summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2001-02-23 02:37:25 +0000
committerGerald Carter <jerry@samba.org>2001-02-23 02:37:25 +0000
commit7bab8111d2b1668495b8e0411fa1de6b174aacdc (patch)
tree18233c22d4a7641ba86a1f6dc073efa837e4bedb /docs
parent9a43d69ac4000d6b7b5a07089f22af4451ea4b31 (diff)
downloadsamba-7bab8111d2b1668495b8e0411fa1de6b174aacdc.tar.gz
samba-7bab8111d2b1668495b8e0411fa1de6b174aacdc.tar.bz2
samba-7bab8111d2b1668495b8e0411fa1de6b174aacdc.zip
I'm just checking these in. There not done.
(This used to be commit 03f85cf3c80e8bb93d698da0a17ac61d0da91950)
Diffstat (limited to 'docs')
-rw-r--r--docs/docbook/manpages/rpcclient.1.sgml137
-rw-r--r--docs/docbook/manpages/smbcacls.1.sgml105
-rw-r--r--docs/docbook/manpages/smbclient.1.sgml408
-rw-r--r--docs/docbook/manpages/smbpasswd.5.sgml136
-rw-r--r--docs/docbook/manpages/smbpasswd.8.sgml165
5 files changed, 951 insertions, 0 deletions
diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml
new file mode 100644
index 0000000000..ce395305ea
--- /dev/null
+++ b/docs/docbook/manpages/rpcclient.1.sgml
@@ -0,0 +1,137 @@
+Namerpcclient - developer's tool to testing client side MS-RPC functions Synopsisrpcclient[-d
+debuglevel] [-S server] [-l logbasename] [-n netbios name] [-N] [-m maxprotocol]
+[-I destIP] [-E] [-U username] [-W workgroup] [-c `command string`] [-t terminalcode]
+[-i scope] [-O socket options] [-s smb.conf] Descriptionrpcclientis a utility
+for developers for executing various MS-RPC functions. It's primary use is
+for testing Samba's own MS-RPC server implementation, however many administrators
+have written scripts around it to manage Windows NT clients from their
+UNIX workstation. Options
+-d debuglevelset the debuglevel. Debug level 0 is
+the lowest and 100 being the highest. This should be set to 100 if you are
+planning on submitting a bug report to the Samba team (see BUGS.txt). -S
+serverNetBIOS name of Server to which you wish to connect. The server can
+be any SMB/CIFS server. The name is resolved using either the "name resolve
+ order = " line or by using the -R option. -l logbasenameFile name for log/debug
+files. .client will be appended. The log file is never removed by the client.
+-n netbios nameNetBIOS name of the local machine. This option is only needed
+if your Samba client cannot find it automatically. Samba should use the
+uppercase of the machine's hostname. -Ntells rpcclient not to ask for a password.
+rpcclient will prompt the user by default. -I destIPThe IP address of the
+server specified with the -S option. Only needed when the server's NetBIOS
+name cannot be resolved using WINS or broadcast and isn't found in the LMHOSTS
+file. -Ecauses regedit to write messages to stderr instead of stdout. -U username[%pass]Sets
+the SMB username or username and password. If %pass is not specified, The
+user will be prompted. The client will first check the USER environment
+variable, then the LOGNAME variable and if either exist, the string is
+uppercased. Anything in these variables following a % sign will be treated
+as the password. If these environmental variables are not found, the username
+GUEST is used. If the password is not included in these environment variables
+(using the %pass syntax), rpcclient will look for a PASSWD environment
+variable from which to read the password. A third option is to use a credentials
+file which contains the plaintext of the username and password. This option
+is mainly provided for scripts where the admin doesn't desire to pass the
+credentials on the command line or via environment variables. If this method
+is used, make certain that the permissions on the file restrict access
+from unwanted users. See the -A for more details. Be cautious about including
+passwords in scripts or in the CWPASSWD environment variable. Also, on many
+systems the command line of a running process may be seen via the CWps
+command to be safe always allow smbclient to prompt for a password and
+type it in directly. -A <filename>This option allows you to specify a file
+from which to read the username and password used in the connection. The
+format of the file is CWusername = <value>
+CWpassword = <value>
+Make certain that the permissions on the file restrict access from unwanted
+users. -W domainSet the SMB domain of the username. This overrides the default
+ domain which is the domain of the server specified with the bt(-S) option.
+If the domain specified is the same as the server's NetBIOS name, it causes
+the client to log on using the server's local SAM (as opposed to the Domain
+SAM). -Poperate in promptless mode. Without this mode (the default) rpcclient
+displays a prompt of the form '[domain\username@host]$' -c 'command string'execute
+semicolon separated commands (listed below)) -t terminalcodeThis tells the
+Samba client how to interpret the incoming filenames, in regards to character
+sets. The list here is not complete. For a complete list see your local Samba
+source. Some valid options are sjis, euc, jis7, jis8, junet and hex. -O socket
+optionsThese socket options are the same as in smb.conf (under the bt(socket
+options = ) section). -s smb.confSpecifies the location of the all important
+smb.conf file. -i scopeDefines the NetBIOS scope. For more information on NetBIOS
+scopes, see rfc1001 and rfc1002. NetBIOS scopes are rarely used.
+Commands
+SPOOLSS
+CommandsspoolenumExecute an EnumPrinters call. This lists the various installed
+and share printers. Refer to the MS Platform SDK documentation for more
+details of the various flags and calling options.
+spoolenumports <level>Executes
+an EnumPorts call using the specified info level. Currently only info level
+1 and 2 are supported.
+spoolenumdataEnumerate all printer setting data stored
+on the server. On Windows NT clients, these values are stored in the registry,
+while Samba servers store them in the printers TDB. This command corresponds
+to the MS Platform SDK EnumPorts function.
+spooljobs <printer>List the jobs
+and status of a given printer. This command corresponds to the MS Platform
+SDK EnumJobs function.
+spoolopen <printer>Execute an OpenPrinterEx() and ClosePrinter()
+RPC against a given printer.
+spoolgetdataRetrive the data for a given printer
+setting. See the spoolenumdata command for more information. This command
+corresponds to the GetPrinterData() MS Platform SDK function.
+spoolgetprinter
+<printer>Retrieve the current printer information. This command sorresponds
+to the GetPrinter() MS Platform SDK function.
+spoolgetprinterdriver <printer>Retrive
+the printer driver information (such as driver file, config file, dependent
+files, etc...) for the given printer. This command corresponds to the GetPrinterDriver()
+MS Platform SDK function.
