From 32a965e09ce4befe971855e11e1fb5ceb51a9ed1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:35:20 +0000 Subject: 2nd phase of head branch sync with SAMBA_2_0 - this delets all the files that were in the head branch but weren't in SAMBA_2_0 (This used to be commit d7b208786590b5a28618590172b8d523627dda09) --- docs/htmldocs/LDAP.html | 147 --------- docs/htmldocs/debug2html.1.html | 68 ----- docs/htmldocs/rpcclient.1.html | 651 ---------------------------------------- 3 files changed, 866 deletions(-) delete mode 100644 docs/htmldocs/LDAP.html delete mode 100644 docs/htmldocs/debug2html.1.html delete mode 100644 docs/htmldocs/rpcclient.1.html (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/LDAP.html b/docs/htmldocs/LDAP.html deleted file mode 100644 index 1cc8f8213f..0000000000 --- a/docs/htmldocs/LDAP.html +++ /dev/null @@ -1,147 +0,0 @@ - - - - -LDAP Support in Samba - - - - - -

- -

LDAP Support in Samba

Matthew Chapman

29th November 1998 -

-WARNING: This is experimental code. Use at your own risk, and please report -any bugs (after reading BUGS.txt). -

- - - -

1: What is LDAP?

2: Why LDAP and Samba?

3: Using LDAP with Samba

4: Using LDAP for Unix authentication

5: Compatibility with Active Directory

- -

1: What is LDAP?

-A directory is a type of hierarchical database optimised for simple query -operations, often used for storing user information. LDAP is the -Lightweight Directory Access Protocol, a protocol which is rapidly -becoming the Internet standard for accessing directories.

- Many client applications now support LDAP (including Microsoft's Active -Directory), and there are a number of servers available. The most popular -implementation for Unix is from the University of Michigan; its -homepage is at http://www.umich.edu/~dirsvcs/ldap/.

- Information in an LDAP tree always comes in attribute=value pairs. -The following is an example of a Samba user entry:

-uid=jbloggs, dc=samba, dc=org
-objectclass=sambaAccount
-uid=jbloggs
-cn=Joe Bloggs
-description=Samba User
-uidNumber=500
-gidNumber=500
-rid=2000
-grouprid=2001
-lmPassword=46E389809F8D55BB78A48108148AD508
-ntPassword=1944CCE1AD6F80D8AEC9FC5BE77696F4
-pwdLastSet=35C11F1B
-smbHome=\\samba1\jbloggs
-homeDrive=Z
-script=logon.bat
-profile=\\samba1\jbloggs\profile
-workstations=JOE
-

- Note that the top line is a special set of attributes called a -distinguished name which identifies the location of this entry beneath -the directory's root node. Recent Internet standards suggest the use of -domain-based naming using dc attributes (for instance, a microsoft.com -directory should have a root node of dc=microsoft, dc=com), although -this is not strictly necessary for isolated servers.

- There are a number of LDAP-related FAQ's on the internet, although -generally the best source of information is the documentation for the -individual servers.

-
- -

2: Why LDAP and Samba?

- Using an LDAP directory allows Samba to store user and group information -more reliably and flexibly than the current combination of smbpasswd, -smbgroup, groupdb and aliasdb with the Unix databases. If a need emerges -for extra user information to be stored, this can easily be added without -loss of backwards compatibility.

- In addition, the Samba LDAP schema is compatible with RFC2307, allowing -Unix password database information to be stored in the same entries. This -provides a single, consistent repository for both Unix and Windows user -information.

-
- -

3: Using LDAP with Samba

Install and configure an LDAP server if you do not already have -one. You should read your LDAP server's documentation and set up the -configuration file and access control as desired.
-

Build Samba (latest CVS is required) with:

