAG_ADVANCED use sendfile=P_BOOL,FLAG_SHARE|FLAG_ADVANCED write cache size=P_INTEGER,FLAG_SHARE|FLAG_ADVANCED max reported print jobs=P_INTEGER,FLAG_PRINT|FLAG_ADVANCED max print jobs=P_INTEGER,FLAG_PRINT|FLAG_ADVANCED printable=P_BOOL,FLAG_PRINT|FLAG_ADVANCED (synonyms: print ok) print notify backchannel=P_BOOL,FLAG_ADVANCED print ok=P_BOOL,FLAG_HIDE (synonym of printable) printing=P_ENUM,sysv|aix|hpux|bsd|qnx|plp|lprng|cups|iprint|nt|os2,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED cups options=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED print command=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED lpq command=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED lprm command=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED lppause command=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED lpresume command=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED queuepause command=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED queueresume command=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED printer name=P_STRING,FLAG_PRINT|FLAG_ADVANCED (synonyms: printer) printer=P_STRING,FLAG_HIDE (synonym of printer name) use client driver=P_BOOL,FLAG_PRINT|FLAG_ADVANCED default devmode=P_BOOL,FLAG_PRINT|FLAG_ADVANCED force printername=P_BOOL,FLAG_PRINT|FLAG_ADVANCED printjob username=P_STRING,FLAG_PRINT|FLAG_ADVANCED default case=P_ENUM,lower|upper,FLAG_SHARE|FLAG_ADVANCED case sensitive=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED (synonyms: casesignames) casesignames=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED|FLAG_HIDE (synonym of case sensitive) preserve case=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED short preserve case=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED mangling char=P_CHAR,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED hide dot files=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED hide special files=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED hide unreadable=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED hide unwriteable files=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED delete veto files=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED veto files=P_STRING,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED hide files=P_STRING,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED veto oplock files=P_STRING,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED map archive=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED map hidden=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED map system=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED map readonly=P_ENUM,no|false|0|yes|true|1|permissions|perms,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED mangled names=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED store dos attributes=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED dmapi support=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED browseable=P_BOOL,FLAG_BASIC|FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED (synonyms: browsable) browsable=P_BOOL,FLAG_HIDE (synonym of browseable) access based share enum=P_BOOL,FLAG_BASIC|FLAG_SHARE|FLAG_ADVANCED blocking locks=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED csc policy=P_ENUM,manual|documents|programs|disable,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED fake oplocks=P_BOOL,FLAG_SHARE|FLAG_ADVANCED locking=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED oplocks=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED level2 oplocks=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED oplock contention limit=P_INTEGER,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED posix locking=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED strict locking=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED share modes=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED|FLAG_DEPRECATED dfree cache time=P_INTEGER,FLAG_ADVANCED dfree command=P_STRING,FLAG_ADVANCED -valid=P_BOOL,FLAG_HIDE copy=P_STRING,FLAG_HIDE include=P_STRING,FLAG_HIDE