+spoolgetprinterdriverdir <arch>Execute a GetPrinterDriverDirectory()
+RPC to retreive the SMB share name and subdirectory for storing printer
+driver files for a given architecture. Possible values for <arch> are "Windows
+4.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
+Alpha_AXP", and "Windows NT R4000".
+ <drivername> <port>" .YODLTAGEND. Add a
+printer on the remote server. This printer will be automatically shared.
+ Be aware that the printer driver must already be installed on the server
+(see addprinterdriver) and the <port> must be a valid port name.
+spooladdprinterdriver
+<arch> <config>Execute an AddPrinterDriver() RPC to install the printer driver
+information on the server. Note that the driver files should already exist
+in the directort returned by spoolgetprinterdriverdir. Possible values
+for <arch> are the same as those for the spooolgetprintedriverdir command.
+The <config> parameter is defined as follows:
+<Long Printer Name>:<Driver File
+Name>:<Data File Name>:<Config File Name>:<Help File Name>:<Language Monitor Name>:<Default
+Data Type>:<Comma Separated list of Files>
+Any empty fields should be enter
+as the string "NULL".
+Samba does not need to support the concept of Print
+Monitors since these only apply to local printers whose driver can make
+use of a bi-directional link for communication. This field should be "NULL".
+ On a remote NT print server, the Print Monitor for a driver must already
+be installed prior to adding the driver or else the RPC will fail.
+General
+CommandssetSet miscellaneous rpcclient command line options during a running
+ session.
+useConnect to a rmeote SMB server. rpcclient has the ability to
+maintain connections to multiple server simulaneously.
+helpPrint a listing
+of all known commands or extended help on a particular command.
+quitExit
+rpcclient.
+Bugsrpcclient is designed as a developer testing tool and may
+not be robust in certain areas (such as command line parsing). It has been
+known to generate a core dump upon failures when invalid parameters where
+passed to the interpreter.
+From Luke Leighton's original rpcclient man page:
+"WARNING! The MSRPC over SMB code has been developed from examining Network
+traces. No documentation is available from the original creators (Microsoft)
+on how MSRPC over SMB works, or how the individual MSRPC services work.
+Microsoft's implementation of these services has been demonstrated (and
+reported) to be... a bit flakey in places.
+The development of Samba's implementation
+is also a bit rough, and as more of the services are understood, it can
+even result in versions of smbd(8) and rpcclient that are incompatible
+for some commands or services. Additionally, the developers are sending
+reports to Microsoft, and problems found or reported to Microsoft are
+fixed in Service Packs, which may result in incompatibilities."
+See Alsosamba
+(7) AuthorSamba is written by The Samba Team as Open Source. This man page
+was written by Matthew Geddes, Luke Kenneth Casson, and Gerald Carter. \ No newline at end of file
diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml
new file mode 100644
index 0000000000..aaddf5c09c
--- /dev/null
+++ b/docs/docbook/manpages/smbcacls.1.sgml
@@ -0,0 +1,105 @@
+
+Namesmbcacls - Set or get ACLs on an NT file or directory
+Synopsis
+smbcacls
+//server/share filename [-U username] [-A acls] [-M acls] [-D acls] [-S acls]
+ [-C name] [-G name] [-n] [-h]
+Description
+The smbcacls program manipulates
+NT Access Control Lists (ACLs) on SMB file shares.
+Options
+The following
+options are available to the smbcacls program. The format of ACLs is described
+in the section ACL FORMAT
+-A aclsAdd the ACLs specified to the ACL list.
+ Existing access control entries are unchanged. -M aclsModify the mask value
+(permissions) for the ACLs specified on the command line. An error will
+be printed for each ACL specified that was not already present in the ACL
+list. -D aclsDelete any ACLs specfied on the command line. An error will
+be printed for each ACL specified that was not already present in the ACL
+list. -S aclsThis command sets the ACLs on the file with only the ones specified
+on the command line. All other ACLs are erased. Note that the ACL specified
+must contain at least a revision, type, owner and group for the call to
+succeed. -U usernameSpecifies a username used to connect to the specified
+service. The username may be of the form CWusername in which case the user
+is prompted to enter in a password and the workgroup specified in the smb.conf
+file is used, or CWusername%password or CWDOMAIN\username%password and the
+password and workgroup names are used as provided. -C nameThe owner of a
+file or directory can be changed to the name given using the -C option.
+The name can be a sid in the form CWS-1-x-y-z or a name resolved against the
+server specified in the first argument. This command is a shortcut for CW-M
+OWNER:name. -G nameThe group owner of a file or directory can be changed
+to the name given using the -G option. The name can be a sid in the form
+CWS-1-x-y-z or a name resolved against the server specified in the first argument.
+This command is a shortcut for CW-M GROUP:name. -nThis option displays all
+ACL information in numeric format. The default is to convert SIDs to names
+and ACE types and masks to a readable string format. -hPrint usage information
+on the smbcacls program
+Acl Format
+The format of an ACL is one or more ACL
+entries separated by either commas or newlines. An ACL entry is one of
+the following:
+
+
+
+REVISION:<revision number>
+OWNER:<sid or name>
+GROUP:<sid or name>
+ACL:<sid or name>:<type>/<flags>/<mask>
+
+
+
+The revision of the ACL specifies the internal Windows NT ACL revision
+for the security descriptor. If not specified it defaults to 1. Using values
+other than 1 may cause strange behaviour.
+The owner and group specify the
+owner and group sids for the object. If a SID in the format CWS-1-x-y-z is
+specified this is used, otherwise the name specified is resolved using
+the server on which the file or directory resides.
+ACLs specify permissions
+granted to the SID. This SID again can be specified in CWS-1-x-y-z format or
+as a name in which case it is resolved against the server on which the
+file or directory resides. The type, flags and mask values determine the
+type of access granted to the SID.
+The type can be either 0 or 1 corresponding
+to ALLOWED or DENIED access to the SID. The flags values are generally
+zero for file ACLs and either 9 or 2 for directory ACLs. Some common flags
+are:
+
+
+
+#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
+#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
+#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
+#define SEC_ACE_FLAG_INHERIT_ONLY 0x8
+
+
+
+At present flags can only be specified as decimal or hexadecimal values.
+
+The mask is a value which expresses the access right granted to the SID.
+It can be given as a decimal or hexadecimal value, or by using one of the
+following text strings which map to the NT file permissions of the same
+name.
+CWR Allow read access CWW Allow write access CWX Execute permission
+on the object CWD Delete the object CWP Change permissions CWO Take ownership
+
+The following combined permissions can be specified:
+CWREAD Equivalent
+to CWRX permissions CWCHANGE Equivalent to CWRXWD permissions CWFULL
+ Equivalent to CWRWXDPO permissions
+Exit Status
+The smbcacls program sets
+the exit status depending on the success or otherwise of the operations
+performed. The exit status may be one of the following values.
