summaryrefslogtreecommitdiff
path: root/docs/yodldocs
diff options
context:
space:
mode:
Diffstat (limited to 'docs/yodldocs')
-rw-r--r--docs/yodldocs/LDAP.yo161
-rw-r--r--docs/yodldocs/debug2html.1.yo62
-rw-r--r--docs/yodldocs/rpcclient.1.yo861
3 files changed, 0 insertions, 1084 deletions
diff --git a/docs/yodldocs/LDAP.yo b/docs/yodldocs/LDAP.yo
deleted file mode 100644
index cf454904d3..0000000000
--- a/docs/yodldocs/LDAP.yo
+++ /dev/null
@@ -1,161 +0,0 @@
-mailto(samba-bugs@samba.org)
-article(LDAP Support in Samba)(Matthew Chapman)(29th November 1998
-htmltag(p)(1) htmltag(hr)(1) htmltag(h2)(1)
-WARNING: This is experimental code. Use at your own risk, and please report
-any bugs (after reading BUGS.txt).
-htmltag(h2)(0) htmltag(br)(1)
-)
-redef(PARAGRAPH)(0)(htmlcommand(<p>
-) txtcommand(
-
-))
-
-sect(What is LDAP?)
-A directory is a type of hierarchical database optimised for simple query
-operations, often used for storing user information. LDAP is the
-Lightweight Directory Access Protocol, a protocol which is rapidly
-becoming the Internet standard for accessing directories.
-
-Many client applications now support LDAP (including Microsoft's Active
-Directory), and there are a number of servers available. The most popular
-implementation for Unix is from the em(University of Michigan); its
-homepage is at url(tt(http://www.umich.edu/~dirsvcs/ldap/))(http://www.umich.edu/~dirsvcs/ldap/).
-
-Information in an LDAP tree always comes in tt(attribute=value) pairs.
-The following is an example of a Samba user entry:
-
-verb(uid=jbloggs, dc=samba, dc=org
-objectclass=sambaAccount
-uid=jbloggs
-cn=Joe Bloggs
-description=Samba User
-uidNumber=500
-gidNumber=500
-rid=2000
-grouprid=2001
-lmPassword=46E389809F8D55BB78A48108148AD508
-ntPassword=1944CCE1AD6F80D8AEC9FC5BE77696F4
-pwdLastSet=35C11F1B
-smbHome=\\samba1\jbloggs
-homeDrive=Z
-script=logon.bat
-profile=\\samba1\jbloggs\profile
-workstations=JOE)
-
-Note that the top line is a special set of attributes called a
-em(distinguished name) which identifies the location of this entry beneath
-the directory's root node. Recent Internet standards suggest the use of
-domain-based naming using tt(dc) attributes (for instance, a microsoft.com
-directory should have a root node of tt(dc=microsoft, dc=com)), although
-this is not strictly necessary for isolated servers.
-
-There are a number of LDAP-related FAQ's on the internet, although
-generally the best source of information is the documentation for the
-individual servers.
-
-
-nl()
-sect(Why LDAP and Samba?)
-
-Using an LDAP directory allows Samba to store user and group information
-more reliably and flexibly than the current combination of smbpasswd,
-smbgroup, groupdb and aliasdb with the Unix databases. If a need emerges
-for extra user information to be stored, this can easily be added without
-loss of backwards compatibility.
-
-In addition, the Samba LDAP schema is compatible with RFC2307, allowing
-Unix password database information to be stored in the same entries. This
-provides a single, consistent repository for both Unix and Windows user
-information.
-
-
-nl()
-sect(Using LDAP with Samba)
-
-starteit()
-
-eit() Install and configure an LDAP server if you do not already have
-one. You should read your LDAP server's documentation and set up the
-configuration file and access control as desired.
-
-eit() Build Samba (latest CVS is required) with:
-
-verb( ./configure --with-ldap
- make clean; make install)
-
-eit() Add the following options to the global section of tt(smb.conf) as
-required.
-
-startdit()
-dit(ldap suffix)
-
-This parameter specifies the node of the LDAP tree beneath which
-Samba should store its information. This parameter MUST be provided
-when using LDAP with Samba.
-
- bf(Default:) tt(none)
-
- bf(Example:) tt(ldap suffix = "dc=mydomain, dc=org")
-
-dit(ldap bind as)
-
-This parameter specifies the entity to bind to an LDAP directory as.
-Usually it should be safe to use the LDAP root account; for larger
-installations it may be preferable to restrict Samba's access.