preexec=P_STRING,FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED exec=P_STRING,FLAG_ADVANCED preexec close=P_BOOL,FLAG_SHARE|FLAG_ADVANCED postexec=P_STRING,FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED root preexec=P_STRING,FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED root preexec close=P_BOOL,FLAG_SHARE|FLAG_ADVANCED root postexec=P_STRING,FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED available=P_BOOL,FLAG_BASIC|FLAG_SHARE|FLAG_PRINT|FLAG_ADVANCED volume=P_STRING,FLAG_SHARE|FLAG_ADVANCED fstype=P_STRING,FLAG_SHARE|FLAG_ADVANCED set directory=P_BOOLREV,FLAG_SHARE|FLAG_ADVANCED wide links=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED follow symlinks=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED dont descend=P_STRING,FLAG_SHARE|FLAG_ADVANCED magic script=P_STRING,FLAG_SHARE|FLAG_ADVANCED magic output=P_STRING,FLAG_SHARE|FLAG_ADVANCED delete readonly=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED dos filemode=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED dos filetimes=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED dos filetime resolution=P_BOOL,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED fake directory create times=P_BOOL,FLAG_GLOBAL|FLAG_ADVANCED vfs objects=P_LIST,FLAG_SHARE|FLAG_ADVANCED (synonyms: vfs object) vfs object=P_LIST,FLAG_HIDE (synonym of vfs objects) msdfs root=P_BOOL,FLAG_SHARE|FLAG_ADVANCED msdfs proxy=P_STRING,FLAG_SHARE|FLAG_ADVANCED [global] dos charset=P_STRING,FLAG_ADVANCED unix charset=P_STRING,FLAG_ADVANCED display charset=P_STRING,FLAG_ADVANCED workgroup=P_USTRING,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED realm=P_USTRING,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED netbios name=P_USTRING,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED netbios aliases=P_LIST,FLAG_ADVANCED netbios scope=P_USTRING,FLAG_ADVANCED server string=P_STRING,FLAG_BASIC|FLAG_ADVANCED interfaces=P_LIST,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED bind interfaces only=P_BOOL,FLAG_WIZARD|FLAG_ADVANCED config backend=P_ENUM,file|registry,FLAG_ADVANCED|FLAG_HIDE security=P_ENUM,SHARE|USER|SERVER|DOMAIN|ADS,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED auth methods=P_LIST,FLAG_ADVANCED encrypt passwords=P_BOOL,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED client schannel=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_BASIC|FLAG_ADVANCED server schannel=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_BASIC|FLAG_ADVANCED allow trusted domains=P_BOOL,FLAG_ADVANCED map to guest=P_ENUM,Never|Bad User|Bad Password|Bad Uid,FLAG_ADVANCED null passwords=P_BOOL,FLAG_ADVANCED|FLAG_DEPRECATED obey pam restrictions=P_BOOL,FLAG_ADVANCED password server=P_STRING,FLAG_WIZARD|FLAG_ADVANCED smb passwd file=P_STRING,FLAG_ADVANCED private dir=P_STRING,FLAG_ADVANCED passdb backend=P_STRING,FLAG_WIZARD|FLAG_ADVANCED algorithmic rid base=P_INTEGER,FLAG_ADVANCED root directory=P_STRING,FLAG_ADVANCED (synonyms: root dir, root) root dir=P_STRING,FLAG_HIDE (synonym of root directory) root=P_STRING,FLAG_HIDE (synonym of root directory) guest account=P_STRING,FLAG_BASIC|FLAG_ADVANCED enable privileges=P_BOOL,FLAG_ADVANCED|FLAG_DEPRECATED pam password change=P_BOOL,FLAG_ADVANCED passwd program=P_STRING,FLAG_ADVANCED passwd chat=P_STRING,FLAG_ADVANCED passwd chat debug=P_BOOL,FLAG_ADVANCED passwd chat timeout=P_INTEGER,FLAG_ADVANCED check password script=P_STRING,FLAG_ADVANCED username map=P_STRING,FLAG_ADVANCED password level=P_INTEGER,FLAG_ADVANCED|FLAG_DEPRECATED username level=P_INTEGER,FLAG_ADVANCED unix password sync=P_BOOL,FLAG_ADVANCED restrict anonymous=P_INTEGER,FLAG_ADVANCED lanman auth=P_BOOL,FLAG_ADVANCED ntlm auth=P_BOOL,FLAG_ADVANCED client NTLMv2 auth=P_BOOL,FLAG_ADVANCED client lanman auth=P_BOOL,FLAG_ADVANCED client plaintext auth=P_BOOL,FLAG_ADVANCED client use spnego principal=P_BOOL,FLAG_ADVANCED send spnego principal=P_BOOL,FLAG_ADVANCED preload modules=P_LIST,FLAG_GLOBAL|FLAG_ADVANCED dedicated keytab file=P_STRING,FLAG_ADVANCED kerberos method=P_ENUM,default|secrets only|system keytab|dedicated keytab|secrets and keytab,FLAG_ADVANCED map