From 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 10:09:40 -0500 Subject: Moving docs tree to docs-xml to make room for generated docs in the release tarball. (This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14) --- docs-xml/manpages-3/eventlogadm.8.xml | 252 +++++ docs-xml/manpages-3/findsmb.1.xml | 153 +++ docs-xml/manpages-3/idmap_ad.8.xml | 92 ++ docs-xml/manpages-3/idmap_ldap.8.xml | 165 +++ docs-xml/manpages-3/idmap_nss.8.xml | 66 ++ docs-xml/manpages-3/idmap_rid.8.xml | 84 ++ docs-xml/manpages-3/idmap_tdb.8.xml | 93 ++ docs-xml/manpages-3/ldb.3.xml | 265 +++++ docs-xml/manpages-3/ldbadd.1.xml | 108 ++ docs-xml/manpages-3/ldbdel.1.xml | 108 ++ docs-xml/manpages-3/ldbedit.1.xml | 203 ++++ docs-xml/manpages-3/ldbmodify.1.xml | 96 ++ docs-xml/manpages-3/ldbsearch.1.xml | 122 +++ docs-xml/manpages-3/libsmbclient.7.xml | 140 +++ docs-xml/manpages-3/lmhosts.5.xml | 127 +++ docs-xml/manpages-3/log2pcap.1.xml | 138 +++ docs-xml/manpages-3/mount.cifs.8.xml | 614 +++++++++++ docs-xml/manpages-3/net.8.xml | 1548 +++++++++++++++++++++++++++ docs-xml/manpages-3/nmbd.8.xml | 294 +++++ docs-xml/manpages-3/nmblookup.1.xml | 223 ++++ docs-xml/manpages-3/ntlm_auth.1.xml | 410 +++++++ docs-xml/manpages-3/pam_winbind.7.xml | 173 +++ docs-xml/manpages-3/pdbedit.8.xml | 456 ++++++++ docs-xml/manpages-3/profiles.1.xml | 88 ++ docs-xml/manpages-3/rpcclient.1.xml | 487 +++++++++ docs-xml/manpages-3/samba.7.xml | 362 +++++++ docs-xml/manpages-3/smb.conf.5.xml | 859 +++++++++++++++ docs-xml/manpages-3/smbcacls.1.xml | 264 +++++ docs-xml/manpages-3/smbclient.1.xml | 1135 ++++++++++++++++++++ docs-xml/manpages-3/smbcontrol.1.xml | 297 +++++ docs-xml/manpages-3/smbcquotas.1.xml | 183 ++++ docs-xml/manpages-3/smbd.8.xml | 445 ++++++++ docs-xml/manpages-3/smbget.1.xml | 211 ++++ docs-xml/manpages-3/smbgetrc.5.xml | 116 ++ docs-xml/manpages-3/smbpasswd.5.xml | 211 ++++ docs-xml/manpages-3/smbpasswd.8.xml | 431 ++++++++ docs-xml/manpages-3/smbsh.1.xml | 164 +++ docs-xml/manpages-3/smbspool.8.xml | 133 +++ docs-xml/manpages-3/smbstatus.1.xml | 140 +++ docs-xml/manpages-3/smbtar.1.xml | 237 ++++ docs-xml/manpages-3/smbtree.1.xml | 96 ++ docs-xml/manpages-3/swat.8.xml | 237 ++++ docs-xml/manpages-3/tdbbackup.8.xml | 136 +++ docs-xml/manpages-3/tdbdump.8.xml | 61 ++ docs-xml/manpages-3/tdbtool.8.xml | 227 ++++ docs-xml/manpages-3/testparm.1.xml | 210 ++++ docs-xml/manpages-3/umount.cifs.8.xml | 137 +++ docs-xml/manpages-3/vfs_audit.8.xml | 122 +++ docs-xml/manpages-3/vfs_cacheprime.8.xml | 110 ++ docs-xml/manpages-3/vfs_cap.8.xml | 78 ++ docs-xml/manpages-3/vfs_catia.8.xml | 73 ++ docs-xml/manpages-3/vfs_commit.8.xml | 110 ++ docs-xml/manpages-3/vfs_default_quota.8.xml | 136 +++ docs-xml/manpages-3/vfs_extd_audit.8.xml | 68 ++ docs-xml/manpages-3/vfs_fake_perms.8.xml | 73 ++ docs-xml/manpages-3/vfs_full_audit.8.xml | 266 +++++ docs-xml/manpages-3/vfs_gpfs.8.xml | 164 +++ docs-xml/manpages-3/vfs_netatalk.8.xml | 77 ++ docs-xml/manpages-3/vfs_notify_fam.8.xml | 70 ++ docs-xml/manpages-3/vfs_prealloc.8.xml | 107 ++ docs-xml/manpages-3/vfs_readahead.8.xml | 115 ++ docs-xml/manpages-3/vfs_readonly.8.xml | 101 ++ docs-xml/manpages-3/vfs_recycle.8.xml | 217 ++++ docs-xml/manpages-3/vfs_shadow_copy.8.xml | 121 +++ docs-xml/manpages-3/vfs_xattr_tdb.8.xml | 69 ++ docs-xml/manpages-3/vfstest.1.xml | 153 +++ docs-xml/manpages-3/wbinfo.1.xml | 380 +++++++ docs-xml/manpages-3/winbindd.8.xml | 512 +++++++++ 68 files changed, 15919 insertions(+) create mode 100644 docs-xml/manpages-3/eventlogadm.8.xml create mode 100644 docs-xml/manpages-3/findsmb.1.xml create mode 100644 docs-xml/manpages-3/idmap_ad.8.xml create mode 100644 docs-xml/manpages-3/idmap_ldap.8.xml create mode 100644 docs-xml/manpages-3/idmap_nss.8.xml create mode 100644 docs-xml/manpages-3/idmap_rid.8.xml create mode 100644 docs-xml/manpages-3/idmap_tdb.8.xml create mode 100644 docs-xml/manpages-3/ldb.3.xml create mode 100644 docs-xml/manpages-3/ldbadd.1.xml create mode 100644 docs-xml/manpages-3/ldbdel.1.xml create mode 100644 docs-xml/manpages-3/ldbedit.1.xml create mode 100644 docs-xml/manpages-3/ldbmodify.1.xml create mode 100644 docs-xml/manpages-3/ldbsearch.1.xml create mode 100644 docs-xml/manpages-3/libsmbclient.7.xml create mode 100644 docs-xml/manpages-3/lmhosts.5.xml create mode 100644 docs-xml/manpages-3/log2pcap.1.xml create mode 100644 docs-xml/manpages-3/mount.cifs.8.xml create mode 100644 docs-xml/manpages-3/net.8.xml create mode 100644 docs-xml/manpages-3/nmbd.8.xml create mode 100644 docs-xml/manpages-3/nmblookup.1.xml create mode 100644 docs-xml/manpages-3/ntlm_auth.1.xml create mode 100644 docs-xml/manpages-3/pam_winbind.7.xml create mode 100644 docs-xml/manpages-3/pdbedit.8.xml create mode 100644 docs-xml/manpages-3/profiles.1.xml create mode 100644 docs-xml/manpages-3/rpcclient.1.xml create mode 100644 docs-xml/manpages-3/samba.7.xml create mode 100644 docs-xml/manpages-3/smb.conf.5.xml create mode 100644 docs-xml/manpages-3/smbcacls.1.xml create mode 100644 docs-xml/manpages-3/smbclient.1.xml create mode 100644 docs-xml/manpages-3/smbcontrol.1.xml create mode 100644 docs-xml/manpages-3/smbcquotas.1.xml create mode 100644 docs-xml/manpages-3/smbd.8.xml create mode 100644 docs-xml/manpages-3/smbget.1.xml create mode 100644 docs-xml/manpages-3/smbgetrc.5.xml create mode 100644 docs-xml/manpages-3/smbpasswd.5.xml create mode 100644 docs-xml/manpages-3/smbpasswd.8.xml create mode 100644 docs-xml/manpages-3/smbsh.1.xml create mode 100644 docs-xml/manpages-3/smbspool.8.xml create mode 100644 docs-xml/manpages-3/smbstatus.1.xml create mode 100644 docs-xml/manpages-3/smbtar.1.xml create mode 100644 docs-xml/manpages-3/smbtree.1.xml create mode 100644 docs-xml/manpages-3/swat.8.xml create mode 100644 docs-xml/manpages-3/tdbbackup.8.xml create mode 100644 docs-xml/manpages-3/tdbdump.8.xml create mode 100644 docs-xml/manpages-3/tdbtool.8.xml create mode 100644 docs-xml/manpages-3/testparm.1.xml create mode 100644 docs-xml/manpages-3/umount.cifs.8.xml create mode 100644 docs-xml/manpages-3/vfs_audit.8.xml create mode 100644 docs-xml/manpages-3/vfs_cacheprime.8.xml create mode 100644 docs-xml/manpages-3/vfs_cap.8.xml create mode 100644 docs-xml/manpages-3/vfs_catia.8.xml create mode 100644 docs-xml/manpages-3/vfs_commit.8.xml create mode 100644 docs-xml/manpages-3/vfs_default_quota.8.xml create mode 100644 docs-xml/manpages-3/vfs_extd_audit.8.xml create mode 100644 docs-xml/manpages-3/vfs_fake_perms.8.xml create mode 100644 docs-xml/manpages-3/vfs_full_audit.8.xml create mode 100644 docs-xml/manpages-3/vfs_gpfs.8.xml create mode 100644 docs-xml/manpages-3/vfs_netatalk.8.xml create mode 100644 docs-xml/manpages-3/vfs_notify_fam.8.xml create mode 100644 docs-xml/manpages-3/vfs_prealloc.8.xml create mode 100644 docs-xml/manpages-3/vfs_readahead.8.xml create mode 100644 docs-xml/manpages-3/vfs_readonly.8.xml create mode 100644 docs-xml/manpages-3/vfs_recycle.8.xml create mode 100644 docs-xml/manpages-3/vfs_shadow_copy.8.xml create mode 100644 docs-xml/manpages-3/vfs_xattr_tdb.8.xml create mode 100644 docs-xml/manpages-3/vfstest.1.xml create mode 100644 docs-xml/manpages-3/wbinfo.1.xml create mode 100644 docs-xml/manpages-3/winbindd.8.xml (limited to 'docs-xml/manpages-3') diff --git a/docs-xml/manpages-3/eventlogadm.8.xml b/docs-xml/manpages-3/eventlogadm.8.xml new file mode 100644 index 0000000000..04ba022032 --- /dev/null +++ b/docs-xml/manpages-3/eventlogadm.8.xml @@ -0,0 +1,252 @@ + + + + + + eventlogadm + 8 + Samba + System Administration tools + 3.2 + + + + + eventlogadm + push records into the Samba event log store + + + + + + eventlogadm + + + + addsource + EVENTLOG + SOURCENAME + MSGFILE + + + + + eventlogadm + + + + write + EVENTLOG + + + + + + + DESCRIPTION + + This tool is part of the samba + 1 suite. + + eventlogadm is a filter that accepts + formatted event log records on standard input and writes them + to the Samba event log store. Windows client can then manipulate + these record using the usual administration tools. + + + + + + OPTIONS + + + + + + + The -d option causes eventlogadm to emit debugging + information. + + + + + + + addsource + EVENTLOG + SOURCENAME + MSGFILE + + + The -o addsource option creates a + new event log source. + + + + + + + write + EVENTLOG + + + The -o write reads event log + records from standard input and writes them to theSamba + event log store named by EVENTLOG. + + + + + + + Print usage information. + + + + + + + + + EVENTLOG RECORD FORMAT + + For the write operation, eventlogadm + expects to be able to read structured records from standard + input. These records are a sequence of lines, with the record key + and data separated by a colon character. Records are separated + by at least one or more blank line. + + The event log record field are: + + + + LEN - This field should be 0, since eventlogadm will calculate this value. + + + + RS1 - This must be the value 1699505740. + + + + RCN - This field should be 0. + + + + TMG - The time the eventlog record + was generated; format is the number of seconds since + 00:00:00 January 1, 1970, UTC. + + + + TMW - The time the eventlog record was + written; format is the number of seconds since 00:00:00 + January 1, 1970, UTC. + + + + EID - The eventlog ID. + + + + ETP - The event type -- one of + "INFO", + "ERROR", "WARNING", "AUDIT + SUCCESS" or "AUDIT FAILURE". + + + + ECT - The event category; this depends + on the message file. It is primarily used as a means of + filtering in the eventlog viewer. + + + + RS2 - This field should be 0. + + + + CRN - This field should be 0. + + + + USL - This field should be 0. + + + + SRC - This field contains the source + name associated with the event log. If a message file is + used with an event log, there will be a registry entry + for associating this source name with a message file DLL. + + + + SRN - he name of the machine on + which the eventlog was generated. This is typically the + host name. + + + + STR - The text associated with the + eventlog. There may be more than one string in a record. + + + + DAT - This field should be left unset. + + + + + + + + EXAMPLES + An example of the record format accepted by eventlogadm: + + + LEN: 0 + RS1: 1699505740 + RCN: 0 + TMG: 1128631322 + TMW: 1128631322 + EID: 1000 + ETP: INFO + ECT: 0 + RS2: 0 + CRN: 0 + USL: 0 + SRC: cron + SRN: dmlinux + STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) + DAT: + + + Set up an eventlog source, specifying a message file DLL: + + eventlogadm -o addsource Application MyApplication | \\ + %SystemRoot%/system32/MyApplication.dll + + + Filter messages from the system log into an event log: + + tail -f /var/log/messages | \\ + my_program_to_parse_into_eventlog_records | \\ + eventlogadm SystemLogEvents + + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities were + created by Andrew Tridgell. Samba is now developed by the + Samba Team as an Open Source project similar to the way the + Linux kernel is developed. + + + diff --git a/docs-xml/manpages-3/findsmb.1.xml b/docs-xml/manpages-3/findsmb.1.xml new file mode 100644 index 0000000000..9161dc4f14 --- /dev/null +++ b/docs-xml/manpages-3/findsmb.1.xml @@ -0,0 +1,153 @@ + + + + + + findsmb + 1 + Samba + User Commands + 3.2 + + + + + findsmb + list info about machines that respond to SMB + name queries on a subnet + + + + + findsmb + subnet broadcast address + + + + + DESCRIPTION + + This perl script is part of the + samba7 + suite. + + findsmb is a perl script that + prints out several pieces of information about machines + on a subnet that respond to SMB name query requests. + It uses nmblookup1 + and smbclient1 + to obtain this information. + + + + + OPTIONS + + + + -r + Controls whether findsmb takes + bugs in Windows95 into account when trying to find a Netbios name + registered of the remote machine. This option is disabled by default + because it is specific to Windows 95 and Windows 95 machines only. + If set, nmblookup1 + will be called with -B option. + + + subnet broadcast address + Without this option, findsmb + will probe the subnet of the machine where + findsmb1 + is run. This value is passed to + nmblookup1 + as part of the -B option. + + + + + + EXAMPLES + + The output of findsmb lists the following + information for all machines that respond to the initial + nmblookup for any name: IP address, NetBIOS name, + Workgroup name, operating system, and SMB server version. + + There will be a '+' in front of the workgroup name for + machines that are local master browsers for that workgroup. There + will be an '*' in front of the workgroup name for + machines that are the domain master browser for that workgroup. + Machines that are running Windows for Workgroups, Windows 95 or + Windows 98 will + not show any information about the operating system or server + version. + + The command with -r option + must be run on a system without + nmbd8 + running. + + If nmbd is running on the system, you will + only get the IP address and the DNS name of the machine. To + get proper responses from Windows 95 and Windows 98 machines, + the command must be run as root and with -r + option on a machine without nmbd running. + + For example, running findsmb + without -r option set would yield output similar + to the following + + +IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION +--------------------------------------------------------------------- +192.168.35.10 MINESET-TEST1 [DMVENGR] +192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6] +192.168.35.56 HERBNT2 [HERB-NT] +192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX] +192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10] +192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX] +192.168.35.78 HERBDHCP1 +[HERB] +192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] +192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] +192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + nmbd8 + , + smbclient1 + , and nmblookup + 1 + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) + and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml new file mode 100644 index 0000000000..766eb85090 --- /dev/null +++ b/docs-xml/manpages-3/idmap_ad.8.xml @@ -0,0 +1,92 @@ + + + + + + idmap_ad + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_ad + Samba's idmap_ad Backend for Winbind + + + + DESCRIPTION + The idmap_ad plugin provides a way for Winbind to read + id mappings from an AD server that uses RFC2307/SFU schema + extensions. This module implements only the "idmap" + API, and is READONLY. Mappings must be provided in advance + by the administrator by adding the posixAccount/posixGroup + classess and relative attribute/value pairs to the users and + groups objects in AD + + + + IDMAP OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If specified any UID or GID stored in AD that fall outside the + range is ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + + + + schema_mode = <rfc2307 | sfu > + + Defines the schema that idmap_ad should use when querying + Active Directory regarding user and group information. + This can either the RFC2307 schema support included + in Windows 2003 R2 or the Service for Unix (SFU) schema. + + + + + + + EXAMPLES + + The following example shows how to retrieve idmappings from our principal and + and trusted AD domains. All is needed is to set default to yes. If trusted + domains are present id conflicts must be resolved beforehand, there is no + guarantee on the order conflicting mappings would be resolved at this point. + + This example also shows how to leave a small non conflicting range for local + id allocation that may be used in internal backends like BUILTIN. + + + + [global] + idmap domains = ALLDOMAINS + idmap config ALLDOMAINS:backend = ad + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:range = 10000 - 300000000 + + idmap alloc backend = tdb + idmap alloc config:range = 5000 - 9999 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml new file mode 100644 index 0000000000..ea7def3a0c --- /dev/null +++ b/docs-xml/manpages-3/idmap_ldap.8.xml @@ -0,0 +1,165 @@ + + + + + + idmap_ldap + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_ldap + Samba's idmap_ldap Backend for Winbind + + + + DESCRIPTION + + The idmap_ldap plugin provides a means for Winbind to + store and retrieve SID/uid/gid mapping tables in an LDAP directory + service. The module implements both the "idmap" and + "idmap alloc" APIs. + + + + + IDMAP OPTIONS + + + + ldap_base_dn = DN + + Defines the directory base suffix to use when searching for + SID/uid/gid mapping entries. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + + + + + ldap_user_dn = DN + + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + + + + + ldap_url = ldap://server/ + + Specifies the LDAP server to use when searching for existing + SID/uid/gid map entries. If not defined, idmap_ldap will + assume that ldap://localhost/ should be used. + + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly matches + the allocation range due to the fact that the same backend will + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. + + + + + + + IDMAP ALLOC OPTIONS + + + + ldap_base_dn = DN + + Defines the directory base suffix under which new SID/uid/gid mapping + entries should be stored. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + + + + + ldap_user_dn = DN + + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + + + + + ldap_url = ldap://server/ + + Specifies the LDAP server to which modify/add/delete requests should + be sent. If not defined, idmap_ldap will assume that ldap://localhost/ + should be used. + + + + + range = low - high + + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. + + + + + + + EXAMPLES + + + The follow sets of a LDAP configuration which uses a slave server + running on localhost for fast fetching SID/gid/uid mappings, it + implies correct configuration of referrals. + The idmap alloc backend is pointed directly to the master to skip + the referral (and consequent reconnection to the master) that the + slave would return as allocation requires writing on the master. + + + + [global] + idmap domains = ALLDOMAINS + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:backend = ldap + idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config ALLDOMAINS:ldap_url = ldap://localhost/ + idmap config ALLDOMAINS:range = 10000 - 50000 + + idmap alloc backend = ldap + idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap alloc config:ldap_url = ldap://master.example.com/ + idmap alloc config:range = 10000 - 50000 + + + + + NOTE + + In order to use authentication against ldap servers you may + need to provide a DN and a password. To avoid exposing the password + in plain text in the configuration file we store it into a security + store. The "net idmap " command is used to store a secret + for the DN specified in a specific idmap domain. + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/idmap_nss.8.xml b/docs-xml/manpages-3/idmap_nss.8.xml new file mode 100644 index 0000000000..063ce73748 --- /dev/null +++ b/docs-xml/manpages-3/idmap_nss.8.xml @@ -0,0 +1,66 @@ + + + + + + idmap_nss + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_nss + Samba's idmap_nss Backend for Winbind + + + + DESCRIPTION + + The idmap_nss plugin provides a means to map Unix users and groups + to Windows accounts and obseletes the "winbind trusted domains only" + smb.conf option. This provides a simple means of ensuring that the SID + for a Unix user named jsmith is reported as the one assigned to + DOMAIN\jsmith which is necessary for reporting ACLs on files and printers + stored on a Samba member server. + + + + + EXAMPLES + + + This example shows how to use idmap_nss to check the local accounts for its + own domain while using allocation to create new mappings for trusted domains + + + + [global] + idmap domains = SAMBA TRUSTEDDOMAINS + + idmap config SAMBA:backend = nss + idmap config SAMBA:readonly = yes + + idmap config TRUSTEDDOMAINS:default = yes + idmap config TRUSTEDDOMAINS:backend = tdb + idmap config TRUSTEDDOMAINS:range = 10000 - 50000 + + idmap alloc backend = tdb + idmap alloc config:range = 10000 - 50000 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml new file mode 100644 index 0000000000..1d80bf3a0e --- /dev/null +++ b/docs-xml/manpages-3/idmap_rid.8.xml @@ -0,0 +1,84 @@ + + + + + + idmap_rid + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_rid + Samba's idmap_rid Backend for Winbind + + + + DESCRIPTION + The idmap_rid backend provides a way to use an algorithmic + mapping scheme to map UIDs/GIDs and SIDs. No database is required + in this case as the mapping is deterministic. + + + + IDMAP OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If algorithmically determined UID or GID fall outside the + range, they are ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + + + + + base_rid = INTEGER + + Defines the base integer used to build SIDs out of an UID or a GID, + and to rebase the UID or GID to be obtained from a SID. User RIDs + by default start at 1000 (512 hexadecimal), this means a good value + for base_rid can be 1000 as the resulting ID is calculated this way: + ID = RID - BASE_RID + LOW RANGE ID. + + + + + + + EXAMPLES + This example shows how to configure 2 domains with idmap_rid + + + [global] + idmap domains = MAIN TRUSTED1 + + idmap config MAIN:backend = rid + idmap config MAIN:base_rid = 0 + idmap config MAIN:range = 10000 - 49999 + + idmap config TRUSTED1:backend = rid + idmap config TRUSTED1:base_rid = 1000 + idmap config TRUSTED1:range = 50000 - 99999 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml new file mode 100644 index 0000000000..2caba1e6cb --- /dev/null +++ b/docs-xml/manpages-3/idmap_tdb.8.xml @@ -0,0 +1,93 @@ + + + + + + idmap_tdb + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_tdb + Samba's idmap_tdb Backend for Winbind + + + + DESCRIPTION + + The idmap_tdb plugin is the default backend used by winbindd + for storing SID/uid/gid mapping tables and implements + both the "idmap" and "idmap alloc" APIs. + + + + + IDMAP OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly matches + the allocation range due to the fact that the same backend will + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. + + + + + + + IDMAP ALLOC OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. + + + + + + + EXAMPLES + + + The following example is equivalent to the pre-3.0.25 default idmap + configuration using the "idmap backend = tdb" setting. + + + + [global] + idmap domains = ALLDOMAINS + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:backend = tdb + idmap config ALLDOMAINS:range = 10000 - 50000 + + idmap alloc backend = tdb + idmap alloc config:range = 10000 - 50000 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/ldb.3.xml b/docs-xml/manpages-3/ldb.3.xml new file mode 100644 index 0000000000..a19422a438 --- /dev/null +++ b/docs-xml/manpages-3/ldb.3.xml @@ -0,0 +1,265 @@ + + + + + + ldb + 3 + Samba + C Library Functions + 3.2 + + + + ldb + The Samba Project + A light-weight database library + + + + #include <ldb.h> + + + + description + + +ldb is a light weight embedded database library and API. With a +programming interface that is very similar to LDAP, ldb can store its +data either in a tdb(3) database or in a real LDAP database. + + + +When used with the tdb backend ldb does not require any database +daemon. Instead, ldb function calls are processed immediately by the +ldb library, which does IO directly on the database, while allowing +multiple readers/writers using operating system byte range locks. This +leads to an API with very low overheads, often resulting in speeds of +more than 10x what can be achieved with a more traditional LDAP +architecture. + + + +In a taxonomy of databases ldb would sit half way between key/value +pair databases (such as berkley db or tdb) and a full LDAP +database. With a structured attribute oriented API like LDAP and good +indexing capabilities, ldb can be used for quite sophisticated +applications that need a light weight database, without the +administrative overhead of a full LDAP installation. + + + +Included with ldb are a number of useful command line tools for +manipulating a ldb database. These tools are similar in style to the +equivalent ldap command line tools. + + + +In its default mode of operation with a tdb backend, ldb can also be +seen as a "schema-less LDAP". By default ldb does not require a +schema, which greatly reduces the complexity of getting started with +ldb databases. As the complexity of you application grows you can take +advantage of some of the optional schema-like attributes that ldb +offers, or you can migrate to using the full LDAP api while keeping +your exiting ldb code. + + + +If you are new to ldb, then I suggest starting with the manual pages +for ldbsearch(1) and ldbedit(1), and experimenting with a local +database. Then I suggest you look at the ldb_connect(3) and +ldb_search(3) manual pages. + + + + + TOOLS + + + + ldbsearch(1) + - command line ldb search utility + + + + ldbedit(1) + - edit all or part of a ldb database using your favourite editor + + + + ldbadd(1) + - add records to a ldb database using LDIF formatted input + + + + ldbdel(1) + - delete records from a ldb database + + + + ldbmodify(1) + - modify records in a ldb database using LDIF formatted input + + + + + + FUNCTIONS + + + + ldb_connect(3) + - connect to a ldb backend + + + + ldb_search(3) + - perform a database search + + + + ldb_add(3) + - add a record to the database + + + + ldb_delete(3) + - delete a record from the database + + + + ldb_modify(3) + - modify a record in the database + + + + ldb_errstring(3) + - retrieve extended error information from the last operation + + + + ldb_ldif_write(3) + - write a LDIF formatted message + + + + ldb_ldif_write_file(3) + - write a LDIF formatted message to a file + + + + ldb_ldif_read(3) + - read a LDIF formatted message + + + + ldb_ldif_read_free(3) + - free the result of a ldb_ldif_read() + + + + ldb_ldif_read_file(3) + - read a LDIF message from a file + + + + ldb_ldif_read_string(3) + - read a LDIF message from a string + + + + ldb_msg_find_element(3) + - find an element in a ldb_message + + + + ldb_val_equal_exact(3) + - compare two ldb_val structures + + + + ldb_msg_find_val(3) + - find an element by value + + + + ldb_msg_add_empty(3) + - add an empty message element to a ldb_message + + + + + ldb_msg_add(3) + - add a non-empty message element to a ldb_message + + + + + ldb_msg_element_compare(3) + - compare two ldb_message_element structures + + + + + ldb_msg_find_int(3) + - return an integer value from a ldb_message + + + + + ldb_msg_find_uint(3) + - return an unsigned integer value from a ldb_message + + + + + ldb_msg_find_double(3) + - return a double value from a ldb_message + + + + + ldb_msg_find_string(3) + - return a string value from a ldb_message + + + + + ldb_set_alloc(3) + - set the memory allocation function to be used by ldb + + + + + ldb_set_debug(3) + - set a debug handler to be used by ldb + + + + + ldb_set_debug_stderr(3) + - set a debug handler for stderr output + + + + + + Author + + + ldb was written by + Andrew Tridgell. + + + +If you wish to report a problem or make a suggestion then please see +the web site for +current contact and maintainer information. + + + +ldb is released under the GNU Lesser General Public License version 2 +or later. Please see the file COPYING for license details. + + + diff --git a/docs-xml/manpages-3/ldbadd.1.xml b/docs-xml/manpages-3/ldbadd.1.xml new file mode 100644 index 0000000000..fb57be29c6 --- /dev/null +++ b/docs-xml/manpages-3/ldbadd.1.xml @@ -0,0 +1,108 @@ + + + + + + ldbadd + 1 + Samba + User Commands + 3.2 + + + + + ldbadd + Command-line utility for adding records to an LDB + + + + + ldbadd + -h + -H LDB-URL + ldif-file1 + ldif-file2 + ... + + + + + DESCRIPTION + + ldbadd adds records to an ldb(7) database. It reads + the ldif(5) files specified on the command line and adds + the records from these files to the LDB database, which is specified + by the -H option or the LDB_URL environment variable. + + + If - is specified as a ldb file, the ldif input is read from + standard input. + + + + + + OPTIONS + + + + -h + + Show list of available options. + + + + -H <ldb-url> + + LDB URL to connect to. See ldb(7) for details. + + + + + + + + + ENVIRONMENT + + + LDB_URL + LDB URL to connect to (can be overrided by using the + -H command-line option.) + + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + ldb(7), ldbmodify, ldbdel, ldif(5) + + + + + AUTHOR + + ldb was written by + Andrew Tridgell. + + + +If you wish to report a problem or make a suggestion then please see +the web site for +current contact and maintainer information. + + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/docs-xml/manpages-3/ldbdel.1.xml b/docs-xml/manpages-3/ldbdel.1.xml new file mode 100644 index 0000000000..158c5f1a76 --- /dev/null +++ b/docs-xml/manpages-3/ldbdel.1.xml @@ -0,0 +1,108 @@ + + + + + + ldbdel + 1 + Samba + User Commands + 3.2 + + + + + ldbdel + Command-line program for deleting LDB records + + + + + ldbdel + -h + -H LDB-URL + dn + ... + + + + + DESCRIPTION + + ldbdel deletes records from an ldb(7) database. + It deletes the records identified by the dn's specified + on the command-line. + + ldbdel uses either the database that is specified with + the -H option or the database specified by the LDB_URL environment + variable. + + + + + + OPTIONS + + + + -h + + Show list of available options. + + + + -H <ldb-url> + + LDB URL to connect to. See ldb(7) for details. + + + + + + + + + ENVIRONMENT + + + LDB_URL + LDB URL to connect to (can be overrided by using the + -H command-line option.) + + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + ldb(7), ldbmodify, ldbadd, ldif(5) + + + + + AUTHOR + + ldb was written by + Andrew Tridgell. + + + +If you wish to report a problem or make a suggestion then please see +the web site for +current contact and maintainer information. + + + ldbdel was written by Andrew Tridgell. + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/docs-xml/manpages-3/ldbedit.1.xml b/docs-xml/manpages-3/ldbedit.1.xml new file mode 100644 index 0000000000..2d11ca94f7 --- /dev/null +++ b/docs-xml/manpages-3/ldbedit.1.xml @@ -0,0 +1,203 @@ + + + + + + ldbedit + 1 + Samba + User Commands + 3.2 + + + + + ldbedit + Edit LDB databases using your preferred editor + + + + + ldbedit + -? + --usage + -s base|one|sub + -b basedn + -a + -e editor + -H LDB-URL + expression + attributes + + + + + DESCRIPTION + + ldbedit is a utility that allows you to edit LDB entries (in + tdb files, sqlite files or LDAP servers) using your preferred editor. + ldbedit generates an LDIF file based on your query, allows you to edit + the LDIF, and then merges that LDIF back into the LDB backend. + + + + + + + OPTIONS + + + + -? + --help + + + Show list of available options, and a phrase describing what that option + does. + + + + + + --usage + + + Show list of available options. This is similar to the help option, + however it does not provide any description, and is hence shorter. + + + + + + -H <ldb-url> + + + LDB URL to connect to. For a tdb database, + this will be of the form + tdb://filename. + For a LDAP connection over unix domain + sockets, this will be of the form + ldapi://socket. For + a (potentially remote) LDAP connection over + TCP, this will be of the form + ldap://hostname. For + an SQLite database, this will be of the form + sqlite://filename. + + + + + + -s one|sub|base + Search scope to use. One-level, subtree or base. + + + + -a + -all + + Edit all records. This allows you to + apply the same change to a number of records + at once. You probably want to combine this + with an expression of the form + "objectclass=*". + + + + + + -e editor + --editor editor + + Specify the editor that should be used (overrides + the VISUAL and EDITOR environment + variables). If this option is not used, and + neither VISUAL nor EDITOR environment variables + are set, then the vi editor will be used. + + + + + + -b basedn + Specify Base Distinguished Name to use. + + + + -v + --verbose + + Make ldbedit more verbose about the + operations that are being performed. Without + this option, ldbedit will only provide a + summary change line. + + + + + + + + + + ENVIRONMENT + + + + LDB_URL + + LDB URL to connect to. This can be + overridden by using the -H command-line option.) + + + + + VISUAL and EDITOR + + + Environment variables used to determine what + editor to use. VISUAL takes precedence over + EDITOR, and both are overridden by the + -e command-line option. + + + + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1) + + + + + AUTHOR + + + ldb was written by + Andrew Tridgell. + + + + If you wish to report a problem or make a suggestion then please see + the web site for + current contact and maintainer information. + + + + This manpage was written by Jelmer Vernooij and updated + by Brad Hards. + + + + + diff --git a/docs-xml/manpages-3/ldbmodify.1.xml b/docs-xml/manpages-3/ldbmodify.1.xml new file mode 100644 index 0000000000..a46ae5047b --- /dev/null +++ b/docs-xml/manpages-3/ldbmodify.1.xml @@ -0,0 +1,96 @@ + + + + + + ldbmodify + 1 + Samba + User Commands + 3.2 + + + + + ldbmodify + Modify records in a LDB database + + + + + ldbmodify + -H LDB-URL + ldif-file + + + + + DESCRIPTION + + + ldbmodify changes, adds and deletes records in a LDB database. + The changes that should be made to the LDB database are read from + the specified LDIF-file. If - is specified as the filename, input is read from stdin. + + + For now, see ldapmodify(1) for details on the LDIF file format. + + + + + + OPTIONS + + + + -H <ldb-url> + + LDB URL to connect to. See ldb(7) for details. + + + + + + + ENVIRONMENT + + + LDB_URL + LDB URL to connect to (can be overrided by using the + -H command-line option.) + + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + ldb(7), ldbedit + + + + + AUTHOR + + ldb was written by + Andrew Tridgell. + + + +If you wish to report a problem or make a suggestion then please see +the web site for +current contact and maintainer information. + + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/docs-xml/manpages-3/ldbsearch.1.xml b/docs-xml/manpages-3/ldbsearch.1.xml new file mode 100644 index 0000000000..398860bca0 --- /dev/null +++ b/docs-xml/manpages-3/ldbsearch.1.xml @@ -0,0 +1,122 @@ + + + + + + ldbsearch + 1 + Samba + User Commands + 3.2 + + + + + ldbsearch + Search for records in a LDB database + + + + + ldbsearch + -h + -s base|one|sub + -b basedn + -i + -H LDB-URL + expression + attributes + + + + + DESCRIPTION + + ldbsearch searches a LDB database for records matching the + specified expression (see the ldapsearch(1) manpage for + a description of the expression format). For each + record, the specified attributes are printed. + + + + + + + OPTIONS + + + + -h + + Show list of available options. + + + + -H <ldb-url> + + LDB URL to connect to. See ldb(7) for details. + + + + + -s one|sub|base + Search scope to use. One-level, subtree or base. + + + + -i + Read search expressions from stdin. + + + + -b basedn + Specify Base DN to use. + + + + + + + + ENVIRONMENT + + + LDB_URL + LDB URL to connect to (can be overrided by using the + -H command-line option.) + + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + ldb(7), ldbedit(1) + + + + + AUTHOR + + ldb was written by + Andrew Tridgell. + + + +If you wish to report a problem or make a suggestion then please see +the web site for +current contact and maintainer information. + + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/docs-xml/manpages-3/libsmbclient.7.xml b/docs-xml/manpages-3/libsmbclient.7.xml new file mode 100644 index 0000000000..61016c55ce --- /dev/null +++ b/docs-xml/manpages-3/libsmbclient.7.xml @@ -0,0 +1,140 @@ + + + + + + libsmbclient + 7 + Samba + 7 + 3.2 + + + + + libsmbclient + An extension library for browsers and that can be used as a generic browsing API. + + + + + Browser URL: + + smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options] + + + + + + + DESCRIPTION + + + This tool is part of the samba + 7 suite. + + + + libsmbclient is a library toolset that permits applications to manipulate CIFS/SMB network + resources using many of the standards POSIX functions available for manipulating local UNIX/Linux files. It + permits much more than just browsing, files can be opened and read or written, permissions changed, file times + modified, attributes and ACL's can be manipulated, and so on. Of course, its functionality includes all the + capabilities commonly called browsing. + + + + libsmbclient can not be used directly from the command line, instead it provides an + extension of the capabilities of tools such as file managers and browsers. This man page describes the + configuration options for this tool so that the user may obtain greatest utility of use. + + + + + OPTIONS + + + What the URLs mean: + + + + + smb:// + + Shows all workgroups or domains that are visible in the network. The behavior matches + that of the Microsoft Windows Explorer. + + + + The method of locating the list of workgroups (domains also) varies depending on the setting of + the context variable (context->options.browse_max_lmb_count). It is the + responsibility of the application that calls this library to set this to a sensible value. This + is a compile-time option. This value determines the maximum number of local master browsers to + query for the list of workgroups. In order to ensure that the list is complete for those present + on the network, all master browsers must be querried. If there are a large number of workgroups + on the network, the time spent querying will be significant. For small networks (just a few + workgroups), it is suggested to set this value to 0, instructing libsmbclient to query all local + master browsers. In an environment that has many workgroups a more reasonable setting may be around 3. + + + + + smb://name/ + + This command causes libsmbclient to perform a name look-up. If the NAME<1D> or + NAME<1B> exists (workgroup name), libsmbclient will list all servers in the + workgroup (or domain). Otherwise, a name look-up for the NAME<20> (machine name) + will be performed, and the list of shared resources on the server will be displayed. + + + + + + When libsmbclient is invoked by an application it searches for a directory called + .smb in the $HOME directory that is specified in the users shell + environment. It then searches for a file called smb.conf which, + if present, will fully over-ride the system /etc/samba/smb.conf file. If + instead libsmbclient finds a file called ~/.smb/smb.conf.append, + it will read the system /etc/samba/smb.conf and then append the + contents of the ~/.smb/smb.conf.append to it. + + + + libsmbclient will check the users shell environment for the USER + parameter and will use its value when if the user parameter was not included + in the URL. + + + + + + PROGRAMMERS GUIDE + + + Watch this space for future updates. + + + + + + VERSION + + + This man page is correct for version 3.0 of the Samba suite. + + + + + AUTHOR + + + The original Samba software and related utilities were created by Andrew Tridgell. + Samba is now developed by the Samba Team as an Open Source project similar to the way + the Linux kernel is developed. + + + + The libsmbclient manpage page was written by John H Terpstra. + + + + diff --git a/docs-xml/manpages-3/lmhosts.5.xml b/docs-xml/manpages-3/lmhosts.5.xml new file mode 100644 index 0000000000..ec271770c4 --- /dev/null +++ b/docs-xml/manpages-3/lmhosts.5.xml @@ -0,0 +1,127 @@ + + + + + + lmhosts + 5 + Samba + File Formats and Conventions + 3.2 + + + + + lmhosts + The Samba NetBIOS hosts file + + + + lmhosts is the samba + 7 NetBIOS name to IP address mapping file. + + + + DESCRIPTION + + This file is part of the samba + 7 suite. + + lmhosts is the Samba + NetBIOS name to IP address mapping file. It + is very similar to the /etc/hosts file + format, except that the hostname component must correspond + to the NetBIOS naming format. + + + + FILE FORMAT + It is an ASCII file containing one line for NetBIOS name. + The two fields on each line are separated from each other by + white space. Any entry beginning with '#' is ignored. Each line + in the lmhosts file contains the following information: + + + IP Address - in dotted decimal format. + + + NetBIOS Name - This name format is a + maximum fifteen character host name, with an optional + trailing '#' character followed by the NetBIOS name type + as two hexadecimal digits. + + If the trailing '#' is omitted then the given IP + address will be returned for all names that match the given + name, whatever the NetBIOS name type in the lookup. + + + + An example follows: + +# +# Sample Samba lmhosts file. +# +192.9.200.1 TESTPC +192.9.200.20 NTSERVER#20 +192.9.200.21 SAMBASERVER + + + + Contains three IP to NetBIOS name mappings. The first + and third will be returned for any queries for the names "TESTPC" + and "SAMBASERVER" respectively, whatever the type component of + the NetBIOS name requested. + + The second mapping will be returned only when the "0x20" name + type for a name "NTSERVER" is queried. Any other name type will not + be resolved. + + The default location of the lmhosts file + is in the same directory as the smb.conf + 5 file. + + + + + FILES + + lmhosts is loaded from the configuration directory. This is + usually /etc/samba or /usr/local/samba/lib. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + + smbclient1 + , smb.conf5 + , and smbpasswd + 8 + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/log2pcap.1.xml b/docs-xml/manpages-3/log2pcap.1.xml new file mode 100644 index 0000000000..48eb1a1a24 --- /dev/null +++ b/docs-xml/manpages-3/log2pcap.1.xml @@ -0,0 +1,138 @@ + + + + + + log2pcap + 1 + Samba + User Commands + 3.2 + + + + + log2pcap + Extract network traces from Samba log files + + + + + log2pcap + -h + -q + logfile + pcap_file + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + log2pcap reads in a + samba log file and generates a pcap file (readable + by most sniffers, such as ethereal or tcpdump) based on the packet + dumps in the log file. + + The log file must have a log level + of at least 5 to get the SMB header/parameters + right, 10 to get the first 512 data bytes of the + packet and 50 to get the whole packet. + + + + + OPTIONS + + + + -h + If this parameter is + specified the output file will be a + hex dump, in a format that is readable + by the text2pcap utility. + + + + -q + Be quiet. No warning messages about missing + or incomplete data will be given. + + + + logfile + + Samba log file. log2pcap will try to read the log from stdin + if the log file is not specified. + + + + + pcap_file + + Name of the output file to write the pcap (or hexdump) data to. + If this argument is not specified, output data will be written + to stdout. + + + + &stdarg.help; + + + + + + EXAMPLES + + Extract all network traffic from all samba log files: + + + $ log2pcap < /var/log/* > trace.pcap + + + Convert to pcap using text2pcap: + + + $ log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + BUGS + + Only SMB data is extracted from the samba logs, no LDAP, + NetBIOS lookup or other data. + + The generated TCP and IP headers don't contain a valid + checksum. + + + + + + SEE ALSO + text2pcap + 1, ethereal1 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + This manpage was written by Jelmer Vernooij. + + + diff --git a/docs-xml/manpages-3/mount.cifs.8.xml b/docs-xml/manpages-3/mount.cifs.8.xml new file mode 100644 index 0000000000..51a22b3879 --- /dev/null +++ b/docs-xml/manpages-3/mount.cifs.8.xml @@ -0,0 +1,614 @@ + + + + + + mount.cifs + 8 + Samba + System Administration tools + 3.2 + + + + + mount.cifs + mount using the Common Internet File System (CIFS) + + + + + + mount.cifs + service + mount-point + -o options + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + mount.cifs mounts a Linux CIFS filesystem. It +is usually invoked indirectly by +the mount8 command when using the +"-t cifs" option. This command only works in Linux, and the kernel must +support the cifs filesystem. The CIFS protocol is the successor to the +SMB protocol and is supported by most Windows servers and many other +commercial servers and Network Attached Storage appliances as well as +by the popular Open Source server Samba. + + + + The mount.cifs utility attaches the UNC name (exported network resource) to + the local directory mount-point. It is possible to set the mode for mount.cifs to +setuid root to allow non-root users to mount shares to directories for which they +have write permission. + + + + Options to mount.cifs are specified as a comma-separated +list of key=value pairs. It is possible to send options other +than those listed here, assuming that the cifs filesystem kernel module (cifs.ko) supports them. +Unrecognized cifs mount options passed to the cifs vfs kernel code will be logged to the +kernel log. + + + + mount.cifs causes the cifs vfs to launch a thread named cifsd. After mounting it keeps running until + the mounted resource is unmounted (usually via the umount utility). + + + + + + OPTIONS + + user=arg + + specifies the username to connect as. If + this is not given, then the environment variable USER is used. This option can also take the +form "user%password" or "workgroup/user" or +"workgroup/user%password" to allow the password and workgroup +to be specified as part of the username. + + + + + The cifs vfs accepts the parameter user=, or for users familiar with smbfs it accepts the longer form of the parameter username=. Similarly the longer smbfs style parameter names may be accepted as synonyms for the shorter cifs parameters pass=,dom= and cred=. + + + + + + + password=arg + + specifies the CIFS password. If this +option is not given then the environment variable +PASSWD is used. If the password is not specified +directly or indirectly via an argument to mount, mount.cifs will prompt +for a password, unless the guest option is specified. + + +Note that a password which contains the delimiter +character (i.e. a comma ',') will fail to be parsed correctly +on the command line. However, the same password defined +in the PASSWD environment variable or via a credentials file (see +below) or entered at the password prompt will be read correctly. + + + + credentials=filename + + + specifies a file that contains a username + and/or password. The format of the file is: + + + + username=value + password=value + + + +This is preferred over having passwords in plaintext in a +shared file, such as /etc/fstab. Be sure to protect any +credentials file properly. + + + + + uid=arg + + sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. + For mounts to servers which do support the CIFS Unix extensions, + such as a properly configured Samba server, the server provides + the uid, gid and mode so this parameter should not be + specified unless the server and client uid and gid + numbering differ. If the server and client are in the + same domain (e.g. running winbind or nss_ldap) and + the server supports the Unix Extensions then the uid + and gid can be retrieved from the server (and uid + and gid would not have to be specifed on the mount. + For servers which do not support the CIFS Unix + extensions, the default uid (and gid) returned on lookup + of existing files will be the uid (gid) of the person + who executed the mount (root, except when mount.cifs + is configured setuid for user mounts) unless the "uid=" + (gid) mount option is specified. For the uid (gid) of newly + created files and directories, ie files created since + the last mount of the server share, the expected uid + (gid) is cached as long as the inode remains in + memory on the client. Also note that permission + checks (authorization checks) on accesses to a file occur + at the server, but there are cases in which an administrator + may want to restrict at the client as well. For those + servers which do not report a uid/gid owner + (such as Windows), permissions can also be checked at the + client, and a crude form of client side permission checking + can be enabled by specifying file_mode and dir_mode on + the client. Note that the mount.cifs helper must be + at version 1.10 or higher to support specifying the uid + (or gid) in non-numeric form. + + + + + gid=arg + + sets the gid that will own all files on +the mounted filesystem. It may be specified as either a groupname or a numeric +gid. For other considerations see the description of uid above. + + + + + port=arg + + sets the port number on the server to attempt to contact to negotiate +CIFS support. If the CIFS server is not listening on this port or +if it is not specified, the default ports will be tried i.e. +port 445 is tried and if no response then port 139 is tried. + + + + + servern=arg + + + Specify the server netbios name (RFC1001 name) to use + when attempting to setup a session to the server. Although + rarely needed for mounting to newer servers, this option + is needed for mounting to some older servers (such + as OS/2 or Windows 98 and Windows ME) since when connecting + over port 139 they, unlike most newer servers, do not + support a default server name. A server name can be up + to 15 characters long and is usually uppercased. + + + + + netbiosname=arg + + When mounting to servers via port 139, specifies the RFC1001 + source name to use to represent the client netbios machine + name when doing the RFC1001 netbios session initialize. + + + + + file_mode=arg + + If the server does not support the CIFS Unix extensions this + overrides the default file mode. + + + + dir_mode=arg + + If the server does not support the CIFS Unix extensions this + overrides the default mode for directories. + + + + ip=arg + + sets the destination IP address. This option is set automatically if the server name portion of the requested UNC name can be resolved so rarely needs to be specified by the user. + + + + domain=arg + + sets the domain (workgroup) of the user + + + + guest + + don't prompt for a password + + + + + iocharset + + Charset used to convert local path names to and from + Unicode. Unicode is used by default for network path + names if the server supports it. If iocharset is + not specified then the nls_default specified + during the local client kernel build will be used. + If server does not support Unicode, this parameter is + unused. + + + + + ro + + mount read-only + + + + + rw + mount read-write + + + + setuids + If the CIFS Unix extensions are negotiated with the server + the client will attempt to set the effective uid and gid of + the local process on newly created files, directories, and + devices (create, mkdir, mknod). If the CIFS Unix Extensions + are not negotiated, for newly created files and directories + instead of using the default uid and gid specified on the + the mount, cache the new file's uid and gid locally which means + that the uid for the file can change when the inode is + reloaded (or the user remounts the share). + + + + nosetuids + The client will not attempt to set the uid and gid on + on newly created files, directories, and devices (create, + mkdir, mknod) which will result in the server setting the + uid and gid to the default (usually the server uid of the + user who mounted the share). Letting the server (rather than + the client) set the uid and gid is the default.If the CIFS + Unix Extensions are not negotiated then the uid and gid for + new files will appear to be the uid (gid) of the mounter or the + uid (gid) parameter specified on the mount. + + + + perm + Client does permission checks (vfs_permission check of uid + and gid of the file against the mode and desired operation), + Note that this is in addition to the normal ACL check on the + target machine done by the server software. + Client permission checking is enabled by default. + + + + noperm + Client does not do permission checks. This can expose + files on this mount to access by other users on the local + client system. It is typically only needed when the server + supports the CIFS Unix Extensions but the UIDs/GIDs on the + client and server system do not match closely enough to allow + access by the user doing the mount. + Note that this does not affect the normal ACL check on the + target machine done by the server software (of the server + ACL against the user name provided at mount time). + + + + directio + Do not do inode data caching on files opened on this mount. + This precludes mmaping files on this mount. In some cases + with fast networks and little or no caching benefits on the + client (e.g. when the application is doing large sequential + reads bigger than page size without rereading the same data) + this can provide better performance than the default + behavior which caches reads (readahead) and writes + (writebehind) through the local Linux client pagecache + if oplock (caching token) is granted and held. Note that + direct allows write operations larger than page size + to be sent to the server. On some kernels this requires the cifs.ko module + to be built with the CIFS_EXPERIMENTAL configure option. + + + + mapchars + Translate six of the seven reserved characters (not backslash, but including the colon, question mark, pipe, asterik, greater than and less than characters) + to the remap range (above 0xF000), which also + allows the CIFS client to recognize files created with + such characters by Windows's POSIX emulation. This can + also be useful when mounting to most versions of Samba + (which also forbids creating and opening files + whose names contain any of these seven characters). + This has no effect if the server does not support + Unicode on the wire. + + + + nomapchars + Do not translate any of these seven characters (default) + + + + intr + currently unimplemented + + + + nointr + (default) currently unimplemented + + + + hard + The program accessing a file on the cifs mounted file system will hang when the + server crashes. + + + + soft + (default) The program accessing a file on the cifs mounted file system will not hang when the server crashes and will return errors to the user application. + + + + noacl + Do not allow POSIX ACL operations even if server would support them. + The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers + version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and + then POSIX support in the CIFS configuration options when building the cifs + module. POSIX ACL support can be disabled on a per mount basic by specifying + "noacl" on mount. + + + + + nocase + + Request case insensitive path name matching (case + sensitive is the default if the server suports it). + + + + + + sec= + + Security mode. Allowed values are: + + none attempt to connection as a null user (no name) + krb5 Use Kerberos version 5 authentication + krb5i Use Kerberos authentication and packet signing + ntlm Use NTLM password hashing (default) + ntlmi Use NTLM password hashing with signing (if + /proc/fs/cifs/PacketSigningEnabled on or if + server requires signing also can be the default) + ntlmv2 Use NTLMv2 password hashing + ntlmv2i Use NTLMv2 password hashing with packet signing + + + [NB This [sec parameter] is under development and expected to be available in cifs kernel module 1.40 and later] + + + + + + nobrl + + Do not send byte range lock requests to the server. + This is necessary for certain applications that break + with cifs style mandatory byte range locks (and most + cifs servers do not yet support requesting advisory + byte range locks). + + + + + + sfu + + + When the CIFS Unix Extensions are not negotiated, attempt to + create device files and fifos in a format compatible with + Services for Unix (SFU). In addition retrieve bits 10-12 + of the mode via the SETFILEBITS extended attribute (as + SFU does). In the future the bottom 9 bits of the mode + mode also will be emulated using queries of the security + descriptor (ACL). [NB: requires version 1.39 or later + of the CIFS VFS. To recognize symlinks and be able + to create symlinks in an SFU interoperable form + requires version 1.40 or later of the CIFS VFS kernel module. + + + + + + serverino + Use inode numbers (unique persistent file identifiers) + returned by the server instead of automatically generating + temporary inode numbers on the client. Although server inode numbers + make it easier to spot hardlinked files (as they will have + the same inode numbers) and inode numbers may be persistent (which is + userful for some sofware), + the server does not guarantee that the inode numbers + are unique if multiple server side mounts are exported under a + single share (since inode numbers on the servers might not + be unique if multiple filesystems are mounted under the same + shared higher level directory). Note that not all + servers support returning server inode numbers, although + those that support the CIFS Unix Extensions, and Windows 2000 and + later servers typically do support this (although not necessarily + on every local server filesystem). Parameter has no effect if + the server lacks support for returning inode numbers or equivalent. + + + + + noserverino + client generates inode numbers (rather than using the actual one + from the server) by default. + + + + + nouser_xattr + (default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise. + + + + rsize=arg + default network read size (usually 16K). The client currently + can not use rsize larger than CIFSMaxBufSize. CIFSMaxBufSize + defaults to 16K and may be changed (from 8K to the maximum + kmalloc size allowed by your kernel) at module install time + for cifs.ko. Setting CIFSMaxBufSize to a very large value + will cause cifs to use more memory and may reduce performance + in some cases. To use rsize greater than 127K (the original + cifs protocol maximum) also requires that the server support + a new Unix Capability flag (for very large read) which some + newer servers (e.g. Samba 3.0.26 or later) do. rsize can be + set from a minimum of 2048 to a maximum of 130048 (127K or + CIFSMaxBufSize, whichever is smaller) + + + + + + wsize=arg + + default network write size (default 57344) + maximum wsize currently allowed by CIFS is 57344 (fourteen + 4096 byte pages) + + + --verbose + Print additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:mount -t cifs //server/share /mnt --verbose -o user=username + + + + + + + + SERVICE FORMATTING AND DELIMITERS + + + It's generally preferred to use forward slashes (/) as a delimiter in service names. They are considered to be the "universal delimiter" since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to blackslashes (\) unconditionally. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can't be automatically converted in the same way. + + + mount.cifs will attempt to convert backslashes to forward slashes where it's able to do so, but it cannot do so in any path component following the sharename. + + + + + ENVIRONMENT VARIABLES + + + The variable USER may contain the username of the +person to be used to authenticate to the server. +The variable can be used to set both username and +password by using the format username%password. + + + + The variable PASSWD may contain the password of the +person using the client. + + + + The variable PASSWD_FILE may contain the pathname +of a file to read the password from. A single line of input is +read and used as the password. + + + + + + NOTES + + This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled. + + + + CONFIGURATION + +The primary mechanism for making configuration changes and for reading +debug information for the cifs vfs is via the Linux /proc filesystem. +In the directory /proc/fs/cifs are various +configuration files and pseudo files which can display debug information. +There are additional startup options such as maximum buffer size and number +of buffers which only may be set when the kernel cifs vfs (cifs.ko module) is +loaded. These can be seen by running the modinfo utility against the file +cifs.ko which will list the options that may be passed to cifs during module +installation (device driver load). +For more information see the kernel file fs/cifs/README. + + + + + BUGS + + Mounting using the CIFS URL specification is currently not supported. + + + The credentials file does not handle usernames or passwords with + leading space. + + +Note that the typical response to a bug report is a suggestion +to try the latest version first. So please try doing that first, +and always include which versions you use of relevant software +when reporting bugs (minimum: mount.cifs (try mount.cifs -V), kernel (see /proc/version) and +server type you are trying to contact. + + + + + + + VERSION + + This man page is correct for version 1.52 of + the cifs vfs filesystem (roughly Linux kernel 2.6.24). + + + + SEE ALSO + + Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel + source tree may contain additional options and information. + + umount.cifs + 8 + + + + + AUTHOR + + Steve French + + The syntax and manpage were loosely based on that of smbmount. It + was converted to Docbook/XML by Jelmer Vernooij. + + The maintainer of the Linux cifs vfs and the userspace + tool mount.cifs is Steve French. + The Linux CIFS Mailing list + is the preferred place to ask questions regarding these programs. + + + + + diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml new file mode 100644 index 0000000000..9e2558eb32 --- /dev/null +++ b/docs-xml/manpages-3/net.8.xml @@ -0,0 +1,1548 @@ + + + + + + net + 8 + Samba + System Administration tools + 3.2 + + + + + net + Tool for administration of Samba and remote + CIFS servers. + + + + + + net + <ads|rap|rpc> + -h + -w workgroup + -W myworkgroup + -U user + -I ip-address + -p port + -n myname + -s conffile + -S server + -l + -P + -d debuglevel + -V + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + The Samba net utility is meant to work just like the net utility + available for windows and DOS. The first argument should be used + to specify the protocol to use when executing a certain command. + ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) + clients and RPC can be used for NT4 and Windows 2000. If this + argument is omitted, net will try to determine it automatically. + Not all commands are available on all protocols. + + + + + + OPTIONS + + + &stdarg.help; + + + -w target-workgroup + + Sets target workgroup or domain. You have to specify + either this option or the IP address or the name of a server. + + + + + -W workgroup + + Sets client workgroup or domain + + + + + -U user + + User name to use + + + + + -I ip-address + + IP address of target server to use. You have to + specify either this option or a target workgroup or + a target server. + + + + + -p port + + Port on the target server to connect to (usually 139 or 445). + Defaults to trying 445 first, then 139. + + + + &stdarg.netbios.name; + &stdarg.configfile; + + + -S server + + Name of target server. You should specify either + this option or a target workgroup or a target IP address. + + + + + -l + + When listing data, give more information on each item. + + + + + -P + + Make queries to the external server using the machine account of the local server. + + + + &stdarg.server.debug; + + + + +COMMANDS + + +CHANGESECRETPW + +This command allows the Samba machine account password to be set from an external application +to a machine account password that has already been stored in Active Directory. DO NOT USE this command +unless you know exactly what you are doing. The use of this command requires that the force flag (-f) +be used also. There will be NO command prompt. Whatever information is piped into stdin, either by +typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use +this without care and attention as it will overwrite a legitimate machine password without warning. +YOU HAVE BEEN WARNED. + + + + + + TIME + + The NET TIME command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server. + + +TIME + +Without any options, the NET TIME command +displays the time on the remote server. + + + + + +TIME SYSTEM + +Displays the time on the remote server in a format ready for /bin/date. + + + + +TIME SET +Tries to set the date and time of the local server to that on +the remote server using /bin/date. + + + + +TIME ZONE + +Displays the timezone in hours from GMT on the remote computer. + + + + + +[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options] + + +Join a domain. If the account already exists on the server, and +[TYPE] is MEMBER, the machine will attempt to join automatically. +(Assuming that the machine has been created in server manager) +Otherwise, a password will be prompted for, and a new account may +be created. + + +[TYPE] may be PDC, BDC or MEMBER to specify the type of server +joining the domain. + + + +[UPN] (ADS only) set the principalname attribute during the join. The default +format is host/netbiosname@REALM. + + + +[OU] (ADS only) Precreate the computer account in a specific OU. The +OU string reads from top to bottom without RDNs, and is delimited by +a '/'. Please note that '\' is used for escape by both the shell +and ldap, so it may need to be doubled or quadrupled to pass through, +and it is not used as a delimiter. + + + + +[RPC] OLDJOIN [options] + +Join a domain. Use the OLDJOIN option to join the domain +using the old style of domain joining - you need to create a trust +account in server manager first. + + + +[RPC|ADS] USER + + +[RPC|ADS] USER + +List all users + + + + +[RPC|ADS] USER DELETE <replaceable>target</replaceable> + +Delete specified user + + + + +[RPC|ADS] USER INFO <replaceable>target</replaceable> + +List the domain groups of the specified user. + + + + +[RPC|ADS] USER RENAME <replaceable>oldname</replaceable> <replaceable>newname</replaceable> + +Rename specified user. + + + + +[RPC|ADS] USER ADD <replaceable>name</replaceable> [password] [-F user flags] [-C comment] + +Add specified user. + + + + +[RPC|ADS] GROUP + + +[RPC|ADS] GROUP [misc options] [targets] +List user groups. + + + +[RPC|ADS] GROUP DELETE <replaceable>name</replaceable> [misc. options] + +Delete specified group. + + + + +[RPC|ADS] GROUP ADD <replaceable>name</replaceable> [-C comment] + +Create specified group. + + + + + +[RAP|RPC] SHARE + + +[RAP|RPC] SHARE [misc. options] [targets] + +Enumerates all exported resources (network shares) on target server. + + + + +[RAP|RPC] SHARE ADD <replaceable>name=serverpath</replaceable> [-C comment] [-M maxusers] [targets] + +Adds a share from a server (makes the export active). Maxusers +specifies the number of users that can be connected to the +share simultaneously. + + + + +SHARE DELETE <replaceable>sharename</replaceable> + +Delete specified share. + + + + +[RPC|RAP] FILE + + +[RPC|RAP] FILE + +List all open files on remote server. + + + + +[RPC|RAP] FILE CLOSE <replaceable>fileid</replaceable> + +Close file with specified fileid on +remote server. + + + + +[RPC|RAP] FILE INFO <replaceable>fileid</replaceable> + + +Print information on specified fileid. +Currently listed are: file-id, username, locks, path, permissions. + + + + + +[RAP|RPC] FILE USER <replaceable>user</replaceable> + + +List files opened by specified user. +Please note that net rap file user does not work +against Samba servers. + + + + + + + +SESSION + + +RAP SESSION + +Without any other options, SESSION enumerates all active SMB/CIFS +sessions on the target server. + + + + +RAP SESSION DELETE|CLOSE <replaceable>CLIENT_NAME</replaceable> + +Close the specified sessions. + + + + +RAP SESSION INFO <replaceable>CLIENT_NAME</replaceable> + +Give a list with all the open files in specified session. + + + + + + +RAP SERVER <replaceable>DOMAIN</replaceable> + +List all servers in specified domain or workgroup. Defaults +to local domain. + + + + +RAP DOMAIN + +Lists all domains and workgroups visible on the +current network. + + + + +RAP PRINTQ + + +RAP PRINTQ LIST <replaceable>QUEUE_NAME</replaceable> + +Lists the specified print queue and print jobs on the server. +If the QUEUE_NAME is omitted, all +queues are listed. + + + + +RAP PRINTQ DELETE <replaceable>JOBID</replaceable> + +Delete job with specified id. + + + + + + +RAP VALIDATE <replaceable>user</replaceable> [<replaceable>password</replaceable>] + + +Validate whether the specified user can log in to the +remote server. If the password is not specified on the commandline, it +will be prompted. + + +¬.implemented; + + + + +RAP GROUPMEMBER + + +RAP GROUPMEMBER LIST <replaceable>GROUP</replaceable> + +List all members of the specified group. + + + + +RAP GROUPMEMBER DELETE <replaceable>GROUP</replaceable> <replaceable>USER</replaceable> + +Delete member from group. + + + + +RAP GROUPMEMBER ADD <replaceable>GROUP</replaceable> <replaceable>USER</replaceable> + +Add member to group. + + + + + + +RAP ADMIN <replaceable>command</replaceable> + +Execute the specified command on +the remote server. Only works with OS/2 servers. + + +¬.implemented; + + + + +RAP SERVICE + + +RAP SERVICE START <replaceable>NAME</replaceable> [arguments...] + +Start the specified service on the remote server. Not implemented yet. + +¬.implemented; + + + + +RAP SERVICE STOP + +Stop the specified service on the remote server. + +¬.implemented; + + + + + + +RAP PASSWORD <replaceable>USER</replaceable> <replaceable>OLDPASS</replaceable> <replaceable>NEWPASS</replaceable> + + +Change password of USER from OLDPASS to NEWPASS. + + + + + +LOOKUP + + +LOOKUP HOST <replaceable>HOSTNAME</replaceable> [<replaceable>TYPE</replaceable>] + + +Lookup the IP address of the given host with the specified type (netbios suffix). +The type defaults to 0x20 (workstation). + + + + + +LOOKUP LDAP [<replaceable>DOMAIN</replaceable>] + +Give IP address of LDAP server of specified DOMAIN. Defaults to local domain. + + + + +LOOKUP KDC [<replaceable>REALM</replaceable>] + +Give IP address of KDC for the specified REALM. +Defaults to local realm. + + + + +LOOKUP DC [<replaceable>DOMAIN</replaceable>] + +Give IP's of Domain Controllers for specified +DOMAIN. Defaults to local domain. + + + + +LOOKUP MASTER <replaceable>DOMAIN</replaceable> + +Give IP of master browser for specified DOMAIN +or workgroup. Defaults to local domain. + + + + + + +CACHE + +Samba uses a general caching interface called 'gencache'. It +can be controlled using 'NET CACHE'. + +All the timeout parameters support the suffixes: + + +s - Seconds +m - Minutes +h - Hours +d - Days +w - Weeks + + + + + +CACHE ADD <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable> + +Add specified key+data to the cache with the given timeout. + + + + +CACHE DEL <replaceable>key</replaceable> + +Delete key from the cache. + + + + +CACHE SET <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable> + +Update data of existing cache entry. + + + + +CACHE SEARCH <replaceable>PATTERN</replaceable> + +Search for the specified pattern in the cache data. + + + + +CACHE LIST + + +List all current items in the cache. + + + + + +CACHE FLUSH + +Remove all the current items from the cache. + + + + + + +GETLOCALSID [DOMAIN] + +Prints the SID of the specified domain, or if the parameter is +omitted, the SID of the local server. + + + + +SETLOCALSID S-1-5-21-x-y-z + +Sets SID for the local server to the specified SID. + + + + +GETDOMAINSID + +Prints the local machine SID and the SID of the current +domain. + + + + +SETDOMAINSID + +Sets the SID of the current domain. + + + + +GROUPMAP + +Manage the mappings between Windows group SIDs and UNIX groups. +Common options include: + + +unixgroup - Name of the UNIX group +ntgroup - Name of the Windows NT group (must be + resolvable to a SID +rid - Unsigned 32-bit integer +sid - Full SID in the form of "S-1-..." +type - Type of the group; either 'domain', 'local', + or 'builtin' +comment - Freeform text description of the group + + + +GROUPMAP ADD + + +Add a new group mapping entry: + +net groupmap add {rid=int|sid=string} unixgroup=string \ + [type={domain|local}] [ntgroup=string] [comment=string] + + + + + + +GROUPMAP DELETE + +Delete a group mapping entry. If more than one group name matches, the first entry found is deleted. + +net groupmap delete {ntgroup=string|sid=SID} + + + + +GROUPMAP MODIFY + +Update en existing group entry. + + + +net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \ + [comment=string] [type={domain|local}] + + + + + +GROUPMAP LIST + +List existing group mapping entries. + +net groupmap list [verbose] [ntgroup=string] [sid=SID] + + + + + + + +MAXRID + +Prints out the highest RID currently in use on the local +server (by the active 'passdb backend'). + + + + + +RPC INFO + +Print information about the domain of the remote server, +such as domain name, domain sid and number of users and groups. + + + + + +[RPC|ADS] TESTJOIN + +Check whether participation in a domain is still valid. + + + + +[RPC|ADS] CHANGETRUSTPW + +Force change of domain trust password. + + + + +RPC TRUSTDOM + + +RPC TRUSTDOM ADD <replaceable>DOMAIN</replaceable> + +Add a interdomain trust account for DOMAIN. +This is in fact a Samba account named DOMAIN$ +with the account flag 'I' (interdomain trust account). +If the command is used against localhost it has the same effect as +smbpasswd -a -i DOMAIN. Please note that both commands +expect a appropriate UNIX account. + + + + + +RPC TRUSTDOM DEL <replaceable>DOMAIN</replaceable> + +Remove interdomain trust account for +DOMAIN. If it is used against localhost +it has the same effect as smbpasswd -x DOMAIN$. + + + + + +RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable> + + +Establish a trust relationship to a trusting domain. +Interdomain account must already be created on the remote PDC. + + + + + +RPC TRUSTDOM REVOKE <replaceable>DOMAIN</replaceable> +Abandon relationship to trusted domain + + + + +RPC TRUSTDOM LIST + +List all current interdomain trust relationships. + + + + +RPC RIGHTS + +This subcommand is used to view and manage Samba's rights assignments (also +referred to as privileges). There are three options currently available: +list, grant, and +revoke. More details on Samba's privilege model and its use +can be found in the Samba-HOWTO-Collection. + + + + + + + +RPC ABORTSHUTDOWN + +Abort the shutdown of a remote server. + + + + +RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message] + +Shut down the remote server. + + + +-r + +Reboot after shutdown. + + + + +-f + +Force shutting down all applications. + + + + +-t timeout + +Timeout before system will be shut down. An interactive +user of the system can use this time to cancel the shutdown. + +'> + + +-C message +Display the specified message on the screen to +announce the shutdown. + + + + + + +RPC SAMDUMP + +Print out sam database of remote server. You need +to run this against the PDC, from a Samba machine joined as a BDC. + + + +RPC VAMPIRE + +Export users, aliases and groups from remote server to +local server. You need to run this against the PDC, from a Samba machine joined as a BDC. + + + + + +RPC GETSID + +Fetch domain SID and store it in the local secrets.tdb. + + + + +ADS LEAVE + +Make the remote host leave the domain it is part of. + + + + +ADS STATUS + +Print out status of machine account of the local machine in ADS. +Prints out quite some debug info. Aimed at developers, regular +users should use NET ADS TESTJOIN. + + + + +ADS PRINTER + + +ADS PRINTER INFO [<replaceable>PRINTER</replaceable>] [<replaceable>SERVER</replaceable>] + + +Lookup info for PRINTER on SERVER. The printer name defaults to "*", the +server name defaults to the local host. + + + + +ADS PRINTER PUBLISH <replaceable>PRINTER</replaceable> + +Publish specified printer using ADS. + + + + +ADS PRINTER REMOVE <replaceable>PRINTER</replaceable> + +Remove specified printer from ADS directory. + + + + + + +ADS SEARCH <replaceable>EXPRESSION</replaceable> <replaceable>ATTRIBUTES...