From 992f1e6b8f86b346fddd266b04d29cde69585633 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 7 Apr 2004 10:15:11 +0000 Subject: Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100) --- docs/manpages/.cvsignore | 1 + docs/manpages/editreg.1.xml | 87 ++++ docs/manpages/findsmb.1.xml | 152 +++++++ docs/manpages/lmhosts.5.xml | 127 ++++++ docs/manpages/log2pcap.1.xml | 138 ++++++ docs/manpages/mount.cifs.8.xml | 306 ++++++++++++++ docs/manpages/net.8.xml | 905 +++++++++++++++++++++++++++++++++++++++ docs/manpages/nmbd.8.xml | 293 +++++++++++++ docs/manpages/nmblookup.1.xml | 223 ++++++++++ docs/manpages/ntlm_auth.1.xml | 258 +++++++++++ docs/manpages/pdbedit.8.xml | 426 +++++++++++++++++++ docs/manpages/profiles.1.xml | 88 ++++ docs/manpages/rpcclient.1.xml | 475 +++++++++++++++++++++ docs/manpages/samba.7.xml | 370 ++++++++++++++++ docs/manpages/smbcacls.1.xml | 263 ++++++++++++ docs/manpages/smbclient.1.xml | 940 +++++++++++++++++++++++++++++++++++++++++ docs/manpages/smbcontrol.1.xml | 297 +++++++++++++ docs/manpages/smbcquotas.1.xml | 181 ++++++++ docs/manpages/smbd.8.xml | 351 +++++++++++++++ docs/manpages/smbget.1.xml | 211 +++++++++ docs/manpages/smbmnt.8.xml | 121 ++++++ docs/manpages/smbmount.8.xml | 336 +++++++++++++++ docs/manpages/smbpasswd.5.xml | 208 +++++++++ docs/manpages/smbpasswd.8.xml | 405 ++++++++++++++++++ docs/manpages/smbsh.1.xml | 164 +++++++ docs/manpages/smbspool.8.xml | 132 ++++++ docs/manpages/smbstatus.1.xml | 140 ++++++ docs/manpages/smbtar.1.xml | 237 +++++++++++ docs/manpages/smbtree.1.xml | 95 +++++ docs/manpages/smbumount.8.xml | 78 ++++ docs/manpages/swat.8.xml | 227 ++++++++++ docs/manpages/tdbbackup.8.xml | 135 ++++++ docs/manpages/tdbdump.8.xml | 61 +++ docs/manpages/testparm.1.xml | 191 +++++++++ docs/manpages/testprns.1.xml | 148 +++++++ docs/manpages/vfstest.1.xml | 152 +++++++ docs/manpages/wbinfo.1.xml | 325 ++++++++++++++ docs/manpages/winbindd.8.xml | 464 ++++++++++++++++++++ 38 files changed, 9711 insertions(+) create mode 100644 docs/manpages/.cvsignore create mode 100644 docs/manpages/editreg.1.xml create mode 100644 docs/manpages/findsmb.1.xml create mode 100644 docs/manpages/lmhosts.5.xml create mode 100644 docs/manpages/log2pcap.1.xml create mode 100644 docs/manpages/mount.cifs.8.xml create mode 100644 docs/manpages/net.8.xml create mode 100644 docs/manpages/nmbd.8.xml create mode 100644 docs/manpages/nmblookup.1.xml create mode 100644 docs/manpages/ntlm_auth.1.xml create mode 100644 docs/manpages/pdbedit.8.xml create mode 100644 docs/manpages/profiles.1.xml create mode 100644 docs/manpages/rpcclient.1.xml create mode 100644 docs/manpages/samba.7.xml create mode 100644 docs/manpages/smbcacls.1.xml create mode 100644 docs/manpages/smbclient.1.xml create mode 100644 docs/manpages/smbcontrol.1.xml create mode 100644 docs/manpages/smbcquotas.1.xml create mode 100644 docs/manpages/smbd.8.xml create mode 100644 docs/manpages/smbget.1.xml create mode 100644 docs/manpages/smbmnt.8.xml create mode 100644 docs/manpages/smbmount.8.xml create mode 100644 docs/manpages/smbpasswd.5.xml create mode 100644 docs/manpages/smbpasswd.8.xml create mode 100644 docs/manpages/smbsh.1.xml create mode 100644 docs/manpages/smbspool.8.xml create mode 100644 docs/manpages/smbstatus.1.xml create mode 100644 docs/manpages/smbtar.1.xml create mode 100644 docs/manpages/smbtree.1.xml create mode 100644 docs/manpages/smbumount.8.xml create mode 100644 docs/manpages/swat.8.xml create mode 100644 docs/manpages/tdbbackup.8.xml create mode 100644 docs/manpages/tdbdump.8.xml create mode 100644 docs/manpages/testparm.1.xml create mode 100644 docs/manpages/testprns.1.xml create mode 100644 docs/manpages/vfstest.1.xml create mode 100644 docs/manpages/wbinfo.1.xml create mode 100644 docs/manpages/winbindd.8.xml (limited to 'docs/manpages') diff --git a/docs/manpages/.cvsignore b/docs/manpages/.cvsignore new file mode 100644 index 0000000000..90c11de0f9 --- /dev/null +++ b/docs/manpages/.cvsignore @@ -0,0 +1 @@ +smb.conf.5.xml diff --git a/docs/manpages/editreg.1.xml b/docs/manpages/editreg.1.xml new file mode 100644 index 0000000000..0a6b36bcf0 --- /dev/null +++ b/docs/manpages/editreg.1.xml @@ -0,0 +1,87 @@ + + %globalentities; +]> + + + + editreg + 1 + + + + + editreg + A utility to report and change SIDs in registry files + + + + + + editreg + -v + -c file + file + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + editreg is a utility that + can visualize windows registry files (currently only NT4) and apply + so-called commandfiles to them. + + + + + + OPTIONS + + + + registry_file + Registry file to view or edit. + + + + + -v,--verbose + Increases verbosity of messages. + + + + + -c commandfile + Read commands to execute on registry_file from commandfile. Currently not yet supported! + + + + &stdarg.help; + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The editreg man page was written by Jelmer Vernooij. + + + diff --git a/docs/manpages/findsmb.1.xml b/docs/manpages/findsmb.1.xml new file mode 100644 index 0000000000..8a89b2ce24 --- /dev/null +++ b/docs/manpages/findsmb.1.xml @@ -0,0 +1,152 @@ + + %globalentities; +]> + + + + findsmb + 1 + + + + + findsmb + list info about machines that respond to SMB + name queries on a subnet + + + + + findsmb + subnet broadcast address + + + + + DESCRIPTION + + This perl script is part of the + Samba7 + suite. + + findsmb is a perl script that + prints out several pieces of information about machines + on a subnet that respond to SMB name query requests. + It uses nmblookup1 + and smbclient1 + to obtain this information. + + + + + OPTIONS + + + + -r + Controls whether findsmb takes + bugs in Windows95 into account when trying to find a Netbios name + registered of the remote machine. This option is disabled by default + because it is specific to Windows 95 and Windows 95 machines only. + If set, nmblookup1 + will be called with -B option. + + + subnet broadcast address + Without this option, findsmb + will probe the subnet of the machine where + findsmb1 + is run. This value is passed to + nmblookup1 + as part of the -B option. + + + + + + EXAMPLES + + The output of findsmb lists the following + information for all machines that respond to the initial + nmblookup for any name: IP address, NetBIOS name, + Workgroup name, operating system, and SMB server version. + + There will be a '+' in front of the workgroup name for + machines that are local master browsers for that workgroup. There + will be an '*' in front of the workgroup name for + machines that are the domain master browser for that workgroup. + Machines that are running Windows, Windows 95 or Windows 98 will + not show any information about the operating system or server + version. + + The command with -r option + must be run on a system without + nmbd8 + running. + + If nmbd is running on the system, you will + only get the IP address and the DNS name of the machine. To + get proper responses from Windows 95 and Windows 98 machines, + the command must be run as root and with -r + option on a machine without nmbd running. + + For example, running findsmb + without -r option set would yield output similar + to the following + + +IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION +--------------------------------------------------------------------- +192.168.35.10 MINESET-TEST1 [DMVENGR] +192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6] +192.168.35.56 HERBNT2 [HERB-NT] +192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX] +192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10] +192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX] +192.168.35.78 HERBDHCP1 +[HERB] +192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] +192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] +192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + nmbd8 + , + smbclient1 + , and nmblookup + 1 + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) + and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/lmhosts.5.xml b/docs/manpages/lmhosts.5.xml new file mode 100644 index 0000000000..afee69bc96 --- /dev/null +++ b/docs/manpages/lmhosts.5.xml @@ -0,0 +1,127 @@ + + %globalentities; +]> + + + + lmhosts + 5 + + + + + lmhosts + The Samba NetBIOS hosts file + + + + lmhosts is the Samba + 7 NetBIOS name to IP address mapping file. + + + + DESCRIPTION + + This file is part of the Samba + 7 suite. + + lmhosts is the Samba + NetBIOS name to IP address mapping file. It + is very similar to the /etc/hosts file + format, except that the hostname component must correspond + to the NetBIOS naming format. + + + + FILE FORMAT + It is an ASCII file containing one line for NetBIOS name. + The two fields on each line are separated from each other by + white space. Any entry beginning with '#' is ignored. Each line + in the lmhosts file contains the following information: + + + IP Address - in dotted decimal format. + + + NetBIOS Name - This name format is a + maximum fifteen character host name, with an optional + trailing '#' character followed by the NetBIOS name type + as two hexadecimal digits. + + If the trailing '#' is omitted then the given IP + address will be returned for all names that match the given + name, whatever the NetBIOS name type in the lookup. + + + + An example follows: + + +# +# Sample Samba lmhosts file. +# +192.9.200.1 TESTPC +192.9.200.20 NTSERVER#20 +192.9.200.21 SAMBASERVER + + + Contains three IP to NetBIOS name mappings. The first + and third will be returned for any queries for the names "TESTPC" + and "SAMBASERVER" respectively, whatever the type component of + the NetBIOS name requested. + + The second mapping will be returned only when the "0x20" name + type for a name "NTSERVER" is queried. Any other name type will not + be resolved. + + The default location of the lmhosts file + is in the same directory as the smb.conf + 5 file. + + + + + FILES + + lmhosts is loaded from the configuration directory. This is + usually /etc/samba or /usr/local/samba/lib. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + + smbclient1 + , smb.conf5 + , and smbpasswd + 8 + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/log2pcap.1.xml b/docs/manpages/log2pcap.1.xml new file mode 100644 index 0000000000..e8c03c5dc1 --- /dev/null +++ b/docs/manpages/log2pcap.1.xml @@ -0,0 +1,138 @@ + + %globalentities; +]> + + + + log2pcap + 1 + + + + + log2pcap + Extract network traces from Samba log files + + + + + log2pcap + -h + -q + logfile + pcap_file + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + log2pcap reads in a + samba log file and generates a pcap file (readable + by most sniffers, such as ethereal or tcpdump) based on the packet + dumps in the log file. + + The log file must have a log level + of at least 5 to get the SMB header/parameters + right, 10 to get the first 512 data bytes of the + packet and 50 to get the whole packet. + + + + + OPTIONS + + + + -h + If this parameter is + specified the output file will be a + hex dump, in a format that is readable + by the text2pcap utility. + + + + -q + Be quiet. No warning messages about missing + or incomplete data will be given. + + + + logfile + + Samba log file. log2pcap will try to read the log from stdin + if the log file is not specified. + + + + + pcap_file + + Name of the output file to write the pcap (or hexdump) data to. + If this argument is not specified, output data will be written + to stdout. + + + + &stdarg.help; + + + + + + EXAMPLES + + Extract all network traffic from all samba log files: + + + $ log2pcap < /var/log/* > trace.pcap + + + Convert to pcap using text2pcap: + + + $ log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + BUGS + + Only SMB data is extracted from the samba logs, no LDAP, + NetBIOS lookup or other data. + + The generated TCP and IP headers don't contain a valid + checksum. + + + + + + SEE ALSO + text2pcap + 1, ethereal1 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + This manpage was written by Jelmer Vernooij. + + + diff --git a/docs/manpages/mount.cifs.8.xml b/docs/manpages/mount.cifs.8.xml new file mode 100644 index 0000000000..d674d03cac --- /dev/null +++ b/docs/manpages/mount.cifs.8.xml @@ -0,0 +1,306 @@ + + %globalentities; +]> + + + + mount.cifs + 8 + + + + + mount.cifs + mount using the Common Internet File System (CIFS) + + + + + + mount.cifs + service + mount-point + -o options + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + mount.cifs mounts a Linux CIFS filesystem. It +is usually invoked indirectly by +the mount8 command when using the +"-t cifs" option. This command only works in Linux, and the kernel must +support the cifs filesystem. The CIFS protocol is the successor to the +SMB protocol and is supported by most Windows servers and many other +commercial servers and Network Attached Storage appliances as well as +by the popular Open Source server Samba. + + + + The mount.cifs utility attaches the UNC name (exported network resource) to + the local directory mount-point. It is possible to set the mode for mount.cifs to +setuid root to allow non-root users to mount shares to directories for which they +have write permission. + + + + Options to mount.cifs are specified as a comma-separated +list of key=value pairs. It is possible to send options other +than those listed here, assuming that cifs filesystem supports them. +Unrecognized cifs mount options passed to the cifs vfs kernel code will be logged to the +kernel log. + + + + mount.cifs causes the cifs vfs to launch a thread named cifsd. After mounting it keeps running until + the mounted resource is unmounted (usually via the umount utility). + + + + + + OPTIONS + + user=arg + + specifies the username to connect as. If + this is not given, then the environment variable USER is used. This option can also take the +form "user%password" or "user/workgroup" or +"user/workgroup%password" to allow the password and workgroup +to be specified as part of the username. + + + + + The cifs vfs accepts the parameter user=, or for users familiar with smbfs it accepts the longer form of the parameter username=. Similarly the longer smbfs style parameter names may be accepted as synonyms for the shorter cifs parameters pass=,dom= and cred=. + + + + + + + password=arg + + specifies the CIFS password. If this +option is not given then the environment variable +PASSWD is used. If the password is not specified +directly or indirectly via an argument to mount mount.cifs will prompt +for a password, unless the guest option is specified. + + +Note that a password which contains the delimiter +character (i.e. a comma ',') will fail to be parsed correctly +on the command line. However, the same password defined +in the PASSWD environment variable or via a credentials file (see +below) will be read correctly. + + + + credentials=filename + + + specifies a file that contains a username + and/or password. The format of the file is: + + + + username = value + password = value + + + +This is preferred over having passwords in plaintext in a +shared file, such as /etc/fstab. Be sure to protect any +credentials file properly. + + + + + uid=arg + + sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. + This parameter is ignored when the target server supports + the CIFS Unix extensions. + + + + gid=arg + + sets the gid that will own all files on +the mounted filesystem. +It may be specified as either a groupname or a numeric +gid. This parameter is ignored when the target server supports +the CIFS Unix extensions. + + + + + port=arg + + sets the port number on the server to attempt to contact to negotiate +CIFS support. If the CIFS server is not listening on this port or +if it is not specified, the default ports will be tried i.e. +port 445 is tried and if no response then port 139 is tried. + + + + + file_mode=arg + + If the server does not support the CIFS Unix extensions this + overrides the default file mode. + + + + dir_mode=arg + + If the server does not support the CIFS Unix extensions this + overrides the default mode for directories. + + + + ip=arg + + sets the destination host or IP address. + + + + domain=arg + + sets the domain (workgroup) of the user + + + + guest + + don't prompt for a password + + + + + ro + + mount read-only + + + + + rw + mount read-write + + + + rsize + default network read size + + + + wsize + + default network write size + + + + + + + ENVIRONMENT VARIABLES + + + The variable USER may contain the username of the +person to be used to authenticate to the server. +The variable can be used to set both username and +password by using the format username%password. + + + + The variable PASSWD may contain the password of the +person using the client. + + + + The variable PASSWD_FILE may contain the pathname +of a file to read the password from. A single line of input is +read and used as the password. + + + + + + NOTES + + This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled. + + + + CONFIGURATION + +The primary mechanism for making configuration changes and for reading +debug information for the cifs vfs is via the Linux /proc filesystem. +In the directory /proc/fs/cifs are various configuration files and +pseudo files which can display debug information. For more +information see the kernel file fs/cifs/README + + + + + BUGS + + Passwords and other options containing , can not be handled. +For passwords an alternative way of passing them is in a credentials +file or in the PASSWD environment. + + The credentials file does not handle usernames or passwords with + leading space. + + +Note that the typical response to a bug report is a suggestion +to try the latest version first. So please try doing that first, +and always include which versions you use of relevant software +when reporting bugs (minimum: mount.cifs (try mount.cifs -V), kernel (see /proc/version) and +server type you are trying to contact. + + + + + + + VERSION + + This man page is correct for version 1.0.6 of + the cifs vfs filesystem (roughly Linux kernel 2.6.6). + + + + SEE ALSO + + Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel + source tree may contain additional options and information. + + + + + AUTHOR + + Steve French + + The syntax and manpage were loosely based on that of smbmount. It + was converted to Docbook/XML by Jelmer Vernooij. + + The maintainer of the Linux cifs vfs and the userspace + tool mount.cifs is Steve French. + The Linux CIFS Mailing list + is the preferred place to ask questions regarding these programs. + + + + + diff --git a/docs/manpages/net.8.xml b/docs/manpages/net.8.xml new file mode 100644 index 0000000000..21dc54d452 --- /dev/null +++ b/docs/manpages/net.8.xml @@ -0,0 +1,905 @@ + + %globalentities; +]> + + + + net + 8 + + + + + net + Tool for administration of Samba and remote + CIFS servers. + + + + + + net + <ads|rap|rpc> + -h + -w workgroup + -W myworkgroup + -U user + -I ip-address + -p port + -n myname + -s conffile + -S server + -l + -P + -D debuglevel + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + The samba net utility is meant to work just like the net utility + available for windows and DOS. The first argument should be used + to specify the protocol to use when executing a certain command. + ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) + clients and RPC can be used for NT4 and Windows 2000. If this + argument is omitted, net will try to determine it automatically. + Not all commands are available on all protocols. + + + + + + OPTIONS + + + &stdarg.help; + + + -w target-workgroup + + Sets target workgroup or domain. You have to specify + either this option or the IP address or the name of a server. + + + + + -W workgroup + + Sets client workgroup or domain + + + + + -U user + + User name to use + + + + + -I ip-address + + IP address of target server to use. You have to + specify either this option or a target workgroup or + a target server. + + + + + -p port + + Port on the target server to connect to (usually 139 or 445). + Defaults to trying 445 first, then 139. + + + + &stdarg.netbios.name; + &stdarg.configfile; + + + -S server + + Name of target server. You should specify either + this option or a target workgroup or a target IP address. + + + + + -l + + When listing data, give more information on each item. + + + + + -P + + Make queries to the external server using the machine account of the local server. + + + + &stdarg.debug; + + + + +COMMANDS + + +CHANGESECRETPW + +This command allows the Samba machine account password to be set from an external application +to a machine account password that has already been stored in Active Directory. DO NOT USE this command +unless you know exactly what you are doing. The use of this command requires that the force flag (-f) +be used also. There will be NO command prompt. Whatever information is piped into stdin, either by +typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use +this without care and attention as it will overwrite a legitimate machine password without warning. +YOU HAVE BEEN WARNED. + + + + + + TIME + + The NET TIME command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server. + + +TIME + +Without any options, the NET TIME command +displays the time on the remote server. + + + + + +TIME SYSTEM + +Displays the time on the remote server in a format ready for /bin/date + + + + +TIME SET +Tries to set the date and time of the local server to that on +the remote server using /bin/date. + + + + +TIME ZONE + +Displays the timezone in hours from GMT on the remote computer. + + + + + +[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options] + + +Join a domain. If the account already exists on the server, and +[TYPE] is MEMBER, the machine will attempt to join automatically. +(Assuming that the machine has been created in server manager) +Otherwise, a password will be prompted for, and a new account may +be created. + + +[TYPE] may be PDC, BDC or MEMBER to specify the type of server +joining the domain. + + + + +[RPC] OLDJOIN [options] + +Join a domain. Use the OLDJOIN option to join the domain +using the old style of domain joining - you need to create a trust +account in server manager first. + + + +[RPC|ADS] USER + + +[RPC|ADS] USER DELETE <replaceable>target</replaceable> + +Delete