untrusted to domain=P_BOOL,FLAG_GLOBAL|FLAG_ADVANCED log level=P_STRING,FLAG_ADVANCED (synonyms: debuglevel) debuglevel=P_STRING,FLAG_HIDE (synonym of log level) syslog=P_INTEGER,FLAG_ADVANCED syslog only=P_BOOL,FLAG_ADVANCED log file=P_STRING,FLAG_ADVANCED max log size=P_INTEGER,FLAG_ADVANCED debug timestamp=P_BOOL,FLAG_ADVANCED timestamp logs=P_BOOL,FLAG_ADVANCED debug prefix timestamp=P_BOOL,FLAG_ADVANCED debug hires timestamp=P_BOOL,FLAG_ADVANCED debug pid=P_BOOL,FLAG_ADVANCED debug uid=P_BOOL,FLAG_ADVANCED debug class=P_BOOL,FLAG_ADVANCED enable core files=P_BOOL,FLAG_ADVANCED smb ports=P_STRING,FLAG_ADVANCED large readwrite=P_BOOL,FLAG_ADVANCED max protocol=P_ENUM,SMB2|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+,FLAG_ADVANCED protocol=P_ENUM,SMB2|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+,FLAG_ADVANCED min protocol=P_ENUM,SMB2|NT1|LANMAN2|LANMAN1|CORE|COREPLUS|CORE+,FLAG_ADVANCED min receivefile size=P_INTEGER,FLAG_ADVANCED read raw=P_BOOL,FLAG_ADVANCED write raw=P_BOOL,FLAG_ADVANCED disable netbios=P_BOOL,FLAG_ADVANCED reset on zero vc=P_BOOL,FLAG_ADVANCED log writeable files on exit=P_BOOL,FLAG_ADVANCED acl compatibility=P_ENUM,auto|winnt|win2k,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED defer sharing violations=P_BOOL,FLAG_GLOBAL|FLAG_ADVANCED nt pipe support=P_BOOL,FLAG_ADVANCED nt status support=P_BOOL,FLAG_ADVANCED announce version=P_STRING,FLAG_ADVANCED announce as=P_ENUM,NT|NT Server|NT Workstation|win95|WfW,FLAG_ADVANCED max mux=P_INTEGER,FLAG_ADVANCED max xmit=P_INTEGER,FLAG_ADVANCED name resolve order=P_STRING,FLAG_WIZARD|FLAG_ADVANCED max ttl=P_INTEGER,FLAG_ADVANCED max wins ttl=P_INTEGER,FLAG_ADVANCED min wins ttl=P_INTEGER,FLAG_ADVANCED time server=P_BOOL,FLAG_ADVANCED unix extensions=P_BOOL,FLAG_ADVANCED use spnego=P_BOOL,FLAG_ADVANCED|FLAG_DEPRECATED client signing=P_ENUM,No|False|0|Off|disabled|Yes|True|1|On|enabled|auto|required|mandatory|force|forced|enforced,FLAG_ADVANCED server signing=P_ENUM,No|False|0|Off|disabled|Yes|True|1|On|enabled|auto|required|mandatory|force|forced|enforced,FLAG_ADVANCED client use spnego=P_BOOL,FLAG_ADVANCED client ldap sasl wrapping=P_ENUM,plain|sign|seal,FLAG_ADVANCED enable asu support=P_BOOL,FLAG_ADVANCED svcctl list=P_LIST,FLAG_ADVANCED deadtime=P_INTEGER,FLAG_ADVANCED getwd cache=P_BOOL,FLAG_ADVANCED keepalive=P_INTEGER,FLAG_ADVANCED lpq cache time=P_INTEGER,FLAG_ADVANCED max smbd processes=P_INTEGER,FLAG_ADVANCED paranoid server security=P_BOOL,FLAG_ADVANCED max disk size=P_INTEGER,FLAG_ADVANCED max open files=P_INTEGER,FLAG_ADVANCED socket options=P_STRING,FLAG_ADVANCED use mmap=P_BOOL,FLAG_ADVANCED hostname lookups=P_BOOL,FLAG_ADVANCED name cache timeout=P_INTEGER,FLAG_ADVANCED ctdbd socket=P_STRING,FLAG_GLOBAL|FLAG_ADVANCED cluster addresses=P_LIST,FLAG_GLOBAL|FLAG_ADVANCED clustering=P_BOOL,FLAG_GLOBAL|FLAG_ADVANCED ctdb timeout=P_INTEGER,FLAG_GLOBAL|FLAG_ADVANCED ctdb locktime warn threshold=P_INTEGER,FLAG_GLOBAL|FLAG_ADVANCED smb2 max read=P_INTEGER,FLAG_ADVANCED smb2 max write=P_INTEGER,FLAG_ADVANCED smb2 max trans=P_INTEGER,FLAG_ADVANCED smb2 max credits=P_INTEGER,FLAG_ADVANCED load printers=P_BOOL,FLAG_PRINT|FLAG_ADVANCED printcap cache time=P_INTEGER,FLAG_PRINT|FLAG_ADVANCED printcap name=P_STRING,FLAG_PRINT|FLAG_ADVANCED (synonyms: printcap) printcap=P_STRING,FLAG_HIDE (synonym of printcap name) cups server=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED cups encrypt=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED cups connection timeout=P_INTEGER,FLAG_ADVANCED iprint server=P_STRING,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED disable spoolss=P_BOOL,FLAG_PRINT|FLAG_GLOBAL|FLAG_ADVANCED (synonyms: enable spoolss[i]) enable spoolss=P_BOOLREV,FLAG_HIDE (inverse synonym of disable spoolss) addport command=P_STRING,FLAG_ADVANCED enumports command=P_STRING,FLAG_ADVANCED addprinter command=P_STRING,FLAG_ADVANCED deleteprinter command=P_STRING,FLAG_ADVANCED show add printer wizard=P_BOOL,FLAG_ADVANCED os2 driver map=P_STRING,FLAG_ADVANCED mangling method=P_STRING,FLAG_ADVANCED mangle prefix=P_INTEGER,FLAG_ADVANCED max stat cache size=P_INTEGER,FLAG_ADVANCED