sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

beginning of big merge of docs from 2.2

Browse Source 
(This used to be commit 30e385a737e386015d4256f8b3e11b35a35b2268)
This commit is contained in:
Gerald Carter 2001-04-19 21:07:17 +00:00
parent 344787a4b7
commit 3cfd1cb50b
26 changed files with 0 additions and 12079 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
docs/yodldocs/DOMAIN_MEMBER.yo
View File

@ -1,149 +0,0 @@
mailto(samba@samba.org)
article(Joining an NT Domain with Samba 2.0)(Jeremy Allison, Samba Team)(7th October 1999)
center(Joining an NT Domain with Samba 2.0)
center(-----------------------------------)
In order for a Samba-2 server to join an NT domain, you must first add
the NetBIOS name of the Samba server to the NT domain on the PDC using
Server Manager for Domains. This creates the machine account in the
domain (PDC) SAM. Note that you should add the Samba server as a "Windows
NT Workstation or Server", em(NOT) as a Primary or backup domain controller.
Assume you have a Samba-2 server with a NetBIOS name of tt(SERV1) and are
joining an NT domain called tt(DOM), which has a PDC with a NetBIOS name
of tt(DOMPDC) and two backup domain controllers with NetBIOS names tt(DOMBDC1)
and tt(DOMBDC2).
In order to join the domain, first stop all Samba daemons and run the
command
tt(smbpasswd -j DOM -r DOMPDC)
as we are joining the domain DOM and the PDC for that domain (the only
machine that has write access to the domain SAM database) is DOMPDC. If this is
successful you will see the message:
tt(smbpasswd: Joined domain DOM.)
in your terminal window. See the url(bf(smbpasswd))(smbpasswd.8.html)
man page for more details.
This command goes through the machine account password change
protocol, then writes the new (random) machine account password for
this Samba server into a file in the same directory in which an
smbpasswd file would be stored - normally :
tt(/usr/local/samba/private)
The filename looks like this:
tt(<NT DOMAIN NAME>.<Samba Server Name>.mac)
The tt(.mac) suffix stands for machine account password file. So in
our example above, the file would be called:
tt(DOM.SERV1.mac)
This file is created and owned by root and is not readable by any
other user. It is the key to the domain-level security for your
system, and should be treated as carefully as a shadow password file.
Now, before restarting the Samba daemons you must edit your
url(bf(smb.conf))(smb.conf.5.html) file to tell Samba it should now
use domain security.
Change (or add) your
url(bf("security ="))(smb.conf.5.html#security)
line in the url(bf([global]))(smb.conf.5.html#global) section of your
url(bf(smb.conf))(smb.conf.5.html) to read:
tt(security = domain)
Next change the
url(bf("workgroup ="))(smb.conf.5.html#workgroup)
line in the url(bf([global]))(smb.conf.5.html#global) section to read:
tt(workgroup = DOM)
as this is the name of the domain we are joining.
You must also have the parameter url(bf("encrypt passwords"))(smb.conf.5.html#encryptpasswords)
set to tt("yes") in order for your users to authenticate to the
NT PDC.
Finally, add (or modify) a:
url(bf("password server ="))(smb.conf.5.html#passwordserver)
line in the url(bf([global]))(smb.conf.5.html#global) section to read:
tt(password server = DOMPDC DOMBDC1 DOMBDC2)
These are the primary and backup domain controllers Samba will attempt
to contact in order to authenticate users. Samba will try to contact
each of these servers in order, so you may want to rearrange this list
in order to spread out the authentication load among domain
controllers.
Alternatively, if you want smbd to automatically determine the
list of Domain controllers to use for authentication, you may set this line to be :
tt(password server = *)
This method, which is new in Samba 2.0.6 and above, allows Samba
to use exactly the same mechanism that NT does. This method either broadcasts or
uses a WINS database in order to find domain controllers to
authenticate against.
Finally, restart your Samba daemons and get ready for clients to begin
using domain security!
center(Why is this better than security = server?)
center(------------------------------------------)
Currently, domain security in Samba doesn't free you from having to
create local Unix users to represent the users attaching to your
server. This means that if domain user tt(DOM\fred) attaches to your
domain security Samba server, there needs to be a local Unix user fred
to represent that user in the Unix filesystem. This is very similar to
the older Samba security mode url(bf("security=server"))(smb.conf.5.html#securityequalserver), where Samba would pass
through the authentication request to a Windows NT server in the same
way as a Windows 95 or Windows 98 server would.
The advantage to domain-level security is that the authentication in
domain-level security is passed down the authenticated RPC channel in
exactly the same way that an NT server would do it. This means Samba
servers now participate in domain trust relationships in exactly the
same way NT servers do (i.e., you can add Samba servers into a
resource domain and have the authentication passed on from a resource
domain PDC to an account domain PDC.
In addition, with url(bf("security=server"))(smb.conf.5.html#securityequalserver) every Samba daemon on a
server has to keep a connection open to the authenticating server for
as long as that daemon lasts. This can drain the connection resources
on a Microsoft NT server and cause it to run out of available
connections. With url(bf("security =domain"))(smb.conf.5.html#securityequaldomain), however, the Samba
daemons connect to the PDC/BDC only for as long as is necessary to
authenticate the user, and then drop the connection, thus conserving
PDC connection resources.
And finally, acting in the same manner as an NT server authenticating
to a PDC means that as part of the authentication reply, the Samba
server gets the user identification information such as the user SID,
the list of NT groups the user belongs to, etc. All this information
will allow Samba to be extended in the future into a mode the
developers currently call appliance mode. In this mode, no local Unix
users will be necessary, and Samba will generate Unix uids and gids
from the information passed back from the PDC when a user is
authenticated, making a Samba server truly plug and play in an NT
domain environment. Watch for this code soon.
em(NOTE:) Much of the text of this document was first published in the
Web magazine url(bf("LinuxWorld"))(http://www.linuxworld.com) as the article url(bf("Doing the NIS/NT Samba"))(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html).

292
docs/yodldocs/NT_Security.yo
View File

@ -1,292 +0,0 @@
mailto(samba@samba.org)
article(Viewing and changing UNIX permissions using the NT security dialogs in Samba 2.0.4)(Jeremy Allison, Samba Team)(12th April 1999)
center(bf(Viewing and changing UNIX permissions using the NT security dialogs))nl()
center(bf(-------------------------------------------------------------------))
New in the bf(Samba 2.0.4) release is the
ability for Windows NT clients to use their native security
settings dialog box to view and modify the underlying UNIX
permissions.
Note that this ability is careful not to compromise the security
of the UNIX host Samba is running on, and still obeys all the
file permission rules that a Samba administrator can set.
In Samba 2.0.4 and above the default value of the parameter
url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport) has been
changed from "false" to "true", so manipulation of permissions is
turned on by default.
bf(How to view file security on a Samba share)nl()
bf(------------------------------------------)
From an NT 4.0 client, single-click with the right mouse button on
any file or directory in a Samba mounted drive letter or UNC path.
When the menu pops-up, click on the tt(Properties) entry at the
bottom of the menu. This brings up the normal file properties dialog
box, but with Samba 2.0.4 this will have a new tab along the top
marked tt(Security). Click on this tab and you will see three buttons,
em(Permissions), em(Auditing), and em(Ownership). The em(Auditing)
button will cause either an error message tt("A requested privilege is
not held by the client") to appear if the user is not the NT Administrator,
or a dialog which is intended to allow an Administrator to add
auditing requirements to a file if the user is logged on as the
NT Administrator. This dialog is non-functional with a Samba
share at this time, as the only useful button, the tt(Add) button
will not currently allow a list of users to be seen.
bf(Viewing file ownership)nl()
bf(----------------------)
Clicking on the tt("Ownership") button brings up a dialog box telling
you who owns the given file. The owner name will be of the form :
tt("SERVER\user (Long name)")
Where tt(SERVER) is the NetBIOS name of the Samba server, tt(user)
is the user name of the UNIX user who owns the file, and tt((Long name))
is the discriptive string identifying the user (normally found in the
GECOS field of the UNIX password database). Click on the tt(Close)
button to remove this dialog.
If the parameter url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport)
is set to "false" then the file owner will be shown as the NT user
tt("Everyone").
The tt(Take Ownership) button will not allow you to change the
ownership of this file to yourself (clicking on it will display a
dialog box complaining that the user you are currently logged onto
the NT client cannot be found). The reason for this is that changing
the ownership of a file is a privilaged operation in UNIX, available
only to the em(root) user. As clicking on this button causes NT to
attempt to change the ownership of a file to the current user logged
into the NT client this will not work with Samba at this time.
There is an NT chown command that will work with Samba and allow
a user with Administrator privillage connected to a Samba 2.0.4
server as root to change the ownership of files on both a local NTFS
filesystem or remote mounted NTFS or Samba drive. This is available
as part of the bf(Seclib) NT security library written by Jeremy
Allison of the Samba Team, available from the main Samba ftp site.
bf(Viewing file or directory permissions)nl()
bf(-------------------------------------)
The third button is the tt("Permissions") button. Clicking on this
brings up a dialog box that shows both the permissions and the UNIX
owner of the file or directory. The owner is displayed in the form :
tt("SERVER\user (Long name)")
Where tt(SERVER) is the NetBIOS name of the Samba server, tt(user)
is the user name of the UNIX user who owns the file, and tt((Long name))
is the discriptive string identifying the user (normally found in the
GECOS field of the UNIX password database).
If the parameter url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport)
is set to "false" then the file owner will be shown as the NT user
tt("Everyone") and the permissions will be shown as NT tt("Full Control").
The permissions field is displayed differently for files and directories,
so I'll describe the way file permissions are displayed first.
bf(File Permissions)nl()
bf(----------------)
The standard UNIX user/group/world triple and the correspinding
"read", "write", "execute" permissions triples are mapped by Samba
into a three element NT ACL with the 'r', 'w', and 'x' bits mapped
into the corresponding NT permissions. The UNIX world permissions are mapped
into the global NT group tt(Everyone), followed by the list of permissions
allowed for UNIX world. The UNIX owner and group permissions
are displayed as an NT tt(user) icon and an NT tt(local group) icon
respectively followed by the list of permissions allowed for the
UNIX user and group.
As many UNIX permission sets don't map into common NT names such as
tt("read"), tt("change") or tt("full control") then usually the permissions
will be prefixed by the words tt("Special Access") in the NT display
list.
But what happens if the file has no permissions allowed for a
particular UNIX user group or world component ? In order to
allow "no permissions" to be seen and modified then Samba overloads
the NT tt("Take Ownership") ACL attribute (which has no meaning in
UNIX) and reports a component with no permissions as having the NT
tt("O") bit set. This was chosen of course to make it look like a
zero, meaning zero permissions. More details on the decision behind
this will be given below.
bf(Directory Permissions)nl()
bf(---------------------)
Directories on an NT NTFS file system have two different sets of
permissions. The first set of permissions is the ACL set on the
directory itself, this is usually displayed in the first set of
parentheses in the normal tt("RW") NT style. This first set of
permissions is created by Samba in exactly the same way as normal
file permissions are, described above, and is displayed in the
same way.
The second set of directory permissions has no real meaning in the
UNIX permissions world and represents the tt("inherited") permissions
that any file created within this directory would inherit.
Samba synthesises these inherited permissions for NT by returning as
an NT ACL the UNIX permission mode that a new file created by Samba
on this share would receive.
bf(Modifying file or directory permissions)nl()
bf(---------------------------------------)
Modifying file and directory permissions is as simple as changing
the displayed permissions in the dialog box, and clicking the tt(OK)
button. However, there are limitations that a user needs to be aware
of, and also interactions with the standard Samba permission masks
and mapping of DOS attributes that need to also be taken into account.
If the parameter url(bf("nt acl support"))(smb.conf.5.html#ntaclsupport)
is set to "false" then any attempt to set security permissions will
fail with an tt("Access Denied") message.
The first thing to note is that the tt("Add") button will not return
a list of users in Samba 2.0.4 (it will give an error message of
tt("The remote proceedure call failed and did not execute")). This
means that you can only manipulate the current user/group/world
permissions listed in the dialog box. This actually works quite well
as these are the only permissions that UNIX actually has.
If a permission triple (either user, group, or world) is removed from
the list of permissions in the NT dialog box, then when the tt("OK")
button is pressed it will be applied as "no permissions" on the UNIX
side. If you then view the permissions again the "no permissions" entry
will appear as the NT tt("O") flag, as described above. This allows you
to add permissions back to a file or directory once you have removed
them from a triple component.
As UNIX supports only the "r", "w" and "x" bits of an NT ACL
then if other NT security attributes such as "Delete access"
are selected then they will be ignored when applied on the
Samba server.
When setting permissions on a directory the second set of permissions
(in the second set of parentheses) is by default applied to all
files within that directory. If this is not what you want you
must uncheck the tt("Replace permissions on existing files") checkbox
in the NT dialog before clicking tt("OK").
If you wish to remove all permissions from a user/group/world
component then you may either highlight the component and click
the tt("Remove") button, or set the component to only have the special
tt("Take Ownership") permission (dsplayed as tt("O")) highlighted.
bf(Interaction with the standard Samba create mask parameters)nl()
bf(----------------------------------------------------------)
Note that with Samba 2.0.5 there are four new parameters to
control this interaction.
These are :
tt(security mask)
tt(force security mode)
tt(directory security mask)
tt(force directory security mode)
Once a user clicks tt("OK") to apply the permissions Samba maps
the given permissions into a user/group/world r/w/x triple set,
and then will check the changed permissions for a file against
the bits set in the url(bf("security mask"))(smb.conf.5.html#securitymask)
parameter. Any bits that were changed that are not set to '1'
in this parameter are left alone in the file permissions.
Essentially, zero bits in the url(bf("security mask"))(smb.conf.5.html#securitymask)
mask may be treated as a set of bits the user is em(not) allowed to change,
and one bits are those the user is allowed to change.
If not set explicitly this parameter is set to the same value as the
url(bf("create mask"))(smb.conf.5.html#createmask) parameter to provide compatibility
with Samba 2.0.4 where this permission change facility was introduced.
To allow a user to modify all the user/group/world permissions on a file,
set this parameter to 0777.
Next Samba checks the changed permissions for a file against the
bits set in the url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode)
parameter. Any bits that were changed that correspond to bits set
to '1' in this parameter are forced to be set.
Essentially, bits set in the url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode)
parameter may be treated as a set of bits that, when modifying security on a file, the
user has always set to be 'on'.
If not set explicitly this parameter is set to the same value as the
url(bf("force create mode"))(smb.conf.5.html#forcecreatemode) parameter to provide compatibility
with Samba 2.0.4 where the permission change facility was introduced.
To allow a user to modify all the user/group/world permissions on a file,
with no restrictions set this parameter to 000.
The url(bf("security mask"))(smb.conf.5.html#securitymask) and
url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode) parameters
are applied to the change request in that order.
For a directory Samba will perform the same operations as described above
for a file except using the parameter url(bf("directory security mask"))(smb.conf.5.html#directorysecuritymask)
instead of url(bf("security mask"))(smb.conf.5.html#securitymask), and
url(bf("force directory security mode"))(smb.conf.5.html#forcedirectorysecuritymode) parameter instead
of url(bf("force security mode"))(smb.conf.5.html#forcesecuritymode).
The url(bf("directory security mask"))(smb.conf.5.html#directorysecuritymask)
parameter by default is set to the same value as the url(bf("directory mask"))(smb.conf.5.html#directorymask)
parameter and the url(bf("force directory security mode"))(smb.conf.5.html#forcedirectorysecuritymode)
parameter by default is set to the same value as the
iurl(bf("force directory mode"))(smb.conf.5.html#forcedirectorymode) parameter
to provide compatibility with Samba 2.0.4 where the permission change facility was introduced.
In this way Samba enforces the permission restrictions that an administrator
can set on a Samba share, whilst still allowing users to modify the
permission bits within that restriction.
If you want to set up a share that allows users full control
in modifying the permission bits on their files and directories and
doesn't force any particular bits to be set 'on', then set the following
parameters in the url(bf(smb.conf.5))(smb.conf.5.html) file in
that share specific section :
tt(security mask = 0777)
tt(force security mode = 0)
tt(directory security mask = 0777)
tt(force directory security mode = 0)
As described, in Samba 2.0.4 the parameters :
tt(create mask)
tt(force create mode)
tt(directory mask)
tt(force directory mode)
were used instead of the parameters discussed here.
bf(Interaction with the standard Samba file attribute mapping)nl()
bf(----------------------------------------------------------)
Samba maps some of the DOS attribute bits (such as "read only")
into the UNIX permissions of a file. This means there can be a
conflict between the permission bits set via the security dialog
and the permission bits set by the file attribute mapping.
One way this can show up is if a file has no UNIX read access
for the owner it will show up as "read only" in the standard
file attributes tabbed dialog. Unfortunately this dialog is
the same one that contains the security info in another tab.
What this can mean is that if the owner changes the permissions
to allow themselves read access using the security dialog, clicks
tt("OK") to get back to the standard attributes tab dialog, and
then clicks tt("OK") on that dialog, then NT will set the file
permissions back to read-only (as that is what the attributes
still say in the dialog). This means that after setting permissions
and clicking tt("OK") to get back to the attributes dialog you
should always hit tt("Cancel") rather than tt("OK") to ensure
that your changes are not overridden.