-
- bf(Default:) tt(none (bind anonymously))
-
- bf(Example:) tt(ldap bind as = "uid=root, dc=mydomain, dc=org")
-
-dit(ldap passwd file)
-
-This parameter specifies a file containing the password with which
-Samba should bind to an LDAP server. For obvious security reasons
-this file must be set to mode 700 or less.
-
- bf(Default:) tt(none (bind anonymously))
-
- bf(Example:) tt(ldap passwd file = /usr/local/samba/private/ldappasswd)
-
-dit(ldap server)
-
-This parameter specifies the DNS name of the LDAP server to use
-when storing and retrieving information about Samba users and
-groups.
-
- bf(Default:) tt(ldap server = localhost)
-
-dit(ldap port)
-
-This parameter specifies the TCP port number of the LDAP server.
-
- bf(Default:) tt(ldap port = 389)
-
-enddit()
-
-eit() You should then be able to use the normal smbpasswd(8) command for
-account administration (or User Manager in the near future).
-
-endeit()
-
-
-nl()
-sect(Using LDAP for Unix authentication)
-
-The Samba LDAP code was designed to utilise RFC2307-compliant directory
-entries if available. RFC2307 is a proposed standard for LDAP user
-information which has been adopted by a number of vendors. Further
-information is available at url(tt(http://www.xedoc.com.au/~lukeh/ldap/))(http://www.xedoc.com.au/~lukeh/ldap).
-
-Of particular interest is Luke Howard's nameservice switch module
-(nss_ldap) and PAM module (pam_ldap) implementing this standard, providing
-LDAP-based password databases for Unix. If you are setting up a server to
-provide integrated Unix/NT services than these are worth investigating.
-
-
-nl()
-sect(Compatibility with Active Directory)
-
-The current implementation is not designed to be used with Microsoft
-Active Directory, although compatibility may be added in the future.
-
diff --git a/docs/yodldocs/debug2html.1.yo b/docs/yodldocs/debug2html.1.yo
deleted file mode 100644
index ffbd3c5b0e..0000000000
--- a/docs/yodldocs/debug2html.1.yo
+++ /dev/null
@@ -1,62 +0,0 @@
-mailto(samba-bugs@samba.org)
-
-IFDEF(html)\
-(manpage(htmlcommand(debug2html(1)))(1)(29 Dec 1998)(Samba)(SAMBA))\
-(manpage(debug2html)(1)(29 Dec 1998)(Samba)(SAMBA))
-
-label(NAME)
-manpagename(debug2html)(Samba DEBUG to HTML translation filter)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-debug2html [input-file [output-file]]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(debug2html) generates HTML files from Samba log files. Log files
-produced by bf(nmbd)(8) or bf(smbd)(8) may then be viewed by a web
-browser. The output conforms to the HTML 3.2 specification.
-
-The filenames specified on the command line are optional. If the
-output-file is ommitted, output will go to bf(stdout). If the input-file
-is ommitted, bf(debug2html) will read from bf(stdin). The filename "-"
-can be used to indicate that input should be read from bf(stdin). For
-example:
-
-tt(cat /usr/local/samba/var/log.nmb | debug2html - nmblog.html) nl()
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(nmbd)(8))(nmbd.8.html), url(bf(smbd)(8))(smbd.8.html),
-url(bf(samba)(7))(samba.7.html).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba-bugs@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba-bugs@samba.org).
-
-bf(debug2html) was added by Chris Hertel.
-
-See url(bf(samba)(7))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
diff --git a/docs/yodldocs/rpcclient.1.yo b/docs/yodldocs/rpcclient.1.yo
deleted file mode 100644
index 88b2104742..0000000000
--- a/docs/yodldocs/rpcclient.1.yo
+++ /dev/null
@@ -1,861 +0,0 @@
-mailto(samba-bugs@samba.org)
-
-manpage(rpcclient htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(rpcclient)(utility to manage MSRPC resources on servers)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(rpcclient)
-[link(password)(password)]
-link(-S servername)(servername)
-[link(-U [username][%][password])(minusU)]
-[link(-W domain)(minusW)]
-[link(-l log basename)(minusl)]
-[link(-d debuglevel)(minusd)]
-[link(-O socket options)(minusO)]
-[link(-i scope)(minusi)]
-[link(-N)(minusN)]
-[link(-n NetBIOS name)(minusn)]
-[link(-h)(minush)]
-[link(-I dest IP)(minusI)]
-[link(-E)(minusE)]
-[link(-t terminal code)(minust)]
-[link(-c command string)(minusc)]
-[link(-B IP addr)(minusB)]
-[link(-s smb.conf)(minuss)]
-[link(-m max protocol)(minusm)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(rpcclient) is a client that can 'talk' to an SMB/CIFS MSRPC server.