+If the operation
+succeded, smbcacls returns and exit status of 0. If smbcacls couldn't connect
+to the specified server, or there was an error getting or setting the ACLs,
+an exit status of 1 is returned. If there was an error parsing any command
+line arguments, an exit status of 2 is returned.
+Author
+The original Samba
+software and related utilities were created by Andrew Tridgell. Samba is
+now developed by the Samba Team as an Open Source project.
+smbcacls was
+written by Andrew Tridgell and Tim Potter. \ No newline at end of file
diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml
new file mode 100644
index 0000000000..314c815970
--- /dev/null
+++ b/docs/docbook/manpages/smbclient.1.sgml
@@ -0,0 +1,408 @@
+
+Namesmbclient - ftp-like client to access SMB/CIFS resources on servers
+Synopsis
+smbclient
+servicename [-s smb.conf] [-O socket options][-R name resolve order] [-M NetBIOS
+name] [-i scope] [-N] [-n NetBIOS name] [-d debuglevel] [-P] [-p port] [-l log
+basename] [-h] [-I dest IP] [-E] [-U username] [-L NetBIOS name] [-t terminal
+code] [-m max protocol] [-b buffersize] [-W workgroup] [-T<c|x>IXFqgbNan] [-D directory]
+[-c command string]
+Description
+This program is part of the Samba suite.
+smbclient
+is a client that can 'talk' to an SMB/CIFS server. It offers an interface
+similar to that of the ftp program (see ftp (1)). Operations include things
+like getting files from the server to the local machine, putting files
+from the local machine to the server, retrieving directory information
+from the server and so on.
+Options
+servicenameservicename is the name of
+the service you want to use on the server. A service name takes the form
+CW//server/service where server is the NetBIOS name of the SMB/CIFS server
+offering the desired service and service is the name of the service offered.
+Thus to connect to the service printer on the SMB/CIFS server smbserver,
+you would use the servicename CW//smbserver/printer Note that the server
+name required is NOT necessarily the IP (DNS) host name of the server !
+The name required is a NetBIOS server name, which may or may not be the
+same as the IP hostname of the machine running the server. The server name
+is looked up according to either the -R parameter to smbclient or using
+the name resolve order parameter in the smb.conf file, allowing an administrator
+to change the order and methods by which server names are looked up. passwordpassword
+is the password required to access the specified service on the specified
+server. If this parameter is supplied, the -N option (suppress password prompt)
+is assumed. There is no default password. If no password is supplied on the
+command line (either by using this parameter or adding a password to the
+-U option (see below)) and the -N option is not specified, the client will
+prompt for a password, even if the desired service does not require one.
+(If no password is required, simply press ENTER to provide a null password.)
+Note: Some servers (including OS/2 and Windows for Workgroups) insist on
+an uppercase password. Lowercase or mixed case passwords may be rejected
+by these servers. Be cautious about including passwords in scripts. -s smb.confThis
+parameter specifies the pathname to the Samba configuration file, smb.conf.
+This file controls all aspects of the Samba setup on the machine and smbclient
+also needs to read this file. -O socket optionsTCP socket options to set
+on the client socket. See the socket options parameter in the smb.conf (5)
+manpage for the list of valid options. -R name resolve orderThis option allows
+the user of smbclient to determine what name resolution services to use
+when looking up the NetBIOS name of the host being connected to. The options
+are :"lmhosts", "host", "wins" and "bcast". They cause names to be resolved
+as follows : olmhosts : Lookup an IP address in the Samba lmhosts file.
+The lmhosts file is stored in the same directory as the smb.conf file. ohost
+: Do a standard host name to IP address resolution, using the system /etc/hosts,
+NIS, or DNS lookups. This method of name resolution is operating system
+depended for instance on IRIX or Solaris this may be controlled by the
+/etc/nsswitch.conf file). owins : Query a name with the IP address listed
+in the wins server parameter in the smb.conf file. If no WINS server has
+been specified this method will be ignored. obcast : Do a broadcast on each
+of the known local interfaces listed in the interfaces parameter in the
+smb.conf file. This is the least reliable of the name resolution methods
+as it depends on the target host being on a locally connected subnet. If
+this parameter is not set then the name resolve order defined in the smb.conf
+file parameter (name resolve order) will be used. The default order is
+lmhosts, host, wins, bcast and without this parameter or any entry in the
+"name resolve order" parameter of the smb.conf file the name resolution
+methods will be attempted in this order. -M NetBIOS nameThis options allows
+you to send messages, using the "WinPopup" protocol, to another computer.
+Once a connection is established you then type your message, pressing ^D
+(control-D) to end. If the receiving computer is running WinPopup the user
+will receive the message and probably a beep. If they are not running WinPopup
+the message will be lost, and no error message will occur. The message is
+also automatically truncated if the message is over 1600 bytes, as this
+is the limit of the protocol. One useful trick is to cat the message through
+smbclient. For example: CWcat mymessage.txt | smbclient -M FRED will send the
+message in the file mymessage.txt to the machine FRED. You may also find
+the -U and -I options useful, as they allow you to control the FROM and TO
+parts of the message. See the message command parameter in the smb.conf (5)
+for a description of how to handle incoming WinPopup messages in Samba.
+Note: Copy WinPopup into the startup group on your WfWg PCs if you want
+them to always be able to receive messages. -i scopeThis specifies a NetBIOS
+scope that smbclient will use to communicate with when generating NetBIOS
+names. For details on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt.
+NetBIOS scopes are very rarely used, only set this parameter if you are
+the system administrator in charge of all the NetBIOS systems you communicate
+with. -NIf specified, this parameter suppresses the normal password prompt
+from the client to the user. This is useful when accessing a service that
+does not require a password. Unless a password is specified on the command
+line or this parameter is specified, the client will request a password.
+-n NetBIOS nameBy default, the client will use the local machine's hostname
+(in uppercase) as its NetBIOS name. This parameter allows you to override
+the host name and use whatever NetBIOS name you wish. -d debugleveldebuglevel
+is an integer from 0 to 10, or the letter 'A'. The default value if this parameter
+is not specified is zero. The higher this value, the more detail will be
+logged to the log files about the activities of the client. At level 0,
+only critical errors and serious warnings will be logged. Level 1 is a reasonable
+level for day to day running - it generates a small amount of information
+about operations carried out. Levels above 1 will generate considerable
+amounts of log data, and should only be used when investigating a problem.