stat cache=P_BOOL,FLAG_ADVANCED machine password timeout=P_INTEGER,FLAG_WIZARD|FLAG_ADVANCED add user script=P_STRING,FLAG_ADVANCED rename user script=P_STRING,FLAG_ADVANCED delete user script=P_STRING,FLAG_ADVANCED add group script=P_STRING,FLAG_ADVANCED delete group script=P_STRING,FLAG_ADVANCED add user to group script=P_STRING,FLAG_ADVANCED delete user from group script=P_STRING,FLAG_ADVANCED set primary group script=P_STRING,FLAG_ADVANCED add machine script=P_STRING,FLAG_ADVANCED shutdown script=P_STRING,FLAG_ADVANCED abort shutdown script=P_STRING,FLAG_ADVANCED username map script=P_STRING,FLAG_ADVANCED username map cache time=P_INTEGER,FLAG_ADVANCED logon script=P_STRING,FLAG_ADVANCED logon path=P_STRING,FLAG_ADVANCED logon drive=P_STRING,FLAG_ADVANCED logon home=P_STRING,FLAG_ADVANCED domain logons=P_BOOL,FLAG_ADVANCED init logon delayed hosts=P_LIST,FLAG_ADVANCED init logon delay=P_INTEGER,FLAG_ADVANCED os level=P_INTEGER,FLAG_BASIC|FLAG_ADVANCED lm announce=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_ADVANCED lm interval=P_INTEGER,FLAG_ADVANCED preferred master=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_BASIC|FLAG_ADVANCED (synonyms: prefered master) prefered master=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_HIDE (synonym of preferred master) local master=P_BOOL,FLAG_BASIC|FLAG_ADVANCED domain master=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_BASIC|FLAG_ADVANCED browse list=P_BOOL,FLAG_ADVANCED enhanced browsing=P_BOOL,FLAG_ADVANCED dns proxy=P_BOOL,FLAG_ADVANCED wins proxy=P_BOOL,FLAG_ADVANCED wins server=P_LIST,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED wins support=P_BOOL,FLAG_BASIC|FLAG_WIZARD|FLAG_ADVANCED wins hook=P_STRING,FLAG_ADVANCED kernel oplocks=P_BOOL,FLAG_GLOBAL|FLAG_ADVANCED lock spin time=P_INTEGER,FLAG_GLOBAL|FLAG_ADVANCED oplock break wait time=P_INTEGER,FLAG_GLOBAL|FLAG_ADVANCED ldap admin dn=P_STRING,FLAG_ADVANCED ldap delete dn=P_BOOL,FLAG_ADVANCED ldap group suffix=P_STRING,FLAG_ADVANCED ldap idmap suffix=P_STRING,FLAG_ADVANCED ldap machine suffix=P_STRING,FLAG_ADVANCED ldap passwd sync=P_ENUM,no|off|yes|on|only,FLAG_ADVANCED (synonyms: ldap password sync) ldap password sync=P_ENUM,no|off|yes|on|only,FLAG_HIDE (synonym of ldap passwd sync) ldap replication sleep=P_INTEGER,FLAG_ADVANCED ldap suffix=P_STRING,FLAG_ADVANCED ldap ssl=P_ENUM,no|off|start tls|start_tls,FLAG_ADVANCED ldap ssl ads=P_BOOL,FLAG_ADVANCED ldap deref=P_ENUM,never|searching|finding|always|auto,FLAG_ADVANCED ldap follow referral=P_ENUM,No|False|0|Yes|True|1|Auto,FLAG_ADVANCED ldap timeout=P_INTEGER,FLAG_ADVANCED ldap connection timeout=P_INTEGER,FLAG_ADVANCED ldap page size=P_INTEGER,FLAG_ADVANCED ldap user suffix=P_STRING,FLAG_ADVANCED ldap debug level=P_INTEGER,FLAG_ADVANCED ldap debug threshold=P_INTEGER,FLAG_ADVANCED eventlog list=P_LIST,FLAG_SHARE|FLAG_GLOBAL|FLAG_ADVANCED add share command=P_STRING,FLAG_ADVANCED change share command=P_STRING,FLAG_ADVANCED delete share command=P_STRING,FLAG_ADVANCED config file=P_STRING,FLAG_HIDE preload=P_STRING,FLAG_ADVANCED auto services=P_STRING,FLAG_ADVANCED lock directory=P_STRING,FLAG_ADVANCED (synonyms: lock dir) lock dir=P_STRING,FLAG_HIDE (synonym of lock directory) state directory=P_STRING,FLAG_ADVANCED cache directory=P_STRING,FLAG_ADVANCED pid directory=P_STRING,FLAG_ADVANCED utmp directory=P_STRING,FLAG_ADVANCED wtmp directory=P_STRING,FLAG_ADVANCED utmp=P_BOOL,FLAG_ADVANCED default service=P_STRING,FLAG_ADVANCED default=P_STRING,FLAG_ADVANCED message command=P_STRING,FLAG_ADVANCED get quota command=P_STRING,FLAG_ADVANCED set quota command=P_STRING,FLAG_ADVANCED remote announce=P_STRING,FLAG_ADVANCED remote browse sync=P_STRING,FLAG_ADVANCED socket address=P_STRING,FLAG_ADVANCED nmbd bind explicit broadcast=P_BOOL,FLAG_ADVANCED homedir map=P_STRING,FLAG_ADVANCED afs username map=P_STRING,FLAG_ADVANCED afs token lifetime=P_INTEGER,FLAG_ADVANCED log nt token command=P_STRING,FLAG_ADVANCED time offset=P_INTEGER,FLAG_ADVANCED|FLAG_DEPRECATED NIS homedir=P_BOOL,FLAG_ADVANCED registry shares=P_BOOL,FLAG_ADVANCED usershare allow guests=P_BOOL,FLAG_ADVANCED usershare max