<html> <body bgcolor="#ffffff"> <img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" hspace="10" align="left" /> <h1 class="head0">Appendix C. Summary of Samba Daemons and Commands</h1> <p>This appendix is a reference listing of command-line options and other information to help you use the programs that come with the Samba distribution.</p> <div class="sect1"><a name="samba2-APP-C-SECT-1"/> <h2 class="head1">Samba Daemons</h2> <p>The following sections provide information about the command-line parameters for <em class="emphasis">smbd</em>, <em class="emphasis">nmbd</em>, and <em class="emphasis">winbindd</em>.</p> </div> <a name="INDEX-1"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbd</em> program provides Samba's file and printer services, using one TCP/IP stream and one daemon per client. It is controlled from <em class="filename">/usr/local/samba/lib/smb.conf</em>, the default configuration file, which can be overridden by command-line options.</p><p>The configuration file is automatically reevaluated every minute. If it has changed, most new options are immediately effective. You can force Samba to reload the configuration file immediately by sending a SIGHUP signal to <em class="emphasis">smbd</em>. Reloading the configuration file does not affect any clients that are already connected. To escape this condition, a client would need to disconnect and reconnect, or the server itself would have to be restarted, forcing all clients to reconnect.</p> <div class="sect1"><a name="appc-5-fm2xml"/> <h4 class="refsect1">Other Signals</h4> <p>To shut down an <em class="emphasis">smbd</em> process, send it the termination signal SIGTERM (15), which allows it to die gracefully, instead of a SIGKILL (9). With Samba versions prior to 2.2, the debugging level could be raised or lowered using SIGUSR1 or SIGUSR2. This is no longer supported. Use <em class="emphasis">smbcontrol</em> instead.</p> </div> <div class="sect1"><a name="appc-6-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbd <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-7-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-a</tt></b></dt> <dd> <p>Causes each new connection to the Samba server to append all logging messages to the log file. This option is the opposite of <tt class="literal">-o</tt> and is the default.</p> </dd> <dt><b><tt class="literal">-D</tt></b></dt> <dd> <p>Runs the <em class="emphasis">smbd</em> program as a daemon. This is the recommended way to use <em class="emphasis">smbd</em>. It is also the default action when <em class="emphasis">smbd</em> is run from an interactive command line. In addition, <em class="emphasis">smbd</em> can be run from <em class="emphasis">inetd</em>.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">debug_level</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the <em class="filename">smb.conf</em> file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow <em class="emphasis">smbd</em> considerably.</p> </dd> <dt><b><tt class="literal">-h</tt> </b></dt> <dd> <p>Prints usage information for the <em class="emphasis">smbd</em> command.</p> </dd> <dt><b><tt class="literal">-i</tt></b></dt> <dd> <p>Runs <em class="emphasis">smbd</em> interactively, rather than as a daemon. This option is used to override the default daemon mode when <em class="emphasis">smbd</em> is run from the command line.</p> </dd> <dt><b><tt class="literal">-l</tt> <em class="replaceable">log_ directory</em></b></dt> <dd> <p>Sends the log messages to somewhere other than the location compiled into the executable or specified in the <em class="filename">smb.conf</em> file. The default is often <em class="filename">/usr/local/samba/var/</em>, <em class="filename">/usr/samba/var/</em>, or <em class="filename">/var/log/</em>. The log file is placed in the specified directory and named <em class="filename">log.smbd</em>. If the directory does not exist, Samba's compiled-in default will be used.</p> </dd> <dt><b><tt class="literal">-O</tt> <em class="replaceable">socket_options</em></b></dt> <dd> <p>Sets the TCP/IP socket options, using the same parameters as the <tt class="literal">socket options</tt> configuration option. Often used for performance tuning and testing.</p> </dd> <dt><b><tt class="literal">-o</tt></b></dt> <dd> <p>Causes log files to be overwritten when opened (the opposite of <tt class="literal">-a</tt>). Using this option saves you from hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.</p> </dd> <dt><b><tt class="literal">-p</tt> <em class="replaceable">port_number</em></b></dt> <dd> <p>Sets the TCP/IP port number from which the server will accept requests. All Microsoft clients send to the default port of 139, except for Windows 2000/XP, which can use port 445 for SMB networking, without the NetBIOS protocol layer.</p> </dd> <dt><b><tt class="literal">-P</tt></b></dt> <dd> <p>Causes <em class="emphasis">smbd</em> to run in "passive" mode, in which it just listens, and does not transmit any network traffic. This is useful only for debugging by developers.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">configuration_ file</em></b></dt> <dd> <p>Specifies the location of the Samba configuration file. Although the file defaults to <em class="filename">/usr/local/samba/lib/smb.conf</em>, you can override it on the command line. Typically used for debugging.</p> </dd> <dt><b><tt class="literal">-v</tt></b></dt> <dd> <p>Prints the current version of Samba.</p> </dd> </dl> </div> </div> <a name="INDEX-2"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nmbd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">nmbd</em> program is Samba's NetBIOS name service and browsing daemon. It replies to NetBIOS over TCP/IP (also called NetBT or NBT) name-service requests broadcast from SMB clients, and optionally to Microsoft's Windows Internet Name Service (WINS) requests. Both are versions of the name-to-address lookup required by SMB clients. The broadcast version uses UDP broadcast on the local subnet only, while WINS uses TCP, which can be routed. If running as a WINS server, <em class="emphasis">nmbd</em> keeps a current name and address database in the file <em class="filename">/usr/local/samba/var/locks/wins.dat</em>.</p><p>An active <em class="emphasis">nmbd</em> daemon also responds to browsing protocol requests used by the Windows Network Neighborhood. This protocol provides a dynamic directory of servers, as well as the disks and printers that the servers are providing. As with WINS, this was initially done by making UDP broadcasts on the local subnet. With the addition of the local master browser to the network architecture, it is done by making TCP connections to a server. If <em class="emphasis">nmbd</em> is acting as a local master browser, it stores the browsing database in the file <em class="filename">/usr/local/samba/var/locks/browse.dat</em>.</p><p>Some clients (especially older ones) cannot use the WINS protocol. To support these clients, <em class="emphasis">nmbd</em> can act as a WINS proxy, accepting broadcast requests from the non-WINS clients, contacting a WINS server on their behalf, and returning the WINS server's response to them.</p> <div class="sect1"><a name="appc-9-fm2xml"/> <h4 class="refsect1">Signals</h4> <p>Like <em class="emphasis">smbd</em>, the <em class="emphasis">nmbd</em> program responds to several Unix signals. Sending <em class="emphasis">nmbd</em> a SIGHUP signal causes it to dump the names it knows about to the <em class="filename">/usr/local/samba/var/locks/namelist.debug</em> file. To shut down an <em class="emphasis">nmbd</em> process and allow it to die gracefully, send it a SIGTERM (15) signal, rather than a SIGKILL (9). With Samba versions prior to 2.2, the debugging level could be raised or lowered using SIGUSR1 or SIGUSR2. This is no longer supported. Use <em class="emphasis">smbcontrol</em> instead.</p> </div> <div class="sect1"><a name="appc-10-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">nmbd <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-11-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-a</tt></b></dt> <dd> <p>Causes each new connection to the Samba server to append all logging messages to the log file. This option is the opposite of <tt class="literal">-o</tt> and is the default.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">debug_level</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the <em class="filename">smb.conf</em> file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow <em class="emphasis">nmbd</em> considerably.</p> </dd> <dt><b><tt class="literal">-D</tt></b></dt> <dd> <p>Instructs the <em class="emphasis">nmbd</em> program to run as a daemon. This is the recommended way to use <em class="emphasis">nmbd</em> and is the default when <em class="emphasis">nmbd</em> is run from an interactive shell. In addition, <em class="emphasis">nmbd</em> can be run from <em class="emphasis">inetd</em>.</p> </dd> <dt><b><tt class="literal">-h</tt> </b></dt> <dd> <p>Prints usage information for the <em class="emphasis">nmbd</em> command.</p> </dd> <dt><b><tt class="literal">-H</tt> <em class="replaceable">lmhosts_ file</em></b></dt> <dd> <p>Specifies the location of the <em class="emphasis">lmhosts</em> file for name resolution. This file is used only to resolve names for the local server, and not to answer queries from remote systems. The compiled-in default is commonly <em class="filename">/usr/local/samba/lib/lmhosts</em>, <em class="filename">/usr/samba/lib/lmhosts</em>, or <em class="filename">/etc/lmhosts</em>.</p> </dd> <dt><b><tt class="literal">-i</tt></b></dt> <dd> <p>Runs <em class="emphasis">nmbd</em> interactively, rather than as a daemon. This option is used to override the default daemon mode when <em class="emphasis">nmbd</em> is run from the command line.</p> </dd> <dt><b><tt class="literal">-l</tt> <em class="replaceable">log_ file</em></b></dt> <dd> <p>Sends the log messages to somewhere other than the location compiled into the executable or specified in the <em class="filename">smb.conf</em> file. The default is often <em class="filename">/usr/local/samba/var/log.nmbd</em>, <em class="emphasis">/usr/samba/var/log.nmbd</em>, or <em class="emphasis">/var/log /log.nmbd</em>.</p> </dd> <dt><b><tt class="literal">-n</tt> <em class="replaceable">NetBIOS_name</em></b></dt> <dd> <p>Allows you to override the NetBIOS name by which the daemon advertises itself. Specifying this option on the command line overrides the <tt class="literal">netbios name</tt> option in the Samba configuration file.</p> </dd> <dt><b><tt class="literal">-O</tt> <em class="replaceable">socket_options</em></b></dt> <dd> <p>Sets the TCP/IP socket options, using the same parameters as the <tt class="literal">socket options</tt> configuration option. Often used for performance tuning and testing.</p> </dd> <dt><b><tt class="literal">-o</tt></b></dt> <dd> <p>Causes log files to be overwritten when opened (the opposite of <tt class="literal">-a</tt>). This option saves you from hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.</p> </dd> <dt><b><tt class="literal">-p</tt> <em class="replaceable">port_number</em></b></dt> <dd> <p>Sets the UDP port number from which the server accepts requests. Currently, all Microsoft clients use only the default port, 137.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">configuration_ file</em></b></dt> <dd> <p>Specifies the location of the Samba configuration file. Although the file defaults to <em class="filename">/usr/local/samba/lib/smb.conf</em>, you can override it here on the command line. Typically used for debugging.</p> </dd> <dt><b><tt class="literal">-v</tt></b></dt> <dd> <p>Prints the current version of Samba.</p> </dd> </dl> </div> </div> <a name="INDEX-3"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbindd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">winbindd</em> daemon is part of the winbind service and is used to allow Unix systems to obtain user and group information from a Windows NT/2000 server. Winbind maps Windows relative IDs (RIDs) to Unix UIDs and GIDs and allows accounts stored on the Windows server to be used for Unix authentication. Its purpose is to ease integration of Microsoft and Unix networks when a preexisting Windows domain controller is set up to handle user and computer accounts.</p><p>The daemon is accessed by users via the name service switch and PAM. The name service switch calls a library (<em class="filename">/lib/libnss_winbind.so</em>), which calls the daemon, which in turn calls the Windows NT/2000 server using Microsoft RPC. The PAM module for winbind can call the daemon similarly, allowing users whose accounts are stored on the Windows server to log in to the Unix system and run an interactive shell, FTP, or any other program that authenticates users through PAM.</p><p>The winbind subsystem is currently available only for the Linux operating system and a few other systems that use shared libraries, nsswitch and PAM.</p> <div class="sect1"><a name="appc-13-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">winbindd <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-14-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-d</tt> <em class="replaceable">debuglevel</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the <em class="filename">smb.conf</em> file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging.</p> </dd> <dt><b><tt class="literal">-i</tt></b></dt> <dd> <p>Runs <em class="emphasis">winbindd</em> interactively. This option is used to override the default, which is for winbindd to detach and run as a daemon.</p> </dd> </dl> </div> </div> <div class="sect1"><a name="samba2-APP-C-SECT-2"/> <h2 class="head1">Samba Distribution Programs</h2> <p>This section lists the command-line options and subcommands provided by each nondaemon program in the Samba distribution.</p> </div> <a name="INDEX-4"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>findsmb</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This Perl script reports information about systems on the subnet that respond to SMB name-query requests. The report includes the IP address, NetBIOS name, workgroup/domain, and operating system of each system.</p> <div class="sect1"><a name="appc-17-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">findsmb <em class="replaceable">[subnet_broadcast_address]</em></pre></blockquote> <p>If a different subnet's broadcast address is provided, it will find SMB servers on that subnet. If no subnet broadcast address is supplied, <em class="emphasis">findsmb</em> will look on the local subnet.</p> <p>The output from <em class="emphasis">findsmb</em> looks like this:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>findsmb</b></tt> *=DMB +=LMB IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION --------------------------------------------------------------------- 172.16.1.1 TOLTEC *[METRAN] [Unix] [Samba 2.2.6] 172.16.1.3 MIXTEC +[METRAN] [Unix] [Samba 2.2.6] 172.16.1.4 ZAPOTEC [METRAN] [Windows 5.0] [Windows 2000 LAN Manager] 172.16.1.5 HUASTEC [ METRAN ] 172.16.1.6 MAYA [ METRAN ] 172.16.1.7 OLMEC [METRAN] [Windows 5.1] [Windows 2000 LAN Manager] 172.16.1.10 UTE [ METRAN ] 172.16.1.13 DINE [METRAN] [Windows NT 4.0] [NT LAN Manager 4.0]</pre></blockquote> <p>The system with an asterisk (<tt class="literal">*</tt>) in front of its workgroup name is the domain master browser for the workgroup/domain, and the system with a plus sign (+) preceding its workgroup name is the local master browser.</p> <p>The <em class="emphasis">findsmb</em> command was introduced during the development of Samba 2.2 and is installed by default in Samba Versions 2.2.5 and later.</p> </div> </div> <a name="INDEX-5"/><a name="INDEX-6"/><a name="INDEX-7"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>make_smbcodepage</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program is part of the <a name="INDEX-6"/>internationalization features of Samba 2.2 and is obsolete in Samba 3.0, which supports <a name="INDEX-7"/>Unicode automatically. The <em class="emphasis">make_smbcodepage</em> program compiles a binary codepage file from a text-format codepage definition. It can also perform the reverse operation, decompiling a binary codepage file into a text version. Examples of text-format codepage files can be found in the Samba distribution in the <em class="filename">source/codepages</em> directory. After Samba has been installed, examples of binary codepages can be found in the directory <em class="filename">/usr/local/samba/lib/codepages</em>.</p> <div class="sect1"><a name="appc-19-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">make_smbcodepage <em class="replaceable">c|d codepage_number input_file output_file</em></pre></blockquote> <p>For the first argument, use <tt class="literal">c</tt> to compile a codepage and <tt class="literal">d</tt> to decompile a codepage file. The <em class="replaceable">codepage_number</em> argument is the number of the codepage being processed (e.g., 850). The <em class="replaceable">input_file</em> and <em class="replaceable">output_file</em> are the text- and binary-format codepages, with the types dependent on the operation (compiling or decompiling) that is being performed.