100
docs/yodldocs/findsmb.1.yo
View File

@ -1,100 +0,0 @@
mailto(samba@samba.org)
manpage(findsmb htmlcommand((1)))(1)(2 May 2000)(Samba)(SAMBA)
label(NAME)
manpagename(findsmb)(list info about machines that respond to SMB name queries on a subnet)
label(SYNOPSIS)
manpagesynopsis()
bf(findsmb) [link(subnet broadcast address)(subnetbroadcastaddress)]
label(DESCRIPTION)
manpagedescription()
This perl script is part of the bf(Samba) suite.
bf(findsmb) is a perl script that prints out several pieces
of information about machines on a subnet that respond to SMB
name query requests.
It uses url(bf(nmblookup))(nmblookup.1.html) and
url(bf(smbclient))(smbclient.1.html) to obtain this information.
label(OPTIONS)
manpageoptions()
startdit()
label(subnetbroadcastaddress)
dit(bf(subnet broadcast address)) Without this option, bf(findsmb)
will probe the subnet of the machine where bf(findsmb) is run.
This value is passed to bf(nmblookup) as part of the bf(-B)
option
enddit()
label(EXAMPLES)
manpagesection(EXAMPLES)
The output of bf(findsmb) lists the following information for all
machines that respond to the initial bf(nmblookup) for any name:
IP address, NetBIOS name, Workgroup name, operating system, and
SMB server version.
There will be a "+" in front of the workgroup name for machines that are
local master browsers for that workgroup. There will be an "*" in front
of the workgroup name for machines that are the domain master browser for
that workgroup. Machines that are running Windows, Windows 95 or Windows 98
will not show any information about the operating system or server version.
The command must be run on a system without
bf(nmbd) running. If bf(nmbd) is running on the system, you will only
get the IP address and the DNS name of the machine. To get proper responses
from Windows 95 and Windows 98 machines, the command must be run as root.
For example running:
tt(findsmb)
on a machine without bf(nmbd) running would yield output similar
to the following
verb(
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
192.168.35.10 MINESET-TEST1 [DMVENGR]
192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6]
192.168.35.56 HERBNT2 [HERB-NT]
192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10]
192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX]
192.168.35.78 HERBDHCP1 +[HERB]
192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
)
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(nmblookup (1)))(nmblookup.1.html), url(bf(smbclient (1)))(smbclient.1.html)
label(AUTHOR)
manpageauthor()
This perl script was developed by Herb Lewis of SGI.
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

94
docs/yodldocs/lmhosts.5.yo
View File

@ -1,94 +0,0 @@
mailto(samba@samba.org)
manpage(lmhosts htmlcommand((5)))(5)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(lmhosts)(The Samba NetBIOS hosts file)
label(SYNOPSIS)
manpagesynopsis()
lmhosts is the bf(Samba) NetBIOS name to IP address mapping file.
label(DESCRIPTION)
manpagedescription()
This file is part of the bf(Samba) suite.
bf(lmhosts) is the bf(Samba) NetBIOS name to IP address mapping file. It
is very similar to the bf(/etc/hosts) file format, except that the
hostname component must correspond to the NetBIOS naming format.
label(FILEFORMAT)
manpagesection(FILE FORMAT)
It is an ASCII file containing one line for NetBIOS name. The two
fields on each line are separated from each other by white space. Any
entry beginning with # is ignored. Each line in the lmhosts file
contains the following information :
startit()
it() bf(IP Address) - in dotted decimal format.
it() bf(NetBIOS Name) - This name format is a maximum fifteen
character host name, with an optional trailing tt('#') character
followed by the NetBIOS name type as two hexadecimal digits.
If the trailing tt('#') is omitted then the given IP address will be
returned for all names that match the given name, whatever the NetBIOS
name type in the lookup.
endit()
An example follows :
# nl()
# Sample Samba lmhosts file. nl()
# nl()
192.9.200.1 TESTPC nl()
192.9.200.20 NTSERVER#20 nl()
192.9.200.21 SAMBASERVER nl()
Contains three IP to NetBIOS name mappings. The first and third will
be returned for any queries for the names tt("TESTPC") and
tt("SAMBASERVER") respectively, whatever the type component of the
NetBIOS name requested.
The second mapping will be returned only when the tt("0x20") name type
for a name tt("NTSERVER") is queried. Any other name type will not be
resolved.
The default location of the bf(lmhosts) file is in the same directory
as the url(bf(smb.conf))(smb.conf.html) file.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smb.conf (5)))(smb.conf.5.html#nameresolveorder),
url(bf(smbclient (1)))(smbclient.1.html#minusR),
url(bf(smbpasswd (8)))(smbpasswd.8.html#minusR), url(bf(samba (7)))(samba.7.html).
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

155
docs/yodldocs/make_smbcodepage.1.yo
View File

@ -1,155 +0,0 @@
mailto(samba@samba.org)
manpage(make_smbcodepage htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(make_codepage)(Construct a codepage file for Samba)
label(SYNOPSIS)
manpagesynopsis()
bf(make_smbcodepage) [link(c|d)(cord)] link(codepage)(codepage) link(inputfile)(inputfile) link(outputfile)(outputfile)
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(make_smbcodepage) compiles or de-compiles codepage files for use
with the internationalization features of Samba 2.0
label(OPTIONS)
manpageoptions()
startdit()
label(cord)
dit(c|d) This tells bf(make_smbcodepage) if it is compiling (bf(c)) a text
format code page file to binary, or (bf(d)) de-compiling a binary codepage
file to text.
label(codepage)
dit(codepage) This is the codepage we are processing (a number, e.g. 850).
label(inputfile)
dit(inputfile) This is the input file to process. In the 'bf(c)' case this
will be a text codepage definition file such as the ones found in the
Samba em(source/codepages) directory. In the 'bf(d)' case this will be the
binary format codepage definition file normally found in the
em(lib/codepages) directory in the Samba install directory path.
label(outputfile)
dit(outputfile) This is the output file to produce.
endit()
label(SambaCodepageFiles)
manpagesection(Samba Codepage Files)
A text Samba codepage definition file is a description that tells
Samba how to map from upper to lower case for characters greater than
ascii 127 in the specified DOS code page. Note that for certain DOS
codepages (437 for example) mapping from lower to upper case may be
non-symmetrical. For example, in code page 437 lower case a acute maps to
a plain upper case A when going from lower to upper case, but
plain upper case A maps to plain lower case a when lower casing a
character.
A binary Samba codepage definition file is a binary representation of
the same information, including a value that specifies what codepage
this file is describing.
As Samba does not yet use UNICODE (current for Samba version 2.0) you
must specify the client code page that your DOS and Windows clients
are using if you wish to have case insensitivity done correctly for
your particular language. The default codepage Samba uses is 850
(Western European). Text codepage definition sample files are
provided in the Samba distribution for codepages 437 (USA), 737
(Greek), 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic),
866 (Cyrillic), 932 (Kanji SJIS), 936 (Simplified Chinese), 949
(Hangul) and 950 (Traditional Chinese). Users are encouraged to write
text codepage definition files for their own code pages and donate
them to email(samba@samba.org). All codepage files in the
Samba em(source/codepages) directory are compiled and installed when a
em('make install') command is issued there.
The client codepage used by the url(bf(smbd))(smbd.8.html) server is
configured using the url(bf(client code
page))(smb.conf.5.html#clientcodepage) parameter in the
url(bf(smb.conf))(smb.conf.5.html) file.
label(FILES)
manpagefiles()
bf(codepage_def.<codepage>)
These are the input (text) codepage files provided in the Samba
em(source/codepages) directory.
A text codepage definition file consists of multiple lines
containing four fields. These fields are :
startit()
it() bf(lower): which is the (hex) lower case character mapped on this
line.
it() bf(upper): which is the (hex) upper case character that the lower
case character will map to.
it() bf(map upper to lower) which is a boolean value (put either True
or False here) which tells Samba if it is to map the given upper case
character to the given lower case character when lower casing a
filename.
it() bf(map lower to upper) which is a boolean value (put either True
or False here) which tells Samba if it is to map the given lower case
character to the given upper case character when upper casing a
filename.
endit()
bf(codepage.<codepage>) These are the output (binary) codepage files
produced and placed in the Samba destination em(lib/codepage)
directory.
label(INSTALLATION)
manpagesection(INSTALLATION)
The location of the server and its support files is a matter for
individual system administrators. The following are thus suggestions
only.
It is recommended that the bf(make_smbcodepage) program be installed
under the em(/usr/local/samba) hierarchy, in a directory readable by
all, writeable only by root. The program itself should be executable
by all. The program should NOT be setuid or setgid!
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smb.conf(5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

232
docs/yodldocs/nmbd.8.yo
View File

@ -1,232 +0,0 @@
mailto(samba@samba.org)
manpage(nmbd)(8)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(nmbd)(NetBIOS name server to provide NetBIOS over IP
naming services to clients)
label(SYNOPSIS)
manpagesynopsis()
bf(nmbd) [link(-D)(minusD)] [link(-a)(minusa)] [link(-o)(minuso)] [link(-h)(minush)] [link(-V)(minusV)] [link(-H lmhosts file)(minusH)] [link(-d debuglevel)(minusd)] [link(-l log file basename)(minusl)] [link(-n primary NetBIOS name)(minusn)] [link(-p port number)(minusp)] [link(-s configuration file)(minuss)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(nmbd) is a server that understands and can reply to NetBIOS over IP
name service requests, like those produced by SMBD/CIFS clients such
as Windows 95/98, Windows NT and LanManager clients. It also
participates in the browsing protocols which make up the Windows
"Network Neighborhood" view.
SMB/CIFS clients, when they start up, may wish to locate an SMB/CIFS
server. That is, they wish to know what IP number a specified host is
using.
Amongst other services, bf(nmbd) will listen for such requests,
and if its own NetBIOS name is specified it will respond with the IP
number of the host it is running on. Its "own NetBIOS name" is by
default the primary DNS name of the host it is running on, but this
can be overridden with the bf(-n) option (see link(OPTIONS)(OPTIONS) below). Thus
bf(nmbd) will reply to broadcast queries for its own name(s). Additional
names for bf(nmbd) to respond on can be set via parameters in the
url(bf(smb.conf(5)))(smb.conf.5.html) configuration file.
bf(nmbd) can also be used as a WINS (Windows Internet Name Server)
server. What this basically means is that it will act as a WINS
database server, creating a database from name registration requests
that it receives and replying to queries from clients for these names.
In addition, bf(nmbd) can act as a WINS proxy, relaying broadcast queries
from clients that do not understand how to talk the WINS protocol to a
WIN server.
label(OPTIONS)
manpageoptions()
startdit()
label(minusD)
dit(bf(-D)) If specified, this parameter causes bf(nmbd) to operate
as a daemon. That is, it detaches itself and runs in the background,
fielding requests on the appropriate port. By default, bf(nmbd) will
NOT operate as a daemon. nmbd can also be operated from the inetd
meta-daemon, although this is not recommended.
label(minusa)
dit(bf(-a)) If this parameter is specified, each new connection will
append log messages to the log file. This is the default.
label(minuso)
dit(bf(-o)) If this parameter is specified, the log files will be
overwritten when opened. By default, the log files will be appended
to.
label(minush)
dit(bf(-h)) Prints the help information (usage) for bf(nmbd).
label(minusV)
dit(bf(-V)) Prints the version number for bf(nmbd).
label(minusH)
dit(bf(-H filename)) NetBIOS lmhosts file.
The lmhosts file is a list of NetBIOS names to IP addresses that is
loaded by the nmbd server and used via the name resolution mechanism
url(bf(name resolve order))(smb.conf.5.html#nameresolveorder) described in
url(bf(smb.conf (5)))(smb.conf.5.html) to resolve any
NetBIOS name queries needed by the server. Note that the contents of
this file are em(NOT) used by bf(nmbd) to answer any name queries. Adding
a line to this file affects name NetBIOS resolution from this host
em(ONLY).
The default path to this file is compiled into Samba as part of the
build process. Common defaults are em(/usr/local/samba/lib/lmhosts),
em(/usr/samba/lib/lmhosts) or em(/etc/lmhosts). See the
url(bf(lmhosts (5)))(lmhosts.5.html) man page for details on the contents of this file.
label(minusd)
dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10.
The default value if this parameter is not specified is zero.
The higher this value, the more detail will be logged to the log files
about the activities of the server. At level 0, only critical errors
and serious warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of information about
operations carried out.
Levels above 1 will generate considerable amounts of log data, and
should only be used when investigating a problem. Levels above 3 are
designed for use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will override the url(bf(log
level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
(5)))(smb.conf.5.html) file.
label(minusl)
dit(bf(-l logfile)) The bf(-l) parameter specifies a path and base
filename into which operational data from the running nmbd server will
be logged. The actual log file name is generated by appending the
extension ".nmb" to the specified base name. For example, if the name
specified was "log" then the file log.nmb would contain the debugging
data.
The default log file path is compiled into Samba as part of the
build process. Common defaults are em(/usr/local/samba/var/log.nmb),
em(/usr/samba/var/log.nmb) or em(/var/log/log.nmb).
label(minusn)
dit(bf(-n primary NetBIOS name)) This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical to
setting the url(bf(NetBIOS name))(smb.conf.5.html#netbiosname) parameter
in the url(bf(smb.conf))(smb.conf.5.html) file
but will override the setting in the url(bf(smb.conf))(smb.conf.5.html) file.
label(minusp)
dit(bf(-p UDP port number)) UDP port number is a positive integer value.
This option changes the default UDP port number (normally 137) that
bf(nmbd) responds to name queries on. Don't use this option unless you are
an expert, in which case you won't need help!
label(minuss)
dit(bf(-s configuration file)) The default configuration file name is
set at build time, typically as em(/usr/local/samba/lib/smb.conf), but
this may be changed when Samba is autoconfigured.
The file specified contains the configuration details required by the
server. See url(bf(smb.conf (5)))(smb.conf.5.html) for more information.
endit()
label(FILES)
manpagefiles()
bf(/etc/inetd.conf)
If the server is to be run by the inetd meta-daemon, this file must
contain suitable startup information for the meta-daemon.
bf(/etc/rc)
(or whatever initialization script your system uses).
If running the server as a daemon at startup, this file will need to
contain an appropriate startup sequence for the server.
bf(/usr/local/samba/lib/smb.conf)
This is the default location of the
url(bf(smb.conf))(smb.conf.5.html) server configuration
file. Other common places that systems install this file are
em(/usr/samba/lib/smb.conf) and em(/etc/smb.conf).
When run as a bf(WINS) server (see the url(bf(wins support))(smb.conf.5.html#winssupport)
parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) man page), bf(nmbd) will
store the WINS database in the file tt(wins.dat) in the tt(var/locks) directory
configured under wherever Samba was configured to install itself.
If bf(nmbd) is acting as a bf(browse master) (see the url(bf(local master))(smb.conf.5.html#localmaster)
parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) man page), bf(nmbd) will
store the browsing database in the file tt(browse.dat) in the tt(var/locks) directory
configured under wherever Samba was configured to install itself.
label(SIGNALS)
manpagesection(SIGNALS)
To shut down an bf(nmbd) process it is recommended that SIGKILL (-9)
em(NOT) be used, except as a last resort, as this may leave the name
database in an inconsistent state. The correct way to terminate
bf(nmbd) is to send it a SIGTERM (-15) signal and wait for it to die on
its own.
bf(nmbd) will accept SIGHUP, which will cause it to dump out it's
namelists into the file tt(namelist.debug) in the
em(/usr/local/samba/var/locks) directory (or the em(var/locks)
directory configured under wherever Samba was configured to install
itself). This will also cause bf(nmbd) to dump out it's server database in
the log.nmb file. In addition, the debug log level of nmbd may be raised
by sending it a SIGUSR1 (tt(kill -USR1 <nmbd-pid>)) and lowered by sending it a
SIGUSR2 (tt(kill -USR2 <nmbd-pid>)). This is to allow transient
problems to be diagnosed, whilst still running at a normally low log
level.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
bf(inetd (8)), url(bf(smbd (8)))(smbd.8.html), url(bf(smb.conf
(5)))(smb.conf.5.html), url(bf(smbclient (1)))(smbclient.1.html),
url(bf(testparm (1)))(testparm.1.html), url(bf(testprns
(1)))(testprns.1.html), and the Internet RFC's bf(rfc1001.txt),
bf(rfc1002.txt). In addition the CIFS (formerly SMB) specification is
available as a link from the Web page :
url(http://samba.org/cifs/)(http://samba.org/cifs/).
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

