1<?xml version="1.0" encoding="iso-8859-1"?> 2<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> 3<refentry id="smbd.8"> 4 5<refmeta> 6 <refentrytitle>smbd</refentrytitle> 7 <manvolnum>8</manvolnum> 8 <refmiscinfo class="source">Samba</refmiscinfo> 9 <refmiscinfo class="manual">System Administration tools</refmiscinfo> 10 <refmiscinfo class="version">3.5</refmiscinfo> 11</refmeta> 12 13 14<refnamediv> 15 <refname>smbd</refname> 16 <refpurpose>server to provide SMB/CIFS services to clients</refpurpose> 17</refnamediv> 18 19<refsynopsisdiv> 20 <cmdsynopsis> 21 <command>smbd</command> 22 <arg choice="opt">-D</arg> 23 <arg choice="opt">-F</arg> 24 <arg choice="opt">-S</arg> 25 <arg choice="opt">-i</arg> 26 <arg choice="opt">-h</arg> 27 <arg choice="opt">-V</arg> 28 <arg choice="opt">-b</arg> 29 <arg choice="opt">-d <debug level></arg> 30 <arg choice="opt">-l <log directory></arg> 31 <arg choice="opt">-p <port number(s)></arg> 32 <arg choice="opt">-P <profiling level></arg> 33 <arg choice="opt">-O <socket option></arg> 34 <arg choice="opt">-s <configuration file></arg> 35 </cmdsynopsis> 36</refsynopsisdiv> 37 38<refsect1> 39 <title>DESCRIPTION</title> 40 <para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle> 41 <manvolnum>7</manvolnum></citerefentry> suite.</para> 42 43 <para><command>smbd</command> is the server daemon that 44 provides filesharing and printing services to Windows clients. 45 The server provides filespace and printer services to 46 clients using the SMB (or CIFS) protocol. This is compatible 47 with the LanManager protocol, and can service LanManager 48 clients. These include MSCLIENT 3.0 for DOS, Windows for 49 Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, 50 OS/2, DAVE for Macintosh, and smbfs for Linux.</para> 51 52 <para>An extensive description of the services that the 53 server can provide is given in the man page for the 54 configuration file controlling the attributes of those 55 services (see <citerefentry><refentrytitle>smb.conf</refentrytitle> 56 <manvolnum>5</manvolnum></citerefentry>. This man page will not describe the 57 services, but will concentrate on the administrative aspects 58 of running the server.</para> 59 60 <para>Please note that there are significant security 61 implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle> 62 <manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before 63 proceeding with installation.</para> 64 65 <para>A session is created whenever a client requests one. 66 Each client gets a copy of the server for each session. This 67 copy then services all connections made by the client during 68 that session. When all connections from its client are closed, 69 the copy of the server for that client terminates.</para> 70 71 <para>The configuration file, and any files that it includes, 72 are automatically reloaded every minute, if they change. You 73 can force a reload by sending a SIGHUP to the server. Reloading 74 the configuration file will not affect connections to any service 75 that is already established. Either the user will have to 76 disconnect from the service, or <command>smbd</command> killed and restarted.</para> 77</refsect1> 78 79<refsect1> 80 <title>OPTIONS</title> 81 82 <variablelist> 83 <varlistentry> 84 <term>-D</term> 85 <listitem><para>If specified, this parameter causes 86 the server to operate as a daemon. That is, it detaches 87 itself and runs in the background, fielding requests 88 on the appropriate port. Operating the server as a 89 daemon is the recommended way of running <command>smbd</command> for 90 servers that provide more than casual use file and 91 print services. This switch is assumed if <command>smbd 92 </command> is executed on the command line of a shell. 93 </para></listitem> 94 </varlistentry> 95 96 <varlistentry> 97 <term>-F</term> 98 <listitem><para>If specified, this parameter causes 99 the main <command>smbd</command> process to not daemonize, 100 i.e. double-fork and disassociate with the terminal. 101 Child processes are still created as normal to service 102 each connection request, but the main process does not 103 exit. This operation mode is suitable for running 104 <command>smbd</command> under process supervisors such 105 as <command>supervise</command> and <command>svscan</command> 106 from Daniel J. Bernstein's <command>daemontools</command> 107 package, or the AIX process monitor. 