1SMBD(8) System Administration tools SMBD(8)
2
3
4
6 smbd - server to provide SMB/CIFS services to clients
7
9 smbd [-D|--daemon] [-i|--interactive] [-F|--foreground]
10 [--no-process-group] [-b|--build-options] [-p <port number(s)>]
11 [-P <profiling level>] [-d <debug level>] [--debug-stdout]
12 [--configfile=<configuration file>] [--option=<name>=<value>]
13 [-l|--log-basename <log directory>] [--leak-report]
14 [--leak-report-full] [-V|--version]
15
17 This program is part of the samba(7) suite.
18
19 smbd is the server daemon that provides filesharing and printing
20 services to Windows clients. The server provides filespace and printer
21 services to clients using the SMB (or CIFS) protocol. This is
22 compatible with the LanManager protocol, and can service LanManager
23 clients. These include MSCLIENT 3.0 for DOS, Windows for Workgroups,
24 Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh,
25 and smbfs for Linux.
26
27 An extensive description of the services that the server can provide is
28 given in the man page for the configuration file controlling the
29 attributes of those services (see smb.conf(5). This man page will not
30 describe the services, but will concentrate on the administrative
31 aspects of running the server.
32
33 Please note that there are significant security implications to running
34 this server, and the smb.conf(5) manual page should be regarded as
35 mandatory reading before proceeding with installation.
36
37 A session is created whenever a client requests one. Each client gets a
38 copy of the server for each session. This copy then services all
39 connections made by the client during that session. When all
40 connections from its client are closed, the copy of the server for that
41 client terminates.
42
43 The configuration file, and any files that it includes, are
44 automatically reloaded every three minutes, if they change. One can
45 force a reload by sending a SIGHUP to the server. Reloading the
46 configuration file will not affect connections to any service that is
47 already established. Either the user will have to disconnect from the
48 service, or smbd killed and restarted.
49
50 Instead of sending a SIGHUP signal, a request to reload configuration
51 file may be sent using smbcontrol(1) program.
52
54 -D|--daemon
55 If specified, this parameter causes the server to operate as a
56 daemon. That is, it detaches itself and runs in the background,
57 fielding requests on the appropriate port. Operating the server as
58 a daemon is the recommended way of running smbd for servers that
59 provide more than casual use file and print services. This switch
60 is assumed if smbd is executed on the command line of a shell.
61
62 -i|--interactive
63 If this parameter is specified it causes the server to run
64 "interactively", not as a daemon, even if the server is executed on
65 the command line of a shell. Setting this parameter negates the
66 implicit daemon mode when run from the command line. smbd will
67 only accept one connection and terminate. It will also log to
68 standard output, as if the -S parameter had been given.
69
70 -F|--foreground
71 If specified, this parameter causes the main smbd process to not
72 daemonize, i.e. double-fork and disassociate with the terminal.
73 Child processes are still created as normal to service each
74 connection request, but the main process does not exit. This
75 operation mode is suitable for running smbd under process
76 supervisors such as supervise and svscan from Daniel J. Bernstein's
77 daemontools package, or the AIX process monitor.
78
79 --no-process-group
80 Do not create a new process group for smbd.
81
82 -b|--build-options
83 Prints information about how Samba was built.
84
85 -p|--port<port number(s)>
86 port number(s) is a space or comma-separated list of TCP ports smbd
87 should listen on. The default value is taken from the ports
88 parameter in /etc/samba/smb.conf
89
90 The default ports are 139 (used for SMB over NetBIOS over TCP) and
91 port 445 (used for plain SMB over TCP).
92
93 -P|--profiling-level<profiling level>
94 profiling level is a number specifying the level of profiling data
95 to be collected. 0 turns off profiling, 1 turns on counter
96 profiling only, 2 turns on complete profiling, and 3 resets all
97 profiling data.
98
99 -d|--debuglevel=DEBUGLEVEL, --debug-stdout
100 level is an integer from 0 to 10. The default value if this
101 parameter is not specified is 0.
102
103 The higher this value, the more detail will be logged to the log
104 files about the activities of the server. At level 0, only critical
105 errors and serious warnings will be logged. Level 1 is a reasonable
106 level for day-to-day running - it generates a small amount of
107 information about operations carried out.
108
109 Levels above 1 will generate considerable amounts of log data, and
110 should only be used when investigating a problem. Levels above 3
111 are designed for use only by developers and generate HUGE amounts
112 of log data, most of which is extremely cryptic.
113
114 Note that specifying this parameter here will override the log
115 level parameter in the /etc/samba/smb.conf file. This will
116 redirect debug output to STDOUT. By default server daemons are
117 logging to a log file.
118
119 --configfile=CONFIGFILE
120 The file specified contains the configuration details required by
121 the server. The information in this file includes server-specific
122 information such as what printcap file to use, as well as
123 descriptions of all the services that the server is to provide. See
124 /etc/samba/smb.conf for more information. The default configuration
125 file name is determined at compile time.
126
127 --option=<name>=<value>
128 Set the smb.conf(5) option "<name>" to value "<value>" from the
129 command line. This overrides compiled-in defaults and options read
130 from the configuration file. If a name or a value includes a space,
131 wrap whole --option=name=value into quotes.
132
133 -l|--log-basename=logdirectory
134 Base directory name for log/debug files. The extension ".progname"
135 will be appended (e.g. log.smbclient, log.smbd, etc...). The log
136 file is never removed by the client.
137
138 --leak-report
139 Enable talloc leak reporting on exit.
140
141 --leak-report-full
142 Enable full talloc leak reporting on exit.
143
144 -V|--version
145 Prints the program version number.
146
147 -?|--help
148 Print a summary of command line options.
149
150 --usage
151 Display brief usage message.
152
154 /etc/inetd.conf
155 If the server is to be run by the inetd meta-daemon, this file must
156 contain suitable startup information for the meta-daemon.