167
docs/yodldocs/nmblookup.1.yo
View File

@ -1,167 +0,0 @@
mailto(samba@samba.org)
manpage(nmblookup htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(nmblookup)(NetBIOS over TCP/IP client used to lookup NetBIOS names)
label(SYNOPSIS)
manpagesynopsis()
bf(nmblookup) [link(-M)(minusM)] [link(-R)(minusR)] [link(-S)(minusS)] [link(-r)(minusr)] [link(-A)(minusA)] [link(-h)(minush)] [link(-B broadcast address)(minusB)] [link(-U unicast address)(minusU)] [link(-d debuglevel)(minusd)] [link(-s smb config file)(minuss)] [link(-i NetBIOS scope)(minusi)] [link(-T)(minusT)] link(name)(name)
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(nmblookup) is used to query NetBIOS names and map them to IP
addresses in a network using NetBIOS over TCP/IP queries. The options
allow the name queries to be directed at a particular IP broadcast area
or to a particular machine. All queries are done over UDP.
label(OPTIONS)
manpageoptions()
startdit()
label(minusM)
dit(bf(-M)) Searches for a master browser by looking up the
NetBIOS name link(bf(name))(name) with a type of 0x1d. If link(bf(name))(name)
is tt("-") then it does a lookup on the special name tt(__MSBROWSE__).
label(minusR)
dit(bf(-R)) Set the recursion desired bit in the packet to do a
recursive lookup. This is used when sending a name query to a machine
running a WINS server and the user wishes to query the names in the
WINS server. If this bit is unset the normal (broadcast responding)
NetBIOS processing code on a machine is used instead. See rfc1001,
rfc1002 for details.
label(minusS)
dit(bf(-S)) Once the name query has returned an IP address then do a
node status query as well. A node status query returns the NetBIOS names
registered by a host.
label(minusr)
dit(bf(-r)) Try and bind to UDP port 137 to send and receive UDP
datagrams. The reason for this option is a bug in Windows 95 where it
ignores the source port of the requesting packet and only replies to
UDP port 137. Unfortunately, on most UNIX systems root privilage is
needed to bind to this port, and in addition, if the
url(bf(nmbd))(nmbd.8.html) daemon is running on this machine it also
binds to this port.
label(minusA)
dit(bf(-A)) Interpret <name> as an IP Address and do a node status
query on this address.
label(minush)
dit(bf(-h)) Print a help (usage) message.
label(minusB)
dit(bf(-B broadcast address)) Send the query to the given broadcast
address. Without this option the default behavior of nmblookup is to
send the query to the broadcast address of the network
interfaces as either auto-detected or defined in the
url(bf(interfaces))(smb.conf.5.html#interfaces) parameter of the
url(bf(smb.conf (5)))(smb.conf.5.html) file.
label(minusU)
dit(bf(-U unicast address)) Do a unicast query to the specified
address or host tt("unicast address"). This option (along with the
link(bf(-R))(minusR) option) is needed to query a WINS server.
label(minusd)
dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10.
The default value if this parameter is not specified is zero.
The higher this value, the more detail will be logged about the
activities of bf(nmblookup). At level 0, only critical errors and
serious warnings will be logged.
Levels above 1 will generate considerable amounts of log data, and
should only be used when investigating a problem. Levels above 3 are
designed for use only by developers and generate HUGE amounts of
data, most of which is extremely cryptic.
Note that specifying this parameter here will override the url(bf(log
level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
(5)))(smb.conf.5.html) file.
label(minuss)
dit(bf(-s smb.conf)) This parameter specifies the pathname to the
Samba configuration file, url(bf(smb.conf))(smb.conf.5.html).
This file controls all aspects of
the Samba setup on the machine.
label(minusi)
dit(bf(-i scope)) This specifies a NetBIOS scope that bf(nmblookup) will use
to communicate with when generating NetBIOS names. For details on the
use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
are em(very) rarely used, only set this parameter if you are the
system administrator in charge of all the NetBIOS systems you
communicate with.
label(minusT)
dit(bf(-T)) This causes any IP addresses found in the lookup to be
looked up via a reverse DNS lookup into a DNS name, and printed out
before each tt("IP address NetBIOS name") pair that is the normal
output.
label(name)
dit(bf(name)) This is the NetBIOS name being queried. Depending upon
the previous options this may be a NetBIOS name or IP address. If a
NetBIOS name then the different name types may be specified by
appending tt(#<type>) to the name. This name may also be tt("*"),
which will return all registered names within a broadcast area.
enddit()
label(EXAMPLES)
manpagesection(EXAMPLES)
bf(nmblookup) can be used to query a WINS server (in the same way
bf(nslookup) is used to query DNS servers). To query a WINS server,
bf(nmblookup) must be called like this:
tt(nmblookup -U server -R 'name')
For example, running :
tt(nmblookup -U samba.org -R IRIX#1B')
would query the WINS server samba.org for the domain master
browser (1B name type) for the IRIX workgroup.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(samba (7)))(samba.7.html), url(bf(nmbd (8)))(nmbd.8.html),
url(bf(smb.conf (5)))(smb.conf.5.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

263
docs/yodldocs/rpcclient.8.yo
View File

@ -1,263 +0,0 @@
mailto(samba-bugs@samba.org)
manpage(RPCCLIENT)(8)(August 27, 2000)(Samba)(SAMBA)
label(NAME)
manpagename(rpcclient)(developer's tool to testing client side MS-RPC functions)
label(SYNOPSIS)
manpagesynopsis()
dit(bf(rpcclient)) [link(-d debuglevel)(minusd)] [link(-S server)(minusS)] [link(-l logbasename)(minusl)] [link(-n netbios name)(minusn)] [link(-N)(minusN)]
[link(-m maxprotocol)(minusl)] [link(-I destIP)(minusI)] [link(-E)(minusE)] [link(-U username)(minusU)] [link(-W workgroup)(minusW)] [link(-c `command string`)(minusc)]
[link(-t terminalcode)(minust)] [link(-i scope)(minusi)] [link(-O socket options)(minusO)]
[link(-s smb.conf)(minuss)]
label(DESCRIPTION)
manpagedescription()
dit(bf(rpcclient))
is a utility for developers for executing various MS-RPC functions. It's
primary use is for testing Samba's own MS-RPC server implementation, however
many administrators have written scripts around it to manage Windows NT clients
from their UNIX workstation.
label(OPTIONS)
manpageoptions()
startdit()
label(minusd)
dit(bf(-d debuglevel))
set the debuglevel. Debug level 0 is the lowest and 100 being the
highest. This should be set to 100 if you are planning on
submitting a bug report to the Samba team (see BUGS.txt).
label(minusS)
dit(bf(-S server))
NetBIOS name of Server to which you wish to connect. The server can be
any SMB/CIFS server. The name is resolved using either the "name resolve
order = " line or by using the bf(-R) option.
label(minusl)
dit(bf(-l logbasename))
File name for log/debug files. .client will be
appended. The log file is never removed by the client.
label(minusn)
dit(bf(-n netbios name))
NetBIOS name of the local machine. This option
is only needed if your Samba client cannot find
it automatically. Samba should use the uppercase of the machine's
hostname.
label(minusN)
dit(bf(-N))
tells rpcclient not to ask for a password. rpcclient will prompt
the user by default.
label(minusI)
dit(bf(-I destIP))
The IP address of the server specified with the bf(-S)
option. Only needed when the server's NetBIOS
name cannot be resolved using WINS or broadcast
and isn't found in the LMHOSTS file.
label(minusE)
dit(bf(-E))
causes regedit to write messages to stderr instead of stdout.
label(minusU)
dit(bf(-U username[%pass]))
Sets the SMB username or username and password. If %pass is not
specified, The user will be prompted. The client will first check the USER
environment variable, then the LOGNAME variable and if either exist, the
string is uppercased. Anything in these variables following a % sign will be
treated as the password. If these environmental variables are not found, the
username GUEST is used.
If the password is not included in these environment variables
(using the %pass syntax), rpcclient will look for a PASSWD environment
variable from which to read the password.
A third option is to use a credentials file which contains
the plaintext of the username and password. This option is
mainly provided for scripts where the admin doesn't desire to
pass the credentials on the command line or via environment variables.
If this method is used, make certain that the permissions on the file
restrict access from unwanted users. See the bf(-A) for more details.
Be cautious about including passwords in scripts or in the
tt(PASSWD) environment variable. Also, on many systems the command
line of a running process may be seen via the tt(ps) command to be
safe always allow smbclient to prompt for a password and type it in
directly.
label(minusA)
dit(bf(-A <filename>)) This option allows you to specify a file from which
to read the username and password used in the connection. The format
of the file is
tt(username = <value>) nl()
tt(password = <value>) nl()
Make certain that the permissions on the file restrict access from
unwanted users.
label(minusW)
dit(bf(-W domain))
Set the SMB domain of the username. This overrides the default
domain which is the domain of the server specified with the
bt(-S) option. If the domain specified is the same as the server's
NetBIOS name, it causes the client to log on using the
server's local SAM (as opposed to the Domain SAM).
label(minusP)
dit(bf(-P))
operate in promptless mode. Without this mode (the default)
rpcclient displays a prompt of the form '[domain\username@host]$'
label(minusc)
dit(bf(-c 'command string'))
execute semicolon separated commands (listed below))
label(minust)
dit(bf(-t terminalcode))
This tells the Samba client how to interpret the incoming filenames, in regards
to character sets. The list here is not complete. For a complete list see your
local Samba source. Some valid options are sjis, euc, jis7, jis8, junet and hex.
label(minusO)
dit(bf(-O socket options))
These socket options are the same as in smb.conf (under the bt(socket options = )
section).
label(minuss)
dit(bf(-s smb.conf))
Specifies the location of the all important smb.conf file.
label(minusi)
dit(bf(-i scope))
Defines the NetBIOS scope. For more information on NetBIOS scopes, see rfc1001
and rfc1002. NetBIOS scopes are rarely used.
enddit()
label(COMMANDS)
manpagesection(COMMANDS)
label(SPOOLSSCMD)
dit(bf(SPOOLSS Commands))
dit(link(spoolenum)(SPOOLSSENUMPRINTERS))
Execute an EnumPrinters call. This lists the various
installed and share printers. Refer to the MS Platform
SDK documentation for more details of the various
flags and calling options.
dit(link(spoolenumports <level>)(SPOOLSSENUMPORTS))
Executes an EnumPorts call using the specified info level.
Currently only info level 1 and 2 are supported.
dit(link(spoolenumdata)(SPOOLSSENUMPRINTERDATA))
Enumerate all printer setting data stored on the server.
On Windows NT clients, these values are stored
in the registry, while Samba servers store them in the printers
TDB. This command corresponds to the MS Platform SDK EnumPorts
function.
dit(link(spooljobs <printer>)(SPOOLSSENUMJOBS))
List the jobs and status of a given printer. This command
corresponds to the MS Platform SDK EnumJobs function.
dit(link(spoolopen <printer>)(SPOOLSSOPENPRINTER))
Execute an OpenPrinterEx() and ClosePrinter()
RPC against a given printer.
dit(link(spoolgetdata)(SPOOLSSGETPRINTERDATA))
Retrive the data for a given printer setting. See the
bf(spoolenumdata) command for more information. This command
corresponds to the GetPrinterData() MS Platform SDK function.
dit(link(spoolgetprinter <printer>)(SPOOLSSGETPRINTER))
Retrieve the current printer information. This command
sorresponds to the GetPrinter() MS Platform SDK function.
dit(link(spoolgetprinterdriver <printer>)(SPOOLSGETPRINTERDRIVER))
Retrive the printer driver information (such as driver file,
config file, dependent files, etc...) for the given printer.
This command corresponds to the GetPrinterDriver() MS Platform
SDK function.
dit(link(spoolgetprinterdriverdir <arch>)(SPOOLSSGETPRINTERDRIVERDIR))
Execute a GetPrinterDriverDirectory() RPC to retreive the
SMB share name and subdirectory for storing printer driver
files for a given architecture. Possible values for <arch> are
"Windows 4.0" (for Windows 95/98), "Windows NT x86", "Windows NT
PowerPC", "Windows Alpha_AXP", and "Windows NT R4000".
dit(link(spooladdprinter <printername> <sharename>
<drivername> <port>)(SPOOLSSADDPRINTER))
Add a printer on the remote server. This printer will be automatically
shared. Be aware that the printer driver must already be installed
on the server (see bf(addprinterdriver)) and the <port> must
be a valid port name.
dit(link(spooladdprinterdriver <arch> <config>)(SPOOLSSADDPRINTERDRIVER))
Execute an AddPrinterDriver() RPC to install the printer
driver information on the server. Note that the driver files
should already exist in the directort returned by
bf(spoolgetprinterdriverdir). Possible values for <arch>
are the same as those for the bf(spooolgetprintedriverdir) command.
The <config> parameter is defined as follows:
dit()<Long Printer Name>:<Driver File Name>:<Data File Name>:\
<Config File Name>:<Help File Name>:<Language Monitor Name>:\
<Default Data Type>:<Comma Separated list of Files>
dit()Any empty fields should be enter as the string "NULL".
dit()Samba does not need to support the concept of Print Monitors
since these only apply to local printers whose driver can make use
of a bi-directional link for communication. This field should
be "NULL". On a remote NT print server, the Print Monitor for a driver
must already be installed prior to adding the driver or else the RPC
will fail.
label(GENERALCMD)
dit(bf(General Commands))
dit(link(set)(SET))
Set miscellaneous rpcclient command line options during a running
session.
dit(link(use)(USE))
Connect to a rmeote SMB server. bf(rpcclient) has the ability
to maintain connections to multiple server simulaneously.
dit(link(help)(HELP))
Print a listing of all known commands or extended help
on a particular command.
dit(link(quit)(QUIT))
Exit rpcclient.
label(BUGS)
manpagesection(BUGS)
rpcclient is designed as a developer testing tool and may not be robust
in certain areas (such as command line parsing). It has been known to
generate a core dump upon failures when invalid parameters where
passed to the interpreter.
From Luke Leighton's original rpcclient man page:
"WARNING! The MSRPC over SMB code has been developed from examining
Network traces. No documentation is available from the original creators
(Microsoft) on how MSRPC over SMB works, or how the individual MSRPC services
work. Microsoft's implementation of these services has been demonstrated
(and reported) to be... a bit flakey in places.
The development of Samba's implementation is also a bit rough, and as more
of the services are understood, it can even result in versions of
bf(smbd(8)) and rpcclient that are incompatible for some commands or
services. Additionally, the developers are sending reports to Microsoft,
and problems found or reported to Microsoft are fixed in Service Packs,
which may result in incompatibilities."
label(SEEALSO)
manpageseealso()
bf(samba (7))
manpageauthor()
Samba is written by The Samba Team as Open Source. This man page was written
by Matthew Geddes, Luke Kenneth Casson, and Gerald Carter.

145
docs/yodldocs/samba.7.yo
View File

@ -1,145 +0,0 @@
mailto(samba@samba.org)
manpage(Samba htmlcommand((7)))(7)(23 Oct 1998)(Samba)()
label(NAME)
manpagename(Samba)(A Windows SMB/CIFS fileserver for UNIX)
label(SYNOPSIS)
manpagesynopsis()
bf(Samba)
label(DESCRIPTION)
manpagedescription()
The Samba software suite is a collection of programs that implements
the Server Message Block(commonly abbreviated as SMB) protocol for
UNIX systems. This protocol is sometimes also referred to as the
Common Internet File System (CIFS), LanManager or NetBIOS protocol.
label(COMPONENTS)
manpagesection(COMPONENTS)
The Samba suite is made up of several components. Each component is
described in a separate manual page. It is strongly recommended that
you read the documentation that comes with Samba and the manual pages
of those components that you use. If the manual pages aren't clear
enough then please send a patch or bug report
to email(samba@samba.org).
startdit()
dit(url(bf(smbd))(smbd.8.html)) nl() nl() The url(bf(smbd)
(8))(smbd.8.html) daemon provides the file and print services to SMB
clients, such as Windows 95/98, Windows NT, Windows for Workgroups or
LanManager. The configuration file for this daemon is described in
url(bf(smb.conf (5)))(smb.conf.5.html).
dit(url(bf(nmbd))(nmbd.8.html)) nl() nl() The url(bf(nmbd)
(8))(nmbd.8.html) daemon provides NetBIOS nameserving and browsing
support. The configuration file for this daemon is described in
url(bf(smb.conf (5)))(smb.conf.5.html).
dit(url(bf(smbclient))(smbclient.1.html)) nl() nl() The url(bf(smbclient)
(1))(smbclient.1.html) program implements a simple ftp-like
client. This is useful for accessing SMB shares on other compatible
servers (such as Windows NT), and can also be used to allow a UNIX box
to print to a printer attached to any SMB server (such as a PC running
Windows NT).
dit(url(bf(testparm))(testparm.1.html)) nl() nl() The url(bf(testparm
(1)))(testparm.1.html) utility allows you to test your url(bf(smb.conf
(5)))(smb.conf.5.html) configuration file.
dit(url(bf(testprns))(testprns.1.html)) nl() nl() the url(bf(testprns
(1)))(testprns.1.html) utility allows you to test the printers defined
in your printcap file.
dit(url(bf(smbstatus))(smbstatus.1.html)) nl() nl() The url(bf(smbstatus)
(1))(smbstatus.1.html) utility allows you list current connections to the
url(bf(smbd (8)))(smbd.8.html) server.
dit(url(bf(nmblookup))(nmblookup.1.html)) nl() nl() the
url(bf(nmblookup (1)))(nmblookup.1.html) utility allows NetBIOS name
queries to be made from the UNIX machine.
dit(url(bf(make_smbcodepage))(make_smbcodepage.1.html)) nl() nl() The
url(bf(make_smbcodepage (1)))(make_smbcodepage.1.html) utility allows
you to create SMB code page definition files for your url(bf(smbd
(8)))(smbd.8.html) server.
dit(url(bf(smbpasswd))(smbpasswd.8.html)) nl() nl() The url(bf(smbpasswd
(8)))(smbpasswd.8.html) utility allows you to change SMB encrypted
passwords on Samba and Windows NT(tm) servers.
enddit()
label(AVAILABILITY)
manpagesection(AVAILABILITY)
The Samba software suite is licensed under the GNU Public License
(GPL). A copy of that license should have come with the package in the
file COPYING. You are encouraged to distribute copies of the Samba
suite, but please obey the terms of this license.
The latest version of the Samba suite can be obtained via anonymous
ftp from samba.org in the directory pub/samba/. It is
also available on several mirror sites worldwide.
You may also find useful information about Samba on the newsgroup
comp.protocols.smb and the Samba mailing list. Details on how to join
the mailing list are given in the README file that comes with Samba.
If you have access to a WWW viewer (such as Netscape or Mosaic) then
you will also find lots of useful information, including back issues
of the Samba mailing list, at
url(http://samba.org/samba/)(http://samba.org/samba/).
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(CONTRIBUTIONS)
manpagesection(CONTRIBUTIONS)
If you wish to contribute to the Samba project, then I suggest you
join the Samba mailing list at email(samba@samba.org). See the
Web page at url(http://lists.samba.org/)(http://lists.samba.org/)
for details on how to do this.
If you have patches to submit or bugs to report then you may mail them
directly to email(samba@samba.org). Note, however, that due to
the enormous popularity of this package the Samba Team may take some
time to respond to mail. We prefer patches in em(diff -u) format.
label(CREDITS)
manpagesection(CREDITS)
Contributors to the project are now too numerous to mention here but
all deserve the thanks of all Samba users. To see a full list, look at
url(ftp://samba.org/pub/samba/alpha/change-log)(ftp://samba.org/pub/samba/alpha/change-log)
for the pre-CVS changes and at
url(ftp://samba.org/pub/samba/alpha/cvs.log)(ftp://samba.org/pub/samba/alpha/cvs.log)
for the contributors to Samba post-CVS. CVS is the Open Source source
code control system used by the Samba Team to develop Samba. The
project would have been unmanageable without it.
In addition, several commercial organizations now help fund the Samba
Team with money and equipment. For details see the Samba Web pages at
url(http://samba.org/samba/samba-thanks.html)(http://samba.org/samba/samba-thanks.html).
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).

