summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/protocol
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /docs-xml/smbdotconf/protocol
parentInitial commit. (diff)
downloadsamba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz
samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs-xml/smbdotconf/protocol')
-rw-r--r--docs-xml/smbdotconf/protocol/aclallowexecutealways.xml25
-rw-r--r--docs-xml/smbdotconf/protocol/aclcheckpermissions.xml33
-rw-r--r--docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/cldapport.xml12
-rw-r--r--docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml29
-rw-r--r--docs-xml/smbdotconf/protocol/clientipcminprotocol.xml29
-rw-r--r--docs-xml/smbdotconf/protocol/clientmaxprotocol.xml86
-rw-r--r--docs-xml/smbdotconf/protocol/clientminprotocol.xml32
-rw-r--r--docs-xml/smbdotconf/protocol/clientusespnego.xml27
-rw-r--r--docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml11
-rw-r--r--docs-xml/smbdotconf/protocol/defersharingviolations.xml25
-rw-r--r--docs-xml/smbdotconf/protocol/dgramport.xml11
-rw-r--r--docs-xml/smbdotconf/protocol/disablenetbios.xml15
-rw-r--r--docs-xml/smbdotconf/protocol/dnsport.xml21
-rw-r--r--docs-xml/smbdotconf/protocol/durablehandles.xml26
-rw-r--r--docs-xml/smbdotconf/protocol/easupport.xml43
-rw-r--r--docs-xml/smbdotconf/protocol/enableasusupport.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/eventloglist.xml22
-rw-r--r--docs-xml/smbdotconf/protocol/largereadwrite.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/lsaovernetlogon.xml21
-rw-r--r--docs-xml/smbdotconf/protocol/mapaclinherit.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/maxmux.xml12
-rw-r--r--docs-xml/smbdotconf/protocol/maxttl.xml13
-rw-r--r--docs-xml/smbdotconf/protocol/maxxmit.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/minreceivefilesize.xml21
-rw-r--r--docs-xml/smbdotconf/protocol/nameresolveorder.xml70
-rw-r--r--docs-xml/smbdotconf/protocol/nbtport.xml13
-rw-r--r--docs-xml/smbdotconf/protocol/ntaclsupport.xml16
-rw-r--r--docs-xml/smbdotconf/protocol/ntpipesupport.xml15
-rw-r--r--docs-xml/smbdotconf/protocol/ntstatussupport.xml17
-rw-r--r--docs-xml/smbdotconf/protocol/readraw.xml25
-rw-r--r--docs-xml/smbdotconf/protocol/rpcbigendian.xml15
-rw-r--r--docs-xml/smbdotconf/protocol/rpcserverport.xml22
-rw-r--r--docs-xml/smbdotconf/protocol/servermaxprotocol.xml69
-rw-r--r--docs-xml/smbdotconf/protocol/serverminprotocol.xml23
-rw-r--r--docs-xml/smbdotconf/protocol/servermultichannelsupport.xml27
-rw-r--r--docs-xml/smbdotconf/protocol/sharefakefscaps.xml19
-rw-r--r--docs-xml/smbdotconf/protocol/smb1unixextensions.xml24
-rw-r--r--docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml41
-rw-r--r--docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml39
-rw-r--r--docs-xml/smbdotconf/protocol/smb2maxcredits.xml15
-rw-r--r--docs-xml/smbdotconf/protocol/smb2maxread.xml19
-rw-r--r--docs-xml/smbdotconf/protocol/smb2maxtrans.xml19
-rw-r--r--docs-xml/smbdotconf/protocol/smb2maxwrite.xml19
-rw-r--r--docs-xml/smbdotconf/protocol/smbports.xml11
-rw-r--r--docs-xml/smbdotconf/protocol/svcctllist.xml22
-rw-r--r--docs-xml/smbdotconf/protocol/timeserver.xml12
-rw-r--r--docs-xml/smbdotconf/protocol/unicode.xml13
-rw-r--r--docs-xml/smbdotconf/protocol/writeraw.xml25
49 files changed, 1186 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml
new file mode 100644
index 0000000..60ffb34
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="acl allow execute always"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This boolean parameter controls the behaviour of <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when receiving a protocol request of "open for execution"
+ from a Windows client.
+ With Samba 3.6 and older, the execution right in the ACL was not checked, so a client
+ could execute a file even if it did not have execute rights on the file. In Samba 4.0,
+ this has been fixed, so that by default, i.e. when this parameter is set to "False",
+ "open for execution" is now denied when execution permissions are not present.
+ </para>
+ <para>
+ If this parameter is set to "True", Samba does not check execute permissions on
+ "open for execution", thus re-establishing the behaviour of Samba 3.6.
+ This can be useful to smoothen upgrades from older Samba versions to 4.0 and newer.
+ This setting is not meant to be used as a permanent setting, but as a temporary relief:
+ It is recommended to fix the permissions in the ACLs and reset this parameter to the
+ default after a certain transition period.
+ </para>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml
new file mode 100644
index 0000000..bfffcc0
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="acl check permissions"
+ context="S"
+ type="boolean"
+ deprecated="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Please note this parameter is now deprecated in Samba 3.6.2 and will be removed
+ in a future version of Samba.