+Levels above 3 are designed for use only by developers and generate HUGE
+amounts of log data, most of which is extremely cryptic. If debuglevel is
+set to the letter 'A', then all debug messages will be printed. This setting
+is for developers only (and people who really want to know how the code
+works internally). Note that specifying this parameter here will override
+the log level parameter in the smb.conf (5) file. -PThis option is no longer
+used. The code in Samba2.0 now lets the server decide the device type, so
+no printer specific flag is needed. -p portThis number is the TCP port number
+that will be used when making connections to the server. The standard (well-known)
+TCP port number for an SMB/CIFS server is 139, which is the default. -l logfilenameIf
+specified, logfilename specifies a base filename into which operational
+data from the running client will be logged. The default base name is specified
+at compile time. The base name is used to generate actual log file names.
+For example, if the name specified was "log", the debug file would be CWlog.client.
+The log file generated is never removed by the client. -hPrint the usage
+message for the client. -I IP addressIP address is the address of the server
+to connect to. It should be specified in standard "a.b.c.d" notation. Normally
+the client would attempt to locate a named SMB/CIFS server by looking it
+up via the NetBIOS name resolution mechanism described above in the name
+resolve order parameter above. Using this parameter will force the client
+to assume that the server is on the machine with the specified IP address
+and the NetBIOS name component of the resource being connected to will
+be ignored. There is no default for this parameter. If not supplied, it will
+be determined automatically by the client as described above. -EThis parameter
+causes the client to write messages to the standard error stream (stderr)
+rather than to the standard output stream. By default, the client writes
+messages to standard output - typically the user's tty. -U usernameThis specifies
+the user name that will be used by the client to make a connection, assuming
+your server is not a downlevel server that is running a protocol level
+that uses passwords on shares, not on usernames. Some servers are fussy
+about the case of this name, and some insist that it must be a valid NetBIOS
+name. If no username is supplied, it will default to an uppercase version
+of the environment variable CWUSER or CWLOGNAME in that order. If no username
+is supplied and neither environment variable exists the username "GUEST"
+will be used. If the CWUSER environment variable contains a '%' character,
+everything after that will be treated as a password. This allows you to
+set the environment variable to be CWUSER=username%password so that a password
+is not passed on the command line (where it may be seen by the ps command).
+You can specify a domain name as part of the username by using a username
+of the form "DOMAIN/user" or "DOMAIN\user". If the service you are connecting
+to requires a password, it can be supplied using the -U option, by appending
+a percent symbol ("%") then the password to username. For example, to attach
+to a service as user CW"fred" with password CW"secret", you would specify.
+
+CW-U fred%secret
+on the command line. Note that there are no spaces around the percent symbol.
+If you specify the password as part of username then the -N option (suppress
+password prompt) is assumed. If you specify the password as a parameter
+AND as part of username then the password as part of username will take
+precedence. Putting nothing before or nothing after the percent symbol will
+cause an empty username or an empty password to be used, respectively. The
+password may also be specified by setting up an environment variable called
+CWPASSWD that contains the users password. Note that this may be very insecure
+on some systems but on others allows users to script smbclient commands
+without having a password appear in the command line of a process listing.
+A third option is to use a credentials file which contains the plaintext
+of the username and password. This option is mainly provided for scripts
+where the admin doesn't desire to pass the credentials on the command line
+or via environment variables. If this method is used, make certain that
+the permissions on the file restrict access from unwanted users. See the
+-A for more details. Note: Some servers (including OS/2 and Windows for Workgroups)
+insist on an uppercase password. Lowercase or mixed case passwords may be
+rejected by these servers. Be cautious about including passwords in scripts
+or in the CWPASSWD environment variable. Also, on many systems the command
+line of a running process may be seen via the CWps command to be safe always
+allow smbclient to prompt for a password and type it in directly. -A <filename>This
+option allows you to specify a file from which to read the username and
+password used in the connection. The format of the file is CWusername =
+<value>
+CWpassword = <value
+Make certain that the permissions on the file restrict access from unwanted
+users. -LThis option allows you to look at what services are available on
+a server. You use it as CW"smbclient -L host" and a list should appear. The
+-I option may be useful if your NetBIOS names don't match your tcp/ip dns
+host names or if you are trying to reach a host on another network. -t terminal
+codeThis option tells smbclient how to interpret filenames coming from
+the remote server. Usually Asian language multibyte UNIX implementations
+use different character sets than SMB/CIFS servers (EUC instead of SJIS
+for example). Setting this parameter will let smbclient convert between
+the UNIX filenames and the SMB filenames correctly. This option has not
+been seriously tested and may have some problems. The terminal codes include
+CWsjis, CWeuc, CWjis7, CWjis8, CWjunet, CWhex, CWcap. This is not a complete
+list, check the Samba source code for the complete list. -m max protocol
+levelWith the new code in Samba2.0, smbclient always attempts to connect
+at the maximum protocols level the server supports. This parameter is preserved
+for backwards compatibility, but any string following the -m will be ignored.
+-b buffersizeThis option changes the transmit/send buffer size when getting
+or putting a file from/to the server. The default is 65520 bytes. Setting
+this value smaller (to 1200 bytes) has been observed to speed up file transfers
+to and from a Win9x server. -W WORKGROUPOverride the default workgroup specified
+in the workgroup parameter of the smb.conf file for this connection. This
+may be needed to connect to some servers. -T tar optionssmbclient may be
+used to create tar (1) compatible backups of all the files on an SMB/CIFS
+share. The secondary tar flags that can be given to this option are : cCreate
+a tar file on UNIX. Must be followed by the name of a tar file, tape device
+or CW"-" for standard output. If using standard output you must turn the
+log level to its lowest value CW-d0 to avoid corrupting your tar file. This
+flag is mutually exclusive with the x flag. xExtract (restore) a local tar
+file back to a share. Unless the -D option is given, the tar files will be
+restored from the top level of the share. Must be followed by the name of
+the tar file, device or CW"-" for standard input. Mutually exclusive with
+the c flag. Restored files have their creation times (mtime) set to the
+date saved in the tar file. Directories currently do not get their creation
+dates restored properly. IInclude files and directories. Is the default behavior
+when filenames are specified above. Causes tar files to be included in an
+extract or create (and therefore everything else to be excluded). See example
+below. Filename globbing works in one of two ways. See r below. XExclude
+files and directories. Causes tar files to be excluded from an extract or
+create. See example below. Filename globbing works in one of two ways now.