specified user + + + + +[RPC|ADS] USER LIST + +List all users + + + + +[RPC|ADS] USER INFO <replaceable>target</replaceable> + +List the domain groups of a the specified user. + + + + +[RPC|ADS] USER ADD <replaceable>name</replaceable> [password] [-F user flags] [-C comment] + +Add specified user. + + + + +[RPC|ADS] GROUP + + +[RPC|ADS] GROUP [misc options] [targets] +List user groups. + + + +[RPC|ADS] GROUP DELETE <replaceable>name</replaceable> [misc. options] + +Delete specified group. + + + + +[RPC|ADS] GROUP ADD <replaceable>name</replaceable> [-C comment] + +Create specified group. + + + + + +[RAP|RPC] SHARE + + +[RAP|RPC] SHARE [misc. options] [targets] + +Enumerates all exported resources (network shares) on target server. + + + + +[RAP|RPC] SHARE ADD <replaceable>name=serverpath</replaceable> [-C comment] [-M maxusers] [targets] + +Adds a share from a server (makes the export active). Maxusers +specifies the number of users that can be connected to the +share simultaneously. + + + + +SHARE DELETE <replaceable>sharenam</replaceable> + +Delete specified share. + + + + +[RPC|RAP] FILE + + +[RPC|RAP] FILE + +List all open files on remote server. + + + + +[RPC|RAP] FILE CLOSE <replaceable>fileid</replaceable> + +Close file with specified fileid on +remote server. + + + + +[RPC|RAP] FILE INFO <replaceable>fileid</replaceable> + + +Print information on specified fileid. +Currently listed are: file-id, username, locks, path, permissions. + + + + + +[RAP|RPC] FILE USER + +¬.implemented; + + + + + + +SESSION + + +RAP SESSION + +Without any other options, SESSION enumerates all active SMB/CIFS +sessions on the target server. + + + + +RAP SESSION DELETE|CLOSE <replaceable>CLIENT_NAME</replaceable> + +Close the specified sessions. + + + + +RAP SESSION INFO <replaceable>CLIENT_NAME</replaceable> + +Give a list with all the open files in specified session. + + + + + + +RAP SERVER <replaceable>DOMAIN</replaceable> + +List all servers in specified domain or workgroup. Defaults +to local domain. + + + + +RAP DOMAIN + +Lists all domains and workgroups visible on the +current network. + + + + +RAP PRINTQ + + +RAP PRINTQ LIST <replaceable>QUEUE_NAME</replaceable> + +Lists the specified print queue and print jobs on the server. +If the QUEUE_NAME is omitted, all +queues are listed. + + + + +RAP PRINTQ DELETE <replaceable>JOBID</replaceable> + +Delete job with specified id. + + + + + + +RAP VALIDATE <replaceable>user</replaceable> [<replaceable>password</replaceable>] + + +Validate whether the specified user can log in to the +remote server. If the password is not specified on the commandline, it +will be prompted. + + +¬.implemented; + + + + +RAP GROUPMEMBER + + +RAP GROUPMEMBER LIST <replaceable>GROUP</replaceable> + +List all members of the specified group. + + + + +RAP GROUPMEMBER DELETE <replaceable>GROUP</replaceable> <replaceable>USER</replaceable> + +Delete member from group. + + + + +RAP GROUPMEMBER ADD <replaceable>GROUP</replaceable> <replaceable>USER</replaceable> + +Add member to group. + + + + + + +RAP ADMIN <replaceable>command</replaceable> + +Execute the specified command on +the remote server. Only works with OS/2 servers. + + +¬.implemented; + + + + +RAP SERVICE + + +RAP SERVICE START <replaceable>NAME</replaceable> [arguments...] + +Start the specified service on the remote server. Not implemented yet. + +¬.implemented; + + + + +RAP SERVICE STOP + +Stop the specified service on the remote server. + +¬.implemented; + + + + + + +RAP PASSWORD <replaceable>USER</replaceable> <replaceable>OLDPASS</replaceable> <replaceable>NEWPASS</replaceable> + + +Change password of USER from OLDPASS to NEWPASS. + + + + + +LOOKUP + + +LOOKUP HOST <replaceable>HOSTNAME</replaceable> [<replaceable>TYPE</replaceable>] + + +Lookup the IP address of the given host with the specified type (netbios suffix). +The type defaults to 0x20 (workstation). + + + + + +LOOKUP LDAP [<replaceable>DOMAIN</replaceable> + +Give IP address of LDAP server of specified DOMAIN. Defaults to local domain. + + + + +LOOKUP KDC [<replaceable>REALM</replaceable>] + +Give IP address of KDC for the specified REALM. +Defaults to local realm. + + + + +LOOKUP DC [<replaceable>DOMAIN</replaceable>] + +Give IP's of Domain Controllers for specified +DOMAIN. Defaults to local domain. + + + + +LOOKUP MASTER <replaceable>DOMAIN</replaceable> + +Give IP of master browser for specified DOMAIN +or workgroup. Defaults to local domain. + + + + + + +CACHE + +Samba uses a general caching interface called 'gencache'. It +can be controlled using 'NET CACHE'. + +All the timeout parameters support the suffixes: + + +s - Seconds +m - Minutes +h - Hours +d - Days +w - Weeks + + + + + +CACHE ADD <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable> + +Add specified key+data to the cache with the given timeout. + + + + +CACHE DEL <replaceable>key</replaceable> + +Delete key from the cache. + + + + +CACHE SET <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable> + +Update data of existing cache entry. + + + + +CACHE SEARCH <replaceable>PATTERN</replaceable> + +Search for the specified pattern in the cache data. + + + + +CACHE LIST + + +List all current items in the cache. + + + + + +CACHE FLUSH + +Remove all the current items from the cache. + + + + + + +GETLOCALSID [DOMAIN] + +Print the SID of the specified domain, or if the parameter is +omitted, the SID of the domain the local server is in. + + + + +SETLOCALSID S-1-5-21-x-y-z + +Sets domain sid for the local server to the specified SID. + + + + +GROUPMAP + +Manage the mappings between Windows group SIDs and UNIX groups. +Parameters take the for "parameter=value". Common options include: + + +unixgroup - Name of the UNIX group +ntgroup - Name of the Windows NT group (must be + resolvable to a SID +rid - Unsigned 32-bit integer +sid - Full SID in the form of "S-1-..." +type - Type of the group; either 'domain', 'local', + or 'builtin' +comment - Freeform text description of the group + + + +GROUPMAP ADD + +Add a new group mapping entry + +net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string] + + + + +GROUPMAP DELETE + +Delete a group mapping entry + +net groupmap delete {ntgroup=string|sid=SID} + + + + +GROUPMAP MODIFY + +Update en existing group entry + +net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local} + + + +GROUPMAP LIST + +List existing group mapping entries + +net groupmap list [verbose] [ntgroup=string] [sid=SID] + + + + + + + +MAXRID + +Prints out the highest RID currently in use on the local +server (by the active 'passdb backend'). + + + + + +RPC INFO + +Print information about the domain of the remote server, +such as domain name, domain sid and number of users and groups. + + + + + +[RPC|ADS] TESTJOIN + +Check whether participation in a domain is still valid. + + + + +[RPC|ADS] CHANGETRUSTPW + +Force change of domain trust password. + + + + +RPC TRUSTDOM + + +RPC TRUSTDOM ADD <replaceable>DOMAIN</replaceable> + +Add a interdomain trust account for +DOMAIN to the remote server. + + + + + +RPC TRUSTDOM DEL <replaceable>DOMAIM</replaceable> + +Remove interdomain trust account for +DOMAIN from the remote server. + + +¬.implemented; + + + + +RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable> + + +Establish a trust relationship to a trusting domain. +Interdomain account must already be created on the remote PDC. + + + + + +RPC TRUSTDOM REVOKE <replaceable>DOMAIN</replaceable> +Abandon relationship to trusted domain + + + + +RPC TRUSTDOM LIST + +List all current interdomain trust relationships. + + + + + + +RPC ABORTSHUTDOWN + +Abort the shutdown of a remote server. + + + + +SHUTDOWN [-t timeout] [-r] [-f] [-C message] + +Shut down the remote server. + + + +-r + +Reboot after shutdown. + + + + +-f + +Force shutting down all applications. + + + + +-t timeout + +Timeout before system will be shut down. An interactive +user of the system can use this time to cancel the shutdown. + +'> + + +-C message +Display the specified message on the screen to +announce the shutdown. + + + + + + +SAMDUMP + +Print out sam database of remote server. You need +to run this on either a BDC. + + + +VAMPIRE + +Export users, aliases and groups from remote server to +local server. Can only be run an a BDC. + + + + + +GETSID + +Fetch domain SID and store it in the local secrets.tdb. + + + + +ADS LEAVE + +Make the remote host leave the domain it is part of. + + + + +ADS STATUS + +Print out status of machine account of the local machine in ADS. +Prints out quite some debug info. Aimed at developers, regular +users should use NET ADS TESTJOIN. + + + + +ADS PRINTER + + +ADS PRINTER INFO [<replaceable>PRINTER</replaceable>] [<replaceable>SERVER</replaceable>] + + +Lookup info for PRINTER on SERVER. The printer name defaults to "*", the +server name defaults to the local host. + + + + +ADS PRINTER PUBLISH <replaceable>PRINTER</replaceable> + +Publish specified printer using ADS. + + + + +ADS PRINTER REMOVE <replaceable>PRINTER</replaceable> + +Remove specified printer from ADS directory. + + + + + + +ADS SEARCH <replaceable>EXPRESSION</replaceable> <replaceable>ATTRIBUTES...</replaceable> + +Perform a raw LDAP search on a ADS server and dump the results. The +expression is a standard LDAP search expression, and the +attributes are a list of LDAP fields to show in the results. + +Example: net ads search '(objectCategory=group)' sAMAccountName + + + + + +ADS DN <replaceable>DN</replaceable> <replaceable>(attributes)</replaceable> + + +Perform a raw LDAP search on a ADS server and dump the results. The +DN standard LDAP DN, and the attributes are a list of LDAP fields +to show in the result. + + +Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName + + + + +WORKGROUP + +Print out workgroup name for specified kerberos realm. + + + + + +HELP [COMMAND] + +Gives usage information for the specified command. + + + + + + + VERSION + + This man page is complete for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The net manpage was written by Jelmer Vernooij. + + + + diff --git a/docs/manpages/nmbd.8.xml b/docs/manpages/nmbd.8.xml new file mode 100644 index 0000000000..db65c48919 --- /dev/null +++ b/docs/manpages/nmbd.8.xml @@ -0,0 +1,293 @@ + + %globalentities; +]> + + + + nmbd + 8 + + + + + nmbd + NetBIOS name server to provide NetBIOS + over IP naming services to clients + + + + + nmbd + -D + -F + -S + -a + -i + -o + -h + -V + -d <debug level> + -H <lmhosts file> + -l <log directory> + -p <port number> + -s <configuration file> + + + + + DESCRIPTION + This program is part of the Samba + 7 suite. + + nmbd is a server that understands + and can reply to NetBIOS over IP name service requests, like + those produced by SMB/CIFS clients such as Windows 95/98/ME, + Windows NT, Windows 2000, Windows XP and LanManager clients. It also + participates in the browsing protocols which make up the + Windows "Network Neighborhood" view. + + SMB/CIFS clients, when they start up, may wish to + locate an SMB/CIFS server. That is, they wish to know what + IP number a specified host is using. + + Amongst other services, nmbd will + listen for such requests, and if its own NetBIOS name is + specified it will respond with the IP number of the host it + is running on. Its "own NetBIOS name" is by + default the primary DNS name of the host it is running on, + but this can be overridden by the netbios name + in &smb.conf;. Thus nmbd will + reply to broadcast queries for its own name(s). Additional + names for nmbd to respond on can be set + via parameters in the smb.conf + 5 configuration file. + + nmbd can also be used as a WINS + (Windows Internet Name Server) server. What this basically means + is that it will act as a WINS database server, creating a + database from name registration requests that it receives and + replying to queries from clients for these names. + + In addition, nmbd can act as a WINS + proxy, relaying broadcast queries from clients that do + not understand how to talk the WINS protocol to a WINS + server. + + + + OPTIONS + + + + -D + If specified, this parameter causes + nmbd to operate as a daemon. That is, + it detaches itself and runs in the background, fielding + requests on the appropriate port. By default, nmbd + will operate as a daemon if launched from a command shell. + nmbd can also be operated from the inetd + meta-daemon, although this is not recommended. + + + + + -F + If specified, this parameter causes + the main nmbd process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + nmbd under process supervisors such + as supervise and svscan + from Daniel J. Bernstein's daemontools + package, or the AIX process monitor. + + + + + -S + If specified, this parameter causes + nmbd to log to standard output rather + than a file. + + + + -i + If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit daemon mode when run from the + command line. nmbd also logs to standard + output, as if the -S parameter had been + given. + + + &stdarg.help; + + + -H <filename> + NetBIOS lmhosts file. The lmhosts + file is a list of NetBIOS names to IP addresses that + is loaded by the nmbd server and used via the name + resolution mechanism name resolve order described in smb.conf + 5 to resolve any + NetBIOS name queries needed by the server. Note + that the contents of this file are NOT + used by nmbd to answer any name queries. + Adding a line to this file affects name NetBIOS resolution + from this host ONLY. + + The default path to this file is compiled into + Samba as part of the build process. Common defaults + are /usr/local/samba/lib/lmhosts, + /usr/samba/lib/lmhosts or + /etc/samba/lmhosts. See the lmhosts + 5 man page for details on the contents of this file. + + + &popt.common.samba; + + + -p <UDP port number> + UDP port number is a positive integer value. + This option changes the default UDP port number (normally 137) + that nmbd responds to name queries on. Don't + use this option unless you are an expert, in which case you + won't need help! + + + + + + + FILES + + + + /etc/inetd.conf + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. + + + + + /etc/rc + or whatever initialization script your + system uses). + + If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. + + + + /etc/services + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + + + + + /usr/local/samba/lib/smb.conf + This is the default location of + the smb.conf + 5 server + configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/samba/smb.conf. + + When run as a WINS server (see the + wins support + parameter in the smb.conf + 5 man page), + nmbd + will store the WINS database in the file wins.dat + in the var/locks directory configured under + wherever Samba was configured to install itself. + + If nmbd is acting as a + browse master (see the local master + parameter in the smb.conf + 5 man page, nmbd + will store the browsing database in the file browse.dat + in the var/locks directory + configured under wherever Samba was configured to install itself. + + + + + + + SIGNALS + + To shut down an nmbd process it is recommended + that SIGKILL (-9) NOT be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate nmbd is to send it + a SIGTERM (-15) signal and wait for it to die on its own. + + nmbd will accept SIGHUP, which will cause + it to dump out its namelists into the file namelist.debug + in the /usr/local/samba/var/locks + directory (or the var/locks directory configured + under wherever Samba was configured to install itself). This will also + cause nmbd to dump out its server database in + the log.nmb file. + + The debug log level of nmbd may be raised or lowered + using smbcontrol + 1 (SIGUSR[1|2] signals + are no longer used since Samba 2.2). This is to allow + transient problems to be diagnosed, whilst still running + at a normally low log level. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + inetd + 8, smbd + 8, smb.conf + 5, smbclient + 1, testparm + 1, testprns + 1, and the Internet + RFC's rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/nmblookup.1.xml b/docs/manpages/nmblookup.1.xml new file mode 100644 index 0000000000..14df0066f5 --- /dev/null +++ b/docs/manpages/nmblookup.1.xml @@ -0,0 +1,223 @@ + + %globalentities; +]> + + + + nmblookup + 1 + + + + + nmblookup + NetBIOS over TCP/IP client used to lookup NetBIOS + names + + + + + nmblookup + -M + -R + -S + -r + -A + -h + -B <broadcast address> + -U <unicast address> + -d <debug level> + -s <smb config file> + -i <NetBIOS scope> + -T + -f + name + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + nmblookup is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP. + + + + OPTIONS + + + + -M + Searches for a master browser by looking + up the NetBIOS name name with a + type of 0x1d. If + name is "-" then it does a lookup on the special name + __MSBROWSE__. Please note that in order to + use the name "-", you need to make sure "-" isn't parsed as an + argument, e.g. use : + nmblookup -M -- -. + + + + -R + Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See RFC1001, RFC1002 for details. + + + + + -S + Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. + + + + + + -r + Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the nmbd + 8 daemon is running on this machine it also binds to this port. + + + + + + -A + Interpret name as + an IP Address and do a node status query on this address. + + + + + + &popt.common.connection; + &stdarg.help; + + + -B <broadcast address> + Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the interfaces + parameter of the smb.conf + 5 file. + + + + + + + -U <unicast address> + Do a unicast query to the specified address or + host unicast address. This option + (along with the -R option) is needed to + query a WINS server. + + + + &popt.common.samba; + + + -T + This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each + + IP address .... NetBIOS name + + pair that is the normal output. + + + + -f + + Show which flags apply to the name that has been looked up. Possible + answers are zero or more of: Response, Authoritative, + Truncated, Recursion_Desired, Recursion_Available, Broadcast. + + + + + + name + This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area. + + + + + + + EXAMPLES + + nmblookup can be used to query + a WINS server (in the same way nslookup is + used to query DNS servers). To query a WINS server, nmblookup + must be called like this: + + nmblookup -U server -R 'name' + + For example, running : + + nmblookup -U samba.org -R 'IRIX#1B' + + would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup. + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + nmbd + 8, samba + 7, and smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/ntlm_auth.1.xml b/docs/manpages/ntlm_auth.1.xml new file mode 100644 index 0000000000..f4478f7d41 --- /dev/null +++ b/docs/manpages/ntlm_auth.1.xml @@ -0,0 +1,258 @@ + + %globalentities; +]> + + + + ntlm_auth + 1 + + + + + ntlm_auth + tool to allow external access to Winbind's NTLM authentication function + + + + + ntlm_auth + -d debuglevel + -l logdir + -s <smb config file> + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + ntlm_auth is a helper utility that authenticates + users using NT/LM authentication. It returns 0 if the users is authenticated + successfully and 1 if access was denied. ntlm_auth uses winbind to access + the user and authentication data for a domain. This utility + is only indended to be used by other programs (currently squid). + + + + + OPERATIONAL REQUIREMENTS + + + The winbindd + 8 daemon must be operational + for many of these commands to function. + + Some of these commands also require access to the directory + winbindd_privileged in + $LOCKDIR. This should be done either by running + this command as root or providing group access + to the winbindd_privileged directory. For + security reasons, this directory should not be world-accessable. + + + + + + OPTIONS + + + + --helper-protocol=PROTO + + Operate as a stdio-based helper. Valid helper protocols are: + + + + squid-2.4-basic + + Server-side helper for use with Squid 2.4's basic (plaintext) + authentication. + + + + squid-2.5-basic + + Server-side helper for use with Squid 2.5's basic (plaintext) + authentication. + + + + squid-2.5-ntlmssp + + Server-side helper for use with Squid 2.5's NTLMSSP + authentication. + Requires access to the directory + winbindd_privileged in + $LOCKDIR. The protocol used is + described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html + + + + + ntlmssp-client-1 + + Cleint-side helper for use with arbitary external + programs that may wish to use Samba's NTLMSSP + authentication knowlege. + This helper is a client, and as such may be run by any + user. The protocol used is + effectivly the reverse of the previous protocol. + + + + + + gss-spnego + + Server-side helper that implements GSS-SPNEGO. This + uses a protocol that is almost the same as + squid-2.5-ntlmssp, but has some + subtle differences that are undocumented outside the + source at this stage. + + Requires access to the directory + winbindd_privileged in + $LOCKDIR. + + + + + + gss-spnego-client + + Client-side helper that implements GSS-SPNEGO. This + also uses a protocol similar to the above helpers, but + is currently undocumented. + + + + + + + + + --username=USERNAME + + Specify username of user to authenticate + + + + + + --domain=DOMAIN + + Specify domain of user to authenticate + + + + + --workstation=WORKSTATION + + Specify the workstation the user authenticated from + + + + + --challenge=STRING + NTLM challenge (in HEXADECIMAL) + + + + + --lm-response=RESPONSE + LM Response to the challenge (in HEXADECIMAL) + + + + --nt-response=RESPONSE + NT or NTLMv2 Response to the challenge (in HEXADECIMAL) + + + + --password=PASSWORD + User's plaintext passwordIf + not specified on the command line, this is prompted for when + required. + + + + --request-lm-key + Retreive LM session key + + + + --request-nt-key + Request NT key + + + + --diagnostics + Perform Diagnostics on the authentication + chain. Uses the password from --password + or prompts for one. + + + + &popt.common.samba; + &stdarg.help; + + + + + + EXAMPLE SETUP + + To setup ntlm_auth for use by squid 2.5, with both basic and + NTLMSSP authentication, the following + should be placed in the squid.conf file. + +auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp +auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic +auth_param basic children 5 +auth_param basic realm Squid proxy-caching web server +auth_param basic credentialsttl 2 hours + + +This example assumes that ntlm_auth has been installed into your + path, and that the group permissions on + winbindd_privileged are as described above. + + + + + TROUBLESHOOTING + + If you're experiencing problems with authenticating Internet Explorer running + under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication + helper (--helper-protocol=squid-2.5-ntlmssp), then please read + + the Microsoft Knowledge Base article #239869 and follow instructions described there. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The ntlm_auth manpage was written by Jelmer Vernooij and + Andrew Bartlett. + + + diff --git a/docs/manpages/pdbedit.8.xml b/docs/manpages/pdbedit.8.xml new file mode 100644 index 0000000000..e05c729572 --- /dev/null +++ b/docs/manpages/pdbedit.8.xml @@ -0,0 +1,426 @@ + + %globalentities; +]> + + + + pdbedit + 8 + + + + + pdbedit + manage the SAM database + + + + + pdbedit + -L + -v + -w + -u username + -f fullname + -h homedir + -D drive + -S script + -p profile + -a + -m + -r + -x + -i passdb-backend + -e passdb-backend + -b passdb-backend + -g + -d debuglevel + -s configfile + -P account-policy + -C value + -c account-control + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + The pdbedit program is used to manage the users accounts + stored in the sam database and can only be run by root. + + The pdbedit tool uses the passdb modular interface and is + independent from the kind of users database used (currently there + are smbpasswd, ldap, nis+ and tdb based and more can be added + without changing the tool). + + There are five main ways to use pdbedit: adding a user account, + removing a user account, modifing a user account, listing user + accounts, importing users accounts. + + + + OPTIONS + + + -L + This option lists all the user accounts + present in the users database. + This option prints a list of user/uid pairs separated by + the ':' character. + Example: pdbedit -L + +sorce:500:Simo Sorce +samba:45:Test User + + + + + + + + -v + This option enables the verbose listing format. + It causes pdbedit to list the users in the database, printing + out the account fields in a descriptive format. + + Example: pdbedit -L -v + +--------------- +username: sorce +user ID/Group: 500/500 +user RID/GRID: 2000/2001 +Full Name: Simo Sorce +Home Directory: \\BERSERKER\sorce +HomeDir Drive: H: +Logon Script: \\BERSERKER\netlogon\sorce.bat +Profile Path: \\BERSERKER\profile +--------------- +username: samba +user ID/Group: 45/45 +user RID/GRID: 1090/1091 +Full Name: Test User +Home Directory: \\BERSERKER\samba +HomeDir Drive: +Logon Script: +Profile Path: \\BERSERKER\profile + + + + + + + + -w + This option sets the "smbpasswd" listing format. + It will make pdbedit list the users in the database, printing + out the account fields in a format compatible with the + smbpasswd file format. (see the + smbpasswd + 5 for details) + + Example: pdbedit -L -w + +sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: +samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: + + + + + + + -u username + This option specifies the username to be + used for the operation requested (listing, adding, removing). + It is required in add, remove and modify + operations and optional in list + operations. + + + + + -f fullname + This option can be used while adding or + modifing a user account. It will specify the user's full + name. + + Example: -f "Simo Sorce" + + + + + -h homedir + This option can be used while adding or + modifing a user account. It will specify the user's home + directory network path. + + Example: -h "\\\\BERSERKER\\sorce" + + + + + + -D drive + This option can be used while adding or + modifing a user account. It will specify the windows drive + letter to be used to map the home directory. + + Example: -d "H:" + + + + + + + -S script + This option can be used while adding or + modifing a user account. It will specify the user's logon + script path. + + Example: -s "\\\\BERSERKER\\netlogon\\sorce.bat" + + + + + + + -p profile + This option can be used while adding or + modifing a user account. It will specify the user's profile + directory. + + Example: -p "\\\\BERSERKER\\netlogon" + + + + + + -G SID|rid + + This option can be used while adding or modifying a user account. It + will specify the users' new primary group SID (Security Identifier) or + rid. + + Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 + + + + + -U SID|rid + + This option can be used while adding or modifying a user account. It + will specify the users' new SID (Security Identifier) or + rid. + + Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 + + + + + -c account-control + This option can be used while adding or modifying a user + account. It will specify the users' account control property. Possible flags are listed below. + + + + + N: No password required + D: Account disabled + H: Home directory required + T: Temporary duplicate of other account + U: Regular user account + M: MNS logon user account + W: Workstation Trust Account + S: Server Trust Account + L: Automatic Locking + X: Password does not expire + I: Domain Trust Account + + + + Example: -c "[X ]" + + + + + -a + This option is used to add a user into the + database. This command needs a user name specified with + the -u switch. When adding a new user, pdbedit will also + ask for the password to be used. + + Example: pdbedit -a -u sorce +new password: +retype new password + + + + pdbedit does not call the unix password syncronisation + script if unix password sync + has been set. It only updates the data in the Samba + user database. + + + If you wish to add a user and synchronise the password + that immediately, use smbpasswd's option. + + + + + + + -r + This option is used to modify an existing user + in the database. This command needs a user name specified with the -u + switch. Other options can be specified to modify the properties of + the specified user. This flag is kept for backwards compatibility, but + it is no longer necessary to specify it. + + + + + -m + This option may only be used in conjunction + with the -a option. It will make + pdbedit to add a machine trust account instead of a user + account (-u username will provide the machine name). + + Example: pdbedit -a -m -u w2k-wks + + + + + + + -x + This option causes pdbedit to delete an account + from the database. It needs a username specified with the + -u switch. + + Example: pdbedit -x -u bob + + + + + + -i passdb-backend + Use a different passdb backend to retrieve users + than the one specified in smb.conf. Can be used to import data into + your local user database. + + This option will ease migration from one passdb backend to + another. + + Example: pdbedit -i smbpasswd:/etc/smbpasswd.old + + + + + + -e passdb-backend + Exports all currently available users to the + specified password database backend. + + This option will ease migration from one passdb backend to + another and will ease backing up. + + Example: pdbedit -e smbpasswd:/root/samba-users.backup + + + + + -g + If you specify -g, + then -i in-backend -e out-backend + applies to the group mapping instead of the user database. + + This option will ease migration from one passdb backend to + another and will ease backing up. + + + + + + -b passdb-backend + Use a different default passdb backend. + + Example: pdbedit -b xml:/root/pdb-backup.xml -l + + + + + -P account-policy + Display an account policy + Valid policies are: minimum password age, reset count minutes, disconnect time, + user must logon to change password, password history, lockout duration, min password length, + maximum password age and bad lockout attempt. + + Example: pdbedit -P "bad lockout attempt" + +account policy value for bad lockout attempt is 0 + + + + + + + + -C account-policy-value + Sets an account policy to a specified value. + This option may only be used in conjunction + with the -P option. + + + Example: pdbedit -P "bad lockout attempt" -C 3 + +account policy value for bad lockout attempt was 0 +account policy value for bad lockout attempt is now 3 + + + + + &stdarg.help; + &popt.common.samba; + + + + + + + NOTES + + This command may be used only by root. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbpasswd + 5, samba + 7 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij. + + + + diff --git a/docs/manpages/profiles.1.xml b/docs/manpages/profiles.1.xml new file mode 100644 index 0000000000..3ae823f634 --- /dev/null +++ b/docs/manpages/profiles.1.xml @@ -0,0 +1,88 @@ + + %globalentities; +]> + + + + profiles + 1 + + + + + profiles + A utility to report and change SIDs in registry files + + + + + + profiles + -v + -c SID + -n SID + file + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + profiles is a utility that + reports and changes SIDs in windows registry files. It currently only + supports NT. + + + + + + OPTIONS + + + + file + Registry file to view or edit. + + + + + -v,--verbose + Increases verbosity of messages. + + + + + -c SID1 -n SID2 + Change all occurences of SID1 in file by SID2. + + + + &stdarg.help; + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The profiles man page was written by Jelmer Vernooij. + + + diff --git a/docs/manpages/rpcclient.1.xml b/docs/manpages/rpcclient.1.xml new file mode 100644 index 0000000000..3510458610 --- /dev/null +++ b/docs/manpages/rpcclient.1.xml @@ -0,0 +1,475 @@ + + %globalentities; +]> + + + + rpcclient + 1 + + + + + rpcclient + tool for executing client side + MS-RPC functions + + + + + rpcclient + -A authfile + -c <command string> + -d debuglevel + -h + -l logdir + -N + -s <smb config file> + -U username[%password] + -W workgroup + -N + -I destinationIP + server + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + rpcclient is a utility initially developed + to test MS-RPC functionality in Samba itself. It has undergone + several stages of development and stability. Many system administrators + have now written scripts around it to manage Windows NT clients from + their UNIX workstation. + + + + + OPTIONS + + + + server + NetBIOS name of Server to which to connect. + The server can be any SMB/CIFS server. The name is + resolved using the name resolve order line from smb.conf + 5. + + + + + -c|--command='command string' + execute semicolon separated commands (listed + below)) + + + + + -I IP-address + IP address is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. + + Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the name resolve order + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. + + There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. + + + &popt.common.samba; + &popt.common.credentials; + &popt.common.connection; + &stdarg.help; + + + + + + COMMANDS + + + LSARPC + + + lsaqueryQuery info policy + + lookupsidsResolve a list + of SIDs to usernames. + + + lookupnamesResolve a list + of usernames to SIDs. + + + enumtrustsEnumerate trusted domains + + enumprivsEnumerate privileges + + getdispnameGet the privilege name + + lsaenumsidEnumerate the LSA SIDS + + lsaenumprivsaccountEnumerate the privileges of an SID + + lsaenumacctrightsEnumerate the rights of an SID + + lsaenumacctwithrightEnumerate accounts with a right + + lsaaddacctrightsAdd rights to an account + + lsaremoveacctrightsRemove rights from an account + + lsalookupprivvalueGet a privilege value given its name + + lsaquerysecobjQuery LSA security object + + + + + + LSARPC-DS + + + dsroledominfoGet Primary Domain Information + + + + + DFS + + dfsexistQuery DFS support + dfsaddAdd a DFS share + dfsremoveRemove a DFS share + dfsgetinfoQuery DFS share info + dfsenumEnumerate dfs shares + + + + + + REG + + shutdownRemote Shutdown + abortshutdownAbort Shutdown + + + + + + SRVSVC + + + srvinfoServer query info + + netshareenumEnumerate shares + + netfileenumEnumerate open files + + netremotetodFetch remote time of day + + + + + + + SAMR + + + queryuserQuery user info + querygroupQuery group info + queryusergroupsQuery user groups + querygroupmemQuery group membership + queryaliasmemQuery alias membership + querydispinfoQuery display info + querydominfoQuery domain info + enumdomusersEnumerate domain users + enumdomgroupsEnumerate domain groups + enumalsgroupsEnumerate alias groups + createdomuserCreate domain user + samlookupnamesLook up names + samlookupridsLook up names + deletedomuserDelete domain user + samquerysecobjQuery SAMR security object + getdompwinfoRetrieve domain password info + lookupdomainLook up domain + + + + + + SPOOLSS + + + adddriver <arch> <config> [<version>] + + Execute an AddPrinterDriver() RPC to install the printer driver + information on the server. Note that the driver files should + already exist in the directory returned by + getdriverdir. Possible values for + arch are the same as those for + the getdriverdir command. + The config parameter is defined as + follows: + + +Long Printer Name:\ +Driver File Name:\ +Data File Name:\ +Config File Name:\ +Help File Name:\ +Language Monitor Name:\ +Default Data Type:\ +Comma Separated list of Files + + + Any empty fields should be enter as the string "NULL". + + Samba does not need to support the concept of Print Monitors + since these only apply to local printers whose driver can make + use of a bi-directional link for communication. This field should + be "NULL". On a remote NT print server, the Print Monitor for a + driver must already be installed prior to adding the driver or + else the RPC will fail. + + The version parameter lets you + specify the printer driver version number. If omitted, the + default driver version for the specified architecture will + be used. This option can be used to upload Windows 2000 + (version 3) printer drivers. + + addprinter <printername> + <sharename> <drivername> <port> + + Add a printer on the remote server. This printer + will be automatically shared. Be aware that the printer driver + must already be installed on the server (see adddriver) + and the portmust be a valid port name (see + enumports. + + + + deldriverDelete the + specified printer driver for all architectures. This + does not delete the actual driver files from the server, + only the entry from the server's list of drivers. + + + enumdataEnumerate all + printer setting data stored on the server. On Windows NT clients, + these values are stored in the registry, while Samba servers + store them in the printers TDB. This command corresponds + to the MS Platform SDK GetPrinterData() function (* This + command is currently unimplemented). + + enumdataexEnumerate printer data for a key + + enumjobs <printer> + List the jobs and status of a given printer. + This command corresponds to the MS Platform SDK EnumJobs() + function + + enumkeyEnumerate + printer keys + + enumports [level] + + Executes an EnumPorts() call using the specified + info level. Currently only info levels 1 and 2 are supported. + + + + + enumdrivers [level] + + Execute an EnumPrinterDrivers() call. This lists the various installed + printer drivers for all architectures. Refer to the MS Platform SDK + documentation for more details of the various flags and calling + options. Currently supported info levels are 1, 2, and 3. + + + + enumprinters [level] + Execute an EnumPrinters() call. This lists the various installed + and share printers. Refer to the MS Platform SDK documentation for + more details of the various flags and calling options. Currently + supported info levels are 1, 2 and 5. + + + + + getdata <printername> <valuename;> + Retrieve the data for a given printer setting. See + the enumdata command for more information. + This command corresponds to the GetPrinterData() MS Platform + SDK function. + + getdataexGet + printer driver data with + keyname + + + getdriver <printername> + + Retrieve the printer driver information (such as driver file, + config file, dependent files, etc...) for + the given printer. This command corresponds to the GetPrinterDriver() + MS Platform SDK function. Currently info level 1, 2, and 3 are supported. + + + + getdriverdir <arch> + + Execute a GetPrinterDriverDirectory() + RPC to retrieve the SMB share name and subdirectory for + storing printer driver files for a given architecture. Possible + values for arch are "Windows 4.0" + (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows + Alpha_AXP", and "Windows NT R4000". + + + + getprinter <printername> + Retrieve the current printer information. This command + corresponds to the GetPrinter() MS Platform SDK function. + + + getprintprocdirGet + print processor + directory + + openprinter <printername> + Execute an OpenPrinterEx() and ClosePrinter() RPC + against a given printer. + + setdriver <printername> + <drivername> + Execute a SetPrinter() command to update the printer driver + associated with an installed printer. The printer driver must + already be correctly installed on the print server. + + See also the enumprinters and + enumdrivers commands for obtaining a list of + of installed printers and drivers. + + addformAdd form + setformSet form + getformGet form + deleteformDelete form + enumformsEnumerate form + setprinterSet printer comment + setprinterdataSet REG_SZ printer data + rffpcnexRffpcnex test + + + + + + + + NETLOGON + + + + logonctrl2 + Logon Control 2 + + + logonctrl + Logon Control + + + samsync + Sam Synchronisation + + + samdeltas + Query Sam Deltas + + + samlogon + Sam Logon + + + + + + + GENERAL COMMANDS + + + debuglevelSet the current + debug level used to log information. + + help (?)Print a listing of all + known commands or extended help on a particular command. + + + quit (exit)Exit rpcclient + . + + + + + + + BUGS + + rpcclient is designed as a developer testing tool + and may not be robust in certain areas (such as command line parsing). + It has been known to generate a core dump upon failures when invalid + parameters where passed to the interpreter. + + From Luke Leighton's original rpcclient man page: + + WARNING! The MSRPC over SMB code has + been developed from examining Network traces. No documentation is + available from the original creators (Microsoft) on how MSRPC over + SMB works, or how the individual MSRPC services work. Microsoft's + implementation of these services has been demonstrated (and reported) + to be... a bit flaky in places. + + The development of Samba's implementation is also a bit rough, + and as more of the services are understood, it can even result in + versions of smbd + 8 and rpcclient + 1 that are incompatible for some commands or services. Additionally, + the developers are sending reports to Microsoft, and problems found + or reported to Microsoft are fixed in Service Packs, which may + result in incompatibilities. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original rpcclient man page was written by Matthew + Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. + The conversion to DocBook for Samba 2.2 was done by Gerald + Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was + done by Alexander Bokovoy. + + + diff --git a/docs/manpages/samba.7.xml b/docs/manpages/samba.7.xml new file mode 100644 index 0000000000..7f31ab3bc5 --- /dev/null +++ b/docs/manpages/samba.7.xml @@ -0,0 +1,370 @@ + + %globalentities; +]> + + + + samba + 7 + + + + + samba + A Windows SMB/CIFS fileserver for UNIX + + + + Samba + + + + DESCRIPTION + + The Samba software suite is a collection of programs + that implements the Server Message Block (commonly abbreviated + as SMB) protocol for UNIX systems. This protocol is sometimes + also referred to as the Common Internet File System (CIFS). For a + more thorough description, see + http://www.ubiqx.org/cifs/. Samba also implements the NetBIOS + protocol in nmbd. + + + + smbd + 8 + The smbd daemon provides the file and print services to + SMB clients, such as Windows 95/98, Windows NT, Windows + for Workgroups or LanManager. The configuration file + for this daemon is described in smb.conf + 5 + + + + + nmbd + 8 + The nmbd + daemon provides NetBIOS nameservice and browsing + support. The configuration file for this daemon + is described in smb.conf + 5 + + + + + smbclient + 1 + The smbclient + program implements a simple ftp-like client. This + is useful for accessing SMB shares on other compatible + servers (such as Windows NT), and can also be used + to allow a UNIX box to print to a printer attached to + any SMB server (such as a PC running Windows NT). + + + + + testparm + 1 + The testparm + utility is a simple syntax checker for Samba's smb.conf + 5 configuration file. + + + + + testprns + 1 + The testprns + utility supports testing printer names defined + in your printcap file used + by Samba. + + + + + smbstatus + 1 + The smbstatus + tool provides access to information about the + current connections to smbd. + + + + + nmblookup + 1 + The nmblookup + tools allows NetBIOS name queries to be made + from a UNIX host. + + + + + smbpasswd + 8 + The smbpasswd + command is a tool for changing LanMan and Windows NT + password hashes on Samba and Windows NT servers. + + + + + smbcacls + 1 + The smbcacls command is + a tool to set ACL's on remote CIFS servers. + + + + + smbsh + 1 + The smbsh command is + a program that allows you to run a unix shell with + with an overloaded VFS. + + + + smbtree + 1 + The smbtree command + is a text-based network neighborhood tool. + + + + smbtar + 1 + The smbtar can make + backups of data on CIFS/SMB servers. + + + + smbspool + 8 + smbspool is a + helper utility for printing on printers connected + to CIFS servers. + + + + smbcontrol + 1 + smbcontrol is a utility + that can change the behaviour of running samba daemons. + + + + + rpcclient + 1 + rpcclient is a utility + that can be used to execute RPC commands on remote + CIFS servers. + + + + pdbedit + 8 + The pdbedit command + can be used to maintain the local user database on + a samba server. + + + findsmb + 1 + The findsmb command + can be used to find SMB servers on the local network. + + + + net + 8 + The net command + is supposed to work similar to the DOS/Windows + NET.EXE command. + + + + swat + 8 + swat is a web-based + interface to configuring smb.conf. + + + + + winbindd + 8 + winbindd is a daemon + that is used for integrating authentication and + the user database into unix. + + + + wbinfo + 1 + wbinfo is a utility + that retrieves and stores information related to winbind. + + + + + editreg + 1 + editreg is a command-line + utility that can edit windows registry files. + + + + + profiles + 1 + profiles is a command-line + utility that can be used to replace all occurences of + a certain SID with another SID. + + + + + log2pcap + 1 + log2pcap is a utility + for generating pcap trace files from Samba log + files. + + + + vfstest + 1 + vfstest is a utility + that can be used to test vfs modules. + + + + ntlm_auth + 1 + ntlm_auth is a helper-utility + for external programs wanting to do NTLM-authentication. + + + + +smbmount8, +smbumount8, +smbmnt8 + smbmount,smbumount and smbmnt are commands that can be used to + mount CIFS/SMB shares on Linux. + + + + + smbcquotas + 1 + smbcquotas is a tool that + can set remote QUOTA's on server with NTFS 5. + + + + + + + COMPONENTS + + The Samba suite is made up of several components. Each + component is described in a separate manual page. It is strongly + recommended that you read the documentation that comes with Samba + and the manual pages of those components that you use. If the + manual pages and documents aren't clear enough then please visit + http://devel.samba.org + for information on how to file a bug report or submit a patch. + + If you require help, visit the Samba webpage at + http://www.samba.org/ and + explore the many option available to you. + + + + + AVAILABILITY + + The Samba software suite is licensed under the + GNU Public License(GPL). A copy of that license should + have come with the package in the file COPYING. You are + encouraged to distribute copies of the Samba suite, but + please obey the terms of this license. + + The latest version of the Samba suite can be + obtained via anonymous ftp from samba.org in the + directory pub/samba/. It is also available on several + mirror sites worldwide. + + You may also find useful information about Samba + on the newsgroup + comp.protocol.smb and the Samba mailing + list. Details on how to join the mailing list are given in + the README file that comes with Samba. + + If you have access to a WWW viewer (such as Mozilla + or Konqueror) then you will also find lots of useful information, + including back issues of the Samba mailing list, at + http://lists.samba.org. + + + + VERSION + + This man page is correct for version 3.0 of the + Samba suite. + + + + CONTRIBUTIONS + + If you wish to contribute to the Samba project, + then I suggest you join the Samba mailing list at + http://lists.samba.org. + + + If you have patches to submit, visit + http://devel.samba.org/ + for information on how to do it properly. We prefer patches + in diff -u format. + + + + CONTRIBUTORS + + Contributors to the project are now too numerous + to mention here but all deserve the thanks of all Samba + users. To see a full list, look at the + change-log in the source package + for the pre-CVS changes and at + http://cvs.samba.org/ + for the contributors to Samba post-CVS. CVS is the Open Source + source code control system used by the Samba Team to develop + Samba. The project would have been unmanageable without it. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML + 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbcacls.1.xml b/docs/manpages/smbcacls.1.xml new file mode 100644 index 0000000000..78980a6aec --- /dev/null +++ b/docs/manpages/smbcacls.1.xml @@ -0,0 +1,263 @@ + + %globalentities; +]> + + + + smbcacls + 1 + + + + + smbcacls + Set or get ACLs on an NT file or directory names + + + + + smbcacls + //server/share + filename + -D acls + -M acls + -a acls + -S acls + -C name + -G name + -n + -t + -U username + -h + -d + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + The smbcacls program manipulates NT Access Control + Lists (ACLs) on SMB file shares. + + + + + OPTIONS + + The following options are available to the smbcacls program. + The format of ACLs is described in the section ACL FORMAT + + + + + -a acls + Add the ACLs specified to the ACL list. Existing + access control entries are unchanged. + + + + + + -M acls + Modify the mask value (permissions) for the ACLs + specified on the command line. An error will be printed for each + ACL specified that was not already present in the ACL list + + + + + + + -D acls + Delete any ACLs specified on the command line. + An error will be printed for each ACL specified that was not + already present in the ACL list. + + + + + + -S acls + This command sets the ACLs on the file with + only the ones specified on the command line. All other ACLs are + erased. Note that the ACL specified must contain at least a revision, + type, owner and group for the call to succeed. + + + + + + -U username + Specifies a username used to connect to the + specified service. The username may be of the form "username" in + which case the user is prompted to enter in a password and the + workgroup specified in the smb.conf + 5 file is + used, or "username%password" or "DOMAIN\username%password" and the + password and workgroup names are used as provided. + + + + + + -C name + The owner of a file or directory can be changed + to the name given using the -C option. + The name can be a sid in the form S-1-x-y-z or a name resolved + against the server specified in the first argument. + + This command is a shortcut for -M OWNER:name. + + + + + + + -G name + The group owner of a file or directory can + be changed to the name given using the -G + option. The name can be a sid in the form S-1-x-y-z or a name + resolved against the server specified n the first argument. + + + This command is a shortcut for -M GROUP:name. + + + + + + -n + This option displays all ACL information in numeric + format. The default is to convert SIDs to names and ACE types + and masks to a readable string format. + + + + -t + + Don't actually do anything, only validate the correctness of + the arguments. + + + + &stdarg.help; + &popt.common.samba; + + + + + + ACL FORMAT + + The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: + + +REVISION:<revision number> +OWNER:<sid or name> +GROUP:<sid or name> +ACL:<sid or name>:<type>/<flags>/<mask> + + + + The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour. + + The owner and group specify the owner and group sids for the + object. If a SID in the format CWS-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides. + + ACLs specify permissions granted to the SID. This SID again + can be specified in CWS-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID. + + The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are: + + + #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 + #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 + #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 + #define SEC_ACE_FLAG_INHERIT_ONLY 0x8 + + + At present flags can only be specified as decimal or + hexadecimal values. + + The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name. + + + R - Allow read access + W - Allow write access + X - Execute permission on the object + D - Delete the object + P - Change permissions + O - Take ownership + + + + The following combined permissions can be specified: + + + + READ - Equivalent to 'RX' + permissions + CHANGE - Equivalent to 'RXWD' permissions + + FULL - Equivalent to 'RWXDPO' + permissions + + + + + EXIT STATUS + + The smbcacls program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. + + If the operation succeeded, smbcacls returns and exit + status of 0. If smbcacls couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + smbcacls was written by Andrew Tridgell + and Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done + by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbclient.1.xml b/docs/manpages/smbclient.1.xml new file mode 100644 index 0000000000..78cc642e76 --- /dev/null +++ b/docs/manpages/smbclient.1.xml @@ -0,0 +1,940 @@ + + %globalentities; +]> + + + + smbclient + 1 + + + + + smbclient + ftp-like client to access SMB/CIFS resources + on servers + + + + + smbclient + servicename + password + -b <buffer size> + -d debuglevel + -D Directory + -U username + -W workgroup + -M <netbios name> + -m maxprotocol + -A authfile + -N + -l logdir + -L <netbios name> + -I destinationIP + -E + -c <command string> + -i scope + -O <socket options> + -p port + -R <name resolve order> + -s <smb config file> + -T<c|x>IXFqgbNan + -k + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbclient is a client that can + 'talk' to an SMB/CIFS server. It offers an interface + similar to that of the ftp program (see ftp + 1). + Operations include things like getting files from the server + to the local machine, putting files from the local machine to + the server, retrieving directory information from the server + and so on. + + + + + OPTIONS + + + + servicename + servicename is the name of the service + you want to use on the server. A service name takes the form + //server/service where server + is the NetBIOS name of the SMB/CIFS server + offering the desired service and service + is the name of the service offered. Thus to connect to + the service "printer" on the SMB/CIFS server "smbserver", + you would use the servicename //smbserver/printer + + + Note that the server name required is NOT necessarily + the IP (DNS) host name of the server ! The name required is + a NetBIOS server name, which may or may not be the + same as the IP hostname of the machine running the server. + + + The server name is looked up according to either + the -R parameter to smbclient or + using the name resolve order parameter in + the smb.conf + 5 file, + allowing an administrator to change the order and methods + by which server names are looked up. + + + + password + The password required to access the specified + service on the specified server. If this parameter is + supplied, the -N option (suppress + password prompt) is assumed. + + There is no default password. If no password is supplied + on the command line (either by using this parameter or adding + a password to the -U option (see + below)) and the -N option is not + specified, the client will prompt for a password, even if + the desired service does not require one. (If no password is + required, simply press ENTER to provide a null password.) + + + Note: Some servers (including OS/2 and Windows for + Workgroups) insist on an uppercase password. Lowercase + or mixed case passwords may be rejected by these servers. + + + Be cautious about including passwords in scripts. + + + + + -R <name resolve order> + This option is used by the programs in the Samba + suite to determine what naming services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options. + + The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows: + + + lmhosts: Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see + the lmhosts + 5 for details) then + any name type matches for lookup. + + + host: Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored. + + + wins: Query a name with + the IP address listed in the wins server + parameter. If no WINS server has + been specified this method will be ignored. + + + bcast: Do a broadcast on + each of the known local interfaces listed in the + interfaces + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet. + + + + If this parameter is not set then the name resolve order + defined in the smb.conf + 5 file parameter + (name resolve order) will be used. + + The default order is lmhosts, host, wins, bcast and without + this parameter or any entry in the name resolve order + parameter of the smb.conf + 5 file the name resolution + methods will be attempted in this order. + + + + + -M NetBIOS name + This options allows you to send messages, using + the "WinPopup" protocol, to another computer. Once a connection is + established you then type your message, pressing ^D (control-D) to + end. + + If the receiving computer is running WinPopup the user will + receive the message and probably a beep. If they are not running + WinPopup the message will be lost, and no error message will + occur. + + The message is also automatically truncated if the message + is over 1600 bytes, as this is the limit of the protocol. + + + One useful trick is to cat the message through + smbclient. For example: + cat mymessage.txt | smbclient -M FRED will + send the message in the file mymessage.txt + to the machine FRED. + + You may also find the -U and + -I options useful, as they allow you to + control the FROM and TO parts of the message. + + See the message command parameter in the smb.conf + 5 for a description of how to handle incoming + WinPopup messages in Samba. + + Note: Copy WinPopup into the startup group + on your WfWg PCs if you want them to always be able to receive + messages. + + + + -p port + This number is the TCP port number that will be used + when making connections to the server. The standard (well-known) + TCP port number for an SMB/CIFS server is 139, which is the + default. + + + + &stdarg.help; + + + -I IP-address + IP address is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. + + Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the name resolve order + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. + + There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. + + + + + + -E + This parameter causes the client to write messages + to the standard error stream (stderr) rather than to the standard + output stream. + + By default, the client writes messages to standard output + - typically the user's tty. + + + + + -L + This option allows you to look at what services + are available on a server. You use it as smbclient -L + host and a list should appear. The -I + option may be useful if your NetBIOS names don't + match your TCP/IP DNS host names or if you are trying to reach a + host on another network. + + + + + -t terminal code + This option tells smbclient how to interpret + filenames coming from the remote server. Usually Asian language + multibyte UNIX implementations use different character sets than + SMB/CIFS servers (EUC instead of + SJIS for example). Setting this parameter will let + smbclient convert between the UNIX filenames and + the SMB filenames correctly. This option has not been seriously tested + and may have some problems. + + The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8, + CWjunet, CWhex, CWcap. This is not a complete list, check the Samba + source code for the complete list. + + + + + -b buffersize + This option changes the transmit/send buffer + size when getting or putting a file from/to the server. The default + is 65520 bytes. Setting this value smaller (to 1200 bytes) has been + observed to speed up file transfers to and from a Win9x server. + + + + &popt.common.samba; + &popt.common.credentials; + &popt.common.connection; + + + -T tar options + smbclient may be used to create tar(1) + compatible backups of all the files on an SMB/CIFS + share. The secondary tar flags that can be given to this option + are : + + + c - Create a tar file on UNIX. + Must be followed by the name of a tar file, tape device + or "-" for standard output. If using standard output you must + turn the log level to its lowest value -d0 to avoid corrupting + your tar file. This flag is mutually exclusive with the + x flag. + + x - Extract (restore) a local + tar file back to a share. Unless the -D option is given, the tar + files will be restored from the top level of the share. Must be + followed by the name of the tar file, device or "-" for standard + input. Mutually exclusive with the c flag. + Restored files have their creation times (mtime) set to the + date saved in the tar file. Directories currently do not get + their creation dates restored properly. + + I - Include files and directories. + Is the default behavior when filenames are specified above. Causes + tar files to be included in an extract or create (and therefore + everything else to be excluded). See example below. Filename globbing + works in one of two ways. See r below. + + X - Exclude files and directories. + Causes tar files to be excluded from an extract or create. See + example below. Filename globbing works in one of two ways now. + See r below. + + b - Blocksize. Must be followed + by a valid (greater than zero) blocksize. Causes tar file to be + written out in blocksize*TBLOCK (usually 512 byte) blocks. + + + g - Incremental. Only back up + files that have the archive bit set. Useful only with the + c flag. + + q - Quiet. Keeps tar from printing + diagnostics as it works. This is the same as tarmode quiet. + + + r - Regular expression include + or exclude. Uses regular expression matching for + excluding or excluding files if compiled with HAVE_REGEX_H. + However this mode can be very slow. If not compiled with + HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. + + + N - Newer than. Must be followed + by the name of a file whose date is compared against files found + on the share during a create. Only files newer than the file + specified are backed up to the tar file. Useful only with the + c flag. + + a - Set archive bit. Causes the + archive bit to be reset when a file is backed up. Useful with the + g and c flags. + + + + Tar Long File Names + + smbclient's tar option now supports long + file names both on backup and restore. However, the full path + name of the file must be less than 1024 bytes. Also, when + a tar archive is created, smbclient's tar option places all + files in the archive with relative names, not absolute names. + + + Tar Filenames + + All file names can be given as DOS path names (with '\\' + as the component separator) or as UNIX path names (with '/' as + the component separator). + + Examples + + Restore from tar file backup.tar into myshare on mypc + (no password on share). + + smbclient //mypc/yshare "" -N -Tx backup.tar + + + Restore everything except users/docs + + + smbclient //mypc/myshare "" -N -TXx backup.tar + users/docs + + Create a tar file of the files beneath + users/docs. + + smbclient //mypc/myshare "" -N -Tc + backup.tar users/docs + + Create the same tar file as above, but now use + a DOS path name. + + smbclient //mypc/myshare "" -N -tc backup.tar + users\edocs + + Create a tar file of all the files and directories in + the share. + + smbclient //mypc/myshare "" -N -Tc backup.tar * + + + + + + + -D initial directory + Change to initial directory before starting. Probably + only of any use with the tar -T option. + + + + + + -c command string + command string is a semicolon-separated list of + commands to be executed instead of prompting from stdin. + -N is implied by -c. + + This is particularly useful in scripts and for printing stdin + to the server, e.g. -c 'print -'. + + + + + + + OPERATIONS + + Once the client is running, the user is presented with + a prompt : + + smb:\> + + The backslash ("\\") indicates the current working directory + on the server, and will change if the current working directory + is changed. + + The prompt indicates that the client is ready and waiting to + carry out a user command. Each command is a single word, optionally + followed by parameters specific to that command. Command and parameters + are space-delimited unless these notes specifically + state otherwise. All commands are case-insensitive. Parameters to + commands may or may not be case sensitive, depending on the command. + + + You can specify file names which have spaces in them by quoting + the name with double quotes, for example "a long file name". + + Parameters shown in square brackets (e.g., "[parameter]") are + optional. If not given, the command will use suitable defaults. Parameters + shown in angle brackets (e.g., "<parameter>") are required. + + + + Note that all commands operating on the server are actually + performed by issuing a request to the server. Thus the behavior may + vary from server to server, depending on how the server was implemented. + + + The commands available are given here in alphabetical order. + + + + ? [command] + If command is specified, the ? command will display + a brief informative message about the specified command. If no + command is specified, a list of available commands will + be displayed. + + + + + ! [shell command] + If shell command is specified, the ! + command will execute a shell locally and run the specified shell + command. If no command is specified, a local shell will be run. + + + + + + altname file + The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. + + + + + + cancel jobid0 [jobid1] ... [jobidN] + The client will request that the server cancel + the printjobs identified by the given numeric print job ids. + + + + + + + chmod file mode in octal + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. + + + + + + + chown file uid gid + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. + + + + + + + cd [directory name] + If "directory name" is specified, the current + working directory on the server will be changed to the directory + specified. This operation will fail if for any reason the specified + directory is inaccessible. + + If no directory name is specified, the current working + directory on the server will be reported. + + + + + del <mask> + The client will request that the server attempt + to delete all files matching mask from the current working + directory on the server. + + + + + dir <mask> + A list of the files matching mask in the current + working directory on the server will be retrieved from the server + and displayed. + + + + + exit + Terminate the connection with the server and exit + from the program. + + + + + get <remote file name> [local file name] + Copy the file called remote file name from + the server to the machine running the client. If specified, name + the local copy local file name. Note that all