Univention Bugzilla – Bug 32045
Obsolete Samba UCR variables
Last modified: 2021-04-28 10:08:50 CEST
samba/encrypt_passwords maps to "encrypt passwords" from smb.conf. From the manpage: | This boolean controls whether encrypted passwords will be negotiated with the | client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by | default expect encrypted passwords unless a registry entry is changed. (..) | The use of plain text passwords is NOT advised as support for this feature is | no longer maintained in Microsoft Windows products. If you want to use plain | text passwords you must set this parameter to no. IMO the UCR variable should be removed, then.
Likewise samba/kernel_oplocks, which maps to "kernel oplocks" from smb.conf: |For UNIXes that support kernel based oplocks (currently only IRIX and the Linux | 2.4 kernel), this parameter allows the use of them to be turned on or off. (..) |You should never need to touch this parameter.
samba/large_readwrite should also be removed. Disabling the option even leads to truncation of data: https://bugzilla.samba.org/show_bug.cgi?id=9622 Quoting Jeremy Allison: | Turning off "large readwrite" causes smbd to no longer negotiate CAP_W2K_SMBS | support. This causes many problems with Windows and Mac clients. | | The real fix is just not to do that. This parameter should just be removed I | think.
samba/maxopenfiles is broken anyway (Bug 32049), but we should also drop it: From the manpage: | The limit of the number of open files is usually set by the UNIX per-process | file descriptor limit rather than this parameter so you should never need to | touch this parameter.
samba/oplocks should be removed as well: It's enabled by default and disabling it will break offline mode on Windows Vista (and maybe also Win7 since they're essentially the same?) http://support.microsoft.com/kb/296264/en-us It can still be enabled on a share base.
samba/preserve_case and samba/short_preserve_case are only used to configure name mangling of filenames to the 8.3 filename scheme from DOS or Windows 3.1. That's no longer needed.
samba/read_raw should not be configured, quoting from the manpage: | In general this parameter should be viewed as a system tuning tool and left | severely alone. Likewise samba/write_raw, quoting from the manpage: | This parameter controls whether or not the server will support raw write SMB´s | when transferring data from clients. You should never need to change this | parameter.
samba/share/groups is disabled by default. If set to 'yes', the following snippet is added to smb.conf: print'[groups]' print ' comment = Gruppenverzeichnissse' print ' browsable = yes' print ' read only = no' print ' create mask = 0770' print ' directory mask = 0770' The purpose is unclear, it's not mentioned anywhere in the changelog. I think that was a copy&paste from the [homes] share, which is defined in the same template.
(In reply to Moritz Muehlenhoff from comment #7) > samba/share/groups is disabled by default. If set to 'yes', the following > snippet is added to smb.conf: > > print'[groups]' > print ' comment = Gruppenverzeichnissse' > print ' browsable = yes' > print ' read only = no' > print ' create mask = 0770' > print ' directory mask = 0770' > > The purpose is unclear, it's not mentioned anywhere in the changelog. I > think that was a copy&paste from the [homes] share, which is defined in the > same template. There are only three special sections and [groups] isn't part of it. Quoting from the manpage: | There are three special sections, [global], [homes] and [printers], which are | described under special sections.
According to Arvid samba/idmap/domains is legacy and should be removed.
samba/os/level maps to "os level" from smb.conf. It states: | This means that a misconfigured Samba host can effectively isolate a subnet for | browsing purposes. This parameter is largely auto-configured in the Samba-3 | release series and it is seldom necessary to manually override the default | setting.
samba/max/protocol maps to "max protocol". It states: | Normally this option should not be set as the automatic negotiation phase in | the SMB protocol takes care of choosing the appropriate protocol.
samba/max/protocol is useful for Bug #31145
samba4/ntacl/backend should always be set to 'native', i.e. the UCR variable can be dropped.
Setting samba/machine_password_timeout to anything other than 0 will break. We should remove the variable.
samba4/function/level is only sourced prior to the first provisioning of a Samba 4 domain controller. After that "samba-tool domain level raise" must be used. IMO the variable should rather be dropped and only referred to the samba-tool command. This way a consistent mechanism is used.
samba4/disabled was introduced in Bug 27122 to prevent the installation of Samba 4 on OX ASE systems. These edition is now longer available and the UCR variable is rather ugly (and easy to be confused with samba4/autostart), so we should remove it.
samba4/service/smb could be used to switch back from s3fs to the smbd hack. This was never used, so the variable can be removed.
samba4/sysvol/sync/setfacl/AU is obsolete and can be removed.
(In reply to Moritz Muehlenhoff from comment #18) > samba4/sysvol/sync/setfacl/AU is obsolete and can be removed. See Bug #31275 and Bug #31271, I don't think the variable can be removed.