</p> </div> </div> <a name="INDEX-8"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>make_unicodemap</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program is part of the internationalization features of Samba 2.2 and is obsolete in Samba 3.0, which supports Unicode automatically. The <em class="emphasis">make_unicodemap</em> command compiles binary Unicode maps from text files, so Samba can display non-ASCII characters in file and directory names via the Unicode international alphabets. Examples of input mapping files can be found in the directory <em class="filename">source/codepages</em> in the Samba source distribution.</p> <div class="sect1"><a name="appc-21-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">make_unicodemap <em class="replaceable">codepage_number inputfile outputfile</em></pre></blockquote> <p>The input file is an ASCII map; the output file is a binary file loadable by Samba. The codepage is the number of the DOS codepage (e.g., 850) for the map.</p> </div> </div> <a name="INDEX-9"/><a name="INDEX-10"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>net</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">net</em> command, new to Samba 3.0, is a program with a syntax similar to the MS-DOS/Windows command of the same name. It is used for performing various administrative functions related to Windows networking, which can be executed either locally or on a remote system.</p> <div class="sect1"><a name="appc-23-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">net <em class="replaceable">[method] function [misc_options] [target_options]</em></pre></blockquote> <p>The <em class="replaceable">function</em> argument is made up of one or more space-separated words. In Windows terminology, it is sometimes referred to as a function with options. Here we list every function in its complete form, including multiple words.</p> <p>By default, the action is performed on the local system. The <em class="replaceable">target_options</em> argument can be used to specify a remote system (either by hostname or IP address), a domain, or a workgroup.</p> <p>Depending on the function, the <em class="replaceable">method</em> argument can be optional, required, or disallowed. It specifies one of three methods for performing the operation specified by the rest of the command. It can be <tt class="literal">ads</tt> (Active Directory), <tt class="literal">rpc</tt> (Microsoft's DCE/RPC), or <tt class="literal">rap</tt> (Microsoft's original SMB remote procedure call). To determine which methods (if any) can be used with a function, the <tt class="literal">net help ads</tt>, <tt class="literal">net help rap</tt>, and <tt class="literal">net help rpc</tt> commands can be used to list the functions for each method.</p> </div> <div class="sect1"><a name="appc-24-fm2xml"/> <h4 class="refsect1">Miscellaneous options</h4> <dl> <dt><b><tt class="literal">-d</tt> <em class="replaceable">level</em></b></dt> <dt><b><tt class="literal">--debug=l</tt><em class="replaceable">evel</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0 to 10.</p> </dd> <dt><b><tt class="literal">-l</tt></b></dt> <dt><b><tt class="literal">--long</tt></b></dt> <dd> <p><tt class="literal">S</tt>pecifies the long listing mode. This is provided for functions that print informational listings.</p> </dd> <dt><b><tt class="literal">-n</tt> <em class="replaceable">name</em></b></dt> <dt><b><tt class="literal">--myname</tt><em class="emphasis">=</em><em class="replaceable">name</em></b></dt> <dd> <p>Specifies the NetBIOS name for the client.</p> </dd> <dt><b><tt class="literal">-p</tt> <em class="replaceable">port</em></b></dt> <dt><b><tt class="literal">--port</tt><em class="emphasis">=</em><em class="replaceable">port</em></b></dt> <dd> <p>Specifies the port number to use.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt> <dt><b><tt class="literal">--conf</tt><em class="emphasis">=</em><em class="replaceable">filename</em></b></dt> <dd> <p>Specifies the name of the Samba configuration file, overriding the compiled-in default.</p> </dd> <dt><b><tt class="literal">-U</tt> <em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt> <dt><b><tt class="literal">--user</tt><em class="emphasis">=</em><em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt> <dd> <p>Specifies the username and, optionally, the password to use for functions that require authentication.</p> </dd> <dt><b><tt class="literal">-W</tt> <em class="replaceable">name</em></b></dt> <dt><b><tt class="literal">--myworkgroup</tt>=<em class="replaceable">name</em></b></dt> <dd> <p>Specifies the name of the client's workgroup, overriding the definition of the <tt class="literal">workgroup</tt> parameter in the Samba configuration file.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-25-fm2xml"/> <h4 class="refsect1">Target options</h4> <dl> <dt><b><tt class="literal">-S</tt> <em class="replaceable">hostname</em></b></dt> <dd> <p>Specifies the remote system using a hostname or NetBIOS name.</p> </dd> <dt><b><tt class="literal">-I</tt> <em class="replaceable">ip_address</em></b></dt> <dd> <p>Specifies the remote system using its IP address.</p> </dd> <dt><b><tt class="literal">-w</tt> <em class="replaceable">workgroup</em></b></dt> <dd> <p>Specifies the name of the target domain or workgroup.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-26-fm2xml"/> <h4 class="refsect1">Functions</h4> <dl> <dt><b><tt class="literal">abortshutdown</tt></b></dt> <dd> <p>See the <tt class="literal">rpc</tt> <tt class="literal">abortshutdown</tt> function.</p> </dd> <dt><b><tt class="literal">ads</tt> <tt class="literal">info</tt></b></dt> <dd> <p>Prints information about the Active Directory server. The method (<tt class="literal">ads</tt>) must be specified to differentiate this function from the <tt class="literal">rpc info</tt> function.</p> </dd> <dt><b><tt class="literal">ads</tt> <tt class="literal">join</tt> <em class="replaceable">OU</em></b></dt> <dd> <p>Joins the local system to the Active Directory realm (organizational unit) specified by OU. The method (<tt class="literal">ads</tt>) must be specified to differentiate this function from the <tt class="literal">rpc join</tt> function.</p> </dd> <dt><b><tt class="literal">ads</tt> <tt class="literal">leave</tt></b></dt> <dd> <p>Removes the local system from the Active Directory realm.</p> </dd> <dt><b><tt class="literal">ads password</tt> <em class="replaceable">username</em><tt class="literal">@</tt><em class="replaceable">REALM</em> <tt class="literal">-U</tt><em class="replaceable">admin_username</em><tt class="literal">@</tt><em class="replaceable">REALM</em><tt class="literal">%admin_</tt><em class="replaceable">password</em></b></dt> <dd> <p>Changes the Active Directory password for the user specified by <em class="replaceable">username</em><tt class="literal">@</tt><em class="replaceable">REALM</em>. The administrative account authentication information is specified with the <tt class="literal">-U</tt> option. The Active Directory realm must be supplied in all uppercase.</p> </dd> <dt><b><tt class="literal">ads printer info</tt> <em class="replaceable">[printer] [server]</em></b></dt> <dd> <p>Prints information on the specified printer on the specified server. The <em class="replaceable">printer</em> argument defaults to an asterisk (<tt class="literal">*</tt>), meaning all printers, and the <em class="replaceable">server</em> argument defaults to <tt class="literal">localhost</tt>.</p> </dd> <dt><b><tt class="literal">ads printer publish</tt> <em class="replaceable">printer_name</em></b></dt> <dd> <p>Publishes the specified printer in Active Directory.</p> </dd> <dt><b><tt class="literal">ads printer remove</tt> <em class="replaceable">printer_name</em></b></dt> <dd> <p>Removes the specified printer from Active Directory.</p> </dd> <dt><b><tt class="literal">ads search</tt> <em class="replaceable">expr attrib</em></b></dt> <dd> <p>Performs a raw Active Directory search, using the standard LDAP search expression and attributes specified by the <em class="replaceable">expr</em> and <em class="replaceable">attrib</em> arguments, respectively.</p> </dd> <dt><b><tt class="literal">ads status</tt></b></dt> <dd> <p>Prints details about the Active Directory computer account of the system.</p> </dd> <dt><b><tt class="literal">change localhost pass</tt></b></dt> <dd> <p>Changes the Active Directory password for the local system's computer trust account.</p> </dd> <dt><b><tt class="literal">domain</tt></b></dt> <dd> <p>Lists the domains or workgroups on the network.</p> </dd> <dt><b><tt class="literal">file</tt></b></dt> <dd> <p>Lists open files on the server.</p> </dd> <dt><b><tt class="literal">file close</tt> <em class="replaceable">file_id</em></b></dt> <dd> <p>Closes the specified file.</p> </dd> <dt><b><tt class="literal">file info</tt> <em class="replaceable">file_id</em></b></dt> <dd> <p>Prints information about the specified file, which must be open.</p> </dd> <dt><b><tt class="literal">file user</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Lists all files opened on the server by the user specified by <em class="replaceable">username</em>.</p> </dd> <dt><b><tt class="literal">group add</tt> <em class="replaceable">group_name</em></b></dt> <dd> <p>Adds the specified group. This function accepts the miscellaneous option <tt class="literal">-C</tt> <em class="replaceable">comment</em> (which can also be specified as <tt class="literal">- -comment=</tt><em class="replaceable">string</em>) to set the descriptive comment for the group.</p> </dd> <dt><b><tt class="literal">group delete</tt> <em class="replaceable">group_name</em></b></dt> <dd> <p>Deletes the specified group.</p> </dd> <dt><b><tt class="literal">groupmember add</tt> <em class="replaceable">group_name username</em></b></dt> <dd> <p>Adds the user specified by <em class="replaceable">username</em> to the group specified by <em class="replaceable">group_name</em>.</p> </dd> <dt><b><tt class="literal">groupmember delete</tt> <em class="replaceable">group_name username</em></b></dt> <dd> <p>Deletes the user specified by <em class="replaceable">username</em> from the group specified by <em class="replaceable">group_name</em>.</p> </dd> <dt><b><tt class="literal">groupmember list</tt> <em class="replaceable">group_name</em></b></dt> <dd> <p>Lists the users who are members of the specified group.</p> </dd> <dt><b><tt class="literal">help</tt></b></dt> <dd> <p>Prints a help message for the <em class="emphasis">net</em> command.</p> </dd> <dt><b><tt class="literal">help</tt> <em class="replaceable">method</em></b></dt> <dd> <p>Prints a help message for <em class="replaceable">method</em>, which can be <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or <tt class="literal">rpc</tt>. This lists the functions that can use the method, along with a brief description.</p> </dd> <dt><b><tt class="literal">help</tt> <em class="replaceable">function</em></b></dt> <dd> <p>Prints a help message for the specified function, which can be more than one word.</p> </dd> <dt><b><tt class="literal">info</tt></b></dt> <dd> <p>Must be preceded by a method. See the <tt class="literal">ads</tt> <tt class="literal">info</tt> and <tt class="literal">rpc</tt> <tt class="literal">info</tt> functions.</p> </dd> <dt><b><tt class="literal">join</tt></b></dt> <dd> <p>Joins the computer to a Windows NT domain or Active Directory realm. If the method argument is not specified, a check is made to determine if Active Directory is in use, and if so, <tt class="literal">ads join</tt> is performed. Otherwise, <tt class="literal">rpc join</tt> is run. See also the <tt class="literal">ads join</tt> and <tt class="literal">rpc join</tt> functions.</p> </dd> <dt><b><tt class="literal">leave</tt></b></dt> <dd> <p>Must be preceded by a method. See the <tt class="literal">ads</tt> <tt class="literal">leave</tt> function.</p> </dd> <dt><b><tt class="literal">lookup dc</tt> <em class="replaceable">[domain]</em></b></dt> <dd> <p>Prints the IP address of the specified domain's domain controllers. The domain defaults to the value of the <tt class="literal">workgroup</tt> parameter in the Samba configuration file.</p> </dd> <dt><b><tt class="literal">lookup host</tt> <em class="replaceable">hostname [type]</em></b></dt> <dd> <p>Prints the IP address of the specified host.</p> </dd> <dt><b><tt class="literal">lookup kdc</tt> <em class="replaceable">[realm]</em></b></dt> <dd> <p>Prints the IP address of the specified realm's Kerberos domain controller. If <em class="replaceable">realm</em> is not specified, it defaults to the value of the <tt class="literal">realm</tt> parameter in the Samba configuration file.</p> </dd> <dt><b><tt class="literal">lookup ldap</tt> <em class="replaceable">[domain]</em></b></dt> <dd> <p>Prints the IP address of the specified domain's LDAP server. If <em class="replaceable">domain</em> is not specified, it defaults to the value of the <tt class="literal">workgroup</tt> parameter in the Samba configuration file.</p> </dd> <dt><b><tt class="literal">lookup master</tt> <em class="replaceable">[domain]</em></b></dt> <dd> <p>Prints the IP address of the master browser of the specified domain or workgroup. If <em class="replaceable">domain</em> is not specified, it defaults to the value of the <tt class="literal">workgroup</tt> parameter in the Samba configuration file.</p> </dd> <dt><b><tt class="literal">password</tt> <em class="replaceable">username old_password new_password</em></b></dt> <dd> <p>Changes the password for the user specified by the <em class="replaceable">username</em> argument. The user's old and new passwords are provided in plain text as part of the command. Be careful regarding security issues. See also the <tt class="literal">ads password</tt> function.</p> </dd> <dt><b><tt class="literal">printer info</tt></b></dt> <dd> <p>See the <tt class="literal">ads printer info</tt> function.</p> </dd> <dt><b><tt class="literal">printer publish</tt></b></dt> <dd> <p>See the <tt class="literal">ads printer publish</tt> function.</p> </dd> <dt><b><tt class="literal">printer remove</tt></b></dt> <dd> <p>See the <tt class="literal">ads printer remove</tt> function.</p> </dd> <dt><b><tt class="literal">printq</tt></b></dt> <dd> <p>Prints information (including the job IDs) about printer queues on the server.</p> </dd> <dt><b><tt class="literal">printq delete</tt> <em class="replaceable">queue_name</em></b></dt> <dd> <p>Deletes the specified printer queue. The <tt class="literal">-j</tt> <em class="replaceable">job_id</em> (which can also be specified as <tt class="literal">--jobid</tt><em class="emphasis">=</em><em class="replaceable">job_id</em> ) option may be used to specify the job ID of the queue.</p> </dd> <dt><b><tt class="literal">rpc abortshutdown</tt></b></dt> <dd> <p>Aborts the shutdown of a remote server.</p> </dd> <dt><b><tt class="literal">rpc info</tt></b></dt> <dd> <p>Prints information about the server's domain. The method (<tt class="literal">rpc</tt>) must be specified to differentiate this function from the <tt class="literal">ads</tt> <tt class="literal">info</tt> function.</p> </dd> <dt><b><tt class="literal">rpc join</tt> </b></dt> <dd> <p>Joins a computer to a Windows NT domain. If the <tt class="literal">-U</tt> <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em> option is included, the specified username and password will be used as the administrative account required for authenticating with the PDC. If the <tt class="literal">-U</tt> option is not included, this function can be used only to join the computer to the domain after the computer account has been created using the Server Manager. The method (<tt class="literal">rpc</tt>) must be specified to differentiate this function from the <tt class="literal">ads</tt> <tt class="literal">join</tt> function.</p> </dd> <dt><b><tt class="literal">rpc shutdown</tt></b></dt> <dd> <p>Shuts down a server. This function accepts the <tt class="literal">-r</tt>, <tt class="literal">-f</tt>, <tt class="literal">-t</tt>, and <tt class="literal">-c</tt> miscellaneous options. The <tt class="literal">-r</tt> option (which can also be specified as <tt class="literal">--reboot</tt>) requests that the system reboot after shutting down. The <tt class="literal">-f</tt> option (which can also be specified as <tt class="literal">--force</tt>) forces a shutdown. The <tt class="literal">-t</tt> <em class="replaceable">timeout</em> option (which can also be specified as <tt class="literal">- -timeout=</tt><em class="replaceable">number</em>) specifies the number of seconds to wait before shutting down, and the <tt class="literal">-c</tt> <em class="replaceable">comment</em> option (which can also be specified as <tt class="literal">- -comment=</tt><em class="replaceable">string</em>) can be used to specify a message to the client user. On Windows, the comment appears in the Message area in the System Shutdown dialog box.