diff options
Diffstat (limited to 'docs/htmldocs')
-rw-r--r-- | docs/htmldocs/LDAP.html | 147 | ||||
-rw-r--r-- | docs/htmldocs/debug2html.1.html | 68 | ||||
-rw-r--r-- | docs/htmldocs/rpcclient.1.html | 651 |
3 files changed, 0 insertions, 866 deletions
diff --git a/docs/htmldocs/LDAP.html b/docs/htmldocs/LDAP.html deleted file mode 100644 index 1cc8f8213f..0000000000 --- a/docs/htmldocs/LDAP.html +++ /dev/null @@ -1,147 +0,0 @@ - - - - -<html><head><title>LDAP Support in Samba</title> - -<link rev="made" href="mailto:samba-bugs@samba.org"> -</head> -<body> - -<hr> - -<h1>LDAP Support in Samba</h1> -<h2>Matthew Chapman</h2> -<h2>29th November 1998 -<p> <hr> <h2> -WARNING: This is experimental code. Use at your own risk, and please report -any bugs (after reading BUGS.txt). -</h2> <br> -</h2> - - -<a href="LDAP.html#l1"><h2>1: What is LDAP?</h2> </a> -<a href="LDAP.html#l2"><h2>2: Why LDAP and Samba?</h2> </a> -<a href="LDAP.html#l3"><h2>3: Using LDAP with Samba</h2> </a> -<a href="LDAP.html#l4"><h2>4: Using LDAP for Unix authentication</h2> </a> -<a href="LDAP.html#l5"><h2>5: Compatibility with Active Directory</h2> </a> - -<p><hr><p><br> -<p> - <a name="l1"></a> -<h2>1: What is LDAP?</h2> -A directory is a type of hierarchical database optimised for simple query -operations, often used for storing user information. LDAP is the -Lightweight Directory Access Protocol, a protocol which is rapidly -becoming the Internet standard for accessing directories.<p> - Many client applications now support LDAP (including Microsoft's Active -Directory), and there are a number of servers available. The most popular -implementation for Unix is from the <em>University of Michigan</em>; its -homepage is at <a href="http://www.umich.edu/~dirsvcs/ldap/"><code>http://www.umich.edu/~dirsvcs/ldap/</code></a>.<p> - Information in an LDAP tree always comes in <code>attribute=value</code> pairs. -The following is an example of a Samba user entry:<p> - <pre> -uid=jbloggs, dc=samba, dc=org -objectclass=sambaAccount -uid=jbloggs -cn=Joe Bloggs -description=Samba User -uidNumber=500 -gidNumber=500 -rid=2000 -grouprid=2001 -lmPassword=46E389809F8D55BB78A48108148AD508 -ntPassword=1944CCE1AD6F80D8AEC9FC5BE77696F4 -pwdLastSet=35C11F1B -smbHome=\\samba1\jbloggs -homeDrive=Z -script=logon.bat -profile=\\samba1\jbloggs\profile -workstations=JOE -</pre> -<p> - Note that the top line is a special set of attributes called a -<em>distinguished name</em> which identifies the location of this entry beneath -the directory's root node. Recent Internet standards suggest the use of -domain-based naming using <code>dc</code> attributes (for instance, a microsoft.com -directory should have a root node of <code>dc=microsoft, dc=com</code>), although -this is not strictly necessary for isolated servers.<p> - There are a number of LDAP-related FAQ's on the internet, although -generally the best source of information is the documentation for the -individual servers.<p> - <br> -<a name="l2"></a> -<h2>2: Why LDAP and Samba?</h2><p> - Using an LDAP directory allows Samba to store user and group information -more reliably and flexibly than the current combination of smbpasswd, -smbgroup, groupdb and aliasdb with the Unix databases. If a need emerges -for extra user information to be stored, this can easily be added without -loss of backwards compatibility.<p> - In addition, the Samba LDAP schema is compatible with RFC2307, allowing -Unix password database information to be stored in the same entries. This -provides a single, consistent repository for both Unix and Windows user -information.<p> - <br> -<a name="l3"></a> -<h2>3: Using LDAP with Samba</h2><p> - <ol><p> - <li> Install and configure an LDAP server if you do not already have -one. You should read your LDAP server's documentation and set up the -configuration file and access control as desired.<p> - <li> Build Samba (latest CVS is required) with:<p> - <pre> - ./configure --with-ldap - make clean; make install -</pre> -<p> - <li> Add the following options to the global section of <code>smb.conf</code> as -required.<p> - <ul> -<li><strong>ldap suffix</strong><p> - This parameter specifies the node of the LDAP tree beneath which -Samba should store its information. This parameter MUST be provided -when using LDAP with Samba.<p> - <strong>Default:</strong> <code>none</code><p> - <strong>Example:</strong> <code>ldap suffix = "dc=mydomain, dc=org"</code><p> - <li><strong>ldap bind as</strong><p> - This parameter specifies the entity to bind to an LDAP directory as. -Usually it should be safe to use the LDAP root account; for larger -installations it may be preferable to restrict Samba's access.<p> - <strong>Default:</strong> <code>none (bind anonymously)</code><p> - <strong>Example:</strong> <code>ldap bind as = "uid=root, dc=mydomain, dc=org"</code><p> - <li><strong>ldap passwd file</strong><p> - This parameter specifies a file containing the password with which -Samba should bind to an LDAP server. For obvious security reasons -this file must be set to mode 700 or less.<p> - <strong>Default:</strong> <code>none (bind anonymously)</code><p> - <strong>Example:</strong> <code>ldap passwd file = /usr/local/samba/private/ldappasswd</code><p> - <li><strong>ldap server</strong><p> - This parameter specifies the DNS name of the LDAP server to use -when storing and retrieving information about Samba users and -groups.<p> - <strong>Default:</strong> <code>ldap server = localhost</code><p> - <li><strong>ldap port</strong><p> - This parameter specifies the TCP port number of the LDAP server.<p> - <strong>Default:</strong> <code>ldap port = 389</code><p> - </ul><p> - <li> You should then be able to use the normal smbpasswd(8) command for -account administration (or User Manager in the near future).