summaryrefslogtreecommitdiff
path: root/docs/yodldocs/rpcclient.1.yo
blob: 88b21047422aab04025a1237fdcb1c23156b3817 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
mailto(samba-bugs@samba.org) 

manpage(rpcclient htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)

label(NAME)
manpagename(rpcclient)(utility to manage MSRPC resources on servers)

label(SYNOPSIS)
manpagesynopsis()

bf(rpcclient)
[link(password)(password)]
link(-S servername)(servername)
[link(-U [username][%][password])(minusU)]
[link(-W domain)(minusW)]
[link(-l log basename)(minusl)]
[link(-d debuglevel)(minusd)]
[link(-O socket options)(minusO)]
[link(-i scope)(minusi)]
[link(-N)(minusN)]
[link(-n NetBIOS name)(minusn)]
[link(-h)(minush)]
[link(-I dest IP)(minusI)]
[link(-E)(minusE)]
[link(-t terminal code)(minust)]
[link(-c command string)(minusc)]
[link(-B IP addr)(minusB)]
[link(-s smb.conf)(minuss)]
[link(-m max protocol)(minusm)]

label(DESCRIPTION)
manpagedescription()

This program is part of the bf(Samba) suite.

bf(rpcclient) is a client that can 'talk' to an SMB/CIFS MSRPC server.
Operations include things like managing a SAM Database (users, groups
and aliases) in the same way as the Windows NT programs
bf(User Manager for Domains) and bf(Server Manager for Domains);
managing a remote registry in the same way as the Windows NT programs
bf(REGEDT32.EXE) and bf(REGEDIT.EXE); viewing a remote event log (same
as bf(EVENTVWR.EXE)) etc.

Typical usage is like this: nl()
tt(rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log)
nl()

bf(rpcclient) is em(not) suitable for usage on single-user systems
such as Windows 9X, as Windows 9X does not support MSRPC services.
Therefore, if you have problems using bf(rpcclient) with Windows 9X,
we don't want to hear about it.

label(OPTIONS)
manpageoptions()

startdit()

label(servername)
dit(bf(servername)) servername is the name of the server you want
to use on the server.  This should be the NetBIOS name of the SMB/CIFS
server, which can be bf(*SMBSERVER) on Windows NT 4.0 or Samba Servers.

Note that the server name required is NOT necessarily the IP (DNS)
host name of the server! The name required is a NetBIOS server name,
which may or may not be the same as the IP hostname of the machine
running the server.  Also, remember that having a period in a NetBIOS
name (such as an IP hostname) may cause connectivity problems on your
network: NT tends to strip NetBIOS names from the leading period
onwards.

The server name is looked up according to either the
link(bf(-R))(minusR) parameter to bf(rpcclient) or using the
url(bf(name resolve order))(smb.conf.5.html#nameresolveorder)
parameter in the smb.conf file, allowing an administrator to change
the order and methods by which server names are looked up.

label(password)
dit(bf(password)) password is the password required to access the
specified service on the specified server. If this parameter is
supplied, the link(bf(-N))(minusN) option (suppress password prompt) is assumed.

There is no default password. If no password is supplied on the
command line (either by using this parameter or adding a password to
the link(bf(-U))(minusU) option (see below)) and the link(bf(-N))(minusN) option is not specified,
the client will prompt for a password, even if the desired service
does not require one. (If no password is required, simply press ENTER
to provide a null password.)

Note: Some servers (including OS/2 and Windows for Workgroups) insist
on an uppercase password. Lowercase or mixed case passwords may be
rejected by these servers.

Be cautious about including passwords in scripts.

label(minuss)
dit(bf(-s smb.conf)) This parameter specifies the pathname to the
Samba configuration file, smb.conf. This file controls all aspects of
the Samba setup on the machine and rpcclient also needs to read this
file.

label(minusB)
dit(bf(-B IP addr)) The IP address to use when sending a broadcast packet.

label(minusO)
dit(bf(-O socket options)) TCP socket options to set on the client
socket. See the url(socket options)(smb.conf.5.html#socketoptions)
parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) manpage for
the list of valid options.

label(minusR)
dit(bf(-R name resolve order)) This option allows the user of
rpcclient to determine what name resolution services to use when
looking up the NetBIOS name of the host being connected to.