+See r below. bBlocksize. Must be followed by a valid (greater than zero)
+blocksize. Causes tar file to be written out in blocksize*TBLOCK (usually
+512 byte) blocks. gIncremental. Only back up files that have the archive
+bit set. Useful only with the c flag. qQuiet. Keeps tar from printing diagnostics
+as it works. This is the same as tarmode quiet. rRegular expression include
+or exclude. Uses regular regular expression matching for excluding or
+excluding files if compiled with HAVE_REGEX_H. However this mode can be
+very slow. If not compiled with HAVE_REGEX_H, does a limited wildcard match
+on * and ?. NNewer than. Must be followed by the name of a file whose date
+is compared against files found on the share during a create. Only files
+newer than the file specified are backed up to the tar file. Useful only
+with the c flag. aSet archive bit. Causes the archive bit to be reset when
+a file is backed up. Useful with the g and c flags. Tar Long File Names smbclient's
+tar option now supports long file names both on backup and restore. However,
+the full path name of the file must be less than 1024 bytes. Also, when
+a tar archive is created, smbclient's tar option places all files in the
+archive with relative names, not absolute names. Tar Filenames All file
+names can be given as DOS path names (with CW\ as the component separator)
+or as UNIX path names (with CW/ as the component separator). Examples oRestore
+from tar file backup.tar into myshare on mypc (no password on share). CWsmbclient
+//mypc/myshare "" -N -Tx backup.tar oRestore everything except users/docs
+CWsmbclient //mypc/myshare "" -N -TXx backup.tar users/docs oCreate a tar
+file of the files beneath users/docs. CWsmbclient //mypc/myshare "" -N -Tc
+backup.tar users/docs oCreate the same tar file as above, but now use a
+DOS path name. CWsmbclient //mypc/myshare "" -N -tc backup.tar users\edocs oCreate
+a tar file of all the files and directories in the share. CWsmbclient //mypc/myshare
+"" -N -Tc backup.tar * -D initial directoryChange to initial directory before
+starting. Probably only of any use with the tar -T option. -c command stringcommand
+string is a semicolon separated list of commands to be executed instead
+of prompting from stdin. -N is implied by -c. This is particularly useful in
+scripts and for printing stdin to the server, e.g. CW-c 'print -'.
+Operations
+Once
+the client is running, the user is presented with a prompt :
+CWsmb:\>
+The
+backslash ("\") indicates the current working directory on the server, and
+will change if the current working directory is changed.
+The prompt indicates
+that the client is ready and waiting to carry out a user command. Each command
+is a single word, optionally followed by parameters specific to that command.
+Command and parameters are space-delimited unless these notes specifically
+state otherwise. All commands are case-insensitive. Parameters to commands
+may or may not be case sensitive, depending on the command.
+You can specify
+file names which have spaces in them by quoting the name with double quotes,
+for example "a long file name".
+Parameters shown in square brackets (e.g.,
+"[parameter]") are optional. If not given, the command will use suitable
+defaults. Parameters shown in angle brackets (e.g., "<parameter>") are required.
+
+Note that all commands operating on the server are actually performed by
+issuing a request to the server. Thus the behavior may vary from server
+to server, depending on how the server was implemented.
+The commands available
+are given here in alphabetical order.
+? [command]If "command" is specified,
+the ? command will display a brief informative message about the specified
+command. If no command is specified, a list of available commands will
+be displayed. ! [shell command]If "shell command" is specified, the ! command
+will execute a shell locally and run the specified shell command. If no
+command is specified, a local shell will be run. cd [directory name]If "directory
+name" is specified, the current working directory on the server will be
+changed to the directory specified. This operation will fail if for any
+reason the specified directory is inaccessible. If no directory name is
+specified, the current working directory on the server will be reported.
+del <mask>The client will request that the server attempt to delete all files
+matching "mask" from the current working directory on the server. dir <mask>A
+list of the files matching "mask" in the current working directory on the
+server will be retrieved from the server and displayed. exitTerminate the
+connection with the server and exit from the program. get <remote file name>
+[local file name]Copy the file called "remote file name" from the server
+to the machine running the client. If specified, name the local copy "local
+file name". Note that all transfers in smbclient are binary. See also the
+lowercase command. help [command]See the ? command above. lcd [directory
+name]If "directory name" is specified, the current working directory on
+the local machine will be changed to the directory specified. This operation
+will fail if for any reason the specified directory is inaccessible. If
+no directory name is specified, the name of the current working directory
+on the local machine will be reported. lowercaseToggle lowercasing of filenames
+for the get and mget commands. When lowercasing is toggled ON, local filenames
+are converted to lowercase when using the get and mget commands. This is
+often useful when copying (say) MSDOS files from a server, because lowercase
+filenames are the norm on UNIX systems. ls <mask>See the dir command above.
+mask <mask>This command allows the user to set up a mask which will be used
+during recursive operation of the mget and mput commands. The masks specified
+to the mget and mput commands act as filters for directories rather than
+files when recursion is toggled ON. The mask specified with the .B mask command
+is necessary to filter files within those directories. For example, if the
+mask specified in an mget command is "source*" and the mask specified with
+the mask command is "*.c" and recursion is toggled ON, the mget command
+will retrieve all files matching "*.c" in all directories below and including
+all directories matching "source*" in the current working directory. Note
+that the value for mask defaults to blank (equivalent to "*") and remains
+so until the mask command is used to change it. It retains the most recently
+specified value indefinitely. To avoid unexpected results it would be wise
+to change the value of .I mask back to "*" after using the mget or mput
+commands. md <directory name>See the mkdir command. mget <mask>Copy all files
+matching mask from the server to the machine running the client. Note that
+mask is interpreted differently during recursive operation and non-recursive
+operation - refer to the recurse and mask commands for more information.
+Note that all transfers in .B smbclient are binary. See also the lowercase
+command. mkdir <directory name>Create a new directory on the server (user
+access privileges permitting) with the specified name. mput <mask>Copy all
+files matching mask in the current working directory on the local machine
+to the current working directory on the server. Note that mask is interpreted
+differently during recursive operation and non-recursive operation - refer
+to the recurse and mask commands for more information. Note that all transfers
+in .B smbclient are binary. print <file name>Print the specified file from
+the local machine through a printable service on the server. See also the
+printmode command. printmode <graphics or text>Set the print mode to suit
+either binary data (such as graphical information) or text. Subsequent print
+commands will use the currently set print mode. promptToggle prompting for
+filenames during operation of the mget and mput commands. When toggled ON,
+the user will be prompted to confirm the transfer of each file during these
+commands. When toggled OFF, all specified files will be transferred without
+prompting. put <local file name> [remote file name]Copy the file called "local
+file name" from the machine running the client to the server. If specified,
+name the remote copy "remote file name". Note that all transfers in smbclient
+are binary. See also the lowercase command. queueDisplays the print queue,
+showing the job id, name, size and current status. quitSee the exit command.