<p> - </ol><p> - <br> -<a name="l4"></a> -<h2>4: Using LDAP for Unix authentication</h2><p> - The Samba LDAP code was designed to utilise RFC2307-compliant directory -entries if available. RFC2307 is a proposed standard for LDAP user -information which has been adopted by a number of vendors. Further -information is available at <a href="http://www.xedoc.com.au/~lukeh/ldap"><code>http://www.xedoc.com.au/~lukeh/ldap/</code></a>.<p> - Of particular interest is Luke Howard's nameservice switch module -(nss_ldap) and PAM module (pam_ldap) implementing this standard, providing -LDAP-based password databases for Unix. If you are setting up a server to -provide integrated Unix/NT services than these are worth investigating.<p> - <br> -<a name="l5"></a> -<h2>5: Compatibility with Active Directory</h2><p> - The current implementation is not designed to be used with Microsoft -Active Directory, although compatibility may be added in the future.<p> - </body> -</html> diff --git a/docs/htmldocs/debug2html.1.html b/docs/htmldocs/debug2html.1.html deleted file mode 100644 index d0d6373a3d..0000000000 --- a/docs/htmldocs/debug2html.1.html +++ /dev/null @@ -1,68 +0,0 @@ - - - - - -<html><head><title>debug2html(1)</title> - -<link rev="made" href="mailto:samba-bugs@samba.org"> -</head> -<body> - -<hr> - -<h1>debug2html(1)</h1> -<h2>Samba</h2> -<h2>29 Dec 1998</h2> - - - - -<p><br><a name="NAME"></a> -<h2>NAME</h2> - debug2html - Samba DEBUG to HTML translation filter -<p><br><a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> - -<p><br>debug2html [input-file [output-file]] -<p><br><a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> - -<p><br>This program is part of the <strong>Samba</strong> suite. -<p><br><strong>debug2html</strong> generates HTML files from Samba log files. Log files -produced by <strong>nmbd</strong>(8) or <strong>smbd</strong>(8) may then be viewed by a web -browser. The output conforms to the HTML 3.2 specification. -<p><br>The filenames specified on the command line are optional. If the -output-file is ommitted, output will go to <strong>stdout</strong>. If the input-file -is ommitted, <strong>debug2html</strong> will read from <strong>stdin</strong>. The filename "-" -can be used to indicate that input should be read from <strong>stdin</strong>. For -example: -<p><br><code>cat /usr/local/samba/var/log.nmb | debug2html - nmblog.html</code> <br> -<p><br><a name="VERSION"></a> -<h2>VERSION</h2> - -<p><br>This man page is correct for version 2.0 of the Samba suite. -<p><br><a name="SEEALSO"></a> -<h2>SEE ALSO</h2> - -<p><br><a href="nmbd.8.html"><strong>nmbd</strong>(8)</a>, <a href="smbd.8.html"><strong>smbd</strong>(8)</a>, -<a href="samba.7.html"><strong>samba</strong>(7)</a>. -<p><br><a name="AUTHOR"></a> -<h2>AUTHOR</h2> - -<p><br>The original Samba software and related utilities were created by -Andrew Tridgell <a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>. Samba is now developed -by the Samba Team as an Open Source project similar to the way the -Linux kernel is developed. -<p><br>The original Samba man pages were written by Karl Auer. The man page -sources were converted to YODL format (another excellent piece of Open -Source software, available at -<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>) -and updated for the Samba2.0 release by Jeremy Allison. -<a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>. -<p><br><strong>debug2html</strong> was added by Chris Hertel. -<p><br>See <a href="samba.7.html"><strong>samba</strong>(7)</a> to find out how to get a full -list of contributors and details on how to submit bug reports, -comments etc. -</body> -</html> diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html deleted file mode 100644 index 6e5cf88866..0000000000 --- a/docs/htmldocs/rpcclient.1.html +++ /dev/null @@ -1,651 +0,0 @@ - - - - - -<html><head><title>rpcclient (1)</title> - -<link rev="made" href="mailto:samba-bugs@samba.org"> -</head> -<body> - -<hr> - -<h1>rpcclient (1)</h1> -<h2>Samba</h2> -<h2>23 Oct 1998</h2> - - - - -<p><br><a name="NAME"></a> -<h2>NAME</h2> - rpcclient - utility to manage MSRPC resources on servers -<p><br><a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> - -<p><br><strong>rpcclient</strong> -[<a href="rpcclient.1.html#password">password</a>] -<a href="rpcclient.1.html#servername">-S servername</a> -[<a href="rpcclient.1.html#minusU">-U [username][%][password]</a>] -[<a href="rpcclient.1.html#minusW">-W domain</a>] -[<a href="rpcclient.1.html#minusl">-l log basename</a>] -[<a href="rpcclient.1.html#minusd">-d debuglevel</a>] -[<a href="rpcclient.1.html#minusO">-O socket options</a>] -[<a href="rpcclient.1.html#minusi">-i scope</a>] -[<a href="rpcclient.1.html#minusN">-N</a>] -[<a href="rpcclient.1.html#minusn">-n NetBIOS name</a>] -[<a href="rpcclient.1.html#minush">-h</a>] -[<a href="rpcclient.1.html#minusI">-I dest IP</a>] -[<a href="rpcclient.1.html#minusE">-E</a>] -[<a href="rpcclient.1.html#minust">-t terminal code</a>] -[<a href="rpcclient.1.html#minusc">-c command string</a>] -[<a href="rpcclient.1.html#minusB">-B IP addr</a>] -[<a href="rpcclient.1.html#minuss">-s smb.conf</a>] -[<a href="rpcclient.1.html#minusm">-m max protocol</a>] -<p><br><a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> - -<p><br>This program is part of the <strong>Samba</strong> suite. -<p><br><strong>rpcclient</strong> is a client that can 'talk' to an SMB/CIFS MSRPC server. -Operations include things like managing a SAM Database (users, groups -and aliases) in the same way as the Windows NT programs -<strong>User