testparm — check an smb.conf configuration file for internal correctness
testparm [-s|--suppress-prompt] [-v|--verbose] [-?|--help] [--usage] [-d|--debuglevel=DEBUGLEVEL] [--debug-stdout] {config filename} [hostname hostIP]
This tool is part of the samba(7) suite.
testparm is a very simple test program
to check an smbd(8) configuration file for
internal correctness. If this program reports no problems, you
can use the configuration file with confidence that smbd
will successfully load the configuration file.
Note that this is NOT a guarantee that the services specified in the configuration file will be available or will operate as expected.
If the optional host name and host IP address are specified on the command line, this test program will run through the service entries reporting whether the specified host has access to each service.
If testparm finds an error in the
smb.conf file it returns an exit code of 1 to the calling
program, else it returns an exit code of 0. This allows shell scripts
to test the output from testparm.
Without this option, testparm
will prompt for a carriage return after printing the service
names and before dumping the service definitions.
If this option is specified, testparm will also output all options that were not used in smb.conf(5) and are thus set to their defaults.
Dumps the named parameter. If no section-name is set the view is limited by default to the global section. It is also possible to dump a parametrical option. Therefore the option has to be separated by a colon from the parametername.
Dumps the named section.
Show the parameters, type, possible values.
Skip the global checks.
Print a summary of command line options.
Display brief usage message.
level is an integer from 0
to 10. The default value if this parameter is not
specified is 1 for client applications.
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
Note that specifying this parameter here will override
the log level parameter in the
${prefix}/etc/smb.conf file.
This will redirect debug output to STDOUT. By default all clients are logging to STDERR.
The file specified contains the configuration details
required by the client. The information in this file
can be general for client and server or only provide
client specific like options such as
client smb encrypt. See
${prefix}/etc/smb.conf for more information. The default
configuration file name is determined at compile time.
Set the smb.conf(5) option "<name>" to value "<value>" from the command line. This overrides compiled-in defaults and options read from the configuration file. If a name or a value includes a space, wrap whole --option=name=value into quotes.
Prints the program version number.
This is the name of the configuration file to check. If this parameter is not present then the default smb.conf(5) file will be checked.
If this parameter and the following are
specified, then testparm will examine the hosts
allow and hosts deny
parameters in the smb.conf(5) file to
determine if the hostname with this IP address would be
allowed access to the smbd server. If
this parameter is supplied, the hostIP parameter must also
be supplied.
This is the IP address of the host specified in the previous parameter. This address must be supplied if the hostname parameter is supplied.
The program will issue a message saying whether the configuration file loaded OK or not. This message may be preceded by errors and warnings if the file did not load. If the file was loaded OK, the program then dumps all known service details to stdout.
For certain use cases, SMB protocol requires use of cryptographic algorithms which are known to be weak and already broken. DES and ARCFOUR (RC4) ciphers and the SHA1 and MD5 hash algorithms are considered weak but they are required for backward compatibility. The testparm utility shows whether the Samba tools will fall back to these weak crypto algorithms if it is not possible to use strong cryptography by default. In FIPS mode weak crypto cannot be enabled.