transfers in + smbclient are binary. See also the + lowercase command. + + + + + + help [command] + See the ? command above. + + + + + lcd [directory name] + If directory name is specified, the current + working directory on the local machine will be changed to + the directory specified. This operation will fail if for any + reason the specified directory is inaccessible. + + If no directory name is specified, the name of the + current working directory on the local machine will be reported. + + + + + + link source destination + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the source and destination files. The source file + must not exist. + + + + + + + lowercase + Toggle lowercasing of filenames for the get and + mget commands. + + When lowercasing is toggled ON, local filenames are converted + to lowercase when using the get and mget commands. This is + often useful when copying (say) MSDOS files from a server, because + lowercase filenames are the norm on UNIX systems. + + + + + + ls <mask> + See the dir command above. + + + + + mask <mask> + This command allows the user to set up a mask + which will be used during recursive operation of the mget and + mput commands. + + The masks specified to the mget and mput commands act as + filters for directories rather than files when recursion is + toggled ON. + + The mask specified with the mask command is necessary + to filter files within those directories. For example, if the + mask specified in an mget command is "source*" and the mask + specified with the mask command is "*.c" and recursion is + toggled ON, the mget command will retrieve all files matching + "*.c" in all directories below and including all directories + matching "source*" in the current working directory. + + Note that the value for mask defaults to blank (equivalent + to "*") and remains so until the mask command is used to change it. + It retains the most recently specified value indefinitely. To + avoid unexpected results it would be wise to change the value of + mask back to "*" after using the mget or mput commands. + + + + + md <directory name> + See the mkdir command. + + + + + mget <mask> + Copy all files matching mask from the server to + the machine running the client. + + Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and + mask commands for more information. Note that all transfers in + smbclient are binary. See also the lowercase command. + + + + + mkdir <directory name> + Create a new directory on the server (user access + privileges permitting) with the specified name. + + + + + mput <mask> + Copy all files matching mask in the current working + directory on the local machine to the current working directory on + the server. + + Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and mask + commands for more information. Note that all transfers in smbclient + are binary. + + + + + print <file name> + Print the specified file from the local machine + through a printable service on the server. + + See also the printmode command. + + + + + + printmode <graphics or text> + Set the print mode to suit either binary data + (such as graphical information) or text. Subsequent print + commands will use the currently set print mode. + + + + + prompt + Toggle prompting for filenames during operation + of the mget and mput commands. + + When toggled ON, the user will be prompted to confirm + the transfer of each file during these commands. When toggled + OFF, all specified files will be transferred without prompting. + + + + + + put <local file name> [remote file name] + Copy the file called local file name from the + machine running the client to the server. If specified, + name the remote copy remote file name. Note that all transfers + in smbclient are binary. See also the lowercase command. + + + + + + + queue + Displays the print queue, showing the job id, + name, size and current status. + + + + + quit + See the exit command. + + + + + rd <directory name> + See the rmdir command. + + + + + recurse + Toggle directory recursion for the commands mget + and mput. + + When toggled ON, these commands will process all directories + in the source directory (i.e., the directory they are copying + from ) and will recurse into any that match the mask specified + to the command. Only files that match the mask specified using + the mask command will be retrieved. See also the mask command. + + + When recursion is toggled OFF, only files from the current + working directory on the source machine that match the mask specified + to the mget or mput commands will be copied, and any mask specified + using the mask command will be ignored. + + + + + + rm <mask> + Remove all files matching mask from the current + working directory on the server. + + + + + rmdir <directory name> + Remove the specified directory (user access + privileges permitting) from the server. + + + + + setmode <filename> <perm=[+|\-]rsha> + A version of the DOS attrib command to set + file permissions. For example: + + setmode myfile +r + + would make myfile read only. + + + + + + symlink source destination + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the source and destination files. The source file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. + + + + + + + tar <c|x>[IXbgNa] + Performs a tar operation - see the -T + command line option above. Behavior may be affected + by the tarmode command (see below). Using g (incremental) and N + (newer) will affect tarmode settings. Note that using the "-" option + with tar x may not work - use the command line option instead. + + + + + + blocksize <blocksize> + Blocksize. Must be followed by a valid (greater + than zero) blocksize. Causes tar file to be written out in + blocksize*TBLOCK (usually 512 byte) blocks. + + + + + tarmode <full|inc|reset|noreset> + Changes tar's behavior with regard to archive + bits. In full mode, tar will back up everything regardless of the + archive bit setting (this is the default mode). In incremental mode, + tar will only back up files with the archive bit set. In reset mode, + tar will reset the archive bit on all files it backs up (implies + read/write share). + + + + + + + + NOTES + + Some servers are fussy about the case of supplied usernames, + passwords, share names (AKA service names) and machine names. + If you fail to connect try giving all parameters in uppercase. + + + It is often necessary to use the -n option when connecting + to some types of servers. For example OS/2 LanManager insists + on a valid NetBIOS name being used, so you need to supply a valid + name that would be known to the server. + + smbclient supports long file names where the server + supports the LANMAN2 protocol or above. + + + + ENVIRONMENT VARIABLES + + The variable USER may contain the + username of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. + + + The variable PASSWD may contain + the password of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. + + The variable LIBSMB_PROG may contain + the path, executed with system(), which the client should connect + to instead of connecting to a server. This functionality is primarily + intended as a development aid, and works best when using a LMHOSTS + file + + + + + INSTALLATION + + The location of the client program is a matter for + individual system administrators. The following are thus + suggestions only. + + It is recommended that the smbclient software be installed + in the /usr/local/samba/bin/ or + /usr/samba/bin/ directory, this directory readable + by all, writeable only by root. The client program itself should + be executable by all. The client should NOT be + setuid or setgid! + + The client log files should be put in a directory readable + and writeable only by the user. + + To test the client, you will need to know the name of a + running SMB/CIFS server. It is possible to run smbd + 8 as an ordinary user - running that server as a daemon + on a user-accessible port (typically any port number over 1024) + would provide a suitable test server. + + + + + DIAGNOSTICS + + Most diagnostics issued by the client are logged in a + specified log file. The log file name is specified at compile time, + but may be overridden on the command line. + + The number and nature of diagnostics available depends + on the debug level used by the client. If you have problems, + set the debug level to 3 and peruse the log files. + + + + + VERSION + + This man page is correct for version 2.2 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbcontrol.1.xml b/docs/manpages/smbcontrol.1.xml new file mode 100644 index 0000000000..af6054de58 --- /dev/null +++ b/docs/manpages/smbcontrol.1.xml @@ -0,0 +1,297 @@ + + %globalentities; +]> + + + + smbcontrol + 1 + + + + + smbcontrol + send messages to smbd, nmbd or winbindd processes + + + + + smbcontrol + -i + -s + + + + smbcontrol + destination + message-type + parameter + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbcontrol is a very small program, which + sends messages to a smbd + 8, a nmbd + 8, or a winbindd + 8 daemon running on the system. + + + + + OPTIONS + + + &stdarg.help; + &stdarg.configfile; + + -i + Run interactively. Individual commands + of the form destination message-type parameters can be entered + on STDIN. An empty command line or a "q" will quit the + program. + + + + destination + One of nmbd, smbd or a process ID. + + The smbd destination causes the + message to "broadcast" to all smbd daemons. + + The nmbd destination causes the + message to be sent to the nmbd daemon specified in the + nmbd.pid file. + + If a single process ID is given, the message is sent + to only that process. + + + + + message-type + Type of message to send. See + the section MESSAGE-TYPES for details. + + + + + + parameters + any parameters required for the message-type + + + + + + + + MESSAGE-TYPES + + Available message types are: + + + close-share + Order smbd to close the client + connections to the named share. Note that this doesn't affect client + connections to any other shares. This message-type takes an argument of the + share name for which client connections will be closed, or the + "*" character which will close all currently open shares. + This may be useful if you made changes to the access controls on the share. + This message can only be sent to smbd. + + + + + debug + Set debug level to the value specified by the + parameter. This can be sent to any of the destinations. + + + + + force-election + This message causes the nmbd daemon to + force a new browse master election. + + + + ping + + Send specified number of "ping" messages and + wait for the same number of reply "pong" messages. This can be sent to + any of the destinations. + + + + + profile + Change profile settings of a daemon, based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any smbd or nmbd destinations. + + + + debuglevel + + Request debuglevel of a certain daemon and write it to stdout. This + can be sent to any of the destinations. + + + + + profilelevel + + Request profilelevel of a certain daemon and write it to stdout. + This can be sent to any smbd or nmbd destinations. + + + + + printnotify + + Order smbd to send a printer notify message to any Windows NT clients + connected to a printer. This message-type takes the following arguments: + + + + + + queuepause printername + Send a queue pause change notify + message to the printer specified. + + + + queueresume printername + Send a queue resume change notify + message for the printer specified. + + + + jobpause printername unixjobid + Send a job pause change notify + message for the printer and unix jobid + specified. + + + + jobresume printername unixjobid + Send a job resume change notify + message for the printer and unix jobid + specified. + + + + jobdelete printername unixjobid + Send a job delete change notify + message for the printer and unix jobid + specified. + + + + + Note that this message only sends notification that an + event has occured. It doesn't actually cause the + event to happen. + + + This message can only be sent to smbd. + + + + + samsync + Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to smbd. + Not working at the moment + + + + + samrepl + Send sam replication message, with specified serial. Can only be sent to smbd. Should not be used manually. + + + + dmalloc-mark + Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. + + + + dmalloc-log-changed + + Dump the pointers that have changed since the mark set by dmalloc-mark. + Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. + + + + shutdown + Shut down specified daemon. Can be sent to both smbd and nmbd. + + + + pool-usage + Print a human-readable description of all + talloc(pool) memory usage by the specified daemon/process. Available + for both smbd and nmbd. + + + + drvupgrade + Force clients of printers using specified driver + to update their local version of the driver. Can only be + sent to smbd. + + + + reload-config + Force daemon to reload smb.conf configuration file. Can be sent + to smbd, nmbd, or winbindd. + + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + nmbd + 8 and smbd + 8. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbcquotas.1.xml b/docs/manpages/smbcquotas.1.xml new file mode 100644 index 0000000000..280d1b6364 --- /dev/null +++ b/docs/manpages/smbcquotas.1.xml @@ -0,0 +1,181 @@ + + %globalentities; +]> + + + + smbcquotas + 1 + + + + + smbcquotas + Set or get QUOTAs of NTFS 5 shares + + + + + smbcquotas + //server/share + -u user + -L + -F + -S QUOTA_SET_COMMAND + -n + -t + -v + + -d debuglevel + -s configfile + -l logdir + -V + + -U username + -N + -k + -A + + + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + The smbcquotas program manipulates NT Quotas on SMB file shares. + + + + + OPTIONS + + The following options are available to the smbcquotas program. + + + + + -u user + Specifies the user of whom the quotas are get or set. + By default the current user's username will be used. + + + + + + -L + Lists all quota records of the share. + + + + + + -F + Show the share quota status and default limits. + + + + + + -S QUOTA_SET_COMMAND + This command sets/modifies quotas for a user or on the share, + depending on the QUOTA_SET_COMMAND parameter which is described later. + + + + + -n + This option displays all QUOTA information in numeric + format. The default is to convert SIDs to names and QUOTA limits + to a readable string format. + + + + -t + + Don't actually do anything, only validate the correctness of the arguments. + + + + + -v + + Be verbose. + + + + &stdarg.help; + &popt.common.samba; + &popt.common.credentials; + + + + + + QUOTA_SET_COMAND + + The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: + + + for setting user quotas for the user specified by -u or the current username: + + + + UQLIM:<username>:<softlimit>/<hardlimit> + + + + for setting the default quotas for a share: + + + + FSQLIM:<softlimit>/<hardlimit> + + + + for changing the share quota settings: + + + + FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT + + + + + EXIT STATUS + + The smbcquotas program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. + + If the operation succeeded, smbcquotas returns an exit + status of 0. If smbcquotas couldn't connect to the specified server, + or when there was an error getting or setting the quota(s), an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + smbcquotas was written by Stefan Metzmacher. + + + diff --git a/docs/manpages/smbd.8.xml b/docs/manpages/smbd.8.xml new file mode 100644 index 0000000000..4a3d3fdc0c --- /dev/null +++ b/docs/manpages/smbd.8.xml @@ -0,0 +1,351 @@ + + %globalentities; +]> + + + + smbd + 8 + + + + + smbd + server to provide SMB/CIFS services to clients + + + + + smbd + -D + -F + -S + -i + -h + -V + -b + -d <debug level> + -l <log directory> + -p <port number> + -O <socket option> + -s <configuration file> + + + + + DESCRIPTION + This program is part of the Samba + 7 suite. + + smbd is the server daemon that + provides filesharing and printing services to Windows clients. + The server provides filespace and printer services to + clients using the SMB (or CIFS) protocol. This is compatible + with the LanManager protocol, and can service LanManager + clients. These include MSCLIENT 3.0 for DOS, Windows for + Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, + OS/2, DAVE for Macintosh, and smbfs for Linux. + + An extensive description of the services that the + server can provide is given in the man page for the + configuration file controlling the attributes of those + services (see smb.conf + 5. This man page will not describe the + services, but will concentrate on the administrative aspects + of running the server. + + Please note that there are significant security + implications to running this server, and the smb.conf + 5 manual page should be regarded as mandatory reading before + proceeding with installation. + + A session is created whenever a client requests one. + Each client gets a copy of the server for each session. This + copy then services all connections made by the client during + that session. When all connections from its client are closed, + the copy of the server for that client terminates. + + The configuration file, and any files that it includes, + are automatically reloaded every minute, if they change. You + can force a reload by sending a SIGHUP to the server. Reloading + the configuration file will not affect connections to any service + that is already established. Either the user will have to + disconnect from the service, or smbd killed and restarted. + + + + OPTIONS + + + + -D + If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate port. Operating the server as a + daemon is the recommended way of running smbd for + servers that provide more than casual use file and + print services. This switch is assumed if smbd + is executed on the command line of a shell. + + + + + -F + If specified, this parameter causes + the main smbd process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + smbd under process supervisors such + as supervise and svscan + from Daniel J. Bernstein's daemontools + package, or the AIX process monitor. + + + + + -S + If specified, this parameter causes + smbd to log to standard output rather + than a file. + + + + -i + If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. smbd also logs to standard + output, as if the -S parameter had been + given. + + + + &popt.common.samba; + &stdarg.help; + + + -b + Prints information about how + Samba was built. + + + + -p <port number> + port number is a positive integer + value. The default value if this parameter is not + specified is 139. + + This number is the port number that will be + used when making connections to the server from client + software. The standard (well-known) port number for the + SMB over TCP is 139, hence the default. If you wish to + run the server as an ordinary user rather than + as root, most systems will require you to use a port + number greater than 1024 - ask your system administrator + for help if you are in this situation. + + In order for the server to be useful by most + clients, should you configure it on a port other + than 139, you will require port redirection services + on port 139, details of which are outlined in rfc1002.txt + section 4.3.5. + + This parameter is not normally specified except + in the above situation. + + + + + + FILES + + + + /etc/inetd.conf + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. + + + + + /etc/rc + or whatever initialization script your + system uses). + + If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. + + + + /etc/services + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + + + + + /usr/local/samba/lib/smb.conf + This is the default location of the smb.conf + 5 server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/samba/smb.conf. + + This file describes all the services the server + is to make available to clients. See smb.conf + 5 for more information. + + + + + + + LIMITATIONS + On some systems smbd cannot change uid back + to root after a setuid() call. Such systems are called + trapdoor uid systems. If you have such a system, + you will be unable to connect from a client (such as a PC) as + two different users at once. Attempts to connect the + second user will result in access denied or + similar. + + + + ENVIRONMENT VARIABLES + + + + PRINTER + If no printer name is specified to + printable services, most systems will use the value of + this variable (or lp if this variable is + not defined) as the name of the printer to use. This + is not specific to the server, however. + + + + + + + PAM INTERACTION + Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the obey pam restrictions smb.conf + 5 paramater. When this is set, the following restrictions apply: + + + + Account Validation: All accesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. + + + Session Management: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + DIAGNOSTICS + + Most diagnostics issued by the server are logged + in a specified log file. The log file name is specified + at compile time, but may be overridden on the command line. + + The number and nature of diagnostics available depends + on the debug level used by the server. If you have problems, set + the debug level to 3 and peruse the log files. + + Most messages are reasonably self-explanatory. Unfortunately, + at the time this man page was created, there are too many diagnostics + available in the source code to warrant describing each and every + diagnostic. At this stage your best bet is still to grep the + source code and inspect the conditions that gave rise to the + diagnostics you are seeing. + + + + SIGNALS + + Sending the smbd a SIGHUP will cause it to + reload its smb.conf configuration + file within a short period of time. + + To shut down a user's smbd process it is recommended + that SIGKILL (-9) NOT + be used, except as a last resort, as this may leave the shared + memory area in an inconsistent state. The safe way to terminate + an smbd is to send it a SIGTERM (-15) signal and wait for + it to die on its own. + + The debug log level of smbd may be raised + or lowered