shares=P_INTEGER,FLAG_ADVANCED usershare owner only=P_BOOL,FLAG_ADVANCED usershare path=P_STRING,FLAG_ADVANCED usershare prefix allow list=P_LIST,FLAG_ADVANCED usershare prefix deny list=P_LIST,FLAG_ADVANCED usershare template share=P_STRING,FLAG_ADVANCED allow insecure wide links=P_BOOL,FLAG_ADVANCED async smb echo handler=P_BOOL,FLAG_GLOBAL|FLAG_ADVANCED multicast dns register=P_BOOL,FLAG_GLOBAL|FLAG_ADVANCED panic action=P_STRING,FLAG_ADVANCED perfcount module=P_STRING,FLAG_ADVANCED host msdfs=P_BOOL,FLAG_ADVANCED passdb expand explicit=P_BOOL,FLAG_ADVANCED idmap backend=P_STRING,FLAG_ADVANCED|FLAG_DEPRECATED idmap cache time=P_INTEGER,FLAG_ADVANCED idmap negative cache time=P_INTEGER,FLAG_ADVANCED idmap uid=P_STRING,FLAG_ADVANCED|FLAG_DEPRECATED (synonyms: winbind uid) winbind uid=P_STRING,FLAG_HIDE (synonym of idmap uid) idmap gid=P_STRING,FLAG_ADVANCED|FLAG_DEPRECATED (synonyms: winbind gid) winbind gid=P_STRING,FLAG_HIDE (synonym of idmap gid) template homedir=P_STRING,FLAG_ADVANCED template shell=P_STRING,FLAG_ADVANCED winbind separator=P_STRING,FLAG_ADVANCED winbind cache time=P_INTEGER,FLAG_ADVANCED winbind reconnect delay=P_INTEGER,FLAG_ADVANCED winbind max clients=P_INTEGER,FLAG_ADVANCED winbind enum users=P_BOOL,FLAG_ADVANCED winbind enum groups=P_BOOL,FLAG_ADVANCED winbind use default domain=P_BOOL,FLAG_ADVANCED winbind trusted domains only=P_BOOL,FLAG_ADVANCED winbind nested groups=P_BOOL,FLAG_ADVANCED winbind expand groups=P_INTEGER,FLAG_ADVANCED winbind nss info=P_LIST,FLAG_ADVANCED winbind refresh tickets=P_BOOL,FLAG_ADVANCED winbind offline logon=P_BOOL,FLAG_ADVANCED winbind normalize names=P_BOOL,FLAG_ADVANCED winbind rpc only=P_BOOL,FLAG_ADVANCED create krb5 conf=P_BOOL,FLAG_ADVANCED ncalrpc dir=P_STRING,FLAG_ADVANCED winbind max domain connections=P_INTEGER,FLAG_ADVANCED
winbindd
ntlm_auth
wbinfo
設定
Sambaサーバの設定は次のファイルを変更することで行う。
/etc/samba/smb.conf
設定ファイルの初期状態
# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #--------------- # SELINUX NOTES: # # If you want to use the useradd/groupadd family of binaries please run: # setsebool -P samba_domain_controller on # # If you want to share home directories via samba please run: # setsebool -P samba_enable_home_dirs on # # If you create a new directory you want to share you should mark it as # "samba_share_t" so that selinux will let you write into it. # Make sure not to do that on system directories as they may already have # been marked with othe SELinux labels. # # Use ls -ldZ /path to see which context a directory has # # Set labels only on directories you created! # To set a label use the following: chcon -t samba_share_t /path # # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_ro on # or # setsebool -P samba_export_all_rw on # # If you want to run scripts (preexec/root prexec/print command/...) please # put them into the /var/lib/samba/scripts directory so that smbd will be # allowed to run them. # Make sure you COPY them and not MOVE them so that the right SELinux context # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts # #-------------- # #======================= Global Settings ===================================== [global] # ----------------------- Network Related Options ------------------------- # # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # # server string is the equivalent of the NT Description field # # netbios name can be used to specify a server name not tied to the hostname # # Interfaces lets you configure Samba to use multiple interfaces # If you have multiple network interfaces then you can list the ones # you want to listen on (never omit localhost) # # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can # specifiy it as a per share option as well # workgroup = MYGROUP server string = Samba Server Version %v ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. # --------------------------- Logging Options ----------------------------- # # Log File let you specify where to put logs and how to split them up. # # Max Log Size let you specify the max size log files should reach # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 # ----------------------- Standalone