1SMBD(8)                   System Administration tools                  SMBD(8)
2
3
4

NAME

6       smbd - server to provide SMB/CIFS services to clients
7

SYNOPSIS

9       smbd [-D|--daemon] [-i|--interactive] [-F|--foreground]
10        [--no-process-group] [-b|--build-options] [-p <port number(s)>]
11        [-P <profiling level>] [-d <debug level>] [--debug-stdout]
12        [--configfile=<configuration file>] [--option=<name>=<value>]
13        [-l|--log-basename <log directory>] [--leak-report]
14        [--leak-report-full] [-V|--version]
15

DESCRIPTION

17       This program is part of the samba(7) suite.
18
19       smbd is the server daemon that provides filesharing and printing
20       services to Windows clients. The server provides filespace and printer
21       services to clients using the SMB (or CIFS) protocol. This is
22       compatible with the LanManager protocol, and can service LanManager
23       clients. These include MSCLIENT 3.0 for DOS, Windows for Workgroups,
24       Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh,
25       and smbfs for Linux.
26
27       An extensive description of the services that the server can provide is
28       given in the man page for the configuration file controlling the
29       attributes of those services (see smb.conf(5). This man page will not
30       describe the services, but will concentrate on the administrative
31       aspects of running the server.
32
33       Please note that there are significant security implications to running
34       this server, and the smb.conf(5) manual page should be regarded as
35       mandatory reading before proceeding with installation.
36
37       A session is created whenever a client requests one. Each client gets a
38       copy of the server for each session. This copy then services all
39       connections made by the client during that session. When all
40       connections from its client are closed, the copy of the server for that
41       client terminates.
42
43       The configuration file, and any files that it includes, are
44       automatically reloaded every three minutes, if they change. One can
45       force a reload by sending a SIGHUP to the server. Reloading the
46       configuration file will not affect connections to any service that is
47       already established. Either the user will have to disconnect from the
48       service, or smbd killed and restarted.
49
50       Instead of sending a SIGHUP signal, a request to reload configuration
51       file may be sent using smbcontrol(1) program.
52

OPTIONS

54       -D|--daemon
55           If specified, this parameter causes the server to operate as a
56           daemon. That is, it detaches itself and runs in the background,
57           fielding requests on the appropriate port. Operating the server as
58           a daemon is the recommended way of running smbd for servers that
59           provide more than casual use file and print services. This switch
60           is assumed if smbd is executed on the command line of a shell.
61
62       -i|--interactive
63           If this parameter is specified it causes the server to run
64           "interactively", not as a daemon, even if the server is executed on
65           the command line of a shell. Setting this parameter negates the
66           implicit daemon mode when run from the command line.  smbd will
67           only accept one connection and terminate. It will also log to
68           standard output, as if the -S parameter had been given.
69
70       -F|--foreground
71           If specified, this parameter causes the main smbd process to not
72           daemonize, i.e. double-fork and disassociate with the terminal.
73           Child processes are still created as normal to service each
74           connection request, but the main process does not exit. This
75           operation mode is suitable for running smbd under process
76           supervisors such as supervise and svscan from Daniel J. Bernstein's
77           daemontools package, or the AIX process monitor.
78
79       --no-process-group
80           Do not create a new process group for smbd.
81
82       -b|--build-options
83           Prints information about how Samba was built.
84
85       -p|--port<port number(s)>
86           port number(s) is a space or comma-separated list of TCP ports smbd
87           should listen on. The default value is taken from the ports
88           parameter in smb.conf
89
90           The default ports are 139 (used for SMB over NetBIOS over TCP) and
91           port 445 (used for plain SMB over TCP).
92
93       -P|--profiling-level<profiling level>
94           profiling level is a number specifying the level of profiling data
95           to be collected. 0 turns off profiling, 1 turns on counter
96           profiling only, 2 turns on complete profiling, and 3 resets all
97           profiling data.
98
99       -d|--debuglevel=DEBUGLEVEL, --debug-stdout
100           level is an integer from 0 to 10. The default value if this
101           parameter is not specified is 0.
102
103           The higher this value, the more detail will be logged to the log
104           files about the activities of the server. At level 0, only critical
105           errors and serious warnings will be logged. Level 1 is a reasonable
106           level for day-to-day running - it generates a small amount of
107           information about operations carried out.
108
109           Levels above 1 will generate considerable amounts of log data, and
110           should only be used when investigating a problem. Levels above 3
111           are designed for use only by developers and generate HUGE amounts
112           of log data, most of which is extremely cryptic.
113
114           Note that specifying this parameter here will override the log
115           level parameter in the smb.conf file.  This will redirect debug
116           output to STDOUT. By default server daemons are logging to a log
117           file.
118
119       --configfile=CONFIGFILE
120           The file specified contains the configuration details required by
121           the server. The information in this file includes server-specific
122           information such as what printcap file to use, as well as
123           descriptions of all the services that the server is to provide. See
124           smb.conf for more information. The default configuration file name
125           is determined at compile time.
126
127       --option=<name>=<value>
128           Set the smb.conf(5) option "<name>" to value "<value>" from the
129           command line. This overrides compiled-in defaults and options read
130           from the configuration file. If a name or a value includes a space,
131           wrap whole --option=name=value into quotes.
132
133       -l|--log-basename=logdirectory
134           Base directory name for log/debug files. The extension ".progname"
135           will be appended (e.g. log.smbclient, log.smbd, etc...). The log
136           file is never removed by the client.
137
138       --leak-report
139           Enable talloc leak reporting on exit.
140
141       --leak-report-full
142           Enable full talloc leak reporting on exit.
143
144       -V|--version
145           Prints the program version number.
146
147       -?|--help
148           Print a summary of command line options.
149
150       --usage
151           Display brief usage message.
152