</replaceable> + +Perform a raw LDAP search on a ADS server and dump the results. The +expression is a standard LDAP search expression, and the +attributes are a list of LDAP fields to show in the results. + +Example: net ads search '(objectCategory=group)' sAMAccountName + + + + + +ADS DN <replaceable>DN</replaceable> <replaceable>(attributes)</replaceable> + + +Perform a raw LDAP search on a ADS server and dump the results. The +DN standard LDAP DN, and the attributes are a list of LDAP fields +to show in the result. + + +Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName + + + + +ADS WORKGROUP + +Print out workgroup name for specified kerberos realm. + + + + +SAM CREATEBUILTINGROUP <NAME> + + +(Re)Create a BUILTIN group. +Only a wellknown set of BUILTIN groups can be created with this command. +This is the list of currently recognized group names: Administrators, +Users, Guests, Power Users, Account Operators, Server Operators, Print +Operators, Backup Operators, Replicator, RAS Servers, Pre-Windows 2000 +compatible Access. + +This command requires a running Winbindd with idmap allocation properly +configured. The group gid will be allocated out of the winbindd range. + + + + + +SAM CREATELOCALGROUP <NAME> + + +Create a LOCAL group (also known as Alias). + +This command requires a running Winbindd with idmap allocation properly +configured. The group gid will be allocated out of the winbindd range. + + + + + +SAM DELETELOCALGROUP <NAME> + + +Delete an existing LOCAL group (also known as Alias). + + + + + + +SAM MAPUNIXGROUP <NAME> + + +Map an existing Unix group and make it a Domain Group, the domain group +will have the same name. + + + + + +SAM UNMAPUNIXGROUP <NAME> + + +Remove an existing group mapping entry. + + + + + +SAM ADDMEM <GROUP> <MEMBER> + + +Add a member to a Local group. The group can be specified only by name, +the member can be specified by name or SID. + + + + + +SAM DELMEM <GROUP> <MEMBER> + + +Remove a member from a Local group. The group and the member must be +specified by name. + + + + + +SAM LISTMEM <GROUP> + + +List Local group members. The group must be specified by name. + + + + + +SAM LIST <users|groups|localgroups|builtin|workstations> [verbose] + + +List the specified set of accounts by name. If verbose is specified, +the rid and description is also provided for each account. + + + + + +SAM SHOW <NAME> + + +Show the full DOMAIN\\NAME the SID and the type for the corresponding +account. + + + + + +SAM SET HOMEDIR <NAME> <DIRECTORY> + + +Set the home directory for a user account. + + + + + +SAM SET PROFILEPATH <NAME> <PATH> + + +Set the profile path for a user account. + + + + + +SAM SET COMMENT <NAME> <COMMENT> + + +Set the comment for a user or group account. + + + + + +SAM SET FULLNAME <NAME> <FULL NAME> + + +Set the full name for a user account. + + + + + +SAM SET LOGONSCRIPT <NAME> <SCRIPT> + + +Set the logon script for a user account. + + + + + +SAM SET HOMEDRIVE <NAME> <DRIVE> + + +Set the home drive for a user account. + + + + + +SAM SET WORKSTATIONS <NAME> <WORKSTATIONS> + + +Set the workstations a user account is allowed to log in from. + + + + + +SAM SET DISABLE <NAME> + + +Set the "disabled" flag for a user account. + + + + + +SAM SET PWNOTREQ <NAME> + + +Set the "password not required" flag for a user account. + + + + + +SAM SET AUTOLOCK <NAME> + + +Set the "autolock" flag for a user account. + + + + + +SAM SET PWNOEXP <NAME> + + +Set the "password do not expire" flag for a user account. + + + + + +SAM SET PWDMUSTCHANGENOW <NAME> [yes|no] + + +Set or unset the "password must change" flag for a user account. + + + + + +SAM POLICY LIST + + +List the available account policies. + + + + + +SAM POLICY SHOW <account policy> + + +Show the account policy value. + + + + + +SAM POLICY SET <account policy> <value> + + +Set a value for the account policy. +Valid values can be: "forever", "never", "off", or a number. + + + + + +SAM PROVISION + + +Only available if ldapsam:editposix is set and winbindd is running. +Properly populates the ldap tree with the basic accounts (Administrator) +and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree. + + + + + +IDMAP DUMP <local tdb file name> + + +Dumps the mappings contained in the local tdb file specified. +This command is useful to dump only the mappings produced by the idmap_tdb backend. + + + + + +IDMAP RESTORE [input file] + + +Restore the mappings from the specified file or stdin. + + + + + +IDMAP SECRET <DOMAIN>|ALLOC <secret> + + +Store a secret for the specified domain, used primarily for domains +that use idmap_ldap as a backend. In this case the secret is used +as the password for the user DN used to bind to the ldap server. + + + + + +USERSHARE + +Starting with version 3.0.23, a Samba server now supports the ability for +non-root users to add user defined shares to be exported using the "net usershare" +commands. + + + +To set this up, first set up your smb.conf by adding to the [global] section: + +usershare path = /usr/local/samba/lib/usershares + +Next create the directory /usr/local/samba/lib/usershares, change the owner to root and +set the group owner to the UNIX group who should have the ability to create usershares, +for example a group called "serverops". + +Set the permissions on /usr/local/samba/lib/usershares to 01770. + +(Owner and group all access, no access for others, plus the sticky bit, +which means that a file in that directory can be renamed or deleted only +by the owner of the file). + +Finally, tell smbd how many usershares you will allow by adding to the [global] +section of smb.conf a line such as : + +usershare max shares = 100. + +To allow 100 usershare definitions. Now, members of the UNIX group "serverops" +can create user defined shares on demand using the commands below. + + +The usershare commands are: + + +net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share. +net usershare delete sharename - to delete a user defined share. +net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share. +net usershare list [-l|--long] [wildcard sharename] - to list user defined shares. + + + + + +USERSHARE ADD <replaceable>sharename</replaceable> <replaceable>path</replaceable> <replaceable>[comment]</replaceable> <replaceable>[acl]</replaceable> <replaceable>[guest_ok=[y|n]]</replaceable> + + +Add or replace a new user defined share, with name "sharename". + + + +"path" specifies the absolute pathname on the system to be exported. +Restrictions may be put on this, see the global smb.conf parameters: +"usershare owner only", "usershare prefix allow list", and +"usershare prefix deny list". + + + +The optional "comment" parameter is the comment that will appear +on the share when browsed to by a client. + + +The optional "acl" field +specifies which users have read and write access to the entire share. +Note that guest connections are not allowed unless the smb.conf parameter +"usershare allow guests" has been set. The definition of a user +defined share acl is: "user:permission", where user is a valid +username on the system and permission can be "F", "R", or "D". +"F" stands for "full permissions", ie. read and write permissions. +"D" stands for "deny" for a user, ie. prevent this user from accessing +this share. +"R" stands for "read only", ie. only allow read access to this +share (no creation of new files or directories or writing to files). + + + +The default if no "acl" is given is "Everyone:R", which means any +authenticated user has read-only access. + + + +The optional "guest_ok" has the same effect as the parameter of the +same name in smb.conf, in that it allows guest access to this user +defined share. This parameter is only allowed if the global parameter +"usershare allow guests" has been set to true in the smb.conf. + + +There is no separate command to modify an existing user defined share, +just use the "net usershare add [sharename]" command using the same +sharename as the one you wish to modify and specify the new options +you wish. The Samba smbd daemon notices user defined share modifications +at connect time so will see the change immediately, there is no need +to restart smbd on adding, deleting or changing a user defined share. + + + +USERSHARE DELETE <replaceable>sharename</replaceable> + + +Deletes the user defined share by name. The Samba smbd daemon +immediately notices this change, although it will not disconnect +any users currently connected to the deleted share. + + + + + +USERSHARE INFO <replaceable>[-l|--long]</replaceable> <replaceable>[wildcard sharename]</replaceable> + + +Get info on user defined shares owned by the current user matching the given pattern, or all users. + + + +net usershare info on its own dumps out info on the user defined shares that were +created by the current user, or restricts them to share names that match the given +wildcard pattern ('*' matches one or more characters, '?' matches only one character). +If the '-l' or '--long' option is also given, it prints out info on user defined +shares created by other users. + + + +The information given about a share looks like: + +[foobar] +path=/home/jeremy +comment=testme +usershare_acl=Everyone:F +guest_ok=n + +And is a list of the current settings of the user defined share that can be +modified by the "net usershare add" command. + + + + + +USERSHARE LIST <replaceable>[-l|--long]</replaceable> <replaceable>wildcard sharename</replaceable> + + +List all the user defined shares owned by the current user matching the given pattern, or all users. + + + +net usershare list on its own list out the names of the user defined shares that were +created by the current user, or restricts the list to share names that match the given +wildcard pattern ('*' matches one or more characters, '?' matches only one character). +If the '-l' or '--long' option is also given, it includes the names of user defined +shares created by other users. + + + + + + + +CONF + +Starting with version 3.2.0, a Samba server can be configured by data +stored in registry. This configuration data can be edited with the new "net +conf" commands. + + + +The deployment of this configuration data can be activated in two levels from the +smb.conf file: Share definitions from registry are +activated by setting registry shares to +yes in the [global] section and global configuration options are +activated by setting registry in +the [global] section. +See the smb.conf +5 manpage for details. + + +The conf commands are: + +net conf list - Dump the complete configuration in smb.conf like +format. +net conf import - Import configuration from file in smb.conf +format. +net conf listshares - List the registry shares. +net conf drop - Delete the complete configuration from +registry. +net conf showshare - Show the definition of a registry share. +net conf addshare - Create a new registry share. +net conf delshare - Delete a registry share. +net conf setparm - Store a parameter. +net conf getparm - Retrieve the value of a parameter. +net conf delparm - Delete a parameter. + + + + +CONF LIST + + +Print the configuration data stored in the registry in a smb.conf-like format to +standard output. + + + + +CONF IMPORT <replaceable>[--test|-T]</replaceable> <replaceable>filename</replaceable> <replaceable>[section]</replaceable> + + +This command imports configuration from a file in smb.conf format. +If a section encountered in the input file is present in registry, +its contents is replaced. Sections of registry configuration that have +no counterpart in the input file are not affected. If you want to delete these, +you will have to use the "net conf drop" or "net conf delshare" commands. +Optionally, a section may be specified to restrict the effect of the +import command to that specific section. A test mode is enabled by specifying +the parameter "-T" on the commandline. In test mode, no changes are made to the +registry, and the resulting configuration is printed to standard output instead. + + + + +CONF LISTSHARES + + +List the names of the shares defined in registry. + + + + +CONF DROP + + +Delete the complete configuration data from registry. + + + + +CONF SHOWSHARE <replaceable>sharename</replaceable> + + +Show the definition of the share or section specified. It is valid to specify +"global" as sharename to retrieve the global configuration options from +registry. + + + + +CONF ADDSHARE <replaceable>sharename</replaceable> <replaceable>path</replaceable> [<replaceable>writeable={y|N}</replaceable> [<replaceable>guest_ok={y|N}</replaceable> [<replaceable>comment</replaceable>]]] + +Create a new share definition in registry. +The sharename and path have to be given. The share name may +not be "global". Optionally, values for the very +common options "writeable", "guest ok" and a "comment" may be specified. +The same result may be obtained by a sequence of "net conf setparm" +commands. + + + + +CONF DELSHARE <replaceable>sharename</replaceable> + + +Delete a share definition from registry. + + + + +CONF SETPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable> <replaceable>value</replaceable> + + +Store a parameter in registry. The section may be global or a sharename. +The section is created if it does not exist yet. + + + + +CONF GETPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable> + + +Show a parameter stored in registry. + + + + +CONF DELPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable> + + +Delete a parameter stored in registry. + + + + + + + + + + + + + +HELP [COMMAND] + +Gives usage information for the specified command. + + + + + + + VERSION + + This man page is complete for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The net manpage was written by Jelmer Vernooij. + + + + diff --git a/docs-xml/manpages-3/nmbd.8.xml b/docs-xml/manpages-3/nmbd.8.xml new file mode 100644 index 0000000000..5c17044d25 --- /dev/null +++ b/docs-xml/manpages-3/nmbd.8.xml @@ -0,0 +1,294 @@ + + + + + + nmbd + 8 + Samba + System Administration tools + 3.2 + + + + + nmbd + NetBIOS name server to provide NetBIOS + over IP naming services to clients + + + + + nmbd + -D + -F + -S + -a + -i + -o + -h + -V + -d <debug level> + -H <lmhosts file> + -l <log directory> + -p <port number> + -s <configuration file> + + + + + DESCRIPTION + This program is part of the samba + 7 suite. + + nmbd is a server that understands + and can reply to NetBIOS over IP name service requests, like + those produced by SMB/CIFS clients such as Windows 95/98/ME, + Windows NT, Windows 2000, Windows XP and LanManager clients. It also + participates in the browsing protocols which make up the + Windows "Network Neighborhood" view. + + SMB/CIFS clients, when they start up, may wish to + locate an SMB/CIFS server. That is, they wish to know what + IP number a specified host is using. + + Amongst other services, nmbd will + listen for such requests, and if its own NetBIOS name is + specified it will respond with the IP number of the host it + is running on. Its "own NetBIOS name" is by + default the primary DNS name of the host it is running on, + but this can be overridden by the + in &smb.conf;. Thus nmbd will + reply to broadcast queries for its own name(s). Additional + names for nmbd to respond on can be set + via parameters in the smb.conf + 5 configuration file. + + nmbd can also be used as a WINS + (Windows Internet Name Server) server. What this basically means + is that it will act as a WINS database server, creating a + database from name registration requests that it receives and + replying to queries from clients for these names. + + In addition, nmbd can act as a WINS + proxy, relaying broadcast queries from clients that do + not understand how to talk the WINS protocol to a WINS + server. + + + + OPTIONS + + + + -D + If specified, this parameter causes + nmbd to operate as a daemon. That is, + it detaches itself and runs in the background, fielding + requests on the appropriate port. By default, nmbd + will operate as a daemon if launched from a command shell. + nmbd can also be operated from the inetd + meta-daemon, although this is not recommended. + + + + + -F + If specified, this parameter causes + the main nmbd process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + nmbd under process supervisors such + as supervise and svscan + from Daniel J. Bernstein's daemontools + package, or the AIX process monitor. + + + + + -S + If specified, this parameter causes + nmbd to log to standard output rather + than a file. + + + + -i + If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit daemon mode when run from the + command line. nmbd also logs to standard + output, as if the -S parameter had been + given. + + + &stdarg.help; + + + -H <filename> + NetBIOS lmhosts file. The lmhosts + file is a list of NetBIOS names to IP addresses that + is loaded by the nmbd server and used via the name + resolution mechanism described in smb.conf + 5 to resolve any + NetBIOS name queries needed by the server. Note + that the contents of this file are NOT + used by nmbd to answer any name queries. + Adding a line to this file affects name NetBIOS resolution + from this host ONLY. + + The default path to this file is compiled into + Samba as part of the build process. Common defaults + are /usr/local/samba/lib/lmhosts, + /usr/samba/lib/lmhosts or + /etc/samba/lmhosts. See the lmhosts + 5 man page for details on the contents of this file. + + + &stdarg.server.debug; + &popt.common.samba; + + + -p <UDP port number> + UDP port number is a positive integer value. + This option changes the default UDP port number (normally 137) + that nmbd responds to name queries on. Don't + use this option unless you are an expert, in which case you + won't need help! + + + + + + + FILES + + + + /etc/inetd.conf + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. + + + + + /etc/rc + or whatever initialization script your + system uses). + + If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. + + + + /etc/services + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + + + + + /usr/local/samba/lib/smb.conf + This is the default location of + the smb.conf + 5 server + configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/samba/smb.conf. + + When run as a WINS server (see the + + parameter in the smb.conf + 5 man page), + nmbd + will store the WINS database in the file wins.dat + in the var/locks directory configured under + wherever Samba was configured to install itself. + + If nmbd is acting as a + browse master (see the + parameter in the smb.conf + 5 man page, nmbd + will store the browsing database in the file browse.dat + in the var/locks directory + configured under wherever Samba was configured to install itself. + + + + + + + SIGNALS + + To shut down an nmbd process it is recommended + that SIGKILL (-9) NOT be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate nmbd is to send it + a SIGTERM (-15) signal and wait for it to die on its own. + + nmbd will accept SIGHUP, which will cause + it to dump out its namelists into the file namelist.debug + in the /usr/local/samba/var/locks + directory (or the var/locks directory configured + under wherever Samba was configured to install itself). This will also + cause nmbd to dump out its server database in + the log.nmb file. + + The debug log level of nmbd may be raised or lowered + using smbcontrol + 1 (SIGUSR[1|2] signals + are no longer used since Samba 2.2). This is to allow + transient problems to be diagnosed, whilst still running + at a normally low log level. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + inetd + 8, smbd + 8, smb.conf + 5, smbclient + 1, testparm + 1, testprns + 1, and the Internet + RFC's rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/nmblookup.1.xml b/docs-xml/manpages-3/nmblookup.1.xml new file mode 100644 index 0000000000..3a8672c7e0 --- /dev/null +++ b/docs-xml/manpages-3/nmblookup.1.xml @@ -0,0 +1,223 @@ + + + + + + nmblookup + 1 + Samba + User Commands + 3.2 + + + + + nmblookup + NetBIOS over TCP/IP client used to lookup NetBIOS + names + + + + + nmblookup + -M + -R + -S + -r + -A + -h + -B <broadcast address> + -U <unicast address> + -d <debug level> + -s <smb config file> + -i <NetBIOS scope> + -T + -f + name + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + nmblookup is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP. + + + + OPTIONS + + + + -M + Searches for a master browser by looking + up the NetBIOS name name with a + type of 0x1d. If + name is "-" then it does a lookup on the special name + __MSBROWSE__. Please note that in order to + use the name "-", you need to make sure "-" isn't parsed as an + argument, e.g. use : + nmblookup -M -- -. + + + + -R + Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See RFC1001, RFC1002 for details. + + + + + -S + Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. + + + + + + -r + Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the nmbd + 8 daemon is running on this machine it also binds to this port. + + + + + + -A + Interpret name as + an IP Address and do a node status query on this address. + + + + + + &popt.common.connection; + &stdarg.help; + + + -B <broadcast address> + Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the interfaces + parameter of the smb.conf + 5 file. + + + + + + + -U <unicast address> + Do a unicast query to the specified address or + host unicast address. This option + (along with the -R option) is needed to + query a WINS server. + + + &stdarg.server.debug; + &popt.common.samba; + + + -T + This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each + + IP address .... NetBIOS name + + pair that is the normal output. + + + + -f + + Show which flags apply to the name that has been looked up. Possible + answers are zero or more of: Response, Authoritative, + Truncated, Recursion_Desired, Recursion_Available, Broadcast. + + + + + + name + This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area. + + + + + + + EXAMPLES + + nmblookup can be used to query + a WINS server (in the same way nslookup is + used to query DNS servers). To query a WINS server, nmblookup + must be called like this: + + nmblookup -U server -R 'name' + + For example, running : + + nmblookup -U samba.org -R 'IRIX#1B' + + would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup. + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + nmbd + 8, samba + 7, and smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/ntlm_auth.1.xml b/docs-xml/manpages-3/ntlm_auth.1.xml new file mode 100644 index 0000000000..d1301fc642 --- /dev/null +++ b/docs-xml/manpages-3/ntlm_auth.1.xml @@ -0,0 +1,410 @@ + + + + + + ntlm_auth + 1 + Samba + User Commands + 3.2 + + + + + ntlm_auth + tool to allow external access to Winbind's NTLM authentication function + + + + + ntlm_auth + -d debuglevel + -l logdir + -s <smb config file> + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + ntlm_auth is a helper utility that authenticates + users using NT/LM authentication. It returns 0 if the users is authenticated + successfully and 1 if access was denied. ntlm_auth uses winbind to access + the user and authentication data for a domain. This utility + is only indended to be used by other programs (currently + Squid + and mod_ntlm_winbind) + + + + + OPERATIONAL REQUIREMENTS + + + The winbindd + 8 daemon must be operational + for many of these commands to function. + + Some of these commands also require access to the directory + winbindd_privileged in + $LOCKDIR. This should be done either by running + this command as root or providing group access + to the winbindd_privileged directory. For + security reasons, this directory should not be world-accessable. + + + + + + OPTIONS + + + + --helper-protocol=PROTO + + Operate as a stdio-based helper. Valid helper protocols are: + + + + squid-2.4-basic + + Server-side helper for use with Squid 2.4's basic (plaintext) + authentication. + + + + squid-2.5-basic + + Server-side helper for use with Squid 2.5's basic (plaintext) + authentication. + + + + squid-2.5-ntlmssp + + Server-side helper for use with Squid 2.5's NTLMSSP + authentication. + Requires access to the directory + winbindd_privileged in + $LOCKDIR. The protocol used is + described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html. + This protocol has been extended to allow the + NTLMSSP Negotiate packet to be included as an argument + to the YR command. (Thus avoiding + loss of information in the protocol exchange). + + + + + ntlmssp-client-1 + + Client-side helper for use with arbitrary external + programs that may wish to use Samba's NTLMSSP + authentication knowledge. + This helper is a client, and as such may be run by any + user. The protocol used is + effectively the reverse of the previous protocol. A + YR command (without any arguments) + starts the authentication exchange. + + + + + + gss-spnego + + Server-side helper that implements GSS-SPNEGO. This + uses a protocol that is almost the same as + squid-2.5-ntlmssp, but has some + subtle differences that are undocumented outside the + source at this stage. + + Requires access to the directory + winbindd_privileged in + $LOCKDIR. + + + + + + gss-spnego-client + + Client-side helper that implements GSS-SPNEGO. This + also uses a protocol similar to the above helpers, but + is currently undocumented. + + + + + + ntlm-server-1 + + Server-side helper protocol, intended for use by a + RADIUS server or the 'winbind' plugin for pppd, for + the provision of MSCHAP and MSCHAPv2 authentication. + + This protocol consists of lines in the form: + Parameter: value and Parameter:: + Base64-encode value. The presence of a single + period . indicates that one side has + finished supplying data to the other. (Which in turn + could cause the helper to authenticate the + user). + + Curently implemented parameters from the + external program to the helper are: + + + Username + + The username, expected to be in + Samba's . + + + Username: bob + Username:: Ym9i + + + + Username + The user's domain, expected to be in + Samba's . + + + Domain: WORKGROUP + Domain:: V09SS0dST1VQ + + + + Full-Username + The fully qualified username, expected to be in + Samba's unix + charset and qualified with the + . + + + Full-Username: WORKGROUP\bob + Full-Username:: V09SS0dST1VQYm9i + + + + LANMAN-Challenge + + The 8 byte LANMAN Challenge value, + generated randomly by the server, or (in cases such as + MSCHAPv2) generated in some way by both the server and + the client. + + LANMAN-Challege: 0102030405060708 + + + + LANMAN-Response + + The 24 byte LANMAN Response value, + calculated from the user's password and the supplied + LANMAN Challenge. Typically, this + is provided over the network by a client wishing to authenticate. + + LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718 + + + + + NT-Response + The >= 24 byte NT Response + calculated from the user's password and the supplied + LANMAN Challenge. Typically, this is + provided over the network by a client wishing to authenticate. + + NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718 + + + + + Password + The user's password. This would be + provided by a network client, if the helper is being + used in a legacy situation that exposes plaintext + passwords in this way. + + Password: samba2 + Password:: c2FtYmEy + + + + + Request-User-Session-Key + Apon sucessful authenticaiton, return + the user session key associated with the login. + + Request-User-Session-Key: Yes + + + + + Request-LanMan-Session-Key + Apon sucessful authenticaiton, return + the LANMAN session key associated with the login. + + Request-LanMan-Session-Key: Yes + + + + Implementors should take care to base64 encode + any data (such as usernames/passwords) that may contain malicous user data, such as + a newline. They may also need to decode strings from + the helper, which likewise may have been base64 encoded. + + + + + + + + + + --username=USERNAME + + Specify username of user to authenticate + + + + + + --domain=DOMAIN + + Specify domain of user to authenticate + + + + + --workstation=WORKSTATION + + Specify the workstation the user authenticated from + + + + + --challenge=STRING + NTLM challenge (in HEXADECIMAL) + + + + + --lm-response=RESPONSE + LM Response to the challenge (in HEXADECIMAL) + + + + --nt-response=RESPONSE + NT or NTLMv2 Response to the challenge (in HEXADECIMAL) + + + + --password=PASSWORD + User's plaintext passwordIf + not specified on the command line, this is prompted for when + required. + + For the NTLMSSP based server roles, this parameter + specifies the expected password, allowing testing without + winbindd operational. + + + + + --request-lm-key + Retreive LM session key + + + + --request-nt-key + Request NT key + + + + --diagnostics + Perform Diagnostics on the authentication + chain. Uses the password from --password + or prompts for one. + + + + + --require-membership-of={SID|Name} + Require that a user be a member of specified + group (either name or SID) for authentication to succeed. + + + + &stdarg.server.debug; + &popt.common.samba; + &stdarg.help; + + + + + + EXAMPLE SETUP + + To setup ntlm_auth for use by squid 2.5, with both basic and + NTLMSSP authentication, the following + should be placed in the squid.conf file. + +auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp +auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic +auth_param basic children 5 +auth_param basic realm Squid proxy-caching web server +auth_param basic credentialsttl 2 hours + + +This example assumes that ntlm_auth has been installed into your + path, and that the group permissions on + winbindd_privileged are as described above. + + To setup ntlm_auth for use by squid 2.5 with group limitation in addition to the above + example, the following should be added to the squid.conf file. + +auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users' +auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users' + + + + + + TROUBLESHOOTING + + If you're experiencing problems with authenticating Internet Explorer running + under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication + helper (--helper-protocol=squid-2.5-ntlmssp), then please read + + the Microsoft Knowledge Base article #239869 and follow instructions described there. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The ntlm_auth manpage was written by Jelmer Vernooij and + Andrew Bartlett. + + + diff --git a/docs-xml/manpages-3/pam_winbind.7.xml b/docs-xml/manpages-3/pam_winbind.7.xml new file mode 100644 index 0000000000..26e3060d6e --- /dev/null +++ b/docs-xml/manpages-3/pam_winbind.7.xml @@ -0,0 +1,173 @@ + + + + + + pam_winbind + 7 + Samba + 7 + 3.2 + + + + + pam_winbind + PAM module for Winbind + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + + pam_winbind is a PAM module that can authenticate users against the local domain by talking to the Winbind daemon. + + + + + + OPTIONS + + + pam_winbind supports several options which can either be set in + the PAM configuration files or in the pam_winbind configuration + file situated at + /etc/security/pam_winbind.conf. Options + from the PAM configuration file take precedence to those from + the configuration file. + + + + + debug + Gives debugging output to syslog. + + + + debug_state + Gives detailed PAM state debugging output to syslog. + + + + require_membership_of=[SID or NAME] + + If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID + can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the + SID. That name must have the form: MYDOMAIN\\mygroup or + MYDOMAIN\\myuser. pam_winbind will, in that case, lookup the SID internally. Note that + NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a + user is a member of with wbinfo --user-sids=SID. + + + + + try_first_pass + + + + + use_first_pass + + By default, pam_winbind tries to get the authentication token from a previous module. If no token is available + it asks the user for the old password. With this option, pam_winbind aborts with an error if no authentication + token from a previous module is available. + + + + + use_authtok + + Set the new password to the one provided by the previously stacked password module. If this option is not set + pam_winbind will ask the user for the new password. + + + + + krb5_auth + + + pam_winbind can authenticate using Kerberos when winbindd is + talking to an Active Directory domain controller. Kerberos + authentication must be enabled with this parameter. When + Kerberos authentication can not succeed (e.g. due to clock + skew), winbindd will fallback to samlogon authentication over + MSRPC. When this parameter is used in conjunction with + winbind refresh tickets, winbind will + keep your Ticket Granting Ticket (TGT) uptodate by refreshing + it whenever necessary. + + + + + + krb5_ccache_type=[type] + + + When pam_winbind is configured to try kerberos authentication + by enabling the krb5_auth option, it can + store the retrieved Ticket Granting Ticket (TGT) in a + credential cache. The type of credential cache can be set with + this option. Currently the only supported value is: + FILE. In that case a credential cache in + the form of /tmp/krb5cc_UID will be created, where UID is + replaced with the numeric user id. Leave empty to just do + kerberos authentication without having a ticket cache after the + logon has succeeded. + + + + + + cached_login + + Winbind allows to logon using cached credentials when winbind offline logon is enabled. To use this feature from the PAM module this option must be set. + + + + + silent + + Do not emit any messages. + + + + + + + + + + + + SEE ALSO + + wbinfo + 1, + winbindd + 8, + smb.conf + 5 + + + + VERSION + + This man page is correct for version 3.0 of Samba. + + + + AUTHOR + + + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by + the Samba Team as an Open Source project similar to the way the Linux kernel is developed. + + + This manpage was written by Jelmer Vernooij and Guenther Deschner. + + + + diff --git a/docs-xml/manpages-3/pdbedit.8.xml b/docs-xml/manpages-3/pdbedit.8.xml new file mode 100644 index 0000000000..102cb25854 --- /dev/null +++ b/docs-xml/manpages-3/pdbedit.8.xml @@ -0,0 +1,456 @@ + + + + + + pdbedit + 8 + Samba + System Administration tools + 3.2 + + + + + pdbedit + manage the SAM database (Database of Samba Users) + + + + + pdbedit + -L + -v + -w + -u username + -f fullname + -h homedir + -D drive + -S script + -p profile + -a + -t, --password-from-stdin + -m + -r + -x + -i passdb-backend + -e passdb-backend + -b passdb-backend + -g + -d debuglevel + -s configfile + -P account-policy + -C value + -c account-control + -y + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + The pdbedit program is used to manage the users accounts + stored in the sam database and can only be run by root. + + The pdbedit tool uses the passdb modular interface and is + independent from the kind of users database used (currently there + are smbpasswd, ldap, nis+ and tdb based and more can be added + without changing the tool). + + There are five main ways to use pdbedit: adding a user account, + removing a user account, modifing a user account, listing user + accounts, importing users accounts. + + + + OPTIONS + + + -L + This option lists all the user accounts + present in the users database. + This option prints a list of user/uid pairs separated by + the ':' character. + Example: pdbedit -L + +sorce:500:Simo Sorce +samba:45:Test User + + + + + + + + -v + This option enables the verbose listing format. + It causes pdbedit to list the users in the database, printing + out the account fields in a descriptive format. + + Example: pdbedit -L -v + +--------------- +username: sorce +user ID/Group: 500/500 +user RID/GRID: 2000/2001 +Full Name: Simo Sorce +Home Directory: \\BERSERKER\sorce +HomeDir Drive: H: +Logon Script: \\BERSERKER\netlogon\sorce.bat +Profile Path: \\BERSERKER\profile +--------------- +username: samba +user ID/Group: 45/45 +user RID/GRID: 1090/1091 +Full Name: Test User +Home Directory: \\BERSERKER\samba +HomeDir Drive: +Logon Script: +Profile Path: \\BERSERKER\profile + + + + + + + + -w + This option sets the "smbpasswd" listing format. + It will make pdbedit list the users in the database, printing + out the account fields in a format compatible with the + smbpasswd file format. (see the + smbpasswd + 5 for details) + + Example: pdbedit -L -w + +sorce:500:508818B733CE64BEAAD3B435B51404EE: + D2A2418EFC466A8A0F6B1DBB5C3DB80C: + [UX ]:LCT-00000000: +samba:45:0F2B255F7B67A7A9AAD3B435B51404EE: + BC281CE3F53B6A5146629CD4751D3490: + [UX ]:LCT-3BFA1E8D: + + + + + + + -u username + This option specifies the username to be + used for the operation requested (listing, adding, removing). + It is required in add, remove and modify + operations and optional in list + operations. + + + + + -f fullname + This option can be used while adding or + modifing a user account. It will specify the user's full + name. + + Example: -f "Simo Sorce" + + + + + -h homedir + This option can be used while adding or + modifing a user account. It will specify the user's home + directory network path. + + Example: -h "\\\\BERSERKER\\sorce" + + + + + + -D drive + This option can be used while adding or + modifing a user account. It will specify the windows drive + letter to be used to map the home directory. + + Example: -D "H:" + + + + + + + -S script + This option can be used while adding or + modifing a user account. It will specify the user's logon + script path. + + Example: -S "\\\\BERSERKER\\netlogon\\sorce.bat" + + + + + + + -p profile + This option can be used while adding or + modifing a user account. It will specify the user's profile + directory. + + Example: -p "\\\\BERSERKER\\netlogon" + + + + + + -G SID|rid + + This option can be used while adding or modifying a user account. It + will specify the users' new primary group SID (Security Identifier) or + rid. + + Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 + + + + + -U SID|rid + + This option can be used while adding or modifying a user account. It + will specify the users' new SID (Security Identifier) or + rid. + + Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 + + + + + -c account-control + This option can be used while adding or modifying a user + account. It will specify the users' account control property. Possible flags are listed below. + + + + + N: No password required + D: Account disabled + H: Home directory required + T: Temporary duplicate of other account + U: Regular user account + M: MNS logon user account + W: Workstation Trust Account + S: Server Trust Account + L: Automatic Locking + X: Password does not expire + I: Domain Trust Account + + + + Example: -c "[X ]" + + + + + -a + This option is used to add a user into the + database. This command needs a user name specified with + the -u switch. When adding a new user, pdbedit will also + ask for the password to be used. + + Example: pdbedit -a -u sorce +new password: +retype new password + + + + pdbedit does not call the unix password syncronisation + script if + has been set. It only updates the data in the Samba + user database. + + + If you wish to add a user and synchronise the password + that immediately, use smbpasswd's option. + + + + + + + -t, --password-from-stdin + This option causes pdbedit to read the password + from standard input, rather than from /dev/tty (like the + passwd(1) program does). The password has + to be submitted twice and terminated by a newline each. + + + + + -r + This option is used to modify an existing user + in the database. This command needs a user name specified with the -u + switch. Other options can be specified to modify the properties of + the specified user. This flag is kept for backwards compatibility, but + it is no longer necessary to specify it. + + + + + -m + This option may only be used in conjunction + with the -a option. It will make + pdbedit to add a machine trust account instead of a user + account (-u username will provide the machine name). + + Example: pdbedit -a -m -u w2k-wks + + + + + + + -x + This option causes pdbedit to delete an account + from the database. It needs a username specified with the + -u switch. + + Example: pdbedit -x -u bob + + + + + + -i passdb-backend + Use a different passdb backend to retrieve users + than the one specified in smb.conf. Can be used to import data into + your local user database. + + This option will ease migration from one passdb backend to + another. + + Example: pdbedit -i smbpasswd:/etc/smbpasswd.old + + + + + + -e passdb-backend + Exports all currently available users to the + specified password database backend. + + This option will ease migration from one passdb backend to + another and will ease backing up. + + Example: pdbedit -e smbpasswd:/root/samba-users.backup + + + + + -g + If you specify -g, + then -i in-backend -e out-backend + applies to the group mapping instead of the user database. + + This option will ease migration from one passdb backend to + another and will ease backing up. + + + + + + -b passdb-backend + Use a different default passdb backend. + + Example: pdbedit -b xml:/root/pdb-backup.xml -l + + + + + -P account-policy + Display an account policy + Valid policies are: minimum password age, reset count minutes, disconnect time, + user must logon to change password, password history, lockout duration, min password length, + maximum password age and bad lockout attempt. + + Example: pdbedit -P "bad lockout attempt" + +account policy value for bad lockout attempt is 0 + + + + + + + + -C account-policy-value + Sets an account policy to a specified value. + This option may only be used in conjunction + with the -P option. + + + Example: pdbedit -P "bad lockout attempt" -C 3 + +account policy value for bad lockout attempt was 0 +account policy value for bad lockout attempt is now 3 + + + + + + -y + If you specify -y, + then -i in-backend -e out-backend + applies to the account policies instead of the user database. + + This option will allow to migrate account policies from their default + tdb-store into a passdb backend, e.g. an LDAP directory server. + + Example: pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host + + + + + &stdarg.help; + &stdarg.server.debug; + &popt.common.samba; + + + + + + + NOTES + + This command may be used only by root. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbpasswd + 5, samba + 7 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij. + + + + diff --git a/docs-xml/manpages-3/profiles.1.xml b/docs-xml/manpages-3/profiles.1.xml new file mode 100644 index 0000000000..e0787c69ce --- /dev/null +++ b/docs-xml/manpages-3/profiles.1.xml @@ -0,0 +1,88 @@ + + + + + + profiles + 1 + Samba + User Commands + 3.2 + + + + + profiles + A utility to report and change SIDs in registry files + + + + + + profiles + -v + -c SID + -n SID + file + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + profiles is a utility that + reports and changes SIDs in windows registry files. It currently only + supports NT. + + + + + + OPTIONS + + + + file + Registry file to view or edit. + + + + + -v,--verbose + Increases verbosity of messages. + + + + + -c SID1 -n SID2 + Change all occurences of SID1 in file by SID2. + + + + &stdarg.help; + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The profiles man page was written by Jelmer Vernooij. + + + diff --git a/docs-xml/manpages-3/rpcclient.1.xml b/docs-xml/manpages-3/rpcclient.1.xml new file mode 100644 index 0000000000..b9f5afbf47 --- /dev/null +++ b/docs-xml/manpages-3/rpcclient.1.xml @@ -0,0 +1,487 @@ + + + + + + rpcclient + 1 + Samba + User Commands + 3.2 + + + + + rpcclient + tool for executing client side + MS-RPC functions + + + + + rpcclient + -A authfile + -c <command string> + -d debuglevel + -h + -l logdir + -N + -s <smb config file> + -U username[%password] + -W workgroup + -N + -I destinationIP + server + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + rpcclient is a utility initially developed + to test MS-RPC functionality in Samba itself. It has undergone + several stages of development and stability. Many system administrators + have now written scripts around it to manage Windows NT clients from + their UNIX workstation. + + + + + OPTIONS + + + + server + NetBIOS name of Server to which to connect. + The server can be any SMB/CIFS server. The name is + resolved using the line from smb.conf + 5. + + + + + -c|--command='command string' + execute semicolon separated commands (listed + below)) + + + + + -I IP-address + IP address is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. + + Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the name resolve order + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. + + There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. + + + &stdarg.server.debug; + &popt.common.samba; + &popt.common.credentials; + &popt.common.connection; + &stdarg.help; + + + + + + COMMANDS + + + LSARPC + + + lsaqueryQuery info policy + + lookupsidsResolve a list + of SIDs to usernames. + + + lookupnamesResolve a list + of usernames to SIDs. + + + enumtrustsEnumerate trusted domains + + enumprivsEnumerate privileges + + getdispnameGet the privilege name + + lsaenumsidEnumerate the LSA SIDS + + lsaenumprivsaccountEnumerate the privileges of an SID + + lsaenumacctrightsEnumerate the rights of an SID + + lsaenumacctwithrightEnumerate accounts with a right + + lsaaddacctrightsAdd rights to an account + + lsaremoveacctrightsRemove rights from an account + + lsalookupprivvalueGet a privilege value given its name + + lsaquerysecobjQuery LSA security object + + + + + + LSARPC-DS + + + dsroledominfoGet Primary Domain Information + + + + + DFS + + dfsexistQuery DFS support + dfsaddAdd a DFS share + dfsremoveRemove a DFS share + dfsgetinfoQuery DFS share info + dfsenumEnumerate dfs shares + + + + + + REG + + shutdownRemote Shutdown + abortshutdownAbort Shutdown + + + + + + SRVSVC + + + srvinfoServer query info + + netshareenumEnumerate shares + + netfileenumEnumerate open files + + netremotetodFetch remote time of day + + + + + + + SAMR + + + queryuserQuery user info + querygroupQuery group info + queryusergroupsQuery user groups + querygroupmemQuery group membership + queryaliasmemQuery alias membership + querydispinfoQuery display info + querydominfoQuery domain info + enumdomusersEnumerate domain users + enumdomgroupsEnumerate domain groups + enumalsgroupsEnumerate alias groups + createdomuserCreate domain user + samlookupnamesLook up names + samlookupridsLook up names + deletedomuserDelete domain user + samquerysecobjQuery SAMR security object + getdompwinfoRetrieve domain password info + lookupdomainLook up domain + + + + + + SPOOLSS + + + adddriver <arch> <config> [<version>] + + Execute an AddPrinterDriver() RPC to install the printer driver + information on the server. Note that the driver files should + already exist in the directory returned by + getdriverdir. Possible values for + arch are the same as those for + the getdriverdir command. + The config parameter is defined as + follows: + + +Long Printer Name:\ +Driver File Name:\ +Data File Name:\ +Config File Name:\ +Help File Name:\ +Language Monitor Name:\ +Default Data Type:\ +Comma Separated list of Files + + + Any empty fields should be enter as the string "NULL". + + Samba does not need to support the concept of Print Monitors + since these only apply to local printers whose driver can make + use of a bi-directional link for communication. This field should + be "NULL". On a remote NT print server, the Print Monitor for a + driver must already be installed prior to adding the driver or + else the RPC will fail. + + The version parameter lets you + specify the printer driver version number. If omitted, the + default driver version for the specified architecture will + be used. This option can be used to upload Windows 2000 + (version 3) printer drivers. + + addprinter <printername> + <sharename> <drivername> <port> + + Add a printer on the remote server. This printer + will be automatically shared. Be aware that the printer driver + must already be installed on the server (see adddriver) + and the portmust be a valid port name (see + enumports. + + + + deldriverDelete the + specified printer driver for all architectures. This + does not delete the actual driver files from the server, + only the entry from the server's list of drivers. + + + deldriverex <driver> [architecture] [version] + Delete the specified printer driver including driver files. + You can limit this action to a specific architecture and a specific version. + If no architecure is given, all driver files of that driver will be deleted. + + + enumdataEnumerate all + printer setting data stored on the server. On Windows NT clients, + these values are stored in the registry, while Samba servers + store them in the printers TDB. This command corresponds + to the MS Platform SDK GetPrinterData() function (* This + command is currently unimplemented). + + enumdataexEnumerate printer data for a key + + enumjobs <printer> + List the jobs and status of a given printer. + This command corresponds to the MS Platform SDK EnumJobs() + function + + enumkeyEnumerate + printer keys + + enumports [level] + + Executes an EnumPorts() call using the specified + info level. Currently only info levels 1 and 2 are supported. + + + + + enumdrivers [level] + + Execute an EnumPrinterDrivers() call. This lists the various installed + printer drivers for all architectures. Refer to the MS Platform SDK + documentation for more details of the various flags and calling + options. Currently supported info levels are 1, 2, and 3. + + + + enumprinters [level] + Execute an EnumPrinters() call. This lists the various installed + and share printers. Refer to the MS Platform SDK documentation for + more details of the various flags and calling options. Currently + supported info levels are 1, 2 and 5. + + + + + getdata <printername> <valuename;> + Retrieve the data for a given printer setting. See + the enumdata command for more information. + This command corresponds to the GetPrinterData() MS Platform + SDK function. + + getdataexGet + printer driver data with + keyname + + + getdriver <printername> + + Retrieve the printer driver information (such as driver file, + config file, dependent files, etc...) for + the given printer. This command corresponds to the GetPrinterDriver() + MS Platform SDK function. Currently info level 1, 2, and 3 are supported. + + + + getdriverdir <arch> + + Execute a GetPrinterDriverDirectory() + RPC to retrieve the SMB share name and subdirectory for + storing printer driver files for a given architecture. Possible + values for arch are "Windows 4.0" + (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows + Alpha_AXP", and "Windows NT R4000". + + + + getprinter <printername> + Retrieve the current printer information. This command + corresponds to the GetPrinter() MS Platform SDK function. + + + getprintprocdirGet + print processor + directory + + openprinter <printername> + Execute an OpenPrinterEx() and ClosePrinter() RPC + against a given printer. + + setdriver <printername> + <drivername> + Execute a SetPrinter() command to update the printer driver + associated with an installed printer. The printer driver must + already be correctly installed on the print server. + + See also the enumprinters and + enumdrivers commands for obtaining a list of + of installed printers and drivers. + + addformAdd form + setformSet form + getformGet form + deleteformDelete form + enumformsEnumerate form + setprinterSet printer comment + setprinterdataSet REG_SZ printer data + + setprintername <printername> + <newprintername> + Set printer name + + rffpcnexRffpcnex test + + + + + + + + NETLOGON + + + + logonctrl2 + Logon Control 2 + + + logonctrl + Logon Control + + + samsync + Sam Synchronisation + + + samdeltas + Query Sam Deltas + + + samlogon + Sam Logon + + + + + + + GENERAL COMMANDS + + + debuglevelSet the current + debug level used to log information. + + help (?)Print a listing of all + known commands or extended help on a particular command. + + + quit (exit)Exit rpcclient + . + + + + + + + BUGS + + rpcclient is designed as a developer testing tool + and may not be robust in certain areas (such as command line parsing). + It has been known to generate a core dump upon failures when invalid + parameters where passed to the interpreter. + + From Luke Leighton's original rpcclient man page: + + WARNING! The MSRPC over SMB code has + been developed from examining Network traces. No documentation is + available from the original creators (Microsoft) on how MSRPC over + SMB works, or how the individual MSRPC services work. Microsoft's + implementation of these services has been demonstrated (and reported) + to be... a bit flaky in places. + + The development of Samba's implementation is also a bit rough, + and as more of the services are understood, it can even result in + versions of smbd + 8 and rpcclient + 1 that are incompatible for some commands or services. Additionally, + the developers are sending reports to Microsoft, and problems found + or reported to Microsoft are fixed in Service Packs, which may + result in incompatibilities. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original rpcclient man page was written by Matthew + Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. + The conversion to DocBook for Samba 2.2 was done by Gerald + Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was + done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/samba.7.xml b/docs-xml/manpages-3/samba.7.xml new file mode 100644 index 0000000000..75b0fef4f1 --- /dev/null +++ b/docs-xml/manpages-3/samba.7.xml @@ -0,0 +1,362 @@ + + + + + + samba + 7 + Samba + Miscellanea + 3.2 + + + + + samba + A Windows SMB/CIFS fileserver for UNIX + + + + samba + + + + DESCRIPTION + + The Samba software suite is a collection of programs + that implements the Server Message Block (commonly abbreviated + as SMB) protocol for UNIX systems. This protocol is sometimes + also referred to as the Common Internet File System (CIFS). For a + more thorough description, see + http://www.ubiqx.org/cifs/. Samba also implements the NetBIOS + protocol in nmbd. + + + + smbd + 8 + The smbd daemon provides the file and print services to + SMB clients, such as Windows 95/98, Windows NT, Windows + for Workgroups or LanManager. The configuration file + for this daemon is described in smb.conf + 5 + + + + + nmbd + 8 + The nmbd + daemon provides NetBIOS nameservice and browsing + support. The configuration file for this daemon + is described in smb.conf + 5 + + + + + smbclient + 1 + The smbclient + program implements a simple ftp-like client. This + is useful for accessing SMB shares on other compatible + servers (such as Windows NT), and can also be used + to allow a UNIX box to print to a printer attached to + any SMB server (such as a PC running Windows NT). + + + + + testparm + 1 + The testparm + utility is a simple syntax checker for Samba's smb.conf + 5 configuration file. + + + + + testprns + 1 + The testprns + utility supports testing printer names defined + in your printcap file used + by Samba. + + + + + smbstatus + 1 + The smbstatus + tool provides access to information about the + current connections to smbd. + + + + + nmblookup + 1 + The nmblookup + tools allows NetBIOS name queries to be made + from a UNIX host. + + + + + smbpasswd + 8 + The smbpasswd + command is a tool for changing LanMan and Windows NT + password hashes on Samba and Windows NT servers. + + + + + smbcacls + 1 + The smbcacls command is + a tool to set ACL's on remote CIFS servers. + + + + + smbsh + 1 + The smbsh command is + a program that allows you to run a unix shell with + with an overloaded VFS. + + + + smbtree + 1 + The smbtree command + is a text-based network neighborhood tool. + + + + smbtar + 1 + The smbtar can make + backups of data on CIFS/SMB servers. + + + + smbspool + 8 + smbspool is a + helper utility for printing on printers connected + to CIFS servers. + + + + smbcontrol + 1 + smbcontrol is a utility + that can change the behaviour of running samba daemons. + + + + + rpcclient + 1 + rpcclient is a utility + that can be used to execute RPC commands on remote + CIFS servers. + + + + pdbedit + 8 + The pdbedit command + can be used to maintain the local user database on + a samba server. + + + findsmb + 1 + The findsmb command + can be used to find SMB servers on the local network. + + + + net + 8 + The net command + is supposed to work similar to the DOS/Windows + NET.EXE command. + + + + swat + 8 + swat is a web-based + interface to configuring smb.conf. + + + + + winbindd + 8 + winbindd is a daemon + that is used for integrating authentication and + the user database into unix. + + + + wbinfo + 1 + wbinfo is a utility + that retrieves and stores information related to winbind. + + + + + profiles + 1 + profiles is a command-line + utility that can be used to replace all occurences of + a certain SID with another SID. + + + + + log2pcap + 1 + log2pcap is a utility + for generating pcap trace files from Samba log + files. + + + + vfstest + 1 + vfstest is a utility + that can be used to test vfs modules. + + + + ntlm_auth + 1 + ntlm_auth is a helper-utility + for external programs wanting to do NTLM-authentication. + + + + +smbmount8, +smbumount8, +smbmnt8 + smbmount,smbumount and smbmnt are commands that can be used to + mount CIFS/SMB shares on Linux. + + + + + smbcquotas + 1 + smbcquotas is a tool that + can set remote QUOTA's on server with NTFS 5. + + + + + + + COMPONENTS + + The Samba suite is made up of several components. Each + component is described in a separate manual page. It is strongly + recommended that you read the documentation that comes with Samba + and the manual pages of those components that you use. If the + manual pages and documents aren't clear enough then please visit + http://devel.samba.org + for information on how to file a bug report or submit a patch. + + If you require help, visit the Samba webpage at + http://www.samba.org/ and + explore the many option available to you. + + + + + AVAILABILITY + + The Samba software suite is licensed under the + GNU Public License(GPL). A copy of that license should + have come with the package in the file COPYING. You are + encouraged to distribute copies of the Samba suite, but + please obey the terms of this license. + + The latest version of the Samba suite can be + obtained via anonymous ftp from samba.org in the + directory pub/samba/. It is also available on several + mirror sites worldwide. + + You may also find useful information about Samba + on the newsgroup + comp.protocol.smb and the Samba mailing + list. Details on how to join the mailing list are given in + the README file that comes with Samba. + + If you have access to a WWW viewer (such as Mozilla + or Konqueror) then you will also find lots of useful information, + including back issues of the Samba mailing list, at + http://lists.samba.org. + + + + VERSION + + This man page is correct for version 3.0 of the + Samba suite. + + + + CONTRIBUTIONS + + If you wish to contribute to the Samba project, + then I suggest you join the Samba mailing list at + http://lists.samba.org. + + + If you have patches to submit, visit + http://devel.samba.org/ + for information on how to do it properly. We prefer patches + in diff -u format. + + + + CONTRIBUTORS + + Contributors to the project are now too numerous + to mention here but all deserve the thanks of all Samba + users. To see a full list, look at the + change-log in the source package + for the pre-CVS changes and at + http://cvs.samba.org/ + for the contributors to Samba post-CVS. CVS is the Open Source + source code control system used by the Samba Team to develop + Samba. The project would have been unmanageable without it. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML + 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages-3/smb.conf.5.xml new file mode 100644 index 0000000000..ff94ab696e --- /dev/null +++ b/docs-xml/manpages-3/smb.conf.5.xml @@ -0,0 +1,859 @@ + + + + smb.conf + 5 + Samba + File Formats and Conventions + 3.2 + + + + + smb.conf + The configuration file for the Samba suite + + + + SYNOPSIS + + + The smb.conf file is a configuration file for the Samba suite. smb.conf contains runtime configuration information for the Samba programs. The + smb.conf file is designed to be configured and administered by the + swat 8 program. The + complete description of the file format and possible parameters held within are here for reference purposes. + + + + + FILE FORMAT + + + The file consists of sections and parameters. A section begins with the name of the section in square brackets + and continues until the next section begins. Sections contain parameters of the form: + +name = value + + + + + The file is line-based - that is, each newline-terminated line represents either a comment, a section name or + a parameter. + + + Section and parameter names are not case sensitive. + + + Only the first equals sign in a parameter is significant. Whitespace before or after the first equals sign is + discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading + and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is + retained verbatim. + + + + Any line beginning with a semicolon (;) or a hash (#) + character is ignored, as are lines containing only whitespace. + + + + Any line ending in a \ is continued on the next line in the customary UNIX fashion. + + + + The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, + which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved + in string values. Some items such as create masks are numeric. + + + + + + SECTION DESCRIPTIONS + + + Each section in the configuration file (except for the [global] section) describes a shared resource (known as + a share). The section name is the name of the shared resource and the parameters within the + section define the shares attributes. + + + + There are three special sections, [global], [homes] and [printers], which are described under + special sections. The following notes apply to ordinary section descriptions. + + + + A share consists of a directory to which access is being given plus a description of the access rights + which are granted to the user of the service. Some housekeeping options are also specifiable. + + + + Sections are either file share services (used by the client as an extension of their native file systems) + or printable services (used by the client to access print services on the host running the server). + + + + Sections may be designated guest services, in which case no password is required to + access them. A specified UNIX guest account is used to define access privileges in this + case. + + + + Sections other than guest services will require a password to access them. The client provides the + username. As older clients only provide passwords and not usernames, you may specify a list of usernames to + check against the password using the user = option in the share definition. For modern clients + such as Windows 95/98/ME/NT/2000, this should not be necessary. + + + + The access rights granted by the server are masked by the access rights granted to the specified or guest + UNIX user by the host system. The server does not grant more access than the host system grants. + + + + The following sample section defines a file space share. The user has write access to the path /home/bar. The share is accessed via the share name foo: + + + /home/bar + no + + + + + The following sample section defines a printable share. The share is read-only, but printable. That is, + the only write access permitted is via calls to open, write to and close a spool file. The guest + ok parameter means access will be permitted as the default guest user (specified elsewhere): + + + /usr/spool/public + yes + yes + yes + + + + + + + SPECIAL SECTIONS + + + The [global] section + + + Parameters in this section apply to the server as a whole, or are defaults for sections that do not + specifically define certain items. See the notes under PARAMETERS for more information. + + + + + The [homes] section + + + If a section called [homes] is included in the configuration file, services connecting clients + to their home directories can be created on the fly by the server. + + + + When the connection request is made, the existing sections are scanned. If a match is found, it is + used. If no match is found, the requested section name is treated as a username and looked up in the local + password file. If the name exists and the correct password has been given, a share is created by cloning the + [homes] section. + + + + Some modifications are then made to the newly created share: + + + + + The share name is changed from homes to the located username. + + + + If no path was given, the path is set to the user's home directory. + + + + + If you decide to use a path = line in your [homes] section, it may be useful + to use the %S macro. For example: + +path = /data/pchome/%S + + is useful if you have different home directories for your PCs than for UNIX access. + + + + This is a fast and simple way to give a large number of clients access to their home directories with a minimum + of fuss. + + + + A similar process occurs if the requested section name is homes, except that the share + name is not changed to that of the requesting user. This method of using the [homes] section works well if + different users share a client PC. + + + + The [homes] section can specify all the parameters a normal service section can specify, though some make more sense + than others. The following is a typical and suitable [homes] section: + + +no + + + + + An important point is that if guest access is specified in the [homes] section, all home directories will be + visible to all clients without a password. In the very unlikely event that this is actually + desirable, it is wise to also specify read only access. + + + + The browseable flag for auto home directories will be inherited from the global browseable + flag, not the [homes] browseable flag. This is useful as it means setting browseable = no in + the [homes] section will hide the [homes] share but make any auto home directories visible. + + + + + The [printers] section + + + This section works like [homes], but for printers. + + + + If a [printers] section occurs in the configuration file, users are able to connect to any printer + specified in the local host's printcap file. + + + + When a connection request is made, the existing sections are scanned. If a match is found, it is used. + If no match is found, but a [homes] section exists, it is used as described above. Otherwise, the requested + section name is treated as a printer name and the appropriate printcap file is scanned to see if the requested + section name is a valid printer share name. If a match is found, a new printer share is created by cloning the + [printers] section. + + + + A few modifications are then made to the newly created share: + + + + The share name is set to the located printer name + + If no printer name was given, the printer name is set to the located printer name + + If the share does not permit guest access and no username was given, the username is set + to the located printer name. + + + + The [printers] service MUST be printable - if you specify otherwise, the server will refuse + to load the configuration file. + + + + Typically the path specified is that of a world-writeable spool directory with the sticky bit set on + it. A typical [printers] entry looks like this: + + +/usr/spool/public +yes +yes + + + + + All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. + If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file + consisting of one or more lines like this: + +alias|alias|alias|alias... + + + + + Each alias should be an acceptable printer name for your printing subsystem. In the [global] section, + specify the new file as your printcap. The server will only recognize names found in your pseudo-printcap, + which of course can contain whatever aliases you like. The same technique could be used simply to limit access + to a subset of your local printers. + + + + An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines, + components (if there are more than one) are separated by vertical bar symbols (|). + + + + On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use + printcap name = lpstat to automatically obtain a list of printers. See the + printcap name option for more details. + + + + + + USERSHARES + + Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete + their own share definitions has been added. This capability is called usershares and + is controlled by a set of parameters in the [global] section of the smb.conf. + The relevant parameters are : + + + + + usershare allow guests + Controls if usershares can permit guest access. + + + + usershare max shares + Maximum number of user defined shares allowed. + + + + usershare owner only + If set only directories owned by the sharing user can be shared. + + + + usershare path + Points to the directory containing the user defined share definitions. + The filesystem permissions on this directory control who can create user defined shares. + + + + usershare prefix allow list + Comma-separated list of absolute pathnames restricting what directories + can be shared. Only directories below the pathnames in this list are permitted. + + + + usershare prefix deny list + Comma-separated list of absolute pathnames restricting what directories + can be shared. Directories below the pathnames in this list are prohibited. + + + + usershare template share + Names a pre-existing share used as a template for creating new usershares. + All other share parameters not specified in the user defined share definition + are copied from this named share. + + + + To allow members of the UNIX group foo to create user defined + shares, create the directory to contain the share definitions as follows: + + Become root: + +mkdir /usr/local/samba/lib/usershares +chgrp foo /usr/local/samba/lib/usershares +chmod 1770 /usr/local/samba/lib/usershares + +Then add the parameters + + + /usr/local/samba/lib/usershares + 10 # (or the desired number of shares) + + + to the global + section of your smb.conf. Members of the group foo may then manipulate the user defined shares + using the following commands. + + + + net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] + To create or modify (overwrite) a user defined share. + + + + net usershare delete sharename + To delete a user defined share. + + + + net usershare list wildcard-sharename + To list user defined shares. + + + + net usershare info wildcard-sharename + To print information about user defined shares. + + + + + + PARAMETERS + + Parameters define the specific attributes of sections. + + + Some parameters are specific to the [global] section (e.g., security). Some parameters + are usable in all sections (e.g., create mask). All others are permissible only in normal + sections. For the purposes of the following descriptions the [homes] and [printers] sections will be + considered normal. The letter G in parentheses indicates that a parameter is specific to + the [global] section. The letter S indicates that a parameter can be specified in a + service specific section. All S parameters can also be specified in the [global] section + - in which case they will define the default behavior for all services. + + + + Parameters are arranged here in alphabetical order - this may not create best bedfellows, but at least you can + find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred + synonym. + + + + + VARIABLE SUBSTITUTIONS + + + Many of the strings that are settable in the config file can take substitutions. For example the option + path = /tmp/%u is interpreted as path = /tmp/john if the user connected with the + username john. + + + + These substitutions are mostly noted in the descriptions below, but there are some general substitutions + which apply whenever they might be relevant. These are: + + + + + %U + session username (the username that the client wanted, not + necessarily the same as the one they got). + + + + %G + primary group name of %U. + + + + %h + the Internet hostname that Samba is running on. + + + + %m + the NetBIOS name of the client machine (very useful). + + This parameter is not available when Samba listens on port 445, as clients no longer + send this information. If you use this macro in an include statement on a domain that has + a Samba domain controller be sure to set in the [global] section smb ports = + 139. This will cause Samba to not listen on port 445 and will permit include + functionality to function as it did with Samba 2.x. + + + + + + %L + the NetBIOS name of the server. This allows you to change your config based on what + the client calls you. Your server can have a dual personality. + + + + + %M + the Internet name of the client machine. + + + + + %R + the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, + LANMAN1, LANMAN2 or NT1. + + + + %d + the process id of the current server + process. + + + + %a + + The architecture of the remote + machine. It currently recognizes Samba (Samba), + the Linux CIFS file system (CIFSFS), OS/2, (OS2), + Windows for Workgroups (WfWg), Windows 9x/ME + (Win95), Windows NT (WinNT), + Windows 2000 (Win2K), + Windows XP (WinXP), + Windows XP 64-bit(WinXP64), + Windows 2003 including + 2003R2 (Win2K3), and Windows + Vista (Vista). Anything else will be known as + UNKNOWN. + + + + + %I + the IP address of the client machine. + + + + + %i + the local IP address to which a client connected. + + + + + %T + the current date and time. + + + + %D + name of the domain or workgroup of the current user. + + + + %w + the winbind separator. + + + + %$(envvar) + the value of the environment variable + envar. + + + + + The following substitutes apply only to some configuration options (only those that are + used when a connection has been established): + + + + + %S + the name of the current service, if any. + + + + + %P + the root directory of the current service, if any. + + + + %u + username of the current service, if any. + + + + + %g + primary group name of %u. + + + + %H + the home directory of the user given by %u. + + + + %N + + the name of your NIS home directory server. This is obtained from your NIS auto.map entry. + If you have not compiled Samba with the --with-automount option, this + value will be the same as %L. + + + + %p + + the path of the service's home directory, obtained