Server Options ------------------------ # # Scurity can be set to user, share(deprecated) or server(deprecated) # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. security = user passdb backend = tdbsam # ----------------------- Domain Members Options ------------------------ # # Security must be set to domain or ads # # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Use password server option only with security = server or if you can't # use the DNS to locate Domain Controllers # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; security = domain ; passdb backend = tdbsam ; realm = MY_REALM ; password server = <NT-Server-Name> # ----------------------- Domain Controller Options ------------------------ # # Security must be set to user for domain controllers # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job # # Domain Logons let Samba be a domain logon server for Windows workstations. # # Logon Scrpit let yuou specify a script to be run at login time on the client # You need to provide it in a share called NETLOGON # # Logon Path let you specify where user profiles are stored (UNC path) # # Various scripts can be used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts # ; security = user ; passdb backend = tdbsam ; domain master = yes ; domain logons = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used ; logon script = %u.bat ; logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path ; logon path = ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" # ----------------------- Browser Control Options ---------------------------- # # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply # # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable # # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; local master = no ; os level = 33 ; preferred master = yes #----------------------------- Name Resolution ------------------------------- # Windows Internet Name Serving Support Section: # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both # # - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server # # - WINS Server: Tells the NMBD components of Samba to be a WINS Client # # - WINS Proxy: Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. # # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes # --------------------------- Printing Options ----------------------------- # # Load Printers let you load automatically the list of printers rather # than setting them up individually # # Cups Options let you pass the cups libs custom options, setting it to raw # for example will let you use drivers on your Windows clients # # Printcap Name let you specify an alternative printcap file # # You can choose a non default printing system using the Printing option load printers = yes cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups # --------------------------- Filesystem Options --------------------------- # # The following options can be uncommented if the filesystem supports # Extended Attributes and they are enabled (usually by the mount option # user_xattr). Thess options will let the admin store the DOS attributes # in an EA and make samba not mess with the permission bits. # # Note: these options can also be set just per share, setting them in global # makes them the default for all shares ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /var/lib/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ; [Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff
設定ファイルの記法
設定ファイルは次のような書き方となっている。
[セクション] パラメータ名 = 値セクションはそれぞれ共有リソースに対応し、そのセクション中で設定されたパラメータが適用される。
セクション名は規定のもの以外では任意の名前をつけられ、それが共有名となる。
セクション定義行から次のセクション定義までがそのセクションの設定となる。
;か#で始まる行はコメントである。
変数
値には %X の記法で変数を使用できる。
- %v
Sambaサーババージョン - %m
接続元コンピュータ名、もしくは接続先ホスト名 - %u
ログインユーザ名
設定の構文チェック
構文チェックをtestparmコマンドで行うことができる。
globalセクション
Samba全体にわたる設定を行うセクション。
下記の設定はglobalセクションのみで記述できる。
workgroup
Sambaサーバが所属するワークグループ名もしくはドメイン名を指定する
workgroup = <グループ名>
netbios name
SambaサーバのNetBIOS名を指定する
netbios name = <NetBIOS名>
server string
サーバの説明文を記述する。ブラウジングの際にマウスオーバーで表示される。
server string = <サーバ説明文>
interfaces
Sambaによる接続を受け付けるインタフェースを指定する。
interfaces = <インタフェース名>|<インタフェースIPアドレス> [...]