-Operations include things like managing a SAM Database (users, groups
-and aliases) in the same way as the Windows NT programs
-bf(User Manager for Domains) and bf(Server Manager for Domains);
-managing a remote registry in the same way as the Windows NT programs
-bf(REGEDT32.EXE) and bf(REGEDIT.EXE); viewing a remote event log (same
-as bf(EVENTVWR.EXE)) etc.
-
-Typical usage is like this: nl()
-tt(rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log)
-nl()
-
-bf(rpcclient) is em(not) suitable for usage on single-user systems
-such as Windows 9X, as Windows 9X does not support MSRPC services.
-Therefore, if you have problems using bf(rpcclient) with Windows 9X,
-we don't want to hear about it.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(servername)
-dit(bf(servername)) servername is the name of the server you want
-to use on the server. This should be the NetBIOS name of the SMB/CIFS
-server, which can be bf(*SMBSERVER) on Windows NT 4.0 or Samba Servers.
-
-Note that the server name required is NOT necessarily the IP (DNS)
-host name of the server! The name required is a NetBIOS server name,
-which may or may not be the same as the IP hostname of the machine
-running the server. Also, remember that having a period in a NetBIOS
-name (such as an IP hostname) may cause connectivity problems on your
-network: NT tends to strip NetBIOS names from the leading period
-onwards.
-
-The server name is looked up according to either the
-link(bf(-R))(minusR) parameter to bf(rpcclient) or using the
-url(bf(name resolve order))(smb.conf.5.html#nameresolveorder)
-parameter in the smb.conf file, allowing an administrator to change
-the order and methods by which server names are looked up.
-
-label(password)
-dit(bf(password)) password is the password required to access the
-specified service on the specified server. If this parameter is
-supplied, the link(bf(-N))(minusN) option (suppress password prompt) is assumed.
-
-There is no default password. If no password is supplied on the
-command line (either by using this parameter or adding a password to
-the link(bf(-U))(minusU) option (see below)) and the link(bf(-N))(minusN) option is not specified,
-the client will prompt for a password, even if the desired service
-does not require one. (If no password is required, simply press ENTER
-to provide a null password.)
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts.
-
-label(minuss)
-dit(bf(-s smb.conf)) This parameter specifies the pathname to the
-Samba configuration file, smb.conf. This file controls all aspects of
-the Samba setup on the machine and rpcclient also needs to read this
-file.
-
-label(minusB)
-dit(bf(-B IP addr)) The IP address to use when sending a broadcast packet.
-
-label(minusO)
-dit(bf(-O socket options)) TCP socket options to set on the client
-socket. See the url(socket options)(smb.conf.5.html#socketoptions)
-parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) manpage for
-the list of valid options.
-
-label(minusR)
-dit(bf(-R name resolve order)) This option allows the user of
-rpcclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to.
-
-The options are :"lmhosts", "host", "wins" and "bcast". They cause
-names to be resolved as follows :
-
-startit()
-
-it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
-The lmhosts file is stored in the same directory as the
-url(bf(smb.conf))(smb.conf.5.html) file.
-
-it() bf(host) : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system depended for instance on IRIX or
-Solaris this may be controlled by the em(/etc/nsswitch.conf) file).
-
-it() bf(wins) : Query a name with the IP address listed in the url(bf(wins
-server))(smb.conf.5.html#winsserver) parameter in the smb.conf file. If
-no WINS server has been specified this method will be ignored.
-
-it() bf(bcast) : Do a broadcast on each of the known local interfaces
-listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter
-in the smb.conf file. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet. To specify a particular broadcast address the link(bf(-B))(minusB) option
-may be used.
-
-endit()
-
-If this parameter is not set then the name resolve order defined
-in the url(bf(smb.conf))(smb.conf.5.html) file parameter
-url((bf(name resolve order)))(smb.conf.5.html#nameresolveorder)
-will be used.
-
-The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the url(bf("name resolve
-order"))(smb.conf.5.html#nameresolveorder) parameter of the
-url(bf(smb.conf))(smb.conf.5.html) file the name resolution methods
-will be attempted in this order.