-	./configure --with-ldap
-	make clean; make install
-

Add the following options to the global section of smb.conf as -required.
-
- ldap suffix
  - This parameter specifies the node of the LDAP tree beneath which -Samba should store its information. This parameter MUST be provided -when using LDAP with Samba.
  - Default: none
  - Example: ldap suffix = "dc=mydomain, dc=org"
  -
- ldap bind as
  - This parameter specifies the entity to bind to an LDAP directory as. -Usually it should be safe to use the LDAP root account; for larger -installations it may be preferable to restrict Samba's access.
  - Default: none (bind anonymously)
  - Example: ldap bind as = "uid=root, dc=mydomain, dc=org"
  -
- ldap passwd file
  - This parameter specifies a file containing the password with which -Samba should bind to an LDAP server. For obvious security reasons -this file must be set to mode 700 or less.
  - Default: none (bind anonymously)
  - Example: ldap passwd file = /usr/local/samba/private/ldappasswd
  -
- ldap server
  - This parameter specifies the DNS name of the LDAP server to use -when storing and retrieving information about Samba users and -groups.
  - Default: ldap server = localhost
  -
- ldap port
  - This parameter specifies the TCP port number of the LDAP server.
  - Default: ldap port = 389
  -
-
You should then be able to use the normal smbpasswd(8) command for -account administration (or User Manager in the near future).
-

-
- -

4: Using LDAP for Unix authentication

- The Samba LDAP code was designed to utilise RFC2307-compliant directory -entries if available. RFC2307 is a proposed standard for LDAP user -information which has been adopted by a number of vendors. Further -information is available at http://www.xedoc.com.au/~lukeh/ldap/.

- Of particular interest is Luke Howard's nameservice switch module -(nss_ldap) and PAM module (pam_ldap) implementing this standard, providing -LDAP-based password databases for Unix. If you are setting up a server to -provide integrated Unix/NT services than these are worth investigating.

-
- -

5: Compatibility with Active Directory

- The current implementation is not designed to be used with Microsoft -Active Directory, although compatibility may be added in the future.

- - diff --git a/docs/htmldocs/debug2html.1.html b/docs/htmldocs/debug2html.1.html deleted file mode 100644 index d0d6373a3d..0000000000 --- a/docs/htmldocs/debug2html.1.html +++ /dev/null @@ -1,68 +0,0 @@ - - - - - -debug2html(1) - - - - - -

- -

debug2html(1)

Samba

29 Dec 1998

- - - - -

NAME

- debug2html - Samba DEBUG to HTML translation filter -

SYNOPSIS

- -

debug2html [input-file [output-file]] -

DESCRIPTION

- -

This program is part of the Samba suite. -

debug2html generates HTML files from Samba log files. Log files -produced by nmbd(8) or smbd(8) may then be viewed by a web -browser. The output conforms to the HTML 3.2 specification. -

The filenames specified on the command line are optional. If the -output-file is ommitted, output will go to stdout. If the input-file -is ommitted, debug2html will read from stdin. The filename "-" -can be used to indicate that input should be read from stdin. For -example: -

cat /usr/local/samba/var/log.nmb | debug2html - nmblog.html
-

VERSION

- -

This man page is correct for version 2.0 of the Samba suite. -

AUTHOR

- -

The original Samba software and related utilities were created by -Andrew Tridgell samba-bugs@samba.org. Samba is now developed -by the Samba Team as an Open Source project similar to the way the -Linux kernel is developed. -

The original Samba man pages were written by Karl Auer. The man page -sources were converted to YODL format (another excellent piece of Open -Source software, available at -ftp://ftp.icce.rug.nl/pub/unix/) -and updated for the Samba2.0 release by Jeremy Allison. -samba-bugs@samba.org. -

debug2html was added by Chris Hertel. -

See samba(7) to find out how to get a full -list of contributors and details on how to submit bug reports, -comments etc. - - diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html deleted file mode 100644 index 6e5cf88866..0000000000 --- a/docs/htmldocs/rpcclient.1.html +++ /dev/null @@ -1,651 +0,0 @@ - - - - - -rpcclient (1) - - - - - -

- -

rpcclient (1)

Samba

23 Oct 1998

- - - - -

NAME

- rpcclient - utility to manage MSRPC resources on servers -

SYNOPSIS

- -

rpcclient -[password] --S servername -[-U [username][%][password]] -[-W domain] -[-l log basename] -[-d debuglevel] -[-O socket options] -[-i scope] -[-N] -[-n NetBIOS name] -[-h] -[-I dest IP] -[-E] -[-t terminal code] -[-c command string] -[-B IP addr] -[-s smb.conf] -[-m max protocol] -