Manager for Domains</strong> and <strong>Server Manager for Domains</strong>; -managing a remote registry in the same way as the Windows NT programs -<strong>REGEDT32.EXE</strong> and <strong>REGEDIT.EXE</strong>; viewing a remote event log (same -as <strong>EVENTVWR.EXE</strong>) etc. -<p><br>Typical usage is like this: <br> -<code>rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log</code> -<br> -<p><br><a name="OPTIONS"></a> -<h2>OPTIONS</h2> - -<p><br><ul> -<p><br><a name="servername"></a> -<li><strong><strong>servername</strong></strong> servername is the name of the server you want -to use on the server. This should be the NetBIOS name of the SMB/CIFS -server, which can be <strong>*SMBSERVER</strong> on Windows NT 4.0 or Samba Servers. -<p><br>Note that the server name required is NOT necessarily the IP (DNS) -host name of the server! The name required is a NetBIOS server name, -which may or may not be the same as the IP hostname of the machine -running the server. Also, remember that having a period in a NetBIOS -name (such as an IP hostname) may cause connectivity problems on your -network: NT tends to strip NetBIOS names from the leading period -onwards. -<p><br>The server name is looked up according to either the -<a href="rpcclient.1.html#minusR"><strong>-R</strong></a> parameter to <strong>rpcclient</strong> or using the -<a href="smb.conf.5.html#nameresolveorder"><strong>name resolve order</strong></a> -parameter in the smb.conf file, allowing an administrator to change -the order and methods by which server names are looked up. -<p><br><a name="password"></a> -<li><strong><strong>password</strong></strong> password is the password required to access the -specified service on the specified server. If this parameter is -supplied, the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option (suppress password prompt) is assumed. -<p><br>There is no default password. If no password is supplied on the -command line (either by using this parameter or adding a password to -the <a href="rpcclient.1.html#minusU"><strong>-U</strong></a> option (see below)) and the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option is not specified, -the client will prompt for a password, even if the desired service -does not require one. (If no password is required, simply press ENTER -to provide a null password.) -<p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. -<p><br>Be cautious about including passwords in scripts. -<p><br><a name="minuss"></a> -<li><strong><strong>-s smb.conf</strong></strong> This parameter specifies the pathname to the -Samba configuration file, smb.conf. This file controls all aspects of -the Samba setup on the machine and rpcclient also needs to read this -file. -<p><br><a name="minusB"></a> -<li><strong><strong>-B IP addr</strong></strong> The IP address to use when sending a broadcast packet. -<p><br><a name="minusO"></a> -<li><strong><strong>-O socket options</strong></strong> TCP socket options to set on the client -socket. See the <a href="smb.conf.5.html#socketoptions">socket options</a> -parameter in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> manpage for -the list of valid options. -<p><br><a name="minusR"></a> -<li><strong><strong>-R name resolve order</strong></strong> This option allows the user of -rpcclient to determine what name resolution services to use when -looking up the NetBIOS name of the host being connected to. -<p><br>The options are :"lmhosts", "host", "wins" and "bcast". They cause -names to be resolved as follows : -<p><br><ul> -<p><br><li > <strong>lmhosts</strong> : Lookup an IP address in the Samba lmhosts file. -The lmhosts file is stored in the same directory as the -<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. -<p><br><li > <strong>host</strong> : Do a standard host name to IP address resolution, -using the system /etc/hosts, NIS, or DNS lookups. This method of name -resolution is operating system depended for instance on IRIX or -Solaris this may be controlled by the <em>/etc/nsswitch.conf</em> file). -<p><br><li > <strong>wins</strong> : Query a name with the IP address listed in the <a href="smb.conf.5.html#winsserver"><strong>wins -server</strong></a> parameter in the smb.conf file. If -no WINS server has been specified this method will be ignored. -<p><br><li > <strong>bcast</strong> : Do a broadcast on each of the known local interfaces -listed in the <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter -in the smb.conf file. This is the least reliable of the name resolution -methods as it depends on the target host being on a locally connected -subnet. To specify a particular broadcast address the <a href="rpcclient.1.html#minusB"><strong>-B</strong></a> option -may be used. -<p><br></ul> -<p><br>If this parameter is not set then the name resolve order defined -in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file parameter -<a href="smb.conf.5.html#nameresolveorder">(<strong>name resolve order</strong>)</a> -will be used. -<p><br>The default order is lmhosts, host, wins, bcast and without this -parameter or any entry in the <a href="smb.conf.5.html#nameresolveorder"><strong>"name resolve -order"</strong></a> parameter of the -<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file the name resolution methods -will be attempted in this order. -<p><br><a name="minusi"></a> -<li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that rpcclient will use -to communicate with when generating NetBIOS names. For details on the -use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes -are <em>very</em> rarely used, only set this parameter if you are the -system administrator