108 </para></listitem> 109 </varlistentry> 110 111 <varlistentry> 112 <term>-S</term> 113 <listitem><para>If specified, this parameter causes 114 <command>smbd</command> to log to standard output rather 115 than a file.</para></listitem> 116 </varlistentry> 117 118 <varlistentry> 119 <term>-i</term> 120 <listitem><para>If this parameter is specified it causes the 121 server to run "interactively", not as a daemon, even if the 122 server is executed on the command line of a shell. Setting this 123 parameter negates the implicit daemon mode when run from the 124 command line. <command>smbd</command> also logs to standard 125 output, as if the <command>-S</command> parameter had been 126 given. 127 </para></listitem> 128 </varlistentry> 129 130 &stdarg.server.debug; 131 &popt.common.samba; 132 &stdarg.help; 133 134 <varlistentry> 135 <term>-b</term> 136 <listitem><para>Prints information about how 137 Samba was built.</para></listitem> 138 </varlistentry> 139 140 <varlistentry> 141 <term>-p|--port<port number(s)></term> 142 <listitem><para><replaceable>port number(s)</replaceable> is a 143 space or comma-separated list of TCP ports smbd should listen on. 144 The default value is taken from the <smbconfoption name="ports"/> parameter in &smb.conf;</para> 145 146 <para>The default ports are 139 (used for SMB over NetBIOS over TCP) 147 and port 445 (used for plain SMB over TCP). 148 </para></listitem> 149 </varlistentry> 150 151 <varlistentry> 152 <term>-P|--profiling-level<profiling level></term> 153 <listitem><para><replaceable>profiling level</replaceable> is a 154 number specifying the level of profiling data to be collected. 155 0 turns off profiling, 1 turns on counter profiling only, 156 2 turns on complete profiling, and 3 resets all profiling data. 157 </para></listitem> 158 </varlistentry> 159 </variablelist> 160</refsect1> 161 162<refsect1> 163 <title>FILES</title> 164 165 <variablelist> 166 <varlistentry> 167 <term><filename>/etc/inetd.conf</filename></term> 168 <listitem><para>If the server is to be run by the 169 <command>inetd</command> meta-daemon, this file 170 must contain suitable startup information for the 171 meta-daemon. 172 </para></listitem> 173 </varlistentry> 174 175 <varlistentry> 176 <term><filename>/etc/rc</filename></term> 177 <listitem><para>or whatever initialization script your 178 system uses).</para> 179 180 <para>If running the server as a daemon at startup, 181 this file will need to contain an appropriate startup 182 sequence for the server. </para></listitem> 183 </varlistentry> 184 185 <varlistentry> 186 <term><filename>/etc/services</filename></term> 187 <listitem><para>If running the server via the 188 meta-daemon <command>inetd</command>, this file 189 must contain a mapping of service name (e.g., netbios-ssn) 190 to service port (e.g., 139) and protocol type (e.g., tcp). 191 </para></listitem> 192 </varlistentry> 193 194 <varlistentry> 195 <term><filename>/usr/local/samba/lib/smb.conf</filename></term> 196 <listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle> 197 <manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems 198 install this file are <filename>/usr/samba/lib/smb.conf</filename> 199 and <filename>/etc/samba/smb.conf</filename>.</para> 200 201 <para>This file describes all the services the server 202 is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle> 203 <manvolnum>5</manvolnum></citerefentry> for more information.</para> 204 </listitem> 205 </varlistentry> 206 </variablelist> 207</refsect1> 208 209<refsect1> 210 <title>LIMITATIONS</title> 211 <para>On some systems <command>smbd</command> cannot change uid back 212 to root after a setuid() call. Such systems are called 213 trapdoor uid systems. If you have such a system, 214 you will be unable to connect from a client (such as a PC) as 215 two different users at once. Attempts to connect the 216 second user will result in access denied or 217 similar.</para> 218</refsect1> 219 220<refsect1> 221 <title>ENVIRONMENT VARIABLES</title> 222 223 <variablelist> 224 <varlistentry> 225 <term><envar>PRINTER</envar></term> 226 <listitem><para>If no printer name is specified to 227 printable services, most systems will use the value of 228 this variable (or <constant>lp</constant> if this variable is 229 not defined) as the name of the printer to use. This 230 is not specific to the server, however.