diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /docs-xml/smbdotconf/protocol | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs-xml/smbdotconf/protocol')
49 files changed, 1186 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml new file mode 100644 index 0000000..60ffb34 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml @@ -0,0 +1,25 @@ +<samba:parameter name="acl allow execute always" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This boolean parameter controls the behaviour of <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when receiving a protocol request of "open for execution" + from a Windows client. + With Samba 3.6 and older, the execution right in the ACL was not checked, so a client + could execute a file even if it did not have execute rights on the file. In Samba 4.0, + this has been fixed, so that by default, i.e. when this parameter is set to "False", + "open for execution" is now denied when execution permissions are not present. + </para> + <para> + If this parameter is set to "True", Samba does not check execute permissions on + "open for execution", thus re-establishing the behaviour of Samba 3.6. + This can be useful to smoothen upgrades from older Samba versions to 4.0 and newer. + This setting is not meant to be used as a permanent setting, but as a temporary relief: + It is recommended to fix the permissions in the ACLs and reset this parameter to the + default after a certain transition period. + </para> +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml new file mode 100644 index 0000000..bfffcc0 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml @@ -0,0 +1,33 @@ +<samba:parameter name="acl check permissions" + context="S" + type="boolean" + deprecated="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Please note this parameter is now deprecated in Samba 3.6.2 and will be removed + in a future version of Samba. + </para> + <para>This boolean parameter controls what <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> does on receiving a protocol request of "open for delete" + from a Windows client. If a Windows client doesn't have permissions to delete a file then they + expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by + actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a + delete request by unsetting the "delete on close" bit Samba cannot delete the file immediately + on "open for delete" request as we cannot restore such a deleted file. With this parameter set to + true (the default) then smbd checks the file system permissions directly on "open for delete" and denies the + request without actually deleting the file if the file system permissions would seem to deny it. + This is not perfect, as it's possible a user could have deleted a file without Samba being able to + check the permissions correctly, but it is close enough to Windows semantics for mostly correct + behaviour. Samba will correctly check POSIX ACL semantics in this case. + </para> + <para>If this parameter is set to "false" Samba doesn't check permissions on "open for delete" + and allows the open. If the user doesn't have permission to delete the file this will only be + discovered at close time, which is too late for the Windows user tools to display an error message + to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing + on a Windows explorer refresh. This is an extremely advanced protocol option which should not + need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version + with slightly different semantics was introduced in 3.0.20. That older version is not documented here. + </para> +</description> +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml new file mode 100644 index 0000000..9bb1e7d --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml @@ -0,0 +1,16 @@ +<samba:parameter name="acl map full control" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum + allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX + ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any + POSIX ACE entry of "rwx" will be returned as the specific Windows ACL bits representing read, write and + execute. + </para> +</description> +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/cldapport.xml b/docs-xml/smbdotconf/protocol/cldapport.xml new file mode 100644 index 0000000..3fcb2b3 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/cldapport.xml @@ -0,0 +1,12 @@ +<samba:parameter name="cldap port" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls the port used by the CLDAP protocol. +</para> +</description> + +<value type="default">389</value> +<value type="example">3389</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml new file mode 100644 index 0000000..408af50 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml @@ -0,0 +1,29 @@ +<samba:parameter name="client ipc max protocol" + context="G" + type="enum" + function="_client_ipc_max_protocol" + enumlist="enum_protocol" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The value of the parameter (a string) is the highest + protocol level that will be supported for IPC$ connections as DCERPC transport.</para> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> + + <para>The value <constant>default</constant> refers to the latest + supported protocol, currently <constant>SMB3_11</constant>.</para> + + <para>See <smbconfoption name="client max protocol"/> for a full list + of available protocols. The values CORE, COREPLUS, LANMAN1, LANMAN2 + are silently upgraded to NT1.</para> +</description> + +<related>client ipc min protocol</related> +<related>client min protocol</related> +<related>client max protocol</related> + +<value type="default">default</value> +<value type="example">SMB2_10</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientipcminprotocol.xml b/docs-xml/smbdotconf/protocol/clientipcminprotocol.xml new file mode 100644 index 0000000..fc04b78 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientipcminprotocol.xml @@ -0,0 +1,29 @@ +<samba:parameter name="client ipc min protocol" + context="G" + type="enum" + function="_client_ipc_min_protocol" + enumlist="enum_protocol" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This setting controls the minimum protocol version that the + will be attempted to use for IPC$ connections as DCERPC transport.