+ </para>
+ <para>This boolean parameter controls what <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> does on receiving a protocol request of "open for delete"
+ from a Windows client. If a Windows client doesn't have permissions to delete a file then they
+ expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by
+ actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a
+ delete request by unsetting the "delete on close" bit Samba cannot delete the file immediately
+ on "open for delete" request as we cannot restore such a deleted file. With this parameter set to
+ true (the default) then smbd checks the file system permissions directly on "open for delete" and denies the
+ request without actually deleting the file if the file system permissions would seem to deny it.
+ This is not perfect, as it's possible a user could have deleted a file without Samba being able to
+ check the permissions correctly, but it is close enough to Windows semantics for mostly correct
+ behaviour. Samba will correctly check POSIX ACL semantics in this case.
+ </para>
+ <para>If this parameter is set to "false" Samba doesn't check permissions on "open for delete"
+ and allows the open. If the user doesn't have permission to delete the file this will only be
+ discovered at close time, which is too late for the Windows user tools to display an error message
+ to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing
+ on a Windows explorer refresh. This is an extremely advanced protocol option which should not
+ need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version
+ with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
+ </para>
+</description>
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml
new file mode 100644
index 0000000..9bb1e7d
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="acl map full control"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum
+ allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX
+ ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any
+ POSIX ACE entry of "rwx" will be returned as the specific Windows ACL bits representing read, write and
+ execute.
+ </para>
+</description>
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/cldapport.xml b/docs-xml/smbdotconf/protocol/cldapport.xml
new file mode 100644
index 0000000..3fcb2b3
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/cldapport.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="cldap port"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option controls the port used by the CLDAP protocol.
+</para>
+</description>
+
+<value type="default">389</value>
+<value type="example">3389</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml
new file mode 100644
index 0000000..408af50
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="client ipc max protocol"
+ context="G"
+ type="enum"
+ function="_client_ipc_max_protocol"
+ enumlist="enum_protocol"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>The value of the parameter (a string) is the highest
+ protocol level that will be supported for IPC$ connections as DCERPC transport.</para>
+
+ <para>Normally this option should not be set as the automatic
+ negotiation phase in the SMB protocol takes care of choosing
+ the appropriate protocol.</para>
+
+ <para>The value <constant>default</constant> refers to the latest
+ supported protocol, currently <constant>SMB3_11</constant>.</para>
+
+ <para>See <smbconfoption name="client max protocol"/> for a full list
+ of available protocols. The values CORE, COREPLUS, LANMAN1, LANMAN2
+ are silently upgraded to NT1.</para>
+</description>
+
+<related>client ipc min protocol</related>
+<related>client min protocol</related>
+<related>client max protocol</related>
+
+<value type="default">default</value>
+<value type="example">SMB2_10</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/clientipcminprotocol.xml b/docs-xml/smbdotconf/protocol/clientipcminprotocol.xml
new file mode 100644
index 0000000..fc04b78
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientipcminprotocol.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="client ipc min protocol"
+ context="G"
+ type="enum"
+ function="_client_ipc_min_protocol"
+ enumlist="enum_protocol"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This setting controls the minimum protocol version that the
+ will be attempted to use for IPC$ connections as DCERPC transport.</para>
+
+ <para>Normally this option should not be set as the automatic
+ negotiation phase in the SMB protocol takes care of choosing
+ the appropriate protocol.</para>
+
+ <para>The value <constant>default</constant> refers to the higher value
+ of <constant>NT1</constant> and the effective value of
+ <smbconfoption name="client min protocol"/>.</para>
+
+ <para>See <smbconfoption name="client max protocol"/> for a full list
+ of available protocols. The values CORE, COREPLUS, LANMAN1, LANMAN2
+ are silently upgraded to NT1.</para>
+</description>
+
+<related>client ipc max protocol</related>
+<related>client min protocol</related>
+<related>client max protocol</related>
+<value type="default">default</value>
+<value type="example">SMB3_11</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
new file mode 100644
index 0000000..784123e
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
@@ -0,0 +1,86 @@
+<samba:parameter name="client max protocol"
+ context="G"
+ type="enum"
+ function="_client_max_protocol"
+ enumlist="enum_protocol"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>The value of the parameter (a string) is the highest
+ protocol level that will be supported by the client.</para>
+
+ <para>Possible values are :</para>
+ <itemizedlist>
+ <listitem>
+ <para><constant>CORE</constant>: Earliest version. No
+ concept of user names.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>COREPLUS</constant>: Slight improvements on
+ CORE for efficiency.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis>
+ version of the protocol. Long filename support.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>NT1</constant>: Current up to date version of the protocol.
+ Used by Windows NT. Known as CIFS.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>SMB2</constant>: Re-implementation of the SMB protocol.
+ Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para>
+ <itemizedlist>
+ <listitem>
+ <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para>
+ </listitem>
+ <listitem>
+ <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para>
+ </listitem>
+ </itemizedlist>
+ <para>By default SMB2 selects the SMB2_10 variant.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>SMB3</constant>: The same as SMB2.