in charge of all the NetBIOS systems you -communicate with. -<p><br><a name="minusN"></a> -<li><strong><strong>-N</strong></strong> If specified, this parameter suppresses the normal -password prompt from the client to the user. This is useful when -accessing a service that does not require a password. -<p><br>Unless a password is specified on the command line or this parameter -is specified, the client will request a password. -<p><br><a name="minusn"></a> -<li><strong><strong>-n NetBIOS name</strong></strong> By default, the client will use the local -machine's hostname (in uppercase) as its NetBIOS name. This parameter -allows you to override the host name and use whatever NetBIOS name you -wish. -<p><br><a name="minusd"></a> -<li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10, or the -letter 'A'. -<p><br>The default value if this parameter is not specified is zero. -<p><br>The higher this value, the more detail will be logged to the log files -about the activities of the client. At level 0, only critical errors -and serious warnings will be logged. Level 1 is a reasonable level for -day to day running - it generates a small amount of information about -operations carried out. -<p><br>Levels above 1 will generate considerable amounts of log data, and -should only be used when investigating a problem. Levels above 3 are -designed for use only by developers and generate HUGE amounts of log -data, most of which is extremely cryptic. If debuglevel is set to the -letter 'A', then <em>all</em> debug messages will be printed. This setting -is for developers only (and people who <em>really</em> want to know how the -code works internally). -<p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log -level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf -(5)</strong></a> file. -<p><br><a name="minusp"></a> -<li><strong><strong>-p port</strong></strong> This number is the TCP port number that will be used -when making connections to the server. The standard (well-known) TCP -port number for an SMB/CIFS server is 139, which is the default. -<p><br><a name="minusl"></a> -<li><strong><strong>-l logfilename</strong></strong> If specified, logfilename specifies a base -filename into which operational data from the running client will be -logged. -<p><br>The default base name is specified at compile time. -<p><br>The base name is used to generate actual log file names. For example, -if the name specified was "log", the debug file would be -<code>log.client</code>. -<p><br>The log file generated is never removed by the client. -<p><br><a name="minush"></a> -<li><strong><strong>-h</strong></strong> Print the usage message for the client. -<p><br><a name="minusI"></a> -<li><strong><strong>-I IP address</strong></strong> IP address is the address of the server to -connect to. It should be specified in standard "a.b.c.d" notation. -<p><br>Normally the client would attempt to locate a named SMB/CIFS server by -looking it up via the NetBIOS name resolution mechanism described -above in the <a href="rpcclient.1.html#minusR"><strong>name resolve order</strong></a> parameter -above. Using this parameter will force the client to assume that the -server is on the machine with the specified IP address and the NetBIOS -name component of the resource being connected to will be ignored. -<p><br>There is no default for this parameter. If not supplied, it will be -determined automatically by the client as described above. -<p><br><a name="minusE"></a> -<li><strong><strong>-E</strong></strong> This parameter causes the client to write messages to the -standard error stream (stderr) rather than to the standard output -stream. -<p><br>By default, the client writes messages to standard output - typically -the user's tty. -<p><br>Note that by default, debug information is always sent to stderr. -Debug information can instead be sent to a file, using the -<a href="rpcclient.1.html#minusl">-l log basename</a> option. -<p><br><a name="minusU"></a> -<li><strong><strong>-U username</strong></strong> This specifies the user name that will be used by -the client to make a connection, assuming your server is not a downlevel -server that is running a protocol level that uses passwords on shares, -not on usernames. -<p><br>Some servers are fussy about the case of this name, and some insist -that it must be a valid NetBIOS name. -<p><br>If no username is supplied, it will default to an uppercase version of -the environment variable <code>USER</code> or <code>LOGNAME</code> in that order. If no -username is supplied and neither environment variable exists the -username "GUEST" will be used. -<p><br>If the <code>USER</code> environment variable contains a '%' character, -everything after that will be treated as a password. This allows you -to set the environment variable to be <code>USER=username%password</code> so -that a password is not passed on the command line (where it may be -seen by the ps command). -<p><br>If the service you are connecting to requires a password, it can be -supplied using the <a href="rpcclient.1.html#minusU"><strong>-U</strong></a> option, by appending a percent symbol ("%") -then the password to username. For example, to attach to a service as -user <code>"fred"</code> with password <code>"secret"</code>, you would specify. <br> -<p><br><code>-U fred%secret</code> <br> -<p><br>on the command line. Note that there are no spaces around the percent -symbol. -<p><br>If you specify the password as part of username then the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option -(suppress password prompt) is assumed. -<p><br>If you specify the password as a parameter <em>AND</em> as part of