</para> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> + + <para>The value <constant>default</constant> refers to the higher value + of <constant>NT1</constant> and the effective value of + <smbconfoption name="client min protocol"/>.</para> + + <para>See <smbconfoption name="client max protocol"/> for a full list + of available protocols. The values CORE, COREPLUS, LANMAN1, LANMAN2 + are silently upgraded to NT1.</para> +</description> + +<related>client ipc max protocol</related> +<related>client min protocol</related> +<related>client max protocol</related> +<value type="default">default</value> +<value type="example">SMB3_11</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml new file mode 100644 index 0000000..784123e --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml @@ -0,0 +1,86 @@ +<samba:parameter name="client max protocol" + context="G" + type="enum" + function="_client_max_protocol" + enumlist="enum_protocol" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The value of the parameter (a string) is the highest + protocol level that will be supported by the client.</para> + + <para>Possible values are :</para> + <itemizedlist> + <listitem> + <para><constant>CORE</constant>: Earliest version. No + concept of user names.</para> + </listitem> + + <listitem> + <para><constant>COREPLUS</constant>: Slight improvements on + CORE for efficiency.</para> + </listitem> + + <listitem> + <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis> + version of the protocol. Long filename support.</para> + </listitem> + + <listitem> + <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para> + </listitem> + + <listitem> + <para><constant>NT1</constant>: Current up to date version of the protocol. + Used by Windows NT. Known as CIFS.</para> + </listitem> + + <listitem> + <para><constant>SMB2</constant>: Re-implementation of the SMB protocol. + Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para> + </listitem> + </itemizedlist> + <para>By default SMB2 selects the SMB2_10 variant.</para> + </listitem> + + <listitem> + <para><constant>SMB3</constant>: The same as SMB2. + Used by Windows 8. SMB3 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB3_00</constant>: Windows 8 SMB3 version.</para> + </listitem> + <listitem> + <para><constant>SMB3_02</constant>: Windows 8.1 SMB3 version.</para> + </listitem> + <listitem> + <para><constant>SMB3_11</constant>: Windows 10 SMB3 version.</para> + </listitem> + </itemizedlist> + <para>By default SMB3 selects the SMB3_11 variant.</para> + </listitem> + </itemizedlist> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> + + <para>The value <constant>default</constant> refers to <constant>SMB3_11</constant>.</para> + + <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the + <smbconfoption name="client ipc max protocol"/> option.</para> +</description> + +<related>server max protocol</related> +<related>client min protocol</related> +<related>client ipc min protocol</related> +<related>client ipc max protocol</related> + +<value type="default">default</value> +<value type="example">LANMAN1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientminprotocol.xml b/docs-xml/smbdotconf/protocol/clientminprotocol.xml new file mode 100644 index 0000000..1eb07ad --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientminprotocol.xml @@ -0,0 +1,32 @@ +<samba:parameter name="client min protocol" + context="G" + type="enum" + enumlist="enum_protocol" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This setting controls the minimum protocol version that the + client will attempt to use.</para> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol unless you connect to a legacy SMB1-only server.</para> + + <para>See <related>client max protocol</related> for a full list + of available protocols.</para> + + <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the + <smbconfoption name="client ipc min protocol"/> option.</para> + + <para>Note that most command line tools support + --option='client min protocol=NT1', so it may not be required to + enable SMB1 protocols globally in smb.conf.</para> +</description> + +<related>client max protocol</related> +<related>server min protocol</related> +<related>client ipc min protocol</related> +<related>client ipc max protocol</related> + +<value type="default">SMB2_02</value> +<value type="example">NT1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientusespnego.xml b/docs-xml/smbdotconf/protocol/clientusespnego.xml new file mode 100644 index 0000000..2d45f91 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientusespnego.xml @@ -0,0 +1,27 @@ +<samba:parameter name="client use spnego" + context="G" + type="boolean" + deprecated="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter has been deprecated since Samba 4.13 and + support for NTLMv2, NTLM and LanMan authentication outside NTLMSSP + will be removed in a future Samba release.</para> + <para>That is, in the future, the current default of + <command>client use spnego = yes</command> + will be the enforced behaviour.</para> + + <para> This variable controls whether Samba clients will try + to use Simple and Protected NEGOciation (as specified by rfc2478) with + supporting servers (including WindowsXP, Windows2000 and Samba + 3.0) to agree upon an authentication + mechanism. This enables Kerberos authentication in particular.</para> + + <para>When <smbconfoption name="client NTLMv2 auth"/> is also set to + <constant>yes</constant> extended security (SPNEGO) is required + in order to use NTLMv2 only within NTLMSSP. This behavior was + introduced with the patches for CVE-2016-2111.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml new file mode 100644 index 0000000..c6642b7 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml @@ -0,0 +1,11 @@ +<samba:parameter name="dcerpc endpoint servers" + context="G" + type="list" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which DCE/RPC endpoint servers should be run.