7029
docs/yodldocs/smb.conf.5.yo
View File

File diff suppressed because it is too large Load Diff

208
docs/yodldocs/smbcacls.1.yo
View File

@ -1,208 +0,0 @@
manpage(smbcacls htmlcommand((1)))(1)(22 Dec 2000)(Samba)(SAMBA)
label(NAME)
manpagename(smbcacls)(Set or get ACLs on an NT file or directory )
label(SYNOPSIS)
manpagesynopsis()
bf(smbcacls) //server/share filename [link(-U username)(minusU)]
[link(-A acls)(minusA)] [link(-M acls)(minusM)]
[link(-D acls)(minusD)] [link(-S acls)(minusS)]
[link(-C name)(minusC)] [link(-G name)(minusG)]
[link(-n)(minusn)] [link(-h)(minush)]
label(DESCRIPTION)
manpagedescription()
The bf(smbcacls) program manipulates NT Access Control Lists (ACLs) on
SMB file shares.
label(OPTIONS)
manpageoptions()
The following options are available to the bf(smbcacls) program. The
format of ACLs is described in the section link(ACL FORMAT)(ACLFORMAT)
startdit()
label(minusA)
dit(bf(-A acls))
Add the ACLs specified to the ACL list. Existing access control entries
are unchanged.
label(minusM)
dit(bf(-M acls))
Modify the mask value (permissions) for the ACLs specified on the command
line. An error will be printed for each ACL specified that was not already
present in the ACL list.
label(minusD)
dit(bf(-D acls))
Delete any ACLs specfied on the command line. An error will be printed for
each ACL specified that was not already present in the ACL list.
label(minusS)
dit(bf(-S acls))
This command sets the ACLs on the file with only the ones specified on the
command line. All other ACLs are erased. Note that the ACL specified must
contain at least a revision, type, owner and group for the call to succeed.
label(minusC)
dit(bf(-C username))
This command sets the owner of the file to the given username. Note that
the user you connect to the server as must have the permissions to modify
the ownership of a file. Unlike the NT take ownership dialog box this command
can modify the owner of a file to any arbitrary user.
label(minusG)
dit(bf(-G username))
This command sets the primary group owner of the file to the given username. Note that
the user you connect to the server as must have the permissions to modify
the group ownership of a file. As this attribute is only used in the NT POSIX
subsystem there is no equivalent NT dialog box.
label(minusU)
dit(bf(-U username))
Specifies a username used to connect to the specified service. The
username may be of the form tt(username) in which case the user is
prompted to enter in a password and the workgroup specified in the
url(bf(smb.conf))(smb.conf.5.html) file is used, or tt(username%password)
or tt(DOMAIN\username%password) and the password and workgroup names are
used as provided.
label(minusC)
dit(bf(-C name))
The owner of a file or directory can be changed to the name given
using the -C option. The name can be a sid in the form tt(S-1-x-y-z) or a
name resolved against the server specified in the first argument.
This command is a shortcut for tt(-M OWNER:name).
label(minusG)
dit(bf(-G name))
The group owner of a file or directory can be changed to the name given
using the -G option. The name can be a sid in the form tt(S-1-x-y-z) or a
name resolved against the server specified in the first argument.
This command is a shortcut for tt(-M GROUP:name).
label(minusn)
dit(bf(-n))
This option displays all ACL information in numeric format. The default is
to convert SIDs to names and ACE types and masks to a readable string
format.
label(minush)
dit(bf(-h))
Print usage information on the bf(smbcacls) program
enddit()
label(ACLFORMAT)
manpagesection(ACL FORMAT)
The format of an ACL is one or more ACL entries separated by either
commas or newlines. An ACL entry is one of the following:
verb(REVISION:<revision number>
OWNER:<sid or name>
GROUP:<sid or name>
ACL:<sid or name>:<type>/<flags>/<mask>)
The revision of the ACL specifies the internal Windows NT ACL revision for
the security descriptor. If not specified it defaults to 1. Using values
other than 1 may cause strange behaviour.
The owner and group specify the owner and group sids for the object. If a
SID in the format tt(S-1-x-y-z) is specified this is used, otherwise
the name specified is resolved using the server on which the file or
directory resides.
ACLs specify permissions granted to the SID. This SID again can be
specified in tt(S-1-x-y-z) format or as a name in which case it is resolved
against the server on which the file or directory resides. The type, flags
and mask values determine the type of access granted to the SID.
The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to
the SID. The flags values are generally zero for file ACLs and either 9 or
2 for directory ACLs. Some common flags are:
verb(#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
#define SEC_ACE_FLAG_INHERIT_ONLY 0x8)
At present flags can only be specified as decimal or hexadecimal values.
The mask is a value which expresses the access right granted to the SID.
It can be given as a decimal or hexadecimal value, or by using one of the
following text strings which map to the NT file permissions of the same
name.
startdit()
dit() tt(R) Allow read access
dit() tt(W) Allow write access
dit() tt(X) Execute permission on the object
dit() tt(D) Delete the object
dit() tt(P) Change permissions
dit() tt(O) Take ownership
enddit()
The following combined permissions can be specified:
startdit()
dit() tt(READ)
Equivalent to tt(RX) permissions
dit() tt(CHANGE)
Equivalent to tt(RXWD) permissions
dit() tt(FULL)
Equivalent to tt(RWXDPO) permissions
enddit()
label(EXITSTATUS)
manpagesection(EXIT STATUS)
The bf(smbcacls) program sets the exit status depending on the success or
otherwise of the operations performed. The exit status may be one of the
following values.
If the operation succeded, bf(smbcacls) returns and exit status of 0. If
bf(smbcacls) couldn't connect to the specified server, or there was an
error getting or setting the ACLs, an exit status of 1 is returned. If
there was an error parsing any command line arguments, an exit status of 2
is returned.
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project.
bf(smbcacls) was written by Andrew Tridgell and Tim Potter.