+rd <directory name>See the rmdir command. recurseToggle directory recursion
+for the commands mget and mput. When toggled ON, these commands will process
+all directories in the source directory (i.e., the directory they are copying
+.IR from ) and will recurse into any that match the mask specified to the
+command. Only files that match the mask specified using the mask command
+will be retrieved. See also the mask command. When recursion is toggled OFF,
+only files from the current working directory on the source machine that
+match the mask specified to the mget or mput commands will be copied, and
+any mask specified using the mask command will be ignored. rm <mask>Remove
+all files matching mask from the current working directory on the server.
+rmdir <directory name>Remove the specified directory (user access privileges
+permitting) from the server. tar <c|x>[IXbgNa]Performs a tar operation - see
+the -T command line option above. Behavior may be affected by the tarmode
+command (see below). Using g (incremental) and N (newer) will affect tarmode
+settings. Note that using the "-" option with tar x may not work - use the
+command line option instead. blocksize <blocksize>Blocksize. Must be followed
+by a valid (greater than zero) blocksize. Causes tar file to be written
+out in blocksize*TBLOCK (usually 512 byte) blocks. tarmode <full|inc|reset|noreset>Changes
+tar's behavior with regard to archive bits. In full mode, tar will back up
+everything regardless of the archive bit setting (this is the default mode).
+In incremental mode, tar will only back up files with the archive bit set.
+In reset mode, tar will reset the archive bit on all files it backs up
+(implies read/write share). setmode <filename> <perm=[+|\-]rsha>A version of the
+DOS attrib command to set file permissions. For example: CWsetmode myfile
++r would make myfile read only.
+Notes
+Some servers are fussy about the case
+of supplied usernames, passwords, share names (AKA service names) and machine
+names. If you fail to connect try giving all parameters in uppercase.
+It
+is often necessary to use the -n option when connecting to some types of
+servers. For example OS/2 LanManager insists on a valid NetBIOS name being
+used, so you need to supply a valid name that would be known to the server.
+
+smbclient supports long file names where the server supports the LANMAN2
+protocol or above.
+Environment Variables
+The variable USER may contain the
+username of the person using the client. This information is used only
+if the protocol level is high enough to support session-level passwords.
+
+The variable PASSWD may contain the password of the person using the client.
+ This information is used only if the protocol level is high enough to
+support session-level passwords.
+Installation
+The location of the client program
+is a matter for individual system administrators. The following are thus
+suggestions only.
+It is recommended that the smbclient software be installed
+in the /usr/local/samba/bin or /usr/samba/bin directory, this directory
+readable by all, writeable only by root. The client program itself should
+be executable by all. The client should NOT be setuid or setgid!
+The client
+log files should be put in a directory readable and writeable only by the
+user.
+To test the client, you will need to know the name of a running SMB/CIFS
+server. It is possible to run smbd (8) an ordinary user - running that server
+as a daemon on a user-accessible port (typically any port number over 1024)
+would provide a suitable test server.
+Diagnostics
+Most diagnostics issued
+by the client are logged in a specified log file. The log file name is specified
+at compile time, but may be overridden on the command line.
+The number and
+nature of diagnostics available depends on the debug level used by the
+client. If you have problems, set the debug level to 3 and peruse the log
+files.
+Version
+This man page is correct for version 2.0 of the Samba suite.
+
+Author
+The original Samba software and related utilities were created by
+Andrew Tridgell samba@samba.org. Samba is now developed by the Samba Team
+as an Open Source project similar to the way the Linux kernel is developed.
+
+The original Samba man pages were written by Karl Auer. The man page sources
+were converted to YODL format (another excellent piece of Open Source software,
+available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba2.0
+release by Jeremy Allison. samba@samba.org.
+See samba (7) to find out how
+to get a full list of contributors and details on how to submit bug reports,
+comments etc. \ No newline at end of file
diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml
new file mode 100644
index 0000000000..95495000f3
--- /dev/null
+++ b/docs/docbook/manpages/smbpasswd.5.sgml
@@ -0,0 +1,136 @@
+
+Namesmbpasswd - The Samba encrypted password file
+Synopsis
+smbpasswd is the
+Samba encrypted password file.
+Description
+This file is part of the Samba
+suite.
+smbpasswd is the Samba encrypted password file. It contains the username,
+Unix user id and the SMB hashed passwords of the user, as well as account
+flag information and the time the password was last changed. This file format
+has been evolving with Samba and has had several different formats in the
+past.
+File Format
+The format of the smbpasswd file used by Samba 2.0 is very
+similar to the familiar Unix passwd (5) file. It is an ASCII file containing
+one line for each user. Each field within each line is separated from the
+next by a colon. Any entry beginning with # is ignored. The smbpasswd file
+contains the following information for each user:
+name
+
+This is the user name. It must be a name that already exists in the standard
+UNIX passwd file. uid
+
+This is the UNIX uid. It must match the uid field for the same user entry
+in the standard UNIX passwd file. If this does not match then Samba will
+refuse to recognize this smbpasswd file entry as being valid for a user.
+Lanman Password Hash
+
+This is the LANMAN hash of the users password, encoded as 32 hex digits.
+The LANMAN hash is created by DES encrypting a well known string with the
+users password as the DES key. This is the same password used by Windows
+95/98 machines. Note that this password hash is regarded as weak as it is
+vulnerable to dictionary attacks and if two users choose the same password
+this entry will be identical (i.e. the password is not "salted" as the UNIX
+password is). If the user has a null password this field will contain the
+characters CW"NO PASSWORD" as the start of the hex string. If the hex string
+is equal to 32 CW'X' characters then the users account is marked as disabled
+and the user will not be able to log onto the Samba server. WARNING !!. Note
+that, due to the challenge-response nature of the SMB/CIFS authentication
+protocol, anyone with a knowledge of this password hash will be able to
+impersonate the user on the network. For this reason these hashes are known
+as "plain text equivalent" and must NOT be made available to anyone but
+the root user. To protect these passwords the smbpasswd file is placed in
+a directory with read and traverse access only to the root user and the
+smbpasswd file itself must be set to be read/write only by root, with no
+other access. NT Password Hash
+
+This is the Windows NT hash of the users password, encoded as 32 hex digits.
+The Windows NT hash is created by taking the users password as represented
+in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321)
+hashing algorithm to it. This password hash is considered more secure than
+the Lanman Password Hash as it preserves the case of the password and uses
+a much higher quality hashing algorithm. However, it is still the case that
+if two users choose the same password this entry will be identical (i.e.