FILES

154       /etc/inetd.conf
155           If the server is to be run by the inetd meta-daemon, this file must
156           contain suitable startup information for the meta-daemon.
157
158       /etc/rc
159           or whatever initialization script your system uses).
160
161           If running the server as a daemon at startup, this file will need
162           to contain an appropriate startup sequence for the server.
163
164       /etc/services
165           If running the server via the meta-daemon inetd, this file must
166           contain a mapping of service name (e.g., netbios-ssn) to service
167           port (e.g., 139) and protocol type (e.g., tcp).
168
169       /usr/local/samba/lib/smb.conf
170           This is the default location of the smb.conf(5) server
171           configuration file. Other common places that systems install this
172           file are /usr/samba/lib/smb.conf and /etc/samba/smb.conf.
173
174           This file describes all the services the server is to make
175           available to clients. See smb.conf(5) for more information.
176

LIMITATIONS

178       On some systems smbd cannot change uid back to root after a setuid()
179       call. Such systems are called trapdoor uid systems. If you have such a
180       system, you will be unable to connect from a client (such as a PC) as
181       two different users at once. Attempts to connect the second user will
182       result in access denied or similar.
183

ENVIRONMENT VARIABLES

185       PRINTER
186           If no printer name is specified to printable services, most systems
187           will use the value of this variable (or lp if this variable is not
188           defined) as the name of the printer to use. This is not specific to
189           the server, however.
190

PAM INTERACTION

192       Samba uses PAM for authentication (when presented with a plaintext
193       password), for account checking (is this account disabled?) and for
194       session management. The degree too which samba supports PAM is
195       restricted by the limitations of the SMB protocol and the obey pam
196       restrictions smb.conf(5) parameter. When this is set, the following
197       restrictions apply:
198
199Account Validation: All accesses to a samba server are
200                  checked against PAM to see if the account is valid, not
201                  disabled and is permitted to login at this time. This also
202                  applies to encrypted logins.
203
204Session Management: When not using share level security,
205                  users must pass PAM's session checks before access is
206                  granted. Note however, that this is bypassed in share level
207                  security. Note also that some older pam configuration files
208                  may need a line added for session support.
209