+ Used by Windows 8. SMB3 has sub protocols available.</para>
+ <itemizedlist>
+ <listitem>
+ <para><constant>SMB3_00</constant>: Windows 8 SMB3 version.</para>
+ </listitem>
+ <listitem>
+ <para><constant>SMB3_02</constant>: Windows 8.1 SMB3 version.</para>
+ </listitem>
+ <listitem>
+ <para><constant>SMB3_11</constant>: Windows 10 SMB3 version.</para>
+ </listitem>
+ </itemizedlist>
+ <para>By default SMB3 selects the SMB3_11 variant.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Normally this option should not be set as the automatic
+ negotiation phase in the SMB protocol takes care of choosing
+ the appropriate protocol.</para>
+
+ <para>The value <constant>default</constant> refers to <constant>SMB3_11</constant>.</para>
+
+ <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the
+ <smbconfoption name="client ipc max protocol"/> option.</para>
+</description>
+
+<related>server max protocol</related>
+<related>client min protocol</related>
+<related>client ipc min protocol</related>
+<related>client ipc max protocol</related>
+
+<value type="default">default</value>
+<value type="example">LANMAN1</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/clientminprotocol.xml b/docs-xml/smbdotconf/protocol/clientminprotocol.xml
new file mode 100644
index 0000000..1eb07ad
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientminprotocol.xml
@@ -0,0 +1,32 @@
+<samba:parameter name="client min protocol"
+ context="G"
+ type="enum"
+ enumlist="enum_protocol"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This setting controls the minimum protocol version that the
+ client will attempt to use.</para>
+
+ <para>Normally this option should not be set as the automatic
+ negotiation phase in the SMB protocol takes care of choosing
+ the appropriate protocol unless you connect to a legacy SMB1-only server.</para>
+
+ <para>See <related>client max protocol</related> for a full list
+ of available protocols.</para>
+
+ <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the
+ <smbconfoption name="client ipc min protocol"/> option.</para>
+
+ <para>Note that most command line tools support
+ --option='client min protocol=NT1', so it may not be required to
+ enable SMB1 protocols globally in smb.conf.</para>
+</description>
+
+<related>client max protocol</related>
+<related>server min protocol</related>
+<related>client ipc min protocol</related>
+<related>client ipc max protocol</related>
+
+<value type="default">SMB2_02</value>
+<value type="example">NT1</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/clientusespnego.xml b/docs-xml/smbdotconf/protocol/clientusespnego.xml
new file mode 100644
index 0000000..2d45f91
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientusespnego.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="client use spnego"
+ context="G"
+ type="boolean"
+ deprecated="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter has been deprecated since Samba 4.13 and
+ support for NTLMv2, NTLM and LanMan authentication outside NTLMSSP
+ will be removed in a future Samba release.</para>
+ <para>That is, in the future, the current default of
+ <command>client use spnego = yes</command>
+ will be the enforced behaviour.</para>
+
+ <para> This variable controls whether Samba clients will try
+ to use Simple and Protected NEGOciation (as specified by rfc2478) with
+ supporting servers (including WindowsXP, Windows2000 and Samba
+ 3.0) to agree upon an authentication
+ mechanism. This enables Kerberos authentication in particular.</para>
+
+ <para>When <smbconfoption name="client NTLMv2 auth"/> is also set to
+ <constant>yes</constant> extended security (SPNEGO) is required
+ in order to use NTLMv2 only within NTLMSSP. This behavior was
+ introduced with the patches for CVE-2016-2111.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
new file mode 100644
index 0000000..c6642b7
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="dcerpc endpoint servers"
+ context="G"
+ type="list"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which DCE/RPC endpoint servers should be run.</para>
+</description>
+
+<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+<value type="example">rpcecho</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/defersharingviolations.xml b/docs-xml/smbdotconf/protocol/defersharingviolations.xml
new file mode 100644
index 0000000..353dd9d
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/defersharingviolations.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="defer sharing violations"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ Windows allows specifying how a file will be shared with
+ other processes when it is opened. Sharing violations occur when
+ a file is opened by a different process using options that violate
+ the share settings specified by other processes. This parameter causes
+ smbd to act as a Windows server does, and defer returning a "sharing
+ violation" error message for up to one second, allowing the client
+ to close the file causing the violation in the meantime.
+ </para>
+
+ <para>UNIX by default does not have this behaviour.</para>
+
+ <para>
+ There should be no reason to turn off this parameter, as it is
+ designed to enable Samba to more correctly emulate Windows.
+ </para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/dgramport.xml b/docs-xml/smbdotconf/protocol/dgramport.xml
new file mode 100644
index 0000000..b68c81f
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/dgramport.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="dgram port"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which ports the server should listen on for NetBIOS datagram traffic.</para>
+</description>
+<para>This parameter is deprecated, as it is not honoured in the
+majority of the code base.</para>
+<value type="default">138</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/disablenetbios.xml b/docs-xml/smbdotconf/protocol/disablenetbios.xml
new file mode 100644
index 0000000..ce39834
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/disablenetbios.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="disable netbios"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Enabling this parameter will disable netbios support
+ in Samba. Netbios is the only available form of browsing in
+ all windows versions except for 2000 and XP. </para>
+
+ <note><para>Clients that only support netbios won't be able to
+ see your samba server when netbios support is disabled.
+ </para></note>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/dnsport.xml b/docs-xml/smbdotconf/protocol/dnsport.xml
new file mode 100644
index 0000000..20d39b2
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/dnsport.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="dns port"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which ports the server should listen on for
+ DNS traffic.</para>
+
+ <para>It makes possible to use another DNS server as a front
+ and forward to Samba.</para>
+
+ <warning>
+ <para>Dynamic DNS updates may not be proxied by the front
+ DNS server when forwarding to Samba. Dynamic DNS update
+ proxying depends on the features of the other DNS server
+ used as a front.</para>
+ </warning>
+</description>
+
+<value type="default">53</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/durablehandles.xml b/docs-xml/smbdotconf/protocol/durablehandles.xml
new file mode 100644
index 0000000..4267b29
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/durablehandles.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="durable handles"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This boolean parameter controls
+ whether Samba can grant SMB2 durable file handles on a share.