</p> </dd> <dt><b><tt class="literal">rpc trustdom add</tt> <em class="replaceable">domain_name</em></b></dt> <dd> <p>Adds an account for the trust relationship with the specified Windows NT domain.</p> </dd> <dt><b><tt class="literal">rpc trustdom establish</tt> <em class="replaceable">domain_name</em></b></dt> <dd> <p>Establishes a trust relationship with the specified Windows NT domain.</p> </dd> <dt><b><tt class="literal">rpc trustdom revoke</tt> <em class="replaceable">domain_name</em></b></dt> <dd> <p>Revokes the trust relationship with the specified Windows NT domain.</p> </dd> <dt><b><tt class="literal">search</tt></b></dt> <dd> <p>See the <tt class="literal">ads search</tt> function.</p> </dd> <dt><b><tt class="literal">server</tt></b></dt> <dd> <p>Lists servers in the domain or workgroup, which defaults to the value of the <tt class="literal">workgroup</tt> parameter in the Samba configuration file.</p> </dd> <dt><b><tt class="literal">session</tt></b></dt> <dd> <p>Lists clients with open sessions to the server.</p> </dd> <dt><b><tt class="literal">session delete NetBIOS_</tt><em class="replaceable">name</em></b></dt> <dd> <p>Closes the session to the server from the specified client. A synonym is <tt class="literal">session</tt> <tt class="literal">close</tt>.</p> </dd> <dt><b><tt class="literal">session close</tt></b></dt> <dd> <p>A synonym for <tt class="literal">session delete</tt>.</p> </dd> <dt><b><tt class="literal">share</tt></b></dt> <dd> <p>Lists the shares offered by the server. When a Windows 95/98/Me server is the target system, it might be necessary to specify the method as <tt class="literal">rap</tt> for this to work properly.</p> </dd> <dt><b><tt class="literal">share add</tt> <em class="replaceable">share_name</em><tt class="literal">=</tt><em class="replaceable">server_path</em></b></dt> <dd> <p>Adds a share on the target server. The name of the share and the folder to be shared are specified by the <em class="replaceable">share_name</em><tt class="literal">=</tt><em class="replaceable">server_path</em> argument, with <em class="replaceable">server_path</em> the Windows directory name, with spaces and other special characters (if any) quoted and with the backslashes escaped (e.g., "<tt class="literal">data=C:\\Documents</tt> <tt class="literal">and</tt> <tt class="literal">Settings\\jay\\Desktop\\data</tt>"). The <tt class="literal">-C</tt> <em class="replaceable">comment</em> option (which can also be specified as <tt class="literal">- -comment=</tt><em class="replaceable">string</em>) can be used to define a description for the share. The <tt class="literal">-M</tt> <em class="replaceable">number</em> option (which can also be specified as <tt class="literal">--maxusers=</tt><em class="replaceable">number</em>) can be used to set the maximum number of users that can connect to the share. The method (<tt class="literal">rap</tt> or <tt class="literal">rpc</tt>) might need to be specified for this function to work. The regular folder icon cannot change into a "shared folder" icon in Windows Explorer until the display is refreshed.</p> </dd> <dt><b><tt class="literal">share delete</tt> <em class="replaceable">share_name</em></b></dt> <dd> <p>Deletes a share from the target server. The <em class="replaceable">share_name</em> argument is simply the name of the share on the target server, not a UNC. The method (<tt class="literal">rap</tt> or <tt class="literal">rpc</tt>) might need to be specified for this function to work. The "shared folder" icon in Windows Explorer cannot change back to the regular folder icon until the display is refreshed.</p> </dd> <dt><b><tt class="literal">shutdown</tt></b></dt> <dd> <p>See the <tt class="literal">rpc shutdown</tt> function.</p> </dd> <dt><b><tt class="literal">status</tt></b></dt> <dd> <p>See the <tt class="literal">ads status</tt> function.</p> </dd> <dt><b><tt class="literal">time</tt></b></dt> <dd> <p>Displays the system time—in Unix <em class="emphasis">date</em> command format—on the target system.</p> </dd> <dt><b><tt class="literal">time set</tt></b></dt> <dd> <p>Sets the local system's hardware clock using the time obtained from the operating system.</p> </dd> <dt><b><tt class="literal">time system</tt></b></dt> <dd> <p>Sets the time on the local system using the time obtained from the remote system.</p> </dd> <dt><b><tt class="literal">time zone</tt></b></dt> <dd> <p>Prints the time zone (in hours from GMT) in use on the system.</p> </dd> <dt><b><tt class="literal">trustdom add</tt></b></dt> <dd> <p>See the <tt class="literal">rpc trustdom add</tt> function.</p> </dd> <dt><b><tt class="literal">trustdom establish</tt></b></dt> <dd> <p>See the <tt class="literal">rpc trustdom establish</tt> function.</p> </dd> <dt><b><tt class="literal">trustdom revoke</tt></b></dt> <dd> <p>See the <tt class="literal">rpc trustdom revoke</tt> function.</p> </dd> <dt><b><tt class="literal">user</tt></b></dt> <dd> <p>Lists user accounts. The method can be specified as <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or <tt class="literal">rpc</tt>.</p> </dd> <dt><b><tt class="literal">user add</tt> <em class="replaceable">username [password]</em></b></dt> <dd> <p>Adds a user account for the user specified by <em class="replaceable">username</em>. The <tt class="literal">-c</tt> <em class="replaceable">comment</em> option (which can also be specified as <tt class="literal">- -comment=</tt><em class="replaceable">string</em>) can be used to set a comment for the account. The <tt class="literal">-F</tt> <em class="replaceable">user_flags</em> option can be used to set flags (specified in numeric format) for the account. The method can be specified as <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or <tt class="literal">rpc</tt>.</p> </dd> <dt><b><tt class="literal">user delete</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Deletes the specified user's account. The method can be specified as <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or <tt class="literal">rpc</tt>.</p> </dd> <dt><b><tt class="literal">user info</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Lists the domain groups to which the specified user belongs. The method can be specified as <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or <tt class="literal">rpc</tt>. <a name="INDEX-10"/></p> </dd> </dl> </div> </div> <a name="INDEX-11"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nmblookup</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">nmblookup</em> program is a client program that allows command-line access to NetBIOS name service for resolving NetBIOS computer names into IP addresses. The program works by broadcasting its queries on the local subnet until a machine with the specified name responds. You can think of it as a Windows analog of <em class="emphasis">nslookup</em> or <em class="emphasis">dig</em>. This is useful for looking up regular computer names, as well as special-purpose names, such as _ _MSBROWSE_ _ . If you wish to query for a particular type of NetBIOS name, add the NetBIOS type to the end of the name, using the format <em class="replaceable">netbios_name</em><tt class="literal">#<</tt><em class="replaceable">dd</em><tt class="literal">></tt>.</p> <div class="sect1"><a name="appc-28-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">nmblookup <em class="replaceable">[options] netbios_name</em></pre></blockquote> </div> <div class="sect1"><a name="appc-29-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-A</tt></b></dt> <dd> <p>Interprets <em class="replaceable">netbios_name</em> as an IP address and does a node status query on it.</p> </dd> <dt><b><tt class="literal">-B</tt> <em class="replaceable">broadcast_address</em></b></dt> <dd> <p>Sends the query to the given broadcast address. The default is to send the query to the broadcast address of the primary network interface.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">debug_level</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Debug level 0 logs only the most important messages. Level 1 is normal; levels 3 and above are primarily used by developers for debugging the <em class="emphasis">nmblookup</em> program itself and slow the program considerably.</p> </dd> <dt><b><tt class="literal">-f</tt></b></dt> <dd> <p>Prints the flags in the packet headers.</p> </dd> <dt><b><tt class="literal">-h</tt></b></dt> <dd> <p>Prints command-line usage information for the program.</p> </dd> <dt><b><tt class="literal">-i</tt> <em class="replaceable">scope</em></b></dt> <dd> <p>Sets a NetBIOS scope identifier. NetBIOS scope is a rarely used precursor to workgroups.</p> </dd> <dt><b><tt class="literal">-M</tt></b></dt> <dd> <p>Searches for a local master browser by looking up <em class="replaceable">netbios_name</em><tt class="literal"><1d></tt>. If <em class="replaceable">netbios_name</em> is specified as a dash (<tt class="literal">-</tt>), a lookup is done on the special name _ _MSBROWSE_ _ .</p> </dd> <dt><b><tt class="literal">-R</tt></b></dt> <dd> <p>Sets the "recursion desired" bit in the packet. This causes the system that responds to try a WINS lookup and return the address and any other information the WINS server has saved.</p> </dd> <dt><b><tt class="literal">-r</tt></b></dt> <dd> <p>Uses the <tt class="literal">root</tt> port of 137. This option exists as a bug workaround for Windows 95. This option might require the user to be superuser.</p> </dd> <dt><b><tt class="literal">-S</tt></b></dt> <dd> <p>Performs a node status query once the name query has returned an IP address. This returns all the resource types that the system knows about, including their numeric attributes. For example:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -S toltec</b></tt> querying toltec on 172.16.1.255 172.16.1.1 toltec<00> Looking up status of 172.16.1.1 TOLTEC <00> - M <ACTIVE> TOLTEC <03> - M <ACTIVE> TOLTEC <20> - M <ACTIVE> ..__MSBROWSE__. <01> - <GROUP> M <ACTIVE> METRAN <00> - <GROUP> M <ACTIVE> METRAN <1b> - M <ACTIVE> METRAN <1c> - <GROUP> M <ACTIVE> METRAN <1d> - M <ACTIVE> METRAN <1e> - <GROUP> M <ACTIVE></pre></blockquote> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">configuration_ file</em></b></dt> <dd> <p>Specifies the location of the Samba configuration file. Although the file defaults to <em class="filename">/usr/local/samba/lib/smb.conf</em>, you can override it here on the command line. Normally used for debugging.</p> </dd> <dt><b><tt class="literal">-T</tt></b></dt> <dd> <p>Translates IP addresses into resolved names.</p> </dd> <dt><b><tt class="literal">-U</tt> <em class="replaceable">unicast_address</em></b></dt> <dd> <p>Performs a unicast query to the specified address. Used with <tt class="literal">-R</tt> to query WINS servers.</p> </dd> </dl> <p>Note that <em class="emphasis">nmblookup</em> has no option for setting the workgroup. You can get around this by putting <tt class="literal">workgroup</tt> <tt class="literal">=</tt> <em class="replaceable">workgroup_name</em> in a file and passing it to <em class="emphasis">nmblookup</em> with the <tt class="literal">-s</tt> option.</p> </div> </div> <a name="INDEX-12"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>pdbedit</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program, new to Samba 3.0, can be used to manage accounts that are held in a SAM database. The implementation of the database can be any of the types supported by Samba, including the <em class="filename">smbpasswd</em> file, LDAP, NIS+ and the <em class="filename">tdb</em> database library. The user must be the superuser to use this tool.</p> <div class="sect1"><a name="appc-31-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">pdbedit <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-32-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-a</tt></b></dt> <dd> <p>Adds the user specified by the <tt class="literal">-u</tt> option to the SAM database. The command issues a prompt for the user's password.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">drive_letter</em></b></dt> <dd> <p>Sets the Windows drive letter to which to map the user's home directory. The drive letter should be specified as a letter followed by a colon—e.g., <tt class="literal">H</tt>:.</p> </dd> <dt><b><tt class="literal">-D</tt> <em class="replaceable">debug_level</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Debug level 0 logs only the most important messages. Level 1 is normal, and levels 3 and above are primarily for debugging.</p> </dd> <dt><b><tt class="literal">-e</tt> <em class="replaceable">pwdb_backend</em></b></dt> <dd> <p>Exports the user account database to another format, written to the specified location. Used for migrating from one type of account database to another. The <em class="replaceable">pwdb_backend</em> argument is specified in the format of a database type, followed by a colon, then the location of the database. For example, to export the existing account database to an <em class="filename">smbpasswd</em> database in the file <em class="filename">/usr/local/samba/private/smbpw</em>, <em class="replaceable">pwdb_backend</em> would be specified as <tt class="literal">smbpasswd:/usr/local/samba/private/smbpw</tt>. The allowable database types are <tt class="literal">smbpasswd</tt>, <tt class="literal">smbpasswd nua</tt>, <tt class="literal">tdbsam</tt>, <tt class="literal">tdbsam nua</tt>, <tt class="literal">ldapsam</tt>, <tt class="literal">ldapsam_nua</tt>, and <tt class="literal">plugin</tt>.</p> </dd> <dt><b><tt class="literal">-f</tt> <em class="replaceable">full_name</em></b></dt> <dd> <p>Sets the full name of the user specified with the <tt class="literal">-u</tt> option.</p> </dd> <dt><b><tt class="literal">-h</tt> <em class="replaceable">unc</em></b></dt> <dd> <p>Sets the home directory path (as a UNC) for the user specified with the <tt class="literal">-u</tt> option.</p> </dd> <dt><b><tt class="literal">-i</tt> <em class="replaceable">pwdb_backend</em></b></dt> <dd> <p>Specifies a password database backend from which to retrieve account information, overriding the one specified by the <tt class="literal">passdb backend</tt> parameter in the Samba configuration file. This, along with the <tt class="literal">-e</tt> option, is useful for migrating user accounts from one type of account database to another. See the <tt class="literal">-e</tt> option regarding how to specify the <em class="replaceable">pwdb_backend</em> argument.</p> </dd> <dt><b><tt class="literal">-l</tt></b></dt> <dd> <p>Lists the user accounts in the database. See also the <tt class="literal">-v</tt> option.</p> </dd> <dt><b><tt class="literal">-m</tt></b></dt> <dd> <p>Indicates that the account is a computer account rather than a user account. Used only with the <tt class="literal">-a</tt> option when creating the account. In this case, the <tt class="literal">-u</tt> option specifies the computer name rather than a username.</p> </dd> <dt><b><tt class="literal">-p</tt> <em class="replaceable">unc</em></b></dt> <dd> <p>Sets the directory in which the user's profile is kept. The directory is specified as a UNC.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">unc</em></b></dt> <dd> <p>Specifies the UNC of the user's logon script.</p> </dd> <dt><b><tt class="literal">-u</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Specifies the username of the account to add (with the <tt class="literal">-a</tt> option), delete (with the <tt class="literal">-x</tt> option), or modify.</p> </dd> <dt><b><tt class="literal">-v</tt></b></dt> <dd> <p>Selects verbose mode when listing accounts with the <tt class="literal">-l</tt> option. The account fields will be printed.</p> </dd> <dt><b><tt class="literal">-w</tt></b></dt> <dd> <p>Selects the <tt class="literal">smbpasswd</tt> listing mode, for use with the <tt class="literal">-l</tt> option, which prints information in the same format as it would appear in an <em class="filename">smbpasswd</em> file.</p> </dd> <dt><b><tt class="literal">-x</tt></b></dt> <dd> <p>Deletes the user (specified with the <tt class="literal">-u</tt> option) from the account database.</p> </dd> </dl> </div> </div> <a name="INDEX-13"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>rpcclient</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This is a program for issuing administrative commands that are implemented using Microsoft RPCs. It provides access to the RPCs that Windows administrative GUIs use for system management. The <em class="emphasis">rpcclient</em> command is mainly for use by advanced users who understand the RPCs. More information on these can be found in Microsoft's Platform Software Development Kit (SDK), available for download from the Microsoft web site at <a href="http://www.microsoft.com">http://www.microsoft.com</a>.</p><p>You can run a single <em class="emphasis">rpcclient</em> command by using the <tt class="literal">-c command string</tt> option, or interactively with <em class="emphasis">rpcclient</em> prompting for commands.