from your NIS auto.map entry. The NIS + auto.map entry is split up as %N:%p. + + + + + There are some quite creative things that can be done with these substitutions and other + smb.conf options. + + + + + NAME MANGLING + + + Samba supports name mangling so that DOS and Windows clients can use files that don't + conform to the 8.3 format. It can also be set to adjust the case of 8.3 format filenames. + + + + There are several options that control the way mangling is performed, and they are grouped here rather + than listed separately. For the defaults look at the output of the testparm program. + + + + These options can be set separately for each service. + + + + The options are: + + + + + + case sensitive = yes/no/auto + + controls whether filenames are case sensitive. If they aren't, Samba must do a filename search and match on + passed names. The default setting of auto allows clients that support case sensitive filenames (Linux CIFSVFS + and smbclient 3.0.5 and above currently) to tell the Samba server on a per-packet basis that they wish to + access the file system in a case-sensitive manner (to support UNIX case sensitive semantics). No Windows or + DOS system supports case-sensitive filename so setting this option to auto is that same as setting it to no + for them. Default auto. + + + + + default case = upper/lower + + controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem). + Default lower. IMPORTANT NOTE: This option will be used to modify the case of + all incoming client filenames, not just new filenames if the options yes, No, + No are set. This change is needed as part of the + optimisations for directories containing large numbers of files. + + + + + preserve case = yes/no + + controls whether new files (ie. files that don't currently exist in the filesystem) are created with the case + that the client passes, or if they are forced to be the default case. Default + yes. + + + + + short preserve case = yes/no + + controls if new files (ie. files that don't currently exist in the filesystem) which conform to 8.3 syntax, + that is all in upper case and of suitable length, are created upper case, or if they are forced to be the + default case. This option can be used with preserve case = yes to permit + long filenames to retain their case, while short names are lowercased. Default yes. + + + + + + By default, Samba 3.0 has the same semantics as a Windows NT server, in that it is case insensitive + but case preserving. As a special case for directories with large numbers of files, if the case + options are set as follows, "case sensitive = yes", "case preserve = no", "short preserve case = no" + then the "default case" option will be applied and will modify all filenames sent from the client + when accessing this share. + + + + + + NOTE ABOUT USERNAME/PASSWORD VALIDATION + + + There are a number of ways in which a user can connect to a service. The server uses the following steps + in determining if it will allow a connection to a specified service. If all the steps fail, the connection + request is rejected. However, if one of the steps succeeds, the following steps are not checked. + + + + If the service is marked guest only = yes and the server is running with share-level + security (security = share, steps 1 to 5 are skipped. + + + + + + If the client has passed a username/password pair and that username/password pair is validated by the UNIX + system's password programs, the connection is made as that username. This includes the + \\server\service%username method of passing a username. + + + + If the client has previously registered a username with the system and now supplies a correct password for that + username, the connection is allowed. + + + + The client's NetBIOS name and any previously used usernames are checked against the supplied password. If + they match, the connection is allowed as the corresponding user. + + + + If the client has previously validated a username/password pair with the server and the client has passed + the validation token, that username is used. + + + + If a user = field is given in the smb.conf file for the + service and the client has supplied a password, and that password matches (according to the UNIX system's + password checking) with one of the usernames from the user = field, the connection is made as + the username in the user = line. If one of the usernames in the user = list + begins with a @, that name expands to a list of names in the group of the same name. + + + + If the service is a guest service, a connection is made as the username given in the guest account + = for the service, irrespective of the supplied password. + + + + + + + REGISTRY-BASED CONFIGURATION + + + Starting with Samba version 3.2.0, the capability to + store Samba configuration in the registry is available. + There are two levels of registry configuration: + + + + Share definitions stored in registry are used. + This is triggered by setting the global + parameter registry shares to yes + in smb.conf. + + + Note: Shares defined in smb.conf + always take priority over + shares of the same name defined in registry. + + + Global smb.conf options stored in + registry are used. This is triggered by the + parameter registry in + the [global] section of smb.conf. + This removes everything that has been read from config files + to this point and reads the content of the global configuration + section from the registry. + Activation of global registry options automatically + activates registry shares. In this case, no share definitions + from smb.conf are read: This is a registry only configuration + with the advantage that share definitions are not read + in a bulk at startup time but on demand when a share is + accessed. + + + + + Caveat: To make registry-based configurations foolproof at least to a + certain extent, the use + of lock directory, + config backend, and + include inside the registry + configuration has been disabled. Especially, by changing the + lock directory inside the registry + configuration, one would create a broken setup where the daemons + do not see the configuration they loaded once it is active. + + + + The registry configuration can be accessed with + tools like regedit or net rpc + registry in the key + HKLM\Software\Samba\smbconf. + + More conveniently, the conf subcommand of the + net + 8 utility + offers a dedicated interface to read and write the + registry based configuration locally, i.e. directly + accessing the database file, circumventing the + server. + + + + + + EXPLANATION OF EACH PARAMETER + + + + + + + + + WARNINGS + + + Although the configuration file permits service names to contain spaces, your client software may not. + Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility. + + + + On a similar note, many clients - especially DOS clients - limit service names to eight characters. + smbd 8 has no such + limitation, but attempts to connect from such clients will fail if they truncate the service names. For this + reason you should probably keep your service names down to eight characters in length. + + + + Use of the [homes] and [printers] special sections make life + for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme + care when designing these sections. In particular, ensure that the permissions on spool directories are + correct. + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + + samba + 7, smbpasswd + 8, swat + 8, smbd + 8, nmbd + 8, smbclient + 1, nmblookup + 1, testparm + 1, testprns + 1. + + + + AUTHOR + + + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. + + + + The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion + to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by + Alexander Bokovoy. + + + + diff --git a/docs-xml/manpages-3/smbcacls.1.xml b/docs-xml/manpages-3/smbcacls.1.xml new file mode 100644 index 0000000000..695d58ae64 --- /dev/null +++ b/docs-xml/manpages-3/smbcacls.1.xml @@ -0,0 +1,264 @@ + + + + + + smbcacls + 1 + Samba + User Commands + 3.2 + + + + + smbcacls + Set or get ACLs on an NT file or directory names + + + + + smbcacls + //server/share + filename + -D acls + -M acls + -a acls + -S acls + -C name + -G name + --numeric + -t + -U username + -h + -d + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + The smbcacls program manipulates NT Access Control + Lists (ACLs) on SMB file shares. + + + + + OPTIONS + + The following options are available to the smbcacls program. + The format of ACLs is described in the section ACL FORMAT + + + + + -a acls + Add the ACLs specified to the ACL list. Existing + access control entries are unchanged. + + + + + + -M acls + Modify the mask value (permissions) for the ACLs + specified on the command line. An error will be printed for each + ACL specified that was not already present in the ACL list + + + + + + + -D acls + Delete any ACLs specified on the command line. + An error will be printed for each ACL specified that was not + already present in the ACL list. + + + + + + -S acls + This command sets the ACLs on the file with + only the ones specified on the command line. All other ACLs are + erased. Note that the ACL specified must contain at least a revision, + type, owner and group for the call to succeed. + + + + + + -U username + Specifies a username used to connect to the + specified service. The username may be of the form "username" in + which case the user is prompted to enter in a password and the + workgroup specified in the smb.conf + 5 file is + used, or "username%password" or "DOMAIN\username%password" and the + password and workgroup names are used as provided. + + + + + + -C name + The owner of a file or directory can be changed + to the name given using the -C option. + The name can be a sid in the form S-1-x-y-z or a name resolved + against the server specified in the first argument. + + This command is a shortcut for -M OWNER:name. + + + + + + + -G name + The group owner of a file or directory can + be changed to the name given using the -G + option. The name can be a sid in the form S-1-x-y-z or a name + resolved against the server specified n the first argument. + + + This command is a shortcut for -M GROUP:name. + + + + + + --numeric + This option displays all ACL information in numeric + format. The default is to convert SIDs to names and ACE types + and masks to a readable string format. + + + + -t + + Don't actually do anything, only validate the correctness of + the arguments. + + + + &stdarg.help; + &stdarg.server.debug; + &popt.common.samba; + + + + + + ACL FORMAT + + The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: + + +REVISION:<revision number> +OWNER:<sid or name> +GROUP:<sid or name> +ACL:<sid or name>:<type>/<flags>/<mask> + + + + The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour. + + The owner and group specify the owner and group sids for the + object. If a SID in the format S-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides. + + ACLs specify permissions granted to the SID. This SID again + can be specified in S-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID. + + The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are: + + + #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 + #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 + #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 + #define SEC_ACE_FLAG_INHERIT_ONLY 0x8 + + + At present flags can only be specified as decimal or + hexadecimal values. + + The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name. + + + R - Allow read access + W - Allow write access + X - Execute permission on the object + D - Delete the object + P - Change permissions + O - Take ownership + + + + The following combined permissions can be specified: + + + + READ - Equivalent to 'RX' + permissions + CHANGE - Equivalent to 'RXWD' permissions + + FULL - Equivalent to 'RWXDPO' + permissions + + + + + EXIT STATUS + + The smbcacls program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. + + If the operation succeeded, smbcacls returns and exit + status of 0. If smbcacls couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + smbcacls was written by Andrew Tridgell + and Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done + by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbclient.1.xml b/docs-xml/manpages-3/smbclient.1.xml new file mode 100644 index 0000000000..e8e1b215cd --- /dev/null +++ b/docs-xml/manpages-3/smbclient.1.xml @@ -0,0 +1,1135 @@ + + + + + + smbclient + 1 + Samba + User Commands + 3.2 + + + + + smbclient + ftp-like client to access SMB/CIFS resources + on servers + + + + + smbclient + -b <buffer size> + -d debuglevel + -e + -L <netbios name> + -U username + -I destinationIP + -M <netbios name> + -m maxprotocol + -A authfile + -N + -i scope + -O <socket options> + -p port + -R <name resolve order> + -s <smb config file> + -k + -P + -c <command> + + + + smbclient + servicename + password + -b <buffer size> + -d debuglevel + -e + -D Directory + -U username + -W workgroup + -M <netbios name> + -m maxprotocol + -A authfile + -N + -l log-basename + -I destinationIP + -E + -c <command string> + -i scope + -O <socket options> + -p port + -R <name resolve order> + -s <smb config file> + -T<c|x>IXFqgbNan + -k + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbclient is a client that can + 'talk' to an SMB/CIFS server. It offers an interface + similar to that of the ftp program (see ftp + 1). + Operations include things like getting files from the server + to the local machine, putting files from the local machine to + the server, retrieving directory information from the server + and so on. + + + + + OPTIONS + + + + servicename + servicename is the name of the service + you want to use on the server. A service name takes the form + //server/service where server + is the NetBIOS name of the SMB/CIFS server + offering the desired service and service + is the name of the service offered. Thus to connect to + the service "printer" on the SMB/CIFS server "smbserver", + you would use the servicename //smbserver/printer + + + Note that the server name required is NOT necessarily + the IP (DNS) host name of the server ! The name required is + a NetBIOS server name, which may or may not be the + same as the IP hostname of the machine running the server. + + + The server name is looked up according to either + the -R parameter to smbclient or + using the name resolve order parameter in + the smb.conf + 5 file, + allowing an administrator to change the order and methods + by which server names are looked up. + + + + password + The password required to access the specified + service on the specified server. If this parameter is + supplied, the -N option (suppress + password prompt) is assumed. + + There is no default password. If no password is supplied + on the command line (either by using this parameter or adding + a password to the -U option (see + below)) and the -N option is not + specified, the client will prompt for a password, even if + the desired service does not require one. (If no password is + required, simply press ENTER to provide a null password.) + + + Note: Some servers (including OS/2 and Windows for + Workgroups) insist on an uppercase password. Lowercase + or mixed case passwords may be rejected by these servers. + + + Be cautious about including passwords in scripts. + + + + + -R <name resolve order> + This option is used by the programs in the Samba + suite to determine what naming services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options. + + The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows: + + + lmhosts: Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see + the lmhosts + 5 for details) then + any name type matches for lookup. + + + host: Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored. + + + wins: Query a name with + the IP address listed in the wins server + parameter. If no WINS server has + been specified this method will be ignored. + + + bcast: Do a broadcast on + each of the known local interfaces listed in the + interfaces + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet. + + + + If this parameter is not set then the name resolve order + defined in the smb.conf + 5 file parameter + (name resolve order) will be used. + + The default order is lmhosts, host, wins, bcast and without + this parameter or any entry in the name resolve order + parameter of the smb.conf + 5 file the name resolution + methods will be attempted in this order. + + + + + -M NetBIOS name + This options allows you to send messages, using + the "WinPopup" protocol, to another computer. Once a connection is + established you then type your message, pressing ^D (control-D) to + end. + + If the receiving computer is running WinPopup the user will + receive the message and probably a beep. If they are not running + WinPopup the message will be lost, and no error message will + occur. + + The message is also automatically truncated if the message + is over 1600 bytes, as this is the limit of the protocol. + + + + One useful trick is to pipe the message through smbclient. + For example: smbclient -M FRED < mymessage.txt will send the + message in the file mymessage.txt to the + machine FRED. + + + You may also find the -U and + -I options useful, as they allow you to + control the FROM and TO parts of the message. + + See the message command parameter in the smb.conf + 5 for a description of how to handle incoming + WinPopup messages in Samba. + + Note: Copy WinPopup into the startup group + on your WfWg PCs if you want them to always be able to receive + messages. + + + + -p port + This number is the TCP port number that will be used + when making connections to the server. The standard (well-known) + TCP port number for an SMB/CIFS server is 139, which is the + default. + + + + -P + + Make queries to the external server using the machine account of the local server. + + + + &stdarg.help; + + + -I IP-address + IP address is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. + + Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the name resolve order + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. + + There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. + + + + -E + This parameter causes the client to write messages + to the standard error stream (stderr) rather than to the standard + output stream. + + By default, the client writes messages to standard output + - typically the user's tty. + + + + -L + This option allows you to look at what services + are available on a server. You use it as smbclient -L + host and a list should appear. The -I + option may be useful if your NetBIOS names don't + match your TCP/IP DNS host names or if you are trying to reach a + host on another network. + + + + -t terminal code + This option tells smbclient how to interpret + filenames coming from the remote server. Usually Asian language + multibyte UNIX implementations use different character sets than + SMB/CIFS servers (EUC instead of + SJIS for example). Setting this parameter will let + smbclient convert between the UNIX filenames and + the SMB filenames correctly. This option has not been seriously tested + and may have some problems. + + The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8, + CWjunet, CWhex, CWcap. This is not a complete list, check the Samba + source code for the complete list. + + + + -b buffersize + This option changes the transmit/send buffer + size when getting or putting a file from/to the server. The default + is 65520 bytes. Setting this value smaller (to 1200 bytes) has been + observed to speed up file transfers to and from a Win9x server. + + + + + -e + This command line parameter requires the remote + server support the UNIX extensions. Request that the connection be + encrypted. This is new for Samba 3.2 and will only work with Samba + 3.2 or above servers. Negotiates SMB encryption using GSSAPI. Uses + the given credentials for the encryption negotiaion (either kerberos + or NTLMv1/v2 if given domain/username/password triple. Fails the + connection if encryption cannot be negotiated. + + + + &stdarg.client.debug; + &popt.common.samba; + &popt.common.credentials; + &popt.common.connection; + + + -T tar options + smbclient may be used to create tar(1) + compatible backups of all the files on an SMB/CIFS + share. The secondary tar flags that can be given to this option + are : + + + c - Create a tar file on UNIX. + Must be followed by the name of a tar file, tape device + or "-" for standard output. If using standard output you must + turn the log level to its lowest value -d0 to avoid corrupting + your tar file. This flag is mutually exclusive with the + x flag. + + x - Extract (restore) a local + tar file back to a share. Unless the -D option is given, the tar + files will be restored from the top level of the share. Must be + followed by the name of the tar file, device or "-" for standard + input. Mutually exclusive with the c flag. + Restored files have their creation times (mtime) set to the + date saved in the tar file. Directories currently do not get + their creation dates restored properly. + + I - Include files and directories. + Is the default behavior when filenames are specified above. Causes + files to be included in an extract or create (and therefore + everything else to be excluded). See example below. Filename globbing + works in one of two ways. See r below. + + X - Exclude files and directories. + Causes files to be excluded from an extract or create. See + example below. Filename globbing works in one of two ways now. + See r below. + + F - File containing a list of files and directories. + The F causes the name following the tarfile to + create to be read as a filename that contains a list of files and directories to + be included in an extract or create (and therefore everything else to be excluded). + See example below. Filename globbing works in one of two ways. + See r below. + + + b - Blocksize. Must be followed + by a valid (greater than zero) blocksize. Causes tar file to be + written out in blocksize*TBLOCK (usually 512 byte) blocks. + + + g - Incremental. Only back up + files that have the archive bit set. Useful only with the + c flag. + + q - Quiet. Keeps tar from printing + diagnostics as it works. This is the same as tarmode quiet. + + + r - Regular expression include + or exclude. Uses regular expression matching for + excluding or excluding files if compiled with HAVE_REGEX_H. + However this mode can be very slow. If not compiled with + HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. + + + N - Newer than. Must be followed + by the name of a file whose date is compared against files found + on the share during a create. Only files newer than the file + specified are backed up to the tar file. Useful only with the + c flag. + + a - Set archive bit. Causes the + archive bit to be reset when a file is backed up. Useful with the + g and c flags. + + + + Tar Long File Names + + smbclient's tar option now supports long + file names both on backup and restore. However, the full path + name of the file must be less than 1024 bytes. Also, when + a tar archive is created, smbclient's tar option places all + files in the archive with relative names, not absolute names. + + + Tar Filenames + + All file names can be given as DOS path names (with '\\' + as the component separator) or as UNIX path names (with '/' as + the component separator). + + Examples + + Restore from tar file backup.tar into myshare on mypc + (no password on share). + + smbclient //mypc/yshare "" -N -Tx backup.tar + + + Restore everything except users/docs + + + smbclient //mypc/myshare "" -N -TXx backup.tar + users/docs + + Create a tar file of the files beneath + users/docs. + + smbclient //mypc/myshare "" -N -Tc + backup.tar users/docs + + Create the same tar file as above, but now use + a DOS path name. + + smbclient //mypc/myshare "" -N -tc backup.tar + users\edocs + + Create a tar file of the files listed in the file tarlist. + + smbclient //mypc/myshare "" -N -TcF + backup.tar tarlist + + Create a tar file of all the files and directories in + the share. + + smbclient //mypc/myshare "" -N -Tc backup.tar * + + + + + + -D initial directory + Change to initial directory before starting. Probably + only of any use with the tar -T option. + + + + -c command string + command string is a semicolon-separated list of + commands to be executed instead of prompting from stdin. + -N is implied by -c. + + This is particularly useful in scripts and for printing stdin + to the server, e.g. -c 'print -'. + + + + + + + + OPERATIONS + + Once the client is running, the user is presented with + a prompt : + + smb:\> + + The backslash ("\\") indicates the current working directory + on the server, and will change if the current working directory + is changed. + + The prompt indicates that the client is ready and waiting to + carry out a user command. Each command is a single word, optionally + followed by parameters specific to that command. Command and parameters + are space-delimited unless these notes specifically + state otherwise. All commands are case-insensitive. Parameters to + commands may or may not be case sensitive, depending on the command. + + + You can specify file names which have spaces in them by quoting + the name with double quotes, for example "a long file name". + + Parameters shown in square brackets (e.g., "[parameter]") are + optional. If not given, the command will use suitable defaults. Parameters + shown in angle brackets (e.g., "<parameter>") are required. + + + + Note that all commands operating on the server are actually + performed by issuing a request to the server. Thus the behavior may + vary from server to server, depending on how the server was implemented. + + + The commands available are given here in alphabetical order. + + + + ? [command] + If command is specified, the ? command will display + a brief informative message about the specified command. If no + command is specified, a list of available commands will + be displayed. + + + + ! [shell command] + If shell command is specified, the ! + command will execute a shell locally and run the specified shell + command. If no command is specified, a local shell will be run. + + + + + allinfo file + The client will request that the server return + all known information about a file or directory (including streams). + + + + + altname file + The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. + + + + + archive <number> + Sets the archive level when operating on files. + 0 means ignore the archive bit, 1 means only operate on files with this bit set, + 2 means only operate on files with this bit set and reset it after operation, + 3 means operate on all files and reset it after operation. The default is 0. + + + + + blocksize <number> + Sets the blocksize parameter for a tar operation. The default is 20. + Causes tar file to be written out in blocksize*TBLOCK (normally 512 byte) units. + + + + + cancel jobid0 [jobid1] ... [jobidN] + The client will request that the server cancel + the printjobs identified by the given numeric print job ids. + + + + + case_sensitive + Toggles the setting of the flag in SMB packets that + tells the server to treat filenames as case sensitive. Set to OFF by + default (tells file server to treat filenames as case insensitive). Only + currently affects Samba 3.0.5 and above file servers with the case sensitive + parameter set to auto in the smb.conf. + + + + + cd <directory name> + If "directory name" is specified, the current + working directory on the server will be changed to the directory + specified. This operation will fail if for any reason the specified + directory is inaccessible. + + If no directory name is specified, the current working + directory on the server will be reported. + + + + chmod file mode in octal + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. + + + + + chown file uid gid + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. + + + + + close <fileid> + Closes a file explicitly opened by the open command. Used for + internal Samba testing purposes. + + + + + del <mask> + The client will request that the server attempt + to delete all files matching mask from the current working + directory on the server. + + + + dir <mask> + A list of the files matching mask in the current + working directory on the server will be retrieved from the server + and displayed. + + + + du <filename> + Does a directory listing and then prints out the current disk useage and free space on a share. + + + + + echo <number> <data> + Does an SMBecho request to ping the server. Used for internal Samba testing purposes. + + + + + exit + Terminate the connection with the server and exit + from the program. + + + + get <remote file name> [local file name] + Copy the file called remote file name from + the server to the machine running the client. If specified, name + the local copy local file name. Note that all transfers in + smbclient are binary. See also the + lowercase command. + + + + getfacl <filename> + Requires the server support the UNIX extensions. Requests and prints + the POSIX ACL on a file. + + + + + hardlink <src> <dest< + Creates a hardlink on the server using Windows CIFS semantics. + the POSIX ACL on a file. + + + + + help [command] + See the ? command above. + + + + history Displays the command history. + + + + iosize <bytes> + When sending or receiving files, smbclient uses an + internal memory buffer by default of size 64512 bytes. This command + allows this size to be set to any range between 16384 (0x4000) bytes + and 16776960 (0xFFFF00) bytes. Larger sizes may mean more efficient + data transfer as smbclient will try and use the most efficient + read and write calls for the connected server. + + + + + lcd [directory name] + If directory name is specified, the current + working directory on the local machine will be changed to + the directory specified. This operation will fail if for any + reason the specified directory is inaccessible. + + If no directory name is specified, the name of the + current working directory on the local machine will be reported. + + + + + link target linkname + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the linkname and target files. The linkname file + must not exist. + + + + + listconnect + Show the current connections held for DFS purposes. + + + + + lock <filenum> <r|w> <hex-start> <hex-len> + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. Tries to set a POSIX + fcntl lock of the given type on the given range. Used for internal Samba testing purposes. + + + + + logon <username> <password> + Establishes a new vuid for this session by logging on again. + Replaces the current vuid. Prints out the new vuid. Used for internal Samba testing purposes. + + + + + lowercase + Toggle lowercasing of filenames for the get and + mget commands. + + + When lowercasing is toggled ON, local filenames are converted + to lowercase when using the get and mget commands. This is + often useful when copying (say) MSDOS files from a server, because + lowercase filenames are the norm on UNIX systems. + + + + ls <mask> + See the dir command above. + + + + mask <mask> + This command allows the user to set up a mask + which will be used during recursive operation of the mget and + mput commands. + + The masks specified to the mget and mput commands act as + filters for directories rather than files when recursion is + toggled ON. + + The mask specified with the mask command is necessary + to filter files within those directories. For example, if the + mask specified in an mget command is "source*" and the mask + specified with the mask command is "*.c" and recursion is + toggled ON, the mget command will retrieve all files matching + "*.c" in all directories below and including all directories + matching "source*" in the current working directory. + + Note that the value for mask defaults to blank (equivalent + to "*") and remains so until the mask command is used to change it. + It retains the most recently specified value indefinitely. To + avoid unexpected results it would be wise to change the value of + mask back to "*" after using the mget or mput commands. + + + + md <directory name> + See the mkdir command. + + + + mget <mask> + Copy all files matching mask from the server to + the machine running the client. + + Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and + mask commands for more information. Note that all transfers in + smbclient are binary. See also the lowercase command. + + + + mkdir <directory name> + Create a new directory on the server (user access + privileges permitting) with the specified name. + + + + more <file name> + Fetch a remote file and view it with the contents + of your PAGER environment variable. + + + + + mput <mask> + Copy all files matching mask in the current working + directory on the local machine to the current working directory on + the server. + + Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and mask + commands for more information. Note that all transfers in smbclient + are binary. + + + + posix + Query the remote server to see if it supports the CIFS UNIX + extensions and prints out the list of capabilities supported. If so, turn + on POSIX pathname processing and large file read/writes (if available),. + + + + + posix_encrypt <domain> <username> <password> + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. Attempt to negotiate + SMB encryption on this connection. If smbclient connected with kerberos + credentials (-k) the arguments to this command are ignored and the kerberos + credentials are used to negotiate GSSAPI signing and sealing instead. See + also the -e option to smbclient to force encryption on initial connection. + This command is new with Samba 3.2. + + + + + posix_open <filename> <octal mode> + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. Opens a remote file + using the CIFS UNIX extensions and prints a fileid. Used for internal Samba + testing purposes. + + + + + posix_mkdir <directoryname> <octal mode> + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. Creates a remote directory + using the CIFS UNIX extensions with the given mode. + + + + + posix_rmdir <directoryname> + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. Deletes a remote directory + using the CIFS UNIX extensions. + + + + + posix_unlink <filename> + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. Deletes a remote file + using the CIFS UNIX extensions. + + + + + print <file name> + Print the specified file from the local machine + through a printable service on the server. + + + + prompt + Toggle prompting for filenames during operation + of the mget and mput commands. + + When toggled ON, the user will be prompted to confirm + the transfer of each file during these commands. When toggled + OFF, all specified files will be transferred without prompting. + + + + + put <local file name> [remote file name] + Copy the file called local file name from the + machine running the client to the server. If specified, + name the remote copy remote file name. Note that all transfers + in smbclient are binary. See also the lowercase command. + + + + + queue + Displays the print queue, showing the job id, + name, size and current status. + + + + quit + See the exit command. + + + + rd <directory name> + See the rmdir command. + + + + recurse + Toggle directory recursion for the commands mget + and mput. + + When toggled ON, these commands will process all directories + in the source directory (i.e., the directory they are copying + from ) and will recurse into any that match the mask specified + to the command. Only files that match the mask specified using + the mask command will be retrieved. See also the mask command. + + + When recursion is toggled OFF, only files from the current + working directory on the source machine that match the mask specified + to the mget or mput commands will be copied, and any mask specified + using the mask command will be ignored. + + + + rm <mask> + Remove all files matching mask from the current + working directory on the server. + + + + rmdir <directory name> + Remove the specified directory (user access + privileges permitting) from the server. + + + + setmode <filename> <perm=[+|\-]rsha> + A version of the DOS attrib command to set + file permissions. For example: + + setmode myfile +r + + would make myfile read only. + + + + showconnect + Show the currently active connection held for DFS purposes. + + + + + stat file + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests the + UNIX basic info level and prints out the same info that the Linux stat command + would about the file. This includes the size, blocks used on disk, file type, + permissions, inode number, number of links and finally the three timestamps + (access, modify and change). If the file is a special file (symlink, character or + block device, fifo or socket) then extra information may also be printed. + + + + + symlink target linkname + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the target and linkname files. The linkname file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. + + + + + tar <c|x>[IXbgNa] + Performs a tar operation - see the -T + command line option above. Behavior may be affected + by the tarmode command (see below). Using g (incremental) and N + (newer) will affect tarmode settings. Note that using the "-" option + with tar x may not work - use the command line option instead. + + + + + blocksize <blocksize> + Blocksize. Must be followed by a valid (greater + than