About Us Documentation

Contact Site Map
 

  

WinPak
Documentation

Man Page for SMBD



NAME

       smbd - provide SMB (aka LanManager) services to clients


SYNOPSIS

       smbd  [ -D ] [ -a ] [ -d debuglevel ] [ -l log file ] [ -p
       port number ] [ -O socket options  ]  [  -s  configuration
       file ]


DESCRIPTION

       This program is part of the Samba suite.

       smbd  is  a server that can provide most SMB services. The
       server provides filespace and printer services to  clients
       using  the  SMB protocol. This is compatible with the Lan-
       Manager protocol, and can service LanManager clients.

       An extensive description of the services that  the  server
       can provide is given in the man page for the configuration
       file controlling the attributes  of  those  services  (see
       smb_conf(5)).  This  man  page  will not describe the ser-
       vices, but will concentrate on the administrative  aspects
       of running the server.

       Please  note  that there are significant security implica-
       tions to running this server, and  smb_conf(5)  should  be
       regarded  as  mandatory  reading  before  proceeding  with
       installation.

       A session is created whenever a client requests one.  Each
       client  gets  a  copy of the server for each session. This
       copy then services all connections made by the client dur-
       ing that session. When all connections from its client are
       are closed, the copy of the server for that client  termi-
       nates.

       The  configuration  file  is  automatically reloaded if it
       changes. You can force a reload by sending a SIGHUP to the
       server.



OPTIONS

       -D

          If specified, this parameter causes the server to oper-
          ate as a daemon. That is, it detaches itself  and  runs
          in the background, fielding requests on the appropriate
          port.

          By default, the server will NOT operate as a daemon.

       -a

          If this parameter is specified, the log files  will  be
          overwritten  with  each new connection. By default, the
          log files will be appended to.

       -d debuglevel

          debuglevel is an integer from 0 to 5.

          The default value if this parameter is not specified is
          zero.

          The  higher  this value, the more detail will be logged
          to the log files about the activities of the server. At
          level 0, only critical errors and serious warnings will
          be logged. Level 1 is a reasonable level for day to day
          running  -  it  generates a small amount of information
          about operations carried out.

          Levels above 1 will generate  considerable  amounts  of
          log  data, and should only be used when investigating a
          problem. Levels above 3 are designed for  use  only  by
          developers  and generate HUGE amounts of log data, most
          of which is extremely cryptic.

       -l log file

          If specified, logfile specifies a  base  filename  into
          which  operational data from the running server will be
          logged.

          The default base name is specified at compile time.

          The base name is  used  to  generate  actual  log  file
          names.  For  example,  if the name specified was "log",
          the following files would be used for log data:

             log.debug (containing debugging information)

             log.in (containing inbound transaction data)

             log.out (containing outbound transaction data)

          The log  files  generated  are  never  removed  by  the
          server.

       -O socket options

          See  the  socket  options  section  of  smb_conf(5) for
          details

       -p port number

          port number is a positive integer value.

          The default value if this parameter is not specified is
          139.
          This  number  is the port number that will be used when
          making connections to the server from client  software.
          The standard (well-known) port number for the server is
          139, hence the default. If you wish to run  the  server
          as  an  ordinary user rather than as root, most systems
          will require you to use a port number greater than 1024
          -  ask your system administrator for help if you are in
          this situation.

          This parameter is not normally specified except in  the
          above situation.

       -s configuration file

          The  default  configuration  file name is determined at
          compile time.

          The file specified contains the  configuration  details
          required  by  the server.  The information in this file
          includes  server-specific  information  such  as   what
          printcap  file  to  use, as well as descriptions of all
          the  services  that  the  server  is  to  provide.  See
          smb_conf(5) for more information.



FILES

       /etc/inetd.conf

          If  the  server  is to be run by the inetd meta-daemon,
          this file must contain suitable startup information for
          the  meta-daemon. See the section "INSTALLATION" below.

       /etc/rc

          (or whatever initialisation script your system uses)

          If running the server as a daemon at startup, this file
          will  need  to  contain an appropriate startup sequence
          for the server. See the section "INSTALLATION" below.

       /etc/services

          If running the server via the meta-daemon  inetd,  this
          file  must contain a mapping of service name (eg., net-
          bios-ssn)  to service port (eg., 139) and protocol type
          (eg., tcp). See the section "INSTALLATION" below.