-
-label(minusi)
-dit(bf(-i scope)) This specifies a NetBIOS scope that rpcclient will use
-to communicate with when generating NetBIOS names. For details on the
-use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
-are em(very) rarely used, only set this parameter if you are the
-system administrator in charge of all the NetBIOS systems you
-communicate with.
-
-label(minusN)
-dit(bf(-N)) If specified, this parameter suppresses the normal
-password prompt from the client to the user. This is useful when
-accessing a service that does not require a password.
-
-Unless a password is specified on the command line or this parameter
-is specified, the client will request a password.
-
-label(minusn)
-dit(bf(-n NetBIOS name)) By default, the client will use the local
-machine's hostname (in uppercase) as its NetBIOS name. This parameter
-allows you to override the host name and use whatever NetBIOS name you
-wish.
-
-label(minusd)
-dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10, or the
-letter 'A'.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files
-about the activities of the client. At level 0, only critical errors
-and serious warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic. If debuglevel is set to the
-letter 'A', then em(all) debug messages will be printed. This setting
-is for developers only (and people who em(really) want to know how the
-code works internally).
-
-Note that specifying this parameter here will override the url(bf(log
-level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
-(5)))(smb.conf.5.html) file.
-
-label(minusp)
-dit(bf(-p port)) This number is the TCP port number that will be used
-when making connections to the server. The standard (well-known) TCP
-port number for an SMB/CIFS server is 139, which is the default.
-
-label(minusl)
-dit(bf(-l logfilename)) If specified, logfilename specifies a base
-filename into which operational data from the running client will be
-logged.
-
-The default base name is specified at compile time.
-
-The base name is used to generate actual log file names. For example,
-if the name specified was "log", the debug file would be
-tt(log.client).
-
-The log file generated is never removed by the client.
-
-label(minush)
-dit(bf(-h)) Print the usage message for the client.
-
-label(minusI)
-dit(bf(-I IP address)) IP address is the address of the server to
-connect to. It should be specified in standard "a.b.c.d" notation.
-
-Normally the client would attempt to locate a named SMB/CIFS server by
-looking it up via the NetBIOS name resolution mechanism described
-above in the link(bf(name resolve order))(minusR) parameter
-above. Using this parameter will force the client to assume that the
-server is on the machine with the specified IP address and the NetBIOS
-name component of the resource being connected to will be ignored.
-
-There is no default for this parameter. If not supplied, it will be
-determined automatically by the client as described above.
-
-label(minusE)
-dit(bf(-E)) This parameter causes the client to write messages to the
-standard error stream (stderr) rather than to the standard output
-stream.
-
-By default, the client writes messages to standard output - typically
-the user's tty.
-
-Note that by default, debug information is always sent to stderr.
-Debug information can instead be sent to a file, using the
-link(-l log basename)(minusl) option.
-
-label(minusU)
-dit(bf(-U username)) This specifies the user name that will be used by
-the client to make a connection, assuming your server is not a downlevel
-server that is running a protocol level that uses passwords on shares,
-not on usernames.
-
-Some servers are fussy about the case of this name, and some insist
-that it must be a valid NetBIOS name.
-
-If no username is supplied, it will default to an uppercase version of
-the environment variable tt(USER) or tt(LOGNAME) in that order. If no
-username is supplied and neither environment variable exists the
-username "GUEST" will be used.
-
-If the tt(USER) environment variable contains a '%' character,
-everything after that will be treated as a password. This allows you
-to set the environment variable to be tt(USER=username%password) so
-that a password is not passed on the command line (where it may be
-seen by the ps command).
-
-If the service you are connecting to requires a password, it can be
-supplied using the link(bf(-U))(minusU) option, by appending a percent symbol ("%")
-then the password to username. For example, to attach to a service as
-user tt("fred") with password tt("secret"), you would specify. nl()
-
-tt(-U fred%secret) nl()
-
-on the command line. Note that there are no spaces around the percent
-symbol.
-
-If you specify the password as part of username then the link(bf(-N))(minusN) option
-(suppress password prompt) is assumed.
-
-If you specify the password as a parameter em(AND) as part of username
-then the password as part of username will take precedence. Putting
-nothing before or nothing after the percent symbol will cause an empty
-username or an empty password to be used, respectively.
-
-The password may also be specified by setting up an environment
-variable called tt(PASSWORD) that contains the users password. Note
-that this may be very insecure on some systems but on others allows
-users to script rpcclient commands without having a password appear in
-the command line of a process listing.
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts or in the
-tt(PASSWORD) environment variable. Also, on many systems the command
-line of a running process may be seen via the tt(ps) command to be
-safe always allow rpcclient to prompt for a password and type it in
-directly.