username -then the password as part of username will take precedence. Putting -nothing before or nothing after the percent symbol will cause an empty -username or an empty password to be used, respectively. -<p><br>The password may also be specified by setting up an environment -variable called <code>PASSWORD</code> that contains the users password. Note -that this may be very insecure on some systems but on others allows -users to script rpcclient commands without having a password appear in -the command line of a process listing. -<p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. -<p><br>Be cautious about including passwords in scripts or in the -<code>PASSWORD</code> environment variable. Also, on many systems the command -line of a running process may be seen via the <code>ps</code> command to be -safe always allow rpcclient to prompt for a password and type it in -directly. -<p><br><a name="minust"></a> -<li><strong><strong>-t terminal code</strong></strong> This option tells rpcclient how to interpret -filenames coming from the remote server. Usually Asian language -multibyte UNIX implementations use different character sets than -SMB/CIFS servers (<em>EUC</em> instead of <em>SJIS</em> for example). Setting -this parameter will let rpcclient convert between the UNIX filenames -and the SMB filenames correctly. This option has not been seriously -tested and may have some problems. -<p><br>The terminal codes include <code>sjis</code>, <code>euc</code>, <code>jis7</code>, <code>jis8</code>, -<code>junet</code>, <code>hex</code>, <code>cap</code>. This is not a complete list, check the -Samba source code for the complete list. -<p><br><a name="minusm"></a> -<li><strong><strong>-m max protocol level</strong></strong> With the new code in Samba2.0, -<strong>rpcclient</strong> always attempts to connect at the maximum -protocols level the server supports. This parameter is -preserved for backwards compatibility, but any string -following the <strong>-m</strong> will be ignored. -<p><br><a name="minusW"></a> -<li><strong><strong>-W Domain</strong></strong> Override the default Domain, which is the remote server's -Domain. This option may be needed to connect to some servers. It is also -possible to specify the remote server name as the Domain, which will -force the username and password to be authenticated against the remote -server's local SAM instead of the Domain SAM. -<p><br><a name="minusc"></a> -<li><strong><strong>-c command string</strong></strong> command string is a semicolon separated -list of commands to be executed instead of prompting from stdin. -<a href="rpcclient.1.html#minusN"><strong>-N</strong></a> is implied by <strong>-c</strong>. -<p><br>This is particularly useful in scripts, e.g. <code>-c 'lsaquery; enumusers -u'</code>. -<p><br></ul> -<p><br><a name="OPERATIONS"></a> -<h2>OPERATIONS</h2> - -<p><br>Once the client is running, the user is presented with a prompt : -<p><br><code>smb:\></code> -<p><br>The prompt indicates that the client is ready and waiting to carry out -a user command. Each command is a single word, optionally followed by -parameters specific to that command. Command and parameters are -space-delimited unless these notes specifically state otherwise. All -commands are case-insensitive. Parameters to commands may or may not -be case sensitive, depending on the command. -<p><br>You can specify names (e.g registry keys; user or group names; -service names) which have spaces in them by quoting the -name with double quotes, for example "dRMON SmartAgent". -<p><br>Parameters shown in square brackets (e.g., "[parameter]") are -optional. If not given, the command will use suitable -defaults. Parameters shown in angle brackets (e.g., "<parameter>") are -required. -<p><br>Note that all commands operating on the server are actually performed -by issuing a request to the server. Thus the behavior may vary from -server to server, depending on how the server was implemented. -<p><br>The commands available are listed in groups relating to different services: -<p><br><ul> -<p><br><li><strong>Misccellaneous</strong> -<p><br><ul> -<p><br><a name="questionmark"></a> <li><strong><strong>? [command]</strong></strong> If "command" is specified, - the <strong>?</strong> command will display a brief informative message about the - specified command. If no command is specified, a list of available - commands will be displayed. -<p><br><a name="exclaimationmark"></a> <li><strong><strong>! [shell command]</strong></strong> If "shell command" - is specified, the <strong>!</strong> command will execute a shell locally and run - the specified shell command. If no command is specified, a local shell - will be run. -<p><br><a name="exit"></a> <li><strong><strong>exit</strong></strong> Terminate the connection with the server and - exit from the program. -<p><br><a name="help"></a> <li><strong><strong>help [command]</strong></strong> See the <a href="rpcclient.1.html#questionmark"><strong>?