The options are :"lmhosts", "host", "wins" and "bcast". They cause
names to be resolved as follows :

startit()

it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
The lmhosts file is stored in the same directory as the
url(bf(smb.conf))(smb.conf.5.html) file.

it() bf(host) : Do a standard host name to IP address resolution,
using the system /etc/hosts, NIS, or DNS lookups. This method of name
resolution is operating system depended for instance on IRIX or
Solaris this may be controlled by the em(/etc/nsswitch.conf) file).  

it() bf(wins) : Query a name with the IP address listed in the url(bf(wins
server))(smb.conf.5.html#winsserver) parameter in the smb.conf file. If 
no WINS server has been specified this method will be ignored.

it() bf(bcast) : Do a broadcast on each of the known local interfaces
listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter
in the smb.conf file. This is the least reliable of the name resolution
methods as it depends on the target host being on a locally connected
subnet. To specify a particular broadcast address the link(bf(-B))(minusB) option 
may be used.

endit()

If this parameter is not set then the name resolve order defined
in the url(bf(smb.conf))(smb.conf.5.html) file parameter 
url((bf(name resolve order)))(smb.conf.5.html#nameresolveorder)
will be used.

The default order is lmhosts, host, wins, bcast and without this
parameter or any entry in the url(bf("name resolve
order"))(smb.conf.5.html#nameresolveorder) parameter of the
url(bf(smb.conf))(smb.conf.5.html) file the name resolution methods
will be attempted in this order.

label(minusi)
dit(bf(-i scope)) This specifies a NetBIOS scope that rpcclient will use
to communicate with when generating NetBIOS names. For details on the
use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
are em(very) rarely used, only set this parameter if you are the
system administrator in charge of all the NetBIOS systems you
communicate with.

label(minusN)
dit(bf(-N)) If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password.

Unless a password is specified on the command line or this parameter
is specified, the client will request a password.

label(minusn)
dit(bf(-n NetBIOS name)) By default, the client will use the local
machine's hostname (in uppercase) as its NetBIOS name. This parameter
allows you to override the host name and use whatever NetBIOS name you
wish.

label(minusd)
dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10, or the
letter 'A'.

The default value if this parameter is not specified is zero.

The higher this value, the more detail will be logged to the log files
about the activities of the client. At level 0, only critical errors
and serious warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of information about
operations carried out.

Levels above 1 will generate considerable amounts of log data, and
should only be used when investigating a problem. Levels above 3 are
designed for use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic. If debuglevel is set to the
letter 'A', then em(all) debug messages will be printed. This setting
is for developers only (and people who em(really) want to know how the
code works internally).

Note that specifying this parameter here will override the url(bf(log
level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
(5)))(smb.conf.5.html) file.

label(minusp)
dit(bf(-p port)) This number is the TCP port number that will be used
when making connections to the server. The standard (well-known) TCP
port number for an SMB/CIFS server is 139, which is the default.

label(minusl)
dit(bf(-l logfilename)) If specified, logfilename specifies a base
filename into which operational data from the running client will be
logged.

The default base name is specified at compile time.

The base name is used to generate actual log file names. For example,
if the name specified was "log", the debug file would be
tt(log.client).

The log file generated is never removed by the client.

label(minush)
dit(bf(-h)) Print the usage message for the client.

label(minusI)
dit(bf(-I IP address)) IP address is the address of the server to
connect to. It should be specified in standard "a.b.c.d" notation.

Normally the client would attempt to locate a named SMB/CIFS server by
looking it up via the NetBIOS name resolution mechanism described
above in the link(bf(name resolve order))(minusR) parameter
above. Using this parameter will force the client to assume that the
server is on the machine with the specified IP address and the NetBIOS
name component of the resource being connected to will be ignored.