zero) blocksize. Causes tar file to be written out in + blocksize*TBLOCK (usually 512 byte) blocks. + + + + tarmode <full|inc|reset|noreset> + Changes tar's behavior with regard to archive + bits. In full mode, tar will back up everything regardless of the + archive bit setting (this is the default mode). In incremental mode, + tar will only back up files with the archive bit set. In reset mode, + tar will reset the archive bit on all files it backs up (implies + read/write share). + + + + unlock <filenum> <hex-start> <hex-len> + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. Tries to unlock a POSIX + fcntl lock on the given range. Used for internal Samba testing purposes. + + + + + volume + Prints the current volume name of the share. + + + + + vuid <number> + Changes the currently used vuid in the protocol to + the given arbitrary number. Without an argument prints out the current + vuid being used. Used for internal Samba testing purposes. + + + + + + + + NOTES + + Some servers are fussy about the case of supplied usernames, + passwords, share names (AKA service names) and machine names. + If you fail to connect try giving all parameters in uppercase. + + + It is often necessary to use the -n option when connecting + to some types of servers. For example OS/2 LanManager insists + on a valid NetBIOS name being used, so you need to supply a valid + name that would be known to the server. + + smbclient supports long file names where the server + supports the LANMAN2 protocol or above. + + + + ENVIRONMENT VARIABLES + + The variable USER may contain the + username of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. + + + The variable PASSWD may contain + the password of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. + + The variable LIBSMB_PROG may contain + the path, executed with system(), which the client should connect + to instead of connecting to a server. This functionality is primarily + intended as a development aid, and works best when using a LMHOSTS + file + + + + + INSTALLATION + + The location of the client program is a matter for + individual system administrators. The following are thus + suggestions only. + + It is recommended that the smbclient software be installed + in the /usr/local/samba/bin/ or + /usr/samba/bin/ directory, this directory readable + by all, writeable only by root. The client program itself should + be executable by all. The client should NOT be + setuid or setgid! + + The client log files should be put in a directory readable + and writeable only by the user. + + To test the client, you will need to know the name of a + running SMB/CIFS server. It is possible to run smbd + 8 as an ordinary user - running that server as a daemon + on a user-accessible port (typically any port number over 1024) + would provide a suitable test server. + + + + + DIAGNOSTICS + + Most diagnostics issued by the client are logged in a + specified log file. The log file name is specified at compile time, + but may be overridden on the command line. + + The number and nature of diagnostics available depends + on the debug level used by the client. If you have problems, + set the debug level to 3 and peruse the log files. + + + + + VERSION + + This man page is correct for version 3.2 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbcontrol.1.xml b/docs-xml/manpages-3/smbcontrol.1.xml new file mode 100644 index 0000000000..4dcf8d31c6 --- /dev/null +++ b/docs-xml/manpages-3/smbcontrol.1.xml @@ -0,0 +1,297 @@ + + + + + + smbcontrol + 1 + Samba + User Commands + 3.2 + + + + + smbcontrol + send messages to smbd, nmbd or winbindd processes + + + + + smbcontrol + -i + -s + + + + smbcontrol + destination + message-type + parameter + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbcontrol is a very small program, which + sends messages to a smbd + 8, a nmbd + 8, or a winbindd + 8 daemon running on the system. + + + + + OPTIONS + + + &stdarg.help; + &stdarg.configfile; + + -i + Run interactively. Individual commands + of the form destination message-type parameters can be entered + on STDIN. An empty command line or a "q" will quit the + program. + + + + destination + One of nmbd, smbd or a process ID. + + The smbd destination causes the + message to "broadcast" to all smbd daemons. + + The nmbd destination causes the + message to be sent to the nmbd daemon specified in the + nmbd.pid file. + + If a single process ID is given, the message is sent + to only that process. + + + + + message-type + Type of message to send. See + the section MESSAGE-TYPES for details. + + + + + + parameters + any parameters required for the message-type + + + + + + + + MESSAGE-TYPES + + Available message types are: + + + close-share + Order smbd to close the client + connections to the named share. Note that this doesn't affect client + connections to any other shares. This message-type takes an argument of the + share name for which client connections will be closed, or the + "*" character which will close all currently open shares. + This may be useful if you made changes to the access controls on the share. + This message can only be sent to smbd. + + + + + debug + Set debug level to the value specified by the + parameter. This can be sent to any of the destinations. + + + + + force-election + This message causes the nmbd daemon to + force a new browse master election. + + + + ping + + Send specified number of "ping" messages and + wait for the same number of reply "pong" messages. This can be sent to + any of the destinations. + + + + + profile + Change profile settings of a daemon, based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any smbd or nmbd destinations. + + + + debuglevel + + Request debuglevel of a certain daemon and write it to stdout. This + can be sent to any of the destinations. + + + + + profilelevel + + Request profilelevel of a certain daemon and write it to stdout. + This can be sent to any smbd or nmbd destinations. + + + + + printnotify + + Order smbd to send a printer notify message to any Windows NT clients + connected to a printer. This message-type takes the following arguments: + + + + + + queuepause printername + Send a queue pause change notify + message to the printer specified. + + + + queueresume printername + Send a queue resume change notify + message for the printer specified. + + + + jobpause printername unixjobid + Send a job pause change notify + message for the printer and unix jobid + specified. + + + + jobresume printername unixjobid + Send a job resume change notify + message for the printer and unix jobid + specified. + + + + jobdelete printername unixjobid + Send a job delete change notify + message for the printer and unix jobid + specified. + + + + + Note that this message only sends notification that an + event has occured. It doesn't actually cause the + event to happen. + + + This message can only be sent to smbd. + + + + + samsync + Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to smbd. + Not working at the moment + + + + + samrepl + Send sam replication message, with specified serial. Can only be sent to smbd. Should not be used manually. + + + + dmalloc-mark + Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. + + + + dmalloc-log-changed + + Dump the pointers that have changed since the mark set by dmalloc-mark. + Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. + + + + shutdown + Shut down specified daemon. Can be sent to both smbd and nmbd. + + + + pool-usage + Print a human-readable description of all + talloc(pool) memory usage by the specified daemon/process. Available + for both smbd and nmbd. + + + + drvupgrade + Force clients of printers using specified driver + to update their local version of the driver. Can only be + sent to smbd. + + + + reload-config + Force daemon to reload smb.conf configuration file. Can be sent + to smbd, nmbd, or winbindd. + + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + nmbd + 8 and smbd + 8. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbcquotas.1.xml b/docs-xml/manpages-3/smbcquotas.1.xml new file mode 100644 index 0000000000..09916751e1 --- /dev/null +++ b/docs-xml/manpages-3/smbcquotas.1.xml @@ -0,0 +1,183 @@ + + + + + + smbcquotas + 1 + Samba + User Commands + 3.2 + + + + + smbcquotas + Set or get QUOTAs of NTFS 5 shares + + + + + smbcquotas + //server/share + -u user + -L + -F + -S QUOTA_SET_COMMAND + -n + -t + -v + + -d debuglevel + -s configfile + -l logdir + -V + + -U username + -N + -k + -A + + + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + The smbcquotas program manipulates NT Quotas on SMB file shares. + + + + + OPTIONS + + The following options are available to the smbcquotas program. + + + + + -u user + Specifies the user of whom the quotas are get or set. + By default the current user's username will be used. + + + + + + -L + Lists all quota records of the share. + + + + + + -F + Show the share quota status and default limits. + + + + + + -S QUOTA_SET_COMMAND + This command sets/modifies quotas for a user or on the share, + depending on the QUOTA_SET_COMMAND parameter which is described later. + + + + + -n + This option displays all QUOTA information in numeric + format. The default is to convert SIDs to names and QUOTA limits + to a readable string format. + + + + -t + + Don't actually do anything, only validate the correctness of the arguments. + + + + + -v + + Be verbose. + + + + &stdarg.help; + &stdarg.server.debug; + &popt.common.samba; + &popt.common.credentials; + + + + + + QUOTA_SET_COMAND + + The format of an the QUOTA_SET_COMMAND is an operation + name followed by a set of parameters specific to that operation. + + + To set user quotas for the user specified by -u or for the + current username: + + + UQLIM:<username>:<softlimit>/<hardlimit> + + + To set the default quotas for a share: + + + + FSQLIM:<softlimit>/<hardlimit> + + + + To change the share quota settings: + + + + FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT + + + All limits are specified as a number of bytes. + + + + EXIT STATUS + + The smbcquotas program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. + + If the operation succeeded, smbcquotas returns an exit + status of 0. If smbcquotas couldn't connect to the specified server, + or when there was an error getting or setting the quota(s), an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + smbcquotas was written by Stefan Metzmacher. + + + diff --git a/docs-xml/manpages-3/smbd.8.xml b/docs-xml/manpages-3/smbd.8.xml new file mode 100644 index 0000000000..a82d91015b --- /dev/null +++ b/docs-xml/manpages-3/smbd.8.xml @@ -0,0 +1,445 @@ + + + + + + smbd + 8 + Samba + System Administration tools + 3.2 + + + + + smbd + server to provide SMB/CIFS services to clients + + + + + smbd + -D + -F + -S + -i + -h + -V + -b + -d <debug level> + -l <log directory> + -p <port number(s)> + -P <profiling level> + -O <socket option> + -s <configuration file> + + + + + DESCRIPTION + This program is part of the samba + 7 suite. + + smbd is the server daemon that + provides filesharing and printing services to Windows clients. + The server provides filespace and printer services to + clients using the SMB (or CIFS) protocol. This is compatible + with the LanManager protocol, and can service LanManager + clients. These include MSCLIENT 3.0 for DOS, Windows for + Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, + OS/2, DAVE for Macintosh, and smbfs for Linux. + + An extensive description of the services that the + server can provide is given in the man page for the + configuration file controlling the attributes of those + services (see smb.conf + 5. This man page will not describe the + services, but will concentrate on the administrative aspects + of running the server. + + Please note that there are significant security + implications to running this server, and the smb.conf + 5 manual page should be regarded as mandatory reading before + proceeding with installation. + + A session is created whenever a client requests one. + Each client gets a copy of the server for each session. This + copy then services all connections made by the client during + that session. When all connections from its client are closed, + the copy of the server for that client terminates. + + The configuration file, and any files that it includes, + are automatically reloaded every minute, if they change. You + can force a reload by sending a SIGHUP to the server. Reloading + the configuration file will not affect connections to any service + that is already established. Either the user will have to + disconnect from the service, or smbd killed and restarted. + + + + OPTIONS + + + + -D + If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate port. Operating the server as a + daemon is the recommended way of running smbd for + servers that provide more than casual use file and + print services. This switch is assumed if smbd + is executed on the command line of a shell. + + + + + -F + If specified, this parameter causes + the main smbd process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + smbd under process supervisors such + as supervise and svscan + from Daniel J. Bernstein's daemontools + package, or the AIX process monitor. + + + + + -S + If specified, this parameter causes + smbd to log to standard output rather + than a file. + + + + -i + If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. smbd also logs to standard + output, as if the -S parameter had been + given. + + + + &stdarg.server.debug; + &popt.common.samba; + &stdarg.help; + + + -b + Prints information about how + Samba was built. + + + + -p|--port<port number(s)> + port number(s) is a + space or comma-separated list of TCP ports smbd should listen on. + The default value is taken from the parameter in &smb.conf; + + The default ports are 139 (used for SMB over NetBIOS over TCP) + and port 445 (used for plain SMB over TCP). + + + + + -P|--profiling-level<profiling level> + profiling level is a + number specifying the level of profiling data to be collected. + 0 turns off profiling, 1 turns on counter profiling only, + 2 turns on complete profiling, and 3 resets all profiling data. + + + + + + + FILES + + + + /etc/inetd.conf + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. + + + + + /etc/rc + or whatever initialization script your + system uses). + + If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. + + + + /etc/services + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + + + + + /usr/local/samba/lib/smb.conf + This is the default location of the smb.conf + 5 server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/samba/smb.conf. + + This file describes all the services the server + is to make available to clients. See smb.conf + 5 for more information. + + + + + + + LIMITATIONS + On some systems smbd cannot change uid back + to root after a setuid() call. Such systems are called + trapdoor uid systems. If you have such a system, + you will be unable to connect from a client (such as a PC) as + two different users at once. Attempts to connect the + second user will result in access denied or + similar. + + + + ENVIRONMENT VARIABLES + + + + PRINTER + If no printer name is specified to + printable services, most systems will use the value of + this variable (or lp if this variable is + not defined) as the name of the printer to use. This + is not specific to the server, however. + + + + + + + PAM INTERACTION + Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the smb.conf + 5 paramater. When this is set, the following restrictions apply: + + + + Account Validation: All accesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. + + + Session Management: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + DIAGNOSTICS + + Most diagnostics issued by the server are logged + in a specified log file. The log file name is specified + at compile time, but may be overridden on the command line. + + The number and nature of diagnostics available depends + on the debug level used by the server. If you have problems, set + the debug level to 3 and peruse the log files. + + Most messages are reasonably self-explanatory. Unfortunately, + at the time this man page was created, there are too many diagnostics + available in the source code to warrant describing each and every + diagnostic. At this stage your best bet is still to grep the + source code and inspect the conditions that gave rise to the + diagnostics you are seeing. + + + + TDB FILES + + Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba. + + + (*) information persistent across restarts (but not + necessarily important to backup). + + + +account_policy.tdb* + +NT account policy settings such as pw expiration, etc... + + + +brlock.tdb +byte range locks + + +browse.dat +browse lists + + +connections.tdb +share connections (used to enforce max connections, etc...) + + +gencache.tdb +generic caching db + + +group_mapping.tdb* +group mapping information + + +locking.tdb +share modes & oplocks + + +login_cache.tdb* +bad pw attempts + + +messages.tdb +Samba messaging system + + +netsamlogon_cache.tdb* +cache of user net_info_3 struct from net_samlogon() request (as a domain member) + + +ntdrivers.tdb* +installed printer drivers + + +ntforms.tdb* +installed printer forms + + +ntprinters.tdb* +installed printer information + + +printing/ +directory containing tdb per print queue of cached lpq output + + +registry.tdb +Windows registry skeleton (connect via regedit.exe) + + +sessionid.tdb +session information (e.g. support for 'utmp = yes') + + +share_info.tdb* +share acls + + +winbindd_cache.tdb +winbindd's cache of user lists, etc... + + +winbindd_idmap.tdb* +winbindd's local idmap db + + +wins.dat* +wins database when 'wins support = yes' + + + + + + + + SIGNALS + + Sending the smbd a SIGHUP will cause it to + reload its smb.conf configuration + file within a short period of time. + + To shut down a user's smbd process it is recommended + that SIGKILL (-9) NOT + be used, except as a last resort, as this may leave the shared + memory area in an inconsistent state. The safe way to terminate + an smbd is to send it a SIGTERM (-15) signal and wait for + it to die on its own. + + The debug log level of smbd may be raised + or lowered using smbcontrol + 1 program (SIGUSR[1|2] signals are no longer + used since Samba 2.2). This is to allow transient problems to be diagnosed, + whilst still running at a normally low log level. + + Note that as the signal handlers send a debug write, + they are not re-entrant in smbd. This you should wait until + smbd is in a state of waiting for an incoming SMB before + issuing them. It is possible to make the signal handlers safe + by un-blocking the signals before the select call and re-blocking + them after, however this would affect performance. + + + + SEE ALSO + hosts_access + 5, inetd + 8, nmbd + 8, smb.conf + 5, smbclient + 1, testparm + 1, testprns + 1, and the + Internet RFC's rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbget.1.xml b/docs-xml/manpages-3/smbget.1.xml new file mode 100644 index 0000000000..756ccb94b8 --- /dev/null +++ b/docs-xml/manpages-3/smbget.1.xml @@ -0,0 +1,211 @@ + + + + + + smbget + 1 + Samba + User Commands + 3.2 + + + + + smbget + wget-like utility for download files over SMB + + + + + smbget + -a, --guest + -r, --resume + -R, --recursive + -u, --username=STRING + -p, --password=STRING + -w, --workgroup=STRING + -n, --nonprompt + -d, --debuglevel=INT + -D, --dots + -P, --keep-permissions + -o, --outputfile + -f, --rcfile + -q, --quiet + -v, --verbose + -b, --blocksize + -?, --help + --usage + smb://host/share/path/to/file + smb://url2/ + ... + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. + + + + The files should be in the smb-URL standard, e.g. use smb://host/share/file + for the UNC path \\\\HOST\\SHARE\\file. + + + + + OPTIONS + + + -a, --guest + Work as user guest + + + + -r, --resume + Automatically resume aborted files + + + + -R, --recursive + Recursively download files + + + + -u, --username=STRING + Username to use + + + + -p, --password=STRING + Password to use + + + + -w, --workgroup=STRING + Workgroup to use (optional) + + + + -n, --nonprompt + Don't ask anything (non-interactive) + + + + -d, --debuglevel=INT + Debuglevel to use + + + + -D, --dots + Show dots as progress indication + + + + -P, --keep-permissions + Set same permissions on local file as are set on remote file. + + + + -o, --outputfile + Write the file that is being download to the specified file. Can not be used together with -R. + + + + -f, --rcfile + Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile. + + + + -q, --quiet + Be quiet + + + + -v, --verbose + Be verbose + + + + -b, --blocksize + Number of bytes to download in a block. Defaults to 64000. + + + + -?, --help + Show help message + + + + --usage + Display brief usage message + + + + + SMB URLS + + SMB URL's should be specified in the following format: + + +smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]] + + + +smb:// means all the workgroups + + + +smb://name/ means, if name is a workgroup, all the servers in this workgroup, or if name is a server, all the shares on this server. + + + + + + EXAMPLES + + +# Recursively download 'src' directory +smbget -R smb://rhonwyn/jelmer/src +# Download FreeBSD ISO and enable resuming +smbget -r smb://rhonwyn/isos/FreeBSD5.1.iso +# Recursively download all ISOs +smbget -Rr smb://rhonwyn/isos +# Backup my data on rhonwyn +smbget -Rr smb://rhonwyn/ + + + + + + BUGS + + Permission denied is returned in some cases where the cause of the error is unknown +(such as an illegally formatted smb:// url or trying to get a directory without -R +turned on). + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The smbget manpage was written by Jelmer Vernooij. + + + + diff --git a/docs-xml/manpages-3/smbgetrc.5.xml b/docs-xml/manpages-3/smbgetrc.5.xml new file mode 100644 index 0000000000..d555927bc3 --- /dev/null +++ b/docs-xml/manpages-3/smbgetrc.5.xml @@ -0,0 +1,116 @@ + + + + + + smbgetrc + 5 + Samba + File Formats and Conventions + 3.2 + + + + + smbgetrc + configuration file for smbget + + + + smbgetrc + + + + DESCRIPTION + + + This manual page documents the format and options of the smbgetrc + file. This is the configuration file used by the smbget1 + utility. The file contains of key-value pairs, one pair on each line. The key + and value should be separated by a space. + + + By default, smbget reads its configuration from $HOME/.smbgetrc, though + other locations can be specified using the command-line options. + + + + OPTIONS + + + The following keys can be set: + + + + resume on|off + + Whether aborted downloads should be automatically resumed. + + + + + recursive on|off + Whether directories should be downloaded recursively + + + username name + Username to use when logging in to the remote server. Use an empty string for anonymous access. + + + + password pass + Password to use when logging in. + + + workgroup wg + Workgroup to use when logging in + + + nonprompt on|off + Turns off asking for username and password. Useful for scripts. + + + debuglevel int + (Samba) debuglevel to run at. Useful for tracking down protocol level problems. + + + dots on|off + Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator. + + + blocksize int + Number of bytes to put in a block. + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbget + 1 and Samba + 7. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + This manual page was written by Jelmer Vernooij + + + + + + diff --git a/docs-xml/manpages-3/smbpasswd.5.xml b/docs-xml/manpages-3/smbpasswd.5.xml new file mode 100644 index 0000000000..592a7de8b8 --- /dev/null +++ b/docs-xml/manpages-3/smbpasswd.5.xml @@ -0,0 +1,211 @@ + + + + + + smbpasswd + 5 + Samba + File Formats and Conventions + 3.2 + + + + + smbpasswd + The Samba encrypted password file + + + + smbpasswd + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbpasswd is the Samba encrypted password file. It contains + the username, Unix user id and the SMB hashed passwords of the + user, as well as account flag information and the time the + password was last changed. This file format has been evolving with + Samba and has had several different formats in the past. + + + + FILE FORMAT + + The format of the smbpasswd file used by Samba 2.2 + is very similar to the familiar Unix passwd(5) + file. It is an ASCII file containing one line for each user. Each field + ithin each line is separated from the next by a colon. Any entry + beginning with '#' is ignored. The smbpasswd file contains the + following information for each user: + + + + name + This is the user name. It must be a name that + already exists in the standard UNIX passwd file. + + + + + uid + This is the UNIX uid. It must match the uid + field for the same user entry in the standard UNIX passwd file. + If this does not match then Samba will refuse to recognize + this smbpasswd file entry as being valid for a user. + + + + + + Lanman Password Hash + This is the LANMAN hash of the user's password, + encoded as 32 hex digits. The LANMAN hash is created by DES + encrypting a well known string with the user's password as the + DES key. This is the same password used by Windows 95/98 machines. + Note that this password hash is regarded as weak as it is + vulnerable to dictionary attacks and if two users choose the + same password this entry will be identical (i.e. the password + is not "salted" as the UNIX password is). If the user has a + null password this field will contain the characters "NO PASSWORD" + as the start of the hex string. If the hex string is equal to + 32 'X' characters then the user's account is marked as + disabled and the user will not be able to + log onto the Samba server. + + WARNING !! Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. + + + + + NT Password Hash + This is the Windows NT hash of the user's + password, encoded as 32 hex digits. The Windows NT hash is + created by taking the user's password as represented in + 16-bit, little-endian UNICODE and then applying the MD4 + (internet rfc1321) hashing algorithm to it. + + This password hash is considered more secure than + the LANMAN Password Hash as it preserves the case of the + password and uses a much higher quality hashing algorithm. + However, it is still the case that if two users choose the same + password this entry will be identical (i.e. the password is + not "salted" as the UNIX password is). + + WARNING !!. Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. + + + + + Account Flags + This section contains flags that describe + the attributes of the users account. This field is bracketed by + '[' and ']' characters and is always 13 characters in length + (including the '[' and ']' characters). + The contents of this field may be any of the following characters: + + + + U - This means + this is a "User" account, i.e. an ordinary user. + + N - This means the + account has no password (the passwords in the fields LANMAN + Password Hash and NT Password Hash are ignored). Note that this + will only allow users to log on with no password if the + null passwords parameter is set in the + smb.conf + 5 config file. + + D - This means the account + is disabled and no SMB/CIFS logins will be allowed for this user. + + X - This means the password + does not expire. + + W - This means this account + is a "Workstation Trust" account. This kind of account is used + in the Samba PDC code stream to allow Windows NT Workstations + and Servers to join a Domain hosted by a Samba PDC. + + + + Other flags may be added as the code is extended in future. + The rest of this field space is filled in with spaces. For further + information regarding the flags that are supported please refer to the + man page for the pdbedit command. + + + + + + Last Change Time + This field consists of the time the account was + last modified. It consists of the characters 'LCT-' (standing for + "Last Change Time") followed by a numeric encoding of the UNIX time + in seconds since the epoch (1970) that the last change was made. + + + + + All other colon separated fields are ignored at this time. + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbpasswd + 8, Samba + 7, and + the Internet RFC1321 for details on the MD4 algorithm. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbpasswd.8.xml b/docs-xml/manpages-3/smbpasswd.8.xml new file mode 100644 index 0000000000..bc951bcf5f --- /dev/null +++ b/docs-xml/manpages-3/smbpasswd.8.xml @@ -0,0 +1,431 @@ + + + + + + smbpasswd + 8 + Samba + System Administration tools + 3.2 + + + + + smbpasswd + change a user's SMB password + + + + + smbpasswd + -a + -c <config file> + -x + -d + -e + -D debuglevel + -n + -r <remote machine> + -R <name resolve order> + -m + -U username[%password] + -h + -s + -w pass + -W + -i + -L + username + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + The smbpasswd program has several different + functions, depending on whether it is run by the root user + or not. When run as a normal user it allows the user to change + the password used for their SMB sessions on any machines that store + SMB passwords. + + By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. This is + similar to the way the passwd(1) program works. + smbpasswd differs from how the passwd program works + however in that it is not setuid root but works in + a client-server mode and communicates with a + locally running smbd + 8. As a consequence in order for this to + succeed the smbd daemon must be running on the local machine. On a + UNIX machine the encrypted SMB passwords are usually stored in + the smbpasswd + 5 file. + + When run by an ordinary user with no options, smbpasswd + will prompt them for their old SMB password and then ask them + for their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the screen + whilst being typed. If you have a blank SMB password (specified by + the string "NO PASSWORD" in the smbpasswd file) then just press + the <Enter> key when asked for your old password. + + smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary Domain + Controllers. See the (-r) and -U options + below. + + When run by root, smbpasswd allows new users to be added + and deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run by root, + smbpasswd accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is not + running. + + + + OPTIONS + + + -a + + This option specifies that the username following should be added to the local smbpasswd file, with the new + password typed (type <Enter> for the old password). This option is ignored if the username following + already exists in the smbpasswd file and it is treated like a regular change password command. Note that the + default passdb backends require the user to already exist in the system password file (usually + /etc/passwd), else the request to add the user will fail. + + + This option is only available when running smbpasswd + as root. + + + + + -c + + This option can be used to specify the path and file name of the &smb.conf; configuration file when it + is important to use other than the default file and / or location. + + + + + + -x + + This option specifies that the username following should be deleted from the local smbpasswd file. + + + + This option is only available when running smbpasswd as root. + + + + + + + -d + This option specifies that the username following + should be disabled in the local smbpasswd + file. This is done by writing a 'D' flag + into the account control space in the smbpasswd file. Once this + is done all attempts to authenticate via SMB using this username + will fail. + + If the smbpasswd file is in the 'old' format (pre-Samba 2.0 + format) there is no space in the user's password entry to write + this information and the command will FAIL. See smbpasswd + 5 for details on the 'old' and new password file formats. + + + This option is only available when running smbpasswd as + root. + + + + + -e + This option specifies that the username following + should be enabled in the local smbpasswd file, + if the account was previously disabled. If the account was not + disabled this option has no effect. Once the account is enabled then + the user will be able to authenticate via SMB once again. + + If the smbpasswd file is in the 'old' format, then + smbpasswd will FAIL to enable the account. + See smbpasswd + 5 for + details on the 'old' and new password file formats. + + This option is only available when running smbpasswd as root. + + + + + + + -D debuglevel + debuglevel is an integer + from 0 to 10. The default value if this parameter is not specified + is zero. + + The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged. + + Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. + + + + + + + -n + This option specifies that the username following + should have their password set to null (i.e. a blank password) in + the local smbpasswd file. This is done by writing the string "NO + PASSWORD" as the first part of the first password stored in the + smbpasswd file. + + Note that to allow users to logon to a Samba server once + the password has been set to "NO PASSWORD" in the smbpasswd + file the administrator must set the following parameter in the [global] + section of the smb.conf file : + + null passwords = yes + + This option is only available when running smbpasswd as + root. + + + + + + -r remote machine name + This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The remote + machine name is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the -R + name resolve order parameter for details on changing + this resolving mechanism. + + The username whose password is changed is that of the + current UNIX logged on user. See the -U username + parameter for details on changing the password for a different + username. + + Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change). + + Note that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target. + + + + + + -R name resolve order + This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to. + + The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows: + + lmhosts: Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts + 5 for details) then + any name type matches for lookup. + + host: Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored. + + wins: Query a name with + the IP address listed in the wins server + parameter. If no WINS server has been specified this method + will be ignored. + + bcast: Do a broadcast on + each of the known local interfaces listed in the + interfaces parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet. + + + The default order is lmhosts, host, wins, bcast + and without this parameter or any entry in the smb.conf + 5 file the name resolution methods will + be attempted in this order. + + + + + -m + This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller. + + This option is only available when running smbpasswd as root. + + + + + + -U username + This option may only be used in conjunction + with the -r option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords. + + + + + -h + This option prints the help string for + smbpasswd, selecting the correct one for running as root + or as an ordinary user. + + + + + -s + This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from /dev/tty + (like the passwd(1) program does). This option + is to aid people writing scripts to drive smbpasswd + + + + + + -w password + This parameter is only available if Samba + has been compiled with LDAP support. The -w + switch is used to specify the password to be used with the + . Note that the password is stored in + the secrets.tdb and is keyed off + of the admin's DN. This means that if the value of ldap + admin dn ever changes, the password will need to be + manually updated as well. + + + + + + -W + NOTE: This option is same as "-w" + except that the password should be entered using stdin. + + This parameter is only available if Samba + has been compiled with LDAP support. The -W + switch is used to specify the password to be used with the + . Note that the password is stored in + the secrets.tdb and is keyed off + of the admin's DN. This means that if the value of ldap + admin dn ever changes, the password will need to be + manually updated as well. + + + + + + + -i + This option tells smbpasswd that the account + being changed is an interdomain trust account. Currently this is used + when Samba is being used as an NT Primary Domain Controller. + The account contains the info about another trusted domain. + + This option is only available when running smbpasswd as root. + + + + + -L + Run in local mode. + + + + username + This specifies the username for all of the + root only options to operate on. Only root + can specify this parameter as only root has the permission needed + to modify attributes directly in the local smbpasswd file. + + + + + + + + NOTES + + Since smbpasswd works in client-server + mode communicating with a local smbd for a non-root user then + the smbd daemon must be running for this to work. A common problem + is to add a restriction to the hosts that may access the + smbd running on the local machine by specifying either allow + hosts or deny hosts entry in + the smb.conf + 5 file and neglecting to + allow "localhost" access to the smbd. + + In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + smbpasswd + 5, Samba + 7. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbsh.1.xml b/docs-xml/manpages-3/smbsh.1.xml new file mode 100644 index 0000000000..50439a90c2 --- /dev/null +++ b/docs-xml/manpages-3/smbsh.1.xml @@ -0,0 +1,164 @@ + + + + + + smbsh + 1 + Samba + User Commands + 3.2 + + + + + smbsh + Allows access to remote SMB shares + using UNIX commands + + + + + smbsh + -W workgroup + -U username + -P prefix + -R <name resolve order> + -d <debug level> + -l logdir + -L libdir + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbsh allows you to access an NT filesystem + using UNIX commands such as ls, + egrep, and rcp. You must use a + shell that is dynamically linked in order for smbsh + to work correctly. + + + + OPTIONS + + + + -W WORKGROUP + Override the default workgroup specified in the + workgroup parameter of the smb.conf + 5 file + for this session. This may be needed to connect to some + servers. + + + + -U username[%pass] + Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. + + + + + -P prefix + This option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + smb. + + + + &stdarg.configfile; + &stdarg.server.debug; + &stdarg.resolve.order; + + + -L libdir + This parameter specifies the location of the + shared libraries used by smbsh. The default + value is specified at compile time. + + + + + + + + EXAMPLES + + To use the smbsh command, execute + smbsh from the prompt and enter the username and password + that authenticates you to the machine running the Windows NT + operating system. + +system% smbsh +Username: user +Password: XXXXXXX + + + + Any dynamically linked command you execute from + this shell will access the /smb directory + using the smb protocol. For example, the command ls /smb + will show a list of workgroups. The command + ls /smb/MYGROUP will show all the machines in + the workgroup MYGROUP. The command + ls /smb/MYGROUP/<machine-name> will show the share + names for that machine. You could then, for example, use the + cd command to change directories, vi to + edit files, and rcp to copy files. + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + BUGS + + smbsh works by intercepting the standard + libc calls with the dynamically loaded versions in + smbwrapper.o. Not all calls have been "wrapped", so + some programs may not function correctly under smbsh + . + + Programs which are not dynamically linked cannot make + use of smbsh's functionality. Most versions + of UNIX have a file command that will + describe how a program was linked. + + + + + SEE ALSO + smbd + 8, smb.conf + 5 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbspool.8.xml b/docs-xml/manpages-3/smbspool.8.xml new file mode 100644 index 0000000000..f43650295c --- /dev/null +++ b/docs-xml/manpages-3/smbspool.8.xml @@ -0,0 +1,133 @@ + + + + + + smbspool + 8 + Samba + System Administration tools + 3.2 + + + + + smbspool + send a print file to an SMB printer + + + + + smbspool + job + user + title + copies + options + filename + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbspool is a very small print spooling program that + sends a print file to an SMB printer. The command-line arguments + are position-dependent for compatibility with the Common UNIX + Printing System, but you can use smbspool with any printing system + or from a program or script. + + DEVICE URI + + smbspool specifies the destination using a Uniform Resource + Identifier ("URI") with a method of "smb". This string can take + a number of forms: + + + smb://server[:port]/printer + smb://workgroup/server[:port]/printer + smb://username:password@server[:port]/printer + smb://username:password@workgroup/server[:port]/printer + + + smbspool tries to get the URI from the environment variable + DEVICE_URI. If DEVICE_URI is not present, + smbspool will use argv[0] if that starts with smb:// + or argv[1] if that is not the case. + + Programs using the exec(2) functions can + pass the URI in argv[0], while shell scripts must set the + DEVICE_URI environment variable prior to + running smbspool. + + + + OPTIONS + + + The job argument (argv[1]) contains the + job ID number and is presently not used by smbspool. + + + The user argument (argv[2]) contains the + print user's name and is presently not used by smbspool. + + + The title argument (argv[3]) contains the + job title string and is passed as the remote file name + when sending the print job. + + The copies argument (argv[4]) contains + the number of copies to be printed of the named file. If + no filename is provided then this argument is not used by + smbspool. + + The options argument (argv[5]) contains + the print options in a single string and is currently + not used by smbspool. + + The filename argument (argv[6]) contains the + name of the file to print. If this argument is not specified + then the print file is read from the standard input. + + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + smbd + 8 and samba + 7. + + + + AUTHOR + + smbspool was written by Michael Sweet + at Easy Software Products. + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbstatus.1.xml b/docs-xml/manpages-3/smbstatus.1.xml new file mode 100644 index 0000000000..cd0a76a9ff --- /dev/null +++ b/docs-xml/manpages-3/smbstatus.1.xml @@ -0,0 +1,140 @@ + + + + + + smbstatus + 1 + Samba + User Commands + 3.2 + + + + + smbstatus + report on current Samba connections + + + + + smbstatus + -P + -b + -d <debug level> + -v + -L + -B + -p + -S + -s <configuration file> + -u <username> + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbstatus is a very simple program to + list the current Samba connections. + + + + OPTIONS + + + + -P|--profile + If samba has been compiled with the + profiling option, print only the contents of the profiling + shared memory area. + + + + -b|--brief + gives brief output. + + + &stdarg.server.debug; + &popt.common.samba; + + + -v|--verbose + gives verbose output. + + + + + -L|--locks + causes smbstatus to only list locks. + + + + + + -B|--byterange + causes smbstatus to include byte range locks. + + + + + + -p|--processes + print a list of smbd + 8 processes and exit. + Useful for scripting. + + + + + -S|--shares + causes smbstatus to only list shares. + + + + &stdarg.help; + + + -u|--user=<username> + selects information relevant to username only. + + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbd + 8 and smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbtar.1.xml b/docs-xml/manpages-3/smbtar.1.xml new file mode 100644 index 0000000000..ee2bff0f3a --- /dev/null +++ b/docs-xml/manpages-3/smbtar.1.xml @@ -0,0 +1,237 @@ + + + + + + smbtar + 1 + Samba + User Commands + 3.2 + + + + + smbtar + shell script for backing up SMB/CIFS shares + directly to UNIX tape drives + + + + + smbtar + -r + -i + -a + -v + -s server + -p password + -x services + -X + -N filename + -b blocksize + -d directory + -l loglevel + -u user + -t tape + filenames + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbtar is a very small shell script on top + of smbclient1 + which dumps SMB shares directly to tape. + + + + OPTIONS + + + + -s server + The SMB/CIFS server that the share resides + upon. + + + + + -x service + The share name on the server to connect to. + The default is "backup". + + + + + -X + Exclude mode. Exclude filenames... from tar + create or restore. + + + + + + -d directory + Change to initial directory + before restoring / backing up files. + + + + + + -v + Verbose mode. + + + + + + -p password + The password to use to access a share. + Default: none + + + + + -u user + The user id to connect as. Default: + UNIX login name. + + + + + -a + Reset DOS archive bit mode to + indicate file has been archived. + + + + -t tape + Tape device. May be regular file or tape + device. Default: $TAPE environmental + variable; if not set, a file called tar.out + . + + + + + -b blocksize + Blocking factor. Defaults to 20. See + tar(1) for a fuller explanation. + + + + + -N filename + Backup only files newer than filename. Could + be used (for example) on a log file to implement incremental + backups. + + + + + -i + Incremental mode; tar files are only backed + up if they have the archive bit set. The archive bit is reset + after each file is read. + + + + + -r + Restore. Files are restored to the share + from the tar file. + + + + + + -l log level + Log (debug) level. Corresponds to the + -d flag of + smbclient1 + . + + + + + + + ENVIRONMENT VARIABLES + + The $TAPE variable specifies the + default tape device to write to. May be overridden + with the -t option. + + + + + BUGS + + The smbtar script has different + options from ordinary tar and from smbclient's tar command. + + + + + CAVEATS + + Sites that are more careful about security may not like + the way the script handles PC passwords. Backup and restore work + on entire shares; should work on file lists. smbtar works best + with GNU tar and may not work well with other versions. + + + + + DIAGNOSTICS + + See the DIAGNOSTICS section for the + smbclient1 + command. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbd + 8, + smbclient1 + , smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + +Ricky Poulten + wrote the tar extension and this man page. The smbtar + script was heavily rewritten and improved by Martin Kraemer. Many + thanks to everyone who suggested extensions, improvements, bug + fixes, etc. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/smbtree.1.xml b/docs-xml/manpages-3/smbtree.1.xml new file mode 100644 index 0000000000..bc9450137c --- /dev/null +++ b/docs-xml/manpages-3/smbtree.1.xml @@ -0,0 +1,96 @@ + + + + + + smbtree + 1 + Samba + User Commands + 3.2 + + + + + smbtree + A text based smb network browser + + + + + + smbtree + -b + -D + -S + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + smbtree is a smb browser program + in text mode. It is similar to the "Network Neighborhood" found + on Windows computers. It prints a tree with all + the known domains, the servers in those domains and + the shares on the servers. + + + + + + OPTIONS + + + + -b + Query network nodes by sending requests + as broadcasts instead of querying the local master browser. + + + + + -D + Only print a list of all + the domains known on broadcast or by the + master browser + + + + -S + Only print a list of + all the domains and servers responding on broadcast or + known by the master browser. + + + + &stdarg.server.debug; + &popt.common.samba; + &popt.common.credentials; + &stdarg.help; + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The smbtree man page was written by Jelmer Vernooij. + + + diff --git a/docs-xml/manpages-3/swat.8.xml b/docs-xml/manpages-3/swat.8.xml new file mode 100644 index 0000000000..2a2630763a --- /dev/null +++ b/docs-xml/manpages-3/swat.8.xml @@ -0,0 +1,237 @@ + + + + + + swat + 8 + Samba + System Administration tools + 3.2 + + + + + swat + Samba Web Administration Tool + + + + + swat + -s <smb config file> + -a + -P + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + + swat allows a Samba administrator to + configure the complex smb.conf + 5 file via a Web browser. In addition, + a swat configuration page has help links + to all the configurable options in the smb.conf file allowing an + administrator to easily look up the effects of any change. + + swat is run from inetd + + + + + OPTIONS + + + + -s smb configuration file + The default configuration file path is + determined at compile time. The file specified contains + the configuration details required by the smbd + 8 server. This is the file + that swat will modify. + The information in this file includes server-specific + information such as what printcap file to use, as well as + descriptions of all the services that the server is to provide. + See smb.conf for more information. + + + + + + -a + This option disables authentication and + places swat in demo mode. In that mode anyone will be able to modify + the smb.conf file. + + WARNING: Do NOT enable this option on a production + server. + + + + -P + This option restricts read-only users to the password + management page. swat can then be used to change + user passwords without users seeing the "View" and "Status" menu + buttons. + + + &stdarg.server.debug; + &popt.common.samba; + &stdarg.help; + + + + + + + + INSTALLATION + + Swat is included as binary package with most distributions. The + package manager in this case takes care of the installation and + configuration. This section is only for those who have compiled + swat from scratch. + + + After you compile SWAT you need to run make install + to install the swat binary + and the various help files and images. A default install would put + these in: + + + /usr/local/samba/sbin/swat + /usr/local/samba/swat/images/* + /usr/local/samba/swat/help/* + + + + Inetd Installation + + You need to edit your /etc/inetd.conf + and /etc/services + to enable SWAT to be launched via inetd. + + In /etc/services you need to + add a line like this: + + swat 901/tcp + + Note for NIS/YP and LDAP users - you may need to rebuild the + NIS service maps rather than alter your local + /etc/services file. + + the choice of port number isn't really important + except that it should be less than 1024 and not currently + used (using a number above 1024 presents an obscure security + hole depending on the implementation details of your + inetd daemon). + + In /etc/inetd.conf you should + add a line like this: + + swat stream tcp nowait.400 root + /usr/local/samba/sbin/swat swat + + Once you have edited /etc/services + and /etc/inetd.conf you need to send a + HUP signal to inetd. To do this use kill -1 PID + where PID is the process ID of the inetd daemon. + + + + + + + + + LAUNCHING + + To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/". + + Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. + + + + FILES + + + + /etc/inetd.conf + This file must contain suitable startup + information for the meta-daemon. + + + + /etc/services + This file must contain a mapping of service name + (e.g., swat) to service port (e.g., 901) and protocol type + (e.g., tcp). + + + + /usr/local/samba/lib/smb.conf + This is the default location of the + smb.conf5 + server configuration file that swat edits. Other + common places that systems install this file are + /usr/samba/lib/smb.conf and /etc/smb.conf + . This file describes all the services the server + is to make available to clients. + + + + + + + WARNINGS + + swat will rewrite your + smb.conf5 + file. It will rearrange the entries and delete all + comments, include= and copy= + options. If you have a carefully crafted + smb.conf then back it up or don't use swat! + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + inetd(5), + smbd8 + , smb.conf + 5 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/tdbbackup.8.xml b/docs-xml/manpages-3/tdbbackup.8.xml new file mode 100644 index 0000000000..b1d6a21f3f --- /dev/null +++ b/docs-xml/manpages-3/tdbbackup.8.xml @@ -0,0 +1,136 @@ + + + + + + tdbbackup + 8 + Samba + System Administration tools + 3.2 + + + + + tdbbackup + tool for backing up and for validating the integrity of samba .tdb files + + + + + tdbbackup + -s suffix + -v + -h + + + + + DESCRIPTION + + This tool is part of the samba + 1 suite. + + tdbbackup is a tool that may be used to backup samba .tdb + files. This tool may also be used to verify the integrity of the .tdb files prior + to samba startup or during normal operation. If it finds file damage and it finds + a prior backup the backup file will be restored. + + + + + + OPTIONS + + + + + -h + + Get help information. + + + + + -s suffix + + The -s option allows the adminisistrator to specify a file + backup extension. This way it is possible to keep a history of tdb backup + files by using a new suffix for each backup. + + + + + -v + + The -v will check the database for damages (currupt data) + which if detected causes the backup to be restored. + + + + + + + + + COMMANDS + + GENERAL INFORMATION + + + The tdbbackup utility can safely be run at any time. It was designed so + that it can be used at any time to validate the integrity of tdb files, even during Samba + operation. Typical usage for the command will be: + + + tdbbackup [-s suffix] *.tdb + + + Before restarting samba the following command may be run to validate .tdb files: + + + tdbbackup -v [-s suffix] *.tdb + + + Samba .tdb files are stored in various locations, be sure to run backup all + .tdb file on the system. Important files includes: + + + + + secrets.tdb - usual location is in the /usr/local/samba/private + directory, or on some systems in /etc/samba. + + + + passdb.tdb - usual location is in the /usr/local/samba/private + directory, or on some systems in /etc/samba. + + + + *.tdb located in the /usr/local/samba/var directory or on some + systems in the /var/cache or /var/lib/samba directories. + + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + + The original Samba software and related utilities were created by Andrew Tridgell. + Samba is now developed by the Samba Team as an Open Source project similar to the way + the Linux kernel is developed. + + + The tdbbackup man page was written by John H Terpstra. + + + diff --git a/docs-xml/manpages-3/tdbdump.8.xml b/docs-xml/manpages-3/tdbdump.8.xml new file mode 100644 index 0000000000..94b6052e9c --- /dev/null +++ b/docs-xml/manpages-3/tdbdump.8.xml @@ -0,0 +1,61 @@ + + + + + + tdbdump + 8 + Samba + System Administration tools + 3.2 + + + + + tdbdump + tool for printing the contents of a TDB file + + + + + tdbdump + filename + + + + + DESCRIPTION + + This tool is part of the samba + 1 suite. + + tdbdump is a very simple utility that 'dumps' the + contents of a TDB (Trivial DataBase) file to standard output in a + human-readable format. + + + This tool can be used when debugging problems with TDB files. It is + intended for those who are somewhat familiar with Samba internals. + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + + The original Samba software and related utilities were created by Andrew Tridgell. + Samba is now developed by the Samba Team as an Open Source project similar to the way + the Linux kernel is developed. + + + The tdbdump man page was written by Jelmer Vernooij. + + + diff --git a/docs-xml/manpages-3/tdbtool.8.xml b/docs-xml/manpages-3/tdbtool.8.xml new file mode 100644 index 0000000000..3f5dec4ecd --- /dev/null +++ b/docs-xml/manpages-3/tdbtool.8.xml @@ -0,0 +1,227 @@ + + + + + + tdbtool + 8 + Samba + System Administration tools + 3.2 + + + + + tdbtool + manipulate the contents TDB files + + + + + + tdbtool + + + + tdbtool + + TDBFILE + + + COMMANDS + + + + + + + DESCRIPTION + + This tool is part of the + samba + 1 suite. + + tdbtool a tool for displaying and + altering the contents of Samba TDB (Trivial DataBase) files. Each + of the commands listed below can be entered interactively or + provided on the command line. + + + + + + COMMANDS + + + + + + TDBFILE + Create a new database named + TDBFILE. + + + + + + TDBFILE + Open an existing database named + TDBFILE. + + + + + + Erase the current database. + + + + + + Dump the current database as strings. + + + + + + Dump the current database as connection records. + + + + + + Dump the current database keys as strings. + + + + + + Dump the current database keys as hex values. + + + + + + Print summary information about the + current database. + + + + + + KEY + DATA + + Insert a record into the + current database. + + + + + + KEY + TDBFILE + + Move a record from the + current database into TDBFILE. + + + + + + KEY + DATA + + Store (replace) a record in the + current database. + + + + + + KEY + + Show a record by key. + + + + + + KEY + + Delete a record by key. + + + + + + + Print the current database hash table and free list. + + + + + + + Print the current database and free list. + + + + + + COMMAND + + Execute the given system command. + + + + + + + + Print the first record in the current database. + + + + + + + + Print the next record in the current database. + + + + + + + + Exit tdbtool. + + + + + + + + CAVEATS + The contents of the Samba TDB files are private + to the implementation and should not be altered with + tdbtool. + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities were + created by Andrew Tridgell. Samba is now developed by the + Samba Team as an Open Source project similar to the way the + Linux kernel is developed. + + + diff --git a/docs-xml/manpages-3/testparm.1.xml b/docs-xml/manpages-3/testparm.1.xml new file mode 100644 index 0000000000..f93b6e90c8 --- /dev/null +++ b/docs-xml/manpages-3/testparm.1.xml @@ -0,0 +1,210 @@ + + + + + + testparm + 1 + Samba + User Commands + 3.2 + + + + + testparm + check an smb.conf configuration file for + internal correctness + + + + + testparm + -s + -h + -v + -L <servername> + -t <encoding> + config filename + hostname hostIP + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + testparm is a very simple test program + to check an smbd + 8 configuration file for + internal correctness. If this program reports no problems, you + can use the configuration file with confidence that smbd + will successfully load the configuration file. + + + Note that this is NOT a guarantee that + the services specified in the configuration file will be + available or will operate as expected. + + If the optional host name and host IP address are + specified on the command line, this test program will run through + the service entries reporting whether the specified host + has access to each service. + + If testparm finds an error in the + smb.conf file it returns an exit code of 1 to the calling + program, else it returns an exit code of 0. This allows shell scripts + to test the output from testparm. + + + + OPTIONS + + + + -s + Without this option, testparm + will prompt for a carriage return after printing the service + names and before dumping the service definitions. + + + &stdarg.help; + &stdarg.version; + + + -L servername + Sets the value of the %L macro to servername. + This is useful for testing include files specified with the + %L macro. + + + + -v + If this option is specified, testparm + will also output all options that were not used in + smb.conf5 + and are thus set to their defaults. + + + + -t encoding + + Output data in specified encoding. + + + + + --parameter-name parametername + + Dumps the named parameter. If no section-name is set the view + is limited by default to the global section. + + It is also possible to dump a parametrical option. Therfore + the option has to be separated by a colon from the + parametername. + + + + + --section-name sectionname + + Dumps the named section. + + + + + configfilename + This is the name of the configuration file + to check. If this parameter is not present then the + default smb.conf5 + file will be checked. + + + + + + hostname + If this parameter and the following are + specified, then testparm will examine the hosts + allow and hosts deny + parameters in the + smb.conf5 + file to + determine if the hostname with this IP address would be + allowed access to the smbd server. If + this parameter is supplied, the hostIP parameter must also + be supplied. + + + + + hostIP + This is the IP address of the host specified + in the previous parameter. This address must be supplied + if the hostname parameter is supplied. + + + + + + FILES + + + + smb.conf5 + + This is usually the name of the configuration + file used by smbd8 + . + + + + + + + DIAGNOSTICS + + The program will issue a message saying whether the + configuration file loaded OK or not. This message may be preceded by + errors and warnings if the file did not load. If the file was + loaded OK, the program then dumps all known service details + to stdout. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + smb.conf5 + , + smbd8 + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/umount.cifs.8.xml b/docs-xml/manpages-3/umount.cifs.8.xml new file mode 100644 index 0000000000..38ce24228d --- /dev/null +++ b/docs-xml/manpages-3/umount.cifs.8.xml @@ -0,0 +1,137 @@ + + + + + + umount.cifs + 8 + Samba + System Administration tools + 3.2 + + + + + umount.cifs + for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts + + + + + + umount.cifs + mount-point + -nVvhfle + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + umount.cifs unmounts a Linux CIFS filesystem. It can be invoked +indirectly by the +umount8 command +when umount.cifs is in /sbin directory, unless you specify the "-i" option to umount. Specifying -i to umount avoids execution of umount helpers such as umount.cifs. The umount.cifs command only works in Linux, and the kernel must +support the cifs filesystem. The CIFS protocol is the successor to the +SMB protocol and is supported by most Windows servers and many other +commercial servers and Network Attached Storage appliances as well as +by the popular Open Source server Samba. + + + + The umount.cifs utility detaches the local directory mount-point from the corresponding UNC name (exported network resource) and frees the associated kernel resources. +It is possible to set the mode for umount.cifs to +setuid root (or equivalently update the /etc/permissions file) to allow non-root users to umount shares to directories for which they have write permission. The umount.cifs utility is typically +not needed if unmounts need only be performed by root users, or if user mounts and unmounts +can rely on specifying explicit entries in /etc/fstab See + fstab + 5 + + + + OPTIONS + + + --verbose + print additional debugging information + + + --no-mtab + Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information) + + + + + + + NOTES + + This command is normally intended to be installed setuid (since root users can already run unmount). An alternative to using umount.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab + + + + CONFIGURATION + +The primary mechanism for making configuration changes and for reading +debug information for the cifs vfs is via the Linux /proc filesystem. +In the directory /proc/fs/cifs are various +configuration files and pseudo files which can display debug information. +For more information see the kernel file fs/cifs/README. + + + + + BUGS + + At this time umount.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time). + + + If the same mount point is mounted multiple times by cifs, umount.cifs will remove all of the matching entries from the mount table (although umount.cifs will actually only unmount the last one), rather than only removing the last matching entry in /etc/mtab. The pseudofile /proc/mounts will display correct information though, and the lack of an entry in /etc/mtab does not prevent subsequent unmounts. + + +Note that the typical response to a bug report is a suggestion +to try the latest version first. So please try doing that first, +and always include which versions you use of relevant software +when reporting bugs (minimum: umount.cifs (try umount.cifs -V), kernel (see /proc/version) and +server type you are trying to contact. + + + + + + + VERSION + + This man page is correct for version 1.34 of + the cifs vfs filesystem (roughly Linux kernel 2.6.12). + + + + SEE ALSO + + Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel + source tree may contain additional options and information. + + mount.cifs + 8 + + + + + AUTHOR + + Steve French + + The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount.cifs.8. The man page was created by Steve French + The maintainer of the Linux cifs vfs and the userspace + tool umount.cifs is Steve French. + The Linux CIFS Mailing list + is the preferred place to ask questions regarding these programs. + + + + + diff --git a/docs-xml/manpages-3/vfs_audit.8.xml b/docs-xml/manpages-3/vfs_audit.8.xml new file mode 100644 index 0000000000..ce2c3e4bd0 --- /dev/null +++ b/docs-xml/manpages-3/vfs_audit.8.xml @@ -0,0 +1,122 @@ + + + + + + vfs_audit + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_audit + record selected Samba VFS operations in the system log + + + + + vfs objects = audit + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_audit VFS module records selected + client operations to the system log using + syslog + 3. + + The following Samba VFS operations are recorded: + + connect + disconnect + opendir + mkdir + rmdir + open + close + rename + unlink + chmod + fchmod + chmod_acl + fchmod_acl + + + This module is stackable. + + + + + + OPTIONS + + + + + audit:facility = FACILITY + + Log messages to the named + syslog + 3 facility. + + + + + + + + audit:priority = PRIORITY + + Log messages with the named + syslog + 3 priority. + + + + + + + + + + EXAMPLES + + Log operations on all shares using the LOCAL1 facility + and NOTICE priority: + + + + audit + LOCAL1 + NOTICE + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_cacheprime.8.xml b/docs-xml/manpages-3/vfs_cacheprime.8.xml new file mode 100644 index 0000000000..0249ac27b8 --- /dev/null +++ b/docs-xml/manpages-3/vfs_cacheprime.8.xml @@ -0,0 +1,110 @@ + + + + + + vfs_cacheprime + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_cacheprime + prime the kernel file data cache + + + + + vfs objects = cacheprime + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_cacheprime VFS module reads chunks + of file data near the range requested by clients in order to + make sure the data is present in the kernel file data cache at + the time when it is actually requested by clients. + + The size of the disk read operations performed + by vfs_cacheprime is determined by the + cacheprime:rsize option. All disk read operations are aligned + on boundaries that are a multiple of this size. Each range of + the file data is primed at most once during the time the client + has the file open. + + This module is stackable. + + + + OPTIONS + + + + + cacheprime:rsize = BYTES + + The number of bytes with which to prime + the kernel data cache. + The following suffixes may be applied to BYTES: + + K - BYTES is a number of kilobytes + M - BYTES is a number of megabytes + G - BYTES is a number of gigabytes + + + + + + + + + + EXAMPLES + + For a hypothetical disk array, it is necessary to ensure + that all read operations are of size 1 megabyte (1048576 bytes), + and aligned on 1 megabyte boundaries: + + + + cacheprime + 1M + + + + + + CAVEATS + cacheprime is not a a substitute for + a general-purpose readahead mechanism. It is intended for use + only in very specific environments where disk operations must + be aligned and sized to known values (as much as that is possible). + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_cap.8.xml b/docs-xml/manpages-3/vfs_cap.8.xml new file mode 100644 index 0000000000..93dab4a196 --- /dev/null +++ b/docs-xml/manpages-3/vfs_cap.8.xml @@ -0,0 +1,78 @@ + + + + + + vfs_cap + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_cap + CAP encode filenames + + + + + vfs objects = cap + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + CAP (Columbia Appletalk Protocol) encoding is a + technique for representing non-ASCII filenames in ASCII. The + vfs_cap VFS module translates filenames to and + from CAP format, allowing users to name files in their native + encoding. + + CAP encoding is most commonly + used in Japanese language environments. + + This module is stackable. + + + + + + EXAMPLES + + On a system using GNU libiconv, use CAP encoding to support + users in the Shift_JIS locale: + + + + CP932 + CP932 + cap + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_catia.8.xml b/docs-xml/manpages-3/vfs_catia.8.xml new file mode 100644 index 0000000000..736aee00a8 --- /dev/null +++ b/docs-xml/manpages-3/vfs_catia.8.xml @@ -0,0 +1,73 @@ + + + + + + vfs_catia + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_catia + translate illegal characters in Catia filenames + + + + + vfs objects = catia + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The Catia CAD package commonly creates filenames that + use characters that are illegal in CIFS filenames. The + vfs_catia VFS module implements a fixed character + mapping so that these files can be shared with CIFS clients. + + + This module is stackable. + + + + + + EXAMPLES + + Map Catia filenames on the [CAD] share: + + + + /data/cad + catia + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_commit.8.xml b/docs-xml/manpages-3/vfs_commit.8.xml new file mode 100644 index 0000000000..ab2d234baa --- /dev/null +++ b/docs-xml/manpages-3/vfs_commit.8.xml @@ -0,0 +1,110 @@ + + + + + + vfs_commit + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_commit + flush dirty data at specified intervals + + + + + vfs objects = commit + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_commit VFS module keeps track of + the amount of data written to a file and synchronizes it to + disk when a specified amount accumulates. + + + vfs_commit is useful in two + circumstances. First, if you have very precious data, the + impact of unexpected power loss can be minimized by a small + commit:dthresh value. Secondly, write performance can be + improved on some systems by flushing file data early and at + regular intervals. + + This module is stackable. + + + + + + OPTIONS + + + + + commit:dthresh = BYTES + + Synchronize file data each time the specified + number of bytes has been written. + + + The following suffixes may be applied to BYTES: + + K - BYTES is a number of kilobytes + M - BYTES is a number of megabytes + G - BYTES is a number of gigabytes + + + + + + + + + + EXAMPLES + + Synchronize the file data on the [precious] share after + every 512 kilobytes (524288 bytes) of data is written: + + + /data/precious + commit + 512K + + + + + CAVEATS + On some systems, the data synchronization performed by + commit may reduce performance. + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_default_quota.8.xml b/docs-xml/manpages-3/vfs_default_quota.8.xml new file mode 100644 index 0000000000..28d2413a7d --- /dev/null +++ b/docs-xml/manpages-3/vfs_default_quota.8.xml @@ -0,0 +1,136 @@ + + + + + + vfs_default_quota + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_default_quota + store default quota records for Windows clients + + + + + vfs objects = default_quota + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 + suite. + + Many common quota implementations only store + quotas for users and groups, but do not store a default quota. The + vfs_default_quota module allows Samba to store + default quota values which can be examined using the Windows + Explorer interface. + + + By default, Samba returns NO_LIMIT the default quota and + refuses to update them. vfs_default_quota maps + the default quota to the quota record of a user. By default the + root user is taken because quota limits for root are typically + not enforced. + + This module is stackable. + + + + + + OPTIONS + + + + + default_quota:uid = UID + + UID specifies the user ID of the quota record where the + default user quota values are stored. + + + + + + + default_quota:gid = GID + + GID specifies the group ID of the quota record where the + default group quota values are stored. + + + + + + + default_quota:uid nolimit = BOOL + + If this parameter is True, then the user whose + quota record is storing the default user quota will + be reported as having a quota of NO_LIMIT. Otherwise, + the stored values will be reported. + + + + + + + default_quota:gid nolimit = BOOL + + If this parameter is True, then the group whose + quota record is storing the default group quota will + be reported as having a quota of NO_LIMIT. Otherwise, + the stored values will be reported. + + + + + + + + + + EXAMPLES + + Store the default quota record in the quota record for + the user with ID 65535 and report that user as having no quota + limits: + + + + default_quota + 65535 + yes + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_extd_audit.8.xml b/docs-xml/manpages-3/vfs_extd_audit.8.xml new file mode 100644 index 0000000000..0e12bd1b1d --- /dev/null +++ b/docs-xml/manpages-3/vfs_extd_audit.8.xml @@ -0,0 +1,68 @@ + + + + + + vfs_extd_audit + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_extd_audit + record selected Samba VFS operations + + + + + vfs objects = extd_audit + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The extd_audit VFS module records selected + client operations to both the + smbd + 8 log and + system log (using + syslog + 3). + + Other than logging to the + smbd + 8 log, + vfs_extd_audit is identical to + vfs_audit + 8. + + + This module is stackable. + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_fake_perms.8.xml b/docs-xml/manpages-3/vfs_fake_perms.8.xml new file mode 100644 index 0000000000..87279bee2a --- /dev/null +++ b/docs-xml/manpages-3/vfs_fake_perms.8.xml @@ -0,0 +1,73 @@ + + + + + + vfs_fake_perms + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_fake_perms + enable read only Roaming Profiles + + + + + vfs objects = fake_perms + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_fake_perms VFS module was created + to allow Roaming Profile files and directories to be set (on + the Samba server under UNIX) as read only. This module will, + if installed on the Profiles share, report to the client that + the Profile files and directories are writeable. This satisfies + the client even though the files will never be overwritten as + the client logs out or shuts down. + + + This module is stackable. + + + + + EXAMPLES + + + + /profiles + fake_perms + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_full_audit.8.xml b/docs-xml/manpages-3/vfs_full_audit.8.xml new file mode 100644 index 0000000000..eec3f3127c --- /dev/null +++ b/docs-xml/manpages-3/vfs_full_audit.8.xml @@ -0,0 +1,266 @@ + + + + + + vfs_full_audit + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_full_audit + record Samba VFS operations in the system log + + + + + vfs objects = full_audit + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_full_audit VFS module records selected + client operations to the system log using + syslog + 