       /usr/local/smb/smb_conf

          This  file  describes all the services the server is to
          make available to clients.  See  smb_conf(5)  for  more
          information.



LIMITATIONS

       On  some systems smbd cannot change uid back to root after
       a setuid() call.  Such systems are called  "trapdoor"  uid
       systems.  If you have such a system, you will be unable to
       connect from a client (such as  a  PC)  as  two  different
       users  at  once.  Attempts to connect the second user will
       result in "access denied" or similar.



ENVIRONMENT VARIABLES

       PRINTER

          If no printer name is specified to printable  services,
          most  systems  will  use the value of this variable (or
          "lp" if this variable is not defined) as  the  name  of
          the printer to use. This is not specific to the server,
          however.



INSTALLATION

       The location of the server and its support files is a mat-
       ter  for  individual  system administrators. The following
       are thus suggestions only.

       It is recommended that the server  software  be  installed
       under the /usr/local hierarchy, in a directory readable by
       all, writeable only by root.  The  server  program  itself
       should  be executable by all, as users may wish to run the
       server themselves (in which case it  will  of  course  run
       with  their privileges).  The server should NOT be setuid.
       On some systems it may be worthwhile to make  smbd  setgid
       to an empty group. This is because some systems may have a
       security hole where daemon processes that  become  a  user
       can  be  attached to with a debugger. Making the smbd file
       setgid to an empty group may prevent this hole from  being
       exploited.  This  secrity  hole  and the suggested fix has
       only been confirmed on Linux at the time this was written.
       It  is  possible  that  this hole only exists in Linux, as
       testing on other systems has thus far  shown  them  to  be
       immune.

       The server log files should be put in a directory readable
       and writable only by root, as the log  files  may  contain
       sensitive information.

       The  configuration  file  should  be placed in a directory
       readable and writable only by root, as  the  configuration
       file  controls  security  for  the services offered by the
       server. The configuration file can be made readable by all
       if  desired,  but this is not necessary for correct opera-
       tion of the server and is not recommended. A  sample  con-
       figuration  file  "smb_conf.sample"  is  supplied with the
       source to the server - this may be renamed  to  "smb_conf"
       and modified to suit your needs.
       The remaining notes will assume the following:

          smbd (the server program) installed in /usr/local/smb

          smb_conf   (the   configuration   file)   installed  in
          /usr/local/smb

          log files stored in /var/adm/smblogs

       The server may be run either as a daemon by  users  or  at
       startup, or it may be run from a meta-daemon such as inetd
       upon request. If run as a daemon, the server  will  always
       be ready, so starting sessions will be faster. If run from
       a meta-daemon some memory will be saved and utilities such
       as the tcpd TCP-wrapper may be used for extra security.

       When  you've  decided,  continue  with either "RUNNING THE
       SERVER AS A DAEMON" or "RUNNING THE SERVER ON REQUEST".


RUNNING THE SERVER AS A DAEMON

       To run the server as a daemon from the command line,  sim-
       ply  put  the "-D" option on the command line. There is no
       need to place an ampersand at the end of the command  line
       -  the "-D" option causes the server to detach itself from
       the tty anyway.

       Any user can run the server as a daemon  (execute  permis-
       sions  permitting,  of course). This is useful for testing
       purposes, and may even be useful as a temporary substitute
       for  something  like  ftp. When run this way, however, the
       server will only have the privileges of the user  who  ran
       it.

       To  ensure that the server is run as a daemon whenever the
       machine is started, and to ensure that it runs as root  so
       that  it can serve multiple clients, you will need to mod-
       ify the system startup files.  Wherever  appropriate  (for
       example,  in  /etc/rc), insert the following line, substi-
       tuting port number, log file location, configuration  file
       location and debug level as desired:

          /usr/local/smb/smbd   -D   -l  /var/adm/smblogs/log  -s
          /usr/local/smb/smb_conf

       (The above should appear in your initialisation script  as
       a  single  line.   Depending on your terminal characteris-
       tics, it may not appear that way in this man page. If  the
       above appears as more than one line, please treat any new-
       lines or indentation as a single space or TAB  character.)

       If  the  options  used at compile time are appropriate for
       your system, all parameters except the desired debug level
       and  "-D" may be omitted. See the section "OPTIONS" above.