VERSION

211       This man page is part of version 4.15.2 of the Samba suite.
212

DIAGNOSTICS

214       Most diagnostics issued by the server are logged in a specified log
215       file. The log file name is specified at compile time, but may be
216       overridden on the command line.
217
218       The number and nature of diagnostics available depends on the debug
219       level used by the server. If you have problems, set the debug level to
220       3 and peruse the log files.
221
222       Most messages are reasonably self-explanatory. Unfortunately, at the
223       time this man page was created, there are too many diagnostics
224       available in the source code to warrant describing each and every
225       diagnostic. At this stage your best bet is still to grep the source
226       code and inspect the conditions that gave rise to the diagnostics you
227       are seeing.
228

TDB FILES

230       Samba stores it's data in several TDB (Trivial Database) files, usually
231       located in /var/lib/samba.
232
233       (*) information persistent across restarts (but not necessarily
234       important to backup).
235
236       account_policy.tdb*
237           NT account policy settings such as pw expiration, etc...
238
239       brlock.tdb
240           byte range locks
241
242       browse.dat
243           browse lists
244
245       gencache.tdb
246           generic caching db
247
248       group_mapping.tdb*
249           group mapping information
250
251       locking.tdb
252           share modes & oplocks
253
254       login_cache.tdb*
255           bad pw attempts
256
257       messages.tdb
258           Samba messaging system
259
260       netsamlogon_cache.tdb*
261           cache of user net_info_3 struct from net_samlogon() request (as a
262           domain member)
263
264       ntdrivers.tdb*
265           installed printer drivers
266
267       ntforms.tdb*
268           installed printer forms
269
270       ntprinters.tdb*
271           installed printer information
272
273       printing/
274           directory containing tdb per print queue of cached lpq output
275
276       registry.tdb
277           Windows registry skeleton (connect via regedit.exe)
278
279       smbXsrv_session_global.tdb
280           session information (e.g. support for 'utmp = yes')
281
282       smbXsrv_tcon_global.tdb
283           share connections (used to enforce max connections, etc...)
284
285       smbXsrv_open_global.tdb
286           open file handles (used durable handles, etc...)
287
288       share_info.tdb*
289           share acls
290
291       winbindd_cache.tdb
292           winbindd's cache of user lists, etc...
293
294       winbindd_idmap.tdb*
295           winbindd's local idmap db
296
297       wins.dat*
298           wins database when 'wins support = yes'
299

SIGNALS

301       Sending the smbd a SIGHUP will cause it to reload its smb.conf
302       configuration file within a short period of time.
303
304       To shut down a user's smbd process it is recommended that SIGKILL (-9)
305       NOT be used, except as a last resort, as this may leave the shared
306       memory area in an inconsistent state. The safe way to terminate an smbd
307       is to send it a SIGTERM (-15) signal and wait for it to die on its own.
308
309       The debug log level of smbd may be raised or lowered using
310       smbcontrol(1) program (SIGUSR[1|2] signals are no longer used since
311       Samba 2.2). This is to allow transient problems to be diagnosed, whilst
312       still running at a normally low log level.
313
314       Note that as the signal handlers send a debug write, they are not
315       re-entrant in smbd. This you should wait until smbd is in a state of
316       waiting for an incoming SMB before issuing them. It is possible to make
317       the signal handlers safe by un-blocking the signals before the select
318       call and re-blocking them after, however this would affect performance.
319

SEE ALSO

321       hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1),
322       testparm(1), and the Internet RFC's rfc1001.txt, rfc1002.txt. In
323       addition the CIFS (formerly SMB) specification is available as a link
324       from the Web page https://www.samba.org/cifs/.
325

AUTHOR

327       The original Samba software and related utilities were created by
328       Andrew Tridgell. Samba is now developed by the Samba Team as an Open
329       Source project similar to the way the Linux kernel is developed.
330
331
332
333Samba 4.15.2                      11/13/2021                           SMBD(8)
Impressum