diff options
Diffstat (limited to 'docs/manpages-3')
41 files changed, 11126 insertions, 0 deletions
diff --git a/docs/manpages-3/editreg.1.xml b/docs/manpages-3/editreg.1.xml new file mode 100644 index 0000000000..2b08555a4f --- /dev/null +++ b/docs/manpages-3/editreg.1.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="editreg.1"> + +<refmeta> + <refentrytitle>editreg</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>editreg</refname> + <refpurpose>A utility for printing and editing NT4 registry files + </refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>editreg</command> + <arg choice="opt">-v</arg> + <arg choice="opt">-c file</arg> + <arg choice="req">file</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>editreg</command> is a utility that + can visualize windows registry files (currently only NT4) and apply + so-called commandfiles to them. + </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>registry_file</term> + <listitem><para>Registry file to view or edit. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-v,--verbose</term> + <listitem><para>Increases verbosity of messages. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-c commandfile</term> + <listitem><para>Read commands to execute on <filename>registry_file</filename> from <filename>commandfile</filename>. Currently not yet supported! + </para></listitem> + </varlistentry> + + &stdarg.help; + + </variablelist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The editreg man page was written by Jelmer Vernooij. </para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/findsmb.1.xml b/docs/manpages-3/findsmb.1.xml new file mode 100644 index 0000000000..ac8c8c010f --- /dev/null +++ b/docs/manpages-3/findsmb.1.xml @@ -0,0 +1,150 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="findsmb.1"> + +<refmeta> + <refentrytitle>findsmb</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>findsmb</refname> + <refpurpose>list info about machines that respond to SMB + name queries on a subnet</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>findsmb</command> + <arg choice="opt">subnet broadcast address</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This perl script is part of the <citerefentry> + <refentrytitle>samba</refentrytitle><manvolnum>7</manvolnum></citerefentry> + suite.</para> + + <para><command>findsmb</command> is a perl script that + prints out several pieces of information about machines + on a subnet that respond to SMB name query requests. + It uses <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> + and <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum></citerefentry> + to obtain this information. + </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-r</term> + <listitem><para>Controls whether <command>findsmb</command> takes + bugs in Windows95 into account when trying to find a Netbios name + registered of the remote machine. This option is disabled by default + because it is specific to Windows 95 and Windows 95 machines only. + If set, <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> + will be called with <constant>-B</constant> option.</para></listitem> + </varlistentry> + <varlistentry> + <term>subnet broadcast address</term> + <listitem><para>Without this option, <command>findsmb + </command> will probe the subnet of the machine where + <citerefentry><refentrytitle>findsmb</refentrytitle><manvolnum>1</manvolnum></citerefentry> + is run. This value is passed to + <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> + as part of the <constant>-B</constant> option.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>The output of <command>findsmb</command> lists the following + information for all machines that respond to the initial + <command>nmblookup</command> for any name: IP address, NetBIOS name, + Workgroup name, operating system, and SMB server version.</para> + + <para>There will be a '+' in front of the workgroup name for + machines that are local master browsers for that workgroup. There + will be an '*' in front of the workgroup name for + machines that are the domain master browser for that workgroup. + Machines that are running Windows for Workgroups, Windows 95 or + Windows 98 will + not show any information about the operating system or server + version.</para> + + <para>The command with <constant>-r</constant> option + must be run on a system without <citerefentry> + <refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> running. + + If <command>nmbd</command> is running on the system, you will + only get the IP address and the DNS name of the machine. To + get proper responses from Windows 95 and Windows 98 machines, + the command must be run as root and with <constant>-r</constant> + option on a machine without <command>nmbd</command> running.</para> + + <para>For example, running <command>findsmb</command> + without <constant>-r</constant> option set would yield output similar + to the following</para> + +<screen> +IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION +--------------------------------------------------------------------- +192.168.35.10 MINESET-TEST1 [DMVENGR] +192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6] +192.168.35.56 HERBNT2 [HERB-NT] +192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX] +192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10] +192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX] +192.168.35.78 HERBDHCP1 +[HERB] +192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] +192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] +192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] +</screen> + +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry> + <refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, and <citerefentry><refentrytitle>nmblookup</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink + url="ftp://ftp.icce.rug.nl/pub/unix/">ftp://ftp.icce.rug.nl/pub/unix/</ulink>) + and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/lmhosts.5.xml b/docs/manpages-3/lmhosts.5.xml new file mode 100644 index 0000000000..f797569102 --- /dev/null +++ b/docs/manpages-3/lmhosts.5.xml @@ -0,0 +1,124 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="lmhosts.5"> + +<refmeta> + <refentrytitle>lmhosts</refentrytitle> + <manvolnum>5</manvolnum> +</refmeta> + + +<refnamediv> + <refname>lmhosts</refname> + <refpurpose>The Samba NetBIOS hosts file</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <para><filename>lmhosts</filename> is the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> NetBIOS name to IP address mapping file.</para> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This file is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><filename>lmhosts</filename> is the <emphasis>Samba + </emphasis> NetBIOS name to IP address mapping file. It + is very similar to the <filename>/etc/hosts</filename> file + format, except that the hostname component must correspond + to the NetBIOS naming format.</para> +</refsect1> + +<refsect1> + <title>FILE FORMAT</title> + <para>It is an ASCII file containing one line for NetBIOS name. + The two fields on each line are separated from each other by + white space. Any entry beginning with '#' is ignored. Each line + in the lmhosts file contains the following information:</para> + + <itemizedlist> + <listitem><para>IP Address - in dotted decimal format.</para> + </listitem> + + <listitem><para>NetBIOS Name - This name format is a + maximum fifteen character host name, with an optional + trailing '#' character followed by the NetBIOS name type + as two hexadecimal digits.</para> + + <para>If the trailing '#' is omitted then the given IP + address will be returned for all names that match the given + name, whatever the NetBIOS name type in the lookup.</para> + </listitem> + </itemizedlist> + + <para>An example follows:</para> + + <programlisting> +# +# Sample Samba lmhosts file. +# +192.9.200.1 TESTPC +192.9.200.20 NTSERVER#20 +192.9.200.21 SAMBASERVER + </programlisting> + + <para>Contains three IP to NetBIOS name mappings. The first + and third will be returned for any queries for the names "TESTPC" + and "SAMBASERVER" respectively, whatever the type component of + the NetBIOS name requested.</para> + + <para>The second mapping will be returned only when the "0x20" name + type for a name "NTSERVER" is queried. Any other name type will not + be resolved.</para> + + <para>The default location of the <filename>lmhosts</filename> file + is in the same directory as the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file.</para> + +</refsect1> + +<refsect1> + <title>FILES</title> + + <para>lmhosts is loaded from the configuration directory. This is + usually <filename>/etc/samba</filename> or <filename>/usr/local/samba/lib</filename>. + </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry> + <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, and <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/log2pcap.1.xml b/docs/manpages-3/log2pcap.1.xml new file mode 100644 index 0000000000..16155c4312 --- /dev/null +++ b/docs/manpages-3/log2pcap.1.xml @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="log2pcap.1"> + +<refmeta> + <refentrytitle>log2pcap</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>log2pcap</refname> + <refpurpose>Extract network traces from Samba log files</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>log2pcap</command> + <arg choice="opt">-h</arg> + <arg choice="opt">-q</arg> + <arg choice="opt">logfile</arg> + <arg choice="opt">pcap_file</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>log2pcap</command> reads in a + samba log file and generates a pcap file (readable + by most sniffers, such as ethereal or tcpdump) based on the packet + dumps in the log file.</para> + + <para>The log file must have a <parameter>log level</parameter> + of at least <constant>5</constant> to get the SMB header/parameters + right, <constant>10</constant> to get the first 512 data bytes of the + packet and <constant>50</constant> to get the whole packet. + </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-h</term> + <listitem><para>If this parameter is + specified the output file will be a + hex dump, in a format that is readable + by the <application>text2pcap</application> utility.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-q</term> + <listitem><para>Be quiet. No warning messages about missing + or incomplete data will be given.</para></listitem> + </varlistentry> + + <varlistentry> + <term>logfile</term> + <listitem><para> + Samba log file. log2pcap will try to read the log from stdin + if the log file is not specified. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>pcap_file</term> + <listitem><para> + Name of the output file to write the pcap (or hexdump) data to. + If this argument is not specified, output data will be written + to stdout. + </para></listitem> + </varlistentry> + + &stdarg.help; + + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>Extract all network traffic from all samba log files:</para> + + <para><screen> + <prompt>$</prompt> log2pcap < /var/log/* > trace.pcap + </screen></para> + + <para>Convert to pcap using text2pcap:</para> + + <para><screen> + <prompt>$</prompt> log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap + </screen></para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para>Only SMB data is extracted from the samba logs, no LDAP, + NetBIOS lookup or other data.</para> + + <para>The generated TCP and IP headers don't contain a valid + checksum.</para> + +</refsect1> + + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>text2pcap</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>ethereal</refentrytitle><manvolnum>1</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>This manpage was written by Jelmer Vernooij.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/mount.cifs.8.xml b/docs/manpages-3/mount.cifs.8.xml new file mode 100644 index 0000000000..bdccc1399e --- /dev/null +++ b/docs/manpages-3/mount.cifs.8.xml @@ -0,0 +1,473 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="mount.cifs.8"> + +<refmeta> + <refentrytitle>mount.cifs</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>mount.cifs</refname> + <refpurpose>mount using the Common Internet File System (CIFS)</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + + <command>mount.cifs</command> + <arg choice="req">service</arg> + <arg choice="req">mount-point</arg> + <arg choice="opt">-o options</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>mount.cifs mounts a Linux CIFS filesystem. It +is usually invoked indirectly by +the <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command when using the +"-t cifs" option. This command only works in Linux, and the kernel must +support the cifs filesystem. The CIFS protocol is the successor to the +SMB protocol and is supported by most Windows servers and many other +commercial servers and Network Attached Storage appliances as well as +by the popular Open Source server Samba. + </para> + + <para> + The mount.cifs utility attaches the UNC name (exported network resource) to + the local directory <emphasis>mount-point</emphasis>. It is possible to set the mode for mount.cifs to +setuid root to allow non-root users to mount shares to directories for which they +have write permission. + </para> + + <para> + Options to <emphasis>mount.cifs</emphasis> are specified as a comma-separated +list of key=value pairs. It is possible to send options other +than those listed here, assuming that the cifs filesystem kernel module (cifs.ko) supports them. +Unrecognized cifs mount options passed to the cifs vfs kernel code will be logged to the +kernel log. + + </para> + + <para><emphasis>mount.cifs</emphasis> causes the cifs vfs to launch a thread named cifsd. After mounting it keeps running until + the mounted resource is unmounted (usually via the umount utility). + </para> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry><term>user=<replaceable>arg</replaceable></term> + + <listitem><para>specifies the username to connect as. If + this is not given, then the environment variable <emphasis>USER</emphasis> is used. This option can also take the +form "user%password" or "workgroup/user" or +"workgroup/user%password" to allow the password and workgroup +to be specified as part of the username. + </para> + +<note> + <para> + The cifs vfs accepts the parameter <parameter>user=</parameter>, or for users familiar with smbfs it accepts the longer form of the parameter <parameter>username=</parameter>. Similarly the longer smbfs style parameter names may be accepted as synonyms for the shorter cifs parameters <parameter>pass=</parameter>,<parameter>dom=</parameter> and <parameter>cred=</parameter>. + </para> +</note> + + </listitem> + </varlistentry> + + <varlistentry><term>password=<replaceable>arg</replaceable></term> + + <listitem><para>specifies the CIFS password. If this +option is not given then the environment variable +<emphasis>PASSWD</emphasis> is used. If the password is not specified +directly or indirectly via an argument to mount <emphasis>mount.cifs</emphasis> will prompt +for a password, unless the guest option is specified. +</para> + +<para>Note that a password which contains the delimiter +character (i.e. a comma ',') will fail to be parsed correctly +on the command line. However, the same password defined +in the PASSWD environment variable or via a credentials file (see +below) or entered at the password prompt will be read correctly. +</para> + </listitem></varlistentry> + + <varlistentry><term>credentials=<replaceable>filename</replaceable></term> + + <listitem><para> + specifies a file that contains a username + and/or password. The format of the file is: + </para> + +<programlisting> + username=<replaceable>value</replaceable> + password=<replaceable>value</replaceable> +</programlisting> + + <para> +This is preferred over having passwords in plaintext in a +shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any +credentials file properly. + </para> + </listitem></varlistentry> + + <varlistentry> + <term>uid=<replaceable>arg</replaceable></term> + + <listitem><para>sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. + This parameter is ignored when the target server supports + the CIFS Unix extensions.</para></listitem> + </varlistentry> + + <varlistentry> + <term>gid=<replaceable>arg</replaceable></term> + + <listitem><para>sets the gid that will own all files on +the mounted filesystem. +It may be specified as either a groupname or a numeric +gid. This parameter is ignored when the target server supports +the CIFS Unix extensions. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>port=<replaceable>arg</replaceable></term> + + <listitem><para>sets the port number on the server to attempt to contact to negotiate +CIFS support. If the CIFS server is not listening on this port or +if it is not specified, the default ports will be tried i.e. +port 445 is tried and if no response then port 139 is tried. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>netbiosname=<replaceable>arg</replaceable></term> + + <listitem><para>When mounting to servers via port 139, specifies the RFC1001 + source name to use to represent the client netbios machine + name when doing the RFC1001 netbios session initialize. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>file_mode=<replaceable>arg</replaceable></term> + + <listitem><para>If the server does not support the CIFS Unix extensions this + overrides the default file mode.</para></listitem> + </varlistentry> + + <varlistentry> + <term>dir_mode=<replaceable>arg</replaceable></term> + + <listitem><para>If the server does not support the CIFS Unix extensions this + overrides the default mode for directories. </para></listitem> + </varlistentry> + + <varlistentry> + <term>ip=<replaceable>arg</replaceable></term> + + <listitem><para>sets the destination host or IP address.</para></listitem> + </varlistentry> + + <varlistentry> + <term>domain=<replaceable>arg</replaceable></term> + + <listitem><para>sets the domain (workgroup) of the user </para></listitem> + </varlistentry> + + <varlistentry> + <term>guest</term> + + <listitem><para>don't prompt for a password </para></listitem> + + </varlistentry> + + <varlistentry> + <term>iocharset</term> + + <listitem><para>Charset used to convert local path names to and from + Unicode. Unicode is used by default for network path + names if the server supports it. If iocharset is + not specified then the nls_default specified + during the local client kernel build will be used. + If server does not support Unicode, this parameter is + unused. </para></listitem> + + </varlistentry> + + <varlistentry> + <term>ro</term> + + <listitem><para>mount read-only</para></listitem> + + </varlistentry> + + <varlistentry> + <term>rw</term> + <listitem><para>mount read-write</para></listitem> + </varlistentry> + + <varlistentry> + <term>setuids</term> + <listitem><para>If the CIFS Unix extensions are negotiated with the server + the client will attempt to set the effective uid and gid of + the local process on newly created files, directories, and + devices (create, mkdir, mknod).</para></listitem> + </varlistentry> + + <varlistentry> + <term>nosetuids</term> + <listitem><para>The client will not attempt to set the uid and gid on + on newly created files, directories, and devices (create, + mkdir, mknod) which will result in the server setting the + uid and gid to the default (usually the server uid of the + user who mounted the share). Letting the server (rather than + the client) set the uid and gid is the default. This + parameter has no effect if the CIFS Unix Extensions are not + negotiated.</para></listitem> + </varlistentry> + + <varlistentry> + <term>perm</term> + <listitem><para>Client does permission checks (vfs_permission check of uid + and gid of the file against the mode and desired operation), + Note that this is in addition to the normal ACL check on the + target machine done by the server software. + Client permission checking is enabled by default.</para></listitem> + </varlistentry> + + <varlistentry> + <term>noperm</term> + <listitem><para>Client does not do permission checks. This can expose + files on this mount to access by other users on the local + client system. It is typically only needed when the server + supports the CIFS Unix Extensions but the UIDs/GIDs on the + client and server system do not match closely enough to allow + access by the user doing the mount. + Note that this does not affect the normal ACL check on the + target machine done by the server software (of the server + ACL against the user name provided at mount time).</para></listitem> + </varlistentry> + + <varlistentry> + <term>directio</term> + <listitem><para>Do not do inode data caching on files opened on this mount. + This precludes mmaping files on this mount. In some cases + with fast networks and little or no caching benefits on the + client (e.g. when the application is doing large sequential + reads bigger than page size without rereading the same data) + this can provide better performance than the default + behavior which caches reads (readahead) and writes + (writebehind) through the local Linux client pagecache + if oplock (caching token) is granted and held. Note that + direct allows write operations larger than page size + to be sent to the server. On some kernels this requires the cifs.ko module + to be built with the CIFS_EXPERIMENTAL configure option.</para></listitem> + </varlistentry> + + <varlistentry> + <term>mapchars</term> + <listitem><para>Translate six of the seven reserved characters (not backslash, but including the colon, question mark, pipe, asterik, greater than and less than characters) + to the remap range (above 0xF000), which also + allows the CIFS client to recognize files created with + such characters by Windows's POSIX emulation. This can + also be useful when mounting to most versions of Samba + (which also forbids creating and opening files + whose names contain any of these seven characters). + This has no effect if the server does not support + Unicode on the wire.</para></listitem> + </varlistentry> + + <varlistentry> + <term>nomapchars</term> + <listitem><para>Do not translate any of these seven characters (default)</para></listitem> + </varlistentry> + + <varlistentry> + <term>intr</term> + <listitem><para>currently unimplemented</para></listitem> + </varlistentry> + + <varlistentry> + <term>nointr</term> + <listitem><para>(default) currently unimplemented </para></listitem> + </varlistentry> + + <varlistentry> + <term>hard</term> + <listitem><para>The program accessing a file on the cifs mounted file system will hang when the + server crashes.</para></listitem> + </varlistentry> + + <varlistentry> + <term>soft</term> + <listitem><para>(default) The program accessing a file on the cifs mounted file system will not hang when the server crashes and will return errors to the user application.</para></listitem> + </varlistentry> + + <varlistentry> + <term>--verbose</term> + <listitem><para>Print additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:</para><para>mount -t cifs //server/share /mnt --verbose -o user=username</para></listitem> + </varlistentry> + + <varlistentry> + <term>noacl</term> + <listitem><para>Do not allow POSIX ACL operations even if server would support them.</para><para> + The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers + version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and + then POSIX support in the CIFS configuration options when building the cifs + module. POSIX ACL support can be disabled on a per mount basic by specifying + "noacl" on mount.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>serverino</term> + <listitem><para>Use inode numbers (unique persistent file identifiers) + returned by the server instead of automatically generating + temporary inode numbers on the client. Although server inode numbers + make it easier to spot hardlinked files (as they will have + the same inode numbers) and inode numbers may be persistent (which is + userful for some sofware), + the server does not guarantee that the inode numbers + are unique if multiple server side mounts are exported under a + single share (since inode numbers on the servers might not + be unique if multiple filesystems are mounted under the same + shared higher level directory). Note that not all + servers support returning server inode numbers, although + those that support the CIFS Unix Extensions, and Windows 2000 and + later servers typically do support this (although not necessarily + on every local server filesystem). Parameter has no effect if + the server lacks support for returning inode numbers or equivalent. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>noserverino</term> + <listitem><para>client generates inode numbers (rather than using the actual one + from the server) by default. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>nouser_xattr</term> + <listitem><para>(default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise. </para></listitem> + </varlistentry> + + <varlistentry> + <term>rsize=<replaceable>arg</replaceable></term> + <listitem><para>default network read size</para></listitem> + </varlistentry> + + <varlistentry> + <term>wsize=<replaceable>arg</replaceable></term> + + <listitem><para>default network write size</para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <para> + The variable <emphasis>USER</emphasis> may contain the username of the +person to be used to authenticate to the server. +The variable can be used to set both username and +password by using the format username%password. + </para> + + <para> + The variable <emphasis>PASSWD</emphasis> may contain the password of the +person using the client. + </para> + + <para> + The variable <emphasis>PASSWD_FILE</emphasis> may contain the pathname +of a file to read the password from. A single line of input is +read and used as the password. + </para> + +</refsect1> + +<refsect1> + <title>NOTES</title> + + <para>This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled.</para> +</refsect1> + +<refsect1> + <title>CONFIGURATION</title> + <para> +The primary mechanism for making configuration changes and for reading +debug information for the cifs vfs is via the Linux /proc filesystem. +In the directory <filename>/proc/fs/cifs</filename> are various +configuration files and pseudo files which can display debug information. +For more information see the kernel file <filename>fs/cifs/README</filename>. +</para> +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para>Mounting using the CIFS URL specification is currently not supported. + </para> + + <para>The credentials file does not handle usernames or passwords with + leading space.</para> + + <para> +Note that the typical response to a bug report is a suggestion +to try the latest version first. So please try doing that first, +and always include which versions you use of relevant software +when reporting bugs (minimum: mount.cifs (try mount.cifs -V), kernel (see /proc/version) and +server type you are trying to contact. +</para> +</refsect1> + + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 1.34 of + the cifs vfs filesystem (roughly Linux kernel 2.6.12).</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para> + Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel + source tree may contain additional options and information. +</para> + <para><citerefentry><refentrytitle>umount.cifs</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></para> + +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>Steve French</para> + + <para>The syntax and manpage were loosely based on that of smbmount. It + was converted to Docbook/XML by Jelmer Vernooij.</para> + + <para>The maintainer of the Linux cifs vfs and the userspace + tool <emphasis>mount.cifs</emphasis> is <ulink url="mailto:sfrench@samba.org">Steve French</ulink>. + The <ulink url="mailto:linux-cifs-client@lists.samba.org">Linux CIFS Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + +</refsect1> + +</refentry> diff --git a/docs/manpages-3/net.8.xml b/docs/manpages-3/net.8.xml new file mode 100644 index 0000000000..6a9001b046 --- /dev/null +++ b/docs/manpages-3/net.8.xml @@ -0,0 +1,921 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="net.8"> + +<refmeta> + <refentrytitle>net</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>net</refname> + <refpurpose>Tool for administration of Samba and remote + CIFS servers. + </refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>net</command> + <arg choice="req"><ads|rap|rpc></arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-w workgroup</arg> + <arg choice="opt">-W myworkgroup</arg> + <arg choice="opt">-U user</arg> + <arg choice="opt">-I ip-address</arg> + <arg choice="opt">-p port</arg> + <arg choice="opt">-n myname</arg> + <arg choice="opt">-s conffile</arg> + <arg choice="opt">-S server</arg> + <arg choice="opt">-l</arg> + <arg choice="opt">-P</arg> + <arg choice="opt">-D debuglevel</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The samba net utility is meant to work just like the net utility + available for windows and DOS. The first argument should be used + to specify the protocol to use when executing a certain command. + ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) + clients and RPC can be used for NT4 and Windows 2000. If this + argument is omitted, net will try to determine it automatically. + Not all commands are available on all protocols. + </para> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + &stdarg.help; + + <varlistentry> + <term>-w target-workgroup</term> + <listitem><para> + Sets target workgroup or domain. You have to specify + either this option or the IP address or the name of a server. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-W workgroup</term> + <listitem><para> + Sets client workgroup or domain + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-U user</term> + <listitem><para> + User name to use + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-I ip-address</term> + <listitem><para> + IP address of target server to use. You have to + specify either this option or a target workgroup or + a target server. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-p port</term> + <listitem><para> + Port on the target server to connect to (usually 139 or 445). + Defaults to trying 445 first, then 139. + </para></listitem> + </varlistentry> + + &stdarg.netbios.name; + &stdarg.configfile; + + <varlistentry> + <term>-S server</term> + <listitem><para> + Name of target server. You should specify either + this option or a target workgroup or a target IP address. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-l</term> + <listitem><para> + When listing data, give more information on each item. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-P</term> + <listitem><para> + Make queries to the external server using the machine account of the local server. + </para></listitem> + </varlistentry> + + &stdarg.debug; + </variablelist> +</refsect1> + +<refsect1> +<title>COMMANDS</title> + +<refsect2> +<title>CHANGESECRETPW</title> + +<para>This command allows the Samba machine account password to be set from an external application +to a machine account password that has already been stored in Active Directory. DO NOT USE this command +unless you know exactly what you are doing. The use of this command requires that the force flag (-f) +be used also. There will be NO command prompt. Whatever information is piped into stdin, either by +typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use +this without care and attention as it will overwrite a legitimate machine password without warning. +YOU HAVE BEEN WARNED. +</para> + +</refsect2> + +<refsect2> + <title>TIME</title> + + <para>The <command>NET TIME</command> command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server.</para> + +<refsect3> +<title>TIME</title> + +<para>Without any options, the <command>NET TIME</command> command +displays the time on the remote server. +</para> + +</refsect3> + +<refsect3> +<title>TIME SYSTEM</title> + +<para>Displays the time on the remote server in a format ready for <command>/bin/date</command></para> + +</refsect3> + +<refsect3> +<title>TIME SET</title> +<para>Tries to set the date and time of the local server to that on +the remote server using <command>/bin/date</command>. </para> + +</refsect3> + +<refsect3> +<title>TIME ZONE</title> + +<para>Displays the timezone in hours from GMT on the remote computer.</para> + +</refsect3> +</refsect2> + +<refsect2> +<title>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]</title> + +<para> +Join a domain. If the account already exists on the server, and +[TYPE] is MEMBER, the machine will attempt to join automatically. +(Assuming that the machine has been created in server manager) +Otherwise, a password will be prompted for, and a new account may +be created.</para> + +<para> +[TYPE] may be PDC, BDC or MEMBER to specify the type of server +joining the domain. +</para> +</refsect2> + +<refsect2> +<title>[RPC] OLDJOIN [options]</title> + +<para>Join a domain. Use the OLDJOIN option to join the domain +using the old style of domain joining - you need to create a trust +account in server manager first.</para> +</refsect2> + +<refsect2> +<title>[RPC|ADS] USER</title> + +<refsect3> +<title>[RPC|ADS] USER</title> + +<para>List all users</para> + +</refsect3> + +<refsect3> +<title>[RPC|ADS] USER DELETE <replaceable>target</replaceable></title> + +<para>Delete specified user</para> + +</refsect3> + +<refsect3> +<title>[RPC|ADS] USER INFO <replaceable>target</replaceable></title> + +<para>List the domain groups of a the specified user.</para> + +</refsect3> + +<refsect3> +<title>[RPC|ADS] USER RENAME <replaceable>oldname</replaceable> <replaceable>newname</replaceable></title> + +<para>Rename specified user.</para> + +</refsect3> + +<refsect3> +<title>[RPC|ADS] USER ADD <replaceable>name</replaceable> [password] [-F user flags] [-C comment]</title> + +<para>Add specified user.</para> +</refsect3> +</refsect2> + +<refsect2> +<title>[RPC|ADS] GROUP</title> + +<refsect3> +<title>[RPC|ADS] GROUP [misc options] [targets]</title> +<para>List user groups.</para> +</refsect3> + +<refsect3> +<title>[RPC|ADS] GROUP DELETE <replaceable>name</replaceable> [misc. options]</title> + +<para>Delete specified group.</para> + +</refsect3> + +<refsect3> +<title>[RPC|ADS] GROUP ADD <replaceable>name</replaceable> [-C comment]</title> + +<para>Create specified group.</para> + +</refsect3> +</refsect2> + +<refsect2> +<title>[RAP|RPC] SHARE</title> + +<refsect3> +<title>[RAP|RPC] SHARE [misc. options] [targets]</title> + +<para>Enumerates all exported resources (network shares) on target server.</para> + +</refsect3> + +<refsect3> +<title>[RAP|RPC] SHARE ADD <replaceable>name=serverpath</replaceable> [-C comment] [-M maxusers] [targets]</title> + +<para>Adds a share from a server (makes the export active). Maxusers +specifies the number of users that can be connected to the +share simultaneously.</para> + +</refsect3> + +<refsect3> +<title>SHARE DELETE <replaceable>sharenam</replaceable></title> + +<para>Delete specified share.</para> +</refsect3> +</refsect2> + +<refsect2> +<title>[RPC|RAP] FILE</title> + +<refsect3> +<title>[RPC|RAP] FILE</title> + +<para>List all open files on remote server.</para> + +</refsect3> + +<refsect3> +<title>[RPC|RAP] FILE CLOSE <replaceable>fileid</replaceable></title> + +<para>Close file with specified <replaceable>fileid</replaceable> on +remote server.</para> + +</refsect3> + +<refsect3> +<title>[RPC|RAP] FILE INFO <replaceable>fileid</replaceable></title> + +<para> +Print information on specified <replaceable>fileid</replaceable>. +Currently listed are: file-id, username, locks, path, permissions. +</para> + +</refsect3> + +<refsect3> +<title>[RAP|RPC] FILE USER</title> + +¬.implemented; + +</refsect3> + +</refsect2> + +<refsect2> +<title>SESSION</title> + +<refsect3> +<title>RAP SESSION</title> + +<para>Without any other options, SESSION enumerates all active SMB/CIFS +sessions on the target server.</para> + +</refsect3> + +<refsect3> +<title>RAP SESSION DELETE|CLOSE <replaceable>CLIENT_NAME</replaceable></title> + +<para>Close the specified sessions.</para> + +</refsect3> + +<refsect3> +<title>RAP SESSION INFO <replaceable>CLIENT_NAME</replaceable></title> + +<para>Give a list with all the open files in specified session.</para> + +</refsect3> + +</refsect2> + +<refsect2> +<title>RAP SERVER <replaceable>DOMAIN</replaceable></title> + +<para>List all servers in specified domain or workgroup. Defaults +to local domain.</para> + +</refsect2> + +<refsect2> +<title>RAP DOMAIN</title> + +<para>Lists all domains and workgroups visible on the +current network.</para> + +</refsect2> + +<refsect2> +<title>RAP PRINTQ</title> + +<refsect3> +<title>RAP PRINTQ LIST <replaceable>QUEUE_NAME</replaceable></title> + +<para>Lists the specified print queue and print jobs on the server. +If the <replaceable>QUEUE_NAME</replaceable> is omitted, all +queues are listed.</para> + +</refsect3> + +<refsect3> +<title>RAP PRINTQ DELETE <replaceable>JOBID</replaceable></title> + +<para>Delete job with specified id.</para> + +</refsect3> + +</refsect2> + +<refsect2> +<title>RAP VALIDATE <replaceable>user</replaceable> [<replaceable>password</replaceable>]</title> + +<para> +Validate whether the specified user can log in to the +remote server. If the password is not specified on the commandline, it +will be prompted. +</para> + +¬.implemented; + +</refsect2> + +<refsect2> +<title>RAP GROUPMEMBER</title> + +<refsect3> +<title>RAP GROUPMEMBER LIST <replaceable>GROUP</replaceable></title> + +<para>List all members of the specified group.</para> + +</refsect3> + +<refsect3> +<title>RAP GROUPMEMBER DELETE <replaceable>GROUP</replaceable> <replaceable>USER</replaceable></title> + +<para>Delete member from group.</para> + +</refsect3> + +<refsect3> +<title>RAP GROUPMEMBER ADD <replaceable>GROUP</replaceable> <replaceable>USER</replaceable></title> + +<para>Add member to group.</para> + +</refsect3> + +</refsect2> + +<refsect2> +<title>RAP ADMIN <replaceable>command</replaceable></title> + +<para>Execute the specified <replaceable>command</replaceable> on +the remote server. Only works with OS/2 servers. +</para> + +¬.implemented; + +</refsect2> + +<refsect2> +<title>RAP SERVICE</title> + +<refsect3> +<title>RAP SERVICE START <replaceable>NAME</replaceable> [arguments...]</title> + +<para>Start the specified service on the remote server. Not implemented yet.</para> + +¬.implemented; + +</refsect3> + +<refsect3> +<title>RAP SERVICE STOP</title> + +<para>Stop the specified service on the remote server.