hosts allow
接続を許可するホストを指定する。
このパラメータを設定した場合、許可されなかったホストは拒否される。
スペースで区切って複数記述できる。
192.168.と書くことで、192.168.0.0/16の範囲を許可することができる。
hosts allow = <ホスト> [...]
hosts deny
接続を拒否するホストを指定する。
このパラメータを設定した場合、拒否されなかったホストは許可される。
hosts deny = <ホスト> [...]
guest account
Guestとして利用するアカウント名を指定する
デフォルトは”nobody”アカウントとなる。
guest account = <アカウント名>
map to guest
Sambaユーザ認証ができなかった場合の挙動を指定する
map to guest = (Never|Bad User|Bad Password)
- Never
ゲストとしての認証を許可しない - Bad User
認証時に指定されたユーザ名が登録されていなかった場合はゲスト認証であるとみなす - Bad Password
Bad Userの場合に加え、パスワードが間違っていた場合もゲスト認証であるとみなす
log file
ログファイルを指定する
log file
max log size
ログファイルの最大サイズをKB単位で指定する。
0の場合は制限がない。
max log size = <最大ログファイルサイズ>
encrypt passwords = (Yes|No)
YesとNoが指定でき、Yesの場合はNetBIOS認証をハッシュ値で行う方式にする。
encrypt passwords
smb passwd file
パスワード認証をsmbpasswd方式で行う場合のパスワードファイルを指定する
smb passwd file
unix password sync
YesかNoを記述し、SambaのパスワードとLinuxのパスワードを同期させるかどうかを指定する。
このパラメータを有効にする場合、passwd programパラメータを必ず設定する必要がある。
unix password sync = (Yes|No)
passwd program
Samba側でパスワードを変更した際に実行するプログラムを指定する。
passwd program = <パスワード変更プログラムパス>例
passwd program = /usr/bin/passwd %u
passwd chat
Samba側でパスワードを変更した際の応答内容を記述する
passwd chat
username map
Linuxのユーザーを別のユーザー名にマッピングした内容を記述したファイルを指定する。
マッピングファイル内では、次の書式で記述する。
<Linuxユーザ名> = "<Windowsユーザ名>"Windowsユーザ名は日本語にも対応できる。
username map
logon script
ログオン時に実行するスクリプトファイルを指定する
logon script
wins support
YesかNoで指定し、SambaサーバをWINSサーバとして動作させるときにYesとする
wins support
wins server
WINSサーバのIPアドレスを指定する
wins server
security
認証方法の設定
security = (user|share|server|domain|ads)
- user
ユーザレベルでの認証を行う - share
共有リソースにパスワードのみを使用して認証を行う - server
パスワードサーバを使用して認証を行う - domain
ドメインコントローラを使用して認証を行う - ads
Active Directoryを使用して認証を行う
null passwords
!!廃止!!
YesかNoで指定し、空のパスワードの使用を許可・禁止する
null passwords = (Yes|No)
enable privileges
特定の権限をWindowsのSIDに割り当てる機能を有効にするかどうかを指定する。
- 書式
enable privileges = (Yes|No)
- デフォルト
enable privileges = Yes
unix extensions
UNIX拡張を利用するかどうかを制御する。
専らリンク(シンボリックリンク、ハードリンク)を使用可能にするために設定される。
Unix系クライアントからリンクを使用する場合はYesにし、Windows系クライアントからリンクを使用する場合はNoにすること。
ただし、リンクを使用する場合は「wide links」も有効にする必要がある。
- 書式
unix extensions = (Yes|No)
- デフォルト
unix extensions = Yes
個別セクション共通設定
globalセクション以降の個別の各セクション内で使用できる共通の設定項目が以下である。
globalセクション内でも設定可能である。
comment
コメント文。ブラウジングしたときに表示される。
browsable
YesかNoで指定し、ブラウジングしたときに表示されるかどうかを指定する。
ただし、共有名を直接指定するとアクセスすることは可能。
セクション名の最後に$を書くことでNoとするのと同様の効果が得られる。
- 書式
browsable = (Yes|No)
- デフォルト
browsable = Yes
writable/writeable
書き込み可能かどうかを指定する。
パラメータ”read only”の反対である。
- 書式
writable = (Yes|No)
- デフォルト
なし。(”read only”により設定されている)
read only
YesかNoで指定し、読み込み専用かどうかを指定する
- 書式
read only = (Yes|No)
- デフォルト
read only = Yes
path
共有ディレクトリのパスを指定する
- 書式
path = <パス>
force user
共有内に作成するファイル・ディレクトリのオーナーを指定する
- 書式
force user = <ユーザ名>
force group
共有内に作成するファイル・ディレクトリのオーナーグループを指定する
- 書式
force group = <グループ名>
write list
writableで書き込みできない状態の場合でも書き込みできるユーザ・グループを指定する
- 書式
write list = [<ユーザー名>|@<グループ名>][ ,...]