DESCRIPTION

- -

This program is part of the Samba suite. -

rpcclient is a client that can 'talk' to an SMB/CIFS MSRPC server. -Operations include things like managing a SAM Database (users, groups -and aliases) in the same way as the Windows NT programs -User Manager for Domains and Server Manager for Domains; -managing a remote registry in the same way as the Windows NT programs -REGEDT32.EXE and REGEDIT.EXE; viewing a remote event log (same -as EVENTVWR.EXE) etc. -

Typical usage is like this:
-rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log -
-

OPTIONS

- -

servername servername is the name of the server you want -to use on the server. This should be the NetBIOS name of the SMB/CIFS -server, which can be *SMBSERVER on Windows NT 4.0 or Samba Servers. -

Note that the server name required is NOT necessarily the IP (DNS) -host name of the server! The name required is a NetBIOS server name, -which may or may not be the same as the IP hostname of the machine -running the server. Also, remember that having a period in a NetBIOS -name (such as an IP hostname) may cause connectivity problems on your -network: NT tends to strip NetBIOS names from the leading period -onwards. -

The server name is looked up according to either the --R parameter to rpcclient or using the -name resolve order -parameter in the smb.conf file, allowing an administrator to change -the order and methods by which server names are looked up. -

-
password password is the password required to access the -specified service on the specified server. If this parameter is -supplied, the -N option (suppress password prompt) is assumed. -

There is no default password. If no password is supplied on the -command line (either by using this parameter or adding a password to -the -U option (see below)) and the -N option is not specified, -the client will prompt for a password, even if the desired service -does not require one. (If no password is required, simply press ENTER -to provide a null password.) -

Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. -

Be cautious about including passwords in scripts. -

-
-s smb.conf This parameter specifies the pathname to the -Samba configuration file, smb.conf. This file controls all aspects of -the Samba setup on the machine and rpcclient also needs to read this -file. -

-
-B IP addr The IP address to use when sending a broadcast packet. -

-
-O socket options TCP socket options to set on the client -socket. See the socket options -parameter in the smb.conf (5) manpage for -the list of valid options. -

-
-R name resolve order This option allows the user of -rpcclient to determine what name resolution services to use when -looking up the NetBIOS name of the host being connected to. -

The options are :"lmhosts", "host", "wins" and "bcast". They cause -names to be resolved as follows : -
- lmhosts : Lookup an IP address in the Samba lmhosts file. -The lmhosts file is stored in the same directory as the -smb.conf file. -
- host : Do a standard host name to IP address resolution, -using the system /etc/hosts, NIS, or DNS lookups. This method of name -resolution is operating system depended for instance on IRIX or -Solaris this may be controlled by the /etc/nsswitch.conf file). -
- wins : Query a name with the IP address listed in the wins -server parameter in the smb.conf file. If -no WINS server has been specified this method will be ignored. -
- bcast : Do a broadcast on each of the known local interfaces -listed in the interfaces parameter -in the smb.conf file. This is the least reliable of the name resolution -methods as it depends on the target host being on a locally connected -subnet. To specify a particular broadcast address the -B option -may be used. -
-

If this parameter is not set then the name resolve order defined -in the smb.conf file parameter -(name resolve order) -will be used. -

The default order is lmhosts, host, wins, bcast and without this -parameter or any entry in the "name resolve -order" parameter of the -smb.conf file the name resolution methods -will be attempted in this order. -

-
-i scope This specifies a NetBIOS scope that rpcclient will use -to communicate with when generating NetBIOS names. For details on the -use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes -are very rarely used, only set this parameter if you are the -system administrator in charge of all the NetBIOS systems you -communicate with. -

-
-N If specified, this parameter suppresses the normal -password prompt from the client to the user. This is useful when -accessing a service that does not require a password. -

Unless a password is specified on the command line or this parameter -is specified, the client will request a password. -

-
-n NetBIOS name By default, the client will use the local -machine's hostname (in uppercase) as its NetBIOS name. This parameter -allows you to override the host name and use whatever NetBIOS name you -wish. -

-
-d debuglevel debuglevel is an integer from 0 to 10, or the -letter 'A'. -

The default value if this parameter is not specified is zero. -

The higher this value, the more detail will be logged to the log files -about the activities of the client. At level 0, only critical errors -and serious warnings will be logged. Level 1 is a reasonable level for -day to day running - it generates a small amount of information about -operations carried out. -