</para> + +¬.implemented; + +</refsect3> + +</refsect2> + +<refsect2> +<title>RAP PASSWORD <replaceable>USER</replaceable> <replaceable>OLDPASS</replaceable> <replaceable>NEWPASS</replaceable></title> + +<para> +Change password of <replaceable>USER</replaceable> from <replaceable>OLDPASS</replaceable> to <replaceable>NEWPASS</replaceable>. +</para> + +</refsect2> + +<refsect2> +<title>LOOKUP</title> + +<refsect3> +<title>LOOKUP HOST <replaceable>HOSTNAME</replaceable> [<replaceable>TYPE</replaceable>]</title> + +<para> +Lookup the IP address of the given host with the specified type (netbios suffix). +The type defaults to 0x20 (workstation). +</para> + +</refsect3> + +<refsect3> +<title>LOOKUP LDAP [<replaceable>DOMAIN</replaceable></title> + +<para>Give IP address of LDAP server of specified <replaceable>DOMAIN</replaceable>. Defaults to local domain.</para> + +</refsect3> + +<refsect3> +<title>LOOKUP KDC [<replaceable>REALM</replaceable>]</title> + +<para>Give IP address of KDC for the specified <replaceable>REALM</replaceable>. +Defaults to local realm.</para> + +</refsect3> + +<refsect3> +<title>LOOKUP DC [<replaceable>DOMAIN</replaceable>]</title> + +<para>Give IP's of Domain Controllers for specified <replaceable> +DOMAIN</replaceable>. Defaults to local domain.</para> + +</refsect3> + +<refsect3> +<title>LOOKUP MASTER <replaceable>DOMAIN</replaceable></title> + +<para>Give IP of master browser for specified <replaceable>DOMAIN</replaceable> +or workgroup. Defaults to local domain.</para> + +</refsect3> + +</refsect2> + +<refsect2> +<title>CACHE</title> + +<para>Samba uses a general caching interface called 'gencache'. It +can be controlled using 'NET CACHE'.</para> + +<para>All the timeout parameters support the suffixes: + +<simplelist> +<member>s - Seconds</member> +<member>m - Minutes</member> +<member>h - Hours</member> +<member>d - Days</member> +<member>w - Weeks</member> +</simplelist> + +</para> + +<refsect3> +<title>CACHE ADD <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable></title> + +<para>Add specified key+data to the cache with the given timeout.</para> + +</refsect3> + +<refsect3> +<title>CACHE DEL <replaceable>key</replaceable></title> + +<para>Delete key from the cache.</para> + +</refsect3> + +<refsect3> +<title>CACHE SET <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable></title> + +<para>Update data of existing cache entry.</para> + +</refsect3> + +<refsect3> +<title>CACHE SEARCH <replaceable>PATTERN</replaceable></title> + +<para>Search for the specified pattern in the cache data.</para> + +</refsect3> + +<refsect3> +<title>CACHE LIST</title> + +<para> +List all current items in the cache. +</para> + +</refsect3> + +<refsect3> +<title>CACHE FLUSH</title> + +<para>Remove all the current items from the cache.</para> + +</refsect3> + +</refsect2> + +<refsect2> +<title>GETLOCALSID [DOMAIN]</title> + +<para>Print the SID of the specified domain, or if the parameter is +omitted, the SID of the domain the local server is in.</para> + +</refsect2> + +<refsect2> +<title>SETLOCALSID S-1-5-21-x-y-z</title> + +<para>Sets domain sid for the local server to the specified SID.</para> + +</refsect2> + +<refsect2> +<title>GROUPMAP</title> + +<para>Manage the mappings between Windows group SIDs and UNIX groups. +Parameters take the for "parameter=value". Common options include:</para> + +<itemizedlist> +<listitem><para>unixgroup - Name of the UNIX group</para></listitem> +<listitem><para>ntgroup - Name of the Windows NT group (must be + resolvable to a SID</para></listitem> +<listitem><para>rid - Unsigned 32-bit integer</para></listitem> +<listitem><para>sid - Full SID in the form of "S-1-..."</para></listitem> +<listitem><para>type - Type of the group; either 'domain', 'local', + or 'builtin'</para></listitem> +<listitem><para>comment - Freeform text description of the group</para></listitem> +</itemizedlist> + +<refsect3> +<title>GROUPMAP ADD</title> + +<para>Add a new group mapping entry</para> + +<para>net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local}] [ntgroup=string] [comment=string]</para> + +</refsect3> + +<refsect3> +<title>GROUPMAP DELETE</title> + +<para>Delete a group mapping entry. If more then one group name matches, the first entry found is deleted.</para> + +<para>net groupmap delete {ntgroup=string|sid=SID}</para> + +</refsect3> + +<refsect3> +<title>GROUPMAP MODIFY</title> + +<para>Update en existing group entry</para> + +<para>net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}]</para> +</refsect3> + +<refsect3> +<title>GROUPMAP LIST</title> + +<para>List existing group mapping entries</para> + +<para>net groupmap list [verbose] [ntgroup=string] [sid=SID]</para> + +</refsect3> +</refsect2> + + + +<refsect2> +<title>MAXRID</title> + +<para>Prints out the highest RID currently in use on the local +server (by the active 'passdb backend'). +</para> + +</refsect2> + +<refsect2> +<title>RPC INFO</title> + +<para>Print information about the domain of the remote server, +such as domain name, domain sid and number of users and groups. +</para> + +</refsect2> + +<refsect2> +<title>[RPC|ADS] TESTJOIN</title> + +<para>Check whether participation in a domain is still valid.</para> + +</refsect2> + +<refsect2> +<title>[RPC|ADS] CHANGETRUSTPW</title> + +<para>Force change of domain trust password.</para> + +</refsect2> + +<refsect2> +<title>RPC TRUSTDOM</title> + +<refsect3> +<title>RPC TRUSTDOM ADD <replaceable>DOMAIN</replaceable></title> + +<para>Add a interdomain trust account for +<replaceable>DOMAIN</replaceable> to the remote server. +</para> + +</refsect3> + +<refsect3> +<title>RPC TRUSTDOM DEL <replaceable>DOMAIM</replaceable></title> + +<para>Remove interdomain trust account for +<replaceable>DOMAIN</replaceable> from the remote server. +</para> + +¬.implemented; + +</refsect3> + +<refsect3> +<title>RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable></title> + +<para> +Establish a trust relationship to a trusting domain. +Interdomain account must already be created on the remote PDC. +</para> + +</refsect3> + +<refsect3> +<title>RPC TRUSTDOM REVOKE <replaceable>DOMAIN</replaceable></title> +<para>Abandon relationship to trusted domain</para> + +</refsect3> + +<refsect3> +<title>RPC TRUSTDOM LIST</title> + +<para>List all current interdomain trust relationships.</para> + +</refsect3> + +<refsect3> +<title>RPC RIGHTS</title> + +<para>This subcommand is used to view and manage Samba's rights assignments (also +referred to as privileges). There are three options current available: +<parameter>list</parameter>, <parameter>grant</parameter>, and +<parameter>revoke</parameter>. More details on Samba's privilege model and its use +can be found in the Samba-HOWTO-Collection.</para> + +</refsect3> + + +</refsect2> + +<refsect2> +<title>RPC ABORTSHUTDOWN</title> + +<para>Abort the shutdown of a remote server.</para> + +</refsect2> + +<refsect2> +<title>SHUTDOWN [-t timeout] [-r] [-f] [-C message]</title> + +<para>Shut down the remote server.</para> + +<variablelist> +<varlistentry> +<term>-r</term> +<listitem><para> +Reboot after shutdown. +</para></listitem> +</varlistentry> + +<varlistentry> +<term>-f</term> +<listitem><para> +Force shutting down all applications. +</para></listitem> +</varlistentry> + +<varlistentry> +<term>-t timeout</term> +<listitem><para> +Timeout before system will be shut down. An interactive +user of the system can use this time to cancel the shutdown. +</para></listitem> +</varlistentry>'> + +<varlistentry> +<term>-C message</term> +<listitem><para>Display the specified message on the screen to +announce the shutdown.</para></listitem> +</varlistentry> +</variablelist> + +</refsect2> + +<refsect2> +<title>SAMDUMP</title> + +<para>Print out sam database of remote server. You need +to run this on either a BDC. <!-- +Is that correct? - Jelmer --></para> +</refsect2> + +<refsect2> +<title>VAMPIRE</title> + +<para>Export users, aliases and groups from remote server to +local server. Can only be run an a BDC. +</para> + +</refsect2> + +<refsect2> +<title>GETSID</title> + +<para>Fetch domain SID and store it in the local <filename>secrets.tdb</filename>. </para> + +</refsect2> + +<refsect2> +<title>ADS LEAVE</title> + +<para>Make the remote host leave the domain it is part of. </para> + +</refsect2> + +<refsect2> +<title>ADS STATUS</title> + +<para>Print out status of machine account of the local machine in ADS. +Prints out quite some debug info. Aimed at developers, regular +users should use <command>NET ADS TESTJOIN</command>.</para> + +</refsect2> + +<refsect2> +<title>ADS PRINTER</title> + +<refsect3> +<title>ADS PRINTER INFO [<replaceable>PRINTER</replaceable>] [<replaceable>SERVER</replaceable>]</title> + +<para> +Lookup info for <replaceable>PRINTER</replaceable> on <replaceable>SERVER</replaceable>. The printer name defaults to "*", the +server name defaults to the local host.</para> + +</refsect3> + +<refsect3> +<title>ADS PRINTER PUBLISH <replaceable>PRINTER</replaceable></title> + +<para>Publish specified printer using ADS.</para> + +</refsect3> + +<refsect3> +<title>ADS PRINTER REMOVE <replaceable>PRINTER</replaceable></title> + +<para>Remove specified printer from ADS directory.</para> + +</refsect3> + +</refsect2> + +<refsect2> +<title>ADS SEARCH <replaceable>EXPRESSION</replaceable> <replaceable>ATTRIBUTES...</replaceable></title> + +<para>Perform a raw LDAP search on a ADS server and dump the results. The +expression is a standard LDAP search expression, and the +attributes are a list of LDAP fields to show in the results.</para> + +<para>Example: <userinput>net ads search '(objectCategory=group)' sAMAccountName</userinput> +</para> + +</refsect2> + +<refsect2> +<title>ADS DN <replaceable>DN</replaceable> <replaceable>(attributes)</replaceable></title> + +<para> +Perform a raw LDAP search on a ADS server and dump the results. The +DN standard LDAP DN, and the attributes are a list of LDAP fields +to show in the result. +</para> + +<para>Example: <userinput>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</userinput></para> + +</refsect2> + +<refsect2> +<title>WORKGROUP</title> + +<para>Print out workgroup name for specified kerberos realm.</para> + +</refsect2> + + +<refsect2> +<title>HELP [COMMAND]</title> + +<para>Gives usage information for the specified command.</para> + +</refsect2> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is complete for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The net manpage was written by Jelmer Vernooij.</para> + +</refsect1> + +</refentry> diff --git a/docs/manpages-3/nmbd.8.xml b/docs/manpages-3/nmbd.8.xml new file mode 100644 index 0000000000..c7366fcea8 --- /dev/null +++ b/docs/manpages-3/nmbd.8.xml @@ -0,0 +1,290 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="nmbd.8"> + +<refmeta> + <refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>nmbd</refname> + <refpurpose>NetBIOS name server to provide NetBIOS + over IP naming services to clients</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>nmbd</command> + <arg choice="opt">-D</arg> + <arg choice="opt">-F</arg> + <arg choice="opt">-S</arg> + <arg choice="opt">-a</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-o</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-V</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-H <lmhosts file></arg> + <arg choice="opt">-l <log directory></arg> + <arg choice="opt">-p <port number></arg> + <arg choice="opt">-s <configuration file></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + <para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>nmbd</command> is a server that understands + and can reply to NetBIOS over IP name service requests, like + those produced by SMB/CIFS clients such as Windows 95/98/ME, + Windows NT, Windows 2000, Windows XP and LanManager clients. It also + participates in the browsing protocols which make up the + Windows "Network Neighborhood" view.</para> + + <para>SMB/CIFS clients, when they start up, may wish to + locate an SMB/CIFS server. That is, they wish to know what + IP number a specified host is using.</para> + + <para>Amongst other services, <command>nmbd</command> will + listen for such requests, and if its own NetBIOS name is + specified it will respond with the IP number of the host it + is running on. Its "own NetBIOS name" is by + default the primary DNS name of the host it is running on, + but this can be overridden by the <smbconfoption name="netbios name"/> + in &smb.conf;. Thus <command>nmbd</command> will + reply to broadcast queries for its own name(s). Additional + names for <command>nmbd</command> to respond on can be set + via parameters in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> configuration file.</para> + + <para><command>nmbd</command> can also be used as a WINS + (Windows Internet Name Server) server. What this basically means + is that it will act as a WINS database server, creating a + database from name registration requests that it receives and + replying to queries from clients for these names.</para> + + <para>In addition, <command>nmbd</command> can act as a WINS + proxy, relaying broadcast queries from clients that do + not understand how to talk the WINS protocol to a WINS + server.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-D</term> + <listitem><para>If specified, this parameter causes + <command>nmbd</command> to operate as a daemon. That is, + it detaches itself and runs in the background, fielding + requests on the appropriate port. By default, <command>nmbd</command> + will operate as a daemon if launched from a command shell. + nmbd can also be operated from the <command>inetd</command> + meta-daemon, although this is not recommended. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-F</term> + <listitem><para>If specified, this parameter causes + the main <command>nmbd</command> process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + <command>nmbd</command> under process supervisors such + as <command>supervise</command> and <command>svscan</command> + from Daniel J. Bernstein's <command>daemontools</command> + package, or the AIX process monitor. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-S</term> + <listitem><para>If specified, this parameter causes + <command>nmbd</command> to log to standard output rather + than a file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-i</term> + <listitem><para>If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit daemon mode when run from the + command line. <command>nmbd</command> also logs to standard + output, as if the <constant>-S</constant> parameter had been + given. </para></listitem> + </varlistentry> + + &stdarg.help; + + <varlistentry> + <term>-H <filename></term> + <listitem><para>NetBIOS lmhosts file. The lmhosts + file is a list of NetBIOS names to IP addresses that + is loaded by the nmbd server and used via the name + resolution mechanism <smbconfoption name="name resolve order"/> described in <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> to resolve any + NetBIOS name queries needed by the server. Note + that the contents of this file are <emphasis>NOT</emphasis> + used by <command>nmbd</command> to answer any name queries. + Adding a line to this file affects name NetBIOS resolution + from this host <emphasis>ONLY</emphasis>.</para> + + <para>The default path to this file is compiled into + Samba as part of the build process. Common defaults + are <filename>/usr/local/samba/lib/lmhosts</filename>, + <filename>/usr/samba/lib/lmhosts</filename> or + <filename>/etc/samba/lmhosts</filename>. See the <citerefentry><refentrytitle>lmhosts</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> man page for details on the contents of this file.</para></listitem> + </varlistentry> + + &popt.common.samba; + + <varlistentry> + <term>-p <UDP port number></term> + <listitem><para>UDP port number is a positive integer value. + This option changes the default UDP port number (normally 137) + that <command>nmbd</command> responds to name queries on. Don't + use this option unless you are an expert, in which case you + won't need help!</para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/inetd.conf</filename></term> + <listitem><para>If the server is to be run by the + <command>inetd</command> meta-daemon, this file + must contain suitable startup information for the + meta-daemon. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/rc</filename></term> + <listitem><para>or whatever initialization script your + system uses).</para> + + <para>If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server.</para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/services</filename></term> + <listitem><para>If running the server via the + meta-daemon <command>inetd</command>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/usr/local/samba/lib/smb.conf</filename></term> + <listitem><para>This is the default location of + the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> server + configuration file. Other common places that systems + install this file are <filename>/usr/samba/lib/smb.conf</filename> + and <filename>/etc/samba/smb.conf</filename>.</para> + + <para>When run as a WINS server (see the + <smbconfoption name="wins support"/> + parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> man page), + <command>nmbd</command> + will store the WINS database in the file <filename>wins.dat</filename> + in the <filename>var/locks</filename> directory configured under + wherever Samba was configured to install itself.</para> + + <para>If <command>nmbd</command> is acting as a <emphasis> + browse master</emphasis> (see the <smbconfoption name="local master"/> + parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> man page, <command>nmbd</command> + will store the browsing database in the file <filename>browse.dat + </filename> in the <filename>var/locks</filename> directory + configured under wherever Samba was configured to install itself. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>SIGNALS</title> + + <para>To shut down an <command>nmbd</command> process it is recommended + that SIGKILL (-9) <emphasis>NOT</emphasis> be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate <command>nmbd</command> is to send it + a SIGTERM (-15) signal and wait for it to die on its own.</para> + + <para><command>nmbd</command> will accept SIGHUP, which will cause + it to dump out its namelists into the file <filename>namelist.debug + </filename> in the <filename>/usr/local/samba/var/locks</filename> + directory (or the <filename>var/locks</filename> directory configured + under wherever Samba was configured to install itself). This will also + cause <command>nmbd</command> to dump out its server database in + the <filename>log.nmb</filename> file.</para> + + <para>The debug log level of nmbd may be raised or lowered + using <citerefentry><refentrytitle>smbcontrol</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> (SIGUSR[1|2] signals + are no longer used since Samba 2.2). This is to allow + transient problems to be diagnosed, whilst still running + at a normally low log level.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry><refentrytitle>inetd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, and the Internet + RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/"> + http://samba.org/cifs/</ulink>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/nmblookup.1.xml b/docs/manpages-3/nmblookup.1.xml new file mode 100644 index 0000000000..551235b53a --- /dev/null +++ b/docs/manpages-3/nmblookup.1.xml @@ -0,0 +1,220 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="nmblookup"> + +<refmeta> + <refentrytitle>nmblookup</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>nmblookup</refname> + <refpurpose>NetBIOS over TCP/IP client used to lookup NetBIOS + names</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>nmblookup</command> + <arg choice="opt">-M</arg> + <arg choice="opt">-R</arg> + <arg choice="opt">-S</arg> + <arg choice="opt">-r</arg> + <arg choice="opt">-A</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-B <broadcast address></arg> + <arg choice="opt">-U <unicast address></arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-i <NetBIOS scope></arg> + <arg choice="opt">-T</arg> + <arg choice="opt">-f</arg> + <arg choice="req">name</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>nmblookup</command> is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-M</term> + <listitem><para>Searches for a master browser by looking + up the NetBIOS name <replaceable>name</replaceable> with a + type of <constant>0x1d</constant>. If <replaceable> + name</replaceable> is "-" then it does a lookup on the special name + <constant>__MSBROWSE__</constant>. Please note that in order to + use the name "-", you need to make sure "-" isn't parsed as an + argument, e.g. use : + <userinput>nmblookup -M -- -</userinput>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-R</term> + <listitem><para>Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See RFC1001, RFC1002 for details. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-S</term> + <listitem><para>Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-r</term> + <listitem><para>Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon is running on this machine it also binds to this port. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-A</term> + <listitem><para>Interpret <replaceable>name</replaceable> as + an IP Address and do a node status query on this address.</para> + </listitem> + </varlistentry> + + + + &popt.common.connection; + &stdarg.help; + + <varlistentry> + <term>-B <broadcast address></term> + <listitem><para>Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the <ulink + url="smb.conf.5.html#INTERFACES"><parameter>interfaces</parameter> + </ulink> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-U <unicast address></term> + <listitem><para>Do a unicast query to the specified address or + host <replaceable>unicast address</replaceable>. This option + (along with the <parameter>-R</parameter> option) is needed to + query a WINS server.</para></listitem> + </varlistentry> + + + &popt.common.samba; + + <varlistentry> + <term>-T</term> + <listitem><para>This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each</para> + + <para><emphasis>IP address .... NetBIOS name</emphasis></para> + + <para> pair that is the normal output.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-f</term> + <listitem><para> + Show which flags apply to the name that has been looked up. Possible + answers are zero or more of: Response, Authoritative, + Truncated, Recursion_Desired, Recursion_Available, Broadcast. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>name</term> + <listitem><para>This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>EXAMPLES</title> + + <para><command>nmblookup</command> can be used to query + a WINS server (in the same way <command>nslookup</command> is + used to query DNS servers). To query a WINS server, <command>nmblookup</command> + must be called like this:</para> + + <para><command>nmblookup -U server -R 'name'</command></para> + + <para>For example, running :</para> + + <para><command>nmblookup -U samba.org -R 'IRIX#1B'</command></para> + + <para>would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>, and <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/ntlm_auth.1.xml b/docs/manpages-3/ntlm_auth.1.xml new file mode 100644 index 0000000000..85052fb71a --- /dev/null +++ b/docs/manpages-3/ntlm_auth.1.xml @@ -0,0 +1,406 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="ntlm-auth.1"> + +<refmeta> + <refentrytitle>ntlm_auth</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>ntlm_auth</refname> + <refpurpose>tool to allow external access to Winbind's NTLM authentication function</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>ntlm_auth</command> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-l logdir</arg> + <arg choice="opt">-s <smb config file></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>ntlm_auth</command> is a helper utility that authenticates + users using NT/LM authentication. It returns 0 if the users is authenticated + successfully and 1 if access was denied. ntlm_auth uses winbind to access + the user and authentication data for a domain. This utility + is only indended to be used by other programs (currently + <ulink url="http://www.squid-cache.org/">Squid</ulink> + and <ulink url="http://download.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/">mod_ntlm_winbind</ulink>) + </para> +</refsect1> + +<refsect1> + <title>OPERATIONAL REQUIREMENTS</title> + + <para> + The <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon must be operational + for many of these commands to function.</para> + + <para>Some of these commands also require access to the directory + <filename>winbindd_privileged</filename> in + <filename>$LOCKDIR</filename>. This should be done either by running + this command as root or providing group access + to the <filename>winbindd_privileged</filename> directory. For + security reasons, this directory should not be world-accessable. </para> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>--helper-protocol=PROTO</term> + <listitem><para> + Operate as a stdio-based helper. Valid helper protocols are: + </para> + <variablelist> + <varlistentry> + <term>squid-2.4-basic</term> + <listitem><para> + Server-side helper for use with Squid 2.4's basic (plaintext) + authentication. </para> + </listitem> + </varlistentry> + <varlistentry> + <term>squid-2.5-basic</term> + <listitem><para> + Server-side helper for use with Squid 2.5's basic (plaintext) + authentication. </para> + </listitem> + </varlistentry> + <varlistentry> + <term>squid-2.5-ntlmssp</term> + <listitem><para> + Server-side helper for use with Squid 2.5's NTLMSSP + authentication. </para> + <para>Requires access to the directory + <filename>winbindd_privileged</filename> in + <filename>$LOCKDIR</filename>. The protocol used is + described here: <ulink + url="http://devel.squid-cache.org/ntlm/squid_helper_protocol.html">http://devel.squid-cache.org/ntlm/squid_helper_protocol.html</ulink>. + This protocol has been extended to allow the + NTLMSSP Negotiate packet to be included as an argument + to the <command>YR</command> command. (Thus avoiding + loss of information in the protocol exchange). + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ntlmssp-client-1</term> + <listitem><para> + Client-side helper for use with arbitary external + programs that may wish to use Samba's NTLMSSP + authentication knowlege. </para> + <para>This helper is a client, and as such may be run by any + user. The protocol used is + effectivly the reverse of the previous protocol. A + <command>YR</command> command (without any arguments) + starts the authentication exchange. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>gss-spnego</term> + <listitem><para> + Server-side helper that implements GSS-SPNEGO. This + uses a protocol that is almost the same as + <command>squid-2.5-ntlmssp</command>, but has some + subtle differences that are undocumented outside the + source at this stage. + </para> + <para>Requires access to the directory + <filename>winbindd_privileged</filename> in + <filename>$LOCKDIR</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>gss-spnego-client</term> + <listitem><para> + Client-side helper that implements GSS-SPNEGO. This + also uses a protocol similar to the above helpers, but + is currently undocumented. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ntlm-server-1</term> + <listitem><para> + Server-side helper protocol, intended for use by a + RADIUS server or the 'winbind' plugin for pppd, for + the provision of MSCHAP and MSCHAPv2 authentication. + </para> + <para>This protocol consists of lines in for form: + <command>Parameter: value</command> and <command>Paramter:: + Base64-encode value</command>. The presence of a single + period <command>.</command> indicates that one side has + finished supplying data to the other. (Which in turn + could cause the helper to authenticate the + user). </para> + + <para>Curently implemented parameters from the + external program to the helper are:</para> + <variablelist> + <varlistentry> + <term>Username</term> + + <listitem><para>The username, expected to be in + Samba's <smbconfoption name="unix charset"/>. + </para> + + <para><example>Username: bob</example></para> + <para><example>Username:: Ym9i</example></para> + </listitem></varlistentry> + + <varlistentry> + <term>Username</term> + <listitem><para>The user's domain, expected to be in + Samba's <smbconfoption name="unix charset"/>. + </para> + + <para><example>Domain: WORKGROUP</example></para> + <para><example>Domain:: V09SS0dST1VQ</example></para> + </listitem></varlistentry> + + <varlistentry> + <term>Full-Username</term> + <listitem><para>The fully qualified username, expected to be in + Samba's <smbconfoption><name>unix + charset</name></smbconfoption> and qualified with the + <smbconfoption name="winbind separator"/>. + </para> + + <para><example>Full-Username: WORKGROUP\bob</example></para> + <para><example>Full-Username:: V09SS0dST1VQYm9i</example></para> + </listitem></varlistentry> + + <varlistentry> + <term>LANMAN-Challenge</term> + + <listitem><para>The 8 byte <command>LANMAN Challenge</command> value, + generated randomly by the server, or (in cases such as + MSCHAPv2) generated in some way by both the server and + the client. + </para> + <para><example>LANMAN-Challege: 0102030405060708</example></para> + </listitem></varlistentry> + + <varlistentry> + <term>LANMAN-Response</term> + + <listitem><para>The 24 byte <command>LANMAN Response</command> value, + calculated from the user's password and the supplied + <command>LANMAN Challenge</command>. Typically, this + is provided over the network by a client wishing to authenticate. + </para> + <para><example>LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718</example></para> + + </listitem></varlistentry> + + <varlistentry> + <term>NT-Response</term> + <listitem><para>The >= 24 byte <command>NT Response</command> + calculated from the user's password and the supplied + <command>LANMAN Challenge</command>. Typically, this is + provided over the network by a client wishing to authenticate. + </para> + <para><example>NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718</example></para> + + </listitem></varlistentry> + + <varlistentry> + <term>Password</term> + <listitem><para>The user's password. This would be + provided by a network client, if the helper is being + used in a legacy situation that exposes plaintext + passwords in this way. + </para> + <para><example>Password: samba2</example></para> + <para><example>Password:: c2FtYmEy</example></para> + + </listitem></varlistentry> + + <varlistentry> + <term>Request-User-Session-Key</term> + <listitem><para>Apon sucessful authenticaiton, return + the user session key associated with the login. + </para> + <para><example>Request-User-Session-Key: Yes</example></para> + + </listitem></varlistentry> + + <varlistentry> + <term>Request-LanMan-Session-Key</term> + <listitem><para>Apon sucessful authenticaiton, return + the LANMAN session key associated with the login. + </para> + <para><example>Request-LanMan-Session-Key: Yes</example></para> + + </listitem></varlistentry> + + <para><warning>Implementors should take care to base64 encode + any data (such as usernames/passwords) that may contain malicous user data, such as + a newline. They may also need to decode strings from + the helper, which likewise may have been base64 encoded.</warning></para> + </variablelist> + + </listitem> + </varlistentry> + </variablelist> + </listitem> + </varlistentry> + + <varlistentry> + <term>--username=USERNAME</term> + <listitem><para> + Specify username of user to authenticate + </para></listitem> + + </varlistentry> + + <varlistentry> + <term>--domain=DOMAIN</term> + <listitem><para> + Specify domain of user to authenticate + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--workstation=WORKSTATION</term> + <listitem><para> + Specify the workstation the user authenticated from + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--challenge=STRING</term> + <listitem><para>NTLM challenge (in HEXADECIMAL)</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>--lm-response=RESPONSE</term> + <listitem><para>LM Response to the challenge (in HEXADECIMAL)</para></listitem> + </varlistentry> + + <varlistentry> + <term>--nt-response=RESPONSE</term> + <listitem><para>NT or NTLMv2 Response to the challenge (in HEXADECIMAL)</para></listitem> + </varlistentry> + + <varlistentry> + <term>--password=PASSWORD</term> + <listitem><para>User's plaintext password</para><para>If + not specified on the command line, this is prompted for when + required. </para> + + <para>For the NTLMSSP based server roles, this paramter + specifies the expected password, allowing testing without + winbindd operational.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>--request-lm-key</term> + <listitem><para>Retreive LM session key</para></listitem> + </varlistentry> + + <varlistentry> + <term>--request-nt-key</term> + <listitem><para>Request NT key</para></listitem> + </varlistentry> + + <varlistentry> + <term>--diagnostics</term> + <listitem><para>Perform Diagnostics on the authentication + chain. Uses the password from <command>--password</command> + or prompts for one.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>--require-membership-of={SID|Name}</term> + <listitem><para>Require that a user be a member of specified + group (either name or SID) for authentication to succeed.</para> + </listitem> + </varlistentry> + + &popt.common.samba; + &stdarg.help; + + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLE SETUP</title> + + <para>To setup ntlm_auth for use by squid 2.5, with both basic and + NTLMSSP authentication, the following + should be placed in the <filename>squid.conf</filename> file. +<programlisting> +auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp +auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic +auth_param basic children 5 +auth_param basic realm Squid proxy-caching web server +auth_param basic credentialsttl 2 hours +</programlisting></para> + +<note><para>This example assumes that ntlm_auth has been installed into your + path, and that the group permissions on + <filename>winbindd_privileged</filename> are as described above.</para></note> + + <para>To setup ntlm_auth for use by squid 2.5 with group limitation in addition to the above + example, the following should be added to the <filename>squid.conf</filename> file. +<programlisting> +auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users' +auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users' +</programlisting></para> + +</refsect1> + +<refsect1> + <title>TROUBLESHOOTING</title> + + <para>If you're experiencing problems with authenticating Internet Explorer running + under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication + helper (--helper-protocol=squid-2.5-ntlmssp), then please read + <ulink url="http://support.microsoft.com/support/kb/articles/Q239/8/69.ASP"> + the Microsoft Knowledge Base article #239869 and follow instructions described there</ulink>. + </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The ntlm_auth manpage was written by Jelmer Vernooij and + Andrew Bartlett.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/pam_winbind.8.xml b/docs/manpages-3/pam_winbind.8.xml new file mode 100644 index 0000000000..00d219fc72 --- /dev/null +++ b/docs/manpages-3/pam_winbind.8.xml @@ -0,0 +1,110 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="pam_winbind.8"> + +<refmeta> + <refentrytitle>pam_winbind</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>pam_winbind</refname> + <refpurpose>PAM module for Winbind</refpurpose> +</refnamediv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>pam_winbind is a PAM module that can authenticate users against the local domain + by talking to the Winbind daemon.</para> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <para> + pam_winbind supports several options: + <variablelist> + + <varlistentry> + <term>debug</term> + <listitem><para>Gives debugging output to syslog.</para></listitem> + </varlistentry> + + <varlistentry> + <term>require_membership_of=[SID or NAME]</term> + <listitem><para> + If this option is set, pam_winbind will only succeed if the + user is a member of the given SID or NAME. A SID can be either a group-SID, a + alias-SID or even a user-SID. It is also possible to give a NAME instead of the + SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or + <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup + the SID internally. Note that NAME may not contain any spaces. It is thus + recommended to only use SIDs. You can verify the list of SIDs a user is a member + of with <command>wbinfo --user-sids=SID</command>. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>try_first_pass</term> + <listitem><para></para></listitem> + </varlistentry> + + <varlistentry> + <term>use_first_pass</term> + <listitem><para> + By default, pam_winbind tries to get the + authentication token from a previous module. If no token is available it asks the user + for the old password. With this option, pam_winbind aborts with an + error if no authentication token from a previous module is available. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>use_authtok</term> + <listitem><para> + Set the new password to the one provided by the previously + stacked password module. If this option is not set pam_winbind will ask the + user for the new password. + </para></listitem> + </varlistentry> + + </variablelist> + + + </para> + +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry> + <refentrytitle>wbinfo</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of Samba.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>This manpage was written by Jelmer Vernooij and Guenther Deschner.</para> + +</refsect1> + +</refentry> diff --git a/docs/manpages-3/pdbedit.8.xml b/docs/manpages-3/pdbedit.8.xml new file mode 100644 index 0000000000..84dffe67da --- /dev/null +++ b/docs/manpages-3/pdbedit.8.xml @@ -0,0 +1,423 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="pdbedit.8"> + +<refmeta> + <refentrytitle>pdbedit</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>pdbedit</refname> + <refpurpose>manage the SAM database (Database of Samba Users)</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>pdbedit</command> + <arg choice="opt">-L</arg> + <arg choice="opt">-v</arg> + <arg choice="opt">-w</arg> + <arg choice="opt">-u username</arg> + <arg choice="opt">-f fullname</arg> + <arg choice="opt">-h homedir</arg> + <arg choice="opt">-D drive</arg> + <arg choice="opt">-S script</arg> + <arg choice="opt">-p profile</arg> + <arg choice="opt">-a</arg> + <arg choice="opt">-m</arg> + <arg choice="opt">-r</arg> + <arg choice="opt">-x</arg> + <arg choice="opt">-i passdb-backend</arg> + <arg choice="opt">-e passdb-backend</arg> + <arg choice="opt">-b passdb-backend</arg> + <arg choice="opt">-g</arg> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-s configfile</arg> + <arg choice="opt">-P account-policy</arg> + <arg choice="opt">-C value</arg> + <arg choice="opt">-c account-control</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The pdbedit program is used to manage the users accounts + stored in the sam database and can only be run by root.