-
-label(minust)
-dit(bf(-t terminal code)) This option tells rpcclient how to interpret
-filenames coming from the remote server. Usually Asian language
-multibyte UNIX implementations use different character sets than
-SMB/CIFS servers (em(EUC) instead of em(SJIS) for example). Setting
-this parameter will let rpcclient convert between the UNIX filenames
-and the SMB filenames correctly. This option has not been seriously
-tested and may have some problems.
-
-The terminal codes include tt(sjis), tt(euc), tt(jis7), tt(jis8),
-tt(junet), tt(hex), tt(cap). This is not a complete list, check the
-Samba source code for the complete list.
-
-label(minusm)
-dit(bf(-m max protocol level)) With the new code in Samba2.0,
-bf(rpcclient) always attempts to connect at the maximum
-protocols level the server supports. This parameter is
-preserved for backwards compatibility, but any string
-following the bf(-m) will be ignored.
-
-label(minusW)
-dit(bf(-W Domain)) Override the default Domain, which is the remote server's
-Domain. This option may be needed to connect to some servers. It is also
-possible to specify the remote server name as the Domain, which will
-force the username and password to be authenticated against the remote
-server's local SAM instead of the Domain SAM.
-
-label(minusc)
-dit(bf(-c command string)) command string is a semicolon separated
-list of commands to be executed instead of prompting from stdin.
-link(bf(-N))(minusN) is implied by bf(-c).
-
-This is particularly useful in scripts, e.g. tt(-c 'lsaquery; enumusers -u').
-
-enddit()
-
-label(OPERATIONS)
-manpagesection(OPERATIONS)
-
-Once the client is running, the user is presented with a prompt :
-
-tt(smb:\>)
-
-The prompt indicates that the client is ready and waiting to carry out
-a user command. Each command is a single word, optionally followed by
-parameters specific to that command. Command and parameters are
-space-delimited unless these notes specifically state otherwise. All
-commands are case-insensitive. Parameters to commands may or may not
-be case sensitive, depending on the command.
-
-You can specify names (e.g registry keys; user or group names;
-service names) which have spaces in them by quoting the
-name with double quotes, for example "dRMON SmartAgent".
-
-Parameters shown in square brackets (e.g., "[parameter]") are
-optional. If not given, the command will use suitable
-defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
-required.
-
-Note that all commands operating on the server are actually performed
-by issuing a request to the server. Thus the behavior may vary from
-server to server, depending on how the server was implemented.
-
-The commands available are listed in groups relating to different services:
-
-startdit()
-
-dit(Misccellaneous)
-
- startdit()
-
- label(questionmark) dit(bf(? [command])) If "command" is specified,
- the bf(?) command will display a brief informative message about the
- specified command. If no command is specified, a list of available
- commands will be displayed.
-
- label(exclaimationmark) dit(bf(! [shell command])) If "shell command"
- is specified, the bf(!) command will execute a shell locally and run
- the specified shell command. If no command is specified, a local shell
- will be run.
-
- label(exit) dit(bf(exit)) Terminate the connection with the server and
- exit from the program.
-
- label(help) dit(bf(help [command])) See the link(bf(?))(questionmark)
- command above.
-
- label(quit) dit(bf(quit)) See the link(bf(exit))(exit) command.
-
- enddit()
-
-dit(Event Log)
-
- startdit()
-
- label(eventlog) dit(bf(eventlog))
- list the events
-
- enddit()
-
-dit(Service Control)
-
- These commands provide functionality similar to the Windows
- NT Service Control Manager.
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for Service names, by pressing the
- tab key.
-
- startdit()
-
- label(svcenum) dit(bf(svcenum))
- [-i] Lists Services.
-
- label(svcinfo) dit(bf(svcinfo))
- <service> Service Information
-
- label(svcstart) dit(bf(svcstart))
- <service> [arg 0] [arg 1] ... Start Service
-
- label(svcstop) dit(bf(svcstop))
- <service> Stop Service
-
- enddit()
-
-dit(Scheduler)
-
- startdit()
-
- label(at) dit(bf(at))
- Scheduler control (at /? for syntax)
-
- enddit()
-
-dit(Registry)
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for registry key and value names,
- by pressing the tab key.