767
docs/yodldocs/smbclient.1.yo
View File

@ -1,767 +0,0 @@
mailto(samba@samba.org)
manpage(smbclient htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbclient)(ftp-like client to access SMB/CIFS resources on servers)
label(SYNOPSIS)
manpagesynopsis()
bf(smbclient) link(servicename)(servicename) [link(-s smb.conf)(minuss)] [link(-O socket options)(minusO)][link(-R name resolve order)(minusR)] [link(-M NetBIOS name)(minusM)] [link(-i scope)(minusi)] [link(-N)(minusN)] [link(-n NetBIOS name)(minusn)] [link(-d debuglevel)(minusd)] [link(-P)(minusP)] [link(-p port)(minusp)] [link(-l log basename)(minusl)] [link(-h)(minush)] [link(-I dest IP)(minusI)] [link(-E)(minusE)] [link(-U username)(minusU)] [link(-L NetBIOS name)(minusL)] [link(-t terminal code)(minust)] [link(-m max protocol)(minusm)] [link(-b buffersize)(minusb)] [link(-W workgroup)(minusW)] [link(-T<c|x>IXFqgbNan)(minusT)] [link(-D directory)(minusD)] [link(-c command string)(minusc)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(smbclient) is a client that can 'talk' to an SMB/CIFS server. It
offers an interface similar to that of the ftp program (see bf(ftp
(1))). Operations include things like getting files from the server
to the local machine, putting files from the local machine to the
server, retrieving directory information from the server and so on.
label(OPTIONS)
manpageoptions()
startdit()
label(servicename)
dit(bf(servicename)) servicename is the name of the service you want
to use on the server. A service name takes the form
tt(//server/service) where em(server) is the NetBIOS name of the SMB/CIFS
server offering the desired service and em(service) is the name
of the service offered. Thus to connect to the service em(printer) on
the SMB/CIFS server em(smbserver), you would use the servicename
tt(//smbserver/printer)
Note that the server name required is NOT necessarily the IP (DNS)
host name of the server ! The name required is a NetBIOS server name,
which may or may not be the same as the IP hostname of the machine
running the server.
The server name is looked up according to either the
link(bf(-R))(minusR) parameter to bf(smbclient) or using the
url(bf(name resolve order))(smb.conf.5.html#nameresolveorder)
parameter in the smb.conf file, allowing an administrator to change
the order and methods by which server names are looked up.
label(password)
dit(bf(password)) password is the password required to access the
specified service on the specified server. If this parameter is
supplied, the link(bf(-N))(minusN) option (suppress password prompt) is assumed.
There is no default password. If no password is supplied on the
command line (either by using this parameter or adding a password to
the link(bf(-U))(minusU) option (see below)) and the link(bf(-N))(minusN) option is not specified,
the client will prompt for a password, even if the desired service
does not require one. (If no password is required, simply press ENTER
to provide a null password.)
Note: Some servers (including OS/2 and Windows for Workgroups) insist
on an uppercase password. Lowercase or mixed case passwords may be
rejected by these servers.
Be cautious about including passwords in scripts.
label(minuss)
dit(bf(-s smb.conf)) This parameter specifies the pathname to the
Samba configuration file, smb.conf. This file controls all aspects of
the Samba setup on the machine and smbclient also needs to read this
file.
label(minusO)
dit(bf(-O socket options)) TCP socket options to set on the client
socket. See the url(socket options)(smb.conf.5.html#socketoptions)
parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) manpage for
the list of valid options.
label(minusR)
dit(bf(-R name resolve order)) This option allows the user of
smbclient to determine what name resolution services to use when
looking up the NetBIOS name of the host being connected to.
The options are :"lmhosts", "host", "wins" and "bcast". They cause
names to be resolved as follows :
startit()
it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
The lmhosts file is stored in the same directory as the
url(bf(smb.conf))(smb.conf.5.html) file.
it() bf(host) : Do a standard host name to IP address resolution,
using the system /etc/hosts, NIS, or DNS lookups. This method of name
resolution is operating system depended for instance on IRIX or
Solaris this may be controlled by the em(/etc/nsswitch.conf) file).
it() bf(wins) : Query a name with the IP address listed in the url(bf(wins
server))(smb.conf.5.html#winsserver) parameter in the smb.conf file. If
no WINS server has been specified this method will be ignored.
it() bf(bcast) : Do a broadcast on each of the known local interfaces
listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter
in the smb.conf file. This is the least reliable of the name resolution
methods as it depends on the target host being on a locally connected
subnet.
endit()
If this parameter is not set then the name resolve order defined
in the url(bf(smb.conf))(smb.conf.5.html) file parameter
url((bf(name resolve order)))(smb.conf.5.html#nameresolveorder)
will be used.
The default order is lmhosts, host, wins, bcast and without this
parameter or any entry in the url(bf("name resolve
order"))(smb.conf.5.html#nameresolveorder) parameter of the
url(bf(smb.conf))(smb.conf.5.html) file the name resolution methods
will be attempted in this order.
label(minusM)
dit(bf(-M NetBIOS name)) This options allows you to send messages,
using the "WinPopup" protocol, to another computer. Once a connection
is established you then type your message, pressing ^D (control-D) to
end.
If the receiving computer is running WinPopup the user will receive
the message and probably a beep. If they are not running WinPopup the
message will be lost, and no error message will occur.
The message is also automatically truncated if the message is over
1600 bytes, as this is the limit of the protocol.
One useful trick is to cat the message through bf(smbclient).
For example:
tt(cat mymessage.txt | smbclient -M FRED)
will send the message in the file em(mymessage.txt) to the machine FRED.
You may also find the link(bf(-U))(minusU) and link(bf(-I))(minusI) options useful, as they allow
you to control the FROM and TO parts of the message.
See the url(bf(message command))(smb.conf.5.html#messagecommand)
parameter in the bf(smb.conf (5)) for a description of how to handle
incoming WinPopup messages in Samba.
Note: Copy WinPopup into the startup group on your WfWg PCs if you
want them to always be able to receive messages.
label(minusi)
dit(bf(-i scope)) This specifies a NetBIOS scope that smbclient will use
to communicate with when generating NetBIOS names. For details on the
use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
are em(very) rarely used, only set this parameter if you are the
system administrator in charge of all the NetBIOS systems you
communicate with.
label(minusN)
dit(bf(-N)) If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password.
Unless a password is specified on the command line or this parameter
is specified, the client will request a password.
label(minusn)
dit(bf(-n NetBIOS name)) By default, the client will use the local
machine's hostname (in uppercase) as its NetBIOS name. This parameter
allows you to override the host name and use whatever NetBIOS name you
wish.
label(minusd)
dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10, or the
letter 'A'.
The default value if this parameter is not specified is zero.
The higher this value, the more detail will be logged to the log files
about the activities of the client. At level 0, only critical errors
and serious warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of information about
operations carried out.
Levels above 1 will generate considerable amounts of log data, and
should only be used when investigating a problem. Levels above 3 are
designed for use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic. If debuglevel is set to the
letter 'A', then em(all) debug messages will be printed. This setting
is for developers only (and people who em(really) want to know how the
code works internally).
Note that specifying this parameter here will override the url(bf(log
level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
(5)))(smb.conf.5.html) file.
label(minusP)
dit(bf(-P)) This option is no longer used. The code in Samba2.0
now lets the server decide the device type, so no printer specific
flag is needed.
label(minusp)
dit(bf(-p port)) This number is the TCP port number that will be used
when making connections to the server. The standard (well-known) TCP
port number for an SMB/CIFS server is 139, which is the default.
label(minusl)
dit(bf(-l logfilename)) If specified, logfilename specifies a base
filename into which operational data from the running client will be
logged.
The default base name is specified at compile time.
The base name is used to generate actual log file names. For example,
if the name specified was "log", the debug file would be
tt(log.client).
The log file generated is never removed by the client.
label(minush)
dit(bf(-h)) Print the usage message for the client.
label(minusI)
dit(bf(-I IP address)) IP address is the address of the server to
connect to. It should be specified in standard "a.b.c.d" notation.
Normally the client would attempt to locate a named SMB/CIFS server by
looking it up via the NetBIOS name resolution mechanism described
above in the link(bf(name resolve order))(minusR) parameter
above. Using this parameter will force the client to assume that the
server is on the machine with the specified IP address and the NetBIOS
name component of the resource being connected to will be ignored.
There is no default for this parameter. If not supplied, it will be
determined automatically by the client as described above.
label(minusE)
dit(bf(-E)) This parameter causes the client to write messages to the
standard error stream (stderr) rather than to the standard output
stream.
By default, the client writes messages to standard output - typically
the user's tty.
label(minusU)
dit(bf(-U username)) This specifies the user name that will be used by
the client to make a connection, assuming your server is not a downlevel
server that is running a protocol level that uses passwords on shares,
not on usernames.
Some servers are fussy about the case of this name, and some insist
that it must be a valid NetBIOS name.
If no username is supplied, it will default to an uppercase version of
the environment variable tt(USER) or tt(LOGNAME) in that order. If no
username is supplied and neither environment variable exists the
username "GUEST" will be used.
If the tt(USER) environment variable contains a '%' character,
everything after that will be treated as a password. This allows you
to set the environment variable to be tt(USER=username%password) so
that a password is not passed on the command line (where it may be
seen by the ps command).
You can specify a domain name as part of the username by using a
username of the form "DOMAIN/user" or "DOMAIN\user".
If the service you are connecting to requires a password, it can be
supplied using the link(bf(-U))(minusU) option, by appending a percent symbol ("%")
then the password to username. For example, to attach to a service as
user tt("fred") with password tt("secret"), you would specify. nl()
tt(-U fred%secret) nl()
on the command line. Note that there are no spaces around the percent
symbol.
If you specify the password as part of username then the link(bf(-N))(minusN) option
(suppress password prompt) is assumed.
If you specify the password as a parameter em(AND) as part of username
then the password as part of username will take precedence. Putting
nothing before or nothing after the percent symbol will cause an empty
username or an empty password to be used, respectively.
The password may also be specified by setting up an environment
variable called tt(PASSWD) that contains the users password. Note
that this may be very insecure on some systems but on others allows
users to script smbclient commands without having a password appear in
the command line of a process listing.
A third option is to use a credentials file which contains
the plaintext of the username and password. This option is
mainly provided for scripts where the admin doesn't desire to
pass the credentials on the command line or via environment variables.
If this method is used, make certain that the permissions on the file
restrict access from unwanted users. See the bf(-A) for more details.
Note: Some servers (including OS/2 and Windows for Workgroups) insist
on an uppercase password. Lowercase or mixed case passwords may be
rejected by these servers.
Be cautious about including passwords in scripts or in the
tt(PASSWD) environment variable. Also, on many systems the command
line of a running process may be seen via the tt(ps) command to be
safe always allow smbclient to prompt for a password and type it in
directly.
label(minusA)
dit(bf(-A <filename>)) This option allows you to specify a file from which
to read the username and password used in the connection. The format
of the file is
tt(username = <value>) nl()
tt(password = <value>) nl()
Make certain that the permissions on the file restrict access from
unwanted users.
label(minusL)
dit(bf(-L)) This option allows you to look at what services are
available on a server. You use it as tt("smbclient -L host") and a
list should appear. The link(bf(-I))(minusI) option may be useful if your NetBIOS
names don't match your tcp/ip dns host names or if you are trying to
reach a host on another network.
label(minust)
dit(bf(-t terminal code)) This option tells smbclient how to interpret
filenames coming from the remote server. Usually Asian language
multibyte UNIX implementations use different character sets than
SMB/CIFS servers (em(EUC) instead of em(SJIS) for example). Setting
this parameter will let smbclient convert between the UNIX filenames
and the SMB filenames correctly. This option has not been seriously
tested and may have some problems.
The terminal codes include tt(sjis), tt(euc), tt(jis7), tt(jis8),
tt(junet), tt(hex), tt(cap). This is not a complete list, check the
Samba source code for the complete list.
label(minusm)
dit(bf(-m max protocol level)) With the new code in Samba2.0,
bf(smbclient) always attempts to connect at the maximum
protocols level the server supports. This parameter is
preserved for backwards compatibility, but any string
following the bf(-m) will be ignored.
label(minusb)
dit(bf(-b buffersize)) This option changes the transmit/send buffer
size when getting or putting a file from/to the server. The default
is 65520 bytes. Setting this value smaller (to 1200 bytes) has been
observed to speed up file transfers to and from a Win9x server.
label(minusW)
dit(bf(-W WORKGROUP)) Override the default workgroup specified in the
url(bf(workgroup))(smb.conf.5.html#workgroup) parameter of the
url(bf(smb.conf))(smb.conf.5.html) file for this connection. This may
be needed to connect to some servers.
label(minusT) dit(bf(-T tar options)) smbclient may be used to create
bf(tar (1)) compatible backups of all the files on an SMB/CIFS
share. The secondary tar flags that can be given to this option are :
startdit()
dit(bf(c)) Create a tar file on UNIX. Must be followed by the
name of a tar file, tape device or tt("-") for standard output. If
using standard output you must turn the log level to its lowest value
tt(-d0) to avoid corrupting your tar file. This flag is
mutually exclusive with the bf(x) flag.
dit(bf(x)) Extract (restore) a local tar file back to a
share. Unless the link(bf(-D))(minusD) option is given, the tar files will be
restored from the top level of the share. Must be followed by the name
of the tar file, device or tt("-") for standard input. Mutually exclusive
with the bf(c) flag. Restored files have their creation times (mtime)
set to the date saved in the tar file. Directories currently do not
get their creation dates restored properly.
dit(bf(I)) Include files and directories. Is the default
behavior when filenames are specified above. Causes tar files to
be included in an extract or create (and therefore everything else to
be excluded). See example below. Filename globbing works
in one of two ways. See bf(r) below.
dit(bf(X)) Exclude files and directories. Causes tar files to
be excluded from an extract or create. See example below. Filename
globbing works in one of two ways now. See bf(r) below.
dit(bf(b)) Blocksize. Must be followed by a valid (greater than
zero) blocksize. Causes tar file to be written out in
blocksize*TBLOCK (usually 512 byte) blocks.
dit(bf(g)) Incremental. Only back up files that have the
archive bit set. Useful only with the bf(c) flag.
dit(bf(q)) Quiet. Keeps tar from printing diagnostics as it
works. This is the same as tarmode quiet.
dit(bf(r)) Regular expression include or exclude. Uses regular
regular expression matching for excluding or excluding files if
compiled with HAVE_REGEX_H. However this mode can be very slow. If
not compiled with HAVE_REGEX_H, does a limited wildcard match on * and
?.
dit(bf(N)) Newer than. Must be followed by the name of a file
whose date is compared against files found on the share during a
create. Only files newer than the file specified are backed up to the
tar file. Useful only with the bf(c) flag.
dit(bf(a)) Set archive bit. Causes the archive bit to be reset
when a file is backed up. Useful with the bf(g) and bf(c) flags.
enddit()
em(Tar Long File Names)
smbclient's tar option now supports long file names both on backup and
restore. However, the full path name of the file must be less than
1024 bytes. Also, when a tar archive is created, smbclient's tar
option places all files in the archive with relative names, not
absolute names.
em(Tar Filenames)
All file names can be given as DOS path names (with tt(\) as the
component separator) or as UNIX path names (with tt(/) as the
component separator).
em(Examples)
startit()
it() Restore from tar file backup.tar into myshare on mypc (no password on share).
tt(smbclient //mypc/myshare "" -N -Tx backup.tar)
it() Restore everything except users/docs
tt(smbclient //mypc/myshare "" -N -TXx backup.tar users/docs)
it() Create a tar file of the files beneath users/docs.
tt(smbclient //mypc/myshare "" -N -Tc backup.tar users/docs)
it() Create the same tar file as above, but now use a DOS path name.
tt(smbclient //mypc/myshare "" -N -tc backup.tar users\edocs)
it() Create a tar file of all the files and directories in the share.
tt(smbclient //mypc/myshare "" -N -Tc backup.tar *)
endit()
label(minusD)
dit(bf(-D initial directory)) Change to initial directory before
starting. Probably only of any use with the tar link(bf(-T))(minusT) option.
label(minusc)
dit(bf(-c command string)) command string is a semicolon separated
list of commands to be executed instead of prompting from stdin.
link(bf(-N))(minusN) is implied by bf(-c).
This is particularly useful in scripts and for printing stdin to the
server, e.g. tt(-c 'print -').
enddit()
label(OPERATIONS)
manpagesection(OPERATIONS)
Once the client is running, the user is presented with a prompt :
tt(smb:\>)
The backslash ("\") indicates the current working directory on the
server, and will change if the current working directory is changed.
The prompt indicates that the client is ready and waiting to carry out
a user command. Each command is a single word, optionally followed by
parameters specific to that command. Command and parameters are
space-delimited unless these notes specifically state otherwise. All
commands are case-insensitive. Parameters to commands may or may not
be case sensitive, depending on the command.
You can specify file names which have spaces in them by quoting the
name with double quotes, for example "a long file name".
Parameters shown in square brackets (e.g., "[parameter]") are
optional. If not given, the command will use suitable
defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
required.
Note that all commands operating on the server are actually performed
by issuing a request to the server. Thus the behavior may vary from
server to server, depending on how the server was implemented.
The commands available are given here in alphabetical order.
startdit()
label(questionmark) dit(bf(? [command])) If "command" is specified,
the bf(?) command will display a brief informative message about the
specified command. If no command is specified, a list of available
commands will be displayed.
label(exclaimationmark) dit(bf(! [shell command])) If "shell command"
is specified, the bf(!) command will execute a shell locally and run
the specified shell command. If no command is specified, a local shell
will be run.
label(cd) dit(bf(cd [directory name])) If "directory name" is
specified, the current working directory on the server will be changed
to the directory specified. This operation will fail if for any reason
the specified directory is inaccessible.
If no directory name is specified, the current working directory on
the server will be reported.
label(del) dit(bf(del <mask>)) The client will request that the server
attempt to delete all files matching "mask" from the current working
directory on the server.
label(dir) dit(bf(dir <mask>)) A list of the files matching "mask" in
the current working directory on the server will be retrieved from the
server and displayed.
label(exit) dit(bf(exit)) Terminate the connection with the server and
exit from the program.
label(get) dit(bf(get <remote file name> [local file name])) Copy the
file called "remote file name" from the server to the machine running
the client. If specified, name the local copy "local file name". Note
that all transfers in smbclient are binary. See also the
link(bf(lowercase))(lowercase) command.
label(help) dit(bf(help [command])) See the link(bf(?))(questionmark)
command above.
label(lcd) dit(bf(lcd [directory name])) If "directory name" is
specified, the current working directory on the local machine will
be changed to the directory specified. This operation will fail if for
any reason the specified directory is inaccessible.
If no directory name is specified, the name of the current working
directory on the local machine will be reported.
label(lowercase) dit(bf(lowercase)) Toggle lowercasing of filenames
for the link(bf(get))(get) and link(bf(mget))(mget) commands.
When lowercasing is toggled ON, local filenames are converted to
lowercase when using the link(bf(get))(get) and link(bf(mget))(mget)
commands. This is often useful when copying (say) MSDOS files from a
server, because lowercase filenames are the norm on UNIX systems.
label(ls) dit(bf(ls <mask>)) See the link(bf(dir))(dir) command above.
label(mask) dit(bf(mask <mask>)) This command allows the user to set
up a mask which will be used during recursive operation of the
link(bf(mget))(mget) and link(bf(mput))(mput) commands.
The masks specified to the link(bf(mget))(mget) and
link(bf(mput))(mput) commands act as filters for directories rather
than files when recursion is toggled ON.
The mask specified with the .B mask command is necessary to filter
files within those directories. For example, if the mask specified in
an link(bf(mget))(mget) command is "source*" and the mask specified
with the mask command is "*.c" and recursion is toggled ON, the
link(bf(mget))(mget) command will retrieve all files matching "*.c" in
all directories below and including all directories matching "source*"
in the current working directory.
Note that the value for mask defaults to blank (equivalent to "*") and
remains so until the mask command is used to change it. It retains the
most recently specified value indefinitely. To avoid unexpected
results it would be wise to change the value of .I mask back to "*"
after using the link(bf(mget))(mget) or link(bf(mput))(mput) commands.
label(md) dit(bf(md <directory name>)) See the link(bf(mkdir))(mkdir)
command.
label(mget) dit(bf(mget <mask>)) Copy all files matching mask from the
server to the machine running the client.
Note that mask is interpreted differently during recursive operation
and non-recursive operation - refer to the link(bf(recurse))(recurse)
and link(bf(mask))(mask) commands for more information. Note that all
transfers in .B smbclient are binary. See also the
link(bf(lowercase))(lowercase) command.
label(mkdir) dit(bf(mkdir <directory name>)) Create a new directory on
the server (user access privileges permitting) with the specified
name.
label(mput) dit(bf(mput <mask>)) Copy all files matching mask in
the current working directory on the local machine to the current
working directory on the server.
Note that mask is interpreted differently during recursive operation
and non-recursive operation - refer to the link(bf(recurse))(recurse)
and link(bf(mask))(mask) commands for more information. Note that all
transfers in .B smbclient are binary.
label(print) dit(bf(print <file name>)) Print the specified file
from the local machine through a printable service on the server.
See also the link(bf(printmode))(printmode) command.
label(printmode) dit(bf(printmode <graphics or text>)) Set the print
mode to suit either binary data (such as graphical information) or
text. Subsequent print commands will use the currently set print
mode.
label(prompt) dit(bf(prompt)) Toggle prompting for filenames during
operation of the link(bf(mget))(mget) and link(bf(mput))(mput)
commands.
When toggled ON, the user will be prompted to confirm the transfer of
each file during these commands. When toggled OFF, all specified files
will be transferred without prompting.
label(put) dit(bf(put <local file name> [remote file name])) Copy the
file called "local file name" from the machine running the client to
the server. If specified, name the remote copy "remote file name".
Note that all transfers in smbclient are binary. See also the
link(bf(lowercase))(lowercase) command.
label(queue) dit(bf(queue)) Displays the print queue, showing the job
id, name, size and current status.
label(quit) dit(bf(quit)) See the link(bf(exit))(exit) command.
label(rd) dit(bf(rd <directory name>)) See the link(bf(rmdir))(rmdir)
command.
label(recurse) dit(bf(recurse)) Toggle directory recursion for the
commands link(bf(mget))(mget) and link(bf(mput))(mput).
When toggled ON, these commands will process all directories in the
source directory (i.e., the directory they are copying .IR from ) and
will recurse into any that match the mask specified to the
command. Only files that match the mask specified using the
link(bf(mask))(mask) command will be retrieved. See also the
link(bf(mask))(mask) command.
When recursion is toggled OFF, only files from the current working
directory on the source machine that match the mask specified to the
link(bf(mget))(mget) or link(bf(mput))(mput) commands will be copied,
and any mask specified using the link(bf(mask))(mask) command will be
ignored.
label(rm) dit(bf(rm <mask>)) Remove all files matching mask from
the current working directory on the server.
label(rmdir) dit(bf(rmdir <directory name>)) Remove the specified
directory (user access privileges permitting) from the server.
label(tar) dit(bf(tar <c|x>[IXbgNa])) Performs a tar operation - see
the link(bf(-T))(minusT) command line option above. Behavior may be
affected by the link(bf(tarmode))(tarmode) command (see below). Using
g (incremental) and N (newer) will affect tarmode settings. Note that
using the "-" option with tar x may not work - use the command line
option instead.
label(blocksize) dit(bf(blocksize <blocksize>)) Blocksize. Must be
followed by a valid (greater than zero) blocksize. Causes tar file to
be written out in blocksize*TBLOCK (usually 512 byte) blocks.
label(tarmode) dit(bf(tarmode <full|inc|reset|noreset>)) Changes tar's
behavior with regard to archive bits. In full mode, tar will back up
everything regardless of the archive bit setting (this is the default
mode). In incremental mode, tar will only back up files with the
archive bit set. In reset mode, tar will reset the archive bit on all
files it backs up (implies read/write share).
label(setmode) dit(bf(setmode <filename> <perm=[+|\-]rsha>)) A version
of the DOS attrib command to set file permissions. For example:
tt(setmode myfile +r)
would make myfile read only.
enddit()
label(NOTES)
manpagesection(NOTES)
Some servers are fussy about the case of supplied usernames,
passwords, share names (AKA service names) and machine names. If you
fail to connect try giving all parameters in uppercase.
It is often necessary to use the link(bf(-n))(minusn) option when connecting to some
types of servers. For example OS/2 LanManager insists on a valid
NetBIOS name being used, so you need to supply a valid name that would
be known to the server.
smbclient supports long file names where the server supports the
LANMAN2 protocol or above.
label(ENVIRONMENTVARIABLES)
manpagesection(ENVIRONMENT VARIABLES)
The variable bf(USER) may contain the username of the person using the
client. This information is used only if the protocol level is high
enough to support session-level passwords.
The variable bf(PASSWD) may contain the password of the person using
the client. This information is used only if the protocol level is
high enough to support session-level passwords.
label(INSTALLATION)
manpagesection(INSTALLATION)
The location of the client program is a matter for individual system
administrators. The following are thus suggestions only.
It is recommended that the smbclient software be installed in the
/usr/local/samba/bin or /usr/samba/bin directory, this directory
readable by all, writeable only by root. The client program itself
should be executable by all. The client should em(NOT) be setuid or
setgid!
The client log files should be put in a directory readable and
writeable only by the user.
To test the client, you will need to know the name of a running
SMB/CIFS server. It is possible to run url(bf(smbd (8)))(smbd.8.html)
an ordinary user - running that server as a daemon on a
user-accessible port (typically any port number over 1024) would
provide a suitable test server.
label(DIAGNOSTICS)
manpagesection(DIAGNOSTICS)
Most diagnostics issued by the client are logged in a specified log
file. The log file name is specified at compile time, but may be
overridden on the command line.
The number and nature of diagnostics available depends on the debug
level used by the client. If you have problems, set the debug level to
3 and peruse the log files.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

112
docs/yodldocs/smbcontrol.1.yo
View File

@ -1,112 +0,0 @@
mailto(samba@samba.org)
manpage(smbcontrol htmlcommand((1)))(1)(29 Sep 2000)(Samba)(SAMBA)
label(NAME)
manpagename(smbcontrol)(send messages to smbd or nmbd processes)
label(SYNOPSIS)
manpagesynopsis()
bf(smbcontrol) link(-i)(minusi)
bf(smbcontrol) link(destination)(destination) link(message-type)(messagetype) link(parameters)(parameters)
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(smbcontrol) is a very small program, which sends messages to an
url(bf(smbd))(smbd.8.html) or an url(bf(nmbd))(nmbd.8.html) daemon
running on the system.
label(OPTIONS)
manpageoptions()
startdit()
label(minusi)
dit(bf(-i)) Run interactively. Individual commands of the form
link(destination)(destination) link(message-type)(messagetype) link(parameters)(parameters)
can be entered on STDIN. An empty command line or a "q" will quit the program.
label(destination)
dit(bf(destination)) is one of "nmbd", "smbd" or a process ID.
The bf(smbd) destination causes the message to be "broadcast" to all
smbd daemons.
The bf(nmbd) destination causes the message to be sent to the nmbd
daemon specified in the bf(nmbd.pid) file.
If a single process ID is given, the message is sent to only that
process.
label(messagetype)
dit(bf(message-type)) is one of: debug, force-election, ping, profile,
debuglevel, profilelevel, or printer-notify.
The bf(debug) message-type allows the debug level to be set to the value
specified by the parameter. This can be sent to any of the destinations.
The bf(force-election) message-type can only be sent to the bf(nmbd)
destination. This message causes the bf(nmbd) daemon to force a
new browse master election.
The bf(ping) message-type sends the number of "ping" messages specified
by the parameter and waits for the same number of
reply "pong" messages. This can be sent to any of the destinations.
The bf(profile) message-type sends a message to an smbd to change the profile
settings based on the parameter. The parameter can be "on" to turn on
profile stats collection, "off" to turn off profile stats collection, "count"
to enable only collection of count stats (time stats are disabled), and
"flush" to zero the current profile stats.
This can be sent to any of the destinations.
The bf(debuglevel) message-type sends a "request debug level" message.
The current debug level setting is returned by a
"debuglevel" message. This can be sent to any of the destinations.
The bf(profilelevel) message-type sends a "request profile level" message.
The current profile level setting is returned by a
"profilelevel" message. This can be sent to any of the destinations.
The bf(printer-notify) message-type sends a message to smbd which in turn
sends a printer notify message to any Windows NT clients connected to
a printer. This message-type takes an argument of the printer name to
send notify messages to. This message can only be sent to smbd.
label(parameters)
dit(bf(parameters)) is any parameters required for the message-type
enddit()
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smbd (8)))(smbd.8.html), url(bf(nmbd (8)))(nmbd.8.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
This man page source was written in YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
for the Samba 2.2.0 release by Herb Lewis.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