</strong></a> - command above. -<p><br><a name="quit"></a> <li><strong><strong>quit</strong></strong> See the <a href="rpcclient.1.html#exit"><strong>exit</strong></a> command. -<p><br></ul> -<p><br><li><strong>Event Log</strong> -<p><br><ul> -<p><br><a name="eventlog"></a> <li><strong><strong>eventlog</strong></strong> - list the events -<p><br></ul> -<p><br><li><strong>Service Control</strong> -<p><br>These commands provide functionality similar to the Windows - NT Service Control Manager. -<p><br>It is possible to use command-line completion (if you have - the GNU readline library) for Service names, by pressing the - tab key. -<p><br><ul> -<p><br><a name="svcenum"></a> <li><strong><strong>svcenum</strong></strong> - [-i] Lists Services. -<p><br><a name="svcinfo"></a> <li><strong><strong>svcinfo</strong></strong> - <service> Service Information -<p><br><a name="svcstart"></a> <li><strong><strong>svcstart</strong></strong> - <service> [arg 0] [arg 1] ... Start Service -<p><br><a name="svcstop"></a> <li><strong><strong>svcstop</strong></strong> - <service> Stop Service -<p><br></ul> -<p><br><li><strong>Scheduler</strong> -<p><br><ul> -<p><br><a name="at"></a> <li><strong><strong>at</strong></strong> - Scheduler control (at /? for syntax) -<p><br></ul> -<p><br><li><strong>Registry</strong> -<p><br>It is possible to use command-line completion (if you have - the GNU readline library) for registry key and value names, - by pressing the tab key. -<p><br><ul> -<p><br><a name="regenum"></a> <li><strong><strong>regenum</strong></strong> - <keyname> Registry Enumeration (keys, values) -<p><br><a name="regdeletekey"></a> <li><strong><strong>regdeletekey</strong></strong> - <keyname> Registry Key Delete -<p><br><a name="regcreatekey"></a> <li><strong><strong>regcreatekey</strong></strong> - <keyname> [keyclass] Registry Key Create -<p><br><a name="shutdown"></a> <li><strong><strong>shutdown</strong></strong> - [-m message] [-t timeout] [-r or --reboot] Server Shutdown -<p><br><a name="regqueryval"></a> <li><strong><strong>regqueryval</strong></strong> - <valname> Registry Value Query -<p><br><a name="regquerykey"></a> <li><strong><strong>regquerykey</strong></strong> - <keyname> Registry Key Query -<p><br><a name="regdeleteval"></a> <li><strong><strong>regdeleteval</strong></strong> - <valname> Registry Value Delete -<p><br><a name="regcreateval"></a> <li><strong><strong>regcreateval</strong></strong> - <valname> <valtype> <value> Registry Key Create -<p><br><a name="reggetsec"></a> <li><strong><strong>reggetsec</strong></strong> - <keyname> Registry Key Security -<p><br><a name="regtestsec"></a> <li><strong><strong>regtestsec</strong></strong> - <keyname> Test Registry Key Security -<p><br></ul> -<p><br><li><strong>Printing</strong> -<p><br>It is possible to use command-line completion (if you have - the GNU readline library) for Printer and job names, by - pressing the tab key. -<p><br><ul> -<p><br><a name="spoolenum"></a> <li><strong><strong>spoolenum</strong></strong> - Enumerate Printers. This experimental command lists - all printers available on a remote spooler service. -<p><br><a name="spooljobs"></a> <li><strong><strong>spooljobs</strong></strong> - <printer name> Enumerate Printer Jobs. This - experimental command lists all jobs, and their - status, currently queued on a remote spooler - service. -<p><br><a name="spoolopen"></a> <li><strong><strong>spoolopen</strong></strong> - <printer name> Spool Printer Open Test. Experimental. -<p><br></ul> -<p><br><li><strong>Server</strong> -<p><br><ul> -<p><br><a name="time"></a> <li><strong><strong>time</strong></strong> - Display remote time -<p><br><a name="brsinfo"></a> <li><strong><strong>brsinfo</strong></strong> - Browser Query Info -<p><br><a name="wksinfo"></a> <li><strong><strong>wksinfo</strong></strong> - Workstation Query Info -<p><br><a name="srvinfo"></a> <li><strong><strong>srvinfo</strong></strong> - Server Query Info -<p><br><a name="srvsessions"></a> <li><strong><strong>srvsessions</strong></strong> - List sessions on a server -<p><br><a name="srvshares"></a> <li><strong><strong>srvshares</strong></strong> - List shares on a server -<p><br><a name="srvtransports"></a> <li><strong><strong>srvtransports</strong></strong> - List transports on a server -<p><br><a name="srvconnections"></a> <li><strong><strong>srvconnections</strong></strong> - List connections on a server -<p><br><a name="srvfiles"></a> <li><strong><strong>srvfiles</strong></strong> - List files on a server -<p><br></ul> -<p><br><li><strong>Local Security Authority</strong> -<p><br><ul> -<p><br><a name="lsaquery"></a> <li><strong><strong>lsaquery</strong></strong> - Query Info Policy (domain member or server). Obtains - the SID and name of the SAM database that a server - is responsible for (i.e a workstation's local SAM - database or the PDC SAM database). Also obtains the - SID and name of the SAM database that a server is - a member of. -<p><br><a name="lsaenumdomains"></a> <li><strong><strong>lsaenumdomains</strong></strong> - Enumerate Trusted Domains. Lists all Trusted and - Trusting Domains with which the remote PDC has - trust relationships established. -<p><br><a name="lookupsids"></a> <li><strong><strong>lookupsids</strong></strong> - <rid1 or sid1> <rid1 or sid2> ... Resolve names from SIDs. - Mostly to be used by developers or for troubleshooting, - this command can take either Security Identifiers or Relative - Identifiers, and look them up in the local SAM database - (or look them up in a remote Trusting or Trusted PDC's SAM - database if there is an appropriate Trust Relationship - established). The result is a list of names, of the - format: <br> - <code>[TRUST_DOMAIN\]name</code>. <br> - the <a href="rpcclient.1.html#lsaquery"><strong>lsaquery</strong></a> command must have been - issued first if you wish to use lookupsids to resolve - RIDs. The only RIDs that will be resolved will be those - in the SAM database of the server to which you are connected. -<p><br><a name="lookupnames"></a> <li><strong><strong>lookupnames</strong></strong> - <name1> <name2> ... Resolve SIDs from names. - Mostly to be used by developers or for troubleshooting, - this command can take names of the following format: <br> - <code>[DOMAIN_NAME\]name</code>. <br> - The names, which can be user, group or alias names, will - either be looked up in the local SAM