-
- startdit()
-
- label(regenum) dit(bf(regenum))
- <keyname> Registry Enumeration (keys, values)
-
- label(regdeletekey) dit(bf(regdeletekey))
- <keyname> Registry Key Delete
-
- label(regcreatekey) dit(bf(regcreatekey))
- <keyname> [keyclass] Registry Key Create
-
- label(shutdown) dit(bf(shutdown))
- [-m message] [-t timeout] [-r or --reboot] Server Shutdown
-
- label(regqueryval) dit(bf(regqueryval))
- <valname> Registry Value Query
-
- label(regquerykey) dit(bf(regquerykey))
- <keyname> Registry Key Query
-
- label(regdeleteval) dit(bf(regdeleteval))
- <valname> Registry Value Delete
-
- label(regcreateval) dit(bf(regcreateval))
- <valname> <valtype> <value> Registry Key Create
-
- label(reggetsec) dit(bf(reggetsec))
- <keyname> Registry Key Security
-
- label(regtestsec) dit(bf(regtestsec))
- <keyname> Test Registry Key Security
-
- enddit()
-
-dit(Printing)
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for Printer and job names, by
- pressing the tab key.
-
- startdit()
-
- label(spoolenum) dit(bf(spoolenum))
- Enumerate Printers. This experimental command lists
- all printers available on a remote spooler service.
-
- label(spooljobs) dit(bf(spooljobs))
- <printer name> Enumerate Printer Jobs. This
- experimental command lists all jobs, and their
- status, currently queued on a remote spooler
- service.
-
- label(spoolopen) dit(bf(spoolopen))
- <printer name> Spool Printer Open Test. Experimental.
-
- enddit()
-
-dit(Server)
-
- startdit()
-
- label(time) dit(bf(time))
- Display remote time
-
- label(brsinfo) dit(bf(brsinfo))
- Browser Query Info
-
- label(wksinfo) dit(bf(wksinfo))
- Workstation Query Info
-
- label(srvinfo) dit(bf(srvinfo))
- Server Query Info
-
- label(srvsessions) dit(bf(srvsessions))
- List sessions on a server
-
- label(srvshares) dit(bf(srvshares))
- List shares on a server
-
- label(srvtransports) dit(bf(srvtransports))
- List transports on a server
-
- label(srvconnections) dit(bf(srvconnections))
- List connections on a server
-
- label(srvfiles) dit(bf(srvfiles))
- List files on a server
-
- enddit()
-
-dit(Local Security Authority)
-
- startdit()
-
- label(lsaquery) dit(bf(lsaquery))
- Query Info Policy (domain member or server). Obtains
- the SID and name of the SAM database that a server
- is responsible for (i.e a workstation's local SAM
- database or the PDC SAM database). Also obtains the
- SID and name of the SAM database that a server is
- a member of.
-
- label(lsaenumdomains) dit(bf(lsaenumdomains))
- Enumerate Trusted Domains. Lists all Trusted and
- Trusting Domains with which the remote PDC has
- trust relationships established.
-
- label(lookupsids) dit(bf(lookupsids))
- <rid1 or sid1> <rid1 or sid2> ... Resolve names from SIDs.
- Mostly to be used by developers or for troubleshooting,
- this command can take either Security Identifiers or Relative
- Identifiers, and look them up in the local SAM database
- (or look them up in a remote Trusting or Trusted PDC's SAM
- database if there is an appropriate Trust Relationship
- established). The result is a list of names, of the
- format: nl()
- tt([TRUST_DOMAIN\]name). nl()
- the link(bf(lsaquery))(lsaquery) command must have been
- issued first if you wish to use lookupsids to resolve
- RIDs. The only RIDs that will be resolved will be those
- in the SAM database of the server to which you are connected.
-
- label(lookupnames) dit(bf(lookupnames))
- <name1> <name2> ... Resolve SIDs from names.
- Mostly to be used by developers or for troubleshooting,
- this command can take names of the following format: nl()
- tt([DOMAIN_NAME\]name). nl()
- The names, which can be user, group or alias names, will
- either be looked up in the local SAM database or in a remote
- Trusting or Trusted PDC's SAM database, if there is an
- appropriate Trust Relationship established. The optional
- Domain name component is the name of a SAM database, which
- can include a workstation's local SAM database or a Trusted
- Domain.
- Example Usage: nl()
- tt(lookupnames WKSTANAME\Administrator "Domain Guests") nl()
-
- label(querysecret) dit(bf(querysecret))
- LSA Query Secret (developer use). This command only appears
- to work against NT4 SP3 and below. Due to its potential
- for misuse, it looks like Microsoft modified their
- implementation of the LsaRetrievePrivateData call to
- always return NT_STATUS_ACCESS_DENIED.