Levels above 1 will generate considerable amounts of log data, and -should only be used when investigating a problem. Levels above 3 are -designed for use only by developers and generate HUGE amounts of log -data, most of which is extremely cryptic. If debuglevel is set to the -letter 'A', then all debug messages will be printed. This setting -is for developers only (and people who really want to know how the -code works internally). -

Note that specifying this parameter here will override the log -level parameter in the smb.conf -(5) file. -

-
-p port This number is the TCP port number that will be used -when making connections to the server. The standard (well-known) TCP -port number for an SMB/CIFS server is 139, which is the default. -

-
-l logfilename If specified, logfilename specifies a base -filename into which operational data from the running client will be -logged. -

The default base name is specified at compile time. -

The base name is used to generate actual log file names. For example, -if the name specified was "log", the debug file would be -log.client. -

The log file generated is never removed by the client. -

-
-h Print the usage message for the client. -

-
-I IP address IP address is the address of the server to -connect to. It should be specified in standard "a.b.c.d" notation. -

Normally the client would attempt to locate a named SMB/CIFS server by -looking it up via the NetBIOS name resolution mechanism described -above in the name resolve order parameter -above. Using this parameter will force the client to assume that the -server is on the machine with the specified IP address and the NetBIOS -name component of the resource being connected to will be ignored. -

There is no default for this parameter. If not supplied, it will be -determined automatically by the client as described above. -

-
-E This parameter causes the client to write messages to the -standard error stream (stderr) rather than to the standard output -stream. -

By default, the client writes messages to standard output - typically -the user's tty. -

Note that by default, debug information is always sent to stderr. -Debug information can instead be sent to a file, using the --l log basename option. -

-
-U username This specifies the user name that will be used by -the client to make a connection, assuming your server is not a downlevel -server that is running a protocol level that uses passwords on shares, -not on usernames. -

Some servers are fussy about the case of this name, and some insist -that it must be a valid NetBIOS name. -

If no username is supplied, it will default to an uppercase version of -the environment variable USER or LOGNAME in that order. If no -username is supplied and neither environment variable exists the -username "GUEST" will be used. -

If the USER environment variable contains a '%' character, -everything after that will be treated as a password. This allows you -to set the environment variable to be USER=username%password so -that a password is not passed on the command line (where it may be -seen by the ps command). -

If the service you are connecting to requires a password, it can be -supplied using the -U option, by appending a percent symbol ("%") -then the password to username. For example, to attach to a service as -user "fred" with password "secret", you would specify.
-

-U fred%secret
-

on the command line. Note that there are no spaces around the percent -symbol. -

If you specify the password as part of username then the -N option -(suppress password prompt) is assumed. -

If you specify the password as a parameter AND as part of username -then the password as part of username will take precedence. Putting -nothing before or nothing after the percent symbol will cause an empty -username or an empty password to be used, respectively. -

The password may also be specified by setting up an environment -variable called PASSWORD that contains the users password. Note -that this may be very insecure on some systems but on others allows -users to script rpcclient commands without having a password appear in -the command line of a process listing. -

Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. -

Be cautious about including passwords in scripts or in the -PASSWORD environment variable. Also, on many systems the command -line of a running process may be seen via the ps command to be -safe always allow rpcclient to prompt for a password and type it in -directly. -

-
-t terminal code This option tells rpcclient how to interpret -filenames coming from the remote server. Usually Asian language -multibyte UNIX implementations use different character sets than -SMB/CIFS servers (EUC instead of SJIS for example). Setting -this parameter will let rpcclient convert between the UNIX filenames -and the SMB filenames correctly. This option has not been seriously -tested and may have some problems. -

The terminal codes include sjis, euc, jis7, jis8, -junet, hex, cap. This is not a complete list, check the -Samba source code for the complete list. -

-
-m max protocol level With the new code in Samba2.0, -rpcclient always attempts to connect at the maximum -protocols level the server supports. This parameter is -preserved for backwards compatibility, but any string -following the -m will be ignored. -

-
-W Domain Override the default Domain, which is the remote server's -Domain. This option may be needed to connect to some servers. It is also -possible to specify the remote server name as the Domain, which will -force the username and password to be authenticated against the remote -server's local SAM instead of the Domain SAM. -