443
docs/yodldocs/smbd.8.yo
View File

@ -1,443 +0,0 @@
mailto(samba@samba.org)
manpage(smbd htmlcommand((8)))(8)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbd)(server to provide SMB/CIFS services to clients)
label(SYNOPSIS)
manpagesynopsis()
bf(smbd) [link(-D)(minusD)] [link(-a)(minusa)] [link(-o)(minuso)] [link(-P)(minusP)] [link(-h)(minush)] [link(-V)(minusV)] [link(-d debuglevel)(minusd)] [link(-l log file)(minusl)] [link(-p port number)(minusp)] [link(-O socket options)(minusO)] [link(-s configuration file)(minuss)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(smbd) is the server daemon that provides filesharing and printing
services to
Windows clients. The server provides filespace and printer services to
clients using the SMB (or CIFS) protocol. This is compatible with the
LanManager protocol, and can service LanManager clients. These
include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95,
Windows NT, OS/2, DAVE for Macintosh, and smbfs for Linux.
An extensive description of the services that the server can provide
is given in the man page for the configuration file controlling the
attributes of those services (see
url(bf(smb.conf (5)))(smb.conf.5.html). This man page
will not describe the services, but will concentrate on the
administrative aspects of running the server.
Please note that there are significant security implications to
running this server, and the
url(bf(smb.conf (5)))(smb.conf.5.html) manpage should be
regarded as mandatory reading before proceeding with installation.
A session is created whenever a client requests one. Each client gets
a copy of the server for each session. This copy then services all
connections made by the client during that session. When all
connections from its client are closed, the copy of the server for
that client terminates.
The configuration file, and any files that it includes, are
automatically reloaded every minute, if they change. You can force a
reload by sending a SIGHUP to the server. Reloading the configuration
file will not affect connections to any service that is already
established. Either the user will have to disconnect from the
service, or smbd killed and restarted.
label(OPTIONS)
manpageoptions()
startdit()
label(minusD)
dit(bf(-D)) If specified, this parameter causes the server to operate as a
daemon. That is, it detaches itself and runs in the background,
fielding requests on the appropriate port. Operating the server as a
daemon is the recommended way of running smbd for servers that provide
more than casual use file and print services.
By default, the server will NOT operate as a daemon.
label(minusa)
dit(bf(-a)) If this parameter is specified, each new connection will
append log messages to the log file. This is the default.
label(minuso)
dit(bf(-o)) If this parameter is specified, the log files will be
overwritten when opened. By default, the log files will be appended
to.
label(minusP)
dit(bf(-P)) Passive option. Causes smbd not to send any network traffic
out. Used for debugging by the developers only.
label(minush)
dit(bf(-h)) Prints the help information (usage) for bf(smbd).
label(minusV)
dit(bf(-V)) Prints the version number for bf(smbd).
label(minusd)
dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10.
The default value if this parameter is not specified is zero.
The higher this value, the more detail will be logged to the log files
about the activities of the server. At level 0, only critical errors
and serious warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of information about
operations carried out.
Levels above 1 will generate considerable amounts of log data, and
should only be used when investigating a problem. Levels above 3 are
designed for use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will override the url(bf(log
level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
(5)))(smb.conf.5.html) file.
label(minusl)
dit(bf(-l log file)) If specified, em(log file) specifies
a log filename into which informational and debug messages from the
running server will be logged. The log file generated is never removed
by the server although its size may be controlled by the url(bf(max
log size))(smb.conf.5.html#maxlogsize) option in the url(bf(smb.conf
(5)))(smb.conf.5.html) file. The default log file name is specified
at compile time.
label(minusO)
dit(bf(-O socket options)) See the url(bf(socket
options))(smb.conf.5.html#socketoptions) parameter in the
url(bf(smb.conf (5)))(smb.conf.5.html) file for details.
label(minusp)
dit(bf(-p port number)) port number is a positive integer value. The
default value if this parameter is not specified is 139.
This number is the port number that will be used when making
connections to the server from client software. The standard
(well-known) port number for the SMB over TCP is 139, hence the
default. If you wish to run the server as an ordinary user rather than
as root, most systems will require you to use a port number greater
than 1024 - ask your system administrator for help if you are in this
situation.
In order for the server to be useful by most clients, should you
configure it on a port other than 139, you will require port
redirection services on port 139, details of which are outlined in
rfc1002.txt section 4.3.5.
This parameter is not normally specified except in the above
situation.
label(minuss)
dit(bf(-s configuration file))
The file specified contains the configuration details required by the
server. The information in this file includes server-specific
information such as what printcap file to use, as well as descriptions
of all the services that the server is to provide. See bf(smb.conf
(5)) for more information.
The default configuration file name is determined at compile time.
endit()
label(FILES)
manpagefiles()
bf(/etc/inetd.conf)
If the server is to be run by the inetd meta-daemon, this file must
contain suitable startup information for the meta-daemon. See the
section link(INSTALLATION)(INSTALLATION) below.
bf(/etc/rc)
(or whatever initialization script your system uses).
If running the server as a daemon at startup, this file will need to
contain an appropriate startup sequence for the server. See the
section link(INSTALLATION)(INSTALLATION) below.
bf(/etc/services)
If running the server via the meta-daemon inetd, this file must
contain a mapping of service name (e.g., netbios-ssn) to service port
(e.g., 139) and protocol type (e.g., tcp). See the section
link(INSTALLATION)(INSTALLATION) below.
bf(/usr/local/samba/lib/smb.conf)
This is the default location of the em(smb.conf) server configuration
file. Other common places that systems install this file are
em(/usr/samba/lib/smb.conf) and em(/etc/smb.conf).
This file describes all the services the server is to make available
to clients. See url(bf(smb.conf (5)))(smb.conf.5.html) for more information.
label(LIMITATIONS)
manpagesection(LIMITATIONS)
On some systems bf(smbd) cannot change uid back to root after a
setuid() call. Such systems are called "trapdoor" uid systems. If you
have such a system, you will be unable to connect from a client (such
as a PC) as two different users at once. Attempts to connect the
second user will result in "access denied" or similar.
label(ENVIRONMENTVARIABLES)
manpagesection(ENVIRONMENT VARIABLES)
bf(PRINTER)
If no printer name is specified to printable services, most systems
will use the value of this variable (or "lp" if this variable is not
defined) as the name of the printer to use. This is not specific to
the server, however.
label(INSTALLATION)
manpagesection(INSTALLATION)
The location of the server and its support files is a matter for
individual system administrators. The following are thus suggestions
only.
It is recommended that the server software be installed under the
/usr/local/samba hierarchy, in a directory readable by all, writeable
only by root. The server program itself should be executable by all,
as users may wish to run the server themselves (in which case it will
of course run with their privileges). The server should NOT be
setuid. On some systems it may be worthwhile to make smbd setgid to an
empty group. This is because some systems may have a security hole
where daemon processes that become a user can be attached to with a
debugger. Making the smbd file setgid to an empty group may prevent
this hole from being exploited. This security hole and the suggested
fix has only been confirmed on old versions (pre-kernel 2.0) of Linux
at the time this was written. It is possible that this hole only
exists in Linux, as testing on other systems has thus far shown them
to be immune.
The server log files should be put in a directory readable and
writeable only by root, as the log files may contain sensitive
information.
The configuration file should be placed in a directory readable and
writeable only by root, as the configuration file controls security for
the services offered by the server. The configuration file can be made
readable by all if desired, but this is not necessary for correct
operation of the server and is not recommended. A sample configuration
file "smb.conf.sample" is supplied with the source to the server -
this may be renamed to "smb.conf" and modified to suit your needs.
The remaining notes will assume the following:
startit()
it() bf(smbd) (the server program) installed in /usr/local/samba/bin
it() bf(smb.conf) (the configuration file) installed in /usr/local/samba/lib
it() log files stored in /var/adm/smblogs
endit()
The server may be run either as a daemon by users or at startup, or it
may be run from a meta-daemon such as inetd upon request. If run as a
daemon, the server will always be ready, so starting sessions will be
faster. If run from a meta-daemon some memory will be saved and
utilities such as the tcpd TCP-wrapper may be used for extra security.
For serious use as file server it is recommended that bf(smbd) be run
as a daemon.
When you've decided, continue with either
link(RUNNING THE SERVER AS A DAEMON)(RUNNINGTHESERVERASADAEMON) or
link(RUNNING THE SERVER ON REQUEST)(RUNNINGTHESERVERONREQUEST).
label(RUNNINGTHESERVERASADAEMON)
manpagesection(RUNNING THE SERVER AS A DAEMON)
To run the server as a daemon from the command line, simply put the
link(bf(-D))(minusD) option on the command line. There is no need to place an
ampersand at the end of the command line - the link(bf(-D))(minusD) option causes
the server to detach itself from the tty anyway.
Any user can run the server as a daemon (execute permissions
permitting, of course). This is useful for testing purposes, and may
even be useful as a temporary substitute for something like ftp. When
run this way, however, the server will only have the privileges of the
user who ran it.
To ensure that the server is run as a daemon whenever the machine is
started, and to ensure that it runs as root so that it can serve
multiple clients, you will need to modify the system startup
files. Wherever appropriate (for example, in /etc/rc), insert the
following line, substituting port number, log file location,
configuration file location and debug level as desired:
tt(/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log -s /usr/local/samba/lib/smb.conf)
(The above should appear in your initialization script as a single line.
Depending on your terminal characteristics, it may not appear that way in
this man page. If the above appears as more than one line, please treat any
newlines or indentation as a single space or TAB character.)
If the options used at compile time are appropriate for your system,
all parameters except link(bf(-D))(minusD) may be
omitted. See the section link(OPTIONS)(OPTIONS) above.
label(RUNNINGTHESERVERONREQUEST)
manpagesection(RUNNING THE SERVER ON REQUEST)
If your system uses a meta-daemon such as bf(inetd), you can arrange to
have the smbd server started whenever a process attempts to connect to
it. This requires several changes to the startup files on the host
machine. If you are experimenting as an ordinary user rather than as
root, you will need the assistance of your system administrator to
modify the system files.
You will probably want to set up the NetBIOS name server url(bf(nmbd))(nmbd.8.html) at
the same time as bf(smbd). To do this refer to the man page for
url(bf(nmbd (8)))(nmbd.8.html).
First, ensure that a port is configured in the file tt(/etc/services). The
well-known port 139 should be used if possible, though any port may be
used.
Ensure that a line similar to the following is in tt(/etc/services):
tt(netbios-ssn 139/tcp)
Note for NIS/YP users - you may need to rebuild the NIS service maps
rather than alter your local tt(/etc/services file).
Next, put a suitable line in the file tt(/etc/inetd.conf) (in the unlikely
event that you are using a meta-daemon other than inetd, you are on
your own). Note that the first item in this line matches the service
name in tt(/etc/services). Substitute appropriate values for your system
in this line (see bf(inetd (8))):
tt(netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf)
(The above should appear in tt(/etc/inetd.conf) as a single
line. Depending on your terminal characteristics, it may not appear
that way in this man page. If the above appears as more than one
line, please treat any newlines or indentation as a single space or
TAB character.)
Note that there is no need to specify a port number here, even if you
are using a non-standard port number.
Lastly, edit the configuration file to provide suitable services. To
start with, the following two services should be all you need:
verb(
[homes]
writeable = yes
[printers]
writeable = no
printable = yes
path = /tmp
public = yes
)
This will allow you to connect to your home directory and print to any
printer supported by the host (user privileges permitting).
label(TESTINGTHEINSTALLATION)
manpagesection(TESTING THE INSTALLATION)
If running the server as a daemon, execute it before proceeding. If
using a meta-daemon, either restart the system or kill and restart the
meta-daemon. Some versions of inetd will reread their configuration
tables if they receive a HUP signal.
If your machine's name is "fred" and your name is "mary", you should
now be able to connect to the service tt(\\fred\mary).
To properly test and experiment with the server, we recommend using
the smbclient program (see
url(bf(smbclient (1)))(smbclient.1.html)) and also going through
the steps outlined in the file em(DIAGNOSIS.txt) in the em(docs/)
directory of your Samba installation.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(DIAGNOSTICS)
manpagesection(DIAGNOSTICS)
Most diagnostics issued by the server are logged in a specified log
file. The log file name is specified at compile time, but may be
overridden on the command line.
The number and nature of diagnostics available depends on the debug
level used by the server. If you have problems, set the debug level to
3 and peruse the log files.
Most messages are reasonably self-explanatory. Unfortunately, at the time
this man page was created, there are too many diagnostics available
in the source code to warrant describing each and every diagnostic. At
this stage your best bet is still to grep the source code and inspect
the conditions that gave rise to the diagnostics you are seeing.
label(SIGNALS)
manpagesection(SIGNALS)
Sending the smbd a SIGHUP will cause it to re-load its smb.conf
configuration file within a short period of time.
To shut down a users smbd process it is recommended that SIGKILL (-9)
em(NOT) be used, except as a last resort, as this may leave the shared
memory area in an inconsistent state. The safe way to terminate an
smbd is to send it a SIGTERM (-15) signal and wait for it to die on
its own.
The debug log level of smbd may be raised
by sending it a SIGUSR1 tt((kill -USR1 <smbd-pid>)) and lowered by
sending it a SIGUSR2 tt((kill -USR2 <smbd-pid>)). This is to allow
transient problems to be diagnosed, whilst still running at a normally
low log level.
Note that as the signal handlers send a debug write, they are not
re-entrant in smbd. This you should wait until smbd is in a state of
waiting for an incoming smb before issuing them. It is possible to
make the signal handlers safe by un-blocking the signals before the
select call and re-blocking them after, however this would affect
performance.
label(SEEALSO)
manpageseealso()
bf(hosts_access (5)), bf(inetd (8)), url(bf(nmbd (8)))(nmbd.8.html),
url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbclient
(1)))(smbclient.1.html), url(bf(testparm (1)))(testparm.1.html),
url(bf(testprns (1)))(testprns.1.html), and the Internet RFC's
bf(rfc1001.txt), bf(rfc1002.txt). In addition the CIFS (formerly SMB)
specification is available as a link from the Web page :
url(http://samba.org/cifs/)(http://samba.org/cifs/).
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full list of contributors
and details on how to submit bug reports, comments etc.

213
docs/yodldocs/smbpasswd.5.yo
View File

@ -1,213 +0,0 @@
mailto(samba@samba.org)
manpage(smbpasswd htmlcommand((5)))(5)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbpasswd)(The Samba encrypted password file)
label(SYNOPSIS)
manpagesynopsis()
smbpasswd is the bf(Samba) encrypted password file.
label(DESCRIPTION)
manpagedescription()
This file is part of the bf(Samba) suite.
smbpasswd is the bf(Samba) encrypted password file. It contains
the username, Unix user id and the SMB hashed passwords of the
user, as well as account flag information and the time the password
was last changed. This file format has been evolving with Samba
and has had several different formats in the past.
label(FILEFORMAT)
manpagesection(FILE FORMAT)
The format of the smbpasswd file used by Samba 2.0 is very similar to
the familiar Unix bf(passwd (5)) file. It is an ASCII file containing
one line for each user. Each field within each line is separated from
the next by a colon. Any entry beginning with # is ignored. The
smbpasswd file contains the following information for each user:
startit()
label(name)
dit(bf(name)) nl() nl()
This is the user name. It must be a name that already exists
in the standard UNIX passwd file.
label(uid)
dit(bf(uid)) nl() nl()
This is the UNIX uid. It must match the uid field for the same
user entry in the standard UNIX passwd file. If this does not
match then Samba will refuse to recognize this bf(smbpasswd) file entry
as being valid for a user.
label(LanmanPasswordHash)
dit(bf(Lanman Password Hash)) nl() nl()
This is the em(LANMAN) hash of the users password, encoded as 32 hex
digits. The em(LANMAN) hash is created by DES encrypting a well known
string with the users password as the DES key. This is the same
password used by Windows 95/98 machines. Note that this password hash
is regarded as weak as it is vulnerable to dictionary attacks and if
two users choose the same password this entry will be identical (i.e.
the password is not em("salted") as the UNIX password is). If the
user has a null password this field will contain the characters
tt("NO PASSWORD") as the start of the hex string. If the hex string
is equal to 32 tt('X') characters then the users account is marked as
em(disabled) and the user will not be able to log onto the Samba
server.
em(WARNING !!). Note that, due to the challenge-response nature of the
SMB/CIFS authentication protocol, anyone with a knowledge of this
password hash will be able to impersonate the user on the network.
For this reason these hashes are known as em("plain text equivalent")
and must em(NOT) be made available to anyone but the root user. To
protect these passwords the bf(smbpasswd) file is placed in a
directory with read and traverse access only to the root user and the
bf(smbpasswd) file itself must be set to be read/write only by root,
with no other access.
label(NTPasswordHash)
dit(bf(NT Password Hash)) nl() nl()
This is the em(Windows NT) hash of the users password, encoded as 32
hex digits. The em(Windows NT) hash is created by taking the users
password as represented in 16-bit, little-endian UNICODE and then
applying the em(MD4) (internet rfc1321) hashing algorithm to it.
This password hash is considered more secure than the link(bf(Lanman
Password Hash))(LanmanPasswordHash) as it preserves the case of the
password and uses a much higher quality hashing algorithm. However, it
is still the case that if two users choose the same password this
entry will be identical (i.e. the password is not em("salted") as the
UNIX password is).
em(WARNING !!). Note that, due to the challenge-response nature of the
SMB/CIFS authentication protocol, anyone with a knowledge of this
password hash will be able to impersonate the user on the network.
For this reason these hashes are known as em("plain text equivalent")
and must em(NOT) be made available to anyone but the root user. To
protect these passwords the bf(smbpasswd) file is placed in a
directory with read and traverse access only to the root user and the
bf(smbpasswd) file itself must be set to be read/write only by root,
with no other access.
label(AccountFlags)
dit(bf(Account Flags)) nl() nl()
This section contains flags that describe the attributes of the users
account. In the bf(Samba2.0) release this field is bracketed by tt('[')
and tt(']') characters and is always 13 characters in length (including
the tt('[') and tt(']') characters). The contents of this field may be
any of the characters.
startit()
label(capU)
it() bf('U') This means this is a em("User") account, i.e. an ordinary
user. Only bf(User) and link(bf(Workstation Trust))(capW) accounts are
currently supported in the bf(smbpasswd) file.
label(capN)
it() bf('N') This means the account has em(no) password (the passwords
in the fields link(bf(Lanman Password Hash))(LanmanPasswordHash) and
link(bf(NT Password Hash))(NTPasswordHash) are ignored). Note that this
will only allow users to log on with no password if the
url(bf(null passwords))(smb.conf.5.html#nullpasswords) parameter is set
in the url(bf(smb.conf (5)))(smb.conf.5.html) config file.
label(capD)
it() bf('D') This means the account is disabled and no SMB/CIFS logins
will be allowed for this user.
label(capW)
it() bf('W') This means this account is a em("Workstation Trust") account.
This kind of account is used in the Samba PDC code stream to allow Windows
NT Workstations and Servers to join a Domain hosted by a Samba PDC.
endit()
Other flags may be added as the code is extended in future. The rest of
this field space is filled in with spaces.
label(LastChangeTime)
dit(bf(Last Change Time)) nl() nl()
This field consists of the time the account was last modified. It consists of
the characters tt(LCT-) (standing for em("Last Change Time")) followed by a numeric
encoding of the UNIX time in seconds since the epoch (1970) that the last change
was made.
dit(bf(Following fields)) nl() nl()
All other colon separated fields are ignored at this time.
enddit()
label(NOTES)
manpagesection(NOTES)
In previous versions of Samba (notably the 1.9.18 series) this file
did not contain the link(bf(Account Flags))(AccountFlags) or
link(bf(Last Change Time))(LastChangeTime) fields. The Samba 2.0
code will read and write these older password files but will not be able to
modify the old entries to add the new fields. New entries added with
url(bf(smbpasswd (8)))(smbpasswd.8.html) will contain the new fields
in the added accounts however. Thus an older bf(smbpasswd) file used
with Samba 2.0 may end up with some accounts containing the new fields
and some not.
In order to convert from an old-style bf(smbpasswd) file to a new
style, run the script bf(convert_smbpasswd), installed in the
Samba tt(bin/) directory (the same place that the url(bf(smbd))(smbd.8.html)
and url(bf(nmbd))(nmbd.8.html) binaries are installed) as follows:
verb(
cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file
)
The bf(convert_smbpasswd) script reads from stdin and writes to stdout
so as not to overwrite any files by accident.
Once this script has been run, check the contents of the new smbpasswd
file to ensure that it has not been damaged by the conversion script
(which uses bf(awk)), and then replace the tt(<old smbpasswd file>)
with the tt(<new smbpasswd file>).
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smbpasswd (8)))(smbpasswd.8.html), url(bf(samba
(7)))(samba.7.html), and the Internet RFC1321 for details on the MD4
algorithm.
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy
Allison, email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