-
- enddit()
-
-dit(NETLOGON)
-
- startdit()
-
- label(ntlogin) dit(bf(ntlogin))
- [username] [password] NT Domain login test. Demonstrates
- how NT-style logins work. Mainly for developer usage,
- it can also be used to verify that a user can log in
- from a workstation. If you cannot ever get pam_ntdom
- to work, try this command first.
-
- label(domtrust) dit(bf(domtrust))
- <domain> NT Inter-Domain test. Demonstrates how NT-style
- Inter-Domain Trust relationships work. Mainly for
- developer usage, it can also be used to verify that a
- Trust Relationship is correctly established with a
- remote PDC.
-
- label(samsync) dit(bf(samsync))
- SAM Synchronisation Test (experimental). This command
- is used to manually synchronise a SAM database from a
- remote PDC, when Samba is set up as a Backup Domain
- Controller.
-
- enddit()
-
-dit(SAM Database)
-
- The SAM Database holds user, group and alias information.
- The commands listed below allow operations such as adding
- user accounts and changing their password; listing known
- Domains; listing user, group and alias accounts; listing the
- members of groups and aliases; adding or removing members
- from groups and aliases.
-
- The commands that make changes are protected by Access Control
- permissions on the remote server. You will therefore need to
- be in the right NT group in order to perform certain operations.
- If you find that a command fails with an NT_STATUS_ACCESS_DENIED
- error and you think you should be able to perform that command,
- talk to your Administrator: your username is probably not in the
- correct NT alias or group (e.g Account Operators; Domain Admin).
-
- The commands that view information usually require less
- user privileges. However, a particular remote server may be
- configured with better security settings, so a command that
- succeeds on one server may not succeed on another.
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for user, group, alias and domain
- names, by pressing the tab key.
-
- startdit()
-
- label(lookupdomain) dit(bf(lookupdomain))
- Obtain SID for a local domain
-
- label(enumusers) dit(bf(enumusers))
- SAM User Database Query (experimental!)
-
- label(addgroupmem) dit(bf(addgroupmem))
- <group rid> [user] [user] ... SAM Add Domain Group Member
-
- label(addaliasmem) dit(bf(addaliasmem))
- <alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member
-
- label(delgroupmem) dit(bf(delgroupmem))
- <group rid> [user] [user] ... SAM Delete Domain Group Member
-
- label(delaliasmem) dit(bf(delaliasmem))
- <alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member
-
- label(creategroup) dit(bf(creategroup))
- SAM Create Domain Group
-
- label(createalias) dit(bf(createalias))
- SAM Create Domain Alias
-
- label(createuser) dit(bf(createuser))
- <username> SAM Create Domain User
-
- label(delgroup) dit(bf(delgroup))
- SAM Delete Domain Group
-
- label(delalias) dit(bf(delalias))
- SAM Delete Domain Alias
-
- label(ntpass) dit(bf(ntpass))
- NT SAM Password Change
-
- label(samuserset2) dit(bf(samuserset2))
- <username> [-s acb_bits] SAM User Set Info 2 (experimental!)
-
- label(samuserset) dit(bf(samuserset))
- <username> [-p password] SAM User Set Info (experimental!)
-
- label(samuser) dit(bf(samuser))
- <username> SAM User Query (experimental!)
-
- label(samgroup) dit(bf(samgroup))
- <groupname> SAM Group Query (experimental!)
-
- label(samalias) dit(bf(samalias))
- <aliasname> SAM Alias Query
-
- label(samaliasmem) dit(bf(samaliasmem))
- <aliasname> SAM Alias Members
-
- label(samgroupmem) dit(bf(samgroupmem))
- SAM Group Members
-
- label(samtest) dit(bf(samtest))
- SAM User Encrypted RPC test (experimental!)
-
- label(enumaliases) dit(bf(enumaliases))
- SAM Aliases Database Query (experimental!)
-
- label(enumdomains) dit(bf(enumdomains))
- SAM Domains Database Query (experimental!)
-
- label(enumgroups) dit(bf(enumgroups))
- SAM Group Database Query (experimental!)
-
- label(dominfo) dit(bf(dominfo))
- SAM Query Domain Info
-
- label(dispinfo) dit(bf(dispinfo))
- SAM Query Display Info
-
- enddit()
-
-enddit()
-
-
-label(NOTES)
-manpagesection(NOTES)
-
-Some servers are fussy about the case of supplied usernames,
-passwords, share names (AKA service names) and machine names. If you
-fail to connect try giving all parameters in uppercase.