-
-c command string command string is a semicolon separated -list of commands to be executed instead of prompting from stdin. --N is implied by -c. -

This is particularly useful in scripts, e.g. -c 'lsaquery; enumusers -u'. -

OPERATIONS

- -

Once the client is running, the user is presented with a prompt : -

smb:\> -

The prompt indicates that the client is ready and waiting to carry out -a user command. Each command is a single word, optionally followed by -parameters specific to that command. Command and parameters are -space-delimited unless these notes specifically state otherwise. All -commands are case-insensitive. Parameters to commands may or may not -be case sensitive, depending on the command. -

You can specify names (e.g registry keys; user or group names; -service names) which have spaces in them by quoting the -name with double quotes, for example "dRMON SmartAgent". -

Parameters shown in square brackets (e.g., "[parameter]") are -optional. If not given, the command will use suitable -defaults. Parameters shown in angle brackets (e.g., "<parameter>") are -required. -

Note that all commands operating on the server are actually performed -by issuing a request to the server. Thus the behavior may vary from -server to server, depending on how the server was implemented. -

The commands available are listed in groups relating to different services: -

Misccellaneous -
- ? [command] If "command" is specified, - the ? command will display a brief informative message about the - specified command. If no command is specified, a list of available - commands will be displayed. -
- ! [shell command] If "shell command" - is specified, the ! command will execute a shell locally and run - the specified shell command. If no command is specified, a local shell - will be run. -
- exit Terminate the connection with the server and - exit from the program. -
- help [command] See the ? - command above. -
- quit See the exit command. -
-
Event Log -
- eventlog - list the events -
-
Service Control -

These commands provide functionality similar to the Windows - NT Service Control Manager. -

It is possible to use command-line completion (if you have - the GNU readline library) for Service names, by pressing the - tab key. -
- svcenum - [-i] Lists Services. -
- svcinfo - <service> Service Information -
- svcstart - <service> [arg 0] [arg 1] ... Start Service -
- svcstop - <service> Stop Service -
-
Scheduler -
- at - Scheduler control (at /? for syntax) -
-
Registry -

It is possible to use command-line completion (if you have - the GNU readline library) for registry key and value names, - by pressing the tab key. -
- regenum - <keyname> Registry Enumeration (keys, values) -
- regdeletekey - <keyname> Registry Key Delete -
- regcreatekey - <keyname> [keyclass] Registry Key Create -
- shutdown - [-m message] [-t timeout] [-r or --reboot] Server Shutdown -
- regqueryval - <valname> Registry Value Query -
- regquerykey - <keyname> Registry Key Query -
- regdeleteval - <valname> Registry Value Delete -
- regcreateval - <valname> <valtype> <value> Registry Key Create -
- reggetsec - <keyname> Registry Key Security -
- regtestsec - <keyname> Test Registry Key Security -
-
Printing -