There is no default for this parameter. If not supplied, it will be
determined automatically by the client as described above.

label(minusE)
dit(bf(-E)) This parameter causes the client to write messages to the
standard error stream (stderr) rather than to the standard output
stream.

By default, the client writes messages to standard output - typically
the user's tty.

Note that by default, debug information is always sent to stderr.
Debug information can instead be sent to a file, using the
link(-l log basename)(minusl) option.

label(minusU)
dit(bf(-U username)) This specifies the user name that will be used by
the client to make a connection, assuming your server is not a downlevel
server that is running a protocol level that uses passwords on shares,
not on usernames.

Some servers are fussy about the case of this name, and some insist
that it must be a valid NetBIOS name.

If no username is supplied, it will default to an uppercase version of
the environment variable tt(USER) or tt(LOGNAME) in that order.  If no
username is supplied and neither environment variable exists the
username "GUEST" will be used.

If the tt(USER) environment variable contains a '%' character,
everything after that will be treated as a password. This allows you
to set the environment variable to be tt(USER=username%password) so
that a password is not passed on the command line (where it may be
seen by the ps command).

If the service you are connecting to requires a password, it can be
supplied using the link(bf(-U))(minusU) option, by appending a percent symbol ("%")
then the password to username.  For example, to attach to a service as
user tt("fred") with password tt("secret"), you would specify. nl()

tt(-U fred%secret) nl()

on the command line. Note that there are no spaces around the percent
symbol.

If you specify the password as part of username then the link(bf(-N))(minusN) option
(suppress password prompt) is assumed.

If you specify the password as a parameter em(AND) as part of username
then the password as part of username will take precedence. Putting
nothing before or nothing after the percent symbol will cause an empty
username or an empty password to be used, respectively.

The password may also be specified by setting up an environment
variable called tt(PASSWORD) that contains the users password. Note
that this may be very insecure on some systems but on others allows
users to script rpcclient commands without having a password appear in
the command line of a process listing.

Note: Some servers (including OS/2 and Windows for Workgroups) insist
on an uppercase password. Lowercase or mixed case passwords may be
rejected by these servers.

Be cautious about including passwords in scripts or in the
tt(PASSWORD) environment variable. Also, on many systems the command
line of a running process may be seen via the tt(ps) command to be
safe always allow rpcclient to prompt for a password and type it in
directly.

label(minust)
dit(bf(-t terminal code)) This option tells rpcclient how to interpret
filenames coming from the remote server. Usually Asian language
multibyte UNIX implementations use different character sets than
SMB/CIFS servers (em(EUC) instead of em(SJIS) for example). Setting
this parameter will let rpcclient convert between the UNIX filenames
and the SMB filenames correctly. This option has not been seriously
tested and may have some problems.

The terminal codes include tt(sjis), tt(euc), tt(jis7), tt(jis8),
tt(junet), tt(hex), tt(cap). This is not a complete list, check the
Samba source code for the complete list.

label(minusm)
dit(bf(-m max protocol level)) With the new code in Samba2.0,
bf(rpcclient) always attempts to connect at the maximum
protocols level the server supports. This parameter is
preserved for backwards compatibility, but any string
following the bf(-m) will be ignored.

label(minusW)
dit(bf(-W Domain)) Override the default Domain, which is the remote server's
Domain.  This option may be needed to connect to some servers.  It is also
possible to specify the remote server name as the Domain, which will
force the username and password to be authenticated against the remote
server's local SAM instead of the Domain SAM.

label(minusc)
dit(bf(-c command string)) command string is a semicolon separated
list of commands to be executed instead of prompting from stdin.
link(bf(-N))(minusN) is implied by bf(-c).

This is particularly useful in scripts, e.g. tt(-c 'lsaquery; enumusers -u').

enddit()

label(OPERATIONS)
manpagesection(OPERATIONS)

Once the client is running, the user is presented with a prompt :

tt(smb:\>)

The prompt indicates that the client is ready and waiting to carry out
a user command. Each command is a single word, optionally followed by
parameters specific to that command. Command and parameters are
space-delimited unless these notes specifically state otherwise. All
commands are case-insensitive.  Parameters to commands may or may not
be case sensitive, depending on the command.