3. + + vfs_full_audit is able to record the + complete set of Samba VFS operations: + + + aio_cancel + aio_error + aio_fsync + aio_read + aio_return + aio_suspend + aio_write + chdir + chflags + chmod + chmod_acl + chown + close + closedir + connect + disconnect + disk_free + fchmod + fchmod_acl + fchown + fget_nt_acl + fgetxattr + flistxattr + fremovexattr + fset_nt_acl + fsetxattr + fstat + fsync + ftruncate + get_nt_acl + get_quota + get_shadow_copy_data + getlock + getwd + getxattr + kernel_flock + lgetxattr + link + linux_setlease + listxattr + llistxattr + lock + lremovexattr + lseek + lsetxattr + lstat + mkdir + mknod + open + opendir + pread + pwrite + read + readdir + readlink + realpath + removexattr + rename + rewinddir + rmdir + seekdir + sendfile + set_nt_acl + set_quota + setxattr + stat + statvfs + symlink + sys_acl_add_perm + sys_acl_clear_perms + sys_acl_create_entry + sys_acl_delete_def_file + sys_acl_free_acl + sys_acl_free_qualifier + sys_acl_free_text + sys_acl_get_entry + sys_acl_get_fd + sys_acl_get_file + sys_acl_get_perm + sys_acl_get_permset + sys_acl_get_qualifier + sys_acl_get_tag_type + sys_acl_init + sys_acl_set_fd + sys_acl_set_file + sys_acl_set_permset + sys_acl_set_qualifier + sys_acl_set_tag_type + sys_acl_to_text + sys_acl_valid + telldir + unlink + utime + write + + + In addition to these operations, + vfs_full_audit recognizes the special operation + names "all" and "none ", which refer to all + the VFS operations and none of the VFS operations respectively. + + + vfs_full_audit records operations in fixed + format consisting of fields separated by '|' characters. The + format is: + + smbd_audit: PREFIX|OPERATION|RESULT|FILE + + + The record fields are: + + + PREFIX - the result of the full_audit:prefix string after variable substitutions + OPERATION - the name of the VFS operation + RESULT - whether the operation succeeded or failed + FILE - the name of the file or directory the operation was performed on + + + + This module is stackable. + + + + + + OPTIONS + + + + + vfs_full_audit:prefix = STRING + + Prepend audit messages with STRING. STRING is + processed for standard substitution variables listed in + smb.conf + 5. The default + prefix is "%u|%I". + + + + + + vfs_full_audit:success = LIST + + LIST is a list of VFS operations that should be + recorded if they succeed. Operations are specified using + the names listed above. + + + + + + + vfs_full_audit:failure = LIST + + LIST is a list of VFS operations that should be + recorded if they failed. Operations are specified using + the names listed above. + + + + + + + full_audit:facility = FACILITY + + Log messages to the named + syslog + 3 facility. + + + + + + + + full_audit:priority = PRIORITY + + Log messages with the named + syslog + 3 priority. + + + + + + + + + + EXAMPLES + + Log file and directory open operations on the [records] + share using the LOCAL7 facility and ALERT priority, including + the username and IP address: + + + + /data/records + full_audit + %u|%I + open opendir + all + LOCAL7 + ALERT + + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_gpfs.8.xml b/docs-xml/manpages-3/vfs_gpfs.8.xml new file mode 100644 index 0000000000..f926ecacf9 --- /dev/null +++ b/docs-xml/manpages-3/vfs_gpfs.8.xml @@ -0,0 +1,164 @@ + + + + + + vfs_gpfs + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_gpfs + gpfs specific samba extensions like acls and prealloc + + + + + vfs objects = gpfs + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The gpfs VFS module is the home + for all gpfs extensions that Samba requires for proper integration + with GPFS. It uses the GPL library interfaces provided by GPFS. + + + Currently the gpfs vfs module provides extensions in following areas : + + NFSv4 ACL Interfaces with configurable options for GPFS + Kernel oplock support on GPFS + Lease support on GPFS + + + + NOTE:This module follows the posix-acl behaviour + and hence allows permission stealing via chown. Samba might allow at a later + point in time, to restrict the chown via this module as such restrictions + are the responsibility of the underlying filesystem than of Samba. + + + This module is stackable. + + + + + + OPTIONS + + + + + + nfs4:mode = [ simple | special ] + + + Enable/Disable substitution of special IDs on GPFS. This parameter + should not affect the windows users in anyway. It only ensures that Samba + sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids ) + that are relevant to GPFS. + + + The following MODEs are understood by the module: + + simple(default) - do not use special IDs in GPFS ACEs + special - use special IDs in GPFS ACEs. + + + + + + + + nfs4:acedup = [dontcare|reject|ignore|merge] + + + This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs. + GPFS allows/creates duplicate ACE for different bits for same ID. + + + Following is the behaviour of Samba for different values : + + dontcare (default) - copy the ACEs as they come + reject - stop operation and exit with error on ACL set op + ignore - don't include the second matching ACE + merge - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE + + + + + + + nfs4:chown = [yes|no] + + This parameter allows enabling or disabling the chown supported + by the underlying filesystem. This parameter should be enabled with + care as it might leave your system insecure. + Some filesystems allow chown as a) giving b) stealing. It is the latter + that is considered a risk. + + Following is the behaviour of Samba for different values : + + yes - Enable chown if as supported by the under filesystem + no (default) - Disable chown + + + + + + + + + EXAMPLES + + A GPFS mount can be exported via Samba as follows : + + + + gpfs + /test/gpfs_mount + special + merge + + + + + CAVEATS + The gpfs gpl libraries are required by gpfs VFS + module during both compilation and runtime. + Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4 + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The GPFS VFS module was created with contributions from + Volker Lendecke and the developers at IBM. + + + This manpage was created by the IBM FSCC team + + + diff --git a/docs-xml/manpages-3/vfs_netatalk.8.xml b/docs-xml/manpages-3/vfs_netatalk.8.xml new file mode 100644 index 0000000000..e4f6772a7b --- /dev/null +++ b/docs-xml/manpages-3/vfs_netatalk.8.xml @@ -0,0 +1,77 @@ + + + + + + vfs_netatalk + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_netatalk + hide .AppleDouble files from CIFS clients + + + + + vfs objects = netatalk + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_netatalk VFS module dynamically + hides .AppleDouble files, preventing spurious errors on some + CIFS clients. .AppleDouble files may be created by historic + implementations of AFP (Apple Filing Protocol) on servers. + + This module is stackable. + + + + + EXAMPLES + + Hide .AppleDouble files on the [data] share: + + + netatalk + + + + + + CAVEATS + This module is largely historic and unlikely to be of use + in modern networks since current Apple systems are able to mount CIFS + shares natively. + + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_notify_fam.8.xml b/docs-xml/manpages-3/vfs_notify_fam.8.xml new file mode 100644 index 0000000000..10605753c8 --- /dev/null +++ b/docs-xml/manpages-3/vfs_notify_fam.8.xml @@ -0,0 +1,70 @@ + + + + + + vfs_notify_fam + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_notify_fam + FAM support for file change notifications + + + + + vfs objects = notify_fam + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_notify_fam module makes use of + the system FAM (File Alteration Monitor) daemon to implement + file change notifications for Windows clients. FAM is generally + present only on IRIX and some BSD systems. + + This module is not stackable. + + + + + EXAMPLES + + Support FAM notifications globally: + + + + notify_fam + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_prealloc.8.xml b/docs-xml/manpages-3/vfs_prealloc.8.xml new file mode 100644 index 0000000000..36cc2894f3 --- /dev/null +++ b/docs-xml/manpages-3/vfs_prealloc.8.xml @@ -0,0 +1,107 @@ + + + + + + vfs_prealloc + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_prealloc + preallocate matching files to a predetermined size + + + + + vfs objects = prealloc + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_prealloc VFS module preallocates + files to a specified size each time a new file is created. This + is useful in environments where files are of a predetermined + size will be written to a disk subsystem where extending file + allocations is expensive. + + This module is stackable. + + + + + + OPTIONS + + + + + prealloc:EXT = BYTES + + Preallocate all files with the extension EXT to + the size specified by BYTES. + + + The following suffixes may be applied to BYTES: + + K - BYTES is a number of kilobytes + M - BYTES is a number of megabytes + G - BYTES is a number of gigabytes + + + + + + + + + + EXAMPLES + + A process writes TIFF files to a Samba share, and the + is known these files will almost always be around 4 megabytes + (4194304 bytes): + + + + /data/frames + prealloc + 4M + + + + + CAVEATS + vfs_prealloc is not supported on all + platforms and filesystems. Currently only XFS filesystems on + Linux and IRIX are supported. + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_readahead.8.xml b/docs-xml/manpages-3/vfs_readahead.8.xml new file mode 100644 index 0000000000..0f4bd6aa50 --- /dev/null +++ b/docs-xml/manpages-3/vfs_readahead.8.xml @@ -0,0 +1,115 @@ + + + + + + vfs_readahead + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_readahead + pre-load the kernel buffer cache + + + + + vfs objects = readahead + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + This vfs_readahead VFS module detects + read requests at multiples of a given offset (hex 0x80000 by + default) and then tells the kernel via either the readahead + system call (on Linux) or the posix_fadvise system call to + pre-fetch this data into the buffer cache. + + This module is useful for Windows Vista clients reading + data using the Windows Explorer program, which asynchronously + does multiple file read requests at offset boundaries of 0x80000 + bytes. + + The offset multiple used is given by the readahead:offset + option, which defaults to 0x80000. + + The size of the disk read operations performed + by vfs_readahead is determined by the + readahead:length option. By default this is set to the + same value as the readahead:offset option and if not + set explicitly will use the current value of + readahead:offset. + + This module is stackable. + + + + OPTIONS + + + + + readahead:offset = BYTES + + The offset multiple that causes readahead to be + requested of the kernel buffer cache. + + + + + readahead:length = BYTES + + The number of bytes requested to be + read into the kernel buffer cache on each + readahead call. + + + + The following suffixes may be applied to BYTES: + + K - BYTES is a number of kilobytes + M - BYTES is a number of megabytes + G - BYTES is a number of gigabytes + + + + + + + + EXAMPLES + + + + readahead + + + + + + VERSION + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_readonly.8.xml b/docs-xml/manpages-3/vfs_readonly.8.xml new file mode 100644 index 0000000000..1d3d979cb0 --- /dev/null +++ b/docs-xml/manpages-3/vfs_readonly.8.xml @@ -0,0 +1,101 @@ + + + + + + vfs_readonly + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_readonly + make a Samba share read only for a specified time period + + + + + vfs objects = readonly + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_readonly VFS module marks a share + as read only for all clients connecting within the configured + time period. Clients connecting during this time will be denied + write access to all files in the share, irrespective of ther + actual access privileges. + + This module is stackable. + + + + + + OPTIONS + + + + + readonly:period = BEGIN, END + + Only mark the share as read only if the client + connection was made between the times marked by the + BEGIN and END date specifiers. + The syntax of these date specifiers is the + same as that accepted by the -d option of GNU + date + 1. + + + + + + + + + + EXAMPLES + + Mark all shares read only: + + + readonly + + + Mark the [backup] share as read only during business hours: + + + /readonly + readonly + readonly:period = "today 9:00","today 17:00" + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_recycle.8.xml b/docs-xml/manpages-3/vfs_recycle.8.xml new file mode 100644 index 0000000000..ca95f881b7 --- /dev/null +++ b/docs-xml/manpages-3/vfs_recycle.8.xml @@ -0,0 +1,217 @@ + + + + + + vfs_recycle + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_recycle + Samba VFS recycle bin + + + + + vfs objects = recycle + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_recycle intercepts file deletion + requests and moves the affected files to a temporary repository + rather than deleting them immediately. This gives the same effect + as the Recycle Bin on Windows computers. + + The Recycle Bin will not appear in Windows Explorer + views of the network file system (share) nor on any mapped + drive. Instead, a directory called .recycle will be automatically + created when the first file is deleted and recycle:repository is + not configured. If recycle:repository is configured, the name + of the created directory depends on recycle:repository. Users + can recover files from the recycle bin. If the recycle:keeptree + option has been specified, deleted files will be found in a path + identical with that from which the file was deleted. + + + This module is stackable. + + + + + + OPTIONS + + + + + recycle:repository = PATH + + Path of the directory where deleted files should be moved. + + If this option is not set, the default path .recycle + is used. + + + + + recycle:directory_mode = MODE + + Set MODE to the octal mode the recycle repository + should be created with. The recycle repository will be + created when first file is deleted. If recycle:subdir_mode + is not set, MODE also applies to subdirectories. + + If this option is not set, the default mode + 0700 is used. + + + + + recycle:subdir_mode = MODE + + Set MODE to the octal mode with which + sub directories of the recycle repository should be created. + + If this option is not set, subdirectories + will be created with the mode from recycle:directory_mode. + + + + + + recycle:keeptree = BOOL + + Specifies whether the directory structure should + be preserved or whether the files in a directory that is being + deleted should be kept separately in the repository. + + + + + + recycle:versions = BOOL + + If this option is True, two files with the same + name that are deleted will both be kept in the repository. + Newer deleted versions of a file will be called + "Copy #x of filename". + + + + + + recycle:touch = BOOL + + Specifies whether a file's access date should be + updated when the file is moved to the repository. + + + + + + recycle:touch_mtime = BOOL + + Specifies whether a file's last modified date should be + updated when the file is moved to the repository. + + + + + + recycle:minsize = BYTES + + Files that are smaller than the number of bytes + specified by this parameter will not be put into the + repository. + + + + + + recycle:maxsize = BYTES + + Files that are larger than the number of bytes + specified by this parameter will not be put into the + repository. + + + + + + recycle:exclude = LIST + + List of files that should not be put into the + repository when deleted, but deleted in the normal way. + Wildcards such as * and ? are supported. + + + + + + recycle:exclude_dir = LIST + + List of directories whose files should not be put + into the repository when deleted, but deleted in the + normal way. Wildcards such as * and ? are supported. + + + + + + recycle:noversions = LIST + + Specifies a list of paths (wildcards such as * + and ? are supported) for which no versioning should + be used. Only useful when recycle:versions is enabled. + + + + + + + + + EXAMPLES + + Log operations on all shares using the LOCAL1 facility + and NOTICE priority: + + + + recycle + LOCAL1 + NOTICE + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_shadow_copy.8.xml b/docs-xml/manpages-3/vfs_shadow_copy.8.xml new file mode 100644 index 0000000000..49f79542d3 --- /dev/null +++ b/docs-xml/manpages-3/vfs_shadow_copy.8.xml @@ -0,0 +1,121 @@ + + + + + + vfs_shadow_copy + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_shadow_copy + Make a Samba share read only for a specified time period + + + + + vfs objects = shadow_copy + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_shadow_copy VFS module functionality + that is similar to Microsoft Shadow Copy services. When setup properly, + this module allows Microsoft Shadow Copy clients to browse + "shadow copies" on Samba shares. + + + This module is stackable. + + + + + CONFIGURATION + + vfs_shadow_copy relies on a filesystem + snapshot implementation. Many common filesystems have native + support for this. + + + Filesystem snapshots must be mounted on + specially named directories in order to be recognized by + vfs_shadow_copy. The snapshot mount points must + be immediate children of a the directory being shared. + + The snapshot naming convention is @GMT-YYYY.MM.DD-hh.mm.ss, + where: + + YYYY is the 4 digit year + MM is the 2 digit month + DD is the 2 digit day + hh is the 2 digit hour + mm is the 2 digit minute + ss is the 2 digit second. + + + + The vfs_shadow_copy snapshot naming convention can be produced with the following + date + 1 command: + + TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S + + + + + + EXAMPLES + + Add shadow copy support to user home directories: + + + shadow_copy + + + + + + CAVEATS + + This is not a backup, archival, or version control solution. + + + With Samba or Windows servers, + vfs_shadow_copy is designed to be an end-user + tool only. It does not replace or enhance your backup and + archival solutions and should in no way be considered as + such. Additionally, if you need version control, implement a + version control system. + + + + + + + VERSION + + This man page is correct for version 3.0.25 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfs_xattr_tdb.8.xml b/docs-xml/manpages-3/vfs_xattr_tdb.8.xml new file mode 100644 index 0000000000..4f3b70223f --- /dev/null +++ b/docs-xml/manpages-3/vfs_xattr_tdb.8.xml @@ -0,0 +1,69 @@ + + + + + + vfs_xattr_tdb + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_xattr_tdb + Save Extended Attributes (EAs) in a tdb file + + + + + vfs objects = xattr_tdb + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_xattr_tdb VFS module stores + Extended Attributes (EAs) in a tdb file. + This enables the usage of Extended Attributes on OS and + filesystems which do not support Extended Attributes + by themselves. + + + This module is stackable. + + + + OPTIONS + + + + xattr_tdb:file = PATH + + Name of the tdb file the EAs are stored in. + If this option is not set, the default filename + xattr.tdb is used. + + + + + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/vfstest.1.xml b/docs-xml/manpages-3/vfstest.1.xml new file mode 100644 index 0000000000..d0cef85e71 --- /dev/null +++ b/docs-xml/manpages-3/vfstest.1.xml @@ -0,0 +1,153 @@ + + + + + + vfstest + 1 + Samba + User Commands + 3.2 + + + + + vfstest + tool for testing samba VFS modules + + + + + vfstest + -d debuglevel + -c command + -l logdir + -h + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + vfstest is a small command line + utility that has the ability to test dso samba VFS modules. It gives the + user the ability to call the various VFS functions manually and + supports cascaded VFS modules. + + + + + + OPTIONS + + + + + -c|--command=command + Execute the specified (colon-separated) commands. + See below for the commands that are available. + + + + &stdarg.help; + + + -l|--logfile=logbasename + File name for log/debug files. The extension + '.client' will be appended. The log file is never removed + by the client. + + + + &stdarg.server.debug; + &popt.common.samba; + + + + + + + COMMANDS + + VFS COMMANDS + + load <module.so> - Load specified VFS module + + populate <char> <size> - Populate a data buffer with the specified data + + + showdata [<offset> <len>] - Show data currently in data buffer + + + connect - VFS connect() + disconnect - VFS disconnect() + disk_free - VFS disk_free() + opendir - VFS opendir() + readdir - VFS readdir() + mkdir - VFS mkdir() + rmdir - VFS rmdir() + closedir - VFS closedir() + open - VFS open() + close - VFS close() + read - VFS read() + write - VFS write() + lseek - VFS lseek() + rename - VFS rename() + fsync - VFS fsync() + stat - VFS stat() + fstat - VFS fstat() + lstat - VFS lstat() + unlink - VFS unlink() + chmod - VFS chmod() + fchmod - VFS fchmod() + chown - VFS chown() + fchown - VFS fchown() + chdir - VFS chdir() + getwd - VFS getwd() + utime - VFS utime() + ftruncate - VFS ftruncate() + lock - VFS lock() + symlink - VFS symlink() + readlink - VFS readlink() + link - VFS link() + mknod - VFS mknod() + realpath - VFS realpath() + + + GENERAL COMMANDS + + conf <smb.conf> - Load a different configuration file + + help [<command>] - Get list of commands or info about specified command + + debuglevel <level> - Set debug level + + freemem - Free memory currently in use + + exit - Exit vfstest + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The vfstest man page was written by Jelmer Vernooij. + + + diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml new file mode 100644 index 0000000000..5211688977 --- /dev/null +++ b/docs-xml/manpages-3/wbinfo.1.xml @@ -0,0 +1,380 @@ + + + + + + wbinfo + 1 + Samba + User Commands + 3.2 + + + + + wbinfo + Query information from winbind daemon + + + + + wbinfo + -a user%password + --all-domains + --allocate-gid + --allocate-uid + -D domain + --domain domain + -g + --getdcname domain + --get-auth-user + -G gid + -h + -i user + -I ip + -K user%password + -m + -n name + -N netbios-name + --own-domain + -p + -r user + -s sid + --separator + --sequence + --set-auth-user user%password + -S sid + -t + -u + --uid-info uid + --user-domgroups sid + --user-sids sid + -U uid + -V + -Y sid + --verbose + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + The wbinfo program queries and returns information + created and used by the winbindd + 8 daemon. + + The winbindd + 8 daemon must be configured + and running for the wbinfo program to be able + to return information. + + + + OPTIONS + + + + -a|--authenticate username%password + Attempt to authenticate a user via winbindd. + This checks both authenticaion methods and reports its results. + Do not be tempted to use this + functionality for authentication in third-party + applications. Instead use ntlm_auth + 1. + + + + --allocate-gid + Get a new GID out of idmap + + + + + --allocate-uid + Get a new UID out of idmap + + + + + --all-domains + List all domains (trusted and + own domain). + + + + + --domain name + This parameter sets the domain on which any specified + operations will performed. If special domain name '.' is used to represent + the current domain to which winbindd belongs. Currently only the + , + , and options honor this parameter. + + + + + -D|--domain-info domain + Show most of the info we have about the domain. + + + + + -g|--domain-groups + This option will list all groups available + in the Windows NT domain for which the samba + 7 daemon is operating in. Groups in all trusted domains + will also be listed. Note that this operation does not assign + group ids to any groups that have not already been + seen by winbindd + 8. + + + + --get-auth-user + Print username and password used by winbindd + during session setup to a domain controller. Username + and password can be set using . + Only available for root. + + + + --getdcname domain + Get the DC name for the specified domain. + + + + + -G|--gid-to-sid gid + Try to convert a UNIX group id to a Windows + NT SID. If the gid specified does not refer to one within + the idmap gid range then the operation will fail. + + + + -i|--user-info user + Get user info. + + + + + -I|--WINS-by-ip ip + The -I option + queries winbindd + 8 to send a node status + request to get the NetBIOS name associated with the IP address + specified by the ip parameter. + + + + + -K|--krb5auth username%password + Attempt to authenticate a user via Kerberos. + + + + + -m|--trusted-domains + Produce a list of domains trusted by the + Windows NT server winbindd + 8 contacts + when resolving names. This list does not include the Windows + NT domain the server is a Primary Domain Controller for. + + + + + -n|--name-to-sid name + The -n option + queries winbindd + 8 for the SID + associated with the name specified. Domain names can be specified + before the user name by using the winbind separator character. + For example CWDOM1/Administrator refers to the Administrator + user in the domain CWDOM1. If no domain is specified then the + domain used is the one specified in the smb.conf + 5 workgroup + parameter. + + + + -N|--WINS-by-name name + The -N option + queries winbindd + 8 to query the WINS + server for the IP address associated with the NetBIOS name + specified by the name parameter. + + + + + --own-domain + List own domain. + + + + + -p|--ping + Check whether winbindd is still alive. + Prints out either 'succeeded' or 'failed'. + + + + + -r|--user-groups username + Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. + + + + + -s|--sid-to-name sid + Use -s to resolve + a SID to a name. This is the inverse of the -n + option above. SIDs must be specified as ASCII strings + in the traditional Microsoft format. For example, + S-1-5-21-1455342024-3071081365-2475485837-500. + + + + --separator + Get the active winbind separator. + + + + + --sequence + Show sequence numbers of + all known domains + + + + --set-auth-user username%password + Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatible with + Windows 2000 servers only). + + + + + -S|--sid-to-uid sid + Convert a SID to a UNIX user id. If the SID + does not correspond to a UNIX user mapped by + winbindd8 + then the operation will fail. + + + + -t|--check-secret + Verify that the workstation trust account + created when the Samba server is added to the Windows NT + domain is working. + + + + -u|--domain-users + This option will list all users available + in the Windows NT domain for which the winbindd + 8 daemon is operating in. Users in all trusted domains + will also be listed. Note that this operation does not assign + user ids to any users that have not already been seen by + winbindd8 + . + + + + --uid-info UID + Get user info for the user conencted to + user id UID. + + + + --user-domgroups SID + Get user domain groups. + + + + + --user-sids SID + Get user group SIDs for user. + + + + + -U|--uid-to-sid uid + Try to convert a UNIX user id to a Windows NT + SID. If the uid specified does not refer to one within + the idmap uid range then the operation will fail. + + + + --verbose + + Print additional information about the query + results. + + + + + -Y|--sid-to-gid sid + Convert a SID to a UNIX group id. If the SID + does not correspond to a UNIX group mapped by + winbindd8 then + the operation will fail. + + + + &stdarg.version; + &stdarg.help; + + + + + + + EXIT STATUS + + The wbinfo program returns 0 if the operation + succeeded, or 1 if the operation failed. If the + winbindd8 + daemon is not working wbinfo will always return + failure. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + winbindd + 8 and ntlm_auth + 1 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + wbinfo and winbindd + were written by Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba + 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml new file mode 100644 index 0000000000..7e3948c461 --- /dev/null +++ b/docs-xml/manpages-3/winbindd.8.xml @@ -0,0 +1,512 @@ + + + + + + winbindd + 8 + Samba + System Administration tools + 3.2 + + + + + winbindd + Name Service Switch daemon for resolving names + from NT servers + + + + + winbindd + -D + -F + -S + -i + -Y + -d <debug level> + -s <smb config file> + -n + + + + + DESCRIPTION + + This program is part of the samba + 7 suite. + + winbindd is a daemon that provides + a number of services to the Name Service Switch capability found + in most modern C libraries, to arbitrary applications via PAM + and ntlm_auth and to Samba itself. + + Even if winbind is not used for nsswitch, it still provides a + service to smbd, ntlm_auth + and the pam_winbind.so PAM module, by managing connections to + domain controllers. In this configuraiton the + and + + parameters are not required. (This is known as `netlogon proxy only mode'.) + + The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the /etc/nsswitch.conf file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the + Samba system. + + The service provided by winbindd is called `winbind' and + can be used to resolve user and group information from a + Windows NT server. The service can also provide authentication + services via an associated PAM module. + + + The pam_winbind module supports the + auth, account + and password + module-types. It should be noted that the + account module simply performs a getpwnam() to verify that + the system can obtain a uid for the user, as the domain + controller has already performed access control. If the + libnss_winbind library has been correctly + installed, or an alternate source of names configured, this should always succeed. + + + The following nsswitch databases are implemented by + the winbindd service: + + + + -D + If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background on the appropriate port. + This switch is assumed if winbindd is + executed on the command line of a shell. + + + + + hosts + This feature is only available on IRIX. + User information traditionally stored in + the hosts(5) file and used by + gethostbyname(3) functions. Names are + resolved through the WINS server or by broadcast. + + + + + passwd + User information traditionally stored in + the passwd(5) file and used by + getpwent(3) functions. + + + + group + Group information traditionally stored in + the group(5) file and used by + getgrent(3) functions. + + + + For example, the following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve user and group information from /etc/passwd + and /etc/group and then from the + Windows NT server. + +passwd: files winbind +group: files winbind +## only available on IRIX; Linux users should us libnss_wins.so +hosts: files dns winbind + + + The following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve hostnames from /etc/hosts and then from the + WINS server. + +hosts: files wins + + + + + + + OPTIONS + + + + -F + If specified, this parameter causes + the main winbindd process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + winbindd under process supervisors such + as supervise and svscan + from Daniel J. Bernstein's daemontools + package, or the AIX process monitor. + + + + + -S + If specified, this parameter causes + winbindd to log to standard output rather + than a file. + + + &stdarg.server.debug; + &popt.common.samba; + &stdarg.help; + + + -i + Tells winbindd to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging + of winbindd is required. + winbindd also logs to standard output, + as if the -S parameter had been given. + + + + + -n + Disable caching. This means winbindd will + always have to wait for a response from the domain controller + before it can respond to a client and this thus makes things + slower. The results will however be more accurate, since + results from the cache might not be up-to-date. This + might also temporarily hang winbindd if the DC doesn't respond. + + + + + -Y + Single daemon mode. This means winbindd will run + as a single process (the mode of operation in Samba 2.2). Winbindd's + default behavior is to launch a child process that is responsible for + updating expired cache entries. + + + + + + + + + NAME AND ID RESOLUTION + + Users and groups on a Windows NT server are assigned + a security id (SID) which is globally unique when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between SIDs and unix user + and group ids is required. This is one of the jobs that + winbindd performs. + + As winbindd users and groups are resolved from a server, user + and group ids are allocated from a specified range. This + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored + in a database and will be remembered. + + WARNING: The SID to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + store is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user + and group rids. + + See the idmap + domains or the old idmap + backend parameters in + smb.conf for options for sharing this + database, such as via LDAP. + + + + + CONFIGURATION + + Configuration of the winbindd daemon + is done through configuration parameters in the + smb.conf5 + file. All parameters should be specified in the + [global] section of smb.conf. + + + + + + + + + + + + + + + + + + + + + + + + + Setting this parameter forces winbindd to use RPC + instead of LDAP to retrieve information from Domain + Controllers. + + + + + + + EXAMPLE SETUP + + + To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the + following setup. This was tested on an early Red Hat Linux box. + + + In /etc/nsswitch.conf put the + following: + +passwd: files winbind +group: files winbind + + + + In /etc/pam.d/* replace the + auth lines with something like this: + +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_unix.so \ + use_first_pass shadow nullok + + + + + The PAM module pam_unix has recently replaced the module pam_pwdb. + Some Linux systems use the module pam_unix2 in place of pam_unix. + + + Note in particular the use of the sufficient + keyword and the use_first_pass keyword. + + Now replace the account lines with this: + + account required /lib/security/pam_winbind.so + + + The next step is to join the domain. To do that use the + net program like this: + + net join -S PDC -U Administrator + + The username after the -U can be any + Domain user that has administrator privileges on the machine. + Substitute the name or IP of your PDC for "PDC". + + Next copy libnss_winbind.so to + /lib and pam_winbind.so + to /lib/security. A symbolic link needs to be + made from /lib/libnss_winbind.so to + /lib/libnss_winbind.so.2. If you are using an + older version of glibc then the target of the link should be + /lib/libnss_winbind.so.1. + + Finally, setup a smb.conf + 5 containing directives like the + following: + +[global] + winbind separator = + + winbind cache time = 10 + template shell = /bin/bash + template homedir = /home/%D/%U + idmap uid = 10000-20000 + idmap gid = 10000-20000 + workgroup = DOMAIN + security = domain + password server = * + + + + Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the + commands getent passwd and getent group + to confirm the correct operation of winbindd. + + + + + NOTES + + The following notes are useful when configuring and + running winbindd: + + nmbd + 8 must be running on the local machine + for winbindd to work. + + PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible + to set up PAM such that you can no longer log into your system. + + If more than one UNIX machine is running winbindd, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local + machine, unless a shared idmap + backend is configured. + + If the the Windows NT SID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost. + + + + + SIGNALS + + The following signals can be used to manipulate the + winbindd daemon. + + + + SIGHUP + Reload the smb.conf + 5 file and + apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted + by winbindd is also reloaded. + + + + SIGUSR2 + The SIGUSR2 signal will cause + winbindd to write status information to the winbind + log file. + + Log files are stored in the filename specified by the + log file parameter. + + + + + + FILES + + + + /etc/nsswitch.conf(5) + Name service switch configuration file. + + + + + /tmp/.winbindd/pipe + The UNIX pipe over which clients communicate with + the winbindd program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon + if both the /tmp/.winbindd directory + and /tmp/.winbindd/pipe file are owned by + root. + + + + $LOCKDIR/winbindd_privileged/pipe + The UNIX pipe over which 'privileged' clients + communicate with the winbindd program. For security + reasons, access to some winbindd functions - like those needed by + the ntlm_auth utility - is restricted. By default, + only users in the 'root' group will get this access, however the administrator + may change the group permissions on $LOCKDIR/winbindd_privileged to allow + programs like 'squid' to use ntlm_auth. + Note that the winbind client will only attempt to connect to the winbindd daemon + if both the $LOCKDIR/winbindd_privileged directory + and $LOCKDIR/winbindd_privileged/pipe file are owned by + root. + + + + /lib/libnss_winbind.so.X + Implementation of name service switch library. + + + + + $LOCKDIR/winbindd_idmap.tdb + Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially + compiled using the --with-lockdir option. + This directory is by default /usr/local/samba/var/locks + . + + + + $LOCKDIR/winbindd_cache.tdb + Storage for cached user and group information. + + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + nsswitch.conf(5), + samba + 7, + wbinfo + 1, + ntlm_auth + 8, + smb.conf + 5, + pam_winbind + 8 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + wbinfo and winbindd were + written by Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + -- cgit