</p> <div class="sect1"><a name="appc-34-fm2xml"/> <h4 class="refsect1">Command Synopsis</h4> <p>rpcclient <em class="replaceable">server [options]</em></p> </div> <div class="sect1"><a name="appc-35-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-A</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Specifies a file from which to read the authentication values used in the connection. The format of the file is as follows:</p> <blockquote><pre class="code">username = <em class="replaceable">value</em> password = <em class="replaceable">value</em> domain = <em class="replaceable">value</em></pre></blockquote> <p>This option is used to avoid password prompts or to have the password appear in plain text inside scripts. The permissions on the file should be very restrictive (0600, for example) to prevent access from unwanted users.</p> </dd> <dt><b><tt class="literal">-c</tt> <em class="replaceable">command_string</em></b></dt> <dd> <p>Executes a sequence of semicolon-separated commands. Commands are listed in the following section.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">debuglevel</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the <em class="filename">smb.conf</em> file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow the program considerably.</p> </dd> <dt><b><tt class="literal">-h</tt></b></dt> <dd> <p>Prints a summary of options.</p> </dd> <dt><b><tt class="literal">-l</tt> <em class="replaceable">logbasename</em></b></dt> <dd> <p>Sets the filename for log/debug files. The extension <em class="filename">.client</em> is appended to the filename.</p> </dd> <dt><b><tt class="literal">-N</tt></b></dt> <dd> <p>Does not prompt for a password. This is used when Samba is configured for share-mode security and a service with no password is being accessed.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Specifies the location of the Samba configuration file, which by default is usually <em class="filename">/usr/local/samba/lib/smb.conf</em>.</p> </dd> <dt><b><tt class="literal">-U</tt> <em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt> <dd> <p>Sets the SMB username or username and password to use. Be careful when specifying the password with <tt class="literal">%</tt><em class="replaceable">password</em>; this is a major security risk. If <tt class="literal">%</tt><em class="replaceable">password</em> is not specified, the user will be prompted for the password, which will not be echoed. Normally the user is set from the USER or LOGNAME environment variable. The <tt class="literal">-U</tt> option by itself means to use the guest account. See also <tt class="literal">-A</tt>.</p> </dd> <dt><b><tt class="literal">-W</tt> <em class="replaceable">domain</em></b></dt> <dd> <p>Sets the domain, overriding the <tt class="literal">workgroup</tt> parameter in the Samba configuration file. If the domain is the server's NetBIOS name, it causes the client to log on using the server's local SAM database rather than the SAM of the domain.</p> </dd> </dl> </div> </div> <a name="INDEX-14"/><a name="INDEX-15"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>rpcclient commands</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>Aside from a few miscellaneous commands, the <em class="emphasis">rpclient</em> commands fall into three groups: LSARPC, SAMR, and SPOOLSS. The function names mentioned in some of the commands are those documented in the Microsoft Platform SDK.</p> <div class="sect1"><a name="appc-37-fm2xml"/> <h4 class="refsect1">General commands</h4> <dl> <dt><b><tt class="literal">debuglevel</tt> <em class="replaceable">level</em></b></dt> <dd> <p>Sets the debugging level to <em class="replaceable">level</em>. With no argument, the current debugging level is printed.</p> </dd> <dt><b><tt class="literal">help</tt></b></dt> <dd> <p>Prints help on the commands.</p> </dd> <dt><b><tt class="literal">quit</tt></b></dt> <dd> <p>Exits <em class="emphasis">rpcclient</em>. A synonym is <tt class="literal">exit</tt>.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-38-fm2xml"/> <h4 class="refsect1">Local Security Authority Remote Procedure Calls (LSARPC) commands</h4> <dl> <dt><b><tt class="literal">enumprivs</tt></b></dt> <dd> <p>Lists the types of privileges known to this domain.</p> </dd> <dt><b><tt class="literal">enumtrust</tt></b></dt> <dd> <p>Lists the domains trusted by this domain.</p> </dd> <dt><b><tt class="literal">getdispname</tt> <em class="replaceable">priv_name</em></b></dt> <dd> <p>Prints information on the privilege named <em class="replaceable">priv_name</em>.</p> </dd> <dt><b><tt class="literal">lookupsids</tt> <em class="replaceable">name</em></b></dt> <dd> <p>Finds a name that corresponds to a security identifier (SID).</p> </dd> <dt><b><tt class="literal">lookupnames</tt> <em class="replaceable">sid</em></b></dt> <dd> <p>Finds the SID for one or more names.</p> </dd> <dt><b><tt class="literal">lsaquery</tt></b></dt> <dd> <p>Queries the LSA object.</p> </dd> <dt><b><tt class="literal">lsaenumsid</tt></b></dt> <dd> <p>Lists SIDs for the local LSA.</p> </dd> <dt><b><tt class="literal">lsaquerysecobj</tt></b></dt> <dd> <p>Prints information on security objects for the LSA.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-39-fm2xml"/> <h4 class="refsect1">Security Access Manager RPC (SAMR) commands</h4> <dl> <dt><b><tt class="literal">createdomuser</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Adds a new user in the domain.</p> </dd> <dt><b><tt class="literal">deletedomuser</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Removes a user from the domain.</p> </dd> <dt><b><tt class="literal">enumalsgroups</tt> <em class="replaceable">type</em></b></dt> <dd> <p>Lists alias groups in the domain, along with their group RIDs. The <em class="replaceable">type</em> argument can be either <tt class="literal">builtin</tt>, to list Windows built-in groups such as <tt class="literal">Administrators</tt> and <tt class="literal">Power</tt> <tt class="literal">Users</tt>, or <tt class="literal">domain</tt>, to list groups in the domain. See also the <em class="emphasis">queryuseraliases</em> command.</p> </dd> <dt><b><tt class="literal">enumdomgroups</tt></b></dt> <dd> <p>Lists the groups in the domain, along with their group RIDs.</p> </dd> <dt><b><tt class="literal">queryaliasmem</tt> <em class="replaceable">user_rid</em></b></dt> <dd> <p>Prints information regarding alias membership. See also the <em class="emphasis">queryuseraliases</em> command.</p> </dd> <dt><b><tt class="literal">querydispinfo</tt></b></dt> <dd> <p>Prints out the account database. The information printed includes the RID, username, and full name of each user. The RID is printed in hexadecimal notation and can be used in this form for commands that take a RID as an argument.</p> </dd> <dt><b><tt class="literal">querydominfo</tt></b></dt> <dd> <p>Prints information regarding the domain. This includes the name of the domain, as well as the number of users, groups, and aliases.</p> </dd> <dt><b><tt class="literal">querygroup</tt> <em class="replaceable">group_rid</em></b></dt> <dd> <p>Given a group RID, prints the group name, description, number of members, and group description.</p> </dd> <dt><b><tt class="literal">queryuser</tt> <em class="replaceable">user_rid</em></b></dt> <dd> <p>Given a user RID, prints the corresponding username, full name, and other information pertaining to the user.</p> </dd> <dt><b><tt class="literal">queryuseraliases</tt> <em class="replaceable">type</em> <em class="replaceable">user_rid</em></b></dt> <dd> <p>Prints aliases for the user. The <em class="replaceable">type</em> argument can be either <tt class="literal">builtin</tt> or <tt class="literal">domain</tt>. Aliases are used with the Windows messaging service and act like usernames, but they can be attached to a computer rather than a user. This allows messages intended for a user to be sent to a computer on which the user is either not logged on, or logged on under another username.</p> </dd> <dt><b><tt class="literal">queryusergroups</tt> <em class="replaceable">user_rid</em></b></dt> <dd> <p>Prints information on each group inhabited by the user.</p> </dd> <dt><b><tt class="literal">querygroupmem</tt> <em class="replaceable">group_rid</em></b></dt> <dd> <p>Prints the RID and attributes for each member of the group.</p> </dd> <dt><b><tt class="literal">samlookupnames</tt> <em class="replaceable">type username</em></b></dt> <dd> <p>Looks up the <em class="replaceable">username</em> in the SAM database and prints its associated RID. The <em class="replaceable">type</em> argument can be either <tt class="literal">builtin</tt>, to look up built-in Windows usernames, or <tt class="literal">domain</tt>, to look up names in the domain.</p> </dd> <dt><b><tt class="literal">samlookuprids</tt> <em class="replaceable">type rid</em></b></dt> <dd> <p>Looks up <em class="replaceable">rid</em> in the SAM database and prints its associated group or username. The <em class="replaceable">type</em> argument can be either <tt class="literal">builtin</tt>, to look up built-in Windows usernames, or <tt class="literal">domain</tt>, to look up names in the domain. The RID argument can be given in either 0xDDD hexadecimal notation or decimal.</p> </dd> <dt><b><tt class="literal">samquerysecobj</tt></b></dt> <dd> <p>Prints information on security objects (such as ACLs) in the SAM database.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-40-fm2xml"/> <h4 class="refsect1">Windows NT/2000/XP Printing Services (SPOOLSS) commands</h4> <dl> <dt><b><tt class="literal">adddriver</tt> <em class="replaceable">arch config_file</em> </b></dt> <dd> <p>Adds a printer driver to the server. The driver files must already exist in the directory returned by <em class="emphasis">getdriverdir</em>. The <em class="replaceable">arch</em> argument can be one of <tt class="literal">Windows 4.0</tt> for Windows 95/98/Me, or <tt class="literal">Windows NT x86</tt>, <tt class="literal">Windows NT PowerPC</tt>, <tt class="literal">Windows Alpha_AXP</tt>, and <tt class="literal">Windows NT R4000</tt>. Others might be introduced in the future.</p> <p>The <em class="replaceable">config_file</em> should contain:</p> <blockquote><pre class="code">Long Printer Name:\ Driver File Name:\ Data File Name:\ Config File Name:\ Help File Name:\ NULL:\ Default Data Type:\</pre></blockquote> <p>followed by a comma-separated list of files. Any empty fields should contain the string <tt class="literal">NULL</tt>.</p> </dd> <dt><b><tt class="literal">addprinter</tt> <em class="replaceable">printername sharename drivername port</em> </b></dt> <dd> <p>Adds a printer on the remote server as <em class="replaceable">sharename</em>. The printer driver must already be installed on the server with <em class="emphasis">adddriver</em>, and the port must be a valid port name returned by <em class="emphasis">enumports</em>.</p> </dd> <dt><b><tt class="literal">deldriver</tt> <em class="replaceable">drivername</em></b></dt> <dd> <p>Deletes a printer driver (for all architectures) from the server's list of printer drivers.</p> </dd> <dt><b><tt class="literal">enumports</tt> <em class="replaceable">[level]</em></b></dt> <dd> <p>Prints information regarding the printer ports on the server. The <em class="replaceable">level</em> argument can be <tt class="literal">1</tt> or <tt class="literal">2</tt>. Level 1 is the default and prints out only the Port Name. Information level 2 is the Port Name, Monitor Name, Description, and Port Type.</p> </dd> <dt><b><tt class="literal">enumdrivers</tt> <em class="replaceable">[level]</em> </b></dt> <dd> <p>Lists all the printer drivers on the system. The <em class="replaceable">level</em> argument specifies the information level. Level 1 is the default and prints the Driver Name(s). Level 2 prints the Version, Driver Name, Architecture, Driver Path, Data File, and Config File. Level 3 prints the contents of Level 2, plus the Help File, one or more Dependent Files, Monitor Name, and Default Data Type.</p> </dd> <dt><b><tt class="literal">enumprinters</tt> <em class="replaceable">[level]</em></b></dt> <dd> <p>Lists all installed printers, regardless of whether they are shared. The <em class="replaceable">level</em> argument specifies the information level. Level 1 is the default, and prints Flags, Name, Description, and Comment. Level 2 prints the Server Name, Printer Name, Share Name, Port Name, Driver Name, Comment, Location, Separator File, Print Processor, Data Type, Parameters, Attributes, Priority, Default Priority, Start Time, Until Time, Status, Current Jobs, Average PPM (pages per minute), and a Security Descriptor.</p> </dd> <dt><b><tt class="literal">getdriver</tt> <em class="replaceable">[level] printername</em></b></dt> <dd> <p>Prints the printer driver information for the given printer. The <em class="replaceable">level</em> argument specifies the information level.</p> <p>Level 1 is the default, and prints the Driver Name. Level 2 prints the Version, Driver Name, Architecture, Driver Path, Data File, and Config File. Level 3 prints the contents of level 2, plus the Help File, one or more Dependent Files, Monitor Name, and Default Data Type.</p> </dd> <dt><b><tt class="literal">getdriverdir</tt> <em class="replaceable">arch</em></b></dt> <dd> <p>Retrieves the share name and directory for storing printer driver files for a given architecture. Possible values for <em class="replaceable">arch</em> are "<tt class="literal">Windows</tt> <tt class="literal">4.0</tt>" for Windows 95/98/Me, "<tt class="literal">Windows</tt> <tt class="literal">NT</tt> <tt class="literal">x86</tt>" for Windows NT on Intel, "<tt class="literal">Windows</tt> <tt class="literal">NT</tt> <tt class="literal">PowerPC</tt>" for Windows NT on PowerPC, "<tt class="literal">Windows</tt> <tt class="literal">Alpha</tt> <tt class="literal">AXP</tt>" for Windows NT on Alpha, and "<tt class="literal">Windows</tt> <tt class="literal">NT</tt> <tt class="literal">R4000</tt>" for Windows NT on MIPS. Include the quote marks in the command.</p> </dd> <dt><b><tt class="literal">getprinter</tt> <em class="replaceable">printername</em></b></dt> <dd> <p>Prints the current printer information. The <em class="replaceable">level</em> argument specifies the information level.</p> </dd> <dt><b><tt class="literal">openprinter</tt> <em class="replaceable">printername</em></b></dt> <dd> <p>Attempts to open and close a specified printer and reports whether it was successful.</p> </dd> <dt><b><tt class="literal">setdriver</tt> <em class="replaceable">printername drivername</em></b></dt> <dd> <p>Unconditionally updates the printer driver used by an installed printer. Both the printer and printer driver must already be correctly installed on the print server.</p> </dd> <dt><b><tt class="literal">setprinter</tt> <em class="replaceable">printername comment</em></b></dt> <dd> <p>Assigns a comment string to a printer.<a name="INDEX-15"/></p> </dd> </dl> </div> </div> <a name="INDEX-16"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbcacls</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program provides a way of modifying Windows NT ACLs on files and directories shared by the Samba server.</p> <div class="sect1"><a name="appc-42-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbcacls //<em class="replaceable">server</em>/<em class="replaceable">share filename</em> <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-43-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-A</tt> <em class="replaceable">acls</em></b></dt> <dd> <p>Adds one or more ACLs to the file or directory. Any ACLs already existing for the file or directory are unchanged.</p> </dd> <dt><b><tt class="literal">-M</tt> <em class="replaceable">acls</em></b></dt> <dd> <p>Modifies the <em class="replaceable">mask</em> of the ACLs specified. Refer to the following section, "Specifying ACLs," for details.</p> </dd> <dt><b><tt class="literal">-D</tt> <em class="replaceable">acls</em></b></dt> <dd> <p>Deletes the specified ACLs.</p> </dd> <dt><b><tt class="literal">-S</tt> <em class="replaceable">acls</em></b></dt> <dd> <p>Sets the specified ACLs, deleting any ACLs previously set on the file or directory. The ACLs must contain at least a revision, type, owner, and group.</p> </dd> <dt><b><tt class="literal">-U</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Sets the username used to connect to the specified service. The user is prompted for a password unless the argument is specified as <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>. (Specifying the password on the command line is a security risk.) If <tt class="literal">-U</tt> <em class="replaceable">domain</em><tt class="literal">\\</tt><em class="replaceable">username</em> is specified, the specified domain or workgroup will be used in place of the one specified in the <em class="filename">smb.conf</em> file.</p> </dd> <dt><b><tt class="literal">-C</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Changes the owner of the file or directory. This is a shortcut for <tt class="literal">-M</tt> <tt class="literal">OWNER</tt>:<em class="replaceable">username</em>. The <em class="replaceable">username</em> argument can be given as a username or a SID in the form <tt class="literal">S-1-</tt><em class="replaceable">N-N-D-D-D-R</em>.