</para> +</description> + +<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value> +<value type="example">rpcecho</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/defersharingviolations.xml b/docs-xml/smbdotconf/protocol/defersharingviolations.xml new file mode 100644 index 0000000..353dd9d --- /dev/null +++ b/docs-xml/smbdotconf/protocol/defersharingviolations.xml @@ -0,0 +1,25 @@ +<samba:parameter name="defer sharing violations" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + Windows allows specifying how a file will be shared with + other processes when it is opened. Sharing violations occur when + a file is opened by a different process using options that violate + the share settings specified by other processes. This parameter causes + smbd to act as a Windows server does, and defer returning a "sharing + violation" error message for up to one second, allowing the client + to close the file causing the violation in the meantime. + </para> + + <para>UNIX by default does not have this behaviour.</para> + + <para> + There should be no reason to turn off this parameter, as it is + designed to enable Samba to more correctly emulate Windows. + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/dgramport.xml b/docs-xml/smbdotconf/protocol/dgramport.xml new file mode 100644 index 0000000..b68c81f --- /dev/null +++ b/docs-xml/smbdotconf/protocol/dgramport.xml @@ -0,0 +1,11 @@ +<samba:parameter name="dgram port" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which ports the server should listen on for NetBIOS datagram traffic.</para> +</description> +<para>This parameter is deprecated, as it is not honoured in the +majority of the code base.</para> +<value type="default">138</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/disablenetbios.xml b/docs-xml/smbdotconf/protocol/disablenetbios.xml new file mode 100644 index 0000000..ce39834 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/disablenetbios.xml @@ -0,0 +1,15 @@ +<samba:parameter name="disable netbios" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Enabling this parameter will disable netbios support + in Samba. Netbios is the only available form of browsing in + all windows versions except for 2000 and XP. </para> + + <note><para>Clients that only support netbios won't be able to + see your samba server when netbios support is disabled. + </para></note> +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/dnsport.xml b/docs-xml/smbdotconf/protocol/dnsport.xml new file mode 100644 index 0000000..20d39b2 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/dnsport.xml @@ -0,0 +1,21 @@ +<samba:parameter name="dns port" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which ports the server should listen on for + DNS traffic.</para> + + <para>It makes possible to use another DNS server as a front + and forward to Samba.</para> + + <warning> + <para>Dynamic DNS updates may not be proxied by the front + DNS server when forwarding to Samba. Dynamic DNS update + proxying depends on the features of the other DNS server + used as a front.</para> + </warning> +</description> + +<value type="default">53</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/durablehandles.xml b/docs-xml/smbdotconf/protocol/durablehandles.xml new file mode 100644 index 0000000..4267b29 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/durablehandles.xml @@ -0,0 +1,26 @@ +<samba:parameter name="durable handles" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This boolean parameter controls + whether Samba can grant SMB2 durable file handles on a share. + </para> + <para> + Note that durable handles are only enabled if + <smbconfoption name="kernel oplocks">no</smbconfoption>, + <smbconfoption name="kernel share modes">no</smbconfoption>, and + <smbconfoption name="posix locking">no</smbconfoption>, + i.e. if the share is configured for CIFS/SMB2 only access, + not supporting interoperability features with local UNIX processes + or NFS operations. + </para> + <para> + Also note that, for the time being, durability is not granted + for a handle that has the delete on close flag set. + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/easupport.xml b/docs-xml/smbdotconf/protocol/easupport.xml new file mode 100644 index 0000000..0ff9d32 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/easupport.xml @@ -0,0 +1,43 @@ +<samba:parameter name="ea support" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will allow clients to attempt to access extended + attributes on a share. In order to enable this parameter on a setup with default VFS modules: + </para> + <itemizedlist> + <listitem><para>Samba must have been built with extended attributes support. + </para></listitem> + <listitem><para>The underlying filesystem exposed by the share must support extended + attributes (e.g. the getfattr<manvolnum>1</manvolnum> / setfattr<manvolnum>1</manvolnum> + utilities must work). + </para></listitem> + <listitem><para>Access to extended user attributes must be allowed by the underlying + filesystem (e.g. when mounted with a system-dependent option like user_xattr on Linux). + </para></listitem> + </itemizedlist> + <para> + This option exposes the "user" attribute namespace from the underlying filesystem to + clients. In order to match Windows conventions, the namespace prefix ("user.") is + stripped from the attribute name on the client side. The handling of further attribute + namespaces (like "security", "system", or "trusted") is not affected by this option. + </para> + <para> + Note that the SMB protocol allows setting attributes whose value is 64K bytes long, + and that on NTFS, the maximum storage space for extended attributes per file is 64K. + On most UNIX systems (Solaris and ZFS file system being the exception), the limits + are much lower - typically 4K. Worse, the same 4K space is often used to store + system metadata such as POSIX ACLs, or Samba's NT ACLs. Giving clients + access to this tight space via extended attribute support could consume all + of it by unsuspecting client applications, which would prevent changing + system metadata due to lack of space. + + The default has changed to yes in Samba release 4.9.0 and above to allow better Windows + fileserver compatibility in a default install. + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/enableasusupport.xml b/docs-xml/smbdotconf/protocol/enableasusupport.xml new file mode 100644 index 0000000..2f05b01 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/enableasusupport.xml @@ -0,0 +1,16 @@ +<samba:parameter name="enable asu support" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Hosts running the "Advanced Server for Unix (ASU)" product + require some special accommodations such as creating a builtin [ADMIN$] + share that only supports IPC connections. The has been the default + behavior in smbd for many years. However, certain Microsoft applications + such as the Print Migrator tool require that the remote server support + an [ADMIN$] file share. Disabling this parameter allows for creating + an [ADMIN$] file share in smb.conf.