</para></listitem> 231 </varlistentry> 232 </variablelist> 233</refsect1> 234 235 236<refsect1> 237 <title>PAM INTERACTION</title> 238 <para>Samba uses PAM for authentication (when presented with a plaintext 239 password), for account checking (is this account disabled?) and for 240 session management. The degree too which samba supports PAM is restricted 241 by the limitations of the SMB protocol and the <smbconfoption name="obey pam restrictions"/> <citerefentry><refentrytitle>smb.conf</refentrytitle> 242 <manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply: 243 </para> 244 245 <itemizedlist> 246 <listitem><para><emphasis>Account Validation</emphasis>: All accesses to a 247 samba server are checked 248 against PAM to see if the account is vaild, not disabled and is permitted to 249 login at this time. This also applies to encrypted logins. 250 </para></listitem> 251 252 <listitem><para><emphasis>Session Management</emphasis>: When not using share 253 level secuirty, users must pass PAM's session checks before access 254 is granted. Note however, that this is bypassed in share level secuirty. 255 Note also that some older pam configuration files may need a line 256 added for session support. 257 </para></listitem> 258 </itemizedlist> 259</refsect1> 260 261<refsect1> 262 <title>VERSION</title> 263 264 <para>This man page is correct for version 3 of 265 the Samba suite.</para> 266</refsect1> 267 268<refsect1> 269 <title>DIAGNOSTICS</title> 270 271 <para>Most diagnostics issued by the server are logged 272 in a specified log file. The log file name is specified 273 at compile time, but may be overridden on the command line.</para> 274 275 <para>The number and nature of diagnostics available depends 276 on the debug level used by the server. If you have problems, set 277 the debug level to 3 and peruse the log files.</para> 278 279 <para>Most messages are reasonably self-explanatory. Unfortunately, 280 at the time this man page was created, there are too many diagnostics 281 available in the source code to warrant describing each and every 282 diagnostic. At this stage your best bet is still to grep the 283 source code and inspect the conditions that gave rise to the 284 diagnostics you are seeing.</para> 285</refsect1> 286 287<refsect1> 288 <title>TDB FILES</title> 289 290 <para>Samba stores it's data in several TDB (Trivial Database) files, usually located in <filename>/var/lib/samba</filename>.</para> 291 292 <para> 293 (*) information persistent across restarts (but not 294 necessarily important to backup). 295 </para> 296 297<variablelist> 298<varlistentry><term>account_policy.tdb*</term> 299<listitem> 300<para>NT account policy settings such as pw expiration, etc...</para> 301</listitem> 302</varlistentry> 303 304<varlistentry><term>brlock.tdb</term> 305<listitem><para>byte range locks</para></listitem> 306</varlistentry> 307 308<varlistentry><term>browse.dat</term> 309<listitem><para>browse lists</para></listitem> 310</varlistentry> 311 312<varlistentry><term>connections.tdb</term> 313<listitem><para>share connections (used to enforce max connections, etc...)</para></listitem> 314</varlistentry> 315 316<varlistentry><term>gencache.tdb</term> 317<listitem><para>generic caching db</para></listitem> 318</varlistentry> 319 320<varlistentry><term>group_mapping.tdb*</term> 321<listitem><para>group mapping information</para></listitem> 322</varlistentry> 323 324<varlistentry><term>locking.tdb</term> 325<listitem><para>share modes & oplocks</para></listitem> 326</varlistentry> 327 328<varlistentry><term>login_cache.tdb*</term> 329<listitem><para>bad pw attempts</para></listitem> 330</varlistentry> 331 332<varlistentry><term>messages.tdb</term> 333<listitem><para>Samba messaging system</para></listitem> 334</varlistentry> 335 336<varlistentry><term>netsamlogon_cache.tdb*</term> 337<listitem><para>cache of user net_info_3 struct from net_samlogon() request (as a domain member)</para></listitem> 338</varlistentry> 339 340<varlistentry><term>ntdrivers.tdb*</term> 341<listitem><para>installed printer drivers</para></listitem> 