-
-It is often necessary to use the link(bf(-n))(minusn) option when connecting
-to some types of servers. For example OS/2 LanManager insists on a valid
-NetBIOS name being used, so you need to supply a valid name that would
-be known to the server.
-
-rpcclient only works on servers that support MSRPC over SMB. This includes
-all versions of Windows NT, including the ports to Unix such as AS/U and
-AFPS. Support for MSRPC over SMB in other servers is currently rare and
-patchy, for example Samba 2.0 only supports a limited set of MSRPC commands,
-and some of those are not supported very well.
-
-label(ENVIRONMENTVARIABLES)
-manpagesection(ENVIRONMENT VARIABLES)
-
-The variable bf(USER) may contain the username of the person using the
-client. This information is used only if the protocol level is high
-enough to support session-level passwords.
-
-The variable bf(PASSWORD) may contain the password of the person using
-the client. This information is used only if the protocol level is
-high enough to support session-level passwords.
-
-label(INSTALLATION)
-manpagesection(INSTALLATION)
-
-The location of the client program is a matter for individual system
-administrators. The following are thus suggestions only.
-
-It is recommended that the rpcclient software be installed in the
-/usr/local/samba/bin or /usr/samba/bin directory, this directory
-readable by all, writeable only by root. The client program itself
-should be executable by all. The client should em(NOT) be setuid or
-setgid!
-
-The client log files should be put in a directory readable and
-writeable only by the user.
-
-To test the client, you will need to know the name of a running
-SMB/CIFS server. It is possible to run url(bf(smbd (8)))(smbd.8.html)
-an ordinary user - running that server as a daemon on a
-user-accessible port (typically any port number over 1024) would
-provide a suitable test server.
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-Most diagnostics issued by the client are logged in a specified log
-file. The log file name is specified at compile time, but may be
-overridden on the command line.
-
-The number and nature of diagnostics available depends on the debug
-level used by the client. If you have problems, set the debug level to
-3 and peruse the log files.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(BUGS)
-manpagesection(BUGS)
-
-startdit()
-dit(WARNING!)
-The MSPRC over SMB code has been developed from examining Network traces.
-No documentation is available from the original creators (Microsoft) on
-how MSRPC over SMB works, or how the individual MSRPC services work.
-Microsoft's implementation of these services has been demonstrated (and
-reported) to be... a bit flakey in places.
-
-The development of Samba's implementation of these services is em(also)
-a bit rough, and as more of the services are understood, it can even result
-in versions of url(bf(smbd (8)))(smbd.8.html) and rpcclient that are
-backwards-incompatible for some commands or services. Additionally, the
-developers are sending reports to Microsoft, and problems found by or
-reported to Microsoft are fixed in Service Packs, which may also result in
-incompatibilities.
-
-It is therefore not guaranteed that the execution of an rpcclient command will
-work. It is also not guaranteed that the target server will continue to
-operate, i.e the execution of an MSRPC command may cause a remote service to
-fail, or even cause the remote server to fail. Usual rules apply, of course:
-the developers bear absolutely no responsibility or liability for the use,
-misuse, or lack of use of rpcclient, by any person or persons, whether legal,
-illegal, accidental, deliberate, intentional, malicious, curious, etc.
-
-This em(particularly) applies to the registry and SAM database commands.
-As you are using a command-line tool not a mouse-clicky tool, you have
-already proven yourself to be savvy, however if you don't know what you're
-doing, then em(don't do it!).
-
-dit(Command Completion)
-Command-completion (available if you have the GNU readline library) used on
-certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but
-you will have to go back and put quotes round it, yourself.
-
-dit(SAM Database command-completion)
-Command-completion (available if you have the GNU readline library) of user,
-group and alias names does not work on remote Domains, which would normally
-be specified like this: nl()
-tt(DOMAIN_name\user_name). nl()
-The only names that can be completed in this fashion are the local names
-in the SAM database of the target server.
-
-dit(link(bf(spoolenum))(spoolenum))
-Due to current limitations in the rpcclient MSRPC / SMB code, and due to
-the extremely poor MSRPC implementation (by Microsoft) of the spooler
-service, if there are a large number of printers (or the names / comment
-fields associated with the printers), this command will fail. The
-limitations require further research to be carried out; we're stuck with
-the poor \PIPE\spoolss design.
-
-endit()
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba-bugs@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison. This man page
-was developed cut-and-paste style from the smbclient man page, by
-Luke Kenneth Casson Leighton.
-email(samba-bugs@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-