You can specify names (e.g registry keys; user or group names;
service names) which have spaces in them by quoting the
name with double quotes, for example "dRMON SmartAgent".

Parameters shown in square brackets (e.g., "[parameter]") are
optional. If not given, the command will use suitable
defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
required.

Note that all commands operating on the server are actually performed
by issuing a request to the server. Thus the behavior may vary from
server to server, depending on how the server was implemented.

The commands available are listed in groups relating to different services:

startdit()

dit(Misccellaneous)

	startdit()

	label(questionmark)	dit(bf(? [command])) If "command" is specified,
	the bf(?) command will display a brief informative message about the
	specified command.  If no command is specified, a list of available
	commands will be displayed.

	label(exclaimationmark)	dit(bf(! [shell command])) If "shell command"
	is specified, the bf(!)  command will execute a shell locally and run
	the specified shell command. If no command is specified, a local shell
	will be run.

	label(exit) dit(bf(exit)) Terminate the connection with the server and
	exit from the program.

	label(help) dit(bf(help [command])) See the link(bf(?))(questionmark)
	command above.

	label(quit) dit(bf(quit)) See the link(bf(exit))(exit) command.

	enddit()

dit(Event Log)

	startdit()

	label(eventlog)	dit(bf(eventlog))
		list the events

	enddit()

dit(Service Control)

	These commands provide functionality similar to the Windows
	NT Service Control Manager.

	It is possible to use command-line completion (if you have
	the GNU readline library) for Service names, by pressing the
	tab key.

	startdit()

	label(svcenum)	dit(bf(svcenum))
		[-i] Lists Services.

	label(svcinfo)	dit(bf(svcinfo))
		<service> Service Information

	label(svcstart)	dit(bf(svcstart))
		<service> [arg 0] [arg 1] ... Start Service

	label(svcstop)	dit(bf(svcstop))
		<service> Stop Service

	enddit()

dit(Scheduler)

	startdit()

	label(at)	dit(bf(at))
		Scheduler control (at /? for syntax)

	enddit()

dit(Registry)

	It is possible to use command-line completion (if you have
	the GNU readline library) for registry key and value names,
	by pressing the tab key.

	startdit()

	label(regenum)	dit(bf(regenum))
		<keyname> Registry Enumeration (keys, values)

	label(regdeletekey)	dit(bf(regdeletekey))
		<keyname> Registry Key Delete

	label(regcreatekey)	dit(bf(regcreatekey))
		<keyname> [keyclass] Registry Key Create

	label(shutdown)	dit(bf(shutdown))
		[-m message] [-t timeout] [-r or --reboot] Server Shutdown

	label(regqueryval)	dit(bf(regqueryval))
		<valname> Registry Value Query

	label(regquerykey)	dit(bf(regquerykey))
		<keyname> Registry Key Query

	label(regdeleteval)	dit(bf(regdeleteval))
		<valname> Registry Value Delete

	label(regcreateval)	dit(bf(regcreateval))
		<valname> <valtype> <value> Registry Key Create

	label(reggetsec)	dit(bf(reggetsec))
		<keyname> Registry Key Security

	label(regtestsec)	dit(bf(regtestsec))
		<keyname> Test Registry Key Security

	enddit()

dit(Printing)

	It is possible to use command-line completion (if you have
	the GNU readline library) for Printer and job names, by
	pressing the tab key.

	startdit()

	label(spoolenum)	dit(bf(spoolenum))
		Enumerate Printers.  This experimental command lists
		all printers available on a remote spooler service.

	label(spooljobs)	dit(bf(spooljobs))
		<printer name> Enumerate Printer Jobs.  This
		experimental command lists all jobs, and their
		status, currently queued on a remote spooler
		service.

	label(spoolopen)	dit(bf(spoolopen))
		<printer name> Spool Printer Open Test.  Experimental.