</para> + + <para>The pdbedit tool uses the passdb modular interface and is + independent from the kind of users database used (currently there + are smbpasswd, ldap, nis+ and tdb based and more can be added + without changing the tool).</para> + + <para>There are five main ways to use pdbedit: adding a user account, + removing a user account, modifing a user account, listing user + accounts, importing users accounts.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term>-L</term> + <listitem><para>This option lists all the user accounts + present in the users database. + This option prints a list of user/uid pairs separated by + the ':' character.</para> + <para>Example: <command>pdbedit -L</command></para> + <para><screen> +sorce:500:Simo Sorce +samba:45:Test User +</screen></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-v</term> + <listitem><para>This option enables the verbose listing format. + It causes pdbedit to list the users in the database, printing + out the account fields in a descriptive format.</para> + + <para>Example: <command>pdbedit -L -v</command></para> + <para><screen> +--------------- +username: sorce +user ID/Group: 500/500 +user RID/GRID: 2000/2001 +Full Name: Simo Sorce +Home Directory: \\BERSERKER\sorce +HomeDir Drive: H: +Logon Script: \\BERSERKER\netlogon\sorce.bat +Profile Path: \\BERSERKER\profile +--------------- +username: samba +user ID/Group: 45/45 +user RID/GRID: 1090/1091 +Full Name: Test User +Home Directory: \\BERSERKER\samba +HomeDir Drive: +Logon Script: +Profile Path: \\BERSERKER\profile +</screen></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-w</term> + <listitem><para>This option sets the "smbpasswd" listing format. + It will make pdbedit list the users in the database, printing + out the account fields in a format compatible with the + <filename>smbpasswd</filename> file format. (see the + <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details)</para> + + <para>Example: <command>pdbedit -L -w</command></para> + <screen> +sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: +samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: +</screen> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-u username</term> + <listitem><para>This option specifies the username to be + used for the operation requested (listing, adding, removing). + It is <emphasis>required</emphasis> in add, remove and modify + operations and <emphasis>optional</emphasis> in list + operations.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-f fullname</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's full + name. </para> + + <para>Example: <command>-f "Simo Sorce"</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-h homedir</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's home + directory network path.</para> + + <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-D drive</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the windows drive + letter to be used to map the home directory.</para> + + <para>Example: <command>-d "H:"</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-S script</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's logon + script path.</para> + + <para>Example: <command>-S "\\\\BERSERKER\\netlogon\\sorce.bat"</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-p profile</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's profile + directory.</para> + + <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-G SID|rid</term> + <listitem><para> + This option can be used while adding or modifying a user account. It + will specify the users' new primary group SID (Security Identifier) or + rid. </para> + + <para>Example: <command>-G S-1-5-21-2447931902-1787058256-3961074038-1201</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-U SID|rid</term> + <listitem><para> + This option can be used while adding or modifying a user account. It + will specify the users' new SID (Security Identifier) or + rid. </para> + + <para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-c account-control</term> + <listitem><para>This option can be used while adding or modifying a user + account. It will specify the users' account control property. Possible flags are listed below. + </para> + + <para> + <itemizedlist> + <listitem><para>N: No password required</para></listitem> + <listitem><para>D: Account disabled</para></listitem> + <listitem><para>H: Home directory required</para></listitem> + <listitem><para>T: Temporary duplicate of other account</para></listitem> + <listitem><para>U: Regular user account</para></listitem> + <listitem><para>M: MNS logon user account</para></listitem> + <listitem><para>W: Workstation Trust Account</para></listitem> + <listitem><para>S: Server Trust Account</para></listitem> + <listitem><para>L: Automatic Locking</para></listitem> + <listitem><para>X: Password does not expire</para></listitem> + <listitem><para>I: Domain Trust Account</para></listitem> + </itemizedlist> + </para> + + <para>Example: <command>-c "[X ]"</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-a</term> + <listitem><para>This option is used to add a user into the + database. This command needs a user name specified with + the -u switch. When adding a new user, pdbedit will also + ask for the password to be used.</para> + + <para>Example: <command>pdbedit -a -u sorce</command> +<programlisting>new password: +retype new password +</programlisting> +</para> + + <note><para>pdbedit does not call the unix password syncronisation + script if <smbconfoption name="unix password sync"/> + has been set. It only updates the data in the Samba + user database. + </para> + + <para>If you wish to add a user and synchronise the password + that immediately, use <command>smbpasswd</command>'s <option>-a</option> option. + </para> + </note> + </listitem> + </varlistentry> + + <varlistentry> + <term>-r</term> + <listitem><para>This option is used to modify an existing user + in the database. This command needs a user name specified with the -u + switch. Other options can be specified to modify the properties of + the specified user. This flag is kept for backwards compatibility, but + it is no longer necessary to specify it. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-m</term> + <listitem><para>This option may only be used in conjunction + with the <parameter>-a</parameter> option. It will make + pdbedit to add a machine trust account instead of a user + account (-u username will provide the machine name).</para> + + <para>Example: <command>pdbedit -a -m -u w2k-wks</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-x</term> + <listitem><para>This option causes pdbedit to delete an account + from the database. It needs a username specified with the + -u switch.</para> + + <para>Example: <command>pdbedit -x -u bob</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-i passdb-backend</term> + <listitem><para>Use a different passdb backend to retrieve users + than the one specified in smb.conf. Can be used to import data into + your local user database.</para> + + <para>This option will ease migration from one passdb backend to + another.</para> + + <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old + </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-e passdb-backend</term> + <listitem><para>Exports all currently available users to the + specified password database backend.</para> + + <para>This option will ease migration from one passdb backend to + another and will ease backing up.</para> + + <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-g</term> + <listitem><para>If you specify <parameter>-g</parameter>, + then <parameter>-i in-backend -e out-backend</parameter> + applies to the group mapping instead of the user database.</para> + + <para>This option will ease migration from one passdb backend to + another and will ease backing up.</para> + + </listitem> + </varlistentry> + + <varlistentry> + <term>-b passdb-backend</term> + <listitem><para>Use a different default passdb backend. </para> + + <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-P account-policy</term> + <listitem><para>Display an account policy</para> + <para>Valid policies are: minimum password age, reset count minutes, disconnect time, + user must logon to change password, password history, lockout duration, min password length, + maximum password age and bad lockout attempt.</para> + + <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para> +<para><programlisting> +account policy value for bad lockout attempt is 0 +</programlisting></para> + + </listitem> + </varlistentry> + + + <varlistentry> + <term>-C account-policy-value</term> + <listitem><para>Sets an account policy to a specified value. + This option may only be used in conjunction + with the <parameter>-P</parameter> option. + </para> + + <para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para> +<para><programlisting> +account policy value for bad lockout attempt was 0 +account policy value for bad lockout attempt is now 3 +</programlisting></para> + </listitem> + </varlistentry> + + &stdarg.help; + &popt.common.samba; + + </variablelist> +</refsect1> + + +<refsect1> + <title>NOTES</title> + + <para>This command may be used only by root.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.</para> + +</refsect1> + +</refentry> diff --git a/docs/manpages-3/profiles.1.xml b/docs/manpages-3/profiles.1.xml new file mode 100644 index 0000000000..9738cf4ab1 --- /dev/null +++ b/docs/manpages-3/profiles.1.xml @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="profiles.1"> + +<refmeta> + <refentrytitle>profiles</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>profiles</refname> + <refpurpose>A utility to report and change SIDs in registry files + </refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>profiles</command> + <arg choice="opt">-v</arg> + <arg choice="opt">-c SID</arg> + <arg choice="opt">-n SID</arg> + <arg choice="req">file</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>profiles</command> is a utility that + reports and changes SIDs in windows registry files. It currently only + supports NT. + </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>file</term> + <listitem><para>Registry file to view or edit. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-v,--verbose</term> + <listitem><para>Increases verbosity of messages. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-c SID1 -n SID2</term> + <listitem><para>Change all occurences of SID1 in <filename>file</filename> by SID2. + </para></listitem> + </varlistentry> + + &stdarg.help; + + </variablelist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The profiles man page was written by Jelmer Vernooij. </para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/rpcclient.1.xml b/docs/manpages-3/rpcclient.1.xml new file mode 100644 index 0000000000..1c19878de0 --- /dev/null +++ b/docs/manpages-3/rpcclient.1.xml @@ -0,0 +1,483 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="rpcclient.1"> + +<refmeta> + <refentrytitle>rpcclient</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>rpcclient</refname> + <refpurpose>tool for executing client side + MS-RPC functions</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>rpcclient</command> + <arg choice="opt">-A authfile</arg> + <arg choice="opt">-c <command string></arg> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-l logdir</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-U username[%password]</arg> + <arg choice="opt">-W workgroup</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-I destinationIP</arg> + <arg choice="req">server</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>rpcclient</command> is a utility initially developed + to test MS-RPC functionality in Samba itself. It has undergone + several stages of development and stability. Many system administrators + have now written scripts around it to manage Windows NT clients from + their UNIX workstation. </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>server</term> + <listitem><para>NetBIOS name of Server to which to connect. + The server can be any SMB/CIFS server. The name is + resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-c|--command='command string'</term> + <listitem><para>execute semicolon separated commands (listed + below)) </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-I IP-address</term> + <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. </para> + + <para>Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the <parameter>name resolve order</parameter> + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. </para> + + <para>There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. </para></listitem> + </varlistentry> + + &popt.common.samba; + &popt.common.credentials; + &popt.common.connection; + &stdarg.help; + </variablelist> +</refsect1> + + +<refsect1> + <title>COMMANDS</title> + + <refsect2> + <title>LSARPC</title> + + <variablelist> + <varlistentry><term>lsaquery</term><listitem><para>Query info policy</para></listitem></varlistentry> + + <varlistentry><term>lookupsids</term><listitem><para>Resolve a list + of SIDs to usernames. + </para></listitem></varlistentry> + + <varlistentry><term>lookupnames</term><listitem><para>Resolve a list + of usernames to SIDs. + </para></listitem></varlistentry> + + <varlistentry><term>enumtrusts</term><listitem><para>Enumerate trusted domains</para></listitem></varlistentry> + + <varlistentry><term>enumprivs</term><listitem><para>Enumerate privileges</para></listitem></varlistentry> + + <varlistentry><term>getdispname</term><listitem><para>Get the privilege name</para></listitem></varlistentry> + + <varlistentry><term>lsaenumsid</term><listitem><para>Enumerate the LSA SIDS</para></listitem></varlistentry> + + <varlistentry><term>lsaenumprivsaccount</term><listitem><para>Enumerate the privileges of an SID</para></listitem></varlistentry> + + <varlistentry><term>lsaenumacctrights</term><listitem><para>Enumerate the rights of an SID</para></listitem></varlistentry> + + <varlistentry><term>lsaenumacctwithright</term><listitem><para>Enumerate accounts with a right</para></listitem></varlistentry> + + <varlistentry><term>lsaaddacctrights</term><listitem><para>Add rights to an account</para></listitem></varlistentry> + + <varlistentry><term>lsaremoveacctrights</term><listitem><para>Remove rights from an account</para></listitem></varlistentry> + + <varlistentry><term>lsalookupprivvalue</term><listitem><para>Get a privilege value given its name</para></listitem></varlistentry> + + <varlistentry><term>lsaquerysecobj</term><listitem><para>Query LSA security object</para></listitem></varlistentry> + + </variablelist> + </refsect2> + + <refsect2> + <title>LSARPC-DS</title> + + <variablelist> + <varlistentry><term>dsroledominfo</term><listitem><para>Get Primary Domain Information</para></listitem></varlistentry> + </variablelist> + + <para> </para> + + <para><emphasis>DFS</emphasis></para> + <variablelist> + <varlistentry><term>dfsexist</term><listitem><para>Query DFS support</para></listitem></varlistentry> + <varlistentry><term>dfsadd</term><listitem><para>Add a DFS share</para></listitem></varlistentry> + <varlistentry><term>dfsremove</term><listitem><para>Remove a DFS share</para></listitem></varlistentry> + <varlistentry><term>dfsgetinfo</term><listitem><para>Query DFS share info</para></listitem></varlistentry> + <varlistentry><term>dfsenum</term><listitem><para>Enumerate dfs shares</para></listitem></varlistentry> + </variablelist> + + </refsect2> + + <refsect2> + <title>REG</title> + <variablelist> + <varlistentry><term>shutdown</term><listitem><para>Remote Shutdown</para></listitem></varlistentry> + <varlistentry><term>abortshutdown</term><listitem><para>Abort Shutdown</para></listitem></varlistentry> + </variablelist> + + </refsect2> + + <refsect2> + <title>SRVSVC</title> + + <variablelist> + <varlistentry><term>srvinfo</term><listitem><para>Server query info</para></listitem></varlistentry> + + <varlistentry><term>netshareenum</term><listitem><para>Enumerate shares</para></listitem></varlistentry> + + <varlistentry><term>netfileenum</term><listitem><para>Enumerate open files</para></listitem></varlistentry> + + <varlistentry><term>netremotetod</term><listitem><para>Fetch remote time of day</para></listitem></varlistentry> + + </variablelist> + + </refsect2> + + <refsect2> + <title>SAMR</title> + + <variablelist> + <varlistentry><term>queryuser</term><listitem><para>Query user info</para></listitem></varlistentry> + <varlistentry><term>querygroup</term><listitem><para>Query group info</para></listitem></varlistentry> + <varlistentry><term>queryusergroups</term><listitem><para>Query user groups</para></listitem></varlistentry> + <varlistentry><term>querygroupmem</term><listitem><para>Query group membership</para></listitem></varlistentry> + <varlistentry><term>queryaliasmem</term><listitem><para>Query alias membership</para></listitem></varlistentry> + <varlistentry><term>querydispinfo</term><listitem><para>Query display info</para></listitem></varlistentry> + <varlistentry><term>querydominfo</term><listitem><para>Query domain info</para></listitem></varlistentry> + <varlistentry><term>enumdomusers</term><listitem><para>Enumerate domain users</para></listitem></varlistentry> + <varlistentry><term>enumdomgroups</term><listitem><para>Enumerate domain groups</para></listitem></varlistentry> + <varlistentry><term>enumalsgroups</term><listitem><para>Enumerate alias groups</para></listitem></varlistentry> + <varlistentry><term>createdomuser</term><listitem><para>Create domain user</para></listitem></varlistentry> + <varlistentry><term>samlookupnames</term><listitem><para>Look up names</para></listitem></varlistentry> + <varlistentry><term>samlookuprids</term><listitem><para>Look up names</para></listitem></varlistentry> + <varlistentry><term>deletedomuser</term><listitem><para>Delete domain user</para></listitem></varlistentry> + <varlistentry><term>samquerysecobj</term><listitem><para>Query SAMR security object</para></listitem></varlistentry> + <varlistentry><term>getdompwinfo</term><listitem><para>Retrieve domain password info</para></listitem></varlistentry> + <varlistentry><term>lookupdomain</term><listitem><para>Look up domain</para></listitem></varlistentry> + </variablelist> + + </refsect2> + + <refsect2> + <title>SPOOLSS</title> + + <variablelist> + <varlistentry><term>adddriver <arch> <config> [<version>]</term> + <listitem><para> + Execute an AddPrinterDriver() RPC to install the printer driver + information on the server. Note that the driver files should + already exist in the directory returned by + <command>getdriverdir</command>. Possible values for + <parameter>arch</parameter> are the same as those for + the <command>getdriverdir</command> command. + The <parameter>config</parameter> parameter is defined as + follows: </para> + +<para><programlisting> +Long Printer Name:\ +Driver File Name:\ +Data File Name:\ +Config File Name:\ +Help File Name:\ +Language Monitor Name:\ +Default Data Type:\ +Comma Separated list of Files +</programlisting></para> + + <para>Any empty fields should be enter as the string "NULL". </para> + + <para>Samba does not need to support the concept of Print Monitors + since these only apply to local printers whose driver can make + use of a bi-directional link for communication. This field should + be "NULL". On a remote NT print server, the Print Monitor for a + driver must already be installed prior to adding the driver or + else the RPC will fail. </para> + + <para>The <parameter>version</parameter> parameter lets you + specify the printer driver version number. If omitted, the + default driver version for the specified architecture will + be used. This option can be used to upload Windows 2000 + (version 3) printer drivers.</para></listitem></varlistentry> + + <varlistentry><term>addprinter <printername> + <sharename> <drivername> <port></term> + <listitem><para> + Add a printer on the remote server. This printer + will be automatically shared. Be aware that the printer driver + must already be installed on the server (see <command>adddriver</command>) + and the <parameter>port</parameter>must be a valid port name (see + <command>enumports</command>.</para> + </listitem></varlistentry> + + + <varlistentry><term>deldriver</term><listitem><para>Delete the + specified printer driver for all architectures. This + does not delete the actual driver files from the server, + only the entry from the server's list of drivers. + </para></listitem></varlistentry> + + <varlistentry><term>deldriverex <driver> [architecture] [version] + </term><listitem><para>Delete the specified printer driver including driver files. + You can limit this action to a specific architecture and a specific version. + If no architecure is given, all driver files of that driver will be deleted. + </para></listitem></varlistentry> + + <varlistentry><term>enumdata</term><listitem><para>Enumerate all + printer setting data stored on the server. On Windows NT clients, + these values are stored in the registry, while Samba servers + store them in the printers TDB. This command corresponds + to the MS Platform SDK GetPrinterData() function (* This + command is currently unimplemented).</para></listitem></varlistentry> + + <varlistentry><term>enumdataex</term><listitem><para>Enumerate printer data for a key</para></listitem></varlistentry> + + <varlistentry><term>enumjobs <printer></term> + <listitem><para>List the jobs and status of a given printer. + This command corresponds to the MS Platform SDK EnumJobs() + function</para></listitem></varlistentry> + + <varlistentry><term>enumkey</term><listitem><para>Enumerate + printer keys</para></listitem></varlistentry> + + <varlistentry><term>enumports [level]</term> + <listitem><para> + Executes an EnumPorts() call using the specified + info level. Currently only info levels 1 and 2 are supported. + </para></listitem></varlistentry> + + + + <varlistentry><term>enumdrivers [level]</term> + <listitem><para> + Execute an EnumPrinterDrivers() call. This lists the various installed + printer drivers for all architectures. Refer to the MS Platform SDK + documentation for more details of the various flags and calling + options. Currently supported info levels are 1, 2, and 3.</para></listitem></varlistentry> + + + + <varlistentry><term>enumprinters [level]</term> + <listitem><para>Execute an EnumPrinters() call. This lists the various installed + and share printers. Refer to the MS Platform SDK documentation for + more details of the various flags and calling options. Currently + supported info levels are 1, 2 and 5.</para></listitem></varlistentry> + + + + + <varlistentry><term>getdata <printername> <valuename;></term> + <listitem><para>Retrieve the data for a given printer setting. See + the <command>enumdata</command> command for more information. + This command corresponds to the GetPrinterData() MS Platform + SDK function. </para></listitem></varlistentry> + + <varlistentry><term>getdataex</term><listitem><para>Get + printer driver data with + keyname</para></listitem></varlistentry> + + + <varlistentry><term>getdriver <printername></term> + <listitem><para> + Retrieve the printer driver information (such as driver file, + config file, dependent files, etc...) for + the given printer. This command corresponds to the GetPrinterDriver() + MS Platform SDK function. Currently info level 1, 2, and 3 are supported. + </para></listitem></varlistentry> + + + <varlistentry><term>getdriverdir <arch></term> + <listitem><para> + Execute a GetPrinterDriverDirectory() + RPC to retrieve the SMB share name and subdirectory for + storing printer driver files for a given architecture. Possible + values for <parameter>arch</parameter> are "Windows 4.0" + (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows + Alpha_AXP", and "Windows NT R4000". </para></listitem></varlistentry> + + + + <varlistentry><term>getprinter <printername></term> + <listitem><para>Retrieve the current printer information. This command + corresponds to the GetPrinter() MS Platform SDK function. + </para></listitem></varlistentry> + + <varlistentry><term>getprintprocdir</term><listitem><para>Get + print processor + directory</para></listitem></varlistentry> + + <varlistentry><term>openprinter <printername></term> + <listitem><para>Execute an OpenPrinterEx() and ClosePrinter() RPC + against a given printer. </para></listitem></varlistentry> + + <varlistentry><term>setdriver <printername> + <drivername></term> + <listitem><para>Execute a SetPrinter() command to update the printer driver + associated with an installed printer. The printer driver must + already be correctly installed on the print server. </para> + + <para>See also the <command>enumprinters</command> and + <command>enumdrivers</command> commands for obtaining a list of + of installed printers and drivers.</para></listitem></varlistentry> + + <varlistentry><term>addform</term><listitem><para>Add form</para></listitem></varlistentry> + <varlistentry><term>setform</term><listitem><para>Set form</para></listitem></varlistentry> + <varlistentry><term>getform</term><listitem><para>Get form</para></listitem></varlistentry> + <varlistentry><term>deleteform</term><listitem><para>Delete form</para></listitem></varlistentry> + <varlistentry><term>enumforms</term><listitem><para>Enumerate form</para></listitem></varlistentry> + <varlistentry><term>setprinter</term><listitem><para>Set printer comment</para></listitem></varlistentry> + <varlistentry><term>setprinterdata</term><listitem><para>Set REG_SZ printer data</para></listitem></varlistentry> + + <varlistentry><term>setprintername <printername> + <newprintername></term> + <listitem><para>Set printer name</para></listitem></varlistentry> + + <varlistentry><term>rffpcnex</term><listitem><para>Rffpcnex test</para></listitem></varlistentry> + + + </variablelist> + + </refsect2> + + <refsect2> + <title>NETLOGON</title> + + <variablelist> + + <varlistentry><term>logonctrl2</term> + <listitem><para>Logon Control 2</para></listitem> + </varlistentry> + + <varlistentry><term>logonctrl</term> + <listitem><para>Logon Control</para></listitem> + </varlistentry> + + <varlistentry><term>samsync</term> + <listitem><para>Sam Synchronisation</para></listitem> + </varlistentry> + + <varlistentry><term>samdeltas</term> + <listitem><para>Query Sam Deltas</para></listitem> + </varlistentry> + + <varlistentry><term>samlogon</term> + <listitem><para>Sam Logon</para></listitem> + </varlistentry> + + </variablelist> + </refsect2> + + <refsect2> + <title>GENERAL COMMANDS</title> + + <variablelist> + <varlistentry><term>debuglevel</term><listitem><para>Set the current + debug level used to log information.</para></listitem></varlistentry> + + <varlistentry><term>help (?)</term><listitem><para>Print a listing of all + known commands or extended help on a particular command. + </para></listitem></varlistentry> + + <varlistentry><term>quit (exit)</term><listitem><para>Exit <command>rpcclient + </command>.</para></listitem></varlistentry> + </variablelist> + </refsect2> + +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para><command>rpcclient</command> is designed as a developer testing tool + and may not be robust in certain areas (such as command line parsing). + It has been known to generate a core dump upon failures when invalid + parameters where passed to the interpreter. </para> + + <para>From Luke Leighton's original rpcclient man page:</para> + + <para><emphasis>WARNING!</emphasis> The MSRPC over SMB code has + been developed from examining Network traces. No documentation is + available from the original creators (Microsoft) on how MSRPC over + SMB works, or how the individual MSRPC services work. Microsoft's + implementation of these services has been demonstrated (and reported) + to be... a bit flaky in places. </para> + + <para>The development of Samba's implementation is also a bit rough, + and as more of the services are understood, it can even result in + versions of <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>rpcclient</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> that are incompatible for some commands or services. Additionally, + the developers are sending reports to Microsoft, and problems found + or reported to Microsoft are fixed in Service Packs, which may + result in incompatibilities.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original rpcclient man page was written by Matthew + Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. + The conversion to DocBook for Samba 2.2 was done by Gerald + Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was + done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/samba.7.xml b/docs/manpages-3/samba.7.xml new file mode 100644 index 0000000000..56e3a7994e --- /dev/null +++ b/docs/manpages-3/samba.7.xml @@ -0,0 +1,367 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="samba.7"> + +<refmeta> + <refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum> +</refmeta> + + +<refnamediv> + <refname>samba</refname> + <refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis><command>samba</command></cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>The Samba software suite is a collection of programs + that implements the Server Message Block (commonly abbreviated + as SMB) protocol for UNIX systems. This protocol is sometimes + also referred to as the Common Internet File System (CIFS). For a + more thorough description, see <ulink url="http://www.ubiqx.org/cifs/"> + http://www.ubiqx.org/cifs/</ulink>. Samba also implements the NetBIOS + protocol in nmbd.</para> + + <variablelist> + <varlistentry> + <term><citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para>The <command>smbd</command> daemon provides the file and print services to + SMB clients, such as Windows 95/98, Windows NT, Windows + for Workgroups or LanManager. The configuration file + for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> + </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para>The <command>nmbd</command> + daemon provides NetBIOS nameservice and browsing + support. The configuration file for this daemon + is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry></para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>smbclient</command> + program implements a simple ftp-like client. This + is useful for accessing SMB shares on other compatible + servers (such as Windows NT), and can also be used + to allow a UNIX box to print to a printer attached to + any SMB server (such as a PC running Windows NT).</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>testparm</command> + utility is a simple syntax checker for Samba's <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> configuration file.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>testprns</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>testprns</command> + utility supports testing printer names defined + in your <filename>printcap</filename> file used + by Samba.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbstatus</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>smbstatus</command> + tool provides access to information about the + current connections to <command>smbd</command>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>nmblookup</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>nmblookup</command> + tools allows NetBIOS name queries to be made + from a UNIX host.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para>The <command>smbpasswd</command> + command is a tool for changing LanMan and Windows NT + password hashes on Samba and Windows NT servers.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbcacls</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>smbcacls</command> command is + a tool to set ACL's on remote CIFS servers. </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbsh</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>smbsh</command> command is + a program that allows you to run a unix shell with + with an overloaded VFS.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbtree</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>smbtree</command> command + is a text-based network neighborhood tool.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbtar</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>smbtar</command> can make + backups of data on CIFS/SMB servers.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbspool</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para><command>smbspool</command> is a + helper utility for printing on printers connected + to CIFS servers. </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbcontrol</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>smbcontrol</command> is a utility + that can change the behaviour of running samba daemons. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>rpcclient</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>rpcclient</command> is a utility + that can be used to execute RPC commands on remote + CIFS servers.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>pdbedit</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para>The <command>pdbedit</command> command + can be used to maintain the local user database on + a samba server.</para></listitem></varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>findsmb</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para>The <command>findsmb</command> command + can be used to find SMB servers on the local network. + </para></listitem></varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>net</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para>The <command>net</command> command + is supposed to work similar to the DOS/Windows + NET.EXE command.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>swat</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para><command>swat</command> is a web-based + interface to configuring <filename>smb.conf</filename>. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para><command>winbindd</command> is a daemon + that is used for integrating authentication and + the user database into unix.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>wbinfo</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>wbinfo</command> is a utility + that retrieves and stores information related to winbind. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>editreg</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>editreg</command> is a command-line + utility that can edit windows registry files. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>profiles</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>profiles</command> is a command-line + utility that can be used to replace all occurences of + a certain SID with another SID. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>log2pcap</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>log2pcap</command> is a utility + for generating pcap trace files from Samba log + files.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>vfstest</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>vfstest</command> is a utility + that can be used to test vfs modules.</para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>ntlm_auth</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>ntlm_auth</command> is a helper-utility + for external programs wanting to do NTLM-authentication. + </para></listitem></varlistentry> + + <varlistentry> + <term> +<citerefentry><refentrytitle>smbmount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, +<citerefentry><refentrytitle>smbumount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, +<citerefentry><refentrytitle>smbmnt</refentrytitle><manvolnum>8</manvolnum></citerefentry></term> + <listitem><para><command>smbmount</command>,<command>smbumount</command> and <command>smbmnt</command> are commands that can be used to + mount CIFS/SMB shares on Linux. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><citerefentry><refentrytitle>smbcquotas</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></term> + <listitem><para><command>smbcquotas</command> is a tool that + can set remote QUOTA's on server with NTFS 5. </para> + </listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>COMPONENTS</title> + + <para>The Samba suite is made up of several components. Each + component is described in a separate manual page. It is strongly + recommended that you read the documentation that comes with Samba + and the manual pages of those components that you use. If the + manual pages and documents aren't clear enough then please visit + <ulink url="http://devel.samba.org/">http://devel.samba.org</ulink> + for information on how to file a bug report or submit a patch.</para> + + <para>If you require help, visit the Samba webpage at + <ulink url="http://samba.org/">http://www.samba.org/</ulink> and + explore the many option available to you. + </para> +</refsect1> + +<refsect1> + <title>AVAILABILITY</title> + + <para>The Samba software suite is licensed under the + GNU Public License(GPL). A copy of that license should + have come with the package in the file COPYING. You are + encouraged to distribute copies of the Samba suite, but + please obey the terms of this license.</para> + + <para>The latest version of the Samba suite can be + obtained via anonymous ftp from samba.org in the + directory pub/samba/. It is also available on several + mirror sites worldwide.</para> + + <para>You may also find useful information about Samba + on the newsgroup <ulink url="news:comp.protocols.smb"> + comp.protocol.smb</ulink> and the Samba mailing + list. Details on how to join the mailing list are given in + the README file that comes with Samba.</para> + + <para>If you have access to a WWW viewer (such as Mozilla + or Konqueror) then you will also find lots of useful information, + including back issues of the Samba mailing list, at + <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the + Samba suite. </para> +</refsect1> + +<refsect1> + <title>CONTRIBUTIONS</title> + + <para>If you wish to contribute to the Samba project, + then I suggest you join the Samba mailing list at + <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>. + </para> + + <para>If you have patches to submit, visit + <ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink> + for information on how to do it properly. We prefer patches + in <command>diff -u</command> format.