It is possible to use command-line completion (if you have - the GNU readline library) for Printer and job names, by - pressing the tab key. -
- spoolenum - Enumerate Printers. This experimental command lists - all printers available on a remote spooler service. -
- spooljobs - <printer name> Enumerate Printer Jobs. This - experimental command lists all jobs, and their - status, currently queued on a remote spooler - service. -
- spoolopen - <printer name> Spool Printer Open Test. Experimental. -
-
Server -
- time - Display remote time -
- brsinfo - Browser Query Info -
- wksinfo - Workstation Query Info -
- srvinfo - Server Query Info -
- srvsessions - List sessions on a server -
- srvshares - List shares on a server -
- srvtransports - List transports on a server -
- srvconnections - List connections on a server -
- srvfiles - List files on a server -
-
Local Security Authority -
- lsaquery - Query Info Policy (domain member or server). Obtains - the SID and name of the SAM database that a server - is responsible for (i.e a workstation's local SAM - database or the PDC SAM database). Also obtains the - SID and name of the SAM database that a server is - a member of. -
- lsaenumdomains - Enumerate Trusted Domains. Lists all Trusted and - Trusting Domains with which the remote PDC has - trust relationships established. -
- lookupsids - <rid1 or sid1> <rid1 or sid2> ... Resolve names from SIDs. - Mostly to be used by developers or for troubleshooting, - this command can take either Security Identifiers or Relative - Identifiers, and look them up in the local SAM database - (or look them up in a remote Trusting or Trusted PDC's SAM - database if there is an appropriate Trust Relationship - established). The result is a list of names, of the - format:
  - [TRUST_DOMAIN\]name.
  - the lsaquery command must have been - issued first if you wish to use lookupsids to resolve - RIDs. The only RIDs that will be resolved will be those - in the SAM database of the server to which you are connected. -
- lookupnames - <name1> <name2> ... Resolve SIDs from names. - Mostly to be used by developers or for troubleshooting, - this command can take names of the following format:
  - [DOMAIN_NAME\]name.
  - The names, which can be user, group or alias names, will - either be looked up in the local SAM database or in a remote - Trusting or Trusted PDC's SAM database, if there is an - appropriate Trust Relationship established. The optional - Domain name component is the name of a SAM database, which - can include a workstation's local SAM database or a Trusted - Domain. - Example Usage:
  - lookupnames WKSTANAME\Administrator "Domain Guests"
  -
- querysecret - LSA Query Secret (developer use). This command only appears - to work against NT4 SP3 and below. Due to its potential - for misuse, it looks like Microsoft modified their - implementation of the LsaRetrievePrivateData call to - always return NT_STATUS_ACCESS_DENIED. -
-
NETLOGON -
- ntlogin - [username] [password] NT Domain login test. Demonstrates - how NT-style logins work. Mainly for developer usage, - it can also be used to verify that a user can log in - from a workstation. If you cannot ever get pam_ntdom - to work, try this command first. -
- domtrust - <domain> NT Inter-Domain test. Demonstrates how NT-style - Inter-Domain Trust relationships work. Mainly for - developer usage, it can also be used to verify that a - Trust Relationship is correctly established with a - remote PDC. -
- samsync - SAM Synchronisation Test (experimental). This command - is used to manually synchronise a SAM database from a - remote PDC, when Samba is set up as a Backup Domain - Controller. -
-
SAM Database -

It is possible to use command-line completion (if you have - the GNU readline library) for user, group, alias and domain - names, by pressing the tab key. -
- lookupdomain - Obtain SID for a local domain -
- enumusers - SAM User Database Query (experimental!) -
- addgroupmem - <group rid> [user] [user] ... SAM Add Domain Group Member -
- addaliasmem - <alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member -
- delgroupmem - <group rid> [user] [user] ... SAM Delete Domain Group Member -
- delaliasmem - <alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member -
- creategroup - SAM Create Domain Group -
- createalias - SAM Create Domain Alias -
- createuser - <username> SAM Create Domain User -
- delgroup - SAM Delete Domain Group -
- delalias - SAM Delete Domain Alias -
- ntpass - NT SAM Password Change -
- samuserset2 - <username> [-s acb_bits] SAM User Set Info 2 (experimental!) -
- samuserset - <username> [-p password] SAM User Set Info (experimental!) -
- samuser - <username> SAM User Query (experimental!) -
- samgroup - <groupname> SAM Group Query (experimental!) -
- samalias - <aliasname> SAM Alias Query -
- samaliasmem - <aliasname> SAM Alias Members -
- samgroupmem - SAM Group Members -
- samtest - SAM User Encrypted RPC test (experimental!) -
- enumaliases - SAM Aliases Database Query (experimental!) -
- enumdomains - SAM Domains Database Query (experimental!) -
- enumgroups - SAM Group Database Query (experimental!) -
- dominfo - SAM Query Domain Info -
- dispinfo - SAM Query Display Info -
-

NOTES

- -

Some servers are fussy about the case of supplied usernames, -passwords, share names (AKA service names) and machine names. If you -fail to connect try giving all parameters in uppercase. -

It is often necessary to use the -n option when connecting -to some types of servers. For example OS/2 LanManager insists on a valid -NetBIOS name being used, so you need to supply a valid name that would -be known to the server. -

rpcclient only works on servers that support MSRPC over SMB. This includes -all versions of Windows NT, including the ports to Unix such as AS/U and -AFPS. Support for MSRPC over SMB in other servers is currently rare and -patchy, for example Samba 2.0 only supports a limited set of MSRPC commands, -and some of those are not supported very well. -

