From 476828342bd6552eb20f717595b5f4cb7397f33e Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 20 Nov 1999 17:57:28 +0000 Subject: adding bits about SAM database security, and what the SAM commands are actually for. (This used to be commit f973195b5cf9631bdb0206bf0fd16e23d5e70e4e) --- docs/yodldocs/rpcclient.1.yo | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) (limited to 'docs/yodldocs') diff --git a/docs/yodldocs/rpcclient.1.yo b/docs/yodldocs/rpcclient.1.yo index 22cd3d2072..88b2104742 100644 --- a/docs/yodldocs/rpcclient.1.yo +++ b/docs/yodldocs/rpcclient.1.yo @@ -611,6 +611,26 @@ dit(NETLOGON) dit(SAM Database) + The SAM Database holds user, group and alias information. + The commands listed below allow operations such as adding + user accounts and changing their password; listing known + Domains; listing user, group and alias accounts; listing the + members of groups and aliases; adding or removing members + from groups and aliases. + + The commands that make changes are protected by Access Control + permissions on the remote server. You will therefore need to + be in the right NT group in order to perform certain operations. + If you find that a command fails with an NT_STATUS_ACCESS_DENIED + error and you think you should be able to perform that command, + talk to your Administrator: your username is probably not in the + correct NT alias or group (e.g Account Operators; Domain Admin). + + The commands that view information usually require less + user privileges. However, a particular remote server may be + configured with better security settings, so a command that + succeeds on one server may not succeed on another. + It is possible to use command-line completion (if you have the GNU readline library) for user, group, alias and domain names, by pressing the tab key. @@ -777,19 +797,24 @@ reported) to be... a bit flakey in places. The development of Samba's implementation of these services is em(also) a bit rough, and as more of the services are understood, it can even result in versions of url(bf(smbd (8)))(smbd.8.html) and rpcclient that are -incompatible for some commands or services. Additionally, the developers -are sending reports to Microsoft, and problems found by or reported to -Microsoft are fixed in Service Packs, which may also result in +backwards-incompatible for some commands or services. Additionally, the +developers are sending reports to Microsoft, and problems found by or +reported to Microsoft are fixed in Service Packs, which may also result in incompatibilities. It is therefore not guaranteed that the execution of an rpcclient command will work. It is also not guaranteed that the target server will continue to operate, i.e the execution of an MSRPC command may cause a remote service to fail, or even cause the remote server to fail. Usual rules apply, of course: -the developers bear absolutely no responsibility for the use, misuse, or -lack of use of rpcclient, by any person or persons, whether legal, +the developers bear absolutely no responsibility or liability for the use, +misuse, or lack of use of rpcclient, by any person or persons, whether legal, illegal, accidental, deliberate, intentional, malicious, curious, etc. +This em(particularly) applies to the registry and SAM database commands. +As you are using a command-line tool not a mouse-clicky tool, you have +already proven yourself to be savvy, however if you don't know what you're +doing, then em(don't do it!). + dit(Command Completion) Command-completion (available if you have the GNU readline library) used on certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but -- cgit