319
docs/yodldocs/smbpasswd.8.yo
View File

@ -1,319 +0,0 @@
mailto(samba@samba.org)
manpage(smbpasswd htmlcommand((8)))(8)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbpasswd)(change a users SMB password)
label(SYNOPSIS)
manpagesynopsis()
bf(smbpasswd) [link(-a)(minusa)] [link(-x)(minusx)] [link(-d)(minusd)] [link(-e)(minuse)] [link(-D debug level)(minusD)] [link(-n)(minusn)] [link(-r remote_machine)(minusr)] [link(-R name resolve order)(minusR)] [link(-m)(minusm)] [link(-j DOMAIN)(minusj)] [link(-U username)(minusU)] [link(-h)(minush)] [link(-s)(minuss)] link(username)(username)
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
The bf(smbpasswd) program has several different functions, depending
on whether it is run by the em(root) user or not. When run as a normal
user it allows the user to change the password used for their SMB
sessions on any machines that store SMB passwords.
By default (when run with no arguments) it will attempt to change the
current users SMB password on the local machine. This is similar to
the way the bf(passwd (1)) program works. bf(smbpasswd) differs from how
the bf(passwd) program works however in that it is not em(setuid root)
but works in a client-server mode and communicates with a locally
running url(bf(smbd))(smbd.8.html). As a consequence in order for this
to succeed the url(bf(smbd))(smbd.8.html) daemon must be running on
the local machine. On a UNIX machine the encrypted SMB passwords are
usually stored in the url(bf(smbpasswd (5)))(smbpasswd.5.html) file.
When run by an ordinary user with no options. bf(smbpasswd) will
prompt them for their old smb password and then ask them for their new
password twice, to ensure that the new password was typed
correctly. No passwords will be echoed on the screen whilst being
typed. If you have a blank smb password (specified by the string "NO
PASSWORD" in the url(bf(smbpasswd))(smbpasswd.5.html) file) then just
press the <Enter> key when asked for your old password.
bf(smbpasswd) can also be used by a normal user to change their SMB
password on remote machines, such as Windows NT Primary Domain
Controllers. See the link((bf(-r)))(minusr) and
link(bf(-U))(minusU) options below.
When run by root, bf(smbpasswd) allows new users to be added and
deleted in the url(bf(smbpasswd))(smbpasswd.5.html) file, as well as
allows changes to the attributes of the user in this file to be made. When
run by root, bf(smbpasswd) accesses the local
url(bf(smbpasswd))(smbpasswd.5.html) file directly, thus enabling
changes to be made even if url(bf(smbd))(smbd.8.html) is not running.
label(OPTIONS)
manpageoptions()
startdit()
label(minusa)
dit(bf(-a)) This option specifies that the username following should
be added to the local url(bf(smbpasswd))(smbpasswd.5.html) file, with
the new password typed (type <Enter> for the old password). This
option is ignored if the username following already exists in the
url(bf(smbpasswd))(smbpasswd.5.html) file and it is treated like a
regular change password command. Note that the user to be added
bf(must) already exist in the system password file (usually /etc/passwd)
else the request to add the user will fail.
This option is only available when running bf(smbpasswd) as
root.
label(minusx)
dit(bf(-x)) This option specifies that the username following should
be deleted from the local url(bf(smbpasswd))(smbpasswd.5.html) file.
This option is only available when running bf(smbpasswd) as
root.
label(minusd)
dit(bf(-d)) This option specifies that the username following should be
em(disabled) in the local url(bf(smbpasswd))(smbpasswd.5.html) file.
This is done by writing a em('D') flag into the account control space
in the url(bf(smbpasswd))(smbpasswd.5.html) file. Once this is done
all attempts to authenticate via SMB using this username will fail.
If the url(bf(smbpasswd))(smbpasswd.5.html) file is in the 'old'
format (pre-Samba 2.0 format) there is no space in the users password
entry to write this information and so the user is disabled by writing
'X' characters into the password space in the
url(bf(smbpasswd))(smbpasswd.5.html) file. See url(bf(smbpasswd
(5)))(smbpasswd.5.html) for details on the 'old' and new password file
formats.
This option is only available when running bf(smbpasswd) as root.
label(minuse)
dit(bf(-e)) This option specifies that the username following should be
em(enabled) in the local url(bf(smbpasswd))(smbpasswd.5.html) file,
if the account was previously disabled. If the account was not
disabled this option has no effect. Once the account is enabled
then the user will be able to authenticate via SMB once again.
If the smbpasswd file is in the 'old' format then bf(smbpasswd) will
prompt for a new password for this user, otherwise the account will be
enabled by removing the em('D') flag from account control space in the
url(bf(smbpasswd))(smbpasswd.5.html) file. See url(bf(smbpasswd
(5)))(smbpasswd.5.html) for details on the 'old' and new password file
formats.
This option is only available when running bf(smbpasswd) as root.
label(minusD)
dit(bf(-D debuglevel)) debuglevel is an integer from 0
to 10. The default value if this parameter is not specified is zero.
The higher this value, the more detail will be logged to the log files
about the activities of smbpasswd. At level 0, only critical errors
and serious warnings will be logged.
Levels above 1 will generate considerable amounts of log data, and
should only be used when investigating a problem. Levels above 3 are
designed for use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
label(minusn)
dit(bf(-n)) This option specifies that the username following should
have their password set to null (i.e. a blank password) in the local
url(bf(smbpasswd))(smbpasswd.5.html) file. This is done by writing the
string "NO PASSWORD" as the first part of the first password stored in
the url(bf(smbpasswd))(smbpasswd.5.html) file.
Note that to allow users to logon to a Samba server once the password
has been set to "NO PASSWORD" in the
url(bf(smbpasswd))(smbpasswd.5.html) file the administrator must set
the following parameter in the [global] section of the
url(bf(smb.conf))(smb.conf.5.html) file :
url(null passwords = true)(smb.conf.5.html#nullpasswords)
This option is only available when running bf(smbpasswd) as root.
label(minusr)
dit(bf(-r remote machine name)) This option allows a
user to specify what machine they wish to change their password
on. Without this parameter bf(smbpasswd) defaults to the local
host. The em("remote machine name") is the NetBIOS name of the
SMB/CIFS server to contact to attempt the password change. This name
is resolved into an IP address using the standard name resolution
mechanism in all programs of the url(bf(Samba))(samba.7.html)
suite. See the link(bf(-R name resolve order))(minusR) parameter for details on changing this resolving
mechanism.
The username whose password is changed is that of the current UNIX
logged on user. See the link(bf(-U username))(minusU)
parameter for details on changing the password for a different
username.
Note that if changing a Windows NT Domain password the remote machine
specified must be the Primary Domain Controller for the domain (Backup
Domain Controllers only have a read-only copy of the user account
database and will not allow the password change).
em(Note) that Windows 95/98 do not have a real password database
so it is not possible to change passwords specifying a Win95/98
machine as remote machine target.
label(minusR)
dit(bf(-R name resolve order)) This option allows the user of
smbclient to determine what name resolution services to use when
looking up the NetBIOS name of the host being connected to.
The options are :link("lmhosts")(lmhosts), link("host")(host),
link("wins")(wins) and link("bcast")(bcast). They cause names to be
resolved as follows :
startit()
label(lmhosts)
it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
label(host)
it() bf(host) : Do a standard host name to IP address resolution,
using the system /etc/hosts, NIS, or DNS lookups. This method of name
resolution is operating system dependent. For instance on IRIX or
Solaris, this may be controlled by the em(/etc/nsswitch.conf) file).
label(wins)
it() bf(wins) : Query a name with the IP address listed in the
url(bf(wins server))(smb.conf.5.html#winsserver) parameter in the
url(bf(smb.conf file))(smb.conf.5.html). If
no WINS server has been specified this method will be ignored.
label(bcast)
it() bf(bcast) : Do a broadcast on each of the known local interfaces
listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter
in the smb.conf file. This is the least reliable of the name resolution
methods as it depends on the target host being on a locally connected
subnet.
endit()
If this parameter is not set then the name resolve order defined
in the url(bf(smb.conf))(smb.conf.5.html) file parameter
url(bf(name resolve order))(smb.conf.5.html#nameresolveorder)
will be used.
The default order is lmhosts, host, wins, bcast and without this
parameter or any entry in the url(bf(smb.conf))(smb.conf.5.html)
file the name resolution methods will be attempted in this order.
label(minusm)
dit(bf(-m)) This option tells bf(smbpasswd) that the account being
changed is a em(MACHINE) account. Currently this is used when Samba is
being used as an NT Primary Domain Controller. PDC support is not a
supported feature in Samba2.0 but will become supported in a later
release. If you wish to know more about using Samba as an NT PDC then
please subscribe to the mailing list
email(samba-ntdom@samba.org).
This option is only available when running bf(smbpasswd) as root.
label(minusj)
dit(bf(-j DOMAIN)) This option is used to add a Samba server into a
Windows NT Domain, as a Domain member capable of authenticating user
accounts to any Domain Controller in the same way as a Windows NT
Server. See the url(bf(security=domain))(smb.conf.5.html#security)
option in the url(bf(smb.conf (5)))(smb.conf.5.html) man page.
In order to be used in this way, the Administrator for the Windows
NT Domain must have used the program em("Server Manager for Domains")
to add the url(primary NetBIOS name)(smb.conf.5.html#netbiosname) of
the Samba server as a member of the Domain.
After this has been done, to join the Domain invoke bf(smbpasswd) with
this parameter. bf(smbpasswd) will then look up the Primary Domain
Controller for the Domain (found in the
url(bf(smb.conf))(smb.conf.5.html) file in the parameter
url(bf(password server))(smb.conf.5.html#passwordserver) and change
the machine account password used to create the secure Domain
communication. This password is then stored by bf(smbpasswd) in a
file, read only by root, called tt(<Domain>.<Machine>.mac) where
tt(<Domain>) is the name of the Domain we are joining and tt(<Machine>)
is the primary NetBIOS name of the machine we are running on.
Once this operation has been performed the
url(bf(smb.conf))(smb.conf.5.html) file may be updated to set the
url(bf(security=domain))(smb.conf.5.html#security) option and all
future logins to the Samba server will be authenticated to the Windows
NT PDC.
Note that even though the authentication is being done to the PDC all
users accessing the Samba server must still have a valid UNIX account
on that machine.
This option is only available when running bf(smbpasswd) as root.
label(minusU)
dit(bf(-U username)) This option may only be used in
conjunction with the link(bf(-r))(minusr)
option. When changing a password on a remote machine it allows the
user to specify the user name on that machine whose password will be
changed. It is present to allow users who have different user names on
different systems to change these passwords.
label(minush)
dit(bf(-h)) This option prints the help string for bf(smbpasswd),
selecting the correct one for running as root or as an ordinary user.
label(minuss)
dit(bf(-s)) This option causes bf(smbpasswd) to be silent (i.e. not
issue prompts) and to read it's old and new passwords from standard
input, rather than from tt(/dev/tty) (like the bf(passwd (1)) program
does). This option is to aid people writing scripts to drive bf(smbpasswd)
label(username)
dit(bf(username)) This specifies the username for all of the em(root
only) options to operate on. Only root can specify this parameter as
only root has the permission needed to modify attributes directly
in the local url(bf(smbpasswd))(smbpasswd.5.html) file.
label(NOTES)
manpagesection(NOTES)
Since bf(smbpasswd) works in client-server mode communicating with a
local url(bf(smbd))(smbd.8.html) for a non-root user then the bf(smbd)
daemon must be running for this to work. A common problem is to add a
restriction to the hosts that may access the bf(smbd) running on the
local machine by specifying a url(bf("allow
hosts"))(smb.conf.5.html#allowhosts) or url(bf("deny
hosts"))(smb.conf.5.html#denyhosts) entry in the
url(bf(smb.conf))(smb.conf.5.html) file and neglecting to allow
em("localhost") access to the bf(smbd).
In addition, the bf(smbpasswd) command is only useful if bf(Samba) has
been set up to use encrypted passwords. See the file bf(ENCRYPTION.txt)
in the docs directory for details on how to do this.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

81
docs/yodldocs/smbrun.1.yo
View File

@ -1,81 +0,0 @@
mailto(samba@samba.org)
manpage(smbrun htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbrun)(interface program between smbd and external programs)
label(SYNOPSIS)
manpagesynopsis()
bf(smbrun) link(shell-command)(shellcommand)
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(smbrun) is a very small 'glue' program, which runs shell commands
for the url(bf(smbd))(smbd.8.html) daemon url(bf(smbd
(8)))(smbd.8.html).
It first changes to the highest effective user and group ID that it
can, then runs the command line provided using the system() call. This
program is necessary to allow some operating systems to run external
programs as non-root.
label(OPTIONS)
manpageoptions()
startdit()
label(shellcommand)
dit(bf(shell-command)) The shell command to execute. The command
should have a fully-qualified path.
enddit()
label(ENVIRONMENTVARIABLES)
manpagesection(ENVIRONMENT VARIABLES)
The em(PATH) variable set for the environment in which bf(smbrun) is
executed will affect what executables are located and executed if a
fully-qualified path is not given in the command.
label(DIAGNOSTICS)
manpagesection(DIAGNOSTICS)
If bf(smbrun) cannot be located or cannot be executed by
url(bf(smbd))(smbd.8.html) then appropriate messages will be found in
the url(bf(smbd))(smbd.8.html) logs. Other diagnostics are dependent
on the shell-command being run. It is advisable for your shell
commands to issue suitable diagnostics to aid trouble-shooting.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

87
docs/yodldocs/smbsh.1.yo
View File

@ -1,87 +0,0 @@
mailto(samba@samba.org)
manpage(smbsh htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbsh)(Allows access to Windows NT filesystem using UNIX commands)
label(SYNOPSIS)
manpagesynopsis()
bf(smbsh)
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(smbsh) allows you to access an NT filesystem using UNIX commands
such as bf(ls), bf(egrep), and bf(rcp). You must use a shell that
is dynmanically linked in order for bf(smbsh) to work correctly.
To use the bf(smbsh) command, execute bf(smbsh) from the prompt and
enter the username and password that authenticate you to the
machine running the Windows NT operating system.
verb(
system% smbsh
Username: user
Password:
)
Any dynamically linked command you execute from this shell will
access the bf(/smb) directory using the smb protocol.
For example, the command
tt(ls /smb)
will show all the machines in your workgroup.
The command
tt(ls /smb/<machine-name>)
will show the share names for that machine. You could then, for example, use the
bf(cd) command to change directories, bf(vi) to edit files, and bf(rcp)
to copy files.
label(VERSION)
manpagesection(VERSION)
This man page is correct for the 2.0.3 of the Samba suite.
label(BUGS)
manpagebugs()
bf(smbsh) works by intercepting the standard libc calls with the dynamically loaded
versions in bf(smbwrapper.o). Not all calls have been "wrapped" so some programs
may not function correctly under bf(smbsh).
Programs which are not dynamically linked cannot make use of bf(smbsh)'s
functionality. Most versions of UNIX have a bf(file) command that will describe how
a program was linked.
label(SEEALSO)
manpageseealso()
url(bf(smb.conf (5)))(smb.conf.5.html),
url(bf(smbd (8)))(smbd.8.html).
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell (samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