</para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/eventloglist.xml b/docs-xml/smbdotconf/protocol/eventloglist.xml new file mode 100644 index 0000000..6d0b400 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/eventloglist.xml @@ -0,0 +1,22 @@ +<samba:parameter name="eventlog list" + type="cmdlist" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option defines a list of log names that Samba will + report to the Microsoft EventViewer utility. The listed + eventlogs will be associated with tdb file on disk in the + <filename>$(statedir)/eventlog</filename>. + </para> + + <para> + The administrator must use an external process to parse the normal + Unix logs such as <filename>/var/log/messages</filename> + and write then entries to the eventlog tdb files. Refer to the + eventlogadm(8) utility for how to write eventlog entries. + </para> +</description> + +<value type="default"/> +<value type="example">Security Application Syslog Apache</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/largereadwrite.xml b/docs-xml/smbdotconf/protocol/largereadwrite.xml new file mode 100644 index 0000000..e7142d1 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/largereadwrite.xml @@ -0,0 +1,17 @@ +<samba:parameter name="large readwrite" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter determines whether or not + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> supports the new 64k + streaming read and write variant SMB requests introduced with + Windows 2000. Note that due to Windows 2000 client redirector bugs + this requires Samba to be running on a 64-bit capable operating + system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve + performance by 10% with Windows 2000 clients. Defaults to on. Not as + tested as some other Samba code paths.</para> +</description> +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml new file mode 100644 index 0000000..d67be29 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml @@ -0,0 +1,21 @@ +<samba:parameter name="lsa over netlogon" + context="G" + type="boolean" + deprecated="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Setting this deprecated option will allow the RPC server + in the AD DC to answer the LSARPC interface on the + <command>\pipe\netlogon</command> IPC pipe.</para> + + <para>When enabled, this matches the behaviour of Microsoft's + Windows, due to their internal implementation choices.</para> + + <para>If it is disabled (the default), the AD DC can offer + improved performance, as the netlogon server is decoupled and + can run as multiple processes.</para> + +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/mapaclinherit.xml b/docs-xml/smbdotconf/protocol/mapaclinherit.xml new file mode 100644 index 0000000..28271f9 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/mapaclinherit.xml @@ -0,0 +1,16 @@ +<samba:parameter name="map acl inherit" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected' + access control entry flags stored in Windows ACLs into an extended attribute + called user.SAMBA_PAI (POSIX ACL Inheritance). This parameter requires + supports for extended attributes on the filesystem and + allows the Windows ACL editor to store inheritance information while + NT ACLs are mapped best-effort to the POSIX ACLs. + </para> +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxmux.xml b/docs-xml/smbdotconf/protocol/maxmux.xml new file mode 100644 index 0000000..ab50001 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxmux.xml @@ -0,0 +1,12 @@ +<samba:parameter name="max mux" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls the maximum number of + outstanding simultaneous SMB operations that Samba tells the client + it will allow. You should never need to set this parameter.</para> +</description> + +<value type="default">50</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxttl.xml b/docs-xml/smbdotconf/protocol/maxttl.xml new file mode 100644 index 0000000..c340ad1 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxttl.xml @@ -0,0 +1,13 @@ +<samba:parameter name="max ttl" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> what the default 'time to live' + of NetBIOS names should be (in seconds) when <command moreinfo="none">nmbd</command> is + requesting a name using either a broadcast packet or from a WINS server. You should + never need to change this parameter. The default is 3 days.</para> +</description> +<value type="default">259200</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/maxxmit.xml b/docs-xml/smbdotconf/protocol/maxxmit.xml new file mode 100644 index 0000000..d7bd66c --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxxmit.xml @@ -0,0 +1,17 @@ +<samba:parameter name="max xmit" + context="G" + type="bytes" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls the maximum packet size + that will be negotiated by Samba's + <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for the SMB1 protocol. The default is 16644, which + matches the behavior of Windows 2000. A value below 2048 is likely to cause problems. + You should never need to change this parameter from its default value. +</para> +</description> + +<value type="default">16644</value> +<value type="example">8192</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/minreceivefilesize.xml b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml new file mode 100644 index 0000000..ce0ea30 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml @@ -0,0 +1,21 @@ +<samba:parameter name="min receivefile size" + type="bytes" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> +<para>This option changes the behavior of <citerefentry><refentrytitle>smbd</refentrytitle> +<manvolnum>8</manvolnum></citerefentry> when processing SMBwriteX calls. Any incoming +SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will +be passed to any underlying kernel recvfile or splice system call (if there is no such +call Samba will emulate in user space). This allows zero-copy writes directly from network +socket buffers into the filesystem buffer cache, if available. It may improve performance +but user testing is recommended. If set to zero Samba processes SMBwriteX calls in the +normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be +nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</para> +<para>Note this option will have NO EFFECT if set on a SMB signed connection.</para> +<para>The default is zero, which disables this option.</para> +</description> + +<related>min receivefile size</related> +<value type="default">0</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml new file mode 100644 index 0000000..b85d060 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml @@ -0,0 +1,70 @@ +<samba:parameter name="name resolve order" + context="G" + type="cmdlist" + handler="handle_name_resolve_order" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option is used by the programs in the Samba + suite to determine what naming services to use and in what order + to resolve host names to IP addresses. Its main purpose to is to + control how netbios name resolution is performed. The option takes a space + separated string of name resolution options.</para> + + <para>The options are: "lmhosts", "host", + "wins" and "bcast". They cause names to be + resolved as follows:</para> + + <itemizedlist> + <listitem> + <para> + <constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then + any name type matches for lookup. + </para> + </listitem> + + <listitem> + <para> + <constant>host</constant> : Do a standard host name to IP address resolution, using the system + <filename moreinfo="none">/etc/hosts </filename> or DNS lookups. This method of name resolution is + operating system depended for instance on IRIX or Solaris this may be controlled by the <filename + moreinfo="none">/etc/nsswitch.conf</filename> file. Note that this method is used only if the NetBIOS name + type being queried is the 0x20 (server) name type or 0x1c (domain controllers). The latter case is only + useful for active directory domains and results in a DNS query for the SRV RR entry matching + _ldap._tcp.domain. + </para> + </listitem> + + <listitem> + <para><constant>wins</constant> : Query a name with + the IP address listed in the <smbconfoption name="WINSSERVER"><parameter moreinfo="none"> + wins server</parameter></smbconfoption> parameter. If no WINS server has + been specified this method will be ignored.</para> + </listitem> + + <listitem> + <para><constant>bcast</constant> : Do a broadcast on + each of the known local interfaces listed in the <smbconfoption name="interfaces"/> + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet.</para> + </listitem> +</itemizedlist> + + <para>The example below will cause the local lmhosts file to be examined + first, followed by a broadcast attempt, followed by a normal + system hostname lookup.</para> + + <para>When Samba is functioning in ADS security mode (<command moreinfo="none">security = ads</command>) + it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para> + + <para><command moreinfo="none">name resolve order = wins bcast</command></para> + + <para>DC lookups will still be done via DNS, but fallbacks to netbios names will + not inundate your DNS servers with needless queries for DOMAIN<0x1c> lookups.</para> + +</description> + +<value type="default">lmhosts wins host bcast</value> +<value type="example">lmhosts bcast host</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/nbtport.xml b/docs-xml/smbdotconf/protocol/nbtport.xml new file mode 100644 index 0000000..7070b98 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/nbtport.xml @@ -0,0 +1,13 @@ +<samba:parameter name="nbt port" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which port the server should use for NetBIOS over IP name + services traffic.</para> +</description> + +<para>This parameter is deprecated, as it is not honoured in the +majority of the code base.</para> +<value type="default">137</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/ntaclsupport.xml b/docs-xml/smbdotconf/protocol/ntaclsupport.xml new file mode 100644 index 0000000..1b1f947 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntaclsupport.xml @@ -0,0 +1,16 @@ +<samba:parameter name="nt acl support" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will attempt to map + UNIX permissions into Windows NT access control lists. The UNIX + permissions considered are the traditional UNIX owner and + group permissions, as well as POSIX ACLs set on any files or + directories. This parameter was formally a global parameter in + releases prior to 2.2.2.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/ntpipesupport.xml b/docs-xml/smbdotconf/protocol/ntpipesupport.xml new file mode 100644 index 0000000..907dee1 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntpipesupport.xml @@ -0,0 +1,15 @@ +<samba:parameter name="nt pipe support" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will allow Windows NT + clients to connect to the NT SMB specific <constant>IPC$</constant> + pipes. This is a developer debugging option and can be left + alone.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/ntstatussupport.xml b/docs-xml/smbdotconf/protocol/ntstatussupport.xml new file mode 100644 index 0000000..07d3462 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntstatussupport.xml @@ -0,0 +1,17 @@ +<samba:parameter name="nt status support" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will negotiate NT specific status + support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. + If this option is set to <constant>no</constant> then Samba offers + exactly the same DOS error codes that versions prior to Samba 2.2.3 + reported.</para> + + <para>You should not need to ever disable this parameter.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/readraw.xml b/docs-xml/smbdotconf/protocol/readraw.xml new file mode 100644 index 0000000..a467f52 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/readraw.xml @@ -0,0 +1,25 @@ +<samba:parameter name="read raw" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This is ignored if <smbconfoption name="async smb echo handler"/> is set, + because this feature is incompatible with raw read SMB requests</para> + + <para>If enabled, raw reads allow reads of 65535 bytes in + one packet. This typically provides a major performance benefit for some very, very old clients. + </para> + + <para>However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting larger block + sizes, and for these clients you may need to disable raw reads.</para> + +<para>In general this parameter should be viewed as a system tuning + tool and left severely alone.</para> +</description> + +<value type="default">yes</value> + +<related>write raw</related> +<related>async smb echo handler</related> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/rpcbigendian.xml b/docs-xml/smbdotconf/protocol/rpcbigendian.xml new file mode 100644 index 0000000..5f7c5b6 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/rpcbigendian.xml @@ -0,0 +1,15 @@ +<samba:parameter name="rpc big endian" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Setting this option will force the RPC client and server to + transfer data in big endian.</para> + + <para>If it is disabled, data will be transferred in little endian.</para> + + <para>The behaviour is independent of the endianness of the host machine.</para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/rpcserverport.xml b/docs-xml/smbdotconf/protocol/rpcserverport.xml new file mode 100644 index 0000000..0fd87d6 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/rpcserverport.xml @@ -0,0 +1,22 @@ +<samba:parameter name="rpc server port" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which port the server should listen on for DCE/RPC over TCP/IP traffic.</para> + <para>This controls the default port for all protocols, except for NETLOGON.</para> + <para>If unset, the first available port from <smbconfoption name="rpc server dynamic port range"/> is used, e.g. 49152.</para> + <para>The NETLOGON server will use the next available port, e.g. 49153. To change this port use (eg) rpc server port:netlogon = 4000.</para> + <para>Furthermore, all RPC servers can have the port they use specified independenty, with (for example) rpc server port:drsuapi = 5000.</para> + + <para>This option applies currently only when + <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>8</manvolnum></citerefentry> + runs as an active directory domain controller.</para> + + <para>The default value 0 causes Samba to select the first available port from <smbconfoption name="rpc server dynamic port range"/>.</para> +</description> + +<related>rpc server dynamic port range</related> + +<value type="default">0</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml new file mode 100644 index 0000000..815841d --- /dev/null +++ b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml @@ -0,0 +1,69 @@ +<samba:parameter name="server max protocol" + context="G" + type="enum" + enumlist="enum_protocol" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The value of the parameter (a string) is the highest + protocol level that will be supported by the server.</para> + + <para>Possible values are :</para> + <itemizedlist> + <listitem> + <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis> + version of the protocol. Long filename support.</para> + </listitem> + + <listitem> + <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para> + </listitem> + + <listitem> + <para><constant>NT1</constant>: Current up to date version of the protocol. + Used by Windows NT. Known as CIFS.</para> + </listitem> + + <listitem> + <para><constant>SMB2</constant>: Re-implementation of the SMB protocol. + Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para> + </listitem> + </itemizedlist> + <para>By default SMB2 selects the SMB2_10 variant.</para> + </listitem> + + <listitem> + <para><constant>SMB3</constant>: The same as SMB2. + Used by Windows 8. SMB3 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB3_00</constant>: Windows 8 SMB3 version.</para> + </listitem> + <listitem> + <para><constant>SMB3_02</constant>: Windows 8.1 SMB3 version.</para> + </listitem> + <listitem> + <para><constant>SMB3_11</constant>: Windows 10 SMB3 version.</para> + </listitem> + </itemizedlist> + <para>By default SMB3 selects the SMB3_11 variant.</para> + </listitem> + </itemizedlist> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> +</description> + +<related>server min protocol</related> +<synonym>max protocol</synonym> +<synonym>protocol</synonym> + +<value type="default">SMB3</value> +<value type="example">LANMAN1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/serverminprotocol.xml b/docs-xml/smbdotconf/protocol/serverminprotocol.xml new file mode 100644 index 0000000..1079eb8 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/serverminprotocol.xml @@ -0,0 +1,23 @@ +<samba:parameter name="server min protocol" + context="G" + type="enum" + enumlist="enum_protocol" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<synonym>min protocol</synonym> +<description> + <para>This setting controls the minimum protocol version that the server + will allow the client to use.</para> + + <para>Normally this option should not be set as the automatic negotiation + phase in the SMB protocol takes care of choosing the appropriate + protocol unless you have legacy clients which are SMB1 capable only.</para> + + <para>See <related>server max protocol</related> for a full list + of available protocols.</para> +</description> + +<related>server max protocol</related> + +<value type="default">SMB2_02</value> +<value type="example">NT1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/servermultichannelsupport.xml b/docs-xml/smbdotconf/protocol/servermultichannelsupport.xml new file mode 100644 index 0000000..1056271 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/servermultichannelsupport.xml @@ -0,0 +1,27 @@ +<samba:parameter name="server multi channel support" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will support + SMB3 multi-channel. + </para> + <para>This parameter was added with version 4.4.</para> + <para> + Note that this feature was still considered experimental up to 4.14. + </para> + + <para>Due to dependencies to kernel APIs of Linux or FreeBSD, it's only possible + to use this feature on Linux and FreeBSD for now. For testing this restriction + can be overwritten by specifying <constant>force:server multi channel support=yes</constant> + in addition.</para> + + <para> + This option is enabled by default starting with to 4.15 (on Linux and FreeBSD). + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/sharefakefscaps.xml b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml new file mode 100644 index 0000000..11f4955 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml @@ -0,0 +1,19 @@ +<samba:parameter name="share:fake_fscaps" + context="G" + type="string" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + + <para> + This is needed to support some special application that makes + QFSINFO calls to check whether we set the SPARSE_FILES bit + (0x40). If this bit is not set that particular application + refuses to work against + Samba. With <smbconfoption name="share:fake_fscaps">64</smbconfoption> + the SPARSE_FILES file system capability flag is set. Use other + decimal values to specify the bitmask you need to fake. + </para> + +</description> +<value type="default">0</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smb1unixextensions.xml b/docs-xml/smbdotconf/protocol/smb1unixextensions.xml new file mode 100644 index 0000000..b1fcf6b --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb1unixextensions.xml @@ -0,0 +1,24 @@ +<samba:parameter name="smb1 unix extensions" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<synonym>unix extensions</synonym> + <description> + <para>This boolean parameter controls whether Samba + implements the SMB1/CIFS UNIX extensions, as defined by HP. + These extensions enable Samba to better serve UNIX SMB1/CIFS clients + by supporting features such as symbolic links, hard links, etc... + These extensions require a similarly enabled client, and are of + no current use to Windows clients.</para> + <para> + Note if this parameter is turned on, the <smbconfoption name="wide links"/> + parameter will automatically be disabled. + </para> + <para> + See the parameter <smbconfoption name="allow insecure wide links"/> + if you wish to change this coupling between the two parameters. + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml b/docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml new file mode 100644 index 0000000..3a33b8b --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml @@ -0,0 +1,41 @@ +<samba:parameter name="smb2 disable lock sequence checking" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will disable + lock sequence checking even for multi-channel connections + as well as durable handles. + </para> + + <para>The [MS-SMB2] specification (under 3.3.5.14 Receiving an SMB2 LOCK Request) + documents that a server should do lock sequence if Open.IsResilient or Open.IsDurable + or Open.IsPersistent is TRUE or if Connection.Dialect belongs to the SMB 3.x dialect + family and Connection.ServerCapabilities includes SMB2_GLOBAL_CAP_MULTI_CHANNEL. + </para> + + <para>But Windows Server (at least up to v2004) only does these checks + for the Open.IsResilient and Open.IsPersistent. + That means they do not implement the behavior specified + in [MS-SMB2].</para> + + <para>By default Samba behaves according to the specification + and implements lock sequence checking when multi-channel is used.</para> + + <para>Warning: Only enable this option if existing clients can't + handle lock sequence checking for handles without Open.IsResilient and Open.IsPersistent. + And it turns out that the Windows Server behavior is required.</para> + + <para>Note: it's likely that this option will be removed again + if future Windows versions change their behavior.</para> + + <para>Note: Samba does not implement Open.IsResilient and Open.IsPersistent yet.</para> +</description> + +<related>server multi channel support</related> + +<value type="default">no</value> +<value type="example">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml b/docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml new file mode 100644 index 0000000..1b67100 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml @@ -0,0 +1,39 @@ +<samba:parameter name="smb2 disable oplock break retry" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This boolean parameter controls whether + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will trigger + smb2 oplock break notification retries when using + <smbconfoption name="server multi channel support">yes</smbconfoption>. + </para> + + <para>The [MS-SMB2] specification documents that a server should + send smb2 oplock break notification retries on all available channel + to the given client.</para> + + <para>But Windows Server versions (at least up to 2019) do not send + smb2 oplock break notification retries on channel failures. + That means they do not implement the behavior specified + in [MS-SMB2].</para> + + <para>By default Samba behaves according to the specification + and send smb2 oplock break notification retries.</para> + + <para>Warning: Only enable this option if existing clients can't + handle possible retries and it turns out that the Windows Server + behavior is required.</para> + + <para>Note: it's likely that this option gets removed again + if future Windows versions change their behavior.</para> + + <para>Note: this only applies to oplocks and not SMB2 leases.</para> +</description> + +<related>server multi channel support</related> + +<value type="default">no</value> +<value type="example">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smb2maxcredits.xml b/docs-xml/smbdotconf/protocol/smb2maxcredits.xml new file mode 100644 index 0000000..90bc622 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb2maxcredits.xml @@ -0,0 +1,15 @@ +<samba:parameter name="smb2 max credits" + type="integer" + context="G" + handler="handle_smb2_max_credits" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> +<para>This option controls the maximum number of outstanding simultaneous SMB2 operations +that Samba tells the client it will allow. This is similar to the <smbconfoption name="max mux"/> +parameter for SMB1. You should never need to set this parameter. +</para> +<para>The default is 8192 credits, which is the same as a Windows 2008R2 SMB2 server.</para> +</description> + +<value type="default">8192</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smb2maxread.xml b/docs-xml/smbdotconf/protocol/smb2maxread.xml new file mode 100644 index 0000000..01f9583 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb2maxread.xml @@ -0,0 +1,19 @@ +<samba:parameter name="smb2 max read" + type="bytes" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> +<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle> +<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest +size that may be returned by a single SMB2 read call. +</para> +<para>The maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2.</para> +<para>Please note that the default is 8MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB == 2.0, 8MiB for SMB >= 2.1 with LargeMTU). +Large MTU is not supported over NBT (tcp port 139).</para> +</description> + +<related>smb2 max write</related> +<related>smb2 max trans</related> +<value type="default">8388608</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml new file mode 100644 index 0000000..5586d3f --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml @@ -0,0 +1,19 @@ +<samba:parameter name="smb2 max trans" + type="bytes" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> +<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle> +<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest +size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls. +</para> +<para>The maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2.</para> +<para>Please note that the default is 8MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB == 2.0, 1MiB for SMB >= 2.1 with LargeMTU). +Large MTU is not supported over NBT (tcp port 139).</para> +</description> + +<related>smb2 max read</related> +<related>smb2 max write</related> +<value type="default">8388608</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml new file mode 100644 index 0000000..f895a04 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml @@ -0,0 +1,19 @@ +<samba:parameter name="smb2 max write" + type="bytes" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> +<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle> +<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest +size that may be sent to the server by a single SMB2 write call. +</para> +<para>The maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2.</para> +<para>Please note that the default is 8MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB == 2.0, 8MiB for SMB => 2.1 with LargeMTU). +Large MTU is not supported over NBT (tcp port 139).</para> +</description> + +<related>smb2 max read</related> +<related>smb2 max trans</related> +<value type="default">8388608</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/smbports.xml b/docs-xml/smbdotconf/protocol/smbports.xml new file mode 100644 index 0000000..ec1df65 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smbports.xml @@ -0,0 +1,11 @@ +<samba:parameter name="smb ports" + context="G" + type="cmdlist" + handler="handle_smb_ports" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which ports the server should listen on for SMB traffic.</para> +</description> + +<value type="default">445 139</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/svcctllist.xml b/docs-xml/smbdotconf/protocol/svcctllist.xml new file mode 100644 index 0000000..826bf70 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/svcctllist.xml @@ -0,0 +1,22 @@ +<samba:parameter name="svcctl list" + type="cmdlist" + context="G" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option defines a list of init scripts that smbd + will use for starting and stopping Unix services via the Win32 + ServiceControl API. This allows Windows administrators to + utilize the MS Management Console plug-ins to manage a + Unix server running Samba.</para> + + <para>The administrator must create a directory + name <filename>svcctl</filename> in Samba's $(libdir) + and create symbolic links to the init scripts in + <filename>/etc/init.d/</filename>. The name of the links + must match the names given as part of the <parameter>svcctl list</parameter>. + </para> +</description> + +<value type="default"/> +<value type="example">cups postfix portmap httpd</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/timeserver.xml b/docs-xml/smbdotconf/protocol/timeserver.xml new file mode 100644 index 0000000..ceefbd3 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/timeserver.xml @@ -0,0 +1,12 @@ +<samba:parameter name="time server" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows +clients.</para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/unicode.xml b/docs-xml/smbdotconf/protocol/unicode.xml new file mode 100644 index 0000000..25810cd --- /dev/null +++ b/docs-xml/smbdotconf/protocol/unicode.xml @@ -0,0 +1,13 @@ +<samba:parameter name="unicode" + context="G" + type="boolean" + deprecated="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies whether the server and client should support unicode.</para> + + <para>If this option is set to false, the use of ASCII will be forced.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/writeraw.xml b/docs-xml/smbdotconf/protocol/writeraw.xml new file mode 100644 index 0000000..9a3d11f --- /dev/null +++ b/docs-xml/smbdotconf/protocol/writeraw.xml @@ -0,0 +1,25 @@ +<samba:parameter name="write raw" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This is ignored if <smbconfoption name="async smb echo handler"/> is set, + because this feature is incompatible with raw write SMB requests</para> + + <para>If enabled, raw writes allow writes of 65535 bytes in + one packet. This typically provides a major performance benefit for some very, very old clients. + </para> + + <para>However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting larger block + sizes, and for these clients you may need to disable raw writes.</para> + +<para>In general this parameter should be viewed as a system tuning + tool and left severely alone.</para> +</description> + +<value type="default">yes</value> + +<related>read raw</related> +<related>async smb echo handler</related> +</samba:parameter> |