RUNNING THE SERVER ON REQUEST

       If your system uses a meta-daemon such as inetd,  you  can
       arrange to have the smbd server started whenever a process
       attempts to connect to it. This requires  several  changes
       to  the  startup  files  on  the  host machine. If you are
       experimenting as an ordinary user rather than as root, you
       will  need  the assistance of your system administrator to
       modify the system files.

       You will probably want to set up the name server  nmbd  at
       the same time as the smbd - refer to the man page nmbd(8).

       First, ensure that  a  port  is  configured  in  the  file
       /etc/services.  The  well-known port 139 should be used if
       possible, though any port may be used.

       Ensure  that  a  line  similar  to  the  following  is  in
       /etc/services:

          netbios-ssn    139/tcp

       Note  for  NIS/YP  users - you may need to rebuild the NIS
       service maps rather than alter  your  local  /etc/services
       file.

       Next,  put a suitable line in the file /etc/inetd.conf (in
       the unlikely event that you are using a meta-daemon  other
       than inetd, you are on your own). Note that the first item
       in this line matches the service  name  in  /etc/services.
       Substitute appropriate values for your system in this line
       (see inetd(8)):

          netbios-ssn stream tcp nowait root  /usr/local/smb/smbd
          -d1 -l/var/adm/smblogs/log -s/usr/local/smb/smb_conf

       (The  above  should  appear in /etc/inetd.conf as a single
       line. Depending on your terminal characteristics,  it  may
       not  appear  that  way  in  this  man  page.  If the above
       appears as more than one line, please treat  any  newlines
       or indentation as a single space or TAB character.)

       Note  that there is no need to specify a port number here,
       even if you are using a non-standard port number.

       Lastly, edit the configuration file  to  provide  suitable
       services. To start with, the following two services should
       be all you need:

          [homes]
              writable = yes

          [printers]
              writable = no
              printable = yes
              path = /tmp
              public = yes

       This will allow you to connect to your home directory  and
       print  to  any  printer supported by the host (user privi-
       leges permitting).


TESTING THE INSTALLATION

       If running the server as a daemon, execute it before  pro-
       ceeding. If using a meta-daemon, either restart the system
       or kill and restart  the  meta-daemon.  Some  versions  of
       inetd  will  reread  their  configuration  tables  if they
       receive a HUP signal.

       If your machine's name is "fred" and your name is  "mary",
       you   should  now  be  able  to  connect  to  the  service
       "\\fred\mary".

       To properly test and experiment with the server, we recom-
       mend using the smbclient program (see smbclient(1)).


VERSION

       This  man  page  is (mostly) correct for version 1.9.00 of
       the Samba suite, plus some of the recent  patches  to  it.
       These notes will necessarily lag behind development of the
       software, so it is  possible  that  your  version  of  the
       server  has  extensions or parameter semantics that differ
       from or are not covered by this man  page.  Please  notify
       these to the address below for rectification.


SEE ALSO

       hosts_access(5),   inetd(8),  nmbd(8),  smb_conf(5), 
       smbclient(1), testparm(1), testprns(1)



DIAGNOSTICS

       [This section under construction]

       Most diagnostics issued by the  server  are  logged  in  a
       specified log file. The log file name is specified at com-
       pile time, but may be overridden on the command line.

       The number and nature of diagnostics available depends  on
       the  debug level used by the server. If you have problems,
       set the debug level to 3 and peruse the log files.

       Most messages are  reasonably  self-explanatory.  Unfortu-
       nately,  at  time  of creation of this man page the source
       code is still too fluid to  warrant  describing  each  and
       every  diagnostic. At this stage your best bet is still to
       grep the source code and inspect the conditions that  gave
       rise to the diagnostics you are seeing.



BUGS

       None known.


CREDITS

       The  original  Samba  software  and related utilities were
       created by Andrew  Tridgell  (Andrew.).
       Andrew  is also the Keeper of the Source for this project.

       This man page written by Karl Auer (Karl.)

       See smb_conf(5)  for  a  full  list  of  contributors  and
       details on how to submit bug reports, comments etc.





 

 

Email addresses listed on this site may  NOT be used for unsolicited commercial email.

Ready-to-Run Software, Inc Privacy Statement

Portions (c)Copyright, 1996-2005 by Ready-to-Run Software, Inc
(All rights reserved.)
212 Cedar Cove
Lansing, NY 14882
Phone: 607 533 UNIX (8649)
Fax: 607 533 4002