	enddit()

dit(Server)

	startdit()

	label(time)	dit(bf(time))
		Display remote time

	label(brsinfo)	dit(bf(brsinfo))
		Browser Query Info

	label(wksinfo)	dit(bf(wksinfo))
		Workstation Query Info

	label(srvinfo)	dit(bf(srvinfo))
		Server Query Info

	label(srvsessions)	dit(bf(srvsessions))
		List sessions on a server

	label(srvshares)	dit(bf(srvshares))
		List shares on a server

	label(srvtransports)	dit(bf(srvtransports))
		List transports on a server

	label(srvconnections)	dit(bf(srvconnections))
		List connections on a server

	label(srvfiles)	dit(bf(srvfiles))
		List files on a server

	enddit()

dit(Local Security Authority)

	startdit()

	label(lsaquery)	dit(bf(lsaquery))
		Query Info Policy (domain member or server).  Obtains
		the SID and name of the SAM database that a server
		is responsible for (i.e a workstation's local SAM
		database or the PDC SAM database).  Also obtains the
		SID and name of the SAM database that a server is
		a member of.

	label(lsaenumdomains)	dit(bf(lsaenumdomains))
		Enumerate Trusted Domains.  Lists all Trusted and
		Trusting Domains with which the remote PDC has
		trust relationships established.

	label(lookupsids)	dit(bf(lookupsids))
		<rid1 or sid1> <rid1 or sid2> ... Resolve names from SIDs.
		Mostly to be used by developers or for troubleshooting,
		this command can take either Security Identifiers or Relative
		Identifiers, and look them up in the local SAM database
		(or look them up in a remote Trusting or Trusted PDC's SAM
		database if there is an appropriate Trust Relationship
		established).  The result is a list of names, of the
		format: nl()
		tt([TRUST_DOMAIN\]name). nl()
		the link(bf(lsaquery))(lsaquery) command must have been
		issued first if you wish to use lookupsids to resolve
		RIDs.  The only RIDs that will be resolved will be those
		in the SAM database of the server to which you are connected.

	label(lookupnames)	dit(bf(lookupnames))
		<name1> <name2> ... Resolve SIDs from names.
		Mostly to be used by developers or for troubleshooting,
		this command can take names of the following format: nl()
		tt([DOMAIN_NAME\]name). nl()
		The names, which can be user, group or alias names, will
		either be looked up in the local SAM database or in a remote
		Trusting or Trusted PDC's SAM database, if there is an
		appropriate Trust Relationship established.  The optional
		Domain name component is the name of a SAM database, which
		can include a workstation's local SAM database or a Trusted
		Domain.
		Example Usage: nl()
		tt(lookupnames WKSTANAME\Administrator "Domain Guests") nl()

	label(querysecret)	dit(bf(querysecret))
		LSA Query Secret (developer use).  This command only appears
		to work against NT4 SP3 and below.  Due to its potential
		for misuse, it looks like Microsoft modified their
		implementation of the LsaRetrievePrivateData call to
		always return NT_STATUS_ACCESS_DENIED.

	enddit()

dit(NETLOGON)

	startdit()

	label(ntlogin)	dit(bf(ntlogin))
		[username] [password] NT Domain login test.  Demonstrates
		how NT-style logins work.  Mainly for developer usage,
		it can also be used to verify that a user can log in
		from a workstation.  If you cannot ever get pam_ntdom
		to work, try this command first.

	label(domtrust)	dit(bf(domtrust))
		<domain> NT Inter-Domain test.  Demonstrates how NT-style
		Inter-Domain Trust relationships work.  Mainly for
		developer usage, it can also be used to verify that a
		Trust Relationship is correctly established with a
		remote PDC.

	label(samsync)	dit(bf(samsync))
		SAM Synchronisation Test (experimental).  This command
		is used to manually synchronise a SAM database from a
		remote PDC, when Samba is set up as a Backup Domain
		Controller.

	enddit()

dit(SAM Database)

	The SAM Database holds user, group and alias information.
	The commands listed below allow operations such as adding
	user accounts and changing their password; listing known
	Domains; listing user, group and alias accounts; listing the
	members of groups and aliases; adding or removing members
	from groups and aliases.