+ </para>
+ <para>
+ Note that durable handles are only enabled if
+ <smbconfoption name="kernel oplocks">no</smbconfoption>,
+ <smbconfoption name="kernel share modes">no</smbconfoption>, and
+ <smbconfoption name="posix locking">no</smbconfoption>,
+ i.e. if the share is configured for CIFS/SMB2 only access,
+ not supporting interoperability features with local UNIX processes
+ or NFS operations.
+ </para>
+ <para>
+ Also note that, for the time being, durability is not granted
+ for a handle that has the delete on close flag set.
+ </para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/easupport.xml b/docs-xml/smbdotconf/protocol/easupport.xml
new file mode 100644
index 0000000..0ff9d32
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/easupport.xml
@@ -0,0 +1,43 @@
+<samba:parameter name="ea support"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will allow clients to attempt to access extended
+ attributes on a share. In order to enable this parameter on a setup with default VFS modules:
+ </para>
+ <itemizedlist>
+ <listitem><para>Samba must have been built with extended attributes support.
+ </para></listitem>
+ <listitem><para>The underlying filesystem exposed by the share must support extended
+ attributes (e.g. the getfattr<manvolnum>1</manvolnum> / setfattr<manvolnum>1</manvolnum>
+ utilities must work).
+ </para></listitem>
+ <listitem><para>Access to extended user attributes must be allowed by the underlying
+ filesystem (e.g. when mounted with a system-dependent option like user_xattr on Linux).
+ </para></listitem>
+ </itemizedlist>
+ <para>
+ This option exposes the "user" attribute namespace from the underlying filesystem to
+ clients. In order to match Windows conventions, the namespace prefix ("user.") is
+ stripped from the attribute name on the client side. The handling of further attribute
+ namespaces (like "security", "system", or "trusted") is not affected by this option.
+ </para>
+ <para>
+ Note that the SMB protocol allows setting attributes whose value is 64K bytes long,
+ and that on NTFS, the maximum storage space for extended attributes per file is 64K.
+ On most UNIX systems (Solaris and ZFS file system being the exception), the limits
+ are much lower - typically 4K. Worse, the same 4K space is often used to store
+ system metadata such as POSIX ACLs, or Samba's NT ACLs. Giving clients
+ access to this tight space via extended attribute support could consume all
+ of it by unsuspecting client applications, which would prevent changing
+ system metadata due to lack of space.
+
+ The default has changed to yes in Samba release 4.9.0 and above to allow better Windows
+ fileserver compatibility in a default install.
+ </para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/enableasusupport.xml b/docs-xml/smbdotconf/protocol/enableasusupport.xml
new file mode 100644
index 0000000..2f05b01
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/enableasusupport.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="enable asu support"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Hosts running the "Advanced Server for Unix (ASU)" product
+ require some special accommodations such as creating a builtin [ADMIN$]
+ share that only supports IPC connections. The has been the default
+ behavior in smbd for many years. However, certain Microsoft applications
+ such as the Print Migrator tool require that the remote server support
+ an [ADMIN$] file share. Disabling this parameter allows for creating
+ an [ADMIN$] file share in smb.conf.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/eventloglist.xml b/docs-xml/smbdotconf/protocol/eventloglist.xml
new file mode 100644
index 0000000..6d0b400
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/eventloglist.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="eventlog list"
+ type="cmdlist"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option defines a list of log names that Samba will
+ report to the Microsoft EventViewer utility. The listed
+ eventlogs will be associated with tdb file on disk in the
+ <filename>$(statedir)/eventlog</filename>.
+ </para>
+
+ <para>
+ The administrator must use an external process to parse the normal
+ Unix logs such as <filename>/var/log/messages</filename>
+ and write then entries to the eventlog tdb files. Refer to the
+ eventlogadm(8) utility for how to write eventlog entries.
+ </para>
+</description>
+
+<value type="default"/>
+<value type="example">Security Application Syslog Apache</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/largereadwrite.xml b/docs-xml/smbdotconf/protocol/largereadwrite.xml
new file mode 100644
index 0000000..e7142d1
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/largereadwrite.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="large readwrite"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter determines whether or not
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> supports the new 64k
+ streaming read and write variant SMB requests introduced with
+ Windows 2000. Note that due to Windows 2000 client redirector bugs
+ this requires Samba to be running on a 64-bit capable operating
+ system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve
+ performance by 10% with Windows 2000 clients. Defaults to on. Not as
+ tested as some other Samba code paths.</para>
+</description>
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml
new file mode 100644
index 0000000..d67be29
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="lsa over netlogon"
+ context="G"
+ type="boolean"
+ deprecated="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Setting this deprecated option will allow the RPC server
+ in the AD DC to answer the LSARPC interface on the
+ <command>\pipe\netlogon</command> IPC pipe.</para>
+
+ <para>When enabled, this matches the behaviour of Microsoft's
+ Windows, due to their internal implementation choices.</para>
+
+ <para>If it is disabled (the default), the AD DC can offer
+ improved performance, as the netlogon server is decoupled and
+ can run as multiple processes.</para>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/mapaclinherit.xml b/docs-xml/smbdotconf/protocol/mapaclinherit.xml
new file mode 100644
index 0000000..28271f9
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/mapaclinherit.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="map acl inherit"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected'
+ access control entry flags stored in Windows ACLs into an extended attribute
+ called user.SAMBA_PAI (POSIX ACL Inheritance). This parameter requires
+ supports for extended attributes on the filesystem and
+ allows the Windows ACL editor to store inheritance information while
+ NT ACLs are mapped best-effort to the POSIX ACLs.