89
docs/yodldocs/smbspool.8.yo
View File

@ -1,89 +0,0 @@
mailto(samba@samba.org)
manpage(smbspool htmlcommand((1)))(1)(11 October 1999)(Samba)(SAMBA)
label(NAME)
manpagename(smbspool)(send print file to an SMB printer)
label(SYNOPSIS)
manpagesynopsis()
bf(smbspool) job user title copies options [filename]
label(DESCRIPTION)
manpagedescription()
This program is part of the Samba suite.
smbspool is a very small print spooling program that sends a print
file to an SMB printer. The command-line arguments are position-dependent for
compatibility with the Common UNIX Printing System, but you can use
smbspool with any printing system or from a program or script.
manpagesection(DEVICE URI)
smbspool specifies the destination using a Uniform Resource Identifier
("URI") with a method of "smb". This string can take a number of
forms:
startit()
it() smb://server/printer
it() smb://workgroup/server/printer
it() smb://username:password@server/printer
it() smb://username:password@workgroup/server/printer
endit()
smbspool tries to get the URI from argv[0]. If argv[0] contains the
name of the program then it looks in the DEVICE_URI environment variable.
Programs using the exec(2) functions can pass the URI in argv[0],
while shell scripts must set the DEVICE_URI environment variable prior to
running smbspool.
manpagesection(OPTIONS)
The job argument (argv[1]) contains the job ID number and is presently
not used by smbspool.
The user argument (argv[2]) contains the print user's name and is
presently not used by smbspool.
The title argument (argv[3]) contains the job title string and is
passed as the remote file name when sending the print job.
The copies argument (argv[4]) contains the number of copies to be
printed of the named file. If no filename is provided than this argument is
not used by smbspool.
The options argument (argv[5]) contains the print options in a single
string and is presently not used by smbspool.
The filename argument (argv[6]) contains the name of the file to print.
If this argument is not specified then the print file is read from the
standard input.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpagesection(SEE ALSO)
url(bf(smbd (8)))(smbd.8.html)
label(AUTHOR)
manpageauthor()
smbspool was written by Michael Sweet at Easy Software Products.
The original Samba software and related utilities were created by
Andrew Tridgell samba@samba.org. Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
See samba (7) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

85
docs/yodldocs/smbstatus.1.yo
View File

@ -1,85 +0,0 @@
mailto(samba@samba.org)
manpage(smbstatus htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbstatus)(report on current Samba connections)
label(SYNOPSIS)
manpagesynopsis()
bf(smbstatus) [link(-P)(minusP)] [link(-b)(minusb)] [link(-d)(minusd)] [link(-L)(minusL)] [link(-p)(minusp)] [link(-S)(minusS)] [link(-s configuration file)(minuss)] [link(-u username)(minusu)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(smbstatus) is a very simple program to list the current Samba
connections.
label(OPTIONS)
manpageoptions()
startdit()
label(minusP)
dit(bf(-P)) If samba has been compiled with the profiling option,
print only the contents of the profiling shared memory area.
label(minusb)
dit(bf(-b)) gives brief output.
label(minusd)
dit(bf(-d)) gives verbose output.
label(minusL)
dit(bf(-L)) causes smbstatus to only list locks.
label(minusp)
dit(bf(-p)) print a list of url(bf(smbd))(smbd.8.html)
processes and exit. Useful for scripting.
label(minusS)
dit(bf(-S)) causes smbstatus to only list shares.
label(minuss)
dit(bf(-s configuration file)) The default configuration file name is
determined at compile time. The file specified contains the
configuration details required by the server. See url(bf(smb.conf
(5)))(smb.conf.5.html) for more information.
label(minusu)
dit(bf(-u username)) selects information relevant to em(username)
only.
enddit()
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

140
docs/yodldocs/smbtar.1.yo
View File

@ -1,140 +0,0 @@
mailto(samba@samba.org)
manpage(smbtar htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(smbtar)(shell script for backing up SMB/CIFS shares directly to UNIX tape drives)
label(SYNOPSIS)
manpagesynopsis()
bf(smbtar) link(-s server)(minuss) [link(-p password)(minusp)] [link(-x service)(minusx)] [link(-X)(minusX)] [link(-d directory)(minusd)] [link(-u user)(minusu)] [link(-t tape)(minust)] [link(-b blocksize)(minusb)] [link(-N filename)(minusN)] [link(-i)(minusi)] [link(-r)(minusr)] [link(-l log level)(minusl)] [link(-v)(minusv)] filenames
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(smbtar) is a very small shell script on top of
url(bf(smbclient))(smbclient.1.html) which dumps SMB shares directly
to tape.
label(OPTIONS)
manpageoptions()
startdit()
label(minuss)
dit(bf(-s server)) The SMB/CIFS server that the share resides upon.
label(minusx)
dit(bf(-x service)) The share name on the server to connect
to. The default is tt(backup).
label(minusX)
dit(bf(-X)) Exclude mode. Exclude filenames... from tar create or
restore.
label(minusd)
dit(bf(-d directory)) Change to initial em(directory) before restoring
/ backing up files.
label(minusv)
dit(bf(-v)) Verbose mode.
label(minusp)
dit(bf(-p password)) The password to use to access a share. Default:
none
label(minusu)
dit(bf(-u user)) The user id to connect as. Default: UNIX login name.
label(minust)
dit(bf(-t tape)) Tape device. May be regular file or tape
device. Default: em(TAPE) environmental variable; if not set, a file
called tt(tar.out).
label(minusb)
dit(bf(-b blocksize)) Blocking factor. Defaults to 20. See bf(tar (1))
for a fuller explanation.
label(minusN)
dit(bf(-N filename)) Backup only files newer than filename. Could be
used (for example) on a log file to implement incremental backups.
label(minusi)
dit(bf(-i)) Incremental mode; tar files are only backed up if they
have the archive bit set. The archive bit is reset after each file is
read.
label(minusr)
dit(bf(-r)) Restore. Files are restored to the share from the tar
file.
label(minusl)
dit(bf(-l log level)) Log (debug) level. Corresponds to the
url(bf(-d))(smbclient.1.html#minusd) flag of url(bf(smbclient
(1)))(smbclient.1.html).
enddit()
label(ENVIRONMENTVARIABLES)
manpagesection(ENVIRONMENT VARIABLES)
The TAPE variable specifies the default tape device to write to. May
be overridden with the link(bf(-t))(minust) option.
label(BUGS)
manpagesection(BUGS)
The bf(smbtar) script has different options from ordinary tar and tar
called from url(bf(smbclient))(smbclient.1.html).
label(CAVEATS)
manpagesection(CAVEATS)
Sites that are more careful about security may not like the way the
script handles PC passwords. Backup and restore work on entire shares,
should work on file lists. bf(smbtar) works best with GNU tar and may
not work well with other versions.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smbclient (1)))(smbclient.1.html), url(bf(smb.conf
(5)))(smb.conf.5.html)
label(DIAGNOSTICS)
manpagesection(DIAGNOSTICS)
See the url(bf(DIAGNOSTICS))(smbclient.1.html#DIAGNOSTICS) section for
the url(bf(smbclient))(smbclient.1.html) command.
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
Ricky Poulten email(poultenr@logica.co.uk) wrote the tar extension and
this man page. The bf(smbtar) script was heavily rewritten and
improved by Martin Kraemer email(Martin.Kraemer@mch.sni.de). Many
thanks to everyone who suggested extensions, improvements, bug fixes,
etc. The man page sources were converted to YODL format (another
excellent piece of Open Source software available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison,
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

162
docs/yodldocs/swat.8.yo
View File

@ -1,162 +0,0 @@
mailto(samba@samba.org)
manpage(swat htmlcommand((8)))(8)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(swat)(Samba Web Administration Tool)
label(SYNOPSIS)
manpagesynopsis()
bf(swat) [link(-s smb config file)(minuss)] [link(-a)(minusa)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(swat) allows a Samba administrator to configure the complex
url(bf(smb.conf))(smb.conf.5.html) file via a Web browser. In
addition, a swat configuration page has help links to all the
configurable options in the url(bf(smb.conf))(smb.conf.5.html) file
allowing an administrator to easily look up the effects of any change.
bf(swat) is run from bf(inetd)
label(OPTIONS)
manpageoptions()
startdit()
label(minuss)
dit(bf(-s smb configuration file)) The default configuration file path is
determined at compile time.
The file specified contains the configuration details required by the
url(bf(smbd))(smbd.8.html) server. This is the file that bf(swat) will
modify. The information in this file includes server-specific
information such as what printcap file to use, as well as descriptions
of all the services that the server is to provide. See url(smb.conf
(5))(smb.conf.5.html) for more information.
label(minusa)
dit(bf(-a))
This option disables authentication and puts bf(swat) in demo mode. In
that mode anyone will be able to modify the
url(bf(smb.conf))(smb.conf.5.html) file.
Do NOT enable this option on a production server.
endit()
label(INSTALLATION)
manpagesection(INSTALLATION)
After you compile SWAT you need to run tt("make install") to install the
swat binary and the various help files and images. A default install
would put these in:
verb(
/usr/local/samba/bin/swat
/usr/local/samba/swat/images/*
/usr/local/samba/swat/help/*
)
label(INETD)
manpagesection(INETD INSTALLATION)
You need to edit your tt(/etc/inetd.conf) and tt(/etc/services) to
enable bf(SWAT) to be launched via inetd.
In tt(/etc/services) you need to add a line like this:
tt(swat 901/tcp)
Note for NIS/YP users - you may need to rebuild the NIS service maps
rather than alter your local tt(/etc/services) file.
the choice of port number isn't really important except that it should
be less than 1024 and not currently used (using a number above 1024
presents an obscure security hole depending on the implementation
details of your bf(inetd) daemon).
In tt(/etc/inetd.conf) you should add a line like this:
tt(swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat)
One you have edited tt(/etc/services) and tt(/etc/inetd.conf) you need
to send a HUP signal to inetd. To do this use tt("kill -1 PID") where
PID is the process ID of the inetd daemon.
label(LAUNCHING)
manpagesection(LAUNCHING)
To launch bf(swat) just run your favorite web browser and point it at
tt(http://localhost:901/).
bf(Note that you can attach to bf(swat) from any IP connected machine but
connecting from a remote machine leaves your connection open to
password sniffing as passwords will be sent in the clear over the
wire.)
manpagefiles()
bf(/etc/inetd.conf)
This file must contain suitable startup information for the
meta-daemon.
bf(/etc/services)
This file must contain a mapping of service name (e.g., swat) to
service port (e.g., 901) and protocol type (e.g., tcp).
bf(/usr/local/samba/lib/smb.conf)
This is the default location of the em(smb.conf) server configuration
file that bf(swat) edits. Other common places that systems install
this file are em(/usr/samba/lib/smb.conf) and em(/etc/smb.conf).
This file describes all the services the server is to make available
to clients. See bf(smb.conf (5)) for more information.
label(WARNINGS)
manpagesection(WARNINGS)
bf(swat) will rewrite your url(bf(smb.conf))(smb.conf.5.html) file. It
will rearrange the entries and delete all comments,
url(bf("include="))(smb.conf.5.html#include) and
url(bf("copy="))(smb.conf.5.html#copy) options. If you have a
carefully crafted url(bf(smb.conf))(smb.conf.5.html) then back it up
or don't use bf(swat)!
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
bf(inetd (8)), url(bf(nmbd (8)))(nmbd.8.html),
url(bf(smb.conf (5)))(smb.conf.5.html).
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell (samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

116
docs/yodldocs/testparm.1.yo
View File

@ -1,116 +0,0 @@
mailto(samba@samba.org)
manpage(testparm htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(testparm)(check an smb.conf configuration file for internal correctness)
label(SYNOPSIS)
manpagesynopsis()
bf(testparm) [link(-s)(minuss)] [link(-h)(minush)] [link(-L servername)(minusL)] [link(configfilename)(configfilename)] [link(hostname)(hostname) link(hostIP)(hostIP)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(testparm) is a very simple test program to check an
url(bf(smbd))(smbd.8.html) configuration file for internal
correctness. If this program reports no problems, you can use the
configuration file with confidence that url(bf(smbd))(smbd.8.html)
will successfully load the configuration file.
Note that this is em(NOT) a guarantee that the services specified in the
configuration file will be available or will operate as expected.
If the optional host name and host IP address are specified on the
command line, this test program will run through the service entries
reporting whether the specified host has access to each service.
If bf(testparm) finds an error in the url(bf(smb.conf))(smb.conf.5.html)
file it returns an exit code of 1 to the calling program, else it returns
an exit code of 0. This allows shell scripts to test the output from
bf(testparm).
label(OPTIONS)
manpageoptions()
startdit()
label(minuss)
dit(bf(-s)) Without this option, bf(testparm) will prompt for a
carriage return after printing the service names and before dumping
the service definitions.
label(minush)
dit(bf(-h)) Print usage message
label(minusL)
dit(bf(-L servername)) Sets the value of the %L macro to servername. This
is useful for testing include files specified with the %L macro.
label(configfilename)
dit(bf(configfilename)) This is the name of the configuration file to
check. If this parameter is not present then the default
url(bf(smb.conf))(smb.conf.5.html) file will be checked.
label(hostname)
dit(bf(hostname)) If this parameter and the following are specified,
then testparm will examine the url(bf("hosts
allow"))(smb.conf.5.html#hostsallow) and url(bf("hosts
deny"))(smb.conf.5.html#hostsdeny) parameters in the
url(bf(smb.conf))(smb.conf.5.html) file to determine if the hostname
with this IP address would be allowed access to the
url(bf(smbd))(smbd.8.html) server. If this parameter is supplied, the
link(hostIP)(hostIP) parameter must also be supplied.
label(hostIP)
dit(bf(hostIP)) This is the IP address of the host specified in the
previous parameter. This address must be supplied if the hostname
parameter is supplied.
enddit()
label(FILES)
manpagesection(FILES)
url(bf(smb.conf))(smb.conf.5.html). This is usually the name of the
configuration file used by url(bf(smbd))(smbd.8.html).
label(DIAGNOSTICS)
manpagesection(DIAGNOSTICS)
The program will issue a message saying whether the configuration file
loaded OK or not. This message may be preceded by errors and warnings
if the file did not load. If the file was loaded OK, the program then
dumps all known service details to stdout.
label(VERSION)
manpagesection(VERSION)
This man page is correct for version 2.0 of the Samba suite.
label(SEEALSO)
manpageseealso()
url(bf(smb.conf (5)))(smb.conf.5.html), url(bf(smbd (8)))(smbd.8.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

98
docs/yodldocs/testprns.1.yo
View File

@ -1,98 +0,0 @@
mailto(samba@samba.org)
manpage(testprns htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
label(NAME)
manpagename(testprns)(check printer name for validity with smbd )
label(SYNOPSIS)
manpagesynopsis()
bf(testprns) link(printername)(printername) [link(printcapname)(printcapname)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite.
bf(testprns) is a very simple test program to determine whether a
given printer name is valid for use in a service to be provided by
url(bf(smbd))(smbd.8.html).
"Valid" in this context means "can be found in the printcap
specified". This program is very stupid - so stupid in fact that it
would be wisest to always specify the printcap file to use.
label(OPTIONS)
manpageoptions()
startdit()
label(printername)
dit(bf(printername)) The printer name to validate.
Printer names are taken from the first field in each record in the
printcap file, single printer names and sets of aliases separated by
vertical bars ("|") are recognized. Note that no validation or
checking of the printcap syntax is done beyond that required to
extract the printer name. It may be that the print spooling system is
more forgiving or less forgiving than bf(testprns). However, if
bf(testprns) finds the printer then url(bf(smbd))(smbd.8.html) should
do so as well.
label(printcapname)
dit(bf(printcapname)) This is the name of the printcap file within
which to search for the given printer name.
If no printcap name is specified bf(testprns) will attempt to scan the
printcap file name specified at compile time.
enddit()
label(FILES)
manpagesection(FILES)
bf(/etc/printcap) This is usually the default printcap file to
scan. See bf(printcap (5)).
label(DIAGNOSTICS)
manpagesection(DIAGNOSTICS)
If a printer is found to be valid, the message "Printer name
<printername> is valid" will be displayed.
If a printer is found to be invalid, the message "Printer name
<printername> is not valid" will be displayed.
All messages that would normally be logged during operation of the
url(bf(Samba))(samba.7.html) daemons are logged by this program to the
file tt(test.log) in the current directory. The program runs at
debuglevel 3, so quite extensive logging information is written. The
log should be checked carefully for errors and warnings.
Other messages are self-explanatory.
label(SEEALSO)
manpageseealso()
bf(printcap (5)), url(bf(smbd (8)))(smbd.8.html), url(bf(smbclient
(1)))(smbclient.1.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell email(samba@samba.org). Samba is now developed
by the Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The man page
sources were converted to YODL format (another excellent piece of Open
Source software, available at
url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
and updated for the Samba2.0 release by Jeremy Allison.
email(samba@samba.org).
See url(bf(samba (7)))(samba.7.html) to find out how to get a full
list of contributors and details on how to submit bug reports,
comments etc.

133
docs/yodldocs/wbinfo.1.yo
View File

@ -1,133 +0,0 @@
mailto(samba-bugs@samba.org)
manpage(wbinfo htmlcommand((1)))(1)(13 Jun 2000)(Samba)(SAMBA)
label(NAME)
manpagename(wbinfo)(Query information from winbind daemon)
label(SYNOPSIS)
manpagesynopsis()
bf(wbinfo) link(-u)(minusu) [link(-g)(minusg)] [link(-n name)(minusn)]
[