	The commands that make changes are protected by Access Control
	permissions on the remote server.  You will therefore need to
	be in the right NT group in order to perform certain operations.
	If you find that a command fails with an NT_STATUS_ACCESS_DENIED
	error and you think you should be able to perform that command,
	talk to your Administrator: your username is probably not in the
	correct NT alias or group (e.g Account Operators; Domain Admin).

	The commands that view information usually require less
	user privileges.  However, a particular remote server may be
	configured with better security settings, so a command that
	succeeds on one server may not succeed on another.

	It is possible to use command-line completion (if you have
	the GNU readline library) for user, group, alias and domain
	names, by pressing the tab key.

	startdit()

	label(lookupdomain)	dit(bf(lookupdomain))
		Obtain SID for a local domain

	label(enumusers)	dit(bf(enumusers))
		SAM User Database Query (experimental!)

	label(addgroupmem)	dit(bf(addgroupmem))
		<group rid> [user] [user] ... SAM Add Domain Group Member

	label(addaliasmem)	dit(bf(addaliasmem))
		<alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member

	label(delgroupmem)	dit(bf(delgroupmem))
		<group rid> [user] [user] ... SAM Delete Domain Group Member

	label(delaliasmem)	dit(bf(delaliasmem))
		<alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member

	label(creategroup)	dit(bf(creategroup))
		SAM Create Domain Group

	label(createalias)	dit(bf(createalias))
		SAM Create Domain Alias

	label(createuser)	dit(bf(createuser))
		<username> SAM Create Domain User

	label(delgroup)	dit(bf(delgroup))
		SAM Delete Domain Group

	label(delalias)	dit(bf(delalias))
		SAM Delete Domain Alias

	label(ntpass)	dit(bf(ntpass))
		NT SAM Password Change

	label(samuserset2)	dit(bf(samuserset2))
		<username> [-s acb_bits] SAM User Set Info 2 (experimental!)

	label(samuserset)	dit(bf(samuserset))
		<username> [-p password] SAM User Set Info (experimental!)

	label(samuser)	dit(bf(samuser))
		<username> SAM User Query (experimental!)

	label(samgroup)	dit(bf(samgroup))
		<groupname> SAM Group Query (experimental!)

	label(samalias)	dit(bf(samalias))
		<aliasname> SAM Alias Query

	label(samaliasmem)	dit(bf(samaliasmem))
		<aliasname> SAM Alias Members

	label(samgroupmem)	dit(bf(samgroupmem))
		SAM Group Members

	label(samtest)	dit(bf(samtest))
		SAM User Encrypted RPC test (experimental!)

	label(enumaliases)	dit(bf(enumaliases))
		SAM Aliases Database Query (experimental!)

	label(enumdomains)	dit(bf(enumdomains))
		SAM Domains Database Query (experimental!)

	label(enumgroups)	dit(bf(enumgroups))
		SAM Group Database Query (experimental!)

	label(dominfo)	dit(bf(dominfo))
		SAM Query Domain Info

	label(dispinfo)	dit(bf(dispinfo))
		SAM Query Display Info

	enddit()

enddit()


label(NOTES)
manpagesection(NOTES)

Some servers are fussy about the case of supplied usernames,
passwords, share names (AKA service names) and machine names. If you
fail to connect try giving all parameters in uppercase.

It is often necessary to use the link(bf(-n))(minusn) option when connecting
to some types of servers. For example OS/2 LanManager insists on a valid
NetBIOS name being used, so you need to supply a valid name that would
be known to the server.

rpcclient only works on servers that support MSRPC over SMB.  This includes
all versions of Windows NT, including the ports to Unix such as AS/U and
AFPS.  Support for MSRPC over SMB in other servers is currently rare and
patchy, for example Samba 2.0 only supports a limited set of MSRPC commands,
and some of those are not supported very well.

label(ENVIRONMENTVARIABLES)
manpagesection(ENVIRONMENT VARIABLES)

The variable bf(USER) may contain the username of the person using the
client.  This information is used only if the protocol level is high
enough to support session-level passwords.