+ </para>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxmux.xml b/docs-xml/smbdotconf/protocol/maxmux.xml
new file mode 100644
index 0000000..ab50001
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxmux.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="max mux"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option controls the maximum number of
+ outstanding simultaneous SMB operations that Samba tells the client
+ it will allow. You should never need to set this parameter.</para>
+</description>
+
+<value type="default">50</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxttl.xml b/docs-xml/smbdotconf/protocol/maxttl.xml
new file mode 100644
index 0000000..c340ad1
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxttl.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="max ttl"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> what the default 'time to live'
+ of NetBIOS names should be (in seconds) when <command moreinfo="none">nmbd</command> is
+ requesting a name using either a broadcast packet or from a WINS server. You should
+ never need to change this parameter. The default is 3 days.</para>
+</description>
+<value type="default">259200</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/maxxmit.xml b/docs-xml/smbdotconf/protocol/maxxmit.xml
new file mode 100644
index 0000000..d7bd66c
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/maxxmit.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="max xmit"
+ context="G"
+ type="bytes"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option controls the maximum packet size
+ that will be negotiated by Samba's
+ <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for the SMB1 protocol. The default is 16644, which
+ matches the behavior of Windows 2000. A value below 2048 is likely to cause problems.
+ You should never need to change this parameter from its default value.
+</para>
+</description>
+
+<value type="default">16644</value>
+<value type="example">8192</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/minreceivefilesize.xml b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml
new file mode 100644
index 0000000..ce0ea30
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="min receivefile size"
+ type="bytes"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option changes the behavior of <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> when processing SMBwriteX calls. Any incoming
+SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will
+be passed to any underlying kernel recvfile or splice system call (if there is no such
+call Samba will emulate in user space). This allows zero-copy writes directly from network
+socket buffers into the filesystem buffer cache, if available. It may improve performance
+but user testing is recommended. If set to zero Samba processes SMBwriteX calls in the
+normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
+nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</para>
+<para>Note this option will have NO EFFECT if set on a SMB signed connection.</para>
+<para>The default is zero, which disables this option.</para>
+</description>
+
+<related>min receivefile size</related>
+<value type="default">0</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml
new file mode 100644
index 0000000..b85d060
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml
@@ -0,0 +1,70 @@
+<samba:parameter name="name resolve order"
+ context="G"
+ type="cmdlist"
+ handler="handle_name_resolve_order"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option is used by the programs in the Samba
+ suite to determine what naming services to use and in what order
+ to resolve host names to IP addresses. Its main purpose to is to
+ control how netbios name resolution is performed. The option takes a space
+ separated string of name resolution options.</para>
+
+ <para>The options are: &quot;lmhosts&quot;, &quot;host&quot;,
+ &quot;wins&quot; and &quot;bcast&quot;. They cause names to be
+ resolved as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ <constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has
+ no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then
+ any name type matches for lookup.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <constant>host</constant> : Do a standard host name to IP address resolution, using the system
+ <filename moreinfo="none">/etc/hosts </filename> or DNS lookups. This method of name resolution is
+ operating system depended for instance on IRIX or Solaris this may be controlled by the <filename
+ moreinfo="none">/etc/nsswitch.conf</filename> file. Note that this method is used only if the NetBIOS name
+ type being queried is the 0x20 (server) name type or 0x1c (domain controllers). The latter case is only
+ useful for active directory domains and results in a DNS query for the SRV RR entry matching
+ _ldap._tcp.domain.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para><constant>wins</constant> : Query a name with
+ the IP address listed in the <smbconfoption name="WINSSERVER"><parameter moreinfo="none">
+ wins server</parameter></smbconfoption> parameter. If no WINS server has
+ been specified this method will be ignored.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>bcast</constant> : Do a broadcast on
+ each of the known local interfaces listed in the <smbconfoption name="interfaces"/>
+ parameter. This is the least reliable of the name resolution
+ methods as it depends on the target host being on a locally
+ connected subnet.</para>
+ </listitem>
+</itemizedlist>
+
+ <para>The example below will cause the local lmhosts file to be examined
+ first, followed by a broadcast attempt, followed by a normal
+ system hostname lookup.</para>
+
+ <para>When Samba is functioning in ADS security mode (<command moreinfo="none">security = ads</command>)
+ it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para>
+
+ <para><command moreinfo="none">name resolve order = wins bcast</command></para>
+
+ <para>DC lookups will still be done via DNS, but fallbacks to netbios names will
+ not inundate your DNS servers with needless queries for DOMAIN&lt;0x1c&gt; lookups.</para>
+
+</description>
+
+<value type="default">lmhosts wins host bcast</value>
+<value type="example">lmhosts bcast host</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/nbtport.xml b/docs-xml/smbdotconf/protocol/nbtport.xml
new file mode 100644
index 0000000..7070b98
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/nbtport.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="nbt port"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which port the server should use for NetBIOS over IP name
+ services traffic.</para>
+</description>
+
+<para>This parameter is deprecated, as it is not honoured in the
+majority of the code base.</para>
+<value type="default">137</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/ntaclsupport.xml b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
new file mode 100644
index 0000000..1b1f947
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="nt acl support"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to map
+ UNIX permissions into Windows NT access control lists. The UNIX
+ permissions considered are the traditional UNIX owner and
+ group permissions, as well as POSIX ACLs set on any files or
+ directories. This parameter was formally a global parameter in
+ releases prior to 2.2.2.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/ntpipesupport.xml b/docs-xml/smbdotconf/protocol/ntpipesupport.xml
new file mode 100644
index 0000000..907dee1
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/ntpipesupport.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="nt pipe support"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will allow Windows NT
+ clients to connect to the NT SMB specific <constant>IPC$</constant>
+ pipes. This is a developer debugging option and can be left
+ alone.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/ntstatussupport.xml b/docs-xml/smbdotconf/protocol/ntstatussupport.xml
new file mode 100644
index 0000000..07d3462
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/ntstatussupport.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="nt status support"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will negotiate NT specific status
+ support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone.