+the password is not "salted" as the UNIX password is). WARNING !!. Note that,
+due to the challenge-response nature of the SMB/CIFS authentication protocol,
+anyone with a knowledge of this password hash will be able to impersonate
+the user on the network. For this reason these hashes are known as "plain
+text equivalent" and must NOT be made available to anyone but the root
+user. To protect these passwords the smbpasswd file is placed in a directory
+with read and traverse access only to the root user and the smbpasswd file
+itself must be set to be read/write only by root, with no other access.
+Account Flags
+
+This section contains flags that describe the attributes of the users account.
+In the Samba2.0 release this field is bracketed by CW'[' and CW']' characters
+and is always 13 characters in length (including the CW'[' and CW']' characters).
+The contents of this field may be any of the characters. o'U' This means this
+is a "User" account, i.e. an ordinary user. Only User and Workstation Trust
+accounts are currently supported in the smbpasswd file. o'N' This means the
+account has no password (the passwords in the fields Lanman Password Hash
+and NT Password Hash are ignored). Note that this will only allow users
+to log on with no password if the null passwords parameter is set in the
+smb.conf (5) config file. o'D' This means the account is disabled and no SMB/CIFS
+logins will be allowed for this user. o'W' This means this account is a "Workstation
+Trust" account. This kind of account is used in the Samba PDC code stream
+to allow Windows NT Workstations and Servers to join a Domain hosted by
+a Samba PDC. Other flags may be added as the code is extended in future.
+The rest of this field space is filled in with spaces. Last Change Time
+
+This field consists of the time the account was last modified. It consists
+of the characters CWLCT- (standing for "Last Change Time") followed by a
+numeric encoding of the UNIX time in seconds since the epoch (1970) that
+the last change was made. Following fields
+
+All other colon separated fields are ignored at this time.
+Notes
+In previous
+versions of Samba (notably the 1.9.18 series) this file did not contain the
+Account Flags or Last Change Time fields. The Samba 2.0 code will read and
+write these older password files but will not be able to modify the old
+entries to add the new fields. New entries added with smbpasswd (8) will
+contain the new fields in the added accounts however. Thus an older smbpasswd
+file used with Samba 2.0 may end up with some accounts containing the new
+fields and some not.
+In order to convert from an old-style smbpasswd file
+to a new style, run the script convert_smbpasswd, installed in the Samba
+CWbin/ directory (the same place that the smbd and nmbd binaries are installed)
+as follows:
+
+
+
+
+
+ cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file
+
+
+
+
+
+The convert_smbpasswd script reads from stdin and writes to stdout so
+as not to overwrite any files by accident.
+Once this script has been run,
+check the contents of the new smbpasswd file to ensure that it has not
+been damaged by the conversion script (which uses awk), and then replace
+the CW<old smbpasswd file> with the CW<new smbpasswd file>.
+Version
+This man
+page is correct for version 2.0 of the Samba suite.
+See Also
+smbpasswd (8),
+samba (7), and the Internet RFC1321 for details on the MD4 algorithm.
+Author
+The
+original Samba software and related utilities were created by Andrew Tridgell
+samba@samba.org. Samba is now developed by the Samba Team as an Open Source
+project similar to the way the Linux kernel is developed.
+The original Samba
+man pages were written by Karl Auer. The man page sources were converted
+to YODL format (another excellent piece of Open Source software, available
+at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba2.0 release by
+Jeremy Allison, samba@samba.org.
+See samba (7) to find out how to get a full
+list of contributors and details on how to submit bug reports, comments
+etc. \ No newline at end of file
diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml
new file mode 100644
index 0000000000..15cb6ffff1
--- /dev/null
+++ b/docs/docbook/manpages/smbpasswd.8.sgml
@@ -0,0 +1,165 @@
+
+Namesmbpasswd - change a users SMB password
+Synopsis
+smbpasswd [-a] [-x] [-d]
+[-e] [-D debug level] [-n] [-r remote_machine] [-R name resolve order] [-m] [-j
+DOMAIN] [-U username] [-h] [-s] username
+Description
+This program is part of
+the Samba suite.
+The smbpasswd program has several different functions,
+depending on whether it is run by the root user or not. When run as a normal
+user it allows the user to change the password used for their SMB sessions
+on any machines that store SMB passwords.
+By default (when run with no arguments)
+it will attempt to change the current users SMB password on the local machine.
+This is similar to the way the passwd (1) program works. smbpasswd differs
+from how the passwd program works however in that it is not setuid root
+but works in a client-server mode and communicates with a locally running
+smbd. As a consequence in order for this to succeed the smbd daemon must
+be running on the local machine. On a UNIX machine the encrypted SMB passwords
+are usually stored in the smbpasswd (5) file.
+When run by an ordinary user
+with no options. smbpasswd will prompt them for their old smb password and
+then ask them for their new password twice, to ensure that the new password
+was typed correctly. No passwords will be echoed on the screen whilst being
+typed. If you have a blank smb password (specified by the string "NO PASSWORD"
+in the smbpasswd file) then just press the <Enter> key when asked for your
+old password.
+smbpasswd can also be used by a normal user to change their
+SMB password on remote machines, such as Windows NT Primary Domain Controllers.
+See the (-r) and -U options below.
+When run by root, smbpasswd allows new
+users to be added and deleted in the smbpasswd file, as well as allows
+changes to the attributes of the user in this file to be made. When run
+by root, smbpasswd accesses the local smbpasswd file directly, thus enabling
+changes to be made even if smbd is not running.
+Options
+-aThis option specifies
+that the username following should be added to the local smbpasswd file,
+with the new password typed (type <Enter> for the old password). This option
+is ignored if the username following already exists in the smbpasswd file
+and it is treated like a regular change password command. Note that the
+user to be added must already exist in the system password file (usually
+/etc/passwd) else the request to add the user will fail. This option is
+only available when running smbpasswd as root. -xThis option specifies that
+the username following should be deleted from the local smbpasswd file.
+This option is only available when running smbpasswd as root. -dThis option
+specifies that the username following should be disabled in the local smbpasswd
+file. This is done by writing a 'D' flag into the account control space in
+the smbpasswd file. Once this is done all attempts to authenticate via SMB
+using this username will fail. If the smbpasswd file is in the 'old' format
+(pre-Samba 2.0 format) there is no space in the users password entry to write
+this information and so the user is disabled by writing 'X' characters into
+the password space in the smbpasswd file. See smbpasswd (5) for details
+on the 'old' and new password file formats. This option is only available
+when running smbpasswd as root. -eThis option specifies that the username
+following should be enabled in the local smbpasswd file, if the account
+was previously disabled. If the account was not disabled this option has
+no effect. Once the account is enabled then the user will be able to authenticate
+via SMB once again. If the smbpasswd file is in the 'old' format then smbpasswd
+will prompt for a new password for this user, otherwise the account will
+be enabled by removing the 'D' flag from account control space in the smbpasswd
+file. See smbpasswd (5) for details on the 'old' and new password file formats.