using smbcontrol + 1 program (SIGUSR[1|2] signals are no longer + used since Samba 2.2). This is to allow transient problems to be diagnosed, + whilst still running at a normally low log level. + + Note that as the signal handlers send a debug write, + they are not re-entrant in smbd. This you should wait until + smbd is in a state of waiting for an incoming SMB before + issuing them. It is possible to make the signal handlers safe + by un-blocking the signals before the select call and re-blocking + them after, however this would affect performance. + + + + SEE ALSO + hosts_access + 5, inetd + 8, nmbd + 8, smb.conf + 5, smbclient + 1, testparm + 1, testprns + 1, and the + Internet RFC's rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbget.1.xml b/docs/manpages/smbget.1.xml new file mode 100644 index 0000000000..96b8cf10c8 --- /dev/null +++ b/docs/manpages/smbget.1.xml @@ -0,0 +1,211 @@ + + %globalentities; +]> + + + + smbget + 1 + + + + + smbget + wget-like utility for download files over SMB + + + + + smbget + -a, --guest + -r, --resume + -R, --recursive + -u, --username=STRING + -p, --password=STRING + -w, --workgroup=STRING + -n, --nonprompt + -d, --debuglevel=INT + -D, --dots + -P, --keep-permissions + -o, --outputfile + -f, --rcfile + -q, --quiet + -v, --verbose + -b, --blocksize + -?, --help + --usage + smb://host/share/path/to/file + smb://url2/ + ... + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. + + + + The files should be in the smb-URL standard, e.g. use smb://host/share/file + for the UNC path \\\\HOST\\SHARE\\file. + + + + + OPTIONS + + + -a, --guest + Work as user guest + + + + -r, --resume + Automatically resume aborted files + + + + -R, --recursive + Recursively download files + + + + -u, --username=STRING + Username to use + + + + -p, --password=STRING + Password to use + + + + -w, --workgroup=STRING + Workgroup to use (optional) + + + + -n, --nonprompt + Don't ask anything (non-interactive) + + + + -d, --debuglevel=INT + Debuglevel to use + + + + -D, --dots + Show dots as progress indication + + + + -P, --keep-permissions + Set same permissions on local file as are set on remote file. + + + + -o, --outputfile + Write the file that is being download to the specified file. Can not be used together with -R. + + + + -f, --rcfile + Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile. + + + + -q, --quiet + Be quiet + + + + -v, --verbose + Be verbose + + + + -b, --blocksize + Number of bytes to download in a block. Defaults to 64000. + + + + -?, --help + Show help message + + + + --usage + Display brief usage message + + + + + SMB URLS + + SMB URL's should be specified in the following format: + + +smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]] + + + +smb:// means all the workgroups + + + +smb://name/ means, if name is a workgroup, all the servers in this workgroup, or if name is a server, all the shares on this server. + + + + + + EXAMPLES + + +# Recursively download 'src' directory +smbget -R smb://rhonwyn/jelmer/src +# Download FreeBSD ISO and enable resuming +smbget -r smb://rhonwyn/isos/FreeBSD5.1.iso +# Recursively download all ISOs +smbget -Rr smb://rhonwyn/isos +# Backup my data on rhonwyn +smbget -Rr smb://rhonwyn/ + + + + + + BUGS + + Permission denied is returned in some cases where the cause of the error is unknown +(such as an illegally formatted smb:// url or trying to get a directory without -R +turned on). + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The smbget manpage was written by Jelmer Vernooij. + + + + diff --git a/docs/manpages/smbmnt.8.xml b/docs/manpages/smbmnt.8.xml new file mode 100644 index 0000000000..0495fa5be0 --- /dev/null +++ b/docs/manpages/smbmnt.8.xml @@ -0,0 +1,121 @@ + + %globalentities; +]> + + + + smbmnt + 8 + + + + + smbmnt + helper utility for mounting SMB filesystems + + + + + smbmnt + mount-point + -s <share> + -r + -u <uid> + -g <gid> + -f <mask> + -d <mask> + -o <options> + -h + + + + + DESCRIPTION + + smbmnt is a helper application used + by the smbmount program to do the actual mounting of SMB shares. + smbmnt can be installed setuid root if you want + normal users to be able to mount their SMB shares. + + A setuid smbmnt will only allow mounts on directories owned + by the user, and that the user has write permission on. + + The smbmnt program is normally invoked + by smbmount + 8. It should not be invoked directly by users. + + smbmount searches the normal PATH for smbmnt. You must ensure + that the smbmnt version in your path matches the smbmount used. + + + + + OPTIONS + + + + -r + mount the filesystem read-only + + + + + -u uid + specify the uid that the files will + be owned by + + + + -g gid + specify the gid that the files will be + owned by + + + + -f mask + specify the octal file mask applied + + + + + -d mask + specify the octal directory mask + applied + + + + -o options + + list of options that are passed as-is to smbfs, if this + command is run on a 2.4 or higher Linux kernel. + + + + &stdarg.help; + + + + + + + AUTHOR + + Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others. + + The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. + + + The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbmount.8.xml b/docs/manpages/smbmount.8.xml new file mode 100644 index 0000000000..0017c99cd5 --- /dev/null +++ b/docs/manpages/smbmount.8.xml @@ -0,0 +1,336 @@ + + %globalentities; +]> + + + + smbmount + 8 + + + + + smbmount + mount an smbfs filesystem + + + + + smbmount + service + mount-point + -o options + + + + + DESCRIPTION + + smbmount mounts a Linux SMB filesystem. It + is usually invoked as mount.smbfs by + the mount + 8 command when using the + "-t smbfs" option. This command only works in Linux, and the kernel must + support the smbfs filesystem. + + Options to smbmount are specified as a comma-separated + list of key=value pairs. It is possible to send options other + than those listed here, assuming that smbfs supports them. If + you get mount failures, check your kernel log for errors on + unknown options. + + smbmount is a daemon. After mounting it keeps running until + the mounted smbfs is umounted. It will log things that happen + when in daemon mode using the "machine name" smbmount, so + typically this output will end up in log.smbmount. The + smbmount process may also be called mount.smbfs. + + smbmount + calls smbmnt + 8 to do the actual mount. You + must make sure that smbmnt is in the path so + that it can be found. + + + + + OPTIONS + + + + username=<arg> + specifies the username to connect as. If + this is not given, then the environment variable + USER is used. This option can also take the + form "user%password" or "user/workgroup" or + "user/workgroup%password" to allow the password and workgroup + to be specified as part of the username. + + + + password=<arg> + specifies the SMB password. If this + option is not given then the environment variable + PASSWD is used. If it can find + no password smbmount will prompt + for a passeword, unless the guest option is + given. + + + Note that passwords which contain the argument delimiter + character (i.e. a comma ',') will failed to be parsed correctly + on the command line. However, the same password defined + in the PASSWD environment variable or a credentials file (see + below) will be read correctly. + + + + + + credentials=<filename> + specifies a file that contains a username and/or password. +The format of the file is: + +username = <value> +password = <value> + + + This is preferred over having passwords in plaintext in a + shared file, such as /etc/fstab. Be sure to protect any + credentials file properly. + + + + + krb + Use kerberos (Active Directory). + + + + netbiosname=<arg> + sets the source NetBIOS name. It defaults + to the local hostname. + + + + uid=<arg> + sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. + + + + + + gid=<arg> + sets the gid that will own all files on + the mounted filesystem. + It may be specified as either a groupname or a numeric + gid. + + + + + port=<arg> + sets the remote SMB port number. The default + is 139. + + + + + fmask=<arg> + sets the file mask. This determines the + permissions that remote files have in the local filesystem. + This is not a umask, but the actual permissions for the files. + The default is based on the current umask. + + + + + dmask=<arg> + Sets the directory mask. This determines the + permissions that remote directories have in the local filesystem. + This is not a umask, but the actual permissions for the directories. + The default is based on the current umask. + + + + + debug=<arg> + Sets the debug level. This is useful for + tracking down SMB connection problems. A suggested value to + start with is 4. If set too high there will be a lot of + output, possibly hiding the useful output. + + + + + ip=<arg> + Sets the destination host or IP address. + + + + + + + workgroup=<arg> + Sets the workgroup on the destination + + + + + + sockopt=<arg> + Sets the TCP socket options. See the smb.conf + 5 socket options option. + + + + + + scope=<arg> + Sets the NetBIOS scope + + + + guest + Don't prompt for a password + + + + ro + mount read-only + + + + rwmount read-write + + + + iocharset=<arg> + + sets the charset used by the Linux side for codepage + to charset translations (NLS). Argument should be the + name of a charset, like iso8859-1. (Note: only kernel + 2.4.0 or later) + + + + + codepage=<arg> + + sets the codepage the server uses. See the iocharset + option. Example value cp850. (Note: only kernel 2.4.0 + or later) + + + + + ttl=<arg> + + sets how long a directory listing is cached in milliseconds + (also affects visibility of file size and date + changes). A higher value means that changes on the + server take longer to be noticed but it can give + better performance on large directories, especially + over long distances. Default is 1000ms but something + like 10000ms (10 seconds) is probably more reasonable + in many cases. + (Note: only kernel 2.4.2 or later) + + + + + + + + + + ENVIRONMENT VARIABLES + + The variable USER may contain the username of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords. The variable can be used to set both username and + password by using the format username%password. + + The variable PASSWD may contain the password of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords. + + The variable PASSWD_FILE may contain the pathname + of a file to read the password from. A single line of input is + read and used as the password. + + + + + BUGS + + Passwords and other options containing , can not be handled. + For passwords an alternative way of passing them is in a credentials + file or in the PASSWD environment. + + The credentials file does not handle usernames or passwords with + leading space. + + One smbfs bug is important enough to mention here, even if it + is a bit misplaced: + + + + Mounts sometimes stop working. This is usually + caused by smbmount terminating. Since smbfs needs smbmount to + reconnect when the server disconnects, the mount will eventually go + dead. An umount/mount normally fixes this. At least 2 ways to + trigger this bug are known. + + + + Note that the typical response to a bug report is suggestion + to try the latest version first. So please try doing that first, + and always include which versions you use of relevant software + when reporting bugs (minimum: samba, kernel, distribution) + + + + + + SEE ALSO + + Documentation/filesystems/smbfs.txt in the linux kernel + source tree may contain additional options and information. + + FreeBSD also has a smbfs, but it is not related to smbmount + + For Solaris, HP-UX and others you may want to look at smbsh + 1 or at other solutions, such as + Sharity or perhaps replacing the SMB server with a NFS server. + + + + + + AUTHOR + + Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others. + + The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. + + + The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbpasswd.5.xml b/docs/manpages/smbpasswd.5.xml new file mode 100644 index 0000000000..cb6a6070bd --- /dev/null +++ b/docs/manpages/smbpasswd.5.xml @@ -0,0 +1,208 @@ + + %globalentities; +]> + + + + smbpasswd + 5 + + + + + smbpasswd + The Samba encrypted password file + + + + smbpasswd + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbpasswd is the Samba encrypted password file. It contains + the username, Unix user id and the SMB hashed passwords of the + user, as well as account flag information and the time the + password was last changed. This file format has been evolving with + Samba and has had several different formats in the past. + + + + FILE FORMAT + + The format of the smbpasswd file used by Samba 2.2 + is very similar to the familiar Unix passwd(5) + file. It is an ASCII file containing one line for each user. Each field + ithin each line is separated from the next by a colon. Any entry + beginning with '#' is ignored. The smbpasswd file contains the + following information for each user: + + + + name + This is the user name. It must be a name that + already exists in the standard UNIX passwd file. + + + + + uid + This is the UNIX uid. It must match the uid + field for the same user entry in the standard UNIX passwd file. + If this does not match then Samba will refuse to recognize + this smbpasswd file entry as being valid for a user. + + + + + + Lanman Password Hash + This is the LANMAN hash of the user's password, + encoded as 32 hex digits. The LANMAN hash is created by DES + encrypting a well known string with the user's password as the + DES key. This is the same password used by Windows 95/98 machines. + Note that this password hash is regarded as weak as it is + vulnerable to dictionary attacks and if two users choose the + same password this entry will be identical (i.e. the password + is not "salted" as the UNIX password is). If the user has a + null password this field will contain the characters "NO PASSWORD" + as the start of the hex string. If the hex string is equal to + 32 'X' characters then the user's account is marked as + disabled and the user will not be able to + log onto the Samba server. + + WARNING !! Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. + + + + + NT Password Hash + This is the Windows NT hash of the user's + password, encoded as 32 hex digits. The Windows NT hash is + created by taking the user's password as represented in + 16-bit, little-endian UNICODE and then applying the MD4 + (internet rfc1321) hashing algorithm to it. + + This password hash is considered more secure than + the LANMAN Password Hash as it preserves the case of the + password and uses a much higher quality hashing algorithm. + However, it is still the case that if two users choose the same + password this entry will be identical (i.e. the password is + not "salted" as the UNIX password is). + + WARNING !!. Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. + + + + + Account Flags + This section contains flags that describe + the attributes of the users account. In the Samba 2.2 release + this field is bracketed by '[' and ']' characters and is always + 13 characters in length (including the '[' and ']' characters). + The contents of this field may be any of the following characters: + + + + U - This means + this is a "User" account, i.e. an ordinary user. Only User + and Workstation Trust accounts are currently supported + in the smbpasswd file. + + N - This means the + account has no password (the passwords in the fields LANMAN + Password Hash and NT Password Hash are ignored). Note that this + will only allow users to log on with no password if the + null passwords parameter is set in the + smb.conf + 5 config file. + + D - This means the account + is disabled and no SMB/CIFS logins will be allowed for this user. + + W - This means this account + is a "Workstation Trust" account. This kind of account is used + in the Samba PDC code stream to allow Windows NT Workstations + and Servers to join a Domain hosted by a Samba PDC. + + + + Other flags may be added as the code is extended in future. + The rest of this field space is filled in with spaces. + + + + + + Last Change Time + This field consists of the time the account was + last modified. It consists of the characters 'LCT-' (standing for + "Last Change Time") followed by a numeric encoding of the UNIX time + in seconds since the epoch (1970) that the last change was made. + + + + + All other colon separated fields are ignored at this time. + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbpasswd + 8, Samba + 7, and + the Internet RFC1321 for details on the MD4 algorithm. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbpasswd.8.xml b/docs/manpages/smbpasswd.8.xml new file mode 100644 index 0000000000..3ee3a9e12e --- /dev/null +++ b/docs/manpages/smbpasswd.8.xml @@ -0,0 +1,405 @@ + + %globalentities; +]> + + + + smbpasswd + 8 + + + + + smbpasswd + change a user's SMB password + + + + + smbpasswd + -a + -x + -d + -e + -D debuglevel + -n + -r <remote machine> + -R <name resolve order> + -m + -U username[%password] + -h + -s + -w pass + -i + -L + username + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + The smbpasswd program has several different + functions, depending on whether it is run by the root user + or not. When run as a normal user it allows the user to change + the password used for their SMB sessions on any machines that store + SMB passwords. + + By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. This is + similar to the way the passwd(1) program works. + smbpasswd differs from how the passwd program works + however in that it is not setuid root but works in + a client-server mode and communicates with a + locally running smbd + 8. As a consequence in order for this to + succeed the smbd daemon must be running on the local machine. On a + UNIX machine the encrypted SMB passwords are usually stored in + the smbpasswd + 5 file. + + When run by an ordinary user with no options, smbpasswd + will prompt them for their old SMB password and then ask them + for their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the screen + whilst being typed. If you have a blank SMB password (specified by + the string "NO PASSWORD" in the smbpasswd file) then just press + the <Enter> key when asked for your old password. + + smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary Domain + Controllers. See the (-r) and -U options + below. + + When run by root, smbpasswd allows new users to be added + and deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run by root, + smbpasswd accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is not + running. + + + + OPTIONS + + + -a + This option specifies that the username + following should be added to the local smbpasswd file, with the + new password typed (type <Enter> for the old password). This + option is ignored if the username following already exists in + the smbpasswd file and it is treated like a regular change + password command. Note that the default passdb backends require + the user to already exist in the system password file (usually + /etc/passwd), else the request to add the + user will fail. + + This option is only available when running smbpasswd + as root. + + + + + + -x + This option specifies that the username + following should be deleted from the local smbpasswd file. + + + This option is only available when running smbpasswd as + root. + + + + + + -d + This option specifies that the username following + should be disabled in the local smbpasswd + file. This is done by writing a 'D' flag + into the account control space in the smbpasswd file. Once this + is done all attempts to authenticate via SMB using this username + will fail. + + If the smbpasswd file is in the 'old' format (pre-Samba 2.0 + format) there is no space in the user's password entry to write + this information and the command will FAIL. See smbpasswd + 5 for details on the 'old' and new password file formats. + + + This option is only available when running smbpasswd as + root. + + + + + -e + This option specifies that the username following + should be enabled in the local smbpasswd file, + if the account was previously disabled. If the account was not + disabled this option has no effect. Once the account is enabled then + the user will be able to authenticate via SMB once again. + + If the smbpasswd file is in the 'old' format, then + smbpasswd will FAIL to enable the account. + See smbpasswd + 5 for + details on the 'old' and new password file formats. + + This option is only available when running smbpasswd as root. + + + + + + + -D debuglevel + debuglevel is an integer + from 0 to 10. The default value if this parameter is not specified + is zero. + + The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged. + + Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. + + + + + + + -n + This option specifies that the username following + should have their password set to null (i.e. a blank password) in + the local smbpasswd file. This is done by writing the string "NO + PASSWORD" as the first part of the first password stored in the + smbpasswd file. + + Note that to allow users to logon to a Samba server once + the password has been set to "NO PASSWORD" in the smbpasswd + file the administrator must set the following parameter in the [global] + section of the smb.conf file : + + null passwords = yes + + This option is only available when running smbpasswd as + root. + + + + + + -r remote machine name + This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The remote + machine name is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the -R + name resolve order parameter for details on changing + this resolving mechanism. + + The username whose password is changed is that of the + current UNIX logged on user. See the -U username + parameter for details on changing the password for a different + username. + + Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change). + + Note that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target. + + + + + + -R name resolve order + This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to. + + The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows: + + lmhosts: Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts + 5 for details) then + any name type matches for lookup. + + host: Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored. + + wins: Query a name with + the IP address listed in the wins server + parameter. If no WINS server has been specified this method + will be ignored. + + bcast: Do a broadcast on + each of the known local interfaces listed in the + interfaces parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet. + + + The default order is lmhosts, host, wins, bcast + and without this parameter or any entry in the smb.conf + 5 file the name resolution methods will + be attempted in this order. + + + + + -m + This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller. + + This option is only available when running smbpasswd as root. + + + + + + -U username + This option may only be used in conjunction + with the -r option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords. + + + + + -h + This option prints the help string for + smbpasswd, selecting the correct one for running as root + or as an ordinary user. + + + + + -s + This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from /dev/tty + (like the passwd(1) program does). This option + is to aid people writing scripts to drive smbpasswd + + + + + + -w password + This parameter is only available if Samba + has been configured to use the experimental + --with-ldapsam option. The -w + switch is used to specify the password to be used with the + ldap admin dn. Note that the password is stored in + the secrets.tdb and is keyed off + of the admin's DN. This means that if the value of ldap + admin dn ever changes, the password will need to be + manually updated as well. + + + + + + -i + This option tells smbpasswd that the account + being changed is an interdomain trust account. Currently this is used + when Samba is being used as an NT Primary Domain Controller. + The account contains the info about another trusted domain. + + This option is only available when running smbpasswd as root. + + + + + -L + Run in local mode. + + + + username + This specifies the username for all of the + root only options to operate on. Only root + can specify this parameter as only root has the permission needed + to modify attributes directly in the local smbpasswd file. + + + + + + + + NOTES + + Since smbpasswd works in client-server + mode communicating with a local smbd for a non-root user then + the smbd daemon must be running for this to work. A common problem + is to add a restriction to the hosts that may access the + smbd running on the local machine by specifying either allow + hosts or deny hosts entry in + the smb.conf + 5 file and neglecting to + allow "localhost" access to the smbd. + + In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + smbpasswd + 5, Samba + 7. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbsh.1.xml b/docs/manpages/smbsh.1.xml new file mode 100644 index 0000000000..36319085b8 --- /dev/null +++ b/docs/manpages/smbsh.1.xml @@ -0,0 +1,164 @@ + + %globalentities; +]> + + + + smbsh + 1 + + + + + smbsh + Allows access to remote SMB shares + using UNIX commands + + + + + smbsh + -W workgroup + -U username + -P prefix + -R <name resolve order> + -d <debug level> + -l logdir + -L libdir + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbsh allows you to access an NT filesystem + using UNIX commands such as ls, + egrep, and rcp. You must use a + shell that is dynamically linked in order for smbsh + to work correctly. + + + + OPTIONS + + + + -W WORKGROUP + Override the default workgroup specified in the + workgroup parameter of the smb.conf + 5 file + for this session. This may be needed to connect to some + servers. + + + + -U username[%pass] + Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. + + + + + -P prefix + This option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + smb. + + + + &stdarg.configfile; + &stdarg.debug; + &stdarg.resolve.order; + + + -L libdir + This parameter specifies the location of the + shared libraries used by smbsh. The default + value is specified at compile time. + + + + + + + + EXAMPLES + + To use the smbsh command, execute + smbsh from the prompt and enter the username and password + that authenticates you to the machine running the Windows NT + operating system. + +system% smbsh +Username: user +Password: XXXXXXX + + + + Any dynamically linked command you execute from + this shell will access the /smb directory + using the smb protocol. For example, the command ls /smb + will show a list of workgroups. The command + ls /smb/MYGROUP will show all the machines in + the workgroup MYGROUP. The command + ls /smb/MYGROUP/<machine-name> will show the share + names for that machine. You could then, for example, use the + cd command to change directories, vi to + edit files, and rcp to copy files. + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + BUGS + + smbsh works by intercepting the standard + libc calls with the dynamically loaded versions in + smbwrapper.o. Not all calls have been "wrapped", so + some programs may not function correctly under smbsh + . + + Programs which are not dynamically linked cannot make + use of smbsh's functionality. Most versions + of UNIX have a file command that will + describe how a program was linked. + + + + + SEE ALSO + smbd + 8, smb.conf + 5 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbspool.8.xml b/docs/manpages/smbspool.8.xml new file mode 100644 index 0000000000..ec62a0d5df --- /dev/null +++ b/docs/manpages/smbspool.8.xml @@ -0,0 +1,132 @@ + + %globalentities; +]> + + + + smbspool + 8 + + + + + smbspool + send a print file to an SMB printer + + + + + smbspool + job + user + title + copies + options + filename + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbspool is a very small print spooling program that + sends a print file to an SMB printer. The command-line arguments + are position-dependent for compatibility with the Common UNIX + Printing System, but you can use smbspool with any printing system + or from a program or script. + + DEVICE URI + + smbspool specifies the destination using a Uniform Resource + Identifier ("URI") with a method of "smb". This string can take + a number of forms: + + + smb://server/printer + smb://workgroup/server/printer + smb://username:password@server/printer + smb://username:password@workgroup/server/printer + + + smbspool tries to get the URI from argv[0]. If argv[0] + contains the name of the program then it looks in the + DEVICE_URI environment variable. + + Programs using the exec(2) functions can + pass the URI in argv[0], while shell scripts must set the + DEVICE_URI environment variable prior to + running smbspool. + + + + OPTIONS + + + The job argument (argv[1]) contains the + job ID number and is presently not used by smbspool. + + + The user argument (argv[2]) contains the + print user's name and is presently not used by smbspool. + + + The title argument (argv[3]) contains the + job title string and is passed as the remote file name + when sending the print job. + + The copies argument (argv[4]) contains + the number of copies to be printed of the named file. If + no filename is provided then this argument is not used by + smbspool. + + The options argument (argv[5]) contains + the print options in a single string and is currently + not used by smbspool. + + The filename argument (argv[6]) contains the + name of the file to print. If this argument is not specified + then the print file is read from the standard input. + + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + smbd + 8 and Samba + 7. + + + + AUTHOR + + smbspool was written by Michael Sweet + at Easy Software Products. + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbstatus.1.xml b/docs/manpages/smbstatus.1.xml new file mode 100644 index 0000000000..1e96b39263 --- /dev/null +++ b/docs/manpages/smbstatus.1.xml @@ -0,0 +1,140 @@ + + %globalentities; +]> + + + + smbstatus + 1 + + + + + smbstatus + report on current Samba connections + + + + + smbstatus + -P + -b + -d <debug level> + -v + -L + -B + -p + -S + -s <configuration file> + -u <username> + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbstatus is a very simple program to + list the current Samba connections. + + + + OPTIONS + + + + -P|--profile + If samba has been compiled with the + profiling option, print only the contents of the profiling + shared memory area. + + + + -b|--brief + gives brief output. + + + &popt.common.samba; + + + -v|--verbose + gives verbose output. + + + + + -L|--locks + causes smbstatus to only list locks. + + + + + + -B|--byterange + causes smbstatus to include byte range locks. + + + + + + -p|--processes + print a list of smbd + 8 processes and exit. + Useful for scripting. + + + + + -S|--shares + causes smbstatus to only list shares. + + + + &stdarg.help; + + + -u|--user=<username> + selects information relevant to + username only. + + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbd + 8 and smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbtar.1.xml b/docs/manpages/smbtar.1.xml new file mode 100644 index 0000000000..c773937844 --- /dev/null +++ b/docs/manpages/smbtar.1.xml @@ -0,0 +1,237 @@ + + %globalentities; +]> + + + + smbtar + 1 + + + + + smbtar + shell script for backing up SMB/CIFS shares + directly to UNIX tape drives + + + + + smbtar + -r + -i + -a + -v + -s server + -p password + -x services + -X + -N filename + -b blocksize + -d directory + -l loglevel + -u user + -t tape + filenames + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbtar is a very small shell script on top + of smbclient1 + which dumps SMB shares directly to tape. + + + + OPTIONS + + + + -s server + The SMB/CIFS server that the share resides + upon. + + + + + -x service + The share name on the server to connect to. + The default is "backup". + + + + + -X + Exclude mode. Exclude filenames... from tar + create or restore. + + + + + + -d directory + Change to initial directory + before restoring / backing up files. + + + + + + -v + Verbose mode. + + + + + + -p password + The password to use to access a share. + Default: none + + + + + -u user + The user id to connect as. Default: + UNIX login name. + + + + + -a + Reset DOS archive bit mode to + indicate file has been archived. + + + + -t tape + Tape device. May be regular file or tape + device. Default: $TAPE environmental + variable; if not set, a file called tar.out + . + + + + + -b blocksize + Blocking factor. Defaults to 20. See + tar(1) for a fuller explanation. + + + + + -N filename + Backup only files newer than filename. Could + be used (for example) on a log file to implement incremental + backups. + + + + + -i + Incremental mode; tar files are only backed + up if they have the archive bit set. The archive bit is reset + after each file is read. + + + + + -r + Restore. Files are restored to the share + from the tar file. + + + + + + -l log level + Log (debug) level. Corresponds to the + -d flag of + smbclient1 + . + + + + + + + ENVIRONMENT VARIABLES + + The $TAPE variable specifies the + default tape device to write to. May be overridden + with the -t option. + + + + + BUGS + + The smbtar script has different + options from ordinary tar and from smbclient's tar command. + + + + + CAVEATS + + Sites that are more careful about security may not like + the way the script handles PC passwords. Backup and restore work + on entire shares; should work on file lists. smbtar works best + with GNU tar and may not work well with other versions. + + + + + DIAGNOSTICS + + See the DIAGNOSTICS section for the + smbclient1 + command. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbd + 8, + smbclient1 + , smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + +Ricky Poulten + wrote the tar extension and this man page. The smbtar + script was heavily rewritten and improved by Martin Kraemer. Many + thanks to everyone who suggested extensions, improvements, bug + fixes, etc. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/smbtree.1.xml b/docs/manpages/smbtree.1.xml new file mode 100644 index 0000000000..f9661f4849 --- /dev/null +++ b/docs/manpages/smbtree.1.xml @@ -0,0 +1,95 @@ + + %globalentities; +]> + + + + smbtree + 1 + + + + + smbtree + A text based smb network browser + + + + + + smbtree + -b + -D + -S + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + smbtree is a smb browser program + in text mode. It is similar to the "Network Neighborhood" found + on Windows computers. It prints a tree with all + the known domains, the servers in those domains and + the shares on the servers. + + + + + + OPTIONS + + + + -b + Query network nodes by sending requests + as broadcasts instead of querying the local master browser. + + + + + -D + Only print a list of all + the domains known on broadcast or by the + master browser + + + + -S + Only print a list of + all the domains and servers responding on broadcast or + known by the master browser. + + + + &popt.common.samba; + &popt.common.credentials; + &stdarg.help; + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The smbtree man page was written by Jelmer Vernooij. + + + diff --git a/docs/manpages/smbumount.8.xml b/docs/manpages/smbumount.8.xml new file mode 100644 index 0000000000..d8feb8e938 --- /dev/null +++ b/docs/manpages/smbumount.8.xml @@ -0,0 +1,78 @@ + + %globalentities; +]> + + + + smbumount + 8 + + + + + smbumount + smbfs umount for normal users + + + + + smbumount + mount-point + + + + + DESCRIPTION + + With this program, normal users can unmount smb-filesystems, + provided that it is suid root. smbumount has + been written to give normal Linux users more control over their + resources. It is safe to install this program suid root, because only + the user who has mounted a filesystem is allowed to unmount it again. + For root it is not necessary to use smbumount. The normal umount + program works perfectly well, but it would certainly be problematic + to make umount setuid root. + + + + OPTIONS + + + + mount-point + The directory to unmount. + + + + + + + SEE ALSO + + smbmount + 8 + + + + + AUTHOR + + Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others. + + The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. + + + The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 + was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/swat.8.xml b/docs/manpages/swat.8.xml new file mode 100644 index 0000000000..902918d932 --- /dev/null +++ b/docs/manpages/swat.8.xml @@ -0,0 +1,227 @@ + + %globalentities; +]> + + + + swat + 8 + + + + + swat + Samba Web Administration Tool + + + + + swat + -s <smb config file> + -a + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + + swat allows a Samba administrator to + configure the complex smb.conf + 5 file via a Web browser. In addition, + a swat configuration page has help links + to all the configurable options in the smb.conf file allowing an + administrator to easily look up the effects of any change. + + swat is run from inetd + + + + + OPTIONS + + + + -s smb configuration file + The default configuration file path is + determined at compile time. The file specified contains + the configuration details required by the smbd + 8 server. This is the file + that swat will modify. + The information in this file includes server-specific + information such as what printcap file to use, as well as + descriptions of all the services that the server is to provide. + See smb.conf for more information. + + + + + + -a + This option disables authentication and puts + swat in demo mode. In that mode anyone will be able to modify + the smb.conf file. + + WARNING: Do NOT enable this option on a production + server. + + + &popt.common.samba; + &stdarg.help; + + + + + + + + INSTALLATION + + Swat is included as binary package with most distributions. The + package manager in this case takes care of the installation and + configuration. This section is only for those who have compiled + swat from scratch. + + + After you compile SWAT you need to run make install + to install the swat binary + and the various help files and images. A default install would put + these in: + + + /usr/local/samba/bin/swat + /usr/local/samba/swat/images/* + /usr/local/samba/swat/help/* + + + + Inetd Installation + + You need to edit your /etc/inetd.conf + and /etc/services + to enable SWAT to be launched via inetd. + + In /etc/services you need to + add a line like this: + + swat 901/tcp + + Note for NIS/YP and LDAP users - you may need to rebuild the + NIS service maps rather than alter your local + /etc/services file. + + the choice of port number isn't really important + except that it should be less than 1024 and not currently + used (using a number above 1024 presents an obscure security + hole depending on the implementation details of your + inetd daemon). + + In /etc/inetd.conf you should + add a line like this: + + swat stream tcp nowait.400 root + /usr/local/samba/bin/swat swat + + Once you have edited /etc/services + and /etc/inetd.conf you need to send a + HUP signal to inetd. To do this use kill -1 PID + where PID is the process ID of the inetd daemon. + + + + + + + + + LAUNCHING + + To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/". + + Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. + + + + FILES + + + + /etc/inetd.conf + This file must contain suitable startup + information for the meta-daemon. + + + + /etc/services + This file must contain a mapping of service name + (e.g., swat) to service port (e.g., 901) and protocol type + (e.g., tcp). + + + + /usr/local/samba/lib/smb.conf + This is the default location of the + smb.conf5 + server configuration file that swat edits. Other + common places that systems install this file are + /usr/samba/lib/smb.conf and /etc/smb.conf + . This file describes all the services the server + is to make available to clients. + + + + + + + WARNINGS + + swat will rewrite your + smb.conf5 + file. It will rearrange the entries and delete all + comments, include= and copy= + options. If you have a carefully crafted + smb.conf then back it up or don't use swat! + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + SEE ALSO + inetd(5), + smbd8 + , smb.conf + 5 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/tdbbackup.8.xml b/docs/manpages/tdbbackup.8.xml new file mode 100644 index 0000000000..e5f060b101 --- /dev/null +++ b/docs/manpages/tdbbackup.8.xml @@ -0,0 +1,135 @@ + + %globalentities; +]> + + + + tdbbackup + 8 + + + + + tdbbackup + tool for backing up and for validating the integrity of samba .tdb files + + + + + tdbbackup + -s suffix + -v + -h + + + + + DESCRIPTION + + This tool is part of the Samba + 1 suite. + + tdbbackup is a tool that may be used to backup samba .tdb + files. This tool may also be used to verify the integrity of the .tdb files prior + to samba startup, in which case, if it find file damage and it finds a prior backup + it will restore the backup file. + + + + + + OPTIONS + + + + + -h + + Get help information. + + + + + -s suffix + + The -s option allows the adminisistrator to specify a file + backup extension. This way it is possible to keep a history of tdb backup + files by using a new suffix for each backup. + + + + + -v + + The -v will check the database for damages (currupt data) + which if detected causes the backup to be restored. + + + + + + + + + COMMANDS + + GENERAL INFORMATION + + + The tdbbackup utility should be run as soon as samba has shut down. + Do NOT run this command on a live database. Typical usage for the command will be: + + + tdbbackup [-s suffix] *.tdb + + + Before restarting samba the following command may be run to validate .tdb files: + + + tdbbackup -v [-s suffix] *.tdb + + + Samba .tdb files are stored in various locations, be sure to run backup all + .tdb file on the system. Imporatant files includes: + + + + + secrets.tdb - usual location is in the /usr/local/samba/private + directory, or on some systems in /etc/samba. + + + + passdb.tdb - usual location is in the /usr/local/samba/private + directory, or on some systems in /etc/samba. + + + + *.tdb located in the /usr/local/samba/var directory or on some + systems in the /var/cache or /var/lib/samba directories. + + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + + The original Samba software and related utilities were created by Andrew Tridgell. + Samba is now developed by the Samba Team as an Open Source project similar to the way + the Linux kernel is developed. + + + The tdbbackup man page was written by John H Terpstra. + + + diff --git a/docs/manpages/tdbdump.8.xml b/docs/manpages/tdbdump.8.xml new file mode 100644 index 0000000000..c31bef480b --- /dev/null +++ b/docs/manpages/tdbdump.8.xml @@ -0,0 +1,61 @@ + + %globalentities; +]> + + + + tdbdump + 8 + + + + + tdbdump + tool for printing the contents of a TDB file + + + + + tdbdump + filename + + + + + DESCRIPTION + + This tool is part of the Samba + 1 suite. + + tdbdump is a very simple utility that 'dumps' the + contents of a TDB (Trivial DataBase) file to standard output in a + human-readable format. + + + This tool can be used when debugging problems with TDB files. It is + intended for those who are somewhat familiar with Samba internals. + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba suite. + + + + AUTHOR + + + The original Samba software and related utilities were created by Andrew Tridgell. + Samba is now developed by the Samba Team as an Open Source project similar to the way + the Linux kernel is developed. + + + The tdbdump man page was written by Jelmer Vernooij. + + + diff --git a/docs/manpages/testparm.1.xml b/docs/manpages/testparm.1.xml new file mode 100644 index 0000000000..84ead17234 --- /dev/null +++ b/docs/manpages/testparm.1.xml @@ -0,0 +1,191 @@ + + %globalentities; +]> + + + + testparm + 1 + + + + + testparm + check an smb.conf configuration file for + internal correctness + + + + + testparm + -s + -h + -v + -L <servername> + -t <encoding> + config filename + hostname hostIP + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + testparm is a very simple test program + to check an smbd + 8 configuration file for + internal correctness. If this program reports no problems, you + can use the configuration file with confidence that smbd + will successfully load the configuration file. + + + Note that this is NOT a guarantee that + the services specified in the configuration file will be + available or will operate as expected. + + If the optional host name and host IP address are + specified on the command line, this test program will run through + the service entries reporting whether the specified host + has access to each service. + + If testparm finds an error in the + smb.conf file it returns an exit code of 1 to the calling + program, else it returns an exit code of 0. This allows shell scripts + to test the output from testparm. + + + + OPTIONS + + + + -s + Without this option, testparm + will prompt for a carriage return after printing the service + names and before dumping the service definitions. + + + &stdarg.help; + &stdarg.version; + + + -L servername + Sets the value of the %L macro to servername. + This is useful for testing include files specified with the + %L macro. + + + + -v + If this option is specified, testparm + will also output all options that were not used in + smb.conf5 + and are thus set to their defaults. + + + + -t encoding + + Output data in specified encoding. + + + + + configfilename + This is the name of the configuration file + to check. If this parameter is not present then the + default smb.conf5 + file will be checked. + + + + + + hostname + If this parameter and the following are + specified, then testparm will examine the hosts + allow and hosts deny + parameters in the + smb.conf5 + file to + determine if the hostname with this IP address would be + allowed access to the smbd server. If + this parameter is supplied, the hostIP parameter must also + be supplied. + + + + + hostIP + This is the IP address of the host specified + in the previous parameter. This address must be supplied + if the hostname parameter is supplied. + + + + + + FILES + + + + smb.conf5 + + This is usually the name of the configuration + file used by smbd8 + . + + + + + + + DIAGNOSTICS + + The program will issue a message saying whether the + configuration file loaded OK or not. This message may be preceded by + errors and warnings if the file did not load. If the file was + loaded OK, the program then dumps all known service details + to stdout. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + smb.conf5 + , + smbd8 + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/testprns.1.xml b/docs/manpages/testprns.1.xml new file mode 100644 index 0000000000..50584f5a18 --- /dev/null +++ b/docs/manpages/testprns.1.xml @@ -0,0 +1,148 @@ + + %globalentities; +]> + + + + testprns + 1 + + + + + testprns + check printer name for validity with smbd + + + + + testprns + printername + printcapname + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + testprns is a very simple test program + to determine whether a given printer name is valid for use in + a service to be provided by smbd + 8. + + "Valid" in this context means "can be found in the + printcap specified". This program is very stupid - so stupid in + fact that it would be wisest to always specify the printcap file + to use. + + + + + + OPTIONS + + + + printername + The printer name to validate. + + Printer names are taken from the first field in each + record in the printcap file, single printer names and sets + of aliases separated by vertical bars ("|") are recognized. + Note that no validation or checking of the printcap syntax is + done beyond that required to extract the printer name. It may + be that the print spooling system is more forgiving or less + forgiving than testprns. However, if + testprns finds the printer then + smbd8 + should do so as well. + + + + printcapname + This is the name of the printcap file within + which to search for the given printer name. + + If no printcap name is specified testprns + will attempt to scan the printcap file name + specified at compile time. + + + + + + + FILES + + + + /etc/printcap + This is usually the default printcap + file to scan. See printcap (5). + + + + + + + + DIAGNOSTICS + + If a printer is found to be valid, the message + "Printer name <printername> is valid" will be + displayed. + + If a printer is found to be invalid, the message + "Printer name <printername> is not valid" will be + displayed. + + All messages that would normally be logged during + operation of the Samba daemons are logged by this program to the + file test.log in the current directory. The + program runs at debuglevel 3, so quite extensive logging + information is written. The log should be checked carefully + for errors and warnings. + + Other messages are self-explanatory. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + printcap(5), + smbd + 8, smbclient + 1 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 + for Samba 3.0 was done by Alexander Bokovoy. + + + + diff --git a/docs/manpages/vfstest.1.xml b/docs/manpages/vfstest.1.xml new file mode 100644 index 0000000000..7b68963fba --- /dev/null +++ b/docs/manpages/vfstest.1.xml @@ -0,0 +1,152 @@ + + %globalentities; +]> + + + + vfstest + 1 + + + + + vfstest + tool for testing samba VFS modules + + + + + vfstest + -d debuglevel + -c command + -l logdir + -h + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + vfstest is a small command line + utility that has the ability to test dso samba VFS modules. It gives the + user the ability to call the various VFS functions manually and + supports cascaded VFS modules. + + + + + + OPTIONS + + + + + -c|--command=command + Execute the specified (colon-separated) commands. + See below for the commands that are available. + + + + &stdarg.help; + + + -l|--logfile=logbasename + File name for log/debug files. The extension + '.client' will be appended. The log file is never removed + by the client. + + + + &popt.common.samba; + + + + + + + COMMANDS + + VFS COMMANDS + + load <module.so> - Load specified VFS module + + populate <char> <size> - Populate a data buffer with the specified data + + + showdata [<offset> <len>] - Show data currently in data buffer + + + connect - VFS connect() + disconnect - VFS disconnect() + disk_free - VFS disk_free() + opendir - VFS opendir() + readdir - VFS readdir() + mkdir - VFS mkdir() + rmdir - VFS rmdir() + closedir - VFS closedir() + open - VFS open() + close - VFS close() + read - VFS read() + write - VFS write() + lseek - VFS lseek() + rename - VFS rename() + fsync - VFS fsync() + stat - VFS stat() + fstat - VFS fstat() + lstat - VFS lstat() + unlink - VFS unlink() + chmod - VFS chmod() + fchmod - VFS fchmod() + chown - VFS chown() + fchown - VFS fchown() + chdir - VFS chdir() + getwd - VFS getwd() + utime - VFS utime() + ftruncate - VFS ftruncate() + lock - VFS lock() + symlink - VFS symlink() + readlink - VFS readlink() + link - VFS link() + mknod - VFS mknod() + realpath - VFS realpath() + + + GENERAL COMMANDS + + conf <smb.conf> - Load a different configuration file + + help [<command>] - Get list of commands or info about specified command + + debuglevel <level> - Set debug level + + freemem - Free memory currently in use + + exit - Exit vfstest + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The vfstest man page was written by Jelmer Vernooij. + + + diff --git a/docs/manpages/wbinfo.1.xml b/docs/manpages/wbinfo.1.xml new file mode 100644 index 0000000000..728e4f166a --- /dev/null +++ b/docs/manpages/wbinfo.1.xml @@ -0,0 +1,325 @@ + + %globalentities; +]> + + + + wbinfo + 1 + + + + + wbinfo + Query information from winbind daemon + + + + + wbinfo + -a user%password + -c username + -C groupname + --domain domain + -I ip + -s sid + -u + -U uid + -g + --get-auth-user + -G gid + -m + -n name + -N netbios-name + -o user:group + -O user:group + -p + -r user + --set-auth-user user%password + --sequence + -S sid + -t + -x username + -X groupname + -Y sid + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + The wbinfo program queries and returns information + created and used by the winbindd + 8 daemon. + + The winbindd + 8 daemon must be configured + and running for the wbinfo program to be able + to return information. + + + + OPTIONS + + + + -a username%password + Attempt to authenticate a user via winbindd. + This checks both authenticaion methods and reports its results. + + + + + -c user + Create a local winbind user. + + + + + -C group + Create a local winbindd group. + + + + + --domain name + This parameter sets the domain on which any specified + operations will performed. If special domain name '.' is used to represent + the current domain to which winbindd belongs. Currently only the + , + , and options honor this parameter. + + + + + -g + This option will list all groups available + in the Windows NT domain for which the Samba + 7 daemon is operating in. Groups in all trusted domains + will also be listed. Note that this operation does not assign + group ids to any groups that have not already been + seen by winbindd + 8. + + + + --get-auth-user + Print username and password used by winbindd + during session setup to a domain controller. Username + and password can be set using '-A'. Only available for + root. + + + + -G gid + Try to convert a UNIX group id to a Windows + NT SID. If the gid specified does not refer to one within + the idmap gid range then the operation will fail. + + + + -I ip + The -I option + queries winbindd + 8 to send a node status + request to get the NetBIOS name associated with the IP address + specified by the ip parameter. + + + + + + -m + Produce a list of domains trusted by the + Windows NT server winbindd + 8 contacts + when resolving names. This list does not include the Windows + NT domain the server is a Primary Domain Controller for. + + + + + -n name + The -n option + queries winbindd + 8 for the SID + associated with the name specified. Domain names can be specified + before the user name by using the winbind separator character. + For example CWDOM1/Administrator refers to the Administrator + user in the domain CWDOM1. If no domain is specified then the + domain used is the one specified in the smb.conf + 5 workgroup + parameter. + + + + -N name + The -N option + queries winbindd + 8 to query the WINS + server for the IP address associated with the NetBIOS name + specified by the name parameter. + + + + + -o user:group + Add a winbindd local group as a secondary group + for the specified winbindd local user. + + + + + -O user:group + Remove a winbindd local group as a secondary group + for the specified winbindd local user. + + + + + -p + Check whether winbindd is still alive. + Prints out either 'succeeded' or 'failed'. + + + + + -r username + Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. + + + + + -s sid + Use -s to resolve + a SID to a name. This is the inverse of the -n + option above. SIDs must be specified as ASCII strings + in the traditional Microsoft format. For example, + S-1-5-21-1455342024-3071081365-2475485837-500. + + + + --set-auth-user username%password + Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatiable with + Windows 2000 servers only). + + + + + --sequence + Show sequence numbers of + all known domains + + + + -S sid + Convert a SID to a UNIX user id. If the SID + does not correspond to a UNIX user mapped by + winbindd8 + then the operation will fail. + + + + -t + Verify that the workstation trust account + created when the Samba server is added to the Windows NT + domain is working. + + + + -u + This option will list all users available + in the Windows NT domain for which the winbindd + 8 daemon is operating in. Users in all trusted domains + will also be listed. Note that this operation does not assign + user ids to any users that have not already been seen by + winbindd8 + . + + + + -U uid + Try to convert a UNIX user id to a Windows NT + SID. If the uid specified does not refer to one within + the idmap uid range then the operation will fail. + + + + -x user + Delete an existing local winbind user. + + + + + -X group + Delete an existing local winbindd group. + + + + + -Y sid + Convert a SID to a UNIX group id. If the SID + does not correspond to a UNIX group mapped by + winbindd8 then + the operation will fail. + + + + &stdarg.version; + &stdarg.help; + + + + + + + EXIT STATUS + + The wbinfo program returns 0 if the operation + succeeded, or 1 if the operation failed. If the + winbindd8 + daemon is not working wbinfo will always return + failure. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + winbindd + 8 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + wbinfo and winbindd + were written by Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for Samba + 3.0 was done by Alexander Bokovoy. + + + diff --git a/docs/manpages/winbindd.8.xml b/docs/manpages/winbindd.8.xml new file mode 100644 index 0000000000..0986b10119 --- /dev/null +++ b/docs/manpages/winbindd.8.xml @@ -0,0 +1,464 @@ + + %globalentities; +]> + + + + winbindd + 8 + + + + + winbindd + Name Service Switch daemon for resolving names + from NT servers + + + + + winbindd + -F + -S + -i + -Y + -d <debug level> + -s <smb config file> + -n + + + + + DESCRIPTION + + This program is part of the Samba + 7 suite. + + winbindd is a daemon that provides + a service for the Name Service Switch capability that is present + in most modern C libraries. The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the /etc/nsswitch.conf file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the + Samba system. + + The service provided by winbindd is called `winbind' and + can be used to resolve user and group information from a + Windows NT server. The service can also provide authentication + services via an associated PAM module. + + + The pam_winbind module in the 2.2.2 release only + supports the auth and account + module-types. The latter simply + performs a getpwnam() to verify that the system can obtain a uid for the + user. If the libnss_winbind library has been correctly + installed, this should always succeed. + + + The following nsswitch databases are implemented by + the winbindd service: + + + + hosts + This feature is only available on IRIX. + User information traditionally stored in + the hosts(5) file and used by + gethostbyname(3) functions. Names are + resolved through the WINS server or by broadcast. + + + + + passwd + User information traditionally stored in + the passwd(5) file and used by + getpwent(3) functions. + + + + group + Group information traditionally stored in + the group(5) file and used by + getgrent(3) functions. + + + + For example, the following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve user and group information from /etc/passwd + and /etc/group and then from the + Windows NT server. + +passwd: files winbind +group: files winbind +## only available on IRIX; Linux users should us libnss_wins.so +hosts: files dns winbind + + + The following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve hostnames from /etc/hosts and then from the + WINS server. + +hosts: files wins + + + + + + + OPTIONS + + + + -F + If specified, this parameter causes + the main winbindd process to not daemonize, + i.e. double-fork and disassociate with the terminal. + Child processes are still created as normal to service + each connection request, but the main process does not + exit. This operation mode is suitable for running + winbindd under process supervisors such + as supervise and svscan + from Daniel J. Bernstein's daemontools + package, or the AIX process monitor. + + + + + -S + If specified, this parameter causes + winbindd to log to standard output rather + than a file. + + + &popt.common.samba; + &stdarg.help; + + + -i + Tells winbindd to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging + of winbindd is required. + winbindd also logs to standard output, + as if the -S parameter had been given. + + + + + -n + Disable caching. This means winbindd will + always have to wait for a response from the domain controller + before it can respond to a client and this thus makes things + slower. The results will however be more accurate, since + results from the cache might not be up-to-date. This + might also temporarily hang winbindd if the DC doesn't respond. + + + + + -Y + Single daemon mode. This means winbindd will run + as a single process (the mode of operation in Samba 2.2). Winbindd's + default behavior is to launch a child process that is responsible for + updating expired cache entries. + + + + + + + + + NAME AND ID RESOLUTION + + Users and groups on a Windows NT server are assigned + a relative id (rid) which is unique for the domain when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between rids and unix user + and group ids is required. This is one of the jobs that + winbindd performs. + + As winbindd users and groups are resolved from a server, user + and group ids are allocated from a specified range. This + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored + in a database file under the Samba lock directory and will be + remembered. + + WARNING: The rid to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + file is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user + and group rids. + + + + + CONFIGURATION + + Configuration of the winbindd daemon + is done through configuration parameters in the + smb.conf5 + file. All parameters should be specified in the + [global] section of smb.conf. + + + + winbind separator + + idmap uid + + idmap gid + + winbind cache time + + winbind enum users + + winbind enum groups + + template homedir + + template shell + + winbind use default domain + + + + + + EXAMPLE SETUP + + To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the + following setup. This was tested on a RedHat 6.2 Linux box. + + In /etc/nsswitch.conf put the + following: + +passwd: files winbind +group: files winbind + + + In /etc/pam.d/* replace the + auth lines with something like this: + +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok + + + + Note in particular the use of the sufficient + keyword and the use_first_pass keyword. + + Now replace the account lines with this: + + account required /lib/security/pam_winbind.so + + + The next step is to join the domain. To do that use the + net program like this: + + net join -S PDC -U Administrator + + The username after the -U can be any + Domain user that has administrator privileges on the machine. + Substitute the name or IP of your PDC for "PDC". + + Next copy libnss_winbind.so to + /lib and pam_winbind.so + to /lib/security. A symbolic link needs to be + made from /lib/libnss_winbind.so to + /lib/libnss_winbind.so.2. If you are using an + older version of glibc then the target of the link should be + /lib/libnss_winbind.so.1. + + Finally, setup a smb.conf + 5 containing directives like the + following: + +[global] + winbind separator = + + winbind cache time = 10 + template shell = /bin/bash + template homedir = /home/%D/%U + idmap uid = 10000-20000 + idmap gid = 10000-20000 + workgroup = DOMAIN + security = domain + password server = * + + + + Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the + commands getent passwd and getent group + to confirm the correct operation of winbindd. + + + + + NOTES + + The following notes are useful when configuring and + running winbindd: + + nmbd + 8 must be running on the local machine + for winbindd to work. winbindd queries + the list of trusted domains for the Windows NT server + on startup and when a SIGHUP is received. Thus, for a running + winbindd to become aware of new trust relationships between + servers, it must be sent a SIGHUP signal. + + PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible + to set up PAM such that you can no longer log into your system. + + If more than one UNIX machine is running winbindd, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local + machine. + + If the the Windows NT RID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost. + + + + + SIGNALS + + The following signals can be used to manipulate the + winbindd daemon. + + + + SIGHUP + Reload the smb.conf + 5 file and + apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted + by winbindd is also reloaded. + + + + SIGUSR2 + The SIGUSR2 signal will cause + winbindd to write status information to the winbind + log file including information about the number of user and + group ids allocated by winbindd. + + Log files are stored in the filename specified by the + log file parameter. + + + + + + FILES + + + + /etc/nsswitch.conf(5) + Name service switch configuration file. + + + + + /tmp/.winbindd/pipe + The UNIX pipe over which clients communicate with + the winbindd program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon + if both the /tmp/.winbindd directory + and /tmp/.winbindd/pipe file are owned by + root. + + + + $LOCKDIR/winbindd_privilaged/pipe + The UNIX pipe over which 'privilaged' clients + communicate with the winbindd program. For security + reasons, access to some winbindd functions - like those needed by + the ntlm_auth utility - is restricted. By default, + only users in the 'root' group will get this access, however the administrator + may change the group permissions on $LOCKDIR/winbindd_privilaged to allow + programs like 'squid' to use ntlm_auth. + Note that the winbind client will only attempt to connect to the winbindd daemon + if both the $LOCKDIR/winbindd_privilaged directory + and $LOCKDIR/winbindd_privilaged/pipe file are owned by + root. + + + + /lib/libnss_winbind.so.X + Implementation of name service switch library. + + + + + $LOCKDIR/winbindd_idmap.tdb + Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially + compiled using the --with-lockdir option. + This directory is by default /usr/local/samba/var/locks + . + + + + $LOCKDIR/winbindd_cache.tdb + Storage for cached user and group information. + + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + + nsswitch.conf(5), + Samba + 7, + wbinfo + 8, + smb.conf + 5 + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + wbinfo and winbindd were + written by Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter. The conversion to DocBook XML 4.2 for + Samba 3.0 was done by Alexander Bokovoy. + + + -- cgit