+ If this option is set to <constant>no</constant> then Samba offers
+ exactly the same DOS error codes that versions prior to Samba 2.2.3
+ reported.</para>
+
+ <para>You should not need to ever disable this parameter.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/readraw.xml b/docs-xml/smbdotconf/protocol/readraw.xml
new file mode 100644
index 0000000..a467f52
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/readraw.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="read raw"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This is ignored if <smbconfoption name="async smb echo handler"/> is set,
+ because this feature is incompatible with raw read SMB requests</para>
+
+ <para>If enabled, raw reads allow reads of 65535 bytes in
+ one packet. This typically provides a major performance benefit for some very, very old clients.
+ </para>
+
+ <para>However, some clients either negotiate the allowable
+ block size incorrectly or are incapable of supporting larger block
+ sizes, and for these clients you may need to disable raw reads.</para>
+
+<para>In general this parameter should be viewed as a system tuning
+ tool and left severely alone.</para>
+</description>
+
+<value type="default">yes</value>
+
+<related>write raw</related>
+<related>async smb echo handler</related>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/rpcbigendian.xml b/docs-xml/smbdotconf/protocol/rpcbigendian.xml
new file mode 100644
index 0000000..5f7c5b6
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/rpcbigendian.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="rpc big endian"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Setting this option will force the RPC client and server to
+ transfer data in big endian.</para>
+
+ <para>If it is disabled, data will be transferred in little endian.</para>
+
+ <para>The behaviour is independent of the endianness of the host machine.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/rpcserverport.xml b/docs-xml/smbdotconf/protocol/rpcserverport.xml
new file mode 100644
index 0000000..0fd87d6
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/rpcserverport.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="rpc server port"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which port the server should listen on for DCE/RPC over TCP/IP traffic.</para>
+ <para>This controls the default port for all protocols, except for NETLOGON.</para>
+ <para>If unset, the first available port from <smbconfoption name="rpc server dynamic port range"/> is used, e.g. 49152.</para>
+ <para>The NETLOGON server will use the next available port, e.g. 49153. To change this port use (eg) rpc server port:netlogon = 4000.</para>
+ <para>Furthermore, all RPC servers can have the port they use specified independenty, with (for example) rpc server port:drsuapi = 5000.</para>
+
+ <para>This option applies currently only when
+ <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>8</manvolnum></citerefentry>
+ runs as an active directory domain controller.</para>
+
+ <para>The default value 0 causes Samba to select the first available port from <smbconfoption name="rpc server dynamic port range"/>.</para>
+</description>
+
+<related>rpc server dynamic port range</related>
+
+<value type="default">0</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
new file mode 100644
index 0000000..815841d
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
@@ -0,0 +1,69 @@
+<samba:parameter name="server max protocol"
+ context="G"
+ type="enum"
+ enumlist="enum_protocol"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>The value of the parameter (a string) is the highest
+ protocol level that will be supported by the server.</para>
+
+ <para>Possible values are :</para>
+ <itemizedlist>
+ <listitem>
+ <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis>
+ version of the protocol. Long filename support.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>NT1</constant>: Current up to date version of the protocol.
+ Used by Windows NT. Known as CIFS.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>SMB2</constant>: Re-implementation of the SMB protocol.
+ Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para>
+ <itemizedlist>
+ <listitem>
+ <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para>
+ </listitem>
+ <listitem>
+ <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para>
+ </listitem>
+ </itemizedlist>
+ <para>By default SMB2 selects the SMB2_10 variant.</para>
+ </listitem>
+
+ <listitem>
+ <para><constant>SMB3</constant>: The same as SMB2.
+ Used by Windows 8. SMB3 has sub protocols available.</para>
+ <itemizedlist>
+ <listitem>
+ <para><constant>SMB3_00</constant>: Windows 8 SMB3 version.</para>
+ </listitem>
+ <listitem>
+ <para><constant>SMB3_02</constant>: Windows 8.1 SMB3 version.</para>
+ </listitem>
+ <listitem>
+ <para><constant>SMB3_11</constant>: Windows 10 SMB3 version.</para>
+ </listitem>
+ </itemizedlist>
+ <para>By default SMB3 selects the SMB3_11 variant.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Normally this option should not be set as the automatic
+ negotiation phase in the SMB protocol takes care of choosing
+ the appropriate protocol.</para>
+</description>
+
+<related>server min protocol</related>
+<synonym>max protocol</synonym>
+<synonym>protocol</synonym>
+
+<value type="default">SMB3</value>
+<value type="example">LANMAN1</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/serverminprotocol.xml b/docs-xml/smbdotconf/protocol/serverminprotocol.xml
new file mode 100644
index 0000000..1079eb8
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/serverminprotocol.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="server min protocol"
+ context="G"
+ type="enum"
+ enumlist="enum_protocol"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<synonym>min protocol</synonym>
+<description>
+ <para>This setting controls the minimum protocol version that the server
+ will allow the client to use.</para>
+
+ <para>Normally this option should not be set as the automatic negotiation
+ phase in the SMB protocol takes care of choosing the appropriate
+ protocol unless you have legacy clients which are SMB1 capable only.</para>
+
+ <para>See <related>server max protocol</related> for a full list
+ of available protocols.</para>
+</description>
+
+<related>server max protocol</related>
+
+<value type="default">SMB2_02</value>
+<value type="example">NT1</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/servermultichannelsupport.xml b/docs-xml/smbdotconf/protocol/servermultichannelsupport.xml
new file mode 100644
index 0000000..1056271
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/servermultichannelsupport.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="server multi channel support"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will support
+ SMB3 multi-channel.