+This option is only available when running smbpasswd as root. -D debugleveldebuglevel
+is an integer from 0 to 10. The default value if this parameter is not
+specified is zero. The higher this value, the more detail will be logged
+to the log files about the activities of smbpasswd. At level 0, only critical
+errors and serious warnings will be logged. Levels above 1 will generate
+considerable amounts of log data, and should only be used when investigating
+a problem. Levels above 3 are designed for use only by developers and generate
+HUGE amounts of log data, most of which is extremely cryptic. -nThis option
+specifies that the username following should have their password set to
+null (i.e. a blank password) in the local smbpasswd file. This is done by
+writing the string "NO PASSWORD" as the first part of the first password
+stored in the smbpasswd file. Note that to allow users to logon to a Samba
+server once the password has been set to "NO PASSWORD" in the smbpasswd
+file the administrator must set the following parameter in the [global]
+section of the smb.conf file : null passwords = true This option is only
+available when running smbpasswd as root. -r remote machine nameThis option
+allows a user to specify what machine they wish to change their password
+on. Without this parameter smbpasswd defaults to the local host. The "remote
+machine name" is the NetBIOS name of the SMB/CIFS server to contact to
+attempt the password change. This name is resolved into an IP address using
+the standard name resolution mechanism in all programs of the Samba suite.
+See the -R name resolve order parameter for details on changing this resolving
+mechanism. The username whose password is changed is that of the current
+UNIX logged on user. See the -U username parameter for details on changing
+the password for a different username. Note that if changing a Windows NT
+Domain password the remote machine specified must be the Primary Domain
+Controller for the domain (Backup Domain Controllers only have a read-only
+copy of the user account database and will not allow the password change).
+Note that Windows 95/98 do not have a real password database so it is not
+possible to change passwords specifying a Win95/98 machine as remote machine
+target. -R name resolve orderThis option allows the user of smbclient to
+determine what name resolution services to use when looking up the NetBIOS
+name of the host being connected to. The options are :"lmhosts", "host",
+"wins" and "bcast". They cause names to be resolved as follows : olmhosts
+: Lookup an IP address in the Samba lmhosts file. ohost : Do a standard
+host name to IP address resolution, using the system /etc/hosts, NIS, or
+DNS lookups. This method of name resolution is operating system dependent.
+For instance on IRIX or Solaris, this may be controlled by the /etc/nsswitch.conf
+file). owins : Query a name with the IP address listed in the wins server
+parameter in the smb.conf file. If no WINS server has been specified this
+method will be ignored. obcast : Do a broadcast on each of the known local
+interfaces listed in the interfaces parameter in the smb.conf file. This
+is the least reliable of the name resolution methods as it depends on the
+target host being on a locally connected subnet. If this parameter is not
+set then the name resolve order defined in the smb.conf file parameter
+name resolve order will be used. The default order is lmhosts, host, wins,
+bcast and without this parameter or any entry in the smb.conf file the
+name resolution methods will be attempted in this order. -mThis option tells
+smbpasswd that the account being changed is a MACHINE account. Currently
+this is used when Samba is being used as an NT Primary Domain Controller.
+PDC support is not a supported feature in Samba2.0 but will become supported
+in a later release. If you wish to know more about using Samba as an NT
+PDC then please subscribe to the mailing list samba-ntdom@samba.org. This
+option is only available when running smbpasswd as root. -j DOMAINThis option
+is used to add a Samba server into a Windows NT Domain, as a Domain member
+capable of authenticating user accounts to any Domain Controller in the
+same way as a Windows NT Server. See the security=domain option in the smb.conf
+(5) man page. In order to be used in this way, the Administrator for the
+Windows NT Domain must have used the program "Server Manager for Domains"
+to add the primary NetBIOS name of the Samba server as a member of the
+Domain. After this has been done, to join the Domain invoke smbpasswd with
+this parameter. smbpasswd will then look up the Primary Domain Controller
+for the Domain (found in the smb.conf file in the parameter password server
+and change the machine account password used to create the secure Domain
+communication. This password is then stored by smbpasswd in a file, read
+only by root, called CW<Domain>.<Machine>.mac where CW<Domain> is the name of the
+Domain we are joining and CW<Machine> is the primary NetBIOS name of the
+machine we are running on. Once this operation has been performed the smb.conf
+file may be updated to set the security=domain option and all future logins
+to the Samba server will be authenticated to the Windows NT PDC. Note that
+even though the authentication is being done to the PDC all users accessing
+the Samba server must still have a valid UNIX account on that machine. This
+option is only available when running smbpasswd as root. -U usernameThis
+option may only be used in conjunction with the -r option. When changing
+a password on a remote machine it allows the user to specify the user name
+on that machine whose password will be changed. It is present to allow users
+who have different user names on different systems to change these passwords.
+-hThis option prints the help string for smbpasswd, selecting the correct
+one for running as root or as an ordinary user. -sThis option causes smbpasswd
+to be silent (i.e. not issue prompts) and to read it's old and new passwords
+from standard input, rather than from CW/dev/tty (like the passwd (1)
+program does). This option is to aid people writing scripts to drive smbpasswd
+usernameThis specifies the username for all of the root only options to
+operate on. Only root can specify this parameter as only root has the permission
+needed to modify attributes directly in the local smbpasswd file. NotesSince
+smbpasswd works in client-server mode communicating with a local smbd for
+a non-root user then the smbd daemon must be running for this to work. A
+common problem is to add a restriction to the hosts that may access the
+smbd running on the local machine by specifying a "allow hosts" or "deny
+hosts" entry in the smb.conf file and neglecting to allow "localhost" access
+to the smbd. In addition, the smbpasswd command is only useful if Samba
+has been set up to use encrypted passwords. See the file ENCRYPTION.txt in
+the docs directory for details on how to do this. VersionThis man page is
+correct for version 2.0 of the Samba suite. AuthorThe original Samba software
+and related utilities were created by Andrew Tridgell samba@samba.org. Samba
+is now developed by the Samba Team as an Open Source project similar to
+the way the Linux kernel is developed. The original Samba man pages were
+written by Karl Auer. The man page sources were converted to YODL format
+(another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/)
+and updated for the Samba2.0 release by Jeremy Allison. samba@samba.org. See
+samba (7) to find out how to get a full list of contributors and details
+on how to submit bug reports, comments etc. \ No newline at end of file