</p> </dd> <dt><b><tt class="literal">-G</tt> <em class="replaceable">groupname</em></b></dt> <dd> <p>Changes the group of the file or directory. This is a shortcut for <tt class="literal">-M</tt> <tt class="literal">GROUP</tt>:<em class="replaceable">groupname</em>. The <em class="replaceable">groupname</em> argument can be given as a group name or a SID in the form <tt class="literal">S-1-</tt><em class="replaceable">N-N-D-D-D-R</em>.</p> </dd> <dt><b><tt class="literal">-n</tt></b></dt> <dd> <p>Causes all ACL information to be displayed in numeric format rather than in readable strings.</p> </dd> <dt><b><tt class="literal">-h</tt></b></dt> <dd> <p>Prints a help message.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-44-fm2xml"/> <h4 class="refsect1">Specifying ACLs</h4> <p>In the previous options, the same format is always used when specifying ACLs. An ACL is made up of one or more Access Control Entries (ACEs), separated by either commas or escaped newlines. An ACE can be one of the following:</p> <blockquote class="simplelist"> <p><tt class="literal">REVISION</tt>:<em class="replaceable">revision_number</em></p> <p><tt class="literal">OWNER</tt>:<em class="replaceable">username_or_SID</em></p> <p><tt class="literal">GROUP</tt>:<em class="replaceable">group_name_or_SID</em></p> <p><tt class="literal">ACL</tt>:<em class="replaceable">name_or_SID</em>:<em class="replaceable">type</em>/<em class="replaceable">flags</em>/<em class="replaceable">mask</em></p> </blockquote> <p>The <em class="replaceable">revision_number</em> should always be 1. The <tt class="literal">OWNER</tt> and <tt class="literal">GROUP</tt> entries can be used to set the owner and group for the file or directory. The names can be the textual ones or SIDs in the form <tt class="literal">S-1-</tt><em class="replaceable">N</em><tt class="literal">-</tt><em class="replaceable">N</em><tt class="literal">-</tt><em class="replaceable">D</em><tt class="literal">-</tt><em class="replaceable">D-D-R</em>.</p> <p>The <tt class="literal">ACL</tt> entry specifies what access rights to apply to the file or directory. The <em class="replaceable">name_or_SID</em> field specifies to which user or group the permissions apply and can be supplied either as a textual name or a SID. An ACE can be used to either allow or deny access. The <em class="replaceable">type</em> field is set to <tt class="literal">1</tt> to specify a permission to be allowed or <tt class="literal">0</tt> for specifying a permission to deny. The <em class="replaceable">mask</em> field is the name of the permission and is one of the following:</p> <dl> <dt><b><tt class="literal">R</tt></b></dt> <dd> <p>Read access.</p> </dd> <dt><b><tt class="literal">W</tt></b></dt> <dd> <p>Write access.</p> </dd> <dt><b><tt class="literal">X</tt></b></dt> <dd> <p>Execute permission.</p> </dd> <dt><b><tt class="literal">D</tt></b></dt> <dd> <p>Permission to delete.</p> </dd> <dt><b><tt class="literal">P</tt></b></dt> <dd> <p>Change permissions on the object.</p> </dd> <dt><b><tt class="literal">O</tt></b></dt> <dd> <p>Take ownership.</p> </dd> </dl> <p>The following combined permissions can also be specified:</p> <dl> <dt><b><tt class="literal">READ</tt></b></dt> <dd> <p>Equivalent to RX permissions</p> </dd> <dt><b><tt class="literal">CHANGE</tt></b></dt> <dd> <p>Equivalent to RWXD permissions</p> </dd> <dt><b><tt class="literal">FULL</tt></b></dt> <dd> <p>Equivalent to RWXDPO permissions</p> </dd> </dl> <p>The <em class="replaceable">flags</em> field is for specifying how objects in directories are to inherit their default permissions from their parent directory. For files, <em class="replaceable">flags</em> is normally set to <tt class="literal">0</tt>. For directories, <em class="replaceable">flags</em> is usually set to either <tt class="literal">9</tt> or <tt class="literal">2</tt>.</p> </div> </div> <a name="INDEX-17"/><a name="INDEX-18"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbclient</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbclient</em> program is the "Swiss army knife" of the Samba suite. Initially developed as a testing tool, it has become a command shell capable of acting as a general-purpose Unix client, with a command set very similar to that of <em class="emphasis">ftp</em>. It offers the following set of functions:</p><ul><li> <p>Interactive file transfer, similar to <em class="emphasis">ftp</em></p> </li> <li> <p>Interactive printing to shared SMB printers</p> </li> <li> <p>Interactive tar format archiving</p> </li> <li> <p>Sending messages on the SMB network</p> </li> <li> <p>Batch mode tar format archiving</p> </li> <li> <p>"What services do you have?" querying</p> </li> <li> <p>Debugging</p> </li></ul> <div class="sect1"><a name="appc-45-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbclient //<em class="replaceable">server</em>/<em class="replaceable">share</em> <em class="replaceable">[ password] [options]</em></pre></blockquote> <p>It is possible to run <em class="emphasis">smbclient</em> noninteractively, for use in scripts, by specifying the <tt class="literal">-c</tt> option along with a list of commands to execute. Otherwise, <em class="emphasis">smbclient</em> runs in interactive mode, prompting for commands such as this:</p> <blockquote><pre class="code">smb:\></pre></blockquote> <p>The backslash in the prompt is replaced by the current directory within the share as you change your working directory with <em class="emphasis">smbclient</em>'s <em class="emphasis">cd</em> command.</p> </div> <div class="sect1"><a name="appc-46-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-A</tt> <em class="replaceable">authfile</em></b></dt> <dd> <p>Specifies a file from which to read the username and password used for the connection. The format of the file is as follows:</p> <blockquote><pre class="code">username = <em class="replaceable">value</em> password = <em class="replaceable">value</em> domain = <em class="replaceable">value</em></pre></blockquote> <p>This is to avoid having the password prompted for or have it appear in plain text in scripts. The permissions on the file should be very restrictive (0600, for example) to prevent access by unwanted users.</p> </dd> <dt><b><tt class="literal">-b</tt> <em class="replaceable">buffer_size</em></b></dt> <dd> <p>Sets the size of the buffer used when transferring files. It defaults to 65520 bytes and can be changed as a tuning measure. Generally it should be quite large or set to match the size of the buffer on the remote system. It can be set smaller to work around Windows bugs: some Windows 98 systems work best with a buffer size of 1200.</p> </dd> <dt><b><tt class="literal">-B</tt> <em class="replaceable">IP_addr</em></b></dt> <dd> <p>Sets the broadcast address.</p> </dd> <dt><b><tt class="literal">-c</tt> <em class="replaceable">command_string</em> </b></dt> <dd> <p>Passes a command string to the <em class="emphasis">smbclient</em> command interpreter. The argument consists of a semicolon-separated list of commands to be executed.</p> </dd> <dt><b><em class="emphasis">-d</em> <em class="replaceable">debug_level</em></b></dt> <dd> <p>Sets the debug (logging) level, from 0 to 10, with A for all. Overrides the value in <em class="filename">smb.conf</em>. Debug level 0 logs only the most important messages; level 1 is normal; debug levels 3 and above are for debugging and slow <em class="emphasis">smbclient</em> considerably.</p> </dd> <dt><b><tt class="literal">-D</tt> <em class="replaceable">init_dir</em></b></dt> <dd> <p>Upon starting up, causes <em class="emphasis">smbclient</em> to change its working directory to <em class="replaceable">init_dir</em> on the remote host.</p> </dd> <dt><b><tt class="literal">-E</tt></b></dt> <dd> <p>Sends output from commands to <em class="emphasis">stderr</em> instead of <em class="emphasis">stdout</em>.</p> </dd> <dt><b><tt class="literal">-h</tt></b></dt> <dd> <p>Prints the command-line help information (usage) for <em class="emphasis">smbclient</em>.</p> </dd> <dt><b><tt class="literal">-I</tt> <em class="replaceable">IP_address</em></b></dt> <dd> <p>Sets the IP address of the server to which the client connects.</p> </dd> <dt><b><tt class="literal">-i</tt> <em class="replaceable">scope</em></b></dt> <dd> <p>Sets a NetBIOS scope identifier.</p> </dd> <dt><b><tt class="literal">-l</tt> <em class="replaceable">log_ file</em></b></dt> <dd> <p>Sends the log messages to <em class="replaceable">log_file</em> rather than to the log file specified in the Samba configuration file or the compiled-in default.</p> </dd> <dt><b><tt class="literal">-L</tt> <em class="replaceable">server</em></b></dt> <dd> <p>Lists services (shares) offered by the server. This can be used as a quick way to test an SMB server to see if it is working. If there is a name-service problem, use the <tt class="literal">-I</tt> option to specify the server.</p> </dd> <dt><b><tt class="literal">-M</tt> <em class="replaceable">NetBIOS_name</em></b></dt> <dd> <p>Allows you to send messages using the Windows messaging protocol. Once a connection is established, you can type your message, pressing Ctrl-D to end. The <tt class="literal">-U</tt> and <tt class="literal">-I</tt> options can be used to control the "From" and "To" parts of the message.</p> </dd> <dt><b><tt class="literal">-N</tt></b></dt> <dd> <p>Suppresses the password prompt. Useful when using share mode security and accessing a service that has no password.</p> </dd> <dt><b><tt class="literal">-n</tt> <em class="replaceable">NetBIOS_name</em></b></dt> <dd> <p>Allows you to override the NetBIOS name by which <em class="emphasis">smbclient</em> will advertise itself.</p> </dd> <dt><b><tt class="literal">-O</tt> <em class="replaceable">socket_options</em></b></dt> <dd> <p>Sets the TCP/IP socket options using the same parameters as the <tt class="literal">socket options</tt> configuration option. Often used for performance tuning and testing.</p> </dd> <dt><b><tt class="literal">-p</tt> <em class="replaceable">port_number</em></b></dt> <dd> <p>Sets the port number with which <em class="emphasis">smbclient</em> will connect.</p> </dd> <dt><b><tt class="literal">-R</tt> <em class="replaceable">resolve_order</em></b></dt> <dd> <p>Sets the resolve order of the name servers. This option is similar to the <tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration option and can take any of the four parameters <tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>, <tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order. If more than one is specified, the argument is specified as a space-separated list. This option can be used to test name service by specifying only the name service to be tested.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Specifies the location of the Samba configuration file. Used for debugging.</p> </dd> <dt><b><tt class="literal">-t</tt> <em class="replaceable">terminal_code</em></b></dt> <dd> <p>Sets the terminal code for Asian languages.</p> </dd> <dt><b><tt class="literal">-T</tt> <em class="replaceable">command_string tarfile</em></b></dt> <dd> <p>Runs the tar archiver, which is <em class="emphasis">gtar</em> compatible. The tar file that is written to or read from is specified by <em class="replaceable">tarfile</em>. The two main commands are <tt class="literal">c</tt> (create) and <tt class="literal">x</tt> (extract), which can be followed by any of these:</p> <dl> <dt><b><tt class="literal">a</tt></b></dt> <dd> <p>Resets the archive attribute on files after they have been saved. See also the <tt class="literal">g</tt> option.</p> </dd> <dt><b><tt class="literal">b</tt> <em class="replaceable">size</em></b></dt> <dd> <p>Sets the block size for writing the tar file, in 512-byte units.</p> </dd> <dt><b><tt class="literal">g</tt></b></dt> <dd> <p>Backs up only files that have their archive bit set. See also the <tt class="literal">a</tt> option.</p> </dd> <dt><b><tt class="literal">I</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Includes files and directories. This is the default, so specifying this is redundant. To perform pattern matching, see also the <tt class="literal">r</tt> option.</p> </dd> <dt><b><tt class="literal">N</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Backs up only those files newer than <em class="replaceable">file</em>.</p> </dd> <dt><b><tt class="literal">q</tt></b></dt> <dd> <p>Suppresses diagnostics.</p> </dd> <dt><b><tt class="literal">r</tt></b></dt> <dd> <p>Performs regular expression matching, which can be used along with the <tt class="literal">I</tt> or <tt class="literal">E</tt> option to include or exclude files.</p> </dd> <dt><b><tt class="literal">X</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Excludes files and directories.</p> </dd> </dl> </dd> <dt><b><tt class="literal">-U</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Sets the username and, optionally, the password used for authentication when connecting to the share.</p> </dd> <dt><b><tt class="literal">-W</tt> <em class="replaceable">workgroup</em></b></dt> <dd> <p>Specifies the workgroup/domain in which <em class="emphasis">smbclient</em> will claim to be a member.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-47-fm2xml"/> <h4 class="refsect1">smbclient commands</h4> <dl> <dt><b><tt class="literal">help</tt> <em class="replaceable">[smbclient_command]</em></b></dt> <dd> <p>With no command specified, prints a list of available commands. If a command is specified as an argument, a brief help message will be printed for it.</p> </dd> <dt><b><tt class="literal">!</tt> <em class="replaceable">[shell_command]</em></b></dt> <dd> <p>Shell escape. With no command specified, runs a Unix shell. If a command is specified, runs the command in a Unix shell.</p> </dd> <dt><b><tt class="literal">altname</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Causes <em class="emphasis">smbclient</em> to request from the server and then print the old-style, 8.3-format filename for the specified file.</p> </dd> <dt><b><tt class="literal">cancel</tt> <em class="replaceable">print_jobid [...]</em></b></dt> <dd> <p>Causes <em class="emphasis">smbclient</em> to request the server to cancel one or more print jobs, as specified by the numeric job IDs provided as arguments. See also the <em class="emphasis">queue</em> command, which prints job IDs.</p> </dd> <dt><b><tt class="literal">chmod</tt> <em class="replaceable">filename octal_mode</em></b></dt> <dd> <p>Requests that the server change the Unix file permissions on <em class="replaceable">filename</em> to <em class="replaceable">octal_mode</em>, specified in octal numeric format. Works only if the server supports Unix CIFS extensions.</p> </dd> <dt><b><tt class="literal">chown</tt> <em class="replaceable">filename UID GID</em></b></dt> <dd> <p>Requests that the server change the owner and group of the file specified by <em class="replaceable">filename</em> to those provided as decimal numeric arguments <em class="replaceable">UID</em> and <em class="replaceable">GID</em>. Works only if the server supports Unix CIFS extensions.</p> </dd> <dt><b><tt class="literal">cd</tt> <em class="replaceable">[directory]</em></b></dt> <dd> <p>With no argument, prints the current working directory on the remote system. If a directory name is supplied as an argument, changes the working directory on the remote system to that specified.</p> </dd> <dt><b><tt class="literal">del</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Requests that the server delete one or more files, as specified by the argument, from the current working directory. The argument can be a filename globbing pattern using the * and ? characters.</p> </dd> <dt><b><tt class="literal">dir</tt> [<em class="replaceable">filename]</em></b></dt> <dd> <p>With no arguments, prints a list of files and directories in the working directory on the server. If an argument is provided, only files and directories whose names match the argument will be listed. The argument can be a filename globbing pattern using the * and ? characters.</p> </dd> <dt><b><tt class="literal">exit</tt></b></dt> <dd> <p>Quits the <em class="emphasis">smbclient</em> program after terminating the SMB connection to the server.</p> </dd> <dt><b><tt class="literal">get</tt> <em class="replaceable">remote_file [local_file]</em></b></dt> <dd> <p>Copies the file specified by <em class="replaceable">remote_file</em> from the server to the local system. If no <em class="replaceable">local_file</em> argument is specified, <em class="emphasis">smbclient</em> will name the local file the same as it is named on the server. If <em class="replaceable">local_file</em> is specified, it will be used as the name of the local copy. See also the <em class="emphasis">lowercase</em> command.</p> </dd> <dt><b><tt class="literal">help</tt> <em class="replaceable">[command]</em></b></dt> <dd> <p>A synonym for the <em class="emphasis">?</em> command.</p> </dd> <dt><b><tt class="literal">lcd</tt> <em class="replaceable">[directory]</em></b></dt> <dd> <p>If no argument is provided, prints the name of <em class="emphasis">smbclient</em>'s working directory on the local system. If a directory name is provided as an argument, changes <em class="emphasis">smbclient</em>'s working directory to the directory specified.