+ </para>
+ <para>This parameter was added with version 4.4.</para>
+ <para>
+ Note that this feature was still considered experimental up to 4.14.
+ </para>
+
+ <para>Due to dependencies to kernel APIs of Linux or FreeBSD, it's only possible
+ to use this feature on Linux and FreeBSD for now. For testing this restriction
+ can be overwritten by specifying <constant>force:server multi channel support=yes</constant>
+ in addition.</para>
+
+ <para>
+ This option is enabled by default starting with to 4.15 (on Linux and FreeBSD).
+ </para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/sharefakefscaps.xml b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml
new file mode 100644
index 0000000..11f4955
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="share:fake_fscaps"
+ context="G"
+ type="string"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+
+ <para>
+ This is needed to support some special application that makes
+ QFSINFO calls to check whether we set the SPARSE_FILES bit
+ (0x40). If this bit is not set that particular application
+ refuses to work against
+ Samba. With <smbconfoption name="share:fake_fscaps">64</smbconfoption>
+ the SPARSE_FILES file system capability flag is set. Use other
+ decimal values to specify the bitmask you need to fake.
+ </para>
+
+</description>
+<value type="default">0</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb1unixextensions.xml b/docs-xml/smbdotconf/protocol/smb1unixextensions.xml
new file mode 100644
index 0000000..b1fcf6b
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb1unixextensions.xml
@@ -0,0 +1,24 @@
+<samba:parameter name="smb1 unix extensions"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<synonym>unix extensions</synonym>
+ <description>
+ <para>This boolean parameter controls whether Samba
+ implements the SMB1/CIFS UNIX extensions, as defined by HP.
+ These extensions enable Samba to better serve UNIX SMB1/CIFS clients
+ by supporting features such as symbolic links, hard links, etc...
+ These extensions require a similarly enabled client, and are of
+ no current use to Windows clients.</para>
+ <para>
+ Note if this parameter is turned on, the <smbconfoption name="wide links"/>
+ parameter will automatically be disabled.
+ </para>
+ <para>
+ See the parameter <smbconfoption name="allow insecure wide links"/>
+ if you wish to change this coupling between the two parameters.
+ </para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml b/docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml
new file mode 100644
index 0000000..3a33b8b
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml
@@ -0,0 +1,41 @@
+<samba:parameter name="smb2 disable lock sequence checking"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will disable
+ lock sequence checking even for multi-channel connections
+ as well as durable handles.
+ </para>
+
+ <para>The [MS-SMB2] specification (under 3.3.5.14 Receiving an SMB2 LOCK Request)
+ documents that a server should do lock sequence if Open.IsResilient or Open.IsDurable
+ or Open.IsPersistent is TRUE or if Connection.Dialect belongs to the SMB 3.x dialect
+ family and Connection.ServerCapabilities includes SMB2_GLOBAL_CAP_MULTI_CHANNEL.
+ </para>
+
+ <para>But Windows Server (at least up to v2004) only does these checks
+ for the Open.IsResilient and Open.IsPersistent.
+ That means they do not implement the behavior specified
+ in [MS-SMB2].</para>
+
+ <para>By default Samba behaves according to the specification
+ and implements lock sequence checking when multi-channel is used.</para>
+
+ <para>Warning: Only enable this option if existing clients can't
+ handle lock sequence checking for handles without Open.IsResilient and Open.IsPersistent.
+ And it turns out that the Windows Server behavior is required.</para>
+
+ <para>Note: it's likely that this option will be removed again
+ if future Windows versions change their behavior.</para>
+
+ <para>Note: Samba does not implement Open.IsResilient and Open.IsPersistent yet.</para>
+</description>
+
+<related>server multi channel support</related>
+
+<value type="default">no</value>
+<value type="example">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml b/docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml
new file mode 100644
index 0000000..1b67100
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="smb2 disable oplock break retry"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This boolean parameter controls whether
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will trigger
+ smb2 oplock break notification retries when using
+ <smbconfoption name="server multi channel support">yes</smbconfoption>.
+ </para>
+
+ <para>The [MS-SMB2] specification documents that a server should
+ send smb2 oplock break notification retries on all available channel
+ to the given client.</para>
+
+ <para>But Windows Server versions (at least up to 2019) do not send
+ smb2 oplock break notification retries on channel failures.