- デフォルト
write list =
hide dot files
YesかNoで記述し、.で始まる名前のファイルやディレクトリを
表示しないようWindowsの隠しファイル属性を適用するかどうかを指定する。
hide files
表示させないファイル・ディレクトリを指定する。ただし、アクセスは可能。
veto files
表示させないファイル・ディレクトリを指定する。ただし、アクセスも不可。
create mask
ファイルに適用可能なパーミッションを指定する。
この値とDOSでの属性をUNIXのパーミッションに変換した値との論理積(AND)を
ファイルのパーミッションとする。
パーミッションを削除する場合に使用する。
デフォルトは0744。
create mask = <パーミッション>
directory mask
ディレクトリに適用可能なパーミッションを指定する。
この値とDOSでの属性をUNIXのパーミッションに変換した値との論理積(AND)を
ディレクトリのパーミッションとする。
パーミッションを削除する場合に使用する。
デフォルトは0755。
directory mask = <パーミッション>
force create mode
必ずファイルに適用されるパーミッションを指定する。
この値と”create mask”で算出された値との論理和(OR)が最終的なファイルのパーミッションとなる。
パーミッションを設定する場合に使用する。
デフォルトは0000。
force create mode = <パーミッション>
force directory mode
必ずディレクトリに適用されるパーミッションを指定する。
この値と”create mask”で算出された値との論理和(OR)が最終的なディレクトリのパーミッションとなる。
パーミッションを設定する場合に使用する。
デフォルトは0000。
force directory mode = <パーミッション>
valid users
アクセス可能なユーザ・グループを指定する
guest ok
YesかNoで記述し、Yesの場合はパスワード無しのゲストログインを許可する
guest ok = (Yes|No)
public
guest okと同じ
public = (Yes|No)
wide links
UNIXファイルシステム上のリンクをたどってアクセス可能かどうかを設定する。
リンクを有効にすると、不正なリンクファイルを配置することで意図しないパスにアクセス可能になるリスクがある。
- 書式
wide links = (Yes|No)
- デフォルト値
wide links = No
homesセクション
Linuxユーザの各ホームディレクトリを一括して共有するためのセクション。
SambaにログインしたユーザがLinuxに存在する場合、そのホームディレクトリが利用可能となる。
printers
共有プリンタに関する設定を行います。
printable
print ok
このパラメーターはprintableパラメーターの別名である
lmhosts
Windowsネットワーク上にてホストのNetBIOS名とIPアドレスの名前解決のために使われるファイル。
WINSサーバで名前解決が出来なかった際にlmhostsファイルが使用される。
通常以下のパスに存在する。
/etc/samba/lmhosts
- 書式
<IPアドレス> <NetBIOS名>
Sambaクライアント
LinuxからSambaサーバへアクセスし、Windowsネットワークを利用するにはSambaクライアントを利用する。
smbclientコマンド
Sambaクライアントとして利用できるコマンド。
- 書式
smbclient [オプション] //<接続先サーバ>/<共有名>
- オプション
- -L <接続先サーバ>
リスト表示を要求する
このオプションを使用する際は共有名は指定せず、次のような書式で行う
smbclient <接続先サーバ>
- -N
パスワード認証をスキップ - -U <ユーザ名>
接続するユーザを指定する
- -L <接続先サーバ>
接続が成功すると対話式で操作を行う。
以下のサブコマンドが使用可能である。
なお、テキストファイルを直接読み出すサブコマンドは無い。
- サブコマンド
- ディレクトリ移動
cd <パス>
- ファイル削除
rm <ファイル>
or
del <ファイル>
- 一覧表示
ls [<パス>]
or
dir [<パス>]
- ファイルのコピー
get <SMB上のファイル> <ローカルファイルパス>
※ローカルファイルパスはディレクトリを指しても同じファイル名でコピーされないので、ファイル名まで含めた完全なパスを指定する必要がある - ファイルの配置
put <ローカルファイルパス> [<SMB上のパス>]
SMB上のパスを省略した場合、カレントディレクトリに同名のファイルでコピーされる - 切断
exit
- ヘルプ
使用できるコマンド一覧を出力できる。
?
- ディレクトリ移動
マウントして利用
smbmount \\<サーバ名>\<共有名> <マウントポイント> [-o <オプション>]
- オプション
- ro
リードオンリー - username=<ユーザ名>
ユーザ名を指定
- ro