The variable bf(PASSWORD) may contain the password of the person using
the client.  This information is used only if the protocol level is
high enough to support session-level passwords.

label(INSTALLATION)
manpagesection(INSTALLATION)

The location of the client program is a matter for individual system
administrators. The following are thus suggestions only.

It is recommended that the rpcclient software be installed in the
/usr/local/samba/bin or /usr/samba/bin directory, this directory
readable by all, writeable only by root. The client program itself
should be executable by all. The client should em(NOT) be setuid or
setgid!

The client log files should be put in a directory readable and
writeable only by the user.

To test the client, you will need to know the name of a running
SMB/CIFS server. It is possible to run url(bf(smbd (8)))(smbd.8.html)
an ordinary user - running that server as a daemon on a
user-accessible port (typically any port number over 1024) would
provide a suitable test server.

label(DIAGNOSTICS)
manpagesection(DIAGNOSTICS)

Most diagnostics issued by the client are logged in a specified log
file. The log file name is specified at compile time, but may be
overridden on the command line.

The number and nature of diagnostics available depends on the debug
level used by the client. If you have problems, set the debug level to
3 and peruse the log files.

label(VERSION)
manpagesection(VERSION)

This man page is correct for version 2.0 of the Samba suite.

label(BUGS)
manpagesection(BUGS)

startdit()
dit(WARNING!)
The MSPRC over SMB code has been developed from examining Network traces.
No documentation is available from the original creators (Microsoft) on
how MSRPC over SMB works, or how the individual MSRPC services work.
Microsoft's implementation of these services has been demonstrated (and
reported) to be... a bit flakey in places.

The development of Samba's implementation of these services is em(also)
a bit rough, and as more of the services are understood, it can even result
in versions of url(bf(smbd (8)))(smbd.8.html) and rpcclient that are
backwards-incompatible for some commands or services.  Additionally, the
developers are sending reports to Microsoft, and problems found by or
reported to Microsoft are fixed in Service Packs, which may also result in
incompatibilities.

It is therefore not guaranteed that the execution of an rpcclient command will
work.  It is also not guaranteed that the target server will continue to
operate, i.e the execution of an MSRPC command may cause a remote service to
fail, or even cause the remote server to fail.  Usual rules apply, of course:
the developers bear absolutely no responsibility or liability for the use,
misuse, or lack of use of rpcclient, by any person or persons, whether legal,
illegal, accidental, deliberate, intentional, malicious, curious, etc.

This em(particularly) applies to the registry and SAM database commands.
As you are using a command-line tool not a mouse-clicky tool, you have
already proven yourself to be savvy, however if you don't know what you're
doing, then em(don't do it!).

dit(Command Completion)
Command-completion (available if you have the GNU readline library) used on
certain commands may not operate correctly if the word being completed (such as a registry key) contains a space.  Typically, the name will be completed, but
you will have to go back and put quotes round it, yourself.  

dit(SAM Database command-completion)
Command-completion (available if you have the GNU readline library) of user,
group and alias names does not work on remote Domains, which would normally
be specified like this: nl()
tt(DOMAIN_name\user_name). nl()
The only names that can be completed in this fashion are the local names
in the SAM database of the target server.

dit(link(bf(spoolenum))(spoolenum))
Due to current limitations in the rpcclient MSRPC / SMB code, and due to
the extremely poor MSRPC implementation (by Microsoft) of the spooler
service, if there are a large number of printers (or the names / comment
fields associated with the printers), this command will fail.  The
limitations require further research to be carried out; we're stuck with
the poor \PIPE\spoolss design.

endit()

label(AUTHOR)
manpageauthor()

The original Samba software and related utilities were created by
Andrew Tridgell email(samba-bugs@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.

The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.  This man page
was developed cut-and-paste style from the smbclient man page, by
Luke Kenneth Casson Leighton.
email(samba-bugs@samba.org).

See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.