342</varlistentry> 343 344<varlistentry><term>ntforms.tdb*</term> 345<listitem><para>installed printer forms</para></listitem> 346</varlistentry> 347 348<varlistentry><term>ntprinters.tdb*</term> 349<listitem><para>installed printer information</para></listitem> 350</varlistentry> 351 352<varlistentry><term>printing/</term> 353<listitem><para>directory containing tdb per print queue of cached lpq output</para></listitem> 354</varlistentry> 355 356<varlistentry><term>registry.tdb</term> 357<listitem><para>Windows registry skeleton (connect via regedit.exe)</para></listitem> 358</varlistentry> 359 360<varlistentry><term>sessionid.tdb</term> 361<listitem><para>session information (e.g. support for 'utmp = yes')</para></listitem> 362</varlistentry> 363 364<varlistentry><term>share_info.tdb*</term> 365<listitem><para>share acls</para></listitem> 366</varlistentry> 367 368<varlistentry><term>winbindd_cache.tdb</term> 369<listitem><para>winbindd's cache of user lists, etc...</para></listitem> 370</varlistentry> 371 372<varlistentry><term>winbindd_idmap.tdb*</term> 373<listitem><para>winbindd's local idmap db</para></listitem> 374</varlistentry> 375 376<varlistentry><term>wins.dat*</term> 377<listitem><para>wins database when 'wins support = yes'</para></listitem> 378</varlistentry> 379 380</variablelist> 381 382</refsect1> 383 384<refsect1> 385 <title>SIGNALS</title> 386 387 <para>Sending the <command>smbd</command> a SIGHUP will cause it to 388 reload its <filename>smb.conf</filename> configuration 389 file within a short period of time.</para> 390 391 <para>To shut down a user's <command>smbd</command> process it is recommended 392 that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis> 393 be used, except as a last resort, as this may leave the shared 394 memory area in an inconsistent state. The safe way to terminate 395 an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for 396 it to die on its own.</para> 397 398 <para>The debug log level of <command>smbd</command> may be raised 399 or lowered using <citerefentry><refentrytitle>smbcontrol</refentrytitle> 400 <manvolnum>1</manvolnum></citerefentry> program (SIGUSR[1|2] signals are no longer 401 used since Samba 2.2). This is to allow transient problems to be diagnosed, 402 whilst still running at a normally low log level.</para> 403 404 <para>Note that as the signal handlers send a debug write, 405 they are not re-entrant in <command>smbd</command>. This you should wait until 406 <command>smbd</command> is in a state of waiting for an incoming SMB before 407 issuing them. It is possible to make the signal handlers safe 408 by un-blocking the signals before the select call and re-blocking 409 them after, however this would affect performance.</para> 410</refsect1> 411 412<refsect1> 413 <title>SEE ALSO</title> 414 <para><citerefentry><refentrytitle>hosts_access</refentrytitle> 415 <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>inetd</refentrytitle> 416 <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> 417 <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> 418 <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> 419 <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> 420 <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> 421 <manvolnum>1</manvolnum></citerefentry>, and the 422 Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. 423 In addition the CIFS (formerly SMB) specification is available 424 as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/"> 425 http://samba.org/cifs/</ulink>.</para> 426</refsect1> 427 428<refsect1> 429 <title>AUTHOR</title> 430 431 <para>The original Samba software and related utilities 432 were created by Andrew Tridgell. Samba is now developed 433 by the Samba Team as an Open Source project similar 434 to the way the Linux kernel is developed.</para> 435 436 <para>The original Samba man pages were written by Karl Auer. 437 The man page sources were converted to YODL format (another 438 excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> 439 ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 440 release by Jeremy Allison. The conversion to DocBook for 441 Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for 442 Samba 3.0 was done by Alexander Bokovoy.</para> 443</refsect1> 444 445</refentry> 446