</p> </dd> <dt><b><tt class="literal">link</tt> <em class="replaceable">link_name filename</em></b></dt> <dd> <p>Requests that the server create a hard link to <em class="replaceable">filename</em> and name it <em class="replaceable">link_name</em>. This command works only if the server supports Unix CIFS extensions.</p> </dd> <dt><b><tt class="literal">lowercase</tt></b></dt> <dd> <p>Toggles the boolean lowercasing setting. When this setting is on, names of files copied from the server with the <em class="emphasis">get</em> and <em class="emphasis">mget</em> commands will be changed to all lowercase. This is mainly used for accessing servers that report filenames in all uppercase only.</p> </dd> <dt><b><tt class="literal">ls</tt> <em class="replaceable">[filename]</em></b></dt> <dd> <p>A synonym for <em class="emphasis">dir</em>.</p> </dd> <dt><b><tt class="literal">mask</tt> <em class="replaceable">[globbing_pattern]</em></b></dt> <dd> <p>Sets the filename globbing pattern for use with the <em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands when recursion is turned on. (When recursion is off, the setting has no effect.) Both <em class="emphasis">mget</em> and <em class="emphasis">mput</em> accept a globbing pattern as arguments; however, those patterns apply only to the current directory. This command specifies the pattern used for all subdirectories that are recursively traversed. The pattern stays in effect until it is changed with another <em class="emphasis">mask</em> command. To return the setting to its original default, specify a <em class="replaceable">globbing_pattern</em> of an asterisk (<tt class="literal">*</tt>), which matches all files. See also the <em class="emphasis">mget</em>, <em class="emphasis">mput</em>, and <em class="emphasis">recurse</em> commands.</p> </dd> <dt><b><tt class="literal">mdir</tt> <em class="replaceable">directory</em></b></dt> <dd> <p>A synonym for the <em class="emphasis">mkdir</em> command.</p> </dd> <dt><b><tt class="literal">mget</tt> <em class="replaceable">pattern</em></b></dt> <dd> <p>When recursion is turned off, copies files matching the file-globbing pattern, as specified by the argument, from the current working directory on the server to the local system. When recursion is on, the <em class="replaceable">pattern</em> argument is used to match directories in the current working directory, and the pattern specified by the <em class="emphasis">mask</em> command is used for matching files within each directory and all subdirectories. See also the <em class="emphasis">lowercase</em>, <em class="emphasis">mask</em>, and <em class="emphasis">recurse</em> commands.</p> </dd> <dt><b><tt class="literal">print</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Prints the specified file. This requires that <em class="emphasis">smbclient</em> be connected to a print share. See also the <em class="emphasis">printmode</em> command.</p> </dd> <dt><b><tt class="literal">printmode</tt> <em class="replaceable">mode</em></b></dt> <dd> <p>Sets the mode that is used by the <em class="emphasis">print</em> command. The mode can be either <tt class="literal">text</tt>, for printing text files such as the ASCII files commonly found on Unix, or <tt class="literal">graphics</tt>, for printing binary files.</p> </dd> <dt><b><tt class="literal">prompt</tt></b></dt> <dd> <p>Toggles the prompting mode. When prompting is on (the default), the <em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands will interactively prompt the user for permission to transfer each file. The user can answer either <tt class="literal">y</tt> (yes) or <tt class="literal">n</tt> (no), followed by a newline, to this prompt. When prompting is off, all the files will be transferred with no prompts issued.</p> </dd> <dt><b><tt class="literal">put</tt> <em class="replaceable">local_file [remote_file]</em></b></dt> <dd> <p>Copies the file specified by <em class="replaceable">local_file</em> from the local to the remote system. If no <em class="replaceable">remote_file</em> argument is specified, <em class="emphasis">smbclient</em> will name the remote file the same as it is named on the local system. If <em class="replaceable">remote_file</em> is specified, it will be used as the name of the remote copy. See also the <em class="emphasis">lowercase</em> command.</p> </dd> <dt><b><tt class="literal">queue</tt></b></dt> <dd> <p>Prints information on the print queue on the server. This requires that <em class="emphasis">smbclient</em> is connected to a print share.</p> </dd> <dt><b><tt class="literal">quit</tt></b></dt> <dd> <p>A synonym for <em class="emphasis">exit</em>.</p> </dd> <dt><b><tt class="literal">rd</tt> <em class="replaceable">directory</em></b></dt> <dd> <p>A synonym for <em class="emphasis">rmdir</em>.</p> </dd> <dt><b><tt class="literal">recurse</tt></b></dt> <dd> <p>Toggles the recursion mode, which affects the <em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands. When recursion is off (the default), the <em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands will copy only files from the current working directory that match the file-globbing pattern specified as an argument to the command, and the pattern set by the <em class="emphasis">mask</em> command is ignored. When recursion is turned on, the <em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands recursively traverse any directories that match the pattern specified as the argument to the command, and the pattern set by the <em class="emphasis">mask</em> command is used to match files in those directories.</p> </dd> <dt><b><tt class="literal">rm</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>A synonym for <em class="emphasis">del</em>.</p> </dd> <dt><b><tt class="literal">rmdir</tt> <em class="replaceable">directory</em></b></dt> <dd> <p>Requests that the server remove the specified directory.</p> </dd> <dt><b><tt class="literal">setmode</tt> <em class="replaceable">filename attributes</em></b></dt> <dd> <p>Requests that the server assign the specified MS-DOS file attributes on the specified file. The <em class="replaceable">attributes</em> argument has the format of a leading plus sign (<tt class="literal">+</tt>) or minus sign (<tt class="literal">-</tt>) either to set or to unset the attribute(s), respectively, followed by one or more of the characters <tt class="literal">r</tt> (read), <tt class="literal">s</tt> (system), <tt class="literal">h</tt> (hidden), or <tt class="literal">a</tt> (archive).</p> </dd> <dt><b><tt class="literal">symlink</tt> <em class="replaceable">link_name filename</em></b></dt> <dd> <p>Requests that the server create a symbolic link named <em class="replaceable">link_name</em> to <em class="replaceable">filename</em>. This command works only if the server supports Unix CIFS extensions. The server will not create a link that refers to a file not in the share to which <em class="emphasis">smbclient</em> is connected.</p> </dd> <dt><b><tt class="literal">tar</tt> <em class="replaceable">cmd_str</em></b></dt> <dd> <p>Performs an archiving operation using the tar format. This is the interactive form of the <tt class="literal">-T</tt> command-line operation, and the <em class="replaceable">cmd_str</em> argument is specified in the same manner. See also the <em class="emphasis">tarmode</em> command.</p> </dd> <dt><b><tt class="literal">blocksize</tt> <em class="replaceable">size</em></b></dt> <dd> <p>Sets the block size, in units of 512 bytes, for files written by the <em class="emphasis">tar</em> command.</p> </dd> <dt><b><tt class="literal">tarmode</tt> <em class="replaceable">mode ...</em></b></dt> <dd> <p>Specifies how the <em class="emphasis">tar</em> command performs its archiving, including how it handles the archive attribute on files. Multiple <em class="replaceable">mode</em> arguments can be provided, chosen from the following:</p> <dl> <dt><b><tt class="literal">full</tt></b></dt> <dd> <p>All files will be included, regardless of whether their <tt class="literal">archive</tt> attribute is set. This is the default.</p> </dd> <dt><b><tt class="literal">inc</tt></b></dt> <dd> <p>Only files that have the <tt class="literal">archive</tt> attribute set will be included in the backup.</p> </dd> <dt><b><tt class="literal">reset</tt></b></dt> <dd> <p>The <tt class="literal">archive</tt> attribute will be unset by <em class="emphasis">tar</em> after the file is included in the archive.</p> </dd> <dt><b><tt class="literal">noreset</tt></b></dt> <dd> <p>The <tt class="literal">archive</tt> attribute will be left unchanged. This is the default.</p> </dd> <dt><b><tt class="literal">system</tt></b></dt> <dd> <p>Files with the <tt class="literal">system</tt> attribute set will be included in the archive. This is the default.</p> </dd> <dt><b><tt class="literal">nosystem</tt></b></dt> <dd> <p>Files with the <tt class="literal">system</tt> attribute set will not be included in the archive.</p> </dd> <dt><b><tt class="literal">hidden</tt></b></dt> <dd> <p>Files with the <tt class="literal">hidden</tt> attribute set will be included in the archive. This is the default.</p> </dd> <dt><b><tt class="literal">nohidden</tt></b></dt> <dd> <p>Files with the <tt class="literal">hidden</tt> attribute set will not be included in the archive.</p> </dd> <dt><b><tt class="literal">verbose</tt></b></dt> <dd> <p>As files are included in the archive (when creating the archive) or are read from the archive (when extracting it), the name of each file will be printed. This is the default.</p> </dd> <dt><b><tt class="literal">noverbose</tt></b></dt> <dd> <p>This turns verbose mode off, causing <em class="emphasis">tar</em> to perform its work quietly.</p> </dd> <dt><b><tt class="literal">quiet</tt></b></dt> <dd> <p>An antonym for the <tt class="literal">verbose</tt> mode. When quiet is on, verbose is off, and vice versa.<a name="INDEX-18"/></p> </dd> </dl> </dd> </dl> </div> </div> <a name="INDEX-19"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbcontrol</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbcontrol</em> command sends control messages to running <em class="emphasis">smbd</em> or <em class="emphasis">nmbd</em> processes.</p> <div class="sect1"><a name="appc-49-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbcontrol -i<em class="replaceable"> [options]</em></pre></blockquote> <p>or:</p> <blockquote><pre class="code">smbcontrol <em class="replaceable">[options] process message-type [parameters]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-50-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-i</tt></b></dt> <dd> <p>Runs <em class="emphasis">smbcontrol</em> interactively, executing commands until a blank line or "q" is read. The user must have superuser privileges.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Specifies the location of the Samba configuration file.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">debuglevel</em></b></dt> <dd> <p>Sets the debugging level for logging. The debug level can be set from to 10.</p> </dd> </dl> <p>Whether <em class="emphasis">smbcontrol</em> commands are issued in interactive mode or from the command line, the commands are in the same format. Each command has up to three parts:</p> <dl> <dt><b><em class="replaceable">process</em></b></dt> <dd> <p>Specifies the process or group of processes to which to send the message. If <em class="replaceable">process</em> is <tt class="literal">smbd</tt>, all <em class="emphasis">smbd</em> processes will receive the message. If <em class="replaceable">process</em> is <tt class="literal">nmbd</tt>, only the main <em class="emphasis">nmbd</em> process (identified by Samba's <em class="filename">nmbd.pid</em> file) receives the message. If <em class="replaceable">process</em> is the numeric PID of a running process on the system, that process will receive the message.</p> </dd> <dt><b><em class="replaceable">message-type</em></b></dt> <dd> <p>Specifies the type of message that is sent. For more information, see <a href="appc.html#appc-51-fm2xml">smbcontrol message types</a> that follows.</p> </dd> <dt><b><em class="replaceable">parameters</em></b></dt> <dd> <p>Specifies additional parameters required by some messages.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-51-fm2xml"/> <h4 class="refsect1">smbcontrol message types</h4> <dl> <dt><b><tt class="literal">close-share</tt> <em class="replaceable">share_name</em></b></dt> <dd> <p>Closes the connection to a share or shares. If <em class="replaceable">share_name</em> is specified as an asterisk (<tt class="literal">*</tt>), connections to all shares will be closed. To close a single connection, <em class="replaceable">share_name</em> is given as the name of a share, as specified in the Samba configuration file, not including the enclosing brackets. Warning: no message is printed if there is an error in specifying <em class="replaceable">share_name</em>.</p> </dd> <dt><b><tt class="literal">debug</tt> <em class="replaceable">num</em></b></dt> <dd> <p>Sets the debugging level. The <em class="replaceable">num</em> parameter specifies the level, which can be from 0 to 10.</p> </dd> <dt><b><tt class="literal">debuglevel</tt></b></dt> <dd> <p>Prints the current debugging level.</p> </dd> <dt><b><tt class="literal">force-election</tt></b></dt> <dd> <p>Can be used only with <em class="emphasis">nmbd</em>, telling it to force a master browser election.</p> </dd> <dt><b><tt class="literal">ping</tt> <em class="replaceable">number</em></b></dt> <dd> <p>Sends <em class="emphasis">number</em> of pings and reports when they receive a reply or timeout. Used for connectivity testing.</p> </dd> <dt><b><tt class="literal">profile</tt> <em class="replaceable">mode</em></b></dt> <dd> <p>Controls profiling statistics collection. If <em class="replaceable">mode</em> is <tt class="literal">on</tt>, profile statistics will be collected. If <em class="replaceable">mode</em> is <tt class="literal">off</tt>, collection of statistics is turned off. If <em class="replaceable">mode</em> is specified as <tt class="literal">count</tt>, only counting statistics are collected (and not timing statistics). If <em class="replaceable">mode</em> is <tt class="literal">flush</tt>, the data set is cleared (initialized).</p> </dd> <dt><b><tt class="literal">profilelevel</tt></b></dt> <dd> <p>Prints the current profiling level.</p> </dd> <dt><b><tt class="literal">printer-notify</tt> <em class="replaceable">printer_name</em></b></dt> <dd> <p>Sends a printer notify message to Windows NT/2000/XP for the specified printer. This message can be sent only to <em class="emphasis">smbd</em>. Warning: no message is printed if the <em class="replaceable">printer_name</em> parameter is specified incorrectly.</p> </dd> </dl> </div> </div> <a name="INDEX-20"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbgroupedit</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This command, new to Samba 3.0, sets up mappings between Unix groups and Windows NT/2000/XP groups and also allows a Unix group to become a domain group. This command must be run by the superuser.</p> <div class="sect1"><a name="appc-53-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbgroupedit <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-54-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-a</tt> <em class="replaceable">Unix_group_name</em></b></dt> <dd> <p>Adds a mapping for the specified Unix group. The <tt class="literal">-n</tt> option is used along with this option to specify the Windows NT group to which the Unix group is mapped.</p> </dd> <dt><b><tt class="literal">-c</tt> <em class="replaceable">SID</em></b></dt> <dd> <p>Changes a mapping between a Windows NT group and a Unix group. The Windows NT group is specified as a SID with this option, and the Unix group is specified with the <tt class="literal">-u</tt> option.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">description</em></b></dt> <dd> <p>Specifies a comment for the mapping, which will be stored along with it.</p> </dd> <dt><b><tt class="literal">-l</tt></b></dt> <dd> <p>When used with the <tt class="literal">-v</tt> option, prints a long listing. This is the default. The information printed includes the name of the Windows NT group, its SID, its corresponding Unix group (if a mapping has been defined), the group type, the comment, and the privileges of the group.</p> </dd> <dt><b><tt class="literal">-n</tt> <em class="replaceable">Windows_group_name</em></b></dt> <dd> <p>Specifies the name of the Windows NT group. Used with the <tt class="literal">-a</tt> option.</p> </dd> <dt><b><tt class="literal">-p</tt> <em class="replaceable">privilege</em></b></dt> <dd> <p>Used along with the <tt class="literal">-a</tt> option to specify a Windows NT privilege to be given to the Unix group.</p> </dd> <dt><b><tt class="literal">-s</tt></b></dt> <dd> <p>When used with the <tt class="literal">-v</tt> option, prints a short listing. The information printed includes just the name of the Windows NT group, its SID, and, if a mapping has been defined, its corresponding Unix group. This option is useful for determining the SID of a group, for use with the <tt class="literal">-c</tt> option.