157
158 /etc/rc
159 or whatever initialization script your system uses).
160
161 If running the server as a daemon at startup, this file will need
162 to contain an appropriate startup sequence for the server.
163
164 /etc/services
165 If running the server via the meta-daemon inetd, this file must
166 contain a mapping of service name (e.g., netbios-ssn) to service
167 port (e.g., 139) and protocol type (e.g., tcp).
168
169 /usr/local/samba/lib/smb.conf
170 This is the default location of the smb.conf(5) server
171 configuration file. Other common places that systems install this
172 file are /usr/samba/lib/smb.conf and /etc/samba/smb.conf.
173
174 This file describes all the services the server is to make
175 available to clients. See smb.conf(5) for more information.
176
178 On some systems smbd cannot change uid back to root after a setuid()
179 call. Such systems are called trapdoor uid systems. If you have such a
180 system, you will be unable to connect from a client (such as a PC) as
181 two different users at once. Attempts to connect the second user will
182 result in access denied or similar.
183
185 PRINTER
186 If no printer name is specified to printable services, most systems
187 will use the value of this variable (or lp if this variable is not
188 defined) as the name of the printer to use. This is not specific to
189 the server, however.
190
192 Samba uses PAM for authentication (when presented with a plaintext
193 password), for account checking (is this account disabled?) and for
194 session management. The degree too which samba supports PAM is
195 restricted by the limitations of the SMB protocol and the obey pam
196 restrictions smb.conf(5) parameter. When this is set, the following
197 restrictions apply:
198
199 • Account Validation: All accesses to a samba server are
200 checked against PAM to see if the account is valid, not
201 disabled and is permitted to login at this time. This also
202 applies to encrypted logins.
203
204 • Session Management: When not using share level security,
205 users must pass PAM's session checks before access is
206 granted. Note however, that this is bypassed in share level
207 security. Note also that some older pam configuration files
208 may need a line added for session support.
209
211 This man page is part of version 4.17.5 of the Samba suite.
212
214 Most diagnostics issued by the server are logged in a specified log
215 file. The log file name is specified at compile time, but may be
216 overridden on the command line.
217
218 The number and nature of diagnostics available depends on the debug
219 level used by the server. If you have problems, set the debug level to
220 3 and peruse the log files.
221
222 Most messages are reasonably self-explanatory. Unfortunately, at the
223 time this man page was created, there are too many diagnostics
224 available in the source code to warrant describing each and every
225 diagnostic. At this stage your best bet is still to grep the source
226 code and inspect the conditions that gave rise to the diagnostics you
227 are seeing.
228
230 Samba stores it's data in several TDB (Trivial Database) files, usually
231 located in /var/lib/samba.
232
233 (*) information persistent across restarts (but not necessarily
234 important to backup).
235
236 account_policy.tdb*
237 NT account policy settings such as pw expiration, etc...
238
239 brlock.tdb
240 byte range locks
241
242 browse.dat
243 browse lists
244
245 gencache.tdb
246 generic caching db
247
248 group_mapping.tdb*
249 group mapping information
250
251 locking.tdb
252 share modes & oplocks
253
254 login_cache.tdb*
255 bad pw attempts
256
257 messages.tdb
258 Samba messaging system
259
260 netsamlogon_cache.tdb*
261 cache of user net_info_3 struct from net_samlogon() request (as a
262 domain member)
263
264 ntdrivers.tdb*
265 installed printer drivers
266
267 ntforms.tdb*
268 installed printer forms
269
270 ntprinters.tdb*
271 installed printer information
272
273 printing/
274 directory containing tdb per print queue of cached lpq output
275
276 registry.tdb
277 Windows registry skeleton (connect via regedit.exe)
278
279 smbXsrv_session_global.tdb
280 session information (e.g. support for 'utmp = yes')
281
282 smbXsrv_tcon_global.tdb
283 share connections (used to enforce max connections, etc...)
284
285 smbXsrv_open_global.tdb
286 open file handles (used durable handles, etc...)
287
288 share_info.tdb*
289 share acls
290
291 winbindd_cache.tdb
292 winbindd's cache of user lists, etc...
293
294 winbindd_idmap.tdb*
295 winbindd's local idmap db
296
297 wins.dat*
298 wins database when 'wins support = yes'
299
301 Sending the smbd a SIGHUP will cause it to reload its smb.conf
302 configuration file within a short period of time.
303
304 To shut down a user's smbd process it is recommended that SIGKILL (-9)
305 NOT be used, except as a last resort, as this may leave the shared
306 memory area in an inconsistent state. The safe way to terminate an smbd
307 is to send it a SIGTERM (-15) signal and wait for it to die on its own.
308
309 The debug log level of smbd may be raised or lowered using
310 smbcontrol(1) program (SIGUSR[1|2] signals are no longer used since
311 Samba 2.2). This is to allow transient problems to be diagnosed, whilst
312 still running at a normally low log level.
313
314 Note that as the signal handlers send a debug write, they are not
315 re-entrant in smbd. This you should wait until smbd is in a state of
316 waiting for an incoming SMB before issuing them. It is possible to make
317 the signal handlers safe by un-blocking the signals before the select
318 call and re-blocking them after, however this would affect performance.
319
321 hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1),
322 testparm(1), and the Internet RFC's rfc1001.txt, rfc1002.txt. In
323 addition the CIFS (formerly SMB) specification is available as a link
324 from the Web page https://www.samba.org/cifs/.
325
327 The original Samba software and related utilities were created by
328 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
329 Source project similar to the way the Linux kernel is developed.
330
331
332
333Samba 4.17.5 01/26/2023 SMBD(8)