</para> +</refsect1> + +<refsect1> + <title>CONTRIBUTORS</title> + + <para>Contributors to the project are now too numerous + to mention here but all deserve the thanks of all Samba + users. To see a full list, look at the + <filename>change-log</filename> in the source package + for the pre-CVS changes and at <ulink + url="http://cvs.samba.org/"> + http://cvs.samba.org/</ulink> + for the contributors to Samba post-CVS. CVS is the Open Source + source code control system used by the Samba Team to develop + Samba. The project would have been unmanageable without it.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML + 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smb.conf.5.xml b/docs/manpages-3/smb.conf.5.xml new file mode 100644 index 0000000000..ad9e3fbe97 --- /dev/null +++ b/docs/manpages-3/smb.conf.5.xml @@ -0,0 +1,656 @@ +<refentry id="smb.conf.5" xmlns:xi="http://www.w3.org/2003/XInclude"> + +<refmeta> + <refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smb.conf</refname> + <refpurpose>The configuration file for the Samba suite</refpurpose> +</refnamediv> + +<refsect1> + <title>SYNOPSIS</title> + + <para>The <filename moreinfo="none">smb.conf</filename> file is a configuration + file for the Samba suite. <filename moreinfo="none">smb.conf</filename> contains + runtime configuration information for the Samba programs. The <filename moreinfo="none">smb.conf</filename> file + is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> program. The complete + description of the file format and possible parameters held within + are here for reference purposes.</para> </refsect1> + +<refsect1 id="FILEFORMATSECT"> + <title>FILE FORMAT</title> + + <para>The file consists of sections and parameters. A section + begins with the name of the section in square brackets and continues + until the next section begins. Sections contain parameters of the + form</para> + + <para><replaceable>name</replaceable> = <replaceable>value + </replaceable></para> + + <para>The file is line-based - that is, each newline-terminated + line represents either a comment, a section name or a parameter.</para> + + <para>Section and parameter names are not case sensitive.</para> + + <para>Only the first equals sign in a parameter is significant. + Whitespace before or after the first equals sign is discarded. + Leading, trailing and internal whitespace in section and parameter + names is irrelevant. Leading and trailing whitespace in a parameter + value is discarded. Internal whitespace within a parameter value + is retained verbatim.</para> + + <para>Any line beginning with a semicolon (<quote>;</quote>) or a hash (<quote>#</quote>) + character is ignored, as are lines containing only whitespace.</para> + + <para>Any line ending in a <quote>\</quote> is continued + on the next line in the customary UNIX fashion.</para> + + <para>The values following the equals sign in parameters are all + either a string (no quotes needed) or a boolean, which may be given + as yes/no, 0/1 or true/false. Case is not significant in boolean + values, but is preserved in string values. Some items such as + create modes are numeric.</para> +</refsect1> + +<refsect1> + <title>SECTION DESCRIPTIONS</title> + + <para>Each section in the configuration file (except for the + [global] section) describes a shared resource (known + as a <quote>share</quote>). The section name is the name of the + shared resource and the parameters within the section define + the shares attributes.</para> + + <para>There are three special sections, [global], + [homes] and [printers], which are + described under <emphasis>special sections</emphasis>. The + following notes apply to ordinary section descriptions.</para> + + <para>A share consists of a directory to which access is being + given plus a description of the access rights which are granted + to the user of the service. Some housekeeping options are + also specifiable.</para> + + <para>Sections are either file share services (used by the + client as an extension of their native file systems) or + printable services (used by the client to access print services + on the host running the server).</para> + + <para>Sections may be designated <emphasis>guest</emphasis> services, + in which case no password is required to access them. A specified + UNIX <emphasis>guest account</emphasis> is used to define access + privileges in this case.</para> + + <para>Sections other than guest services will require a password + to access them. The client provides the username. As older clients + only provide passwords and not usernames, you may specify a list + of usernames to check against the password using the <quote>user =</quote> + option in the share definition. For modern clients such as + Windows 95/98/ME/NT/2000, this should not be necessary.</para> + + <para>The access rights granted by the server are + masked by the access rights granted to the specified or guest + UNIX user by the host system. The server does not grant more + access than the host system grants.</para> + + <para>The following sample section defines a file space share. + The user has write access to the path <filename moreinfo="none">/home/bar</filename>. + The share is accessed via the share name <quote>foo</quote>:</para> + +<smbconfexample> + <smbconfsection name="[foo]"/> + <smbconfoption name="path">/home/bar</smbconfoption> + <smbconfoption name="read only">read only = no</smbconfoption> +</smbconfexample> + + <para>The following sample section defines a printable share. + The share is read-only, but printable. That is, the only write + access permitted is via calls to open, write to and close a + spool file. The <emphasis>guest ok</emphasis> parameter means + access will be permitted as the default guest user (specified + elsewhere):</para> + +<smbconfexample> + <smbconfsection name="[aprinter]"/> + <smbconfoption name="path">/usr/spool/public</smbconfoption> + <smbconfoption name="read only">yes</smbconfoption> + <smbconfoption name="printable">yes</smbconfoption> + <smbconfoption name="guest ok">yes</smbconfoption> +</smbconfexample> +</refsect1> + +<refsect1> + <title>SPECIAL SECTIONS</title> + + <refsect2> + <title>The [global] section</title> + + <para>Parameters in this section apply to the server + as a whole, or are defaults for sections that do not + specifically define certain items. See the notes + under PARAMETERS for more information.</para> + </refsect2> + + <refsect2 id="HOMESECT"> + <title>The [homes] section</title> + + <para>If a section called [homes] is included in the + configuration file, services connecting clients to their + home directories can be created on the fly by the server.</para> + + <para>When the connection request is made, the existing + sections are scanned. If a match is found, it is used. If no + match is found, the requested section name is treated as a + username and looked up in the local password file. If the + name exists and the correct password has been given, a share is + created by cloning the [homes] section.</para> + + <para>Some modifications are then made to the newly + created share:</para> + + <itemizedlist> + <listitem><para>The share name is changed from homes to + the located username.</para></listitem> + + <listitem><para>If no path was given, the path is set to + the user's home directory.</para></listitem> + </itemizedlist> + + <para>If you decide to use a <emphasis>path =</emphasis> line + in your [homes] section, you may find it useful + to use the %S macro. For example :</para> + + <para><userinput moreinfo="none">path = /data/pchome/%S</userinput></para> + + <para>is useful if you have different home directories + for your PCs than for UNIX access.</para> + + <para>This is a fast and simple way to give a large number + of clients access to their home directories with a minimum + of fuss.</para> + + <para>A similar process occurs if the requested section + name is <quote>homes</quote>, except that the share name is not + changed to that of the requesting user. This method of using + the [homes] section works well if different users share + a client PC.</para> + + <para>The [homes] section can specify all the parameters + a normal service section can specify, though some make more sense + than others. The following is a typical and suitable [homes] + section:</para> + + <smbconfexample> + <smbconfsection name="[homes]"/> + <smbconfoption name="read only">no</smbconfoption> + </smbconfexample> + + <para>An important point is that if guest access is specified + in the [homes] section, all home directories will be + visible to all clients <emphasis>without a password</emphasis>. + In the very unlikely event that this is actually desirable, it + is wise to also specify <emphasis>read only access</emphasis>.</para> + + <para>The <emphasis>browseable</emphasis> flag for + auto home directories will be inherited from the global browseable + flag, not the [homes] browseable flag. This is useful as + it means setting <emphasis>browseable = no</emphasis> in + the [homes] section will hide the [homes] share but make + any auto home directories visible.</para> + </refsect2> + + <refsect2 id="PRINTERSSECT"> + <title>The [printers] section</title> + + <para>This section works like [homes], + but for printers.</para> + + <para>If a [printers] section occurs in the + configuration file, users are able to connect to any printer + specified in the local host's printcap file.</para> + + <para>When a connection request is made, the existing sections + are scanned. If a match is found, it is used. If no match is found, + but a [homes] section exists, it is used as described + above. Otherwise, the requested section name is treated as a + printer name and the appropriate printcap file is scanned to see + if the requested section name is a valid printer share name. If + a match is found, a new printer share is created by cloning + the [printers] section.</para> + + <para>A few modifications are then made to the newly created + share:</para> + + <itemizedlist> + <listitem><para>The share name is set to the located printer + name</para></listitem> + + <listitem><para>If no printer name was given, the printer name + is set to the located printer name</para></listitem> + + <listitem><para>If the share does not permit guest access and + no username was given, the username is set to the located + printer name.</para></listitem> + </itemizedlist> + + <para>The [printers] service MUST be + printable - if you specify otherwise, the server will refuse + to load the configuration file.</para> + + <para>Typically the path specified is that of a + world-writeable spool directory with the sticky bit set on + it. A typical [printers] entry looks like + this:</para> + + <smbconfexample> + <smbconfsection name="[printers]"/> + <smbconfoption name="path">/usr/spool/public</smbconfoption> + <smbconfoption name="guest ok">yes</smbconfoption> + <smbconfoption name="printable">yes</smbconfoption> + </smbconfexample> + + <para>All aliases given for a printer in the printcap file + are legitimate printer names as far as the server is concerned. + If your printing subsystem doesn't work like that, you will have + to set up a pseudo-printcap. This is a file consisting of one or + more lines like this:</para> + + <programlisting> +alias|alias|alias|alias... + </programlisting> + + <para>Each alias should be an acceptable printer name for + your printing subsystem. In the [global] section, specify + the new file as your printcap. The server will only recognize + names found in your pseudo-printcap, which of course can contain + whatever aliases you like. The same technique could be used + simply to limit access to a subset of your local printers.</para> + + <para>An alias, by the way, is defined as any component of the + first entry of a printcap record. Records are separated by newlines, + components (if there are more than one) are separated by vertical + bar symbols (<quote>|</quote>).</para> + + <note><para>On SYSV systems which use lpstat to determine what + printers are defined on the system you may be able to use + <quote>printcap name = lpstat</quote> to automatically obtain a list + of printers. See the <quote>printcap name</quote> option + for more details.</para></note> + </refsect2> +</refsect1> + +<refsect1> + <title>PARAMETERS</title> + + <para>Parameters define the specific attributes of sections.</para> + + <para>Some parameters are specific to the [global] section + (e.g., <emphasis>security</emphasis>). Some parameters are usable + in all sections (e.g., <emphasis>create mode</emphasis>). All others + are permissible only in normal sections. For the purposes of the + following descriptions the [homes] and [printers] + sections will be considered normal. The letter <emphasis>G</emphasis> + in parentheses indicates that a parameter is specific to the + [global] section. The letter <emphasis>S</emphasis> + indicates that a parameter can be specified in a service specific + section. All <emphasis>S</emphasis> parameters can also be specified in + the [global] section - in which case they will define + the default behavior for all services.</para> + + <para>Parameters are arranged here in alphabetical order - this may + not create best bedfellows, but at least you can find them! Where + there are synonyms, the preferred synonym is described, others refer + to the preferred synonym.</para> +</refsect1> + +<refsect1> + <title>VARIABLE SUBSTITUTIONS</title> + + <para>Many of the strings that are settable in the config file + can take substitutions. For example the option <quote>path = + /tmp/%u</quote> is interpreted as <quote>path = + /tmp/john</quote> if the user connected with the username john.</para> + + <para>These substitutions are mostly noted in the descriptions below, + but there are some general substitutions which apply whenever they + might be relevant. These are:</para> + + <variablelist> + <varlistentry> + <term>%U</term> + <listitem><para>session username (the username that the client + wanted, not necessarily the same as the one they got).</para></listitem> + </varlistentry> + + <varlistentry> + <term>%G</term> + <listitem><para>primary group name of %U.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%h</term> + <listitem><para>the Internet hostname that Samba is running + on.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%m</term> + <listitem><para>the NetBIOS name of the client machine + (very useful).</para></listitem> + </varlistentry> + + <varlistentry> + <term>%L</term> + <listitem><para>the NetBIOS name of the server. This allows you + to change your config based on what the client calls you. Your + server can have a <quote>dual personality</quote>.</para> + + <para>This parameter is not available when Samba listens + on port 445, as clients no longer send this information.</para> + </listitem> + + </varlistentry> + + <varlistentry> + <term>%M</term> + <listitem><para>the Internet name of the client machine. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>%R</term> + <listitem><para>the selected protocol level after + protocol negotiation. It can be one of CORE, COREPLUS, + LANMAN1, LANMAN2 or NT1.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%d</term> + <listitem><para>the process id of the current server + process.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%a</term> + <listitem><para>the architecture of the remote + machine. It currently recognizes Samba (<constant>Samba</constant>), + the Linux CIFS file system (<constant>CIFSFS</constant>), OS/2, (<constant>OS2</constant>), + Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME + (<constant>Win95</constant>), Windows NT (<constant>WinNT</constant>), + Windows 2000 (<constant>Win2K</constant>), Windows XP (<constant>WinXP</constant>), + and Windows 2003 (<constant>Win2K3</constant>). Anything else will be known as + <constant>UNKNOWN</constant>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%I</term> + <listitem><para>the IP address of the client machine.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%i</term> + <listitem><para>the local IP address to which a client connected.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%T</term> + <listitem><para>the current date and time.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%D</term> + <listitem><para>name of the domain or workgroup of the current user.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%$(<replaceable>envvar</replaceable>)</term> + <listitem><para>the value of the environment variable + <replaceable>envar</replaceable>.</para></listitem> + </varlistentry> + </variablelist> + + <para>The following substitutes apply only to some configuration options (only those + that are used when a connection has been established):</para> + + <variablelist> + <varlistentry> + <term>%S</term> + <listitem><para>the name of the current service, if any.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%P</term> + <listitem><para>the root directory of the current service, + if any.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%u</term> + <listitem><para>username of the current service, if any.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%g</term> + <listitem><para>primary group name of %u.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%H</term> + <listitem><para>the home directory of the user given + by %u.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%N</term> + <listitem><para>the name of your NIS home directory server. + This is obtained from your NIS auto.map entry. If you have + not compiled Samba with the <emphasis>--with-automount</emphasis> + option, this value will be the same as %L.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%p</term> + <listitem><para>the path of the service's home directory, + obtained from your NIS auto.map entry. The NIS auto.map entry + is split up as <quote>%N:%p</quote>.</para></listitem> + </varlistentry> + </variablelist> + + <para>There are some quite creative things that can be done + with these substitutions and other <filename moreinfo="none">smb.conf</filename> options.</para> +</refsect1> + +<refsect1 id="NAMEMANGLINGSECT"> + <title>NAME MANGLING</title> + + <para>Samba supports <quote>name mangling</quote> so that DOS and + Windows clients can use files that don't conform to the 8.3 format. + It can also be set to adjust the case of 8.3 format filenames.</para> + + <para>There are several options that control the way mangling is + performed, and they are grouped here rather than listed separately. + For the defaults look at the output of the testparm program. </para> + + <para>All of these options can be set separately for each service + (or globally, of course). </para> + + <para>The options are: </para> + + <variablelist> + + <varlistentry> + <term>case sensitive = yes/no/auto</term> + <listitem><para>controls whether filenames are case sensitive. If + they aren't, Samba must do a filename search and match on passed + names. The default setting of auto allows clients that support case + sensitive filenames (Linux CIFSVFS and smbclient 3.0.5 and above currently) + to tell the Samba server on a per-packet basis that they wish to access + the file system in a case-sensitive manner (to support UNIX case sensitive + semantics). No Windows or DOS system supports case-sensitive filename so + setting this option to auto is that same as setting it to no for them. + Default <emphasis>auto</emphasis>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>default case = upper/lower</term> + <listitem><para>controls what the default case is for new + filenames. Default <emphasis>lower</emphasis>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>preserve case = yes/no</term> + <listitem><para>controls whether new files are created with the + case that the client passes, or if they are forced to be the + <quote>default</quote> case. Default <emphasis>yes</emphasis>. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>short preserve case = yes/no</term> + <listitem><para>controls if new files which conform to 8.3 syntax, + that is all in upper case and of suitable length, are created + upper case, or if they are forced to be the <quote>default</quote> + case. This option can be used with <quote>preserve case = yes</quote> + to permit long filenames to retain their case, while short names + are lowercased. Default <emphasis>yes</emphasis>.</para></listitem> + </varlistentry> + </variablelist> + + <para>By default, Samba 3.0 has the same semantics as a Windows + NT server, in that it is case insensitive but case preserving.</para> + +</refsect1> + +<refsect1 id="VALIDATIONSECT"> + <title>NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> + + <para>There are a number of ways in which a user can connect + to a service. The server uses the following steps in determining + if it will allow a connection to a specified service. If all the + steps fail, the connection request is rejected. However, if one of the + steps succeeds, the following steps are not checked.</para> + + <para>If the service is marked <quote>guest only = yes</quote> and the + server is running with share-level security (<quote>security = share</quote>, + steps 1 to 5 are skipped.</para> + + + <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic"> + <listitem><para>If the client has passed a username/password + pair and that username/password pair is validated by the UNIX + system's password programs, the connection is made as that + username. This includes the + \\server\service%<replaceable>username</replaceable> method of passing + a username.</para></listitem> + + <listitem><para>If the client has previously registered a username + with the system and now supplies a correct password for that + username, the connection is allowed.</para></listitem> + + <listitem><para>The client's NetBIOS name and any previously + used usernames are checked against the supplied password. If + they match, the connection is allowed as the corresponding + user.</para></listitem> + + <listitem><para>If the client has previously validated a + username/password pair with the server and the client has passed + the validation token, that username is used. </para></listitem> + + <listitem><para>If a <quote>user = </quote> field is given in the + <filename moreinfo="none">smb.conf</filename> file for the service and the client + has supplied a password, and that password matches (according to + the UNIX system's password checking) with one of the usernames + from the <quote>user =</quote> field, the connection is made as + the username in the <quote>user =</quote> line. If one + of the usernames in the <quote>user =</quote> list begins with a + <quote>@</quote>, that name expands to a list of names in + the group of the same name.</para></listitem> + + <listitem><para>If the service is a guest service, a + connection is made as the username given in the <quote>guest + account =</quote> for the service, irrespective of the + supplied password.</para></listitem> + </orderedlist> + +</refsect1> + +<refsect1> + <title>EXPLANATION OF EACH PARAMETER</title> + + <xi:include href="../smbdotconf/parameters.all.xml" parse="xml"/> + +</refsect1> + +<refsect1> + <title>WARNINGS</title> + + <para>Although the configuration file permits service names + to contain spaces, your client software may not. Spaces will + be ignored in comparisons anyway, so it shouldn't be a + problem - but be aware of the possibility.</para> + + <para>On a similar note, many clients - especially DOS clients - + limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such + clients will fail if they truncate the service names. For this reason + you should probably keep your service names down to eight characters + in length.</para> + + <para>Use of the [homes] and [printers] special sections make life + for an administrator easy, but the various combinations of default + attributes can be tricky. Take extreme care when designing these + sections. In particular, ensure that the permissions on spool + directories are correct.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbcacls.1.xml b/docs/manpages-3/smbcacls.1.xml new file mode 100644 index 0000000000..e3cefe57d7 --- /dev/null +++ b/docs/manpages-3/smbcacls.1.xml @@ -0,0 +1,260 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbcacls.1"> + +<refmeta> + <refentrytitle>smbcacls</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbcacls</refname> + <refpurpose>Set or get ACLs on an NT file or directory names</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbcacls</command> + <arg choice="req">//server/share</arg> + <arg choice="req">filename</arg> + <arg choice="opt">-D acls</arg> + <arg choice="opt">-M acls</arg> + <arg choice="opt">-a acls</arg> + <arg choice="opt">-S acls</arg> + <arg choice="opt">-C name</arg> + <arg choice="opt">-G name</arg> + <arg choice="opt">--numeric</arg> + <arg choice="opt">-t</arg> + <arg choice="opt">-U username</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-d</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>smbcacls</command> program manipulates NT Access Control + Lists (ACLs) on SMB file shares. </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <para>The following options are available to the <command>smbcacls</command> program. + The format of ACLs is described in the section ACL FORMAT </para> + + + <variablelist> + <varlistentry> + <term>-a acls</term> + <listitem><para>Add the ACLs specified to the ACL list. Existing + access control entries are unchanged. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-M acls</term> + <listitem><para>Modify the mask value (permissions) for the ACLs + specified on the command line. An error will be printed for each + ACL specified that was not already present in the ACL list + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-D acls</term> + <listitem><para>Delete any ACLs specified on the command line. + An error will be printed for each ACL specified that was not + already present in the ACL list. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-S acls</term> + <listitem><para>This command sets the ACLs on the file with + only the ones specified on the command line. All other ACLs are + erased. Note that the ACL specified must contain at least a revision, + type, owner and group for the call to succeed. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-U username</term> + <listitem><para>Specifies a username used to connect to the + specified service. The username may be of the form "username" in + which case the user is prompted to enter in a password and the + workgroup specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file is + used, or "username%password" or "DOMAIN\username%password" and the + password and workgroup names are used as provided. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-C name</term> + <listitem><para>The owner of a file or directory can be changed + to the name given using the <parameter>-C</parameter> option. + The name can be a sid in the form S-1-x-y-z or a name resolved + against the server specified in the first argument. </para> + + <para>This command is a shortcut for -M OWNER:name. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-G name</term> + <listitem><para>The group owner of a file or directory can + be changed to the name given using the <parameter>-G</parameter> + option. The name can be a sid in the form S-1-x-y-z or a name + resolved against the server specified n the first argument. + </para> + + <para>This command is a shortcut for -M GROUP:name.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>--numeric</term> + <listitem><para>This option displays all ACL information in numeric + format. The default is to convert SIDs to names and ACE types + and masks to a readable string format. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-t</term> + <listitem><para> + Don't actually do anything, only validate the correctness of + the arguments. + </para></listitem> + </varlistentry> + + &stdarg.help; + &popt.common.samba; + </variablelist> +</refsect1> + + +<refsect1> + <title>ACL FORMAT</title> + + <para>The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: </para> + +<para><programlisting> +REVISION:<revision number> +OWNER:<sid or name> +GROUP:<sid or name> +ACL:<sid or name>:<type>/<flags>/<mask> +</programlisting></para> + + + <para>The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour. </para> + + <para>The owner and group specify the owner and group sids for the + object. If a SID in the format S-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides. </para> + + <para>ACLs specify permissions granted to the SID. This SID again + can be specified in S-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID. </para> + + <para>The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are: </para> + + <itemizedlist> + <listitem><para><constant>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</constant></para></listitem> + <listitem><para><constant>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</constant></para></listitem> + <listitem><para><constant>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</constant></para></listitem> + <listitem><para><constant>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</constant></para></listitem> + </itemizedlist> + + <para>At present flags can only be specified as decimal or + hexadecimal values.</para> + + <para>The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name. </para> + + <itemizedlist> + <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem> + <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem> + <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem> + <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem> + <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem> + <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem> + </itemizedlist> + + + <para>The following combined permissions can be specified:</para> + + + <itemizedlist> + <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX' + permissions</para></listitem> + <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions + </para></listitem> + <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO' + permissions</para></listitem> + </itemizedlist> + </refsect1> + +<refsect1> + <title>EXIT STATUS</title> + + <para>The <command>smbcacls</command> program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. </para> + + <para>If the operation succeeded, smbcacls returns and exit + status of 0. If <command>smbcacls</command> couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><command>smbcacls</command> was written by Andrew Tridgell + and Tim Potter.</para> + + <para>The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done + by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbclient.1.xml b/docs/manpages-3/smbclient.1.xml new file mode 100644 index 0000000000..b7ee8f8338 --- /dev/null +++ b/docs/manpages-3/smbclient.1.xml @@ -0,0 +1,981 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbclient.1"> + +<refmeta> + <refentrytitle>smbclient</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbclient</refname> + <refpurpose>ftp-like client to access SMB/CIFS resources + on servers</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbclient</command> + <arg choice="opt">-b <buffer size></arg> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-L <netbios name></arg> + <arg choice="opt">-U username</arg> + <arg choice="opt">-I destinationIP</arg> + <arg choice="opt">-M <netbios name></arg> + <arg choice="opt">-m maxprotocol</arg> + <arg choice="opt">-A authfile</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-i scope</arg> + <arg choice="opt">-O <socket options></arg> + <arg choice="opt">-p port</arg> + <arg choice="opt">-R <name resolve order></arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-k</arg> + </cmdsynopsis> + + <cmdsynopsis> + <command>smbclient</command> + <arg choice="req">servicename</arg> + <arg choice="opt">password</arg> + <arg choice="opt">-b <buffer size></arg> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-D Directory</arg> + <arg choice="opt">-U username</arg> + <arg choice="opt">-W workgroup</arg> + <arg choice="opt">-M <netbios name></arg> + <arg choice="opt">-m maxprotocol</arg> + <arg choice="opt">-A authfile</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-l logdir</arg> + <arg choice="opt">-I destinationIP</arg> + <arg choice="opt">-E</arg> + <arg choice="opt">-c <command string></arg> + <arg choice="opt">-i scope</arg> + <arg choice="opt">-O <socket options></arg> + <arg choice="opt">-p port</arg> + <arg choice="opt">-R <name resolve order></arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-T<c|x>IXFqgbNan</arg> + <arg choice="opt">-k</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>smbclient</command> is a client that can + 'talk' to an SMB/CIFS server. It offers an interface + similar to that of the ftp program (see <citerefentry><refentrytitle>ftp</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>). + Operations include things like getting files from the server + to the local machine, putting files from the local machine to + the server, retrieving directory information from the server + and so on. </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>servicename</term> + <listitem><para>servicename is the name of the service + you want to use on the server. A service name takes the form + <filename>//server/service</filename> where <parameter>server + </parameter> is the NetBIOS name of the SMB/CIFS server + offering the desired service and <parameter>service</parameter> + is the name of the service offered. Thus to connect to + the service "printer" on the SMB/CIFS server "smbserver", + you would use the servicename <filename>//smbserver/printer + </filename></para> + + <para>Note that the server name required is NOT necessarily + the IP (DNS) host name of the server ! The name required is + a NetBIOS server name, which may or may not be the + same as the IP hostname of the machine running the server. + </para> + + <para>The server name is looked up according to either + the <parameter>-R</parameter> parameter to <command>smbclient</command> or + using the name resolve order parameter in + the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file, + allowing an administrator to change the order and methods + by which server names are looked up. </para></listitem> + </varlistentry> + + <varlistentry> + <term>password</term> + <listitem><para>The password required to access the specified + service on the specified server. If this parameter is + supplied, the <parameter>-N</parameter> option (suppress + password prompt) is assumed. </para> + + <para>There is no default password. If no password is supplied + on the command line (either by using this parameter or adding + a password to the <parameter>-U</parameter> option (see + below)) and the <parameter>-N</parameter> option is not + specified, the client will prompt for a password, even if + the desired service does not require one. (If no password is + required, simply press ENTER to provide a null password.) + </para> + + <para>Note: Some servers (including OS/2 and Windows for + Workgroups) insist on an uppercase password. Lowercase + or mixed case passwords may be rejected by these servers. + </para> + + <para>Be cautious about including passwords in scripts. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-R <name resolve order></term> + <listitem><para>This option is used by the programs in the Samba + suite to determine what naming services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.</para> + + <para>The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows:</para> + + <itemizedlist> + <listitem><para><constant>lmhosts</constant>: Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see + the <citerefentry><refentrytitle>lmhosts</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details) then + any name type matches for lookup.</para> + </listitem> + + <listitem><para><constant>host</constant>: Do a standard host + name to IP address resolution, using the system <filename>/etc/hosts + </filename>, NIS, or DNS lookups. This method of name resolution + is operating system dependent, for instance on IRIX or Solaris this + may be controlled by the <filename>/etc/nsswitch.conf</filename> + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.</para> + </listitem> + + <listitem><para><constant>wins</constant>: Query a name with + the IP address listed in the <parameter>wins server</parameter> + parameter. If no WINS server has + been specified this method will be ignored.</para> + </listitem> + + <listitem><para><constant>bcast</constant>: Do a broadcast on + each of the known local interfaces listed in the + <parameter>interfaces</parameter> + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet.</para> + </listitem> + </itemizedlist> + + <para>If this parameter is not set then the name resolve order + defined in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file parameter + (name resolve order) will be used. </para> + + <para>The default order is lmhosts, host, wins, bcast and without + this parameter or any entry in the <parameter>name resolve order + </parameter> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file the name resolution + methods will be attempted in this order. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-M NetBIOS name</term> + <listitem><para>This options allows you to send messages, using + the "WinPopup" protocol, to another computer. Once a connection is + established you then type your message, pressing ^D (control-D) to + end. </para> + + <para>If the receiving computer is running WinPopup the user will + receive the message and probably a beep. If they are not running + WinPopup the message will be lost, and no error message will + occur. </para> + + <para>The message is also automatically truncated if the message + is over 1600 bytes, as this is the limit of the protocol. + </para> + + <para>One useful trick is to cat the message through + <command>smbclient</command>. For example: <command> + cat mymessage.txt | smbclient -M FRED </command> will + send the message in the file <filename>mymessage.txt</filename> + to the machine FRED. </para> + + <para>You may also find the <parameter>-U</parameter> and + <parameter>-I</parameter> options useful, as they allow you to + control the FROM and TO parts of the message. </para> + + <para>See the <parameter>message command</parameter> parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for a description of how to handle incoming + WinPopup messages in Samba. </para> + + <para><emphasis>Note</emphasis>: Copy WinPopup into the startup group + on your WfWg PCs if you want them to always be able to receive + messages. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-p port</term> + <listitem><para>This number is the TCP port number that will be used + when making connections to the server. The standard (well-known) + TCP port number for an SMB/CIFS server is 139, which is the + default. </para></listitem> + </varlistentry> + + + &stdarg.help; + + <varlistentry> + <term>-I IP-address</term> + <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. </para> + + <para>Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the <parameter>name resolve order</parameter> + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. </para> + + <para>There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-E</term> + <listitem><para>This parameter causes the client to write messages + to the standard error stream (stderr) rather than to the standard + output stream. </para> + + <para>By default, the client writes messages to standard output + - typically the user's tty. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-L</term> + <listitem><para>This option allows you to look at what services + are available on a server. You use it as <command>smbclient -L + host</command> and a list should appear. The <parameter>-I + </parameter> option may be useful if your NetBIOS names don't + match your TCP/IP DNS host names or if you are trying to reach a + host on another network. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-t terminal code</term> + <listitem><para>This option tells <command>smbclient</command> how to interpret + filenames coming from the remote server. Usually Asian language + multibyte UNIX implementations use different character sets than + SMB/CIFS servers (<emphasis>EUC</emphasis> instead of <emphasis> + SJIS</emphasis> for example). Setting this parameter will let + <command>smbclient</command> convert between the UNIX filenames and + the SMB filenames correctly. This option has not been seriously tested + and may have some problems. </para> + + <para>The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8, + CWjunet, CWhex, CWcap. This is not a complete list, check the Samba + source code for the complete list. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-b buffersize</term> + <listitem><para>This option changes the transmit/send buffer + size when getting or putting a file from/to the server. The default + is 65520 bytes. Setting this value smaller (to 1200 bytes) has been + observed to speed up file transfers to and from a Win9x server. + </para></listitem> + </varlistentry> + + &popt.common.samba; + &popt.common.credentials; + &popt.common.connection; + + <varlistentry> + <term>-T tar options</term> + <listitem><para>smbclient may be used to create <command>tar(1) + </command> compatible backups of all the files on an SMB/CIFS + share. The secondary tar flags that can be given to this option + are : </para> + + <itemizedlist> + <listitem><para><parameter>c</parameter> - Create a tar file on UNIX. + Must be followed by the name of a tar file, tape device + or "-" for standard output. If using standard output you must + turn the log level to its lowest value -d0 to avoid corrupting + your tar file. This flag is mutually exclusive with the + <parameter>x</parameter> flag. </para></listitem> + + <listitem><para><parameter>x</parameter> - Extract (restore) a local + tar file back to a share. Unless the -D option is given, the tar + files will be restored from the top level of the share. Must be + followed by the name of the tar file, device or "-" for standard + input. Mutually exclusive with the <parameter>c</parameter> flag. + Restored files have their creation times (mtime) set to the + date saved in the tar file. Directories currently do not get + their creation dates restored properly. </para></listitem> + + <listitem><para><parameter>I</parameter> - Include files and directories. + Is the default behavior when filenames are specified above. Causes + tar files to be included in an extract or create (and therefore + everything else to be excluded). See example below. Filename globbing + works in one of two ways. See r below. </para></listitem> + + <listitem><para><parameter>X</parameter> - Exclude files and directories. + Causes tar files to be excluded from an extract or create. See + example below. Filename globbing works in one of two ways now. + See <parameter>r</parameter> below. </para></listitem> + + <listitem><para><parameter>b</parameter> - Blocksize. Must be followed + by a valid (greater than zero) blocksize. Causes tar file to be + written out in blocksize*TBLOCK (usually 512 byte) blocks. + </para></listitem> + + <listitem><para><parameter>g</parameter> - Incremental. Only back up + files that have the archive bit set. Useful only with the + <parameter>c</parameter> flag. </para></listitem> + + <listitem><para><parameter>q</parameter> - Quiet. Keeps tar from printing + diagnostics as it works. This is the same as tarmode quiet. + </para></listitem> + + <listitem><para><parameter>r</parameter> - Regular expression include + or exclude. Uses regular expression matching for + excluding or excluding files if compiled with HAVE_REGEX_H. + However this mode can be very slow. If not compiled with + HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. + </para></listitem> + + <listitem><para><parameter>N</parameter> - Newer than. Must be followed + by the name of a file whose date is compared against files found + on the share during a create. Only files newer than the file + specified are backed up to the tar file. Useful only with the + <parameter>c</parameter> flag. </para></listitem> + + <listitem><para><parameter>a</parameter> - Set archive bit. Causes the + archive bit to be reset when a file is backed up. Useful with the + <parameter>g</parameter> and <parameter>c</parameter> flags. + </para></listitem> + </itemizedlist> + + <para><emphasis>Tar Long File Names</emphasis></para> + + <para><command>smbclient</command>'s tar option now supports long + file names both on backup and restore. However, the full path + name of the file must be less than 1024 bytes. Also, when + a tar archive is created, <command>smbclient</command>'s tar option places all + files in the archive with relative names, not absolute names. + </para> + + <para><emphasis>Tar Filenames</emphasis></para> + + <para>All file names can be given as DOS path names (with '\\' + as the component separator) or as UNIX path names (with '/' as + the component separator). </para> + + <para><emphasis>Examples</emphasis></para> + + <para>Restore from tar file <filename>backup.tar</filename> into myshare on mypc + (no password on share). </para> + + <para><command>smbclient //mypc/yshare "" -N -Tx backup.tar + </command></para> + + <para>Restore everything except <filename>users/docs</filename> + </para> + + <para><command>smbclient //mypc/myshare "" -N -TXx backup.tar + users/docs</command></para> + + <para>Create a tar file of the files beneath <filename> + users/docs</filename>. </para> + + <para><command>smbclient //mypc/myshare "" -N -Tc + backup.tar users/docs </command></para> + + <para>Create the same tar file as above, but now use + a DOS path name. </para> + + <para><command>smbclient //mypc/myshare "" -N -tc backup.tar + users\edocs </command></para> + + <para>Create a tar file of all the files and directories in + the share. </para> + + <para><command>smbclient //mypc/myshare "" -N -Tc backup.tar * + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-D initial directory</term> + <listitem><para>Change to initial directory before starting. Probably + only of any use with the tar -T option. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-c command string</term> + <listitem><para>command string is a semicolon-separated list of + commands to be executed instead of prompting from stdin. <parameter> + -N</parameter> is implied by <parameter>-c</parameter>.</para> + + <para>This is particularly useful in scripts and for printing stdin + to the server, e.g. <command>-c 'print -'</command>. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>OPERATIONS</title> + + <para>Once the client is running, the user is presented with + a prompt : </para> + + <para><prompt>smb:\> </prompt></para> + + <para>The backslash ("\\") indicates the current working directory + on the server, and will change if the current working directory + is changed. </para> + + <para>The prompt indicates that the client is ready and waiting to + carry out a user command. Each command is a single word, optionally + followed by parameters specific to that command. Command and parameters + are space-delimited unless these notes specifically + state otherwise. All commands are case-insensitive. Parameters to + commands may or may not be case sensitive, depending on the command. + </para> + + <para>You can specify file names which have spaces in them by quoting + the name with double quotes, for example "a long file name". </para> + + <para>Parameters shown in square brackets (e.g., "[parameter]") are + optional. If not given, the command will use suitable defaults. Parameters + shown in angle brackets (e.g., "<parameter>") are required. + </para> + + + <para>Note that all commands operating on the server are actually + performed by issuing a request to the server. Thus the behavior may + vary from server to server, depending on how the server was implemented. + </para> + + <para>The commands available are given here in alphabetical order. </para> + + <variablelist> + <varlistentry> + <term>? [command]</term> + <listitem><para>If <replaceable>command</replaceable> is specified, the ? command will display + a brief informative message about the specified command. If no + command is specified, a list of available commands will + be displayed. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>! [shell command]</term> + <listitem><para>If <replaceable>shell command</replaceable> is specified, the ! + command will execute a shell locally and run the specified shell + command. If no command is specified, a local shell will be run. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>altname file</term> + <listitem><para>The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>case_sensitive</term> + <listitem><para>Toggles the setting of the flag in SMB packets that + tells the server to treat filenames as case sensitive. Set to OFF by + default (tells file server to treat filenames as case insensitive). Only + currently affects Samba 3.0.5 and above file servers with the case sensitive + parameter set to auto in the smb.conf. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>cancel jobid0 [jobid1] ... [jobidN]</term> + <listitem><para>The client will request that the server cancel + the printjobs identified by the given numeric print job ids. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>chmod file mode in octal</term> + <listitem><para>This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>chown file uid gid</term> + <listitem><para>This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>cd [directory name]</term> + <listitem><para>If "directory name" is specified, the current + working directory on the server will be changed to the directory + specified. This operation will fail if for any reason the specified + directory is inaccessible. </para> + + <para>If no directory name is specified, the current working + directory on the server will be reported. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>del <mask></term> + <listitem><para>The client will request that the server attempt + to delete all files matching <replaceable>mask</replaceable> from the current working + directory on the server. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>dir <mask></term> + <listitem><para>A list of the files matching <replaceable>mask</replaceable> in the current + working directory on the server will be retrieved from the server + and displayed. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>exit</term> + <listitem><para>Terminate the connection with the server and exit + from the program. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>get <remote file name> [local file name]</term> + <listitem><para>Copy the file called <filename>remote file name</filename> from + the server to the machine running the client. If specified, name + the local copy <filename>local file name</filename>. Note that all transfers in + <command>smbclient</command> are binary. See also the + lowercase command. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>help [command]</term> + <listitem><para>See the ? command above. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>lcd [directory name]</term> + <listitem><para>If <replaceable>directory name</replaceable> is specified, the current + working directory on the local machine will be changed to + the directory specified. This operation will fail if for any + reason the specified directory is inaccessible. </para> + + <para>If no directory name is specified, the name of the + current working directory on the local machine will be reported. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>link target linkname</term> + <listitem><para>This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the linkname and target files. The linkname file + must not exist. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>lowercase</term> + <listitem><para>Toggle lowercasing of filenames for the get and + mget commands. </para> + + <para>When lowercasing is toggled ON, local filenames are converted + to lowercase when using the get and mget commands. This is + often useful when copying (say) MSDOS files from a server, because + lowercase filenames are the norm on UNIX systems. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>ls <mask></term> + <listitem><para>See the dir command above. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mask <mask></term> + <listitem><para>This command allows the user to set up a mask + which will be used during recursive operation of the mget and + mput commands. </para> + + <para>The masks specified to the mget and mput commands act as + filters for directories rather than files when recursion is + toggled ON. </para> + + <para>The mask specified with the mask command is necessary + to filter files within those directories. For example, if the + mask specified in an mget command is "source*" and the mask + specified with the mask command is "*.c" and recursion is + toggled ON, the mget command will retrieve all files matching + "*.c" in all directories below and including all directories + matching "source*" in the current working directory. </para> + + <para>Note that the value for mask defaults to blank (equivalent + to "*") and remains so until the mask command is used to change it. + It retains the most recently specified value indefinitely. To + avoid unexpected results it would be wise to change the value of + mask back to "*" after using the mget or mput commands. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>md <directory name></term> + <listitem><para>See the mkdir command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mget <mask></term> + <listitem><para>Copy all files matching <replaceable>mask</replaceable> from the server to + the machine running the client. </para> + + <para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and + mask commands for more information. Note that all transfers in + <command>smbclient</command> are binary. See also the lowercase command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mkdir <directory name></term> + <listitem><para>Create a new directory on the server (user access + privileges permitting) with the specified name. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mput <mask></term> + <listitem><para>Copy all files matching <replaceable>mask</replaceable> in the current working + directory on the local machine to the current working directory on + the server. </para> + + <para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and mask + commands for more information. Note that all transfers in <command>smbclient</command> + are binary. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>print <file name></term> + <listitem><para>Print the specified file from the local machine + through a printable service on the server. </para> + + <para>See also the printmode command.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>printmode <graphics or text></term> + <listitem><para>Set the print mode to suit either binary data + (such as graphical information) or text. Subsequent print + commands will use the currently set print mode. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>prompt</term> + <listitem><para>Toggle prompting for filenames during operation + of the mget and mput commands. </para> + + <para>When toggled ON, the user will be prompted to confirm + the transfer of each file during these commands. When toggled + OFF, all specified files will be transferred without prompting. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>put <local file name> [remote file name]</term> + <listitem><para>Copy the file called <filename>local file name</filename> from the + machine running the client to the server. If specified, + name the remote copy <filename>remote file name</filename>. Note that all transfers + in <command>smbclient</command> are binary. See also the lowercase command. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>queue</term> + <listitem><para>Displays the print queue, showing the job id, + name, size and current status. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>quit</term> + <listitem><para>See the exit command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>rd <directory name></term> + <listitem><para>See the rmdir command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>recurse</term> + <listitem><para>Toggle directory recursion for the commands mget + and mput. </para> + + <para>When toggled ON, these commands will process all directories + in the source directory (i.e., the directory they are copying + from ) and will recurse into any that match the mask specified + to the command. Only files that match the mask specified using + the mask command will be retrieved. See also the mask command. + </para> + + <para>When recursion is toggled OFF, only files from the current + working directory on the source machine that match the mask specified + to the mget or mput commands will be copied, and any mask specified + using the mask command will be ignored. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>rm <mask></term> + <listitem><para>Remove all files matching <replaceable>mask</replaceable> from the current + working directory on the server. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>rmdir <directory name></term> + <listitem><para>Remove the specified directory (user access + privileges permitting) from the server. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>setmode <filename> <perm=[+|\-]rsha></term> + <listitem><para>A version of the DOS attrib command to set + file permissions. For example: </para> + + <para><command>setmode myfile +r </command></para> + + <para>would make myfile read only. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>stat file</term> + <listitem><para>This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests the + UNIX basic info level and prints out the same info that the Linux stat command + would about the file. This includes the size, blocks used on disk, file type, + permissions, inode number, number of links and finally the three timestamps + (access, modify and change). If the file is a special file (symlink, character or + block device, fifo or socket) then extra information may also be printed. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>symlink target linkname</term> + <listitem><para>This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the target and linkname files. The linkname file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>tar <c|x>[IXbgNa]</term> + <listitem><para>Performs a tar operation - see the <parameter>-T + </parameter> command line option above. Behavior may be affected + by the tarmode command (see below). Using g (incremental) and N + (newer) will affect tarmode settings. Note that using the "-" option + with tar x may not work - use the command line option instead. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>blocksize <blocksize></term> + <listitem><para>Blocksize. Must be followed by a valid (greater + than zero) blocksize. Causes tar file to be written out in + <replaceable>blocksize</replaceable>*TBLOCK (usually 512 byte) blocks. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>tarmode <full|inc|reset|noreset></term> + <listitem><para>Changes tar's behavior with regard to archive + bits. In full mode, tar will back up everything regardless of the + archive bit setting (this is the default mode). In incremental mode, + tar will only back up files with the archive bit set. In reset mode, + tar will reset the archive bit on all files it backs up (implies + read/write share). </para></listitem> + </varlistentry> + + + </variablelist> +</refsect1> + +<refsect1> + <title>NOTES</title> + + <para>Some servers are fussy about the case of supplied usernames, + passwords, share names (AKA service names) and machine names. + If you fail to connect try giving all parameters in uppercase. + </para> + + <para>It is often necessary to use the -n option when connecting + to some types of servers. For example OS/2 LanManager insists + on a valid NetBIOS name being used, so you need to supply a valid + name that would be known to the server.</para> + + <para>smbclient supports long file names where the server + supports the LANMAN2 protocol or above. </para> +</refsect1> + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <para>The variable <envar>USER</envar> may contain the + username of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords.</para> + + + <para>The variable <envar>PASSWD</envar> may contain + the password of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. </para> + + <para>The variable <envar>LIBSMB_PROG</envar> may contain + the path, executed with system(), which the client should connect + to instead of connecting to a server. This functionality is primarily + intended as a development aid, and works best when using a LMHOSTS + file</para> +</refsect1> + + +<refsect1> + <title>INSTALLATION</title> + + <para>The location of the client program is a matter for + individual system administrators. The following are thus + suggestions only. </para> + + <para>It is recommended that the smbclient software be installed + in the <filename>/usr/local/samba/bin/</filename> or <filename> + /usr/samba/bin/</filename> directory, this directory readable + by all, writeable only by root. The client program itself should + be executable by all. The client should <emphasis>NOT</emphasis> be + setuid or setgid! </para> + + <para>The client log files should be put in a directory readable + and writeable only by the user. </para> + + <para>To test the client, you will need to know the name of a + running SMB/CIFS server. It is possible to run <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> as an ordinary user - running that server as a daemon + on a user-accessible port (typically any port number over 1024) + would provide a suitable test server. </para> +</refsect1> + + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>Most diagnostics issued by the client are logged in a + specified log file. The log file name is specified at compile time, + but may be overridden on the command line. </para> + + <para>The number and nature of diagnostics available depends + on the debug level used by the client. If you have problems, + set the debug level to 3 and peruse the log files. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of the Samba suite.</para> +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbcontrol.1.xml b/docs/manpages-3/smbcontrol.1.xml new file mode 100644 index 0000000000..8bbe211f41 --- /dev/null +++ b/docs/manpages-3/smbcontrol.1.xml @@ -0,0 +1,294 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbcontrol.1"> + +<refmeta> + <refentrytitle>smbcontrol</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbcontrol</refname> + <refpurpose>send messages to smbd, nmbd or winbindd processes</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbcontrol</command> + <arg>-i</arg> + <arg>-s</arg> + </cmdsynopsis> + + <cmdsynopsis> + <command>smbcontrol</command> + <arg>destination</arg> + <arg>message-type</arg> + <arg>parameter</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>smbcontrol</command> is a very small program, which + sends messages to a <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, a <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, or a <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon running on the system.</para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + &stdarg.help; + &stdarg.configfile; + <varlistentry> + <term>-i</term> + <listitem><para>Run interactively. Individual commands + of the form destination message-type parameters can be entered + on STDIN. An empty command line or a "q" will quit the + program.</para></listitem> + </varlistentry> + + <varlistentry> + <term>destination</term> + <listitem><para>One of <parameter>nmbd</parameter>, <parameter>smbd</parameter> or a process ID.</para> + + <para>The <parameter>smbd</parameter> destination causes the + message to "broadcast" to all smbd daemons.</para> + + <para>The <parameter>nmbd</parameter> destination causes the + message to be sent to the nmbd daemon specified in the + <filename>nmbd.pid</filename> file.</para> + + <para>If a single process ID is given, the message is sent + to only that process.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>message-type</term> + <listitem><para>Type of message to send. See + the section <constant>MESSAGE-TYPES</constant> for details. + </para></listitem></varlistentry> + + + + <varlistentry> + <term>parameters</term> + <listitem><para>any parameters required for the message-type</para> + </listitem> + </varlistentry> + </variablelist> + +</refsect1> + +<refsect1> + <title>MESSAGE-TYPES</title> + + <para>Available message types are:</para> + + <variablelist> + <varlistentry><term>close-share</term> + <listitem><para>Order smbd to close the client + connections to the named share. Note that this doesn't affect client + connections to any other shares. This message-type takes an argument of the + share name for which client connections will be closed, or the + "*" character which will close all currently open shares. + This may be useful if you made changes to the access controls on the share. + This message can only be sent to <constant>smbd</constant>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>debug</term> + <listitem><para>Set debug level to the value specified by the + parameter. This can be sent to any of the destinations.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>force-election</term> + <listitem><para>This message causes the <command>nmbd</command> daemon to + force a new browse master election. </para> + </listitem></varlistentry> + + <varlistentry> + <term>ping</term> + <listitem><para> + Send specified number of "ping" messages and + wait for the same number of reply "pong" messages. This can be sent to + any of the destinations.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>profile</term> + <listitem><para>Change profile settings of a daemon, based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any smbd or nmbd destinations.</para> + </listitem></varlistentry> + + <varlistentry> + <term>debuglevel</term> + <listitem><para> + Request debuglevel of a certain daemon and write it to stdout. This + can be sent to any of the destinations.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>profilelevel</term> + <listitem><para> + Request profilelevel of a certain daemon and write it to stdout. + This can be sent to any smbd or nmbd destinations.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>printnotify</term> + <listitem><para> + Order smbd to send a printer notify message to any Windows NT clients + connected to a printer. This message-type takes the following arguments: + </para> + + <variablelist> + + <varlistentry> + <term>queuepause printername</term> + <listitem><para>Send a queue pause change notify + message to the printer specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>queueresume printername</term> + <listitem><para>Send a queue resume change notify + message for the printer specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>jobpause printername unixjobid</term> + <listitem><para>Send a job pause change notify + message for the printer and unix jobid + specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>jobresume printername unixjobid</term> + <listitem><para>Send a job resume change notify + message for the printer and unix jobid + specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>jobdelete printername unixjobid</term> + <listitem><para>Send a job delete change notify + message for the printer and unix jobid + specified.</para></listitem> + </varlistentry> + </variablelist> + + <para> + Note that this message only sends notification that an + event has occured. It doesn't actually cause the + event to happen. + </para> + + <para>This message can only be sent to <constant>smbd</constant>. </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>samsync</term> + <listitem><para>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <constant>smbd</constant>. </para> + <note><para>Not working at the moment</para></note> + </listitem> + </varlistentry> + + <varlistentry> + <term>samrepl</term> + <listitem><para>Send sam replication message, with specified serial. Can only be sent to <constant>smbd</constant>. Should not be used manually.</para></listitem> + </varlistentry> + + <varlistentry> + <term>dmalloc-mark</term> + <listitem><para>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem> + </varlistentry> + + <varlistentry> + <term>dmalloc-log-changed</term> + <listitem><para> + Dump the pointers that have changed since the mark set by dmalloc-mark. + Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem> + </varlistentry> + + <varlistentry> + <term>shutdown</term> + <listitem><para>Shut down specified daemon. Can be sent to both smbd and nmbd.</para></listitem> + </varlistentry> + + <varlistentry> + <term>pool-usage</term> + <listitem><para>Print a human-readable description of all + talloc(pool) memory usage by the specified daemon/process. Available + for both smbd and nmbd.</para></listitem> + </varlistentry> + + <varlistentry> + <term>drvupgrade</term> + <listitem><para>Force clients of printers using specified driver + to update their local version of the driver. Can only be + sent to smbd.</para></listitem> + </varlistentry> + + <varlistentry> + <term>reload-config</term> + <listitem><para>Force daemon to reload smb.conf configuration file. Can be sent + to <constant>smbd</constant>, <constant>nmbd</constant>, or <constant>winbindd</constant>. + </para></listitem> + </varlistentry> + +</variablelist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbcquotas.1.xml b/docs/manpages-3/smbcquotas.1.xml new file mode 100644 index 0000000000..239315e9dc --- /dev/null +++ b/docs/manpages-3/smbcquotas.1.xml @@ -0,0 +1,178 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbcquotas.1"> + +<refmeta> + <refentrytitle>smbcquotas</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbcquotas</refname> + <refpurpose>Set or get QUOTAs of NTFS 5 shares</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbcquotas</command> + <arg choice="req">//server/share</arg> + <arg choice="opt">-u user</arg> + <arg choice="opt">-L</arg> + <arg choice="opt">-F</arg> + <arg choice="opt">-S QUOTA_SET_COMMAND</arg> + <arg choice="opt">-n</arg> + <arg choice="opt">-t</arg> + <arg choice="opt">-v</arg> + + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-s configfile</arg> + <arg choice="opt">-l logdir</arg> + <arg choice="opt">-V</arg> + + <arg choice="opt">-U username</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-k</arg> + <arg choice="opt">-A</arg> + + + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>smbcquotas</command> program manipulates NT Quotas on SMB file shares. </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <para>The following options are available to the <command>smbcquotas</command> program. </para> + + + <variablelist> + <varlistentry> + <term>-u user</term> + <listitem><para> Specifies the user of whom the quotas are get or set. + By default the current user's username will be used.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-L</term> + <listitem><para>Lists all quota records of the share.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-F</term> + <listitem><para>Show the share quota status and default limits.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-S QUOTA_SET_COMMAND</term> + <listitem><para>This command sets/modifies quotas for a user or on the share, + depending on the QUOTA_SET_COMMAND parameter which is described later.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-n</term> + <listitem><para>This option displays all QUOTA information in numeric + format. The default is to convert SIDs to names and QUOTA limits + to a readable string format.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-t</term> + <listitem><para> + Don't actually do anything, only validate the correctness of the arguments. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-v</term> + <listitem><para> + Be verbose. + </para></listitem> + </varlistentry> + + &stdarg.help; + &popt.common.samba; + &popt.common.credentials; + </variablelist> +</refsect1> + + +<refsect1> + <title>QUOTA_SET_COMAND</title> + + <para>The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: </para> + + <para> + for setting user quotas for the user specified by -u or the current username: + </para> + + <para><userinput> + UQLIM:<username>:<softlimit>/<hardlimit> + </userinput></para> + + <para> + for setting the default quotas for a share: + </para> + + <para><userinput> + FSQLIM:<softlimit>/<hardlimit> + </userinput></para> + + <para> + for changing the share quota settings: + </para> + + <para><userinput> + FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT + </userinput></para> +</refsect1> + +<refsect1> + <title>EXIT STATUS</title> + + <para>The <command>smbcquotas</command> program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. </para> + + <para>If the operation succeeded, smbcquotas returns an exit + status of 0. If <command>smbcquotas</command> couldn't connect to the specified server, + or when there was an error getting or setting the quota(s), an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><command>smbcquotas</command> was written by Stefan Metzmacher.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbd.8.xml b/docs/manpages-3/smbd.8.xml new file mode 100644 index 0000000000..3f5755c2da --- /dev/null +++ b/docs/manpages-3/smbd.8.xml @@ -0,0 +1,432 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbd.8"> + +<refmeta> + <refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbd</refname> + <refpurpose>server to provide SMB/CIFS services to clients</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbd</command> + <arg choice="opt">-D</arg> + <arg choice="opt">-F</arg> + <arg choice="opt">-S</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-V</arg> + <arg choice="opt">-b</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-l <log directory></arg> + <arg choice="opt">-p <port number(s)></arg> + <arg choice="opt">-O <socket option></arg> + <arg choice="opt">-s <configuration file></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + <para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>smbd</command> is the server daemon that + provides filesharing and printing services to Windows clients. + The server provides filespace and printer services to + clients using the SMB (or CIFS) protocol. This is compatible + with the LanManager protocol, and can service LanManager + clients. These include MSCLIENT 3.0 for DOS, Windows for + Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, + OS/2, DAVE for Macintosh, and smbfs for Linux.</para> + + <para>An extensive description of the services that the + server can provide is given in the man page for the + configuration file controlling the attributes of those + services (see <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. This man page will not describe the + services, but will concentrate on the administrative aspects + of running the server.</para> + + <para>Please note that there are significant security + implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before + proceeding with installation.</para> + + <para>A session is created whenever a client requests one. + Each client gets a copy of the server for each session. This + copy then services all connections made by the client during + that session. When all connections from its client are closed, + the copy of the server for that client terminates.</para> + + <para>The configuration file, and any files that it includes, + are automatically reloaded every minute, if they change. You + can force a reload by sending a SIGHUP to the server. Reloading + the configuration file will not affect connections to any service + that is already established. Either the user will have to + disconnect from the service, or <command>smbd</command> killed and restarted.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-D</term> + <listitem><para>If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate port. Operating the server as a + daemon is the recommended way of running <command>smbd</command> for + servers that provide more than casual use file and + print services. This switch is assumed if <command>smbd + </command> is executed on the command line of a shell. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-F</term> + <listitem><para>If specified, this parameter causes + the main <command>smbd</command> process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + <command>smbd</command> under process supervisors such + as <command>supervise</command> and <command>svscan</command> + from Daniel J. Bernstein's <command>daemontools</command> + package, or the AIX process monitor. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-S</term> + <listitem><para>If specified, this parameter causes + <command>smbd</command> to log to standard output rather + than a file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-i</term> + <listitem><para>If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. <command>smbd</command> also logs to standard + output, as if the <command>-S</command> parameter had been + given. + </para></listitem> + </varlistentry> + + &popt.common.samba; + &stdarg.help; + + <varlistentry> + <term>-b</term> + <listitem><para>Prints information about how + Samba was built.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-p <port number(s)></term> + <listitem><para><replaceable>port number(s)</replaceable> is a + space or comma-separated list of TCP ports smbd should listen on. + The default value is taken from the <smbconfoption name="ports"/> parameter in &smb.conf;</para> + + <para>The default ports are 139 (used for SMB over NetBIOS over TCP) + and port 445 (used for plain SMB over TCP). + </para></listitem> + + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/inetd.conf</filename></term> + <listitem><para>If the server is to be run by the + <command>inetd</command> meta-daemon, this file + must contain suitable startup information for the + meta-daemon. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/rc</filename></term> + <listitem><para>or whatever initialization script your + system uses).</para> + + <para>If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/services</filename></term> + <listitem><para>If running the server via the + meta-daemon <command>inetd</command>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/usr/local/samba/lib/smb.conf</filename></term> + <listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems + install this file are <filename>/usr/samba/lib/smb.conf</filename> + and <filename>/etc/samba/smb.conf</filename>.</para> + + <para>This file describes all the services the server + is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for more information.</para> + </listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>LIMITATIONS</title> + <para>On some systems <command>smbd</command> cannot change uid back + to root after a setuid() call. Such systems are called + trapdoor uid systems. If you have such a system, + you will be unable to connect from a client (such as a PC) as + two different users at once. Attempts to connect the + second user will result in access denied or + similar.</para> +</refsect1> + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <variablelist> + <varlistentry> + <term><envar>PRINTER</envar></term> + <listitem><para>If no printer name is specified to + printable services, most systems will use the value of + this variable (or <constant>lp</constant> if this variable is + not defined) as the name of the printer to use. This + is not specific to the server, however.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>PAM INTERACTION</title> + <para>Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the <smbconfoption name="obey pam restrictions"/> <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply: + </para> + + <itemizedlist> + <listitem><para><emphasis>Account Validation</emphasis>: All accesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. + </para></listitem> + + <listitem><para><emphasis>Session Management</emphasis>: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. + </para></listitem> + </itemizedlist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>Most diagnostics issued by the server are logged + in a specified log file. The log file name is specified + at compile time, but may be overridden on the command line.</para> + + <para>The number and nature of diagnostics available depends + on the debug level used by the server. If you have problems, set + the debug level to 3 and peruse the log files.</para> + + <para>Most messages are reasonably self-explanatory. Unfortunately, + at the time this man page was created, there are too many diagnostics + available in the source code to warrant describing each and every + diagnostic. At this stage your best bet is still to grep the + source code and inspect the conditions that gave rise to the + diagnostics you are seeing.</para> +</refsect1> + +<refsect1> + <title>TDB FILES</title> + + <para>Samba stores it's data in several TDB (Trivial Database) files, usually located in <filename>/var/lib/samba</filename>.</para> + + <para> + (*) information persistent across restarts (but not + necessarily important to backup). + </para> + +<variablelist> +<varlistentry><term>account_policy.tdb*</term> +<listitem> +<para>NT account policy settings such as pw expiration, etc...</para> +</listitem> +</varlistentry> + +<varlistentry><term>brlock.tdb</term> +<listitem><para>byte range locks</para></listitem> +</varlistentry> + +<varlistentry><term>browse.dat</term> +<listitem><para>browse lists</para></listitem> +</varlistentry> + +<varlistentry><term>connections.tdb</term> +<listitem><para>share connections (used to enforce max connections, etc...)</para></listitem> +</varlistentry> + +<varlistentry><term>gencache.tdb</term> +<listitem><para>generic caching db</para></listitem> +</varlistentry> + +<varlistentry><term>group_mapping.tdb*</term> +<listitem><para>group mapping information</para></listitem> +</varlistentry> + +<varlistentry><term>locking.tdb</term> +<listitem><para>share modes & oplocks</para></listitem> +</varlistentry> + +<varlistentry><term>login_cache.tdb*</term> +<listitem><para>bad pw attempts</para></listitem> +</varlistentry> + +<varlistentry><term>messages.tdb</term> +<listitem><para>Samba messaging system</para></listitem> +</varlistentry> + +<varlistentry><term>netsamlogon_cache.tdb*</term> +<listitem><para>cache of user net_info_3 struct from net_samlogon() request (as a domain member)</para></listitem> +</varlistentry> + +<varlistentry><term>ntdrivers.tdb*</term> +<listitem><para>installed printer drivers</para></listitem> +</varlistentry> + +<varlistentry><term>ntforms.tdb*</term> +<listitem><para>installed printer forms</para></listitem> +</varlistentry> + +<varlistentry><term>ntprinters.tdb*</term> +<listitem><para>installed printer information</para></listitem> +</varlistentry> + +<varlistentry><term>printing/</term> +<listitem><para>directory containing tdb per print queue of cached lpq output</para></listitem> +</varlistentry> + +<varlistentry><term>registry.tdb</term> +<listitem><para>Windows registry skeleton (connect via regedit.exe)</para></listitem> +</varlistentry> + +<varlistentry><term>sessionid.tdb</term> +<listitem><para>session information (e.g. support for 'utmp = yes')</para></listitem> +</varlistentry> + +<varlistentry><term>share_info.tdb*</term> +<listitem><para>share acls</para></listitem> +</varlistentry> + +<varlistentry><term>winbindd_cache.tdb</term> +<listitem><para>winbindd's cache of user lists, etc...</para></listitem> +</varlistentry> + +<varlistentry><term>winbindd_idmap.tdb*</term> +<listitem><para>winbindd's local idmap db</para></listitem> +</varlistentry> + +<varlistentry><term>wins.dat*</term> +<listitem><para>wins database when 'wins support = yes'</para></listitem> +</varlistentry> + +</variablelist> + +</refsect1> + +<refsect1> + <title>SIGNALS</title> + + <para>Sending the <command>smbd</command> a SIGHUP will cause it to + reload its <filename>smb.conf</filename> configuration + file within a short period of time.</para> + + <para>To shut down a user's <command>smbd</command> process it is recommended + that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis> + be used, except as a last resort, as this may leave the shared + memory area in an inconsistent state. The safe way to terminate + an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for + it to die on its own.</para> + + <para>The debug log level of <command>smbd</command> may be raised + or lowered using <citerefentry><refentrytitle>smbcontrol</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> program (SIGUSR[1|2] signals are no longer + used since Samba 2.2). This is to allow transient problems to be diagnosed, + whilst still running at a normally low log level.</para> + + <para>Note that as the signal handlers send a debug write, + they are not re-entrant in <command>smbd</command>. This you should wait until + <command>smbd</command> is in a state of waiting for an incoming SMB before + issuing them. It is possible to make the signal handlers safe + by un-blocking the signals before the select call and re-blocking + them after, however this would affect performance.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>hosts_access</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>inetd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, and the + Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/"> + http://samba.org/cifs/</ulink>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbget.1.xml b/docs/manpages-3/smbget.1.xml new file mode 100644 index 0000000000..7c4f2956a8 --- /dev/null +++ b/docs/manpages-3/smbget.1.xml @@ -0,0 +1,208 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbget.1"> + +<refmeta> + <refentrytitle>smbget</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbget</refname> + <refpurpose>wget-like utility for download files over SMB</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbget</command> + <arg choice="opt">-a, --guest</arg> + <arg choice="opt">-r, --resume</arg> + <arg choice="opt">-R, --recursive</arg> + <arg choice="opt">-u, --username=STRING</arg> + <arg choice="opt">-p, --password=STRING</arg> + <arg choice="opt">-w, --workgroup=STRING</arg> + <arg choice="opt">-n, --nonprompt</arg> + <arg choice="opt">-d, --debuglevel=INT</arg> + <arg choice="opt">-D, --dots</arg> + <arg choice="opt">-P, --keep-permissions</arg> + <arg choice="opt">-o, --outputfile</arg> + <arg choice="opt">-f, --rcfile</arg> + <arg choice="opt">-q, --quiet</arg> + <arg choice="opt">-v, --verbose</arg> + <arg choice="opt">-b, --blocksize</arg> + <arg choice="opt">-?, --help</arg> + <arg choice="opt">--usage</arg> + <arg choice="req">smb://host/share/path/to/file</arg> + <arg choice="opt">smb://url2/</arg> + <arg choice="opt">...</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. + </para> + + <para> + The files should be in the smb-URL standard, e.g. use smb://host/share/file + for the UNC path <emphasis>\\\\HOST\\SHARE\\file</emphasis>. + </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <varlistentry> + <term>-a, --guest</term> + <listitem><para>Work as user guest</para></listitem> + </varlistentry> + + <varlistentry> + <term>-r, --resume</term> + <listitem><para>Automatically resume aborted files</para></listitem> + </varlistentry> + + <varlistentry> + <term>-R, --recursive</term> + <listitem><para>Recursively download files</para></listitem> + </varlistentry> + + <varlistentry> + <term>-u, --username=STRING</term> + <listitem><para>Username to use</para></listitem> + </varlistentry> + + <varlistentry> + <term>-p, --password=STRING</term> + <listitem><para>Password to use</para></listitem> + </varlistentry> + + <varlistentry> + <term>-w, --workgroup=STRING</term> + <listitem><para>Workgroup to use (optional)</para></listitem> + </varlistentry> + + <varlistentry> + <term>-n, --nonprompt</term> + <listitem><para>Don't ask anything (non-interactive)</para></listitem> + </varlistentry> + + <varlistentry> + <term>-d, --debuglevel=INT</term> + <listitem><para>Debuglevel to use</para></listitem> + </varlistentry> + + <varlistentry> + <term>-D, --dots</term> + <listitem><para>Show dots as progress indication</para></listitem> + </varlistentry> + + <varlistentry> + <term>-P, --keep-permissions</term> + <listitem><para>Set same permissions on local file as are set on remote file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-o, --outputfile</term> + <listitem><para>Write the file that is being download to the specified file. Can not be used together with -R.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-f, --rcfile</term> + <listitem><para>Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-q, --quiet</term> + <listitem><para>Be quiet</para></listitem> + </varlistentry> + + <varlistentry> + <term>-v, --verbose</term> + <listitem><para>Be verbose</para></listitem> + </varlistentry> + + <varlistentry> + <term>-b, --blocksize</term> + <listitem><para>Number of bytes to download in a block. Defaults to 64000.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-?, --help</term> + <listitem><para>Show help message</para></listitem> + </varlistentry> + + <varlistentry> + <term>--usage</term> + <listitem><para>Display brief usage message</para></listitem> + </varlistentry> +</refsect1> + +<refsect1> + <title>SMB URLS</title> + + <para> SMB URL's should be specified in the following format:</para> + + <para><programlisting> +smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]] +</programlisting></para> + +<para><programlisting> +smb:// means all the workgroups +</programlisting></para> + +<para><programlisting> +smb://name/ means, if <replaceable>name</replaceable> is a workgroup, all the servers in this workgroup, or if <replaceable>name</replaceable> is a server, all the shares on this server. +</programlisting></para> + +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + +<programlisting> +# Recursively download 'src' directory +smbget -R smb://rhonwyn/jelmer/src +# Download FreeBSD ISO and enable resuming +smbget -r smb://rhonwyn/isos/FreeBSD5.1.iso +# Recursively download all ISOs +smbget -Rr smb://rhonwyn/isos +# Backup my data on rhonwyn +smbget -Rr smb://rhonwyn/ +</programlisting> + +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para>Permission denied is returned in some cases where the cause of the error is unknown +(such as an illegally formatted smb:// url or trying to get a directory without -R +turned on).</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The smbget manpage was written by Jelmer Vernooij.</para> + +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbgetrc.5.xml b/docs/manpages-3/smbgetrc.5.xml new file mode 100644 index 0000000000..59d492a29b --- /dev/null +++ b/docs/manpages-3/smbgetrc.5.xml @@ -0,0 +1,113 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbgetrc.5"> + +<refmeta> + <refentrytitle>smbgetrc</refentrytitle> + <manvolnum>5</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbgetrc</refname> + <refpurpose>configuration file for smbget</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <para><filename>smbgetrc</filename></para> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para> + This manual page documents the format and options of the <emphasis>smbgetrc</emphasis> + file. This is the configuration file used by the <citerefentry><refentrytitle>smbget</refentrytitle><manvolnum>1</manvolnum></citerefentry> + utility. The file contains of key-value pairs, one pair on each line. The key + and value should be separated by a space. + </para> + + <para>By default, smbget reads its configuration from <emphasis>$HOME/.smbgetrc</emphasis>, though + other locations can be specified using the command-line options.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <para> + The following keys can be set: +</para> + + <variablelist> + <varlistentry><term>resume on|off</term> + <listitem><para> + Whether aborted downloads should be automatically resumed. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>recursive on|off</term> + <listitem><para>Whether directories should be downloaded recursively</para></listitem> + </varlistentry> + + <varlistentry><term>username <replaceable>name</replaceable></term> + <listitem><para>Username to use when logging in to the remote server. Use an empty string for anonymous access. + </para></listitem> + </varlistentry> + + <varlistentry><term>password <replaceable>pass</replaceable></term> + <listitem><para>Password to use when logging in.</para></listitem> + </varlistentry> + + <varlistentry><term>workgroup <replaceable>wg</replaceable></term> + <listitem><para>Workgroup to use when logging in</para></listitem> + </varlistentry> + + <varlistentry><term>nonprompt on|off</term> + <listitem><para>Turns off asking for username and password. Useful for scripts.</para></listitem> + </varlistentry> + + <varlistentry><term>debuglevel <replaceable>int</replaceable></term> + <listitem><para>(Samba) debuglevel to run at. Useful for tracking down protocol level problems.</para></listitem> + </varlistentry> + + <varlistentry><term>dots on|off</term> + <listitem><para>Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator.</para></listitem> + </varlistentry> + + <varlistentry><term>blocksize <replaceable>int</replaceable></term> + <listitem><para>Number of bytes to put in a block. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbget</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> and <citerefentry><refentrytitle>Samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>This manual page was written by Jelmer Vernooij</para> + +</refsect1> + +</refentry> + + diff --git a/docs/manpages-3/smbmnt.8.xml b/docs/manpages-3/smbmnt.8.xml new file mode 100644 index 0000000000..9425ce7c31 --- /dev/null +++ b/docs/manpages-3/smbmnt.8.xml @@ -0,0 +1,118 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbmnt.8"> + +<refmeta> + <refentrytitle>smbmnt</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbmnt</refname> + <refpurpose>helper utility for mounting SMB filesystems</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbmnt</command> + <arg choice="req">mount-point</arg> + <arg choice="opt">-s <share></arg> + <arg choice="opt">-r</arg> + <arg choice="opt">-u <uid></arg> + <arg choice="opt">-g <gid></arg> + <arg choice="opt">-f <mask></arg> + <arg choice="opt">-d <mask></arg> + <arg choice="opt">-o <options></arg> + <arg choice="opt">-h</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para><command>smbmnt</command> is a helper application used + by the smbmount program to do the actual mounting of SMB shares. + <command>smbmnt</command> can be installed setuid root if you want + normal users to be able to mount their SMB shares.</para> + + <para>A setuid smbmnt will only allow mounts on directories owned + by the user, and that the user has write permission on.</para> + + <para>The <command>smbmnt</command> program is normally invoked + by <citerefentry><refentrytitle>smbmount</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>. It should not be invoked directly by users. </para> + + <para>smbmount searches the normal PATH for smbmnt. You must ensure + that the smbmnt version in your path matches the smbmount used.</para> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-r</term> + <listitem><para>mount the filesystem read-only + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-u uid</term> + <listitem><para>specify the uid that the files will + be owned by </para></listitem> + </varlistentry> + + <varlistentry> + <term>-g gid</term> + <listitem><para>specify the gid that the files will be + owned by </para></listitem> + </varlistentry> + + <varlistentry> + <term>-f mask</term> + <listitem><para>specify the octal file mask applied + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-d mask</term> + <listitem><para>specify the octal directory mask + applied </para></listitem> + </varlistentry> + + <varlistentry> + <term>-o options</term> + <listitem><para> + list of options that are passed as-is to smbfs, if this + command is run on a 2.4 or higher Linux kernel. + </para></listitem> + </varlistentry> + + &stdarg.help; + + </variablelist> +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.</para> + + <para>The current maintainer of smbfs and the userspace + tools <command>smbmount</command>, <command>smbumount</command>, + and <command>smbmnt</command> is <ulink + url="mailto:urban@teststation.com">Urban Widmark</ulink>. + The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + + <para>The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbmount.8.xml b/docs/manpages-3/smbmount.8.xml new file mode 100644 index 0000000000..68e0b351e0 --- /dev/null +++ b/docs/manpages-3/smbmount.8.xml @@ -0,0 +1,333 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbmount.8"> + +<refmeta> + <refentrytitle>smbmount</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbmount</refname> + <refpurpose>mount an smbfs filesystem</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbmount</command> + <arg choice="req">service</arg> + <arg choice="req">mount-point</arg> + <arg choice="opt">-o options</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para><command>smbmount</command> mounts a Linux SMB filesystem. It + is usually invoked as <command>mount.smbfs</command> by + the <citerefentry><refentrytitle>mount</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> command when using the + "-t smbfs" option. This command only works in Linux, and the kernel must + support the smbfs filesystem. </para> + + <para>Options to <command>smbmount</command> are specified as a comma-separated + list of key=value pairs. It is possible to send options other + than those listed here, assuming that smbfs supports them. If + you get mount failures, check your kernel log for errors on + unknown options.</para> + + <para><command>smbmount</command> is a daemon. After mounting it keeps running until + the mounted smbfs is umounted. It will log things that happen + when in daemon mode using the "machine name" smbmount, so + typically this output will end up in <filename>log.smbmount</filename>. The <command> + smbmount</command> process may also be called mount.smbfs.</para> + + <note><para> <command>smbmount</command> + calls <citerefentry><refentrytitle>smbmnt</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to do the actual mount. You + must make sure that <command>smbmnt</command> is in the path so + that it can be found. </para></note> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>username=<arg></term> + <listitem><para>specifies the username to connect as. If + this is not given, then the environment variable <envar> + USER</envar> is used. This option can also take the + form "user%password" or "user/workgroup" or + "user/workgroup%password" to allow the password and workgroup + to be specified as part of the username.</para></listitem> + </varlistentry> + + <varlistentry> + <term>password=<arg></term> + <listitem><para>specifies the SMB password. If this + option is not given then the environment variable + <envar>PASSWD</envar> is used. If it can find + no password <command>smbmount</command> will prompt + for a passeword, unless the guest option is + given. </para> + + <para> + Note that passwords which contain the argument delimiter + character (i.e. a comma ',') will failed to be parsed correctly + on the command line. However, the same password defined + in the PASSWD environment variable or a credentials file (see + below) will be read correctly. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>credentials=<filename></term> + <listitem><para>specifies a file that contains a username and/or password. +The format of the file is: +<programlisting> +username = <value> +password = <value> +</programlisting></para> + + <para>This is preferred over having passwords in plaintext in a + shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any + credentials file properly. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>krb</term> + <listitem><para>Use kerberos (Active Directory). </para></listitem> + </varlistentry> + + <varlistentry> + <term>netbiosname=<arg></term> + <listitem><para>sets the source NetBIOS name. It defaults + to the local hostname. </para></listitem> + </varlistentry> + + <varlistentry> + <term>uid=<arg></term> + <listitem><para>sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>gid=<arg></term> + <listitem><para>sets the gid that will own all files on + the mounted filesystem. + It may be specified as either a groupname or a numeric + gid. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>port=<arg></term> + <listitem><para>sets the remote SMB port number. The default + is 445, fallback is 139. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>fmask=<arg></term> + <listitem><para>sets the file mask. This determines the + permissions that remote files have in the local filesystem. + This is not a umask, but the actual permissions for the files. + The default is based on the current umask. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>dmask=<arg></term> + <listitem><para>Sets the directory mask. This determines the + permissions that remote directories have in the local filesystem. + This is not a umask, but the actual permissions for the directories. + The default is based on the current umask. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>debug=<arg></term> + <listitem><para>Sets the debug level. This is useful for + tracking down SMB connection problems. A suggested value to + start with is 4. If set too high there will be a lot of + output, possibly hiding the useful output.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>ip=<arg></term> + <listitem><para>Sets the destination host or IP address. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>workgroup=<arg></term> + <listitem><para>Sets the workgroup on the destination </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>sockopt=<arg></term> + <listitem><para>Sets the TCP socket options. See the <ulink + url="smb.conf.5.html#SOCKETOPTIONS"><citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry></ulink> <parameter>socket options</parameter> option. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>scope=<arg></term> + <listitem><para>Sets the NetBIOS scope </para></listitem> + </varlistentry> + + <varlistentry> + <term>guest</term> + <listitem><para>Don't prompt for a password </para></listitem> + </varlistentry> + + <varlistentry> + <term>ro</term> + <listitem><para>mount read-only </para></listitem> + </varlistentry> + + <varlistentry> + <term>rw</term><listitem><para>mount read-write </para></listitem> + </varlistentry> + + <varlistentry> + <term>iocharset=<arg></term> + <listitem><para> + sets the charset used by the Linux side for codepage + to charset translations (NLS). Argument should be the + name of a charset, like iso8859-1. (Note: only kernel + 2.4.0 or later) + </para></listitem> + </varlistentry> + + <varlistentry> + <term>codepage=<arg></term> + <listitem><para> + sets the codepage the server uses. See the iocharset + option. Example value cp850. (Note: only kernel 2.4.0 + or later) + </para></listitem> + </varlistentry> + + <varlistentry> + <term>ttl=<arg></term> + <listitem><para> + sets how long a directory listing is cached in milliseconds + (also affects visibility of file size and date + changes). A higher value means that changes on the + server take longer to be noticed but it can give + better performance on large directories, especially + over long distances. Default is 1000ms but something + like 10000ms (10 seconds) is probably more reasonable + in many cases. + (Note: only kernel 2.4.2 or later) + </para></listitem> + </varlistentry> + + </variablelist> + + +</refsect1> + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <para>The variable <envar>USER</envar> may contain the username of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords. The variable can be used to set both username and + password by using the format username%password.</para> + + <para>The variable <envar>PASSWD</envar> may contain the password of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords.</para> + + <para>The variable <envar>PASSWD_FILE</envar> may contain the pathname + of a file to read the password from. A single line of input is + read and used as the password.</para> +</refsect1> + + +<refsect1> + <title>BUGS</title> + + <para>Passwords and other options containing , can not be handled. + For passwords an alternative way of passing them is in a credentials + file or in the PASSWD environment.</para> + + <para>The credentials file does not handle usernames or passwords with + leading space.</para> + + <para>One smbfs bug is important enough to mention here, even if it + is a bit misplaced:</para> + + <itemizedlist> + + <listitem><para>Mounts sometimes stop working. This is usually + caused by smbmount terminating. Since smbfs needs smbmount to + reconnect when the server disconnects, the mount will eventually go + dead. An umount/mount normally fixes this. At least 2 ways to + trigger this bug are known.</para></listitem> + + </itemizedlist> + + <para>Note that the typical response to a bug report is suggestion + to try the latest version first. So please try doing that first, + and always include which versions you use of relevant software + when reporting bugs (minimum: samba, kernel, distribution)</para> + +</refsect1> + + +<refsect1> + <title>SEE ALSO</title> + + <para>Documentation/filesystems/smbfs.txt in the linux kernel + source tree may contain additional options and information.</para> + + <para>FreeBSD also has a smbfs, but it is not related to smbmount</para> + + <para>For Solaris, HP-UX and others you may want to look at <citerefentry><refentrytitle>smbsh</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> or at other solutions, such as + Sharity or perhaps replacing the SMB server with a NFS server.</para> + +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.</para> + + <para>The current maintainer of smbfs and the userspace + tools <command>smbmount</command>, <command>smbumount</command>, + and <command>smbmnt</command> is <ulink + url="mailto:urban@teststation.com">Urban Widmark</ulink>. + The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + + <para>The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbpasswd.5.xml b/docs/manpages-3/smbpasswd.5.xml new file mode 100644 index 0000000000..a04ea4c831 --- /dev/null +++ b/docs/manpages-3/smbpasswd.5.xml @@ -0,0 +1,205 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbpasswd.5"> + +<refmeta> + <refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbpasswd</refname> + <refpurpose>The Samba encrypted password file</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <para><filename>smbpasswd</filename></para> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>smbpasswd is the Samba encrypted password file. It contains + the username, Unix user id and the SMB hashed passwords of the + user, as well as account flag information and the time the + password was last changed. This file format has been evolving with + Samba and has had several different formats in the past. </para> +</refsect1> + +<refsect1> + <title>FILE FORMAT</title> + + <para>The format of the smbpasswd file used by Samba 2.2 + is very similar to the familiar Unix <filename>passwd(5)</filename> + file. It is an ASCII file containing one line for each user. Each field + ithin each line is separated from the next by a colon. Any entry + beginning with '#' is ignored. The smbpasswd file contains the + following information for each user: </para> + + <variablelist> + <varlistentry> + <term>name</term> + <listitem><para> This is the user name. It must be a name that + already exists in the standard UNIX passwd file. </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>uid</term> + <listitem><para>This is the UNIX uid. It must match the uid + field for the same user entry in the standard UNIX passwd file. + If this does not match then Samba will refuse to recognize + this smbpasswd file entry as being valid for a user. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>Lanman Password Hash</term> + <listitem><para>This is the LANMAN hash of the user's password, + encoded as 32 hex digits. The LANMAN hash is created by DES + encrypting a well known string with the user's password as the + DES key. This is the same password used by Windows 95/98 machines. + Note that this password hash is regarded as weak as it is + vulnerable to dictionary attacks and if two users choose the + same password this entry will be identical (i.e. the password + is not "salted" as the UNIX password is). If the user has a + null password this field will contain the characters "NO PASSWORD" + as the start of the hex string. If the hex string is equal to + 32 'X' characters then the user's account is marked as + <constant>disabled</constant> and the user will not be able to + log onto the Samba server. </para> + + <para><emphasis>WARNING !!</emphasis> Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as <emphasis>plain text + equivalents</emphasis> and must <emphasis>NOT</emphasis> be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>NT Password Hash</term> + <listitem><para>This is the Windows NT hash of the user's + password, encoded as 32 hex digits. The Windows NT hash is + created by taking the user's password as represented in + 16-bit, little-endian UNICODE and then applying the MD4 + (internet rfc1321) hashing algorithm to it. </para> + + <para>This password hash is considered more secure than + the LANMAN Password Hash as it preserves the case of the + password and uses a much higher quality hashing algorithm. + However, it is still the case that if two users choose the same + password this entry will be identical (i.e. the password is + not "salted" as the UNIX password is). </para> + + <para><emphasis>WARNING !!</emphasis>. Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as <emphasis>plain text + equivalents</emphasis> and must <emphasis>NOT</emphasis> be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>Account Flags</term> + <listitem><para>This section contains flags that describe + the attributes of the users account. In the Samba 2.2 release + this field is bracketed by '[' and ']' characters and is always + 13 characters in length (including the '[' and ']' characters). + The contents of this field may be any of the following characters: + </para> + + <itemizedlist> + <listitem><para><emphasis>U</emphasis> - This means + this is a "User" account, i.e. an ordinary user. Only User + and Workstation Trust accounts are currently supported + in the smbpasswd file. </para></listitem> + + <listitem><para><emphasis>N</emphasis> - This means the + account has no password (the passwords in the fields LANMAN + Password Hash and NT Password Hash are ignored). Note that this + will only allow users to log on with no password if the <parameter> + null passwords</parameter> parameter is set in the + <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> config file. </para></listitem> + + <listitem><para><emphasis>D</emphasis> - This means the account + is disabled and no SMB/CIFS logins will be allowed for this user. </para></listitem> + + <listitem><para><emphasis>W</emphasis> - This means this account + is a "Workstation Trust" account. This kind of account is used + in the Samba PDC code stream to allow Windows NT Workstations + and Servers to join a Domain hosted by a Samba PDC. </para> + </listitem> + </itemizedlist> + + <para>Other flags may be added as the code is extended in future. + The rest of this field space is filled in with spaces. </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>Last Change Time</term> + <listitem><para>This field consists of the time the account was + last modified. It consists of the characters 'LCT-' (standing for + "Last Change Time") followed by a numeric encoding of the UNIX time + in seconds since the epoch (1970) that the last change was made. + </para></listitem> + </varlistentry> + </variablelist> + + <para>All other colon separated fields are ignored at this time.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>, and + the Internet RFC1321 for details on the MD4 algorithm. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbpasswd.8.xml b/docs/manpages-3/smbpasswd.8.xml new file mode 100644 index 0000000000..fa2ed9e9b8 --- /dev/null +++ b/docs/manpages-3/smbpasswd.8.xml @@ -0,0 +1,401 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbpasswd.8"> + +<refmeta> + <refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbpasswd</refname> + <refpurpose>change a user's SMB password</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbpasswd</command> + <arg choice="opt">-a</arg> + <arg choice="opt">-x</arg> + <arg choice="opt">-d</arg> + <arg choice="opt">-e</arg> + <arg choice="opt">-D debuglevel</arg> + <arg choice="opt">-n</arg> + <arg choice="opt">-r <remote machine></arg> + <arg choice="opt">-R <name resolve order></arg> + <arg choice="opt">-m</arg> + <arg choice="opt">-U username[%password]</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-s</arg> + <arg choice="opt">-w pass</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-L</arg> + <arg choice="opt">username</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The smbpasswd program has several different + functions, depending on whether it is run by the <emphasis>root</emphasis> user + or not. When run as a normal user it allows the user to change + the password used for their SMB sessions on any machines that store + SMB passwords. </para> + + <para>By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. This is + similar to the way the <command>passwd(1)</command> program works. <command> + smbpasswd</command> differs from how the passwd program works + however in that it is not <emphasis>setuid root</emphasis> but works in + a client-server mode and communicates with a + locally running <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>. As a consequence in order for this to + succeed the smbd daemon must be running on the local machine. On a + UNIX machine the encrypted SMB passwords are usually stored in + the <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file. </para> + + <para>When run by an ordinary user with no options, smbpasswd + will prompt them for their old SMB password and then ask them + for their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the screen + whilst being typed. If you have a blank SMB password (specified by + the string "NO PASSWORD" in the smbpasswd file) then just press + the <Enter> key when asked for your old password. </para> + + <para>smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary Domain + Controllers. See the (<parameter>-r</parameter>) and <parameter>-U</parameter> options + below. </para> + + <para>When run by root, smbpasswd allows new users to be added + and deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run by root, <command> + smbpasswd</command> accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is not + running. </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term>-a</term> + <listitem><para>This option specifies that the username + following should be added to the local smbpasswd file, with the + new password typed (type <Enter> for the old password). This + option is ignored if the username following already exists in + the smbpasswd file and it is treated like a regular change + password command. Note that the default passdb backends require + the user to already exist in the system password file (usually + <filename>/etc/passwd</filename>), else the request to add the + user will fail. </para> + + <para>This option is only available when running smbpasswd + as root. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-x</term> + <listitem><para>This option specifies that the username + following should be deleted from the local smbpasswd file. + </para> + + <para>This option is only available when running smbpasswd as + root.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-d</term> + <listitem><para>This option specifies that the username following + should be <constant>disabled</constant> in the local smbpasswd + file. This is done by writing a <constant>'D'</constant> flag + into the account control space in the smbpasswd file. Once this + is done all attempts to authenticate via SMB using this username + will fail. </para> + + <para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 + format) there is no space in the user's password entry to write + this information and the command will FAIL. See <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details on the 'old' and new password file formats. + </para> + + <para>This option is only available when running smbpasswd as + root.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-e</term> + <listitem><para>This option specifies that the username following + should be <constant>enabled</constant> in the local smbpasswd file, + if the account was previously disabled. If the account was not + disabled this option has no effect. Once the account is enabled then + the user will be able to authenticate via SMB once again. </para> + + <para>If the smbpasswd file is in the 'old' format, then <command> + smbpasswd</command> will FAIL to enable the account. + See <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for + details on the 'old' and new password file formats. </para> + + <para>This option is only available when running smbpasswd as root. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-D debuglevel</term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer + from 0 to 10. The default value if this parameter is not specified + is zero. </para> + + <para>The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged. </para> + + <para>Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-n</term> + <listitem><para>This option specifies that the username following + should have their password set to null (i.e. a blank password) in + the local smbpasswd file. This is done by writing the string "NO + PASSWORD" as the first part of the first password stored in the + smbpasswd file. </para> + + <para>Note that to allow users to logon to a Samba server once + the password has been set to "NO PASSWORD" in the smbpasswd + file the administrator must set the following parameter in the [global] + section of the <filename>smb.conf</filename> file : </para> + + <para><command>null passwords = yes</command></para> + + <para>This option is only available when running smbpasswd as + root.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-r remote machine name</term> + <listitem><para>This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The <replaceable>remote + machine name</replaceable> is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the <parameter>-R + name resolve order</parameter> parameter for details on changing + this resolving mechanism. </para> + + <para>The username whose password is changed is that of the + current UNIX logged on user. See the <parameter>-U username</parameter> + parameter for details on changing the password for a different + username. </para> + + <para>Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change).</para> + + <para><emphasis>Note</emphasis> that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target. </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-R name resolve order</term> + <listitem><para>This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to. </para> + + <para>The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows: </para> + <itemizedlist> + <listitem><para><constant>lmhosts</constant>: Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the <citerefentry><refentrytitle>lmhosts</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details) then + any name type matches for lookup.</para></listitem> + + <listitem><para><constant>host</constant>: Do a standard host + name to IP address resolution, using the system <filename>/etc/hosts + </filename>, NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the <filename>/etc/nsswitch.conf</filename> + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.</para></listitem> + + <listitem><para><constant>wins</constant>: Query a name with + the IP address listed in the <parameter>wins server</parameter> + parameter. If no WINS server has been specified this method + will be ignored.</para></listitem> + + <listitem><para><constant>bcast</constant>: Do a broadcast on + each of the known local interfaces listed in the + <parameter>interfaces</parameter> parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet.</para></listitem> + </itemizedlist> + + <para>The default order is <command>lmhosts, host, wins, bcast</command> + and without this parameter or any entry in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file the name resolution methods will + be attempted in this order. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-m</term> + <listitem><para>This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller.</para> + + <para>This option is only available when running smbpasswd as root. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-U username</term> + <listitem><para>This option may only be used in conjunction + with the <parameter>-r</parameter> option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-h</term> + <listitem><para>This option prints the help string for <command> + smbpasswd</command>, selecting the correct one for running as root + or as an ordinary user. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-s</term> + <listitem><para>This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from <filename>/dev/tty</filename> + (like the <command>passwd(1)</command> program does). This option + is to aid people writing scripts to drive smbpasswd</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-w password</term> + <listitem><para>This parameter is only available if Samba + has been compiled with LDAP support. The <parameter>-w</parameter> + switch is used to specify the password to be used with the + <smbconfoption name="ldap admin dn"/>. Note that the password is stored in + the <filename>secrets.tdb</filename> and is keyed off + of the admin's DN. This means that if the value of <parameter>ldap + admin dn</parameter> ever changes, the password will need to be + manually updated as well. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-i</term> + <listitem><para>This option tells smbpasswd that the account + being changed is an interdomain trust account. Currently this is used + when Samba is being used as an NT Primary Domain Controller. + The account contains the info about another trusted domain.</para> + + <para>This option is only available when running smbpasswd as root. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-L</term> + <listitem><para>Run in local mode.</para></listitem> + </varlistentry> + + <varlistentry> + <term>username</term> + <listitem><para>This specifies the username for all of the + <emphasis>root only</emphasis> options to operate on. Only root + can specify this parameter as only root has the permission needed + to modify attributes directly in the local smbpasswd file. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>NOTES</title> + + <para>Since <command>smbpasswd</command> works in client-server + mode communicating with a local smbd for a non-root user then + the smbd daemon must be running for this to work. A common problem + is to add a restriction to the hosts that may access the <command> + smbd</command> running on the local machine by specifying either <parameter>allow + hosts</parameter> or <parameter>deny hosts</parameter> entry in + the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file and neglecting to + allow "localhost" access to the smbd. </para> + + <para>In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbsh.1.xml b/docs/manpages-3/smbsh.1.xml new file mode 100644 index 0000000000..48655b0ab1 --- /dev/null +++ b/docs/manpages-3/smbsh.1.xml @@ -0,0 +1,161 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbsh.1"> + +<refmeta> + <refentrytitle>smbsh</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbsh</refname> + <refpurpose>Allows access to remote SMB shares + using UNIX commands</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbsh</command> + <arg choice="opt">-W workgroup</arg> + <arg choice="opt">-U username</arg> + <arg choice="opt">-P prefix</arg> + <arg choice="opt">-R <name resolve order></arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-l logdir</arg> + <arg choice="opt">-L libdir</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>smbsh</command> allows you to access an NT filesystem + using UNIX commands such as <command>ls</command>, <command> + egrep</command>, and <command>rcp</command>. You must use a + shell that is dynamically linked in order for <command>smbsh</command> + to work correctly.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-W WORKGROUP</term> + <listitem><para>Override the default workgroup specified in the + workgroup parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file + for this session. This may be needed to connect to some + servers. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-U username[%pass]</term> + <listitem><para>Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-P prefix</term> + <listitem><para>This option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + <emphasis>smb</emphasis>. + </para></listitem> + </varlistentry> + + &stdarg.configfile; + &stdarg.debug; + &stdarg.resolve.order; + + <varlistentry> + <term>-L libdir</term> + <listitem><para>This parameter specifies the location of the + shared libraries used by <command>smbsh</command>. The default + value is specified at compile time. + </para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>To use the <command>smbsh</command> command, execute <command> + smbsh</command> from the prompt and enter the username and password + that authenticates you to the machine running the Windows NT + operating system. +<programlisting> +<prompt>system% </prompt><userinput>smbsh</userinput> +<prompt>Username: </prompt><userinput>user</userinput> +<prompt>Password: </prompt><userinput>XXXXXXX</userinput> +</programlisting></para> + + + <para>Any dynamically linked command you execute from + this shell will access the <filename>/smb</filename> directory + using the smb protocol. For example, the command <command>ls /smb + </command> will show a list of workgroups. The command + <command>ls /smb/MYGROUP </command> will show all the machines in + the workgroup MYGROUP. The command + <command>ls /smb/MYGROUP/<machine-name></command> will show the share + names for that machine. You could then, for example, use the <command> + cd</command> command to change directories, <command>vi</command> to + edit files, and <command>rcp</command> to copy files.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para><command>smbsh</command> works by intercepting the standard + libc calls with the dynamically loaded versions in <filename> + smbwrapper.o</filename>. Not all calls have been "wrapped", so + some programs may not function correctly under <command>smbsh + </command>.</para> + + <para>Programs which are not dynamically linked cannot make + use of <command>smbsh</command>'s functionality. Most versions + of UNIX have a <command>file</command> command that will + describe how a program was linked.</para> +</refsect1> + + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbspool.8.xml b/docs/manpages-3/smbspool.8.xml new file mode 100644 index 0000000000..6ed2d607e2 --- /dev/null +++ b/docs/manpages-3/smbspool.8.xml @@ -0,0 +1,130 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbspool.8"> + +<refmeta> + <refentrytitle>smbspool</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbspool</refname> + <refpurpose>send a print file to an SMB printer</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbspool</command> + <arg choice="req">job</arg> + <arg choice="req">user</arg> + <arg choice="req">title</arg> + <arg choice="req">copies</arg> + <arg choice="req">options</arg> + <arg choice="opt">filename</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>smbspool is a very small print spooling program that + sends a print file to an SMB printer. The command-line arguments + are position-dependent for compatibility with the Common UNIX + Printing System, but you can use smbspool with any printing system + or from a program or script.</para> + + <para><emphasis>DEVICE URI</emphasis></para> + + <para>smbspool specifies the destination using a Uniform Resource + Identifier ("URI") with a method of "smb". This string can take + a number of forms:</para> + + <itemizedlist> + <listitem><para>smb://server[:port]/printer</para></listitem> + <listitem><para>smb://workgroup/server[:port]/printer</para></listitem> + <listitem><para>smb://username:password@server[:port]/printer</para></listitem> + <listitem><para>smb://username:password@workgroup/server[:port]/printer</para></listitem> + </itemizedlist> + + <para>smbspool tries to get the URI from the environment variable + <envar>DEVICE_URI</envar>. If <envar>DEVICE_URI</envar> is not present, + smbspool will use argv[0] if that starts with <quote>smb://</quote> + or argv[1] if that is not the case.</para> + + <para>Programs using the <command>exec(2)</command> functions can + pass the URI in argv[0], while shell scripts must set the + <envar>DEVICE_URI</envar> environment variable prior to + running smbspool.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <itemizedlist> + <listitem><para>The job argument (argv[1]) contains the + job ID number and is presently not used by smbspool. + </para></listitem> + + <listitem><para>The user argument (argv[2]) contains the + print user's name and is presently not used by smbspool. + </para></listitem> + + <listitem><para>The title argument (argv[3]) contains the + job title string and is passed as the remote file name + when sending the print job.</para></listitem> + + <listitem><para>The copies argument (argv[4]) contains + the number of copies to be printed of the named file. If + no filename is provided then this argument is not used by + smbspool.</para></listitem> + + <listitem><para>The options argument (argv[5]) contains + the print options in a single string and is currently + not used by smbspool.</para></listitem> + + <listitem><para>The filename argument (argv[6]) contains the + name of the file to print. If this argument is not specified + then the print file is read from the standard input.</para> + </listitem> + </itemizedlist> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para><command>smbspool</command> was written by Michael Sweet + at Easy Software Products.</para> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbstatus.1.xml b/docs/manpages-3/smbstatus.1.xml new file mode 100644 index 0000000000..a0f4efb145 --- /dev/null +++ b/docs/manpages-3/smbstatus.1.xml @@ -0,0 +1,136 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbstatus.1"> + +<refmeta> + <refentrytitle>smbstatus</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbstatus</refname> + <refpurpose>report on current Samba connections</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbstatus</command> + <arg choice="opt">-P</arg> + <arg choice="opt">-b</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-v</arg> + <arg choice="opt">-L</arg> + <arg choice="opt">-B</arg> + <arg choice="opt">-p</arg> + <arg choice="opt">-S</arg> + <arg choice="opt">-s <configuration file></arg> + <arg choice="opt">-u <username></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>smbstatus</command> is a very simple program to + list the current Samba connections.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-P|--profile</term> + <listitem><para>If samba has been compiled with the + profiling option, print only the contents of the profiling + shared memory area.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-b|--brief</term> + <listitem><para>gives brief output.</para></listitem> + </varlistentry> + + &popt.common.samba; + + <varlistentry> + <term>-v|--verbose</term> + <listitem><para>gives verbose output.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-L|--locks</term> + <listitem><para>causes smbstatus to only list locks.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-B|--byterange</term> + <listitem><para>causes smbstatus to include byte range locks. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-p|--processes</term> + <listitem><para>print a list of <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> processes and exit. + Useful for scripting.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-S|--shares</term> + <listitem><para>causes smbstatus to only list shares.</para> + </listitem> + </varlistentry> + + &stdarg.help; + + <varlistentry> + <term>-u|--user=<username></term> + <listitem><para>selects information relevant to <parameter>username</parameter> only.</para> + </listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbtar.1.xml b/docs/manpages-3/smbtar.1.xml new file mode 100644 index 0000000000..e0fe2130f4 --- /dev/null +++ b/docs/manpages-3/smbtar.1.xml @@ -0,0 +1,234 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbtar.1"> + +<refmeta> + <refentrytitle>smbtar</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbtar</refname> + <refpurpose>shell script for backing up SMB/CIFS shares + directly to UNIX tape drives</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbtar</command> + <arg choice="opt">-r</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-a</arg> + <arg choice="opt">-v</arg> + <arg choice="req">-s server</arg> + <arg choice="opt">-p password</arg> + <arg choice="opt">-x services</arg> + <arg choice="opt">-X</arg> + <arg choice="opt">-N filename</arg> + <arg choice="opt">-b blocksize</arg> + <arg choice="opt">-d directory</arg> + <arg choice="opt">-l loglevel</arg> + <arg choice="opt">-u user</arg> + <arg choice="opt">-t tape</arg> + <arg choice="req">filenames</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>smbtar</command> is a very small shell script on top + of <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> + </citerefentry> which dumps SMB shares directly to tape.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-s server</term> + <listitem><para>The SMB/CIFS server that the share resides + upon.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-x service</term> + <listitem><para>The share name on the server to connect to. + The default is "backup".</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-X</term> + <listitem><para>Exclude mode. Exclude filenames... from tar + create or restore. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-d directory</term> + <listitem><para>Change to initial <parameter>directory + </parameter> before restoring / backing up files. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-v</term> + <listitem><para>Verbose mode.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-p password</term> + <listitem><para>The password to use to access a share. + Default: none </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-u user</term> + <listitem><para>The user id to connect as. Default: + UNIX login name. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-a</term> + <listitem><para>Reset DOS archive bit mode to + indicate file has been archived. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-t tape</term> + <listitem><para>Tape device. May be regular file or tape + device. Default: <parameter>$TAPE</parameter> environmental + variable; if not set, a file called <filename>tar.out + </filename>. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-b blocksize</term> + <listitem><para>Blocking factor. Defaults to 20. See + <command>tar(1)</command> for a fuller explanation. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-N filename</term> + <listitem><para>Backup only files newer than filename. Could + be used (for example) on a log file to implement incremental + backups. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-i</term> + <listitem><para>Incremental mode; tar files are only backed + up if they have the archive bit set. The archive bit is reset + after each file is read. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-r</term> + <listitem><para>Restore. Files are restored to the share + from the tar file. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-l log level</term> + <listitem><para>Log (debug) level. Corresponds to the + <parameter>-d</parameter> flag of <citerefentry> + <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <para>The <parameter>$TAPE</parameter> variable specifies the + default tape device to write to. May be overridden + with the -t option. </para> +</refsect1> + + +<refsect1> + <title>BUGS</title> + + <para>The <command>smbtar</command> script has different + options from ordinary tar and from smbclient's tar command. </para> + +</refsect1> + +<refsect1> + <title>CAVEATS</title> + + <para>Sites that are more careful about security may not like + the way the script handles PC passwords. Backup and restore work + on entire shares; should work on file lists. smbtar works best + with GNU tar and may not work well with other versions. </para> +</refsect1> + + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>See the <emphasis>DIAGNOSTICS</emphasis> section for the <citerefentry> + <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> + </citerefentry> command.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + +<para><ulink noescape="1" url="mailto:poultenr@logica.co.uk">Ricky Poulten</ulink> + wrote the tar extension and this man page. The <command>smbtar</command> + script was heavily rewritten and improved by <ulink noescape="1" + url="mailto:Martin.Kraemer@mch.sni.de">Martin Kraemer</ulink>. Many + thanks to everyone who suggested extensions, improvements, bug + fixes, etc. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbtree.1.xml b/docs/manpages-3/smbtree.1.xml new file mode 100644 index 0000000000..e493ef25d5 --- /dev/null +++ b/docs/manpages-3/smbtree.1.xml @@ -0,0 +1,92 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbtree.1"> + +<refmeta> + <refentrytitle>smbtree</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbtree</refname> + <refpurpose>A text based smb network browser + </refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbtree</command> + <arg choice="opt">-b</arg> + <arg choice="opt">-D</arg> + <arg choice="opt">-S</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>smbtree</command> is a smb browser program + in text mode. It is similar to the "Network Neighborhood" found + on Windows computers. It prints a tree with all + the known domains, the servers in those domains and + the shares on the servers. + </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-b</term> + <listitem><para>Query network nodes by sending requests + as broadcasts instead of querying the local master browser. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-D</term> + <listitem><para>Only print a list of all + the domains known on broadcast or by the + master browser</para></listitem> + </varlistentry> + + <varlistentry> + <term>-S</term> + <listitem><para>Only print a list of + all the domains and servers responding on broadcast or + known by the master browser. + </para></listitem> + </varlistentry> + + &popt.common.samba; + &popt.common.credentials; + &stdarg.help; + + </variablelist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The smbtree man page was written by Jelmer Vernooij. </para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/smbumount.8.xml b/docs/manpages-3/smbumount.8.xml new file mode 100644 index 0000000000..55e4f3995b --- /dev/null +++ b/docs/manpages-3/smbumount.8.xml @@ -0,0 +1,75 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="smbumount.8"> + +<refmeta> + <refentrytitle>smbumount</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbumount</refname> + <refpurpose>smbfs umount for normal users</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbumount</command> + <arg choice="req">mount-point</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>With this program, normal users can unmount smb-filesystems, + provided that it is suid root. <command>smbumount</command> has + been written to give normal Linux users more control over their + resources. It is safe to install this program suid root, because only + the user who has mounted a filesystem is allowed to unmount it again. + For root it is not necessary to use smbumount. The normal umount + program works perfectly well, but it would certainly be problematic + to make umount setuid root.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>mount-point</term> + <listitem><para>The directory to unmount.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>SEE ALSO</title> + + <para><citerefentry><refentrytitle>smbmount</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></para> +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.</para> + + <para>The current maintainer of smbfs and the userspace + tools <command>smbmount</command>, <command>smbumount</command>, + and <command>smbmnt</command> is <ulink + url="mailto:urban@teststation.com">Urban Widmark</ulink>. + The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + + <para>The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/swat.8.xml b/docs/manpages-3/swat.8.xml new file mode 100644 index 0000000000..897be4a21c --- /dev/null +++ b/docs/manpages-3/swat.8.xml @@ -0,0 +1,233 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="swat.8"> + +<refmeta> + <refentrytitle>swat</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>swat</refname> + <refpurpose>Samba Web Administration Tool</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>swat</command> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-a</arg> + <arg choice="opt">-P</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + + <para><command>swat</command> allows a Samba administrator to + configure the complex <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file via a Web browser. In addition, + a <command>swat</command> configuration page has help links + to all the configurable options in the <filename>smb.conf</filename> file allowing an + administrator to easily look up the effects of any change. </para> + + <para><command>swat</command> is run from <command>inetd</command> </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-s smb configuration file</term> + <listitem><para>The default configuration file path is + determined at compile time. The file specified contains + the configuration details required by the <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> server. This is the file + that <command>swat</command> will modify. + The information in this file includes server-specific + information such as what printcap file to use, as well as + descriptions of all the services that the server is to provide. + See <filename>smb.conf</filename> for more information. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-a</term> + <listitem><para>This option disables authentication and puts + <command>swat</command> in demo mode. In that mode anyone will be able to modify + the <filename>smb.conf</filename> file. </para> + + <para><emphasis>WARNING: Do NOT enable this option on a production + server. </emphasis></para></listitem> + </varlistentry> + + <varlistentry> + <term>-P</term> + <listitem><para>This option restricts read-only users to the password + management page. <command>swat</command> can then be used to change + user passwords without users seeing the "View" and "Status" menu + buttons.</para></listitem> + </varlistentry> + + &popt.common.samba; + &stdarg.help; + + </variablelist> + +</refsect1> + +<refsect1> + + <title>INSTALLATION</title> + + <para>Swat is included as binary package with most distributions. The + package manager in this case takes care of the installation and + configuration. This section is only for those who have compiled + swat from scratch. + </para> + + <para>After you compile SWAT you need to run <command>make install + </command> to install the <command>swat</command> binary + and the various help files and images. A default install would put + these in: </para> + + <itemizedlist> + <listitem><para>/usr/local/samba/sbin/swat</para></listitem> + <listitem><para>/usr/local/samba/swat/images/*</para></listitem> + <listitem><para>/usr/local/samba/swat/help/*</para></listitem> + </itemizedlist> + + <refsect2> + <title>Inetd Installation</title> + + <para>You need to edit your <filename>/etc/inetd.conf + </filename> and <filename>/etc/services</filename> + to enable SWAT to be launched via <command>inetd</command>.</para> + + <para>In <filename>/etc/services</filename> you need to + add a line like this: </para> + + <para><command>swat 901/tcp</command></para> + + <para>Note for NIS/YP and LDAP users - you may need to rebuild the + NIS service maps rather than alter your local <filename> + /etc/services</filename> file. </para> + + <para>the choice of port number isn't really important + except that it should be less than 1024 and not currently + used (using a number above 1024 presents an obscure security + hole depending on the implementation details of your + <command>inetd</command> daemon). </para> + + <para>In <filename>/etc/inetd.conf</filename> you should + add a line like this: </para> + + <para><command>swat stream tcp nowait.400 root + /usr/local/samba/sbin/swat swat</command></para> + + <para>Once you have edited <filename>/etc/services</filename> + and <filename>/etc/inetd.conf</filename> you need to send a + HUP signal to inetd. To do this use <command>kill -1 PID + </command> where PID is the process ID of the inetd daemon. </para> + + </refsect2> + + + +</refsect1> + +<refsect1> + <title>LAUNCHING</title> + + <para>To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/".</para> + + <para>Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. </para> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/inetd.conf</filename></term> + <listitem><para>This file must contain suitable startup + information for the meta-daemon.</para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/services</filename></term> + <listitem><para>This file must contain a mapping of service name + (e.g., swat) to service port (e.g., 901) and protocol type + (e.g., tcp). </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/usr/local/samba/lib/smb.conf</filename></term> + <listitem><para>This is the default location of the <citerefentry> + <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> server configuration file that swat edits. Other + common places that systems install this file are <filename> + /usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf + </filename>. This file describes all the services the server + is to make available to clients. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>WARNINGS</title> + + <para><command>swat</command> will rewrite your <citerefentry> + <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> file. It will rearrange the entries and delete all + comments, <parameter>include=</parameter> and <parameter>copy= + </parameter> options. If you have a carefully crafted <filename> + smb.conf</filename> then back it up or don't use swat! </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><command>inetd(5)</command>, <citerefentry> + <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/tdbbackup.8.xml b/docs/manpages-3/tdbbackup.8.xml new file mode 100644 index 0000000000..1a1adf13df --- /dev/null +++ b/docs/manpages-3/tdbbackup.8.xml @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="tdbbackup.8"> + +<refmeta> + <refentrytitle>tdbbackup</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>tdbbackup</refname> + <refpurpose>tool for backing up and for validating the integrity of samba .tdb files</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>tdbbackup</command> + <arg choice="opt">-s suffix</arg> + <arg choice="opt">-v</arg> + <arg choice="opt">-h</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> suite.</para> + + <para><command>tdbbackup</command> is a tool that may be used to backup samba .tdb + files. This tool may also be used to verify the integrity of the .tdb files prior + to samba startup or during normal operation. If it finds file damage and it finds + a prior backup the backup file will be restored. + </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + + <varlistentry> + <term>-h</term> + <listitem><para> + Get help information. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-s suffix</term> + <listitem><para> + The <command>-s</command> option allows the adminisistrator to specify a file + backup extension. This way it is possible to keep a history of tdb backup + files by using a new suffix for each backup. + </para> </listitem> + </varlistentry> + + <varlistentry> + <term>-v</term> + <listitem><para> + The <command>-v</command> will check the database for damages (currupt data) + which if detected causes the backup to be restored. + </para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + + +<refsect1> + <title>COMMANDS</title> + + <para><emphasis>GENERAL INFORMATION</emphasis></para> + + <para> + The <command>tdbbackup</command> utility can safely be run at any time. It was designed so + that it can be used at any time to validate the integrity of tdb files, even during Samba + operation. Typical usage for the command will be: + </para> + + <para>tdbbackup [-s suffix] *.tdb</para> + + <para> + Before restarting samba the following command may be run to validate .tdb files: + </para> + + <para>tdbbackup -v [-s suffix] *.tdb</para> + + <para> + Samba .tdb files are stored in various locations, be sure to run backup all + .tdb file on the system. Imporatant files includes: + </para> + + <itemizedlist> + <listitem><para> + <command>secrets.tdb</command> - usual location is in the /usr/local/samba/private + directory, or on some systems in /etc/samba. + </para></listitem> + + <listitem><para> + <command>passdb.tdb</command> - usual location is in the /usr/local/samba/private + directory, or on some systems in /etc/samba. + </para></listitem> + + <listitem><para> + <command>*.tdb</command> located in the /usr/local/samba/var directory or on some + systems in the /var/cache or /var/lib/samba directories. + </para></listitem> + </itemizedlist> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para> + The original Samba software and related utilities were created by Andrew Tridgell. + Samba is now developed by the Samba Team as an Open Source project similar to the way + the Linux kernel is developed. + </para> + + <para>The tdbbackup man page was written by John H Terpstra.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/tdbdump.8.xml b/docs/manpages-3/tdbdump.8.xml new file mode 100644 index 0000000000..cf3b7b462b --- /dev/null +++ b/docs/manpages-3/tdbdump.8.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="tdbdump.8"> + +<refmeta> + <refentrytitle>tdbdump</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>tdbdump</refname> + <refpurpose>tool for printing the contents of a TDB file</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>tdbdump</command> + <arg choice="req">filename</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> suite.</para> + + <para><command>tdbdump</command> is a very simple utility that 'dumps' the + contents of a TDB (Trivial DataBase) file to standard output in a + human-readable format. + </para> + + <para>This tool can be used when debugging problems with TDB files. It is + intended for those who are somewhat familiar with Samba internals. + </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para> + The original Samba software and related utilities were created by Andrew Tridgell. + Samba is now developed by the Samba Team as an Open Source project similar to the way + the Linux kernel is developed. + </para> + + <para>The tdbdump man page was written by Jelmer Vernooij.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/testparm.1.xml b/docs/manpages-3/testparm.1.xml new file mode 100644 index 0000000000..5687dc12d8 --- /dev/null +++ b/docs/manpages-3/testparm.1.xml @@ -0,0 +1,188 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="testparm.1"> + +<refmeta> + <refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>testparm</refname> + <refpurpose>check an smb.conf configuration file for + internal correctness</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>testparm</command> + <arg choice="opt">-s</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-v</arg> + <arg choice="opt">-L <servername></arg> + <arg choice="opt">-t <encoding></arg> + <arg choice="req">config filename</arg> + <arg choice="opt">hostname hostIP</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>testparm</command> is a very simple test program + to check an <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> configuration file for + internal correctness. If this program reports no problems, you + can use the configuration file with confidence that <command>smbd + </command> will successfully load the configuration file.</para> + + + <para>Note that this is <emphasis>NOT</emphasis> a guarantee that + the services specified in the configuration file will be + available or will operate as expected. </para> + + <para>If the optional host name and host IP address are + specified on the command line, this test program will run through + the service entries reporting whether the specified host + has access to each service. </para> + + <para>If <command>testparm</command> finds an error in the <filename> + smb.conf</filename> file it returns an exit code of 1 to the calling + program, else it returns an exit code of 0. This allows shell scripts + to test the output from <command>testparm</command>.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-s</term> + <listitem><para>Without this option, <command>testparm</command> + will prompt for a carriage return after printing the service + names and before dumping the service definitions.</para></listitem> + </varlistentry> + + &stdarg.help; + &stdarg.version; + + <varlistentry> + <term>-L servername</term> + <listitem><para>Sets the value of the %L macro to <replaceable>servername</replaceable>. + This is useful for testing include files specified with the + %L macro. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-v</term> + <listitem><para>If this option is specified, testparm + will also output all options that were not used in <citerefentry> + <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> and are thus set to their defaults.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-t encoding</term> + <listitem><para> + Output data in specified encoding. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>configfilename</term> + <listitem><para>This is the name of the configuration file + to check. If this parameter is not present then the + default <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> file will be checked. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>hostname</term> + <listitem><para>If this parameter and the following are + specified, then <command>testparm</command> will examine the <parameter>hosts + allow</parameter> and <parameter>hosts deny</parameter> + parameters in the <citerefentry> + <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> file to + determine if the hostname with this IP address would be + allowed access to the <command>smbd</command> server. If + this parameter is supplied, the hostIP parameter must also + be supplied.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>hostIP</term> + <listitem><para>This is the IP address of the host specified + in the previous parameter. This address must be supplied + if the hostname parameter is supplied. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry></term> + <listitem><para>This is usually the name of the configuration + file used by <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>The program will issue a message saying whether the + configuration file loaded OK or not. This message may be preceded by + errors and warnings if the file did not load. If the file was + loaded OK, the program then dumps all known service details + to stdout. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry> + <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, <citerefentry> + <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/testprns.1.xml b/docs/manpages-3/testprns.1.xml new file mode 100644 index 0000000000..88734c9637 --- /dev/null +++ b/docs/manpages-3/testprns.1.xml @@ -0,0 +1,145 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="testprns.1"> + +<refmeta> + <refentrytitle>testprns</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>testprns</refname> + <refpurpose>check printer name for validity with smbd</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>testprns</command> + <arg choice="req">printername</arg> + <arg choice="opt">printcapname</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>testprns</command> is a very simple test program + to determine whether a given printer name is valid for use in + a service to be provided by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>.</para> + + <para>"Valid" in this context means "can be found in the + printcap specified". This program is very stupid - so stupid in + fact that it would be wisest to always specify the printcap file + to use. </para> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>printername</term> + <listitem><para>The printer name to validate.</para> + + <para>Printer names are taken from the first field in each + record in the printcap file, single printer names and sets + of aliases separated by vertical bars ("|") are recognized. + Note that no validation or checking of the printcap syntax is + done beyond that required to extract the printer name. It may + be that the print spooling system is more forgiving or less + forgiving than <command>testprns</command>. However, if + <command>testprns</command> finds the printer then <citerefentry> + <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> should do so as well. </para></listitem> + </varlistentry> + + <varlistentry> + <term>printcapname</term> + <listitem><para>This is the name of the printcap file within + which to search for the given printer name. </para> + + <para>If no printcap name is specified <command>testprns + </command> will attempt to scan the printcap file name + specified at compile time. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/printcap</filename></term> + <listitem><para>This is usually the default printcap + file to scan. See <filename>printcap (5)</filename>. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>If a printer is found to be valid, the message + "Printer name <printername> is valid" will be + displayed. </para> + + <para>If a printer is found to be invalid, the message + "Printer name <printername> is not valid" will be + displayed. </para> + + <para>All messages that would normally be logged during + operation of the Samba daemons are logged by this program to the + file <filename>test.log</filename> in the current directory. The + program runs at debuglevel 3, so quite extensive logging + information is written. The log should be checked carefully + for errors and warnings. </para> + + <para>Other messages are self-explanatory. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><filename>printcap(5)</filename>, + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> + diff --git a/docs/manpages-3/umount.cifs.8.xml b/docs/manpages-3/umount.cifs.8.xml new file mode 100644 index 0000000000..e91f9f6892 --- /dev/null +++ b/docs/manpages-3/umount.cifs.8.xml @@ -0,0 +1,134 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="umount.cifs.8"> + +<refmeta> + <refentrytitle>umount.cifs</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>umount.cifs</refname> + <refpurpose>for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + + <command>umount.cifs</command> + <arg choice="req">mount-point</arg> + <arg choice="opt">-nVvhfle</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>umount.cifs unmounts a Linux CIFS filesystem. It can be invoked +indirectly by the +<citerefentry><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command +when umount.cifs is in /sbin directory, unless you specify the "-i" option to umount. Specifying -i to umount avoids execution of umount helpers such as umount.cifs. The umount.cifs command only works in Linux, and the kernel must +support the cifs filesystem. The CIFS protocol is the successor to the +SMB protocol and is supported by most Windows servers and many other +commercial servers and Network Attached Storage appliances as well as +by the popular Open Source server Samba. + </para> + + <para> + The umount.cifs utility detaches the local directory <emphasis>mount-point</emphasis> from the corresponding UNC name (exported network resource) and frees the associated kernel resources. +It is possible to set the mode for umount.cifs to +setuid root (or equivalently update the /etc/permissions file) to allow non-root users to umount shares to directories for which they have write permission. The umount.cifs utility is typically +not needed if unmounts need only be performed by root users, or if user mounts and unmounts +can rely on specifying explicit entries in /etc/fstab See</para> + <para><citerefentry><refentrytitle>fstab</refentrytitle> + <manvolnum>5</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term>--verbose</term> + <listitem><para>print additional debugging information</para></listitem> + </varlistentry> + <varlistentry> + <term>--no-mtab</term> + <listitem><para>Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information)</para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>NOTES</title> + + <para>This command is normally intended to be installed setuid (since root users can already run unmount). An alternative to using umount.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab</para> +</refsect1> + +<refsect1> + <title>CONFIGURATION</title> + <para> +The primary mechanism for making configuration changes and for reading +debug information for the cifs vfs is via the Linux /proc filesystem. +In the directory <filename>/proc/fs/cifs</filename> are various +configuration files and pseudo files which can display debug information. +For more information see the kernel file <filename>fs/cifs/README</filename>. +</para> +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para>At this time umount.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time). + </para> + + <para>If the same mount point is mounted multiple times by cifs, umount.cifs will remove all of the matching entries from the mount table (although umount.cifs will actually only unmount the last one), rather than only removing the last matching entry in /etc/mtab. The pseudofile /proc/mounts will display correct information though, and the lack of an entry in /etc/mtab does not prevent subsequent unmounts.</para> + + <para> +Note that the typical response to a bug report is a suggestion +to try the latest version first. So please try doing that first, +and always include which versions you use of relevant software +when reporting bugs (minimum: umount.cifs (try umount.cifs -V), kernel (see /proc/version) and +server type you are trying to contact. +</para> +</refsect1> + + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 1.34 of + the cifs vfs filesystem (roughly Linux kernel 2.6.12).</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para> + Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel + source tree may contain additional options and information. +</para> + <para><citerefentry><refentrytitle>mount.cifs</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></para> + +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>Steve French</para> + + <para>The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount.cifs.8. The man page was created by Steve French</para> + <para>The maintainer of the Linux cifs vfs and the userspace + tool <emphasis>umount.cifs</emphasis> is <ulink url="mailto:sfrench@samba.org">Steve French</ulink>. + The <ulink url="mailto:linux-cifs-client@lists.samba.org">Linux CIFS Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + +</refsect1> + +</refentry> diff --git a/docs/manpages-3/vfstest.1.xml b/docs/manpages-3/vfstest.1.xml new file mode 100644 index 0000000000..30ff7b2b65 --- /dev/null +++ b/docs/manpages-3/vfstest.1.xml @@ -0,0 +1,149 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfstest.1"> + +<refmeta> + <refentrytitle>vfstest</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>vfstest</refname> + <refpurpose>tool for testing samba VFS modules </refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfstest</command> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-c command</arg> + <arg choice="opt">-l logdir</arg> + <arg choice="opt">-h</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>vfstest</command> is a small command line + utility that has the ability to test dso samba VFS modules. It gives the + user the ability to call the various VFS functions manually and + supports cascaded VFS modules. + </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + + <varlistentry> + <term>-c|--command=command</term> + <listitem><para>Execute the specified (colon-separated) commands. + See below for the commands that are available. + </para> </listitem> + </varlistentry> + + &stdarg.help; + + <varlistentry> + <term>-l|--logfile=logbasename</term> + <listitem><para>File name for log/debug files. The extension + <constant>'.client'</constant> will be appended. The log file is never removed + by the client. + </para></listitem> + </varlistentry> + + &popt.common.samba; + + </variablelist> +</refsect1> + + +<refsect1> + <title>COMMANDS</title> + + <para><emphasis>VFS COMMANDS</emphasis></para> + <itemizedlist> + <listitem><para><command>load <module.so></command> - Load specified VFS module </para></listitem> + + <listitem><para><command>populate <char> <size></command> - Populate a data buffer with the specified data + </para></listitem> + + <listitem><para><command>showdata [<offset> <len>]</command> - Show data currently in data buffer + </para></listitem> + + <listitem><para><command>connect</command> - VFS connect()</para></listitem> + <listitem><para><command>disconnect</command> - VFS disconnect()</para></listitem> + <listitem><para><command>disk_free</command> - VFS disk_free()</para></listitem> + <listitem><para><command>opendir</command> - VFS opendir()</para></listitem> + <listitem><para><command>readdir</command> - VFS readdir()</para></listitem> + <listitem><para><command>mkdir</command> - VFS mkdir()</para></listitem> + <listitem><para><command>rmdir</command> - VFS rmdir()</para></listitem> + <listitem><para><command>closedir</command> - VFS closedir()</para></listitem> + <listitem><para><command>open</command> - VFS open()</para></listitem> + <listitem><para><command>close</command> - VFS close()</para></listitem> + <listitem><para><command>read</command> - VFS read()</para></listitem> + <listitem><para><command>write</command> - VFS write()</para></listitem> + <listitem><para><command>lseek</command> - VFS lseek()</para></listitem> + <listitem><para><command>rename</command> - VFS rename()</para></listitem> + <listitem><para><command>fsync</command> - VFS fsync()</para></listitem> + <listitem><para><command>stat</command> - VFS stat()</para></listitem> + <listitem><para><command>fstat</command> - VFS fstat()</para></listitem> + <listitem><para><command>lstat</command> - VFS lstat()</para></listitem> + <listitem><para><command>unlink</command> - VFS unlink()</para></listitem> + <listitem><para><command>chmod</command> - VFS chmod()</para></listitem> + <listitem><para><command>fchmod</command> - VFS fchmod()</para></listitem> + <listitem><para><command>chown</command> - VFS chown()</para></listitem> + <listitem><para><command>fchown</command> - VFS fchown()</para></listitem> + <listitem><para><command>chdir</command> - VFS chdir()</para></listitem> + <listitem><para><command>getwd</command> - VFS getwd()</para></listitem> + <listitem><para><command>utime</command> - VFS utime()</para></listitem> + <listitem><para><command>ftruncate</command> - VFS ftruncate()</para></listitem> + <listitem><para><command>lock</command> - VFS lock()</para></listitem> + <listitem><para><command>symlink</command> - VFS symlink()</para></listitem> + <listitem><para><command>readlink</command> - VFS readlink()</para></listitem> + <listitem><para><command>link</command> - VFS link()</para></listitem> + <listitem><para><command>mknod</command> - VFS mknod()</para></listitem> + <listitem><para><command>realpath</command> - VFS realpath()</para></listitem> + </itemizedlist> + + <para><emphasis>GENERAL COMMANDS</emphasis></para> + <itemizedlist> + <listitem><para><command>conf <smb.conf></command> - Load a different configuration file</para></listitem> + + <listitem><para><command>help [<command>]</command> - Get list of commands or info about specified command</para></listitem> + + <listitem><para><command>debuglevel <level></command> - Set debug level</para></listitem> + + <listitem><para><command>freemem</command> - Free memory currently in use</para></listitem> + + <listitem><para><command>exit</command> - Exit vfstest</para></listitem> + </itemizedlist> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The vfstest man page was written by Jelmer Vernooij.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/wbinfo.1.xml b/docs/manpages-3/wbinfo.1.xml new file mode 100644 index 0000000000..9dd55a7ec2 --- /dev/null +++ b/docs/manpages-3/wbinfo.1.xml @@ -0,0 +1,326 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="wbinfo.1"> + +<refmeta> + <refentrytitle>wbinfo</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>wbinfo</refname> + <refpurpose>Query information from winbind daemon</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>wbinfo</command> + <arg choice="opt">-a user%password</arg> + <arg choice="opt">-c username</arg> + <arg choice="opt">-C groupname</arg> + <arg choice="opt">--domain domain</arg> + <arg choice="opt">-I ip</arg> + <arg choice="opt">-s sid</arg> + <arg choice="opt">-u</arg> + <arg choice="opt">-U uid</arg> + <arg choice="opt">-g</arg> + <arg choice="opt">--get-auth-user</arg> + <arg choice="opt">-G gid</arg> + <arg choice="opt">-m</arg> + <arg choice="opt">-n name</arg> + <arg choice="opt">-N netbios-name</arg> + <arg choice="opt">-o user:group</arg> + <arg choice="opt">-O user:group</arg> + <arg choice="opt">-p</arg> + <arg choice="opt">-r user</arg> + <arg choice="opt">--set-auth-user user%password</arg> + <arg choice="opt">--sequence</arg> + <arg choice="opt">-S sid</arg> + <arg choice="opt">-t</arg> + <arg choice="opt">-x username</arg> + <arg choice="opt">-X groupname</arg> + <arg choice="opt">-Y sid</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>wbinfo</command> program queries and returns information + created and used by the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon. </para> + + <para>The <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon must be configured + and running for the <command>wbinfo</command> program to be able + to return information.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-a username%password</term> + <listitem><para>Attempt to authenticate a user via winbindd. + This checks both authenticaion methods and reports its results. + </para><note><para>Do not be tempted to use this + functionality for authentication in third-party + applications. Instead use <citerefentry><refentrytitle>ntlm_auth</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>.</para></note></listitem> + </varlistentry> + + <varlistentry> + <term>-c user</term> + <listitem><para>Create a local winbind user. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-C group</term> + <listitem><para>Create a local winbindd group. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--domain name</term> + <listitem><para>This parameter sets the domain on which any specified + operations will performed. If special domain name '.' is used to represent + the current domain to which winbindd belongs. Currently only the + <option>--sequence</option>, + <option>-u</option>, and <option>-g</option> options honor this parameter. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-g</term> + <listitem><para>This option will list all groups available + in the Windows NT domain for which the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains + will also be listed. Note that this operation does not assign + group ids to any groups that have not already been + seen by <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>. </para></listitem> + </varlistentry> + + <varlistentry> + <term>--get-auth-user</term> + <listitem><para>Print username and password used by winbindd + during session setup to a domain controller. Username + and password can be set using '-A'. Only available for + root.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-G gid</term> + <listitem><para>Try to convert a UNIX group id to a Windows + NT SID. If the gid specified does not refer to one within + the idmap gid range then the operation will fail. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-I ip</term> + <listitem><para>The <parameter>-I</parameter> option + queries <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to send a node status + request to get the NetBIOS name associated with the IP address + specified by the <parameter>ip</parameter> parameter. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-m</term> + <listitem><para>Produce a list of domains trusted by the + Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> contacts + when resolving names. This list does not include the Windows + NT domain the server is a Primary Domain Controller for. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-n name</term> + <listitem><para>The <parameter>-n</parameter> option + queries <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> for the SID + associated with the name specified. Domain names can be specified + before the user name by using the winbind separator character. + For example CWDOM1/Administrator refers to the Administrator + user in the domain CWDOM1. If no domain is specified then the + domain used is the one specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> <parameter>workgroup + </parameter> parameter. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-N name</term> + <listitem><para>The <parameter>-N</parameter> option + queries <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to query the WINS + server for the IP address associated with the NetBIOS name + specified by the <parameter>name</parameter> parameter. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-o user:group</term> + <listitem><para>Add a winbindd local group as a secondary group + for the specified winbindd local user. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-O user:group</term> + <listitem><para>Remove a winbindd local group as a secondary group + for the specified winbindd local user. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-p</term> + <listitem><para>Check whether winbindd is still alive. + Prints out either 'succeeded' or 'failed'. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-r username</term> + <listitem><para>Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-s sid</term> + <listitem><para>Use <parameter>-s</parameter> to resolve + a SID to a name. This is the inverse of the <parameter>-n + </parameter> option above. SIDs must be specified as ASCII strings + in the traditional Microsoft format. For example, + S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem> + </varlistentry> + + <varlistentry> + <term>--set-auth-user username%password</term> + <listitem><para>Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatiable with + Windows 2000 servers only). + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--sequence</term> + <listitem><para>Show sequence numbers of + all known domains</para></listitem> + </varlistentry> + + <varlistentry> + <term>-S sid</term> + <listitem><para>Convert a SID to a UNIX user id. If the SID + does not correspond to a UNIX user mapped by <citerefentry> + <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> then the operation will fail. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-t</term> + <listitem><para>Verify that the workstation trust account + created when the Samba server is added to the Windows NT + domain is working. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-u</term> + <listitem><para>This option will list all users available + in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains + will also be listed. Note that this operation does not assign + user ids to any users that have not already been seen by <citerefentry> + <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> + .</para></listitem> + </varlistentry> + + <varlistentry> + <term>-U uid</term> + <listitem><para>Try to convert a UNIX user id to a Windows NT + SID. If the uid specified does not refer to one within + the idmap uid range then the operation will fail. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-x user</term> + <listitem><para>Delete an existing local winbind user. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-X group</term> + <listitem><para>Delete an existing local winbindd group. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-Y sid</term> + <listitem><para>Convert a SID to a UNIX group id. If the SID + does not correspond to a UNIX group mapped by <citerefentry> + <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then + the operation will fail. </para></listitem> + </varlistentry> + + + &stdarg.version; + &stdarg.help; + + </variablelist> +</refsect1> + + +<refsect1> + <title>EXIT STATUS</title> + + <para>The wbinfo program returns 0 if the operation + succeeded, or 1 if the operation failed. If the <citerefentry> + <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> daemon is not working <command>wbinfo</command> will always return + failure. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>ntlm_auth</refentrytitle> + <manvolnum>1</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><command>wbinfo</command> and <command>winbindd</command> + were written by Tim Potter.</para> + + <para>The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba + 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> diff --git a/docs/manpages-3/winbindd.8.xml b/docs/manpages-3/winbindd.8.xml new file mode 100644 index 0000000000..1ad8a6ff1e --- /dev/null +++ b/docs/manpages-3/winbindd.8.xml @@ -0,0 +1,482 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="winbindd.8"> + +<refmeta> + <refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>winbindd</refname> + <refpurpose>Name Service Switch daemon for resolving names + from NT servers</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>winbindd</command> + <arg choice="opt">-F</arg> + <arg choice="opt">-S</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-Y</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-n</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>winbindd</command> is a daemon that provides + a number of services to the Name Service Switch capability found + in most modern C libraries, to arbitary applications via PAM + and <command>ntlm_auth</command> and to Samba itself.</para> + + <para>Even if winbind is not used for nsswitch, it still provides a + service to <command>smbd</command>, <command>ntlm_auth</command> + and the <command>pam_winbind.so</command> PAM module, by managing connections to + domain controllers. In this configuraiton the + <smbconfoption name="idmap uid"/> and + <smbconfoption name="idmap gid"/> + parameters are not required. (This is known as `netlogon proxy only mode'.)</para> + + <para> The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the <filename>/etc/nsswitch.conf</filename> file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the + Samba system.</para> + + <para>The service provided by <command>winbindd</command> is called `winbind' and + can be used to resolve user and group information from a + Windows NT server. The service can also provide authentication + services via an associated PAM module. </para> + + <para> + The <filename>pam_winbind</filename> module supports the + <parameter>auth</parameter>, <parameter>account</parameter> + and <parameter>password</parameter> + module-types. It should be noted that the + <parameter>account</parameter> module simply performs a getpwnam() to verify that + the system can obtain a uid for the user, as the domain + controller has already performed access control. If the + <filename>libnss_winbind</filename> library has been correctly + installed, or an alternate source of names configured, this should always succeed. + </para> + + <para>The following nsswitch databases are implemented by + the winbindd service: </para> + + <variablelist> + <varlistentry> + <term>hosts</term> + <listitem><para>This feature is only available on IRIX. + User information traditionally stored in + the <filename>hosts(5)</filename> file and used by + <command>gethostbyname(3)</command> functions. Names are + resolved through the WINS server or by broadcast. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>passwd</term> + <listitem><para>User information traditionally stored in + the <filename>passwd(5)</filename> file and used by + <command>getpwent(3)</command> functions. </para></listitem> + </varlistentry> + + <varlistentry> + <term>group</term> + <listitem><para>Group information traditionally stored in + the <filename>group(5)</filename> file and used by + <command>getgrent(3)</command> functions. </para></listitem> + </varlistentry> + </variablelist> + + <para>For example, the following simple configuration in the + <filename>/etc/nsswitch.conf</filename> file can be used to initially + resolve user and group information from <filename>/etc/passwd + </filename> and <filename>/etc/group</filename> and then from the + Windows NT server. +<programlisting> +passwd: files winbind +group: files winbind +## only available on IRIX; Linux users should us libnss_wins.so +hosts: files dns winbind +</programlisting></para> + + <para>The following simple configuration in the + <filename>/etc/nsswitch.conf</filename> file can be used to initially + resolve hostnames from <filename>/etc/hosts</filename> and then from the + WINS server.</para> +<programlisting> +hosts: files wins +</programlisting> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-F</term> + <listitem><para>If specified, this parameter causes + the main <command>winbindd</command> process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + <command>winbindd</command> under process supervisors such + as <command>supervise</command> and <command>svscan</command> + from Daniel J. Bernstein's <command>daemontools</command> + package, or the AIX process monitor. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-S</term> + <listitem><para>If specified, this parameter causes + <command>winbindd</command> to log to standard output rather + than a file.</para></listitem> + </varlistentry> + + &popt.common.samba; + &stdarg.help; + + <varlistentry> + <term>-i</term> + <listitem><para>Tells <command>winbindd</command> to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging + of <command>winbindd</command> is required. + <command>winbindd</command> also logs to standard output, + as if the <command>-S</command> parameter had been given. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-n</term> + <listitem><para>Disable caching. This means winbindd will + always have to wait for a response from the domain controller + before it can respond to a client and this thus makes things + slower. The results will however be more accurate, since + results from the cache might not be up-to-date. This + might also temporarily hang winbindd if the DC doesn't respond. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-Y</term> + <listitem><para>Single daemon mode. This means winbindd will run + as a single process (the mode of operation in Samba 2.2). Winbindd's + default behavior is to launch a child process that is responsible for + updating expired cache entries. + </para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + + +<refsect1> + <title>NAME AND ID RESOLUTION</title> + + <para>Users and groups on a Windows NT server are assigned + a security id (SID) which is globally unique when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between SIDs and unix user + and group ids is required. This is one of the jobs that <command> + winbindd</command> performs. </para> + + <para>As winbindd users and groups are resolved from a server, user + and group ids are allocated from a specified range. This + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored + in a database file under the Samba lock directory and will be + remembered. </para> + + <para>WARNING: The SID to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + file is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user + and group rids. </para> + + <para>See the <smbconfoption><name>idmap + backend</name></smbconfoption> parameter in + <filename>smb.conf</filename> for options for sharing this + database, such as via LDAP.</para> +</refsect1> + + +<refsect1> + <title>CONFIGURATION</title> + + <para>Configuration of the <command>winbindd</command> daemon + is done through configuration parameters in the <citerefentry> + <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> file. All parameters should be specified in the + [global] section of smb.conf. </para> + + <itemizedlist> + <listitem><para> + <smbconfoption name="winbind separator"/></para></listitem> + <listitem><para> + <smbconfoption name="idmap uid"/></para></listitem> + <listitem><para> + <smbconfoption name="idmap gid"/></para></listitem> + <listitem><para> + <smbconfoption name="idmap backend"/></para></listitem> + <listitem><para> + <smbconfoption name="winbind cache time"/></para></listitem> + <listitem><para> + <smbconfoption name="winbind enum users"/></para></listitem> + <listitem><para> + <smbconfoption name="winbind enum groups"/></para></listitem> + <listitem><para> + <smbconfoption name="template homedir"/></para></listitem> + <listitem><para> + <smbconfoption name="template shell"/></para></listitem> + <listitem><para> + <smbconfoption name="winbind use default domain"/></para></listitem> + </itemizedlist> +</refsect1> + + +<refsect1> + <title>EXAMPLE SETUP</title> + + <para>To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the + following setup. This was tested on a RedHat 6.2 Linux box. </para> + + <para>In <filename>/etc/nsswitch.conf</filename> put the + following: +<programlisting> +passwd: files winbind +group: files winbind +</programlisting></para> + + <para>In <filename>/etc/pam.d/*</filename> replace the <parameter> + auth</parameter> lines with something like this: +<programlisting> +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok +</programlisting></para> + + + <para>Note in particular the use of the <parameter>sufficient + </parameter> keyword and the <parameter>use_first_pass</parameter> keyword. </para> + + <para>Now replace the account lines with this: </para> + + <para><command>account required /lib/security/pam_winbind.so + </command></para> + + <para>The next step is to join the domain. To do that use the + <command>net</command> program like this: </para> + + <para><command>net join -S PDC -U Administrator</command></para> + + <para>The username after the <parameter>-U</parameter> can be any + Domain user that has administrator privileges on the machine. + Substitute the name or IP of your PDC for "PDC".</para> + + <para>Next copy <filename>libnss_winbind.so</filename> to + <filename>/lib</filename> and <filename>pam_winbind.so + </filename> to <filename>/lib/security</filename>. A symbolic link needs to be + made from <filename>/lib/libnss_winbind.so</filename> to + <filename>/lib/libnss_winbind.so.2</filename>. If you are using an + older version of glibc then the target of the link should be + <filename>/lib/libnss_winbind.so.1</filename>.</para> + + <para>Finally, setup a <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> containing directives like the + following: +<programlisting> +[global] + winbind separator = + + winbind cache time = 10 + template shell = /bin/bash + template homedir = /home/%D/%U + idmap uid = 10000-20000 + idmap gid = 10000-20000 + workgroup = DOMAIN + security = domain + password server = * +</programlisting></para> + + + <para>Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the + commands <command>getent passwd</command> and <command>getent group + </command> to confirm the correct operation of winbindd.</para> +</refsect1> + + +<refsect1> + <title>NOTES</title> + + <para>The following notes are useful when configuring and + running <command>winbindd</command>: </para> + + <para><citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must be running on the local machine + for <command>winbindd</command> to work. </para> + + <para>PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible + to set up PAM such that you can no longer log into your system. </para> + + <para>If more than one UNIX machine is running <command>winbindd</command>, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local + machine, unless a shared <smbconfoption><name>idmap + backend</name></smbconfoption> is configured.</para> + + <para>If the the Windows NT SID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost. </para> +</refsect1> + + +<refsect1> + <title>SIGNALS</title> + + <para>The following signals can be used to manipulate the + <command>winbindd</command> daemon. </para> + + <variablelist> + <varlistentry> + <term>SIGHUP</term> + <listitem><para>Reload the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file and + apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted + by winbindd is also reloaded. </para></listitem> + </varlistentry> + + <varlistentry> + <term>SIGUSR2</term> + <listitem><para>The SIGUSR2 signal will cause <command> + winbindd</command> to write status information to the winbind + log file.</para> + + <para>Log files are stored in the filename specified by the + log file parameter.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/nsswitch.conf(5)</filename></term> + <listitem><para>Name service switch configuration file.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>/tmp/.winbindd/pipe</term> + <listitem><para>The UNIX pipe over which clients communicate with + the <command>winbindd</command> program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon + if both the <filename>/tmp/.winbindd</filename> directory + and <filename>/tmp/.winbindd/pipe</filename> file are owned by + root. </para></listitem> + </varlistentry> + + <varlistentry> + <term>$LOCKDIR/winbindd_privileged/pipe</term> + <listitem><para>The UNIX pipe over which 'privileged' clients + communicate with the <command>winbindd</command> program. For security + reasons, access to some winbindd functions - like those needed by + the <command>ntlm_auth</command> utility - is restricted. By default, + only users in the 'root' group will get this access, however the administrator + may change the group permissions on $LOCKDIR/winbindd_privileged to allow + programs like 'squid' to use ntlm_auth. + Note that the winbind client will only attempt to connect to the winbindd daemon + if both the <filename>$LOCKDIR/winbindd_privileged</filename> directory + and <filename>$LOCKDIR/winbindd_privileged/pipe</filename> file are owned by + root. </para></listitem> + </varlistentry> + + <varlistentry> + <term>/lib/libnss_winbind.so.X</term> + <listitem><para>Implementation of name service switch library. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>$LOCKDIR/winbindd_idmap.tdb</term> + <listitem><para>Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially + compiled using the <parameter>--with-lockdir</parameter> option. + This directory is by default <filename>/usr/local/samba/var/locks + </filename>. </para></listitem> + </varlistentry> + + <varlistentry> + <term>$LOCKDIR/winbindd_cache.tdb</term> + <listitem><para>Storage for cached user and group information. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + + <para><filename>nsswitch.conf(5)</filename>, <citerefentry> + <refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>wbinfo</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>ntlm_auth</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry> + <refentrytitle>pam_winbind</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><command>wbinfo</command> and <command>winbindd</command> were + written by Tim Potter.</para> + + <para>The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy.</para> +</refsect1> + +</refentry> |