</p> </dd> <dt><b><tt class="literal">-t</tt> <em class="replaceable">TYPE</em></b></dt> <dd> <p>Assigns a Windows group type to the group. <em class="replaceable">TYPE</em> is a single character, and is one of <tt class="literal">b</tt> (built-in), <tt class="literal">d</tt> (domain), or <tt class="literal">l</tt> (local).</p> </dd> <dt><b><tt class="literal">-u</tt> <em class="replaceable">Unix_group_name</em></b></dt> <dd> <p>Specifies the name of the Unix group to map to the Windows NT group. Used with the <tt class="literal">-c</tt> option.</p> </dd> <dt><b><tt class="literal">-v</tt></b></dt> <dd> <p>Prints a list of groups in the Windows NT domain in which the Samba server is operating. See also the <tt class="literal">-l</tt> and <tt class="literal">-s</tt> options.</p> </dd> <dt><b><tt class="literal">-x</tt> <em class="replaceable">Unix_group_name</em></b></dt> <dd> <p>Deletes the mapping for the Unix group specified.</p> </dd> </dl> </div> </div> <a name="INDEX-21"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbmnt</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This is a low-level helper program for mounting smbfs filesystems. It used by <em class="emphasis">smbmount</em> to do the privileged part of the mount operation on behalf of an ordinary user. Generally, users should not run this command directly.</p> <div class="sect1"><a name="appc-56-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbmnt mnt_point <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-57-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-r</tt></b></dt> <dd> <p>Mounts the filesystem as read-only.</p> </dd> <dt><b><tt class="literal">-u</tt> <em class="replaceable">uid</em> </b></dt> <dd> <p>Specifies the UID to use for the owner of the files.</p> </dd> <dt><b><tt class="literal">-g</tt> <em class="replaceable">gid</em></b></dt> <dd> <p>Specifies the GID to use for the group of the files.</p> </dd> <dt><b><tt class="literal">-f</tt> <em class="replaceable">mask</em></b></dt> <dd> <p>Specifies the octal file mask.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">mask</em></b></dt> <dd> <p>Specifies the octal directory mask.</p> </dd> <dt><b><tt class="literal">-o</tt> <em class="replaceable">options</em></b></dt> <dd> <p>Specifies the list of options that are passed to the smbfs module.</p> </dd> </dl> <p>To allow users to mount SMB shares without help from an administrator, set the "set user ID" permission on the <em class="emphasis">smbmnt</em> executable. However, note that this can raise security issues.</p> </div> </div> <a name="INDEX-22"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbmount</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program mounts an smbfs filesystem on a mount point in the Unix filesystem. It is typically called as <em class="emphasis">mount.smb</em> from <em class="emphasis">mount</em>, although it can also be run directly by users. After mounting the smbfs filesystem, <em class="emphasis">smbmount</em> continues to run as a daemon as long as the filesystem is mounted. It logs events in the file <em class="filename">log.smbmount</em> in the same directory as the other Samba log files (which is commonly <em class="filename">/usr/local/samba/var</em> by default). The logging level is controlled by the <tt class="literal">debug level</tt> parameter in the Samba configuration file.</p> <div class="sect1"><a name="appc-59-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbmount <em class="replaceable">service mount_point [-o options]</em></pre></blockquote> <p>The service argument specifies the SMB share to mount, given as a UNC. The <em class="replaceable">mount_point</em> argument specifies a directory to use as the mount point. The options to <em class="emphasis">smbmount</em> are specified as a comma-separated list of <em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em> pairs. The documented options are as follows. Others can be passed if the kernel supports them.</p> </div> <div class="sect1"><a name="appc-60-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">username=</tt><em class="replaceable">name</em></b></dt> <dd> <p>Specifies the username to connect as. If this is not provided, the environment variable USER will be tried. The name can be specified as <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>, <em class="replaceable">user</em><tt class="literal">/</tt><em class="replaceable">workgroup</em>, or <em class="replaceable">user</em><tt class="literal">/</tt><em class="replaceable">workgroup</em><tt class="literal">%</tt><em class="replaceable">password</em>.</p> </dd> <dt><b><tt class="literal">password=</tt><em class="replaceable">string</em></b></dt> <dd> <p>Specifies the SMB password. If no password is provided using this option, the <em class="emphasis">username</em> option, or the <em class="emphasis">credentials</em> option, the environment variable PASSWD is used. If that also does not exist, <em class="emphasis">smbmount</em> will prompt interactively for a password.</p> </dd> <dt><b><tt class="literal">credentials=</tt><em class="replaceable">filename</em></b></dt> <dd> <p>Specifies a file that contains a username and password in the following format:</p> <blockquote><pre class="code">username = <em class="replaceable">value</em> password = <em class="replaceable">value</em></pre></blockquote> </dd> <dt><b><tt class="literal">uid=</tt><em class="replaceable">number</em></b></dt> <dd> <p>Sets the Unix user ID to be used as the owner of all files in the mounted filesystem. It can be specified as a username or numeric UID. Defaults to the UID of the user running <em class="emphasis">smbmount</em>.</p> </dd> <dt><b><tt class="literal">gid=</tt><em class="replaceable">number</em></b></dt> <dd> <p>Sets the Unix group ID to be used as the group for all files in the mounted filesystem. It can be specified as a group name or a numeric GID. Defaults to the GID of the user running <em class="emphasis">smbmount</em>.</p> </dd> <dt><b><tt class="literal">port=</tt><em class="replaceable">number</em></b></dt> <dd> <p>Sets the TCP port number. This is 139, which is required by most Windows versions.</p> </dd> <dt><b><tt class="literal">fmask=</tt><em class="replaceable">octal_mask</em> </b></dt> <dd> <p>Sets the Unix permissions of all files in the mounted filesystem. Defaults to the user's current umask.</p> </dd> <dt><b><tt class="literal">dmask=</tt><em class="replaceable">octal_mask</em></b></dt> <dd> <p>Sets the Unix permissions of all directories in the mounted filesystem. Defaults to the current umask.</p> </dd> <dt><b><tt class="literal">debug=</tt><em class="replaceable">number</em></b></dt> <dd> <p>Sets the debugging level.</p> </dd> <dt><b><tt class="literal">ip=</tt><em class="replaceable">host</em></b></dt> <dd> <p>Sets the destination hostname or IP address.</p> </dd> <dt><b><tt class="literal">netbiosname=</tt><em class="replaceable">name</em></b></dt> <dd> <p>Sets the computer name to connect as. This defaults to the hostname of the local system.</p> </dd> <dt><b><tt class="literal">workgroup=</tt><em class="replaceable">name</em></b></dt> <dd> <p>Sets the workgroup or domain.</p> </dd> <dt><b><tt class="literal">sockopt=</tt><em class="replaceable">opts</em></b></dt> <dd> <p>Sets TCP socket options.</p> </dd> <dt><b><tt class="literal">scope=</tt><em class="replaceable">num</em></b></dt> <dd> <p>Sets the NetBIOS scope.</p> </dd> <dt><b><tt class="literal">guest</tt></b></dt> <dd> <p>Don't expect or prompt for a password.</p> </dd> <dt><b><tt class="literal">ro</tt></b></dt> <dd> <p>Mounts the share read-only.</p> </dd> <dt><b><tt class="literal">rw</tt></b></dt> <dd> <p>Mounts the share read-write.</p> </dd> <dt><b><tt class="literal">iocharset=</tt><em class="replaceable">charset</em></b></dt> <dd> <p>Sets the charset used by the Linux machine for codepage-to-charset translation. See also the <em class="emphasis">codepage</em> option.</p> </dd> <dt><b><tt class="literal">codepage=</tt><em class="replaceable">page</em></b></dt> <dd> <p>Sets the DOS code page. See also the <em class="emphasis">iocharset</em> option.</p> </dd> <dt><b><tt class="literal">ttl=</tt><em class="replaceable">milliseconds</em></b></dt> <dd> <p>Sets the time to live, in milliseconds, for entries in the directory cache. A higher value gives better performance on large directories and/or slower connections. The default is 1000ms. Try 10000ms (10 seconds) as a starting value if directory operations are visibly slow.</p> </dd> </dl> </div> </div> <a name="INDEX-23"/><a name="INDEX-24"/><a name="INDEX-25"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbpasswd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbpasswd</em> program provides the general function of managing <a name="INDEX-24"/><a name="INDEX-25"/>encrypted passwords. How it works depends on whether it is run by the superuser or an ordinary user.</p><p>For the superuser, <em class="emphasis">smbpasswd</em> can be used to maintain Samba's <em class="filename">smbpasswd</em> file. It can add or delete users, change their passwords, and modify other attributes pertaining to the user that are held in the <em class="filename">smbpasswd</em> file.</p><p>When run by ordinary users, <em class="emphasis">smbpasswd</em> can be used only to change their encrypted passwords. In this mode of operation, <em class="emphasis">smbpasswd</em> acts as a client to the <em class="emphasis">smbd</em> daemon. The program will fail if <em class="emphasis">smbd</em> is not operating, if the <tt class="literal">hosts allow</tt> or <tt class="literal">hosts deny</tt> parameters in the Samba configuration file do not permit connections from localhost (IP address 127.0.0.1), or if the <tt class="literal">encrypted passwords</tt> option is set to <tt class="literal">no</tt>. It is also possible for <em class="emphasis">smbpasswd</em> to change a user's password when it is maintained on a remote system, including a Windows NT domain controller.</p> <div class="sect1"><a name="appc-62-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <p>When run by the superuser:</p> <blockquote><pre class="code">smbpasswd <em class="replaceable">[options] [username] [password]</em></pre></blockquote> <p>In this case, the username of the user whose <em class="emphasis">smbpasswd</em> entry is to be modified is provided as the second argument.</p> <p>Otherwise:</p> <blockquote><pre class="code">smbpasswd <em class="replaceable">[options] [password]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-63-fm2xml"/> <h4 class="refsect1">Superuser-only options</h4> <dl> <dt><b><tt class="literal">-a</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Adds a user to the encrypted password file. The user must already exist in the system password file (<em class="filename">/etc/passwd</em> ). If the user already exists in the <em class="filename">smbpasswd</em> file, the <tt class="literal">-a</tt> option changes the existing password.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Disables a user in the encrypted password file. The user's entry in the file will remain, but will be marked with a flag disabling the user from authenticating.</p> </dd> <dt><b><tt class="literal">-e</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Enables a disabled user in the encrypted password file. This overrides the effect of the <tt class="literal">-d</tt> option.</p> </dd> <dt><b><tt class="literal">-j</tt> <em class="replaceable">domain</em></b></dt> <dd> <p>Joins the Samba server to a Windows NT domain as a domain member server. The <em class="replaceable">domain</em> argument is the NetBIOS name of the Windows NT domain that is being joined. See also the <tt class="literal">-r</tt> and <tt class="literal">-U</tt> options.</p> </dd> <dt><b><tt class="literal">-m</tt></b></dt> <dd> <p>Indicates that the account is a computer account in a Windows NT domain rather than a domain user account.</p> </dd> <dt><b><tt class="literal">-n</tt></b></dt> <dd> <p>Sets the user's password to a null password. For the user to authenticate, the parameter <tt class="literal">null</tt> <tt class="literal">passwords</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> must exist in the <tt class="literal">[global]</tt> section of the Samba configuration file.</p> </dd> <dt><b><tt class="literal">-R</tt> <em class="replaceable">resolve_order_list</em></b></dt> <dd> <p>Sets the resolve order of the name servers. This option is similar to the <tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration option and can take any of the four parameters <tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>, <tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order. If more than one is specified, the argument is specified as a space-separated list.</p> </dd> <dt><b><tt class="literal">-w</tt> <em class="replaceable">password</em></b></dt> <dd> <p>For use when Samba has been compiled with the <tt class="literal">--with-ldapsam</tt> configure option. Specifies the password that goes with the value of the <tt class="literal">ldap admin dn</tt> Samba configuration file parameter.</p> </dd> <dt><b><tt class="literal">-x</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Deletes the user from the <em class="filename">smbpasswd</em> file. This is a one-way operation, and all information associated with the entry is lost. To disable the account without deleting the user's entry in the file, see the <tt class="literal">-d</tt> option.</p> </dd> </dl> </div> <div class="sect1"><a name="appc-64-fm2xml"/> <h4 class="refsect1">Other options</h4> <dl> <dt><b><tt class="literal">-c</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Specifies the Samba configuration file, overriding the compiled-in default.</p> </dd> <dt><b><tt class="literal">-D</tt> <em class="replaceable">debug_level</em></b></dt> <dd> <p>Sets the debug (also called logging) level. The level can range from to 10. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow the program considerably.</p> </dd> <dt><b><tt class="literal">-h</tt></b></dt> <dd> <p>Prints command-line usage information.</p> </dd> <dt><b><tt class="literal">-L</tt></b></dt> <dd> <p>Causes <em class="emphasis">smbpasswd</em> to run in local mode, in which ordinary users are allowed to use the superuser-only options. This requires that the <em class="filename">smbpasswd</em> file be made readable and writable by the user. This is for testing purposes.</p> </dd> <dt><b><tt class="literal">-r</tt> <em class="replaceable">NetBIOS_name</em></b></dt> <dd> <p>Specifies on which machine the password should change. If changing a Windows NT domain password, the remote system specified by <em class="replaceable">NetBIOS_name</em> must be the PDC for the domain. The user's username on the local system is used by default. See also the <tt class="literal">-U</tt> option for use when the user's Samba username is different from the local username.</p> </dd> <dt><b><tt class="literal">-R</tt> <em class="replaceable">resolve_order</em></b></dt> <dd> <p>Sets the resolve order of the name servers. This option is similar to the resolve order configuration option and can take any of the four parameters <tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>, <tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order. If more than one is specified, the argument is specified as a space-separated list.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Causes <em class="emphasis">smbpasswd</em> not to prompt for passwords from <em class="filename">/dev/tty</em>, but instead to read the old and new passwords from the standard input. This is useful when calling <em class="emphasis">smbpasswd</em> from a script.</p> </dd> <dt><b><tt class="literal">-S</tt></b></dt> <dd> <p>Queries the domain controller of the domain, as specified by the <tt class="literal">workgroup</tt> parameter in the Samba configuration file, and retrieves the domain's SID. This will then be used as the SID for the local system. A specific PDC can be selected by combining this option with the <tt class="literal">-r</tt> option, and its domain's SID will be used. This option is for migrating domain accounts from a Windows NT primary domain controller to a Samba PDC.</p> </dd> <dt><b><tt class="literal">-U</tt> <em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt> <dd> <p>Changes the password for <em class="replaceable">username</em> on the remote system. This is to handle instances in which the remote username and local username are different. This option requires that <tt class="literal">-r</tt> also be used. Often used with <tt class="literal">-j</tt> to provide the username of the administrative user on the primary domain controller for adding computer accounts.