database or in a remote - Trusting or Trusted PDC's SAM database, if there is an - appropriate Trust Relationship established. The optional - Domain name component is the name of a SAM database, which - can include a workstation's local SAM database or a Trusted - Domain. - Example Usage: <br> - <code>lookupnames WKSTANAME\Administrator "Domain Guests"</code> <br> -<p><br><a name="querysecret"></a> <li><strong><strong>querysecret</strong></strong> - LSA Query Secret (developer use). This command only appears - to work against NT4 SP3 and below. Due to its potential - for misuse, it looks like Microsoft modified their - implementation of the LsaRetrievePrivateData call to - always return NT_STATUS_ACCESS_DENIED. -<p><br></ul> -<p><br><li><strong>NETLOGON</strong> -<p><br><ul> -<p><br><a name="ntlogin"></a> <li><strong><strong>ntlogin</strong></strong> - [username] [password] NT Domain login test. Demonstrates - how NT-style logins work. Mainly for developer usage, - it can also be used to verify that a user can log in - from a workstation. If you cannot ever get pam_ntdom - to work, try this command first. -<p><br><a name="domtrust"></a> <li><strong><strong>domtrust</strong></strong> - <domain> NT Inter-Domain test. Demonstrates how NT-style - Inter-Domain Trust relationships work. Mainly for - developer usage, it can also be used to verify that a - Trust Relationship is correctly established with a - remote PDC. -<p><br><a name="samsync"></a> <li><strong><strong>samsync</strong></strong> - SAM Synchronisation Test (experimental). This command - is used to manually synchronise a SAM database from a - remote PDC, when Samba is set up as a Backup Domain - Controller. -<p><br></ul> -<p><br><li><strong>SAM Database</strong> -<p><br>It is possible to use command-line completion (if you have - the GNU readline library) for user, group, alias and domain - names, by pressing the tab key. -<p><br><ul> -<p><br><a name="lookupdomain"></a> <li><strong><strong>lookupdomain</strong></strong> - Obtain SID for a local domain -<p><br><a name="enumusers"></a> <li><strong><strong>enumusers</strong></strong> - SAM User Database Query (experimental!) -<p><br><a name="addgroupmem"></a> <li><strong><strong>addgroupmem</strong></strong> - <group rid> [user] [user] ... SAM Add Domain Group Member -<p><br><a name="addaliasmem"></a> <li><strong><strong>addaliasmem</strong></strong> - <alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member -<p><br><a name="delgroupmem"></a> <li><strong><strong>delgroupmem</strong></strong> - <group rid> [user] [user] ... SAM Delete Domain Group Member -<p><br><a name="delaliasmem"></a> <li><strong><strong>delaliasmem</strong></strong> - <alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member -<p><br><a name="creategroup"></a> <li><strong><strong>creategroup</strong></strong> - SAM Create Domain Group -<p><br><a name="createalias"></a> <li><strong><strong>createalias</strong></strong> - SAM Create Domain Alias -<p><br><a name="createuser"></a> <li><strong><strong>createuser</strong></strong> - <username> SAM Create Domain User -<p><br><a name="delgroup"></a> <li><strong><strong>delgroup</strong></strong> - SAM Delete Domain Group -<p><br><a name="delalias"></a> <li><strong><strong>delalias</strong></strong> - SAM Delete Domain Alias -<p><br><a name="ntpass"></a> <li><strong><strong>ntpass</strong></strong> - NT SAM Password Change -<p><br><a name="samuserset2"></a> <li><strong><strong>samuserset2</strong></strong> - <username> [-s acb_bits] SAM User Set Info 2 (experimental!) -<p><br><a name="samuserset"></a> <li><strong><strong>samuserset</strong></strong> - <username> [-p password] SAM User Set Info (experimental!) -<p><br><a name="samuser"></a> <li><strong><strong>samuser</strong></strong> - <username> SAM User Query (experimental!) -<p><br><a name="samgroup"></a> <li><strong><strong>samgroup</strong></strong> - <groupname> SAM Group Query (experimental!) -<p><br><a name="samalias"></a> <li><strong><strong>samalias</strong></strong> - <aliasname> SAM Alias Query -<p><br><a name="samaliasmem"></a> <li><strong><strong>samaliasmem</strong></strong> - <aliasname> SAM Alias Members -<p><br><a name="samgroupmem"></a> <li><strong><strong>samgroupmem</strong></strong> - SAM Group Members -<p><br><a name="samtest"></a> <li><strong><strong>samtest</strong></strong> - SAM User Encrypted RPC test (experimental!) -<p><br><a name="enumaliases"></a> <li><strong><strong>enumaliases</strong></strong> - SAM Aliases Database Query (experimental!) -<p><br><a name="enumdomains"></a> <li><strong><strong>enumdomains</strong></strong> - SAM Domains Database Query (experimental!) -<p><br><a name="enumgroups"></a> <li><strong><strong>enumgroups</strong></strong> - SAM Group Database Query (experimental!) -<p><br><a name="dominfo"></a> <li><strong><strong>dominfo</strong></strong> - SAM Query Domain Info -<p><br><a name="dispinfo"></a> <li><strong><strong>dispinfo</strong></strong> - SAM Query Display Info -<p><br></ul> -<p><br></ul> -<p><br><a name="NOTES"></a> -<h2>NOTES</h2> - -<p><br>Some servers are fussy about the case of supplied usernames, -passwords, share names (AKA service names) and machine names. If you -fail to connect try giving all parameters in uppercase. -<p><br>It is often necessary to use the <a href="rpcclient.1.html#minusn"><strong>-n</strong></a> option when connecting -to some types of servers. For example OS/2 LanManager insists on a valid -NetBIOS name being used, so you need to supply a valid name that would -be known to the server. -<p><br>rpcclient only works on servers that support MSRPC over SMB. This includes -all versions of Windows NT, including the ports to