ENVIRONMENT VARIABLES

- -

The variable USER may contain the username of the person using the -client. This information is used only if the protocol level is high -enough to support session-level passwords. -

The variable PASSWORD may contain the password of the person using -the client. This information is used only if the protocol level is -high enough to support session-level passwords. -

INSTALLATION

- -

The location of the client program is a matter for individual system -administrators. The following are thus suggestions only. -

It is recommended that the rpcclient software be installed in the -/usr/local/samba/bin or /usr/samba/bin directory, this directory -readable by all, writeable only by root. The client program itself -should be executable by all. The client should NOT be setuid or -setgid! -

The client log files should be put in a directory readable and -writeable only by the user. -

To test the client, you will need to know the name of a running -SMB/CIFS server. It is possible to run smbd (8) -an ordinary user - running that server as a daemon on a -user-accessible port (typically any port number over 1024) would -provide a suitable test server. -

DIAGNOSTICS

- -

Most diagnostics issued by the client are logged in a specified log -file. The log file name is specified at compile time, but may be -overridden on the command line. -

The number and nature of diagnostics available depends on the debug -level used by the client. If you have problems, set the debug level to -3 and peruse the log files. -

VERSION

- -

This man page is correct for version 2.0 of the Samba suite. -

BUGS

- -

WARNING! -The MSPRC over SMB code has been developed from examining Network traces. -No documentation is available from the original creators (Microsoft) on -how MSRPC over SMB works, or how the individual MSRPC services work. -Microsoft's implementation of these services has been demonstrated (and -reported) to be... a bit flakey in places. -

The development of Samba's implementation of these services is also -a bit rough, and as more of the services are understood, it can even result -in versions of smbd (8) and rpcclient that are -incompatible for some commands or services. Additionally, the developers -are sending reports to Microsoft, and problems found by or reported to -Microsoft are fixed in Service Packs, which may also result in -incompatibilities. -

It is therefore not guaranteed that the execution of an rpcclient command will -work. It is also not guaranteed that the target server will continue to -operate, i.e the execution of an MSRPC command may cause a remote service to -fail, or even cause the remote server to fail. Usual rules apply, of course: -the developers bear absolutely no responsibility for the use, misuse, or -lack of use of rpcclient, by any person or persons, whether legal, -illegal, accidental, deliberate, intentional, malicious, curious, etc. -
Command Completion -Command-completion (available if you have the GNU readline library) used on -certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but -you will have to go back and put quotes round it, yourself. -
SAM Database command-completion -Command-completion (available if you have the GNU readline library) of user, -group and alias names does not work on remote Domains, which would normally -be specified like this:
-DOMAIN_name\user_name.
-The only names that can be completed in this fashion are the local names -in the SAM database of the target server. -
spoolenum -Due to current limitations in the rpcclient MSRPC / SMB code, and due to -the extremely poor MSRPC implementation (by Microsoft) of the spooler -service, if there are a large number of printers (or the names / comment -fields associated with the printers), this command will fail. The -limitations require further research to be carried out; we're stuck with -the poor \PIPE\spoolss design. -

AUTHOR

- -

See samba (7) to find out how to get a full -list of contributors and details on how to submit bug reports, -comments etc. -

- -- cgit

LDAP Support in Samba

Matthew Chapman

29th November 1998 -

-WARNING: This is experimental code. Use at your own risk, and please report -any bugs (after reading BUGS.txt). -

1: What is LDAP?

2: Why LDAP and Samba?

3: Using LDAP with Samba

4: Using LDAP for Unix authentication

5: Compatibility with Active Directory

1: What is LDAP?

2: Why LDAP and Samba?

3: Using LDAP with Samba

4: Using LDAP for Unix authentication

5: Compatibility with Active Directory

debug2html(1)

Samba

29 Dec 1998

NAME

SYNOPSIS

DESCRIPTION

VERSION

SEE ALSO

AUTHOR

rpcclient (1)

Samba

23 Oct 1998

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

OPERATIONS

NOTES

ENVIRONMENT VARIABLES

INSTALLATION

DIAGNOSTICS

VERSION

BUGS

AUTHOR