</p> </dd> </dl> </div> </div> <a name="INDEX-26"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbsh</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbsh</em> program allows SMB shares to be accessed from a Unix system. When <em class="emphasis">smbsh</em> is run, an extra directory tree called <em class="filename">/smb </em>becomes available to dynamically linked shell commands. The first level of directories under <em class="filename">/smb</em> represent available workgroups, the next level of subdirectories represent the SMB servers in each workgroup, and the third level of subdirectories represent the disk and printer shares of each server.</p><p>Samba must be compiled with the <tt class="literal">--with-smbwrappers</tt> option to enable <em class="emphasis">smbsh</em>.</p> <div class="sect1"><a name="appc-66-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><em class="emphasis">-d</em> <em class="replaceable">debug_level</em></b></dt> <dd> <p>Sets the debug (sometimes called logging) level. The level can range from 0, the default, to 10. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow <em class="emphasis">smbsh</em> considerably.</p> </dd> <dt><b><em class="emphasis">-l</em> <em class="replaceable">filename</em></b></dt> <dd> <p>Sets the name of the logging file. By default, messages are sent to <em class="emphasis">stderr</em>.</p> </dd> <dt><b><em class="emphasis">-L</em> <em class="replaceable">directory</em></b></dt> <dd> <p>Specifies the location of <em class="emphasis">smbsh</em>'s shared libraries, overriding the compiled-in default.</p> </dd> <dt><b><em class="emphasis">-P</em> <em class="replaceable">prefix</em></b></dt> <dd> <p>Sets the name of the <tt class="literal">root</tt> directory to use for the SMB filesystem. The default is <em class="filename">/smb</em>.</p> </dd> <dt><b><em class="emphasis">-R</em> <em class="replaceable">resolve_order</em></b></dt> <dd> <p>Sets the resolve order of the name servers. This option is similar to the <tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration option and can take any of the four parameters <tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>, <tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order. If more than one is specified, the argument is specified as a space-separated list.</p> </dd> <dt><b><em class="emphasis">-U</em> <em class="replaceable">username</em></b></dt> <dd> <p>Provides the username, and optionally the password, for authenticating the connection to the SMB server. The password can be supplied using the <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em> format. If either or both the username and password are not provided, <em class="emphasis">smbsh</em> will prompt interactively for them.</p> </dd> <dt><b><em class="emphasis">-W</em> <em class="replaceable">workgroup</em></b></dt> <dd> <p>Specifies the NetBIOS workgroup or domain to which the client will connect. This overrides the workgroup parameter in the Samba configuration file and is sometimes necessary to connect to some servers.</p> </dd> </dl> </div> </div> <a name="INDEX-27"/><a name="INDEX-28"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbspool</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbspool</em> program provides a <a name="INDEX-28"/>CUPS-compatible interface to Samba printing by providing a way to send a print job to an SMB printer using the command-line format specified by CUPS printers. Although <em class="emphasis">smbspool</em> is designed to work best with CUPS printers, it can be used to send print jobs to non-CUPS Samba printers as well.</p> <div class="sect1"><a name="appc-68-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbspool <em class="replaceable">job user title copies options filename</em></pre></blockquote> <p>The arguments for <em class="emphasis">smbspool</em>, as shown here, are those used in the CUPS printing system. However, some of the arguments are currently ignored because they don't correspond to the Samba printing system. These arguments must be supplied in the command and can be filled in with "dummy" values.</p> <p>The <em class="replaceable">job</em> argument refers to the job number and is currently ignored. The <em class="replaceable">user</em> argument is the name of the user who submitted the print job and is also ignored. The <em class="replaceable">title</em> argument is the name of the print job and must be supplied. It is used as the name of the remote print file. The <em class="replaceable">copies</em> argument is the number of copies that will be printed. This number is used only if the (optional) <em class="filename">filename</em> argument is supplied. Otherwise, only one copy is printed. The <em class="replaceable">options</em> argument, for specifying printing options, is ignored. The <em class="replaceable">filename</em> argument is used for specifying the name of the file to be printed. If it is not provided, the standard input will be used.</p> <p>The printer that the job is to be sent to is specified in the DEVICE_URI environment variable. The format for the printer name is a device Universal Resource Indicator, which can be in any of the following formats:</p> <blockquote class="simplelist"> <p><em class="emphasis">smb://server/printer</em></p> <p><em class="emphasis">smb://workgroup/server/printer</em></p> <p><em class="emphasis">smb://username:password@server/printer</em></p> <p><em class="emphasis">smb://username:password@workgroup/server/printer</em></p> </blockquote> </div> </div> <a name="INDEX-29"/><a name="INDEX-30"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbstatus</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program lists the current connections on a Samba server.</p> <div class="sect1"><a name="appc-70-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-b</tt></b></dt> <dd> <p>Causes <em class="emphasis">smbstatus</em> to produce brief output. This includes the version of Samba and auditing information about the users that are connected to the server.</p> </dd> <dt><b><tt class="literal">-d</tt></b></dt> <dd> <p>Gives verbose output, which includes a list of services, a list of locked files, and memory usage statistics. This is the default.</p> </dd> <dt><b><tt class="literal">-L</tt></b></dt> <dd> <p>Prints only the list of current file locks.</p> </dd> <dt><b><tt class="literal">-p</tt></b></dt> <dd> <p>Prints only a list of <em class="emphasis">smbd</em> process IDs.</p> </dd> <dt><b><tt class="literal">-P</tt></b></dt> <dd> <p>Prints only the contents of the profiling memory area. Requires that Samba has been compiled with the profiling option.</p> </dd> <dt><b><tt class="literal">-S</tt></b></dt> <dd> <p>Prints only a list of shares and their connections.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Specifies the Samba configuration file to use when processing this command.</p> </dd> <dt><b><tt class="literal">-u</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Limits the report to the activity of a single user.</p> </dd> </dl> </div> </div> <a name="INDEX-31"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbtar</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbtar</em> program is a shell-script wrapper around <em class="emphasis">smbclient</em> for doing tar-format archiving operations. It is functionally very similar to the Unix <em class="emphasis">tar</em> program.</p> <div class="sect1"><a name="appc-72-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbtar <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-73-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-a</tt></b></dt> <dd> <p>Resets (clears) the archive attribute on files after they are backed up. The default is to leave the archive attribute unchanged.</p> </dd> <dt><b><tt class="literal">-b</tt> <em class="replaceable">blocksize</em></b></dt> <dd> <p>Sets block size, in units of 512 bytes, for reading or writing the archive file. Defaults to 20, which results in a block size of 10240 bytes.</p> </dd> <dt><b><tt class="literal">-d</tt> <em class="replaceable">directory</em></b></dt> <dd> <p>Changes the working directory on the remote system to <em class="replaceable">directory</em> before starting the restore or backup operation.</p> </dd> <dt><b><tt class="literal">-i</tt></b></dt> <dd> <p>Specifies incremental mode; files are backed up only if they have the DOS archive attribute set. The archive attribute is reset (cleared) after each file is read.</p> </dd> <dt><b><tt class="literal">-l</tt> <em class="replaceable">log_level</em></b></dt> <dd> <p>Sets the logging level. This corresponds to the <tt class="literal">-d</tt> option of <em class="emphasis">smbclient</em> and other Samba programs.</p> </dd> <dt><b><tt class="literal">-N</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Backs up only files newer than <em class="filename">filename</em>. For incremental backups.</p> </dd> <dt><b><tt class="literal">-p</tt> <em class="replaceable">password</em></b></dt> <dd> <p>Specifies the password to use to access a share. An alternative to using the <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em> format with the <tt class="literal">-u</tt> option.</p> </dd> <dt><b><tt class="literal">-r</tt></b></dt> <dd> <p>Restores files to the share from the tar file.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">server</em></b></dt> <dd> <p>Specifies the SMB server. See also the <tt class="literal">-x</tt> option.</p> </dd> <dt><b><tt class="literal">-t</tt> <em class="replaceable">filename</em></b></dt> <dd> <p>Specifies the file or Unix device to use as the archiving medium. The default is <em class="filename">tar.out</em> or the value of the TAPE environment variable, if it has been set.</p> </dd> <dt><b><tt class="literal">-u</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Specifies the user account to use when connecting to the share. You can specify the password as well, in the format <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>. The username defaults to the user's Unix username.</p> </dd> <dt><b><tt class="literal">-v</tt></b></dt> <dd> <p>Operates in verbose mode, printing error messages and additional information that can be used in debugging and monitoring. Backup and restore operations will list each file as it is processed.</p> </dd> <dt><b><tt class="literal">-x</tt> <em class="replaceable">share</em></b></dt> <dd> <p>States the name of the share on the server to which to connect. The default is <tt class="literal">backup</tt>. See also the <tt class="literal">-s</tt> option.</p> </dd> <dt><b><tt class="literal">-X</tt> <em class="replaceable">file_list</em></b></dt> <dd> <p>Tells <em class="emphasis">smbtar</em> to exclude the specified files from the backup or restore operation.</p> </dd> </dl> </div> </div> <a name="INDEX-32"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbumount</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbumount</em> command exists to allow an ordinary (nonsuperuser) user to unmount a smbfs filesystem, which the user had previously mounted using <em class="emphasis">smbmount</em>.</p> <div class="sect1"><a name="appc-75-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">smbumount <em class="replaceable">mount_point</em></pre></blockquote> <p>For ordinary users to issue the command, <em class="emphasis">smbumount</em> must be made suid <tt class="literal">root</tt>.</p> </div> </div> <a name="INDEX-33"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>testparm</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">testparm</em> program checks a Samba configuration file for obvious errors.</p> <div class="sect1"><a name="appc-77-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">testparm <em class="replaceable">[options] [filename] [hostname IP_addr]</em></pre></blockquote> <p>If the configuration file is not provided using the <em class="filename">filename</em> argument, then it defaults to <em class="filename">/usr/local/samba/lib/smb.conf</em>. If the hostname and an IP address of a system are included, an extra check is made to ensure that the system is allowed to connect to each service defined in the configuration file. This is done by comparing the hostname and IP address to the definitions of the <tt class="literal">hosts allow</tt> and <tt class="literal">hosts deny</tt> parameters.</p> </div> <div class="sect1"><a name="appc-78-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-h</tt></b></dt> <dd> <p>Prints usage information for the program.</p> </dd> <dt><b><tt class="literal">-L</tt> <em class="replaceable">server_name</em></b></dt> <dd> <p>Sets the <tt class="literal">%L</tt> configuration variable to the specified server name.</p> </dd> <dt><b><tt class="literal">-s</tt></b></dt> <dd> <p>Disables the default behavior of prompting for the Enter key to be pressed before printing the list of configuration options for the server.</p> </dd> </dl> </div> </div> <a name="INDEX-34"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>testprns</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This is a very simple program that checks to see if a specified printer name exists in the system printer capabilities (printcap) file.</p> <div class="sect1"><a name="appc-80-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">testprns <em class="replaceable">printername [printcapname]</em></pre></blockquote> <p>If <em class="replaceable">printcapname</em> isn't specified, Samba attempts to use the one specified in the Samba configuration file with the <tt class="literal">printcap name</tt> parameter. If none is specified there, Samba will try <em class="filename">/etc/printcap</em>.</p> </div> </div> <a name="INDEX-35"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wbinfo</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program retrieves and prints information from the <em class="emphasis">winbindd</em> daemon, which must be running for <em class="emphasis">wbinfo</em> to function.</p> <div class="sect1"><a name="appc-82-fm2xml"/> <h4 class="refsect1">Command synopsis</h4> <blockquote><pre class="code">wbinfo <em class="replaceable">[options]</em></pre></blockquote> </div> <div class="sect1"><a name="appc-83-fm2xml"/> <h4 class="refsect1">Options</h4> <dl> <dt><b><tt class="literal">-u</tt> </b></dt> <dd> <p>Prints all usernames that have been mapped from the Windows NT domain to Unix users. Users in all trusted domains are also listed.</p> </dd> <dt><b> <tt class="literal">-</tt><em class="emphasis">g</em> </b></dt> <dd> <p>Prints all group names that have been mapped from the Windows NT domain to Unix groups. Groups in all trusted domains are also reported.</p> </dd> <dt><b><tt class="literal">-h</tt> <em class="replaceable">NetBIOS_name</em></b></dt> <dd> <p>Queries the WINS server and prints the IP address of the specified system.</p> </dd> <dt><b><tt class="literal">-n</tt> <em class="replaceable">name</em> </b></dt> <dd> <p>Prints the SID corresponding to the name specified. The argument can be specified as <em class="replaceable">DOMAIN/name</em> (or by using a character other than the slash, as defined by the winbind separator character) to specify both the domain and the name. If the domain and separator are omitted, the value of the <tt class="literal">workgroup</tt> parameter in the Samba configuration file is used as the name of the domain.</p> </dd> <dt><b><tt class="literal">-s</tt> <em class="replaceable">SID</em> </b></dt> <dd> <p>Prints the name mapped to a SID, which is specified in the format <tt class="literal">S-1-</tt><em class="replaceable">N-N-D-D-D-R</em>.</p> </dd> <dt><b><tt class="literal">-U</tt> <em class="replaceable">UID</em></b></dt> <dd> <p>Prints the SID mapped to a Unix UID, if one exists in the current domain.</p> </dd> <dt><b><tt class="literal">-G</tt> <em class="replaceable">gid</em></b></dt> <dd> <p>Prints the SID mapped to a Unix group ID, if one exists in the current domain.</p> </dd> <dt><b><tt class="literal">-S</tt> <em class="replaceable">SID</em></b></dt> <dd> <p>Prints the Unix UID that winbind has mapped to the specified SID, if one exists.</p> </dd> <dt><b><tt class="literal">-Y</tt> <em class="replaceable">SID</em></b></dt> <dd> <p>Prints the Unix group ID that winbind has mapped to the specified SID, if one exists.</p> </dd> <dt><b><tt class="literal">-t</tt></b></dt> <dd> <p>Tests to see that the workstation trust account for the Samba server is valid.</p> </dd> <dt><b><tt class="literal">-m</tt> </b></dt> <dd> <p>Prints a list of Windows NT domains trusted by the Windows server. This does not include the PDC's domain.</p> </dd> <dt><b><tt class="literal">-r</tt> <em class="replaceable">username</em></b></dt> <dd> <p>Prints the list of Unix group IDs to which the user belongs. This works only if the user's account is maintained on a domain controller.</p> </dd> <dt><b><tt class="literal">-a</tt> <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em></b></dt> <dd> <p>Checks to see if a user can authenticate through <em class="emphasis">winbindd</em> using the specified username and password.</p> </dd> <dt><b><tt class="literal">-A</tt> <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em></b></dt> <dd> <p>Saves the username and password used by <em class="emphasis">winbindd</em> to the domain controller. For use when operating in a Windows 2000 domain.</p> </dd> </dl> </div> </div> <hr/><h4 class="head4"><a href="toc.html">TOC</a></h4> </body></html>