Unix such as AS/U and -AFPS. Support for MSRPC over SMB in other servers is currently rare and -patchy, for example Samba 2.0 only supports a limited set of MSRPC commands, -and some of those are not supported very well. -<p><br><a name="ENVIRONMENTVARIABLES"></a> -<h2>ENVIRONMENT VARIABLES</h2> - -<p><br>The variable <strong>USER</strong> may contain the username of the person using the -client. This information is used only if the protocol level is high -enough to support session-level passwords. -<p><br>The variable <strong>PASSWORD</strong> may contain the password of the person using -the client. This information is used only if the protocol level is -high enough to support session-level passwords. -<p><br><a name="INSTALLATION"></a> -<h2>INSTALLATION</h2> - -<p><br>The location of the client program is a matter for individual system -administrators. The following are thus suggestions only. -<p><br>It is recommended that the rpcclient software be installed in the -/usr/local/samba/bin or /usr/samba/bin directory, this directory -readable by all, writeable only by root. The client program itself -should be executable by all. The client should <em>NOT</em> be setuid or -setgid! -<p><br>The client log files should be put in a directory readable and -writeable only by the user. -<p><br>To test the client, you will need to know the name of a running -SMB/CIFS server. It is possible to run <a href="smbd.8.html"><strong>smbd (8)</strong></a> -an ordinary user - running that server as a daemon on a -user-accessible port (typically any port number over 1024) would -provide a suitable test server. -<p><br><a name="DIAGNOSTICS"></a> -<h2>DIAGNOSTICS</h2> - -<p><br>Most diagnostics issued by the client are logged in a specified log -file. The log file name is specified at compile time, but may be -overridden on the command line. -<p><br>The number and nature of diagnostics available depends on the debug -level used by the client. If you have problems, set the debug level to -3 and peruse the log files. -<p><br><a name="VERSION"></a> -<h2>VERSION</h2> - -<p><br>This man page is correct for version 2.0 of the Samba suite. -<p><br><a name="BUGS"></a> -<h2>BUGS</h2> - -<p><br><ul> -<li><strong>WARNING!</strong> -The MSPRC over SMB code has been developed from examining Network traces. -No documentation is available from the original creators (Microsoft) on -how MSRPC over SMB works, or how the individual MSRPC services work. -Microsoft's implementation of these services has been demonstrated (and -reported) to be... a bit flakey in places. -<p><br>The development of Samba's implementation of these services is <em>also</em> -a bit rough, and as more of the services are understood, it can even result -in versions of <a href="smbd.8.html"><strong>smbd (8)</strong></a> and rpcclient that are -incompatible for some commands or services. Additionally, the developers -are sending reports to Microsoft, and problems found by or reported to -Microsoft are fixed in Service Packs, which may also result in -incompatibilities. -<p><br>It is therefore not guaranteed that the execution of an rpcclient command will -work. It is also not guaranteed that the target server will continue to -operate, i.e the execution of an MSRPC command may cause a remote service to -fail, or even cause the remote server to fail. Usual rules apply, of course: -the developers bear absolutely no responsibility for the use, misuse, or -lack of use of rpcclient, by any person or persons, whether legal, -illegal, accidental, deliberate, intentional, malicious, curious, etc. -<p><br><li><strong>Command Completion</strong> -Command-completion (available if you have the GNU readline library) used on -certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but -you will have to go back and put quotes round it, yourself. -<p><br><li><strong>SAM Database command-completion</strong> -Command-completion (available if you have the GNU readline library) of user, -group and alias names does not work on remote Domains, which would normally -be specified like this: <br> -<code>DOMAIN_name\user_name</code>. <br> -The only names that can be completed in this fashion are the local names -in the SAM database of the target server. -<p><br><li><strong><a href="rpcclient.1.html#spoolenum"><strong>spoolenum</strong></a></strong> -Due to current limitations in the rpcclient MSRPC / SMB code, and due to -the extremely poor MSRPC implementation (by Microsoft) of the spooler -service, if there are a large number of printers (or the names / comment -fields associated with the printers), this command will fail. The -limitations require further research to be carried out; we're stuck with -the poor \PIPE\spoolss design. -<p><br></ul> -<p><br><a name="AUTHOR"></a> -<h2>AUTHOR</h2> - -<p><br>The original Samba software and related utilities were created by -Andrew Tridgell <a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>. Samba is now developed -by the Samba Team as an Open Source project similar to the way the -Linux kernel is developed. -<p><br>The original Samba man pages were written by Karl Auer. The man page -sources were converted to YODL format (another excellent piece of Open -Source software, available at -<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>) -and updated for the Samba2.0 release by Jeremy Allison. This man page -was developed cut-and-paste style from the smbclient man page, by -Luke Kenneth Casson Leighton. -<a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>. -<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full -list of contributors and details on how to submit bug reports, -comments etc. -<p><br></body> -</html> |