+ That means they do not implement the behavior specified
+ in [MS-SMB2].</para>
+
+ <para>By default Samba behaves according to the specification
+ and send smb2 oplock break notification retries.</para>
+
+ <para>Warning: Only enable this option if existing clients can't
+ handle possible retries and it turns out that the Windows Server
+ behavior is required.</para>
+
+ <para>Note: it's likely that this option gets removed again
+ if future Windows versions change their behavior.</para>
+
+ <para>Note: this only applies to oplocks and not SMB2 leases.</para>
+</description>
+
+<related>server multi channel support</related>
+
+<value type="default">no</value>
+<value type="example">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxcredits.xml b/docs-xml/smbdotconf/protocol/smb2maxcredits.xml
new file mode 100644
index 0000000..90bc622
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb2maxcredits.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="smb2 max credits"
+ type="integer"
+ context="G"
+ handler="handle_smb2_max_credits"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option controls the maximum number of outstanding simultaneous SMB2 operations
+that Samba tells the client it will allow. This is similar to the <smbconfoption name="max mux"/>
+parameter for SMB1. You should never need to set this parameter.
+</para>
+<para>The default is 8192 credits, which is the same as a Windows 2008R2 SMB2 server.</para>
+</description>
+
+<value type="default">8192</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxread.xml b/docs-xml/smbdotconf/protocol/smb2maxread.xml
new file mode 100644
index 0000000..01f9583
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb2maxread.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="smb2 max read"
+ type="bytes"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
+size that may be returned by a single SMB2 read call.
+</para>
+<para>The maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2.</para>
+<para>Please note that the default is 8MiB, but it's limit is based on the
+smb2 dialect (64KiB for SMB == 2.0, 8MiB for SMB >= 2.1 with LargeMTU).
+Large MTU is not supported over NBT (tcp port 139).</para>
+</description>
+
+<related>smb2 max write</related>
+<related>smb2 max trans</related>
+<value type="default">8388608</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml
new file mode 100644
index 0000000..5586d3f
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="smb2 max trans"
+ type="bytes"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
+size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls.
+</para>
+<para>The maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2.</para>
+<para>Please note that the default is 8MiB, but it's limit is based on the
+smb2 dialect (64KiB for SMB == 2.0, 1MiB for SMB >= 2.1 with LargeMTU).
+Large MTU is not supported over NBT (tcp port 139).</para>
+</description>
+
+<related>smb2 max read</related>
+<related>smb2 max write</related>
+<value type="default">8388608</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml
new file mode 100644
index 0000000..f895a04
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="smb2 max write"
+ type="bytes"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+<para>This option specifies the protocol value that <citerefentry><refentrytitle>smbd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
+size that may be sent to the server by a single SMB2 write call.
+</para>
+<para>The maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2.</para>
+<para>Please note that the default is 8MiB, but it's limit is based on the
+smb2 dialect (64KiB for SMB == 2.0, 8MiB for SMB => 2.1 with LargeMTU).
+Large MTU is not supported over NBT (tcp port 139).</para>
+</description>
+
+<related>smb2 max read</related>
+<related>smb2 max trans</related>
+<value type="default">8388608</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smbports.xml b/docs-xml/smbdotconf/protocol/smbports.xml
new file mode 100644
index 0000000..ec1df65
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smbports.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="smb ports"
+ context="G"
+ type="cmdlist"
+ handler="handle_smb_ports"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which ports the server should listen on for SMB traffic.</para>
+</description>
+
+<value type="default">445 139</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/svcctllist.xml b/docs-xml/smbdotconf/protocol/svcctllist.xml
new file mode 100644
index 0000000..826bf70
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/svcctllist.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="svcctl list"
+ type="cmdlist"
+ context="G"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option defines a list of init scripts that smbd
+ will use for starting and stopping Unix services via the Win32
+ ServiceControl API. This allows Windows administrators to
+ utilize the MS Management Console plug-ins to manage a
+ Unix server running Samba.</para>
+
+ <para>The administrator must create a directory
+ name <filename>svcctl</filename> in Samba's $(libdir)
+ and create symbolic links to the init scripts in
+ <filename>/etc/init.d/</filename>. The name of the links
+ must match the names given as part of the <parameter>svcctl list</parameter>.
+ </para>
+</description>
+
+<value type="default"/>
+<value type="example">cups postfix portmap httpd</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/timeserver.xml b/docs-xml/smbdotconf/protocol/timeserver.xml
new file mode 100644
index 0000000..ceefbd3
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/timeserver.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="time server"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows
+clients.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/unicode.xml b/docs-xml/smbdotconf/protocol/unicode.xml
new file mode 100644
index 0000000..25810cd
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/unicode.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="unicode"
+ context="G"
+ type="boolean"
+ deprecated="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies whether the server and client should support unicode.</para>
+
+ <para>If this option is set to false, the use of ASCII will be forced.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/writeraw.xml b/docs-xml/smbdotconf/protocol/writeraw.xml
new file mode 100644
index 0000000..9a3d11f
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/writeraw.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="write raw"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This is ignored if <smbconfoption name="async smb echo handler"/> is set,
+ because this feature is incompatible with raw write SMB requests</para>
+
+ <para>If enabled, raw writes allow writes of 65535 bytes in
+ one packet. This typically provides a major performance benefit for some very, very old clients.
+ </para>
+
+ <para>However, some clients either negotiate the allowable
+ block size incorrectly or are incapable of supporting larger block
+ sizes, and for these clients you may need to disable raw writes.</para>
+
+<para>In general this parameter should be viewed as a system tuning
+ tool and left severely alone.</para>
+</description>
+
+<value type="default">yes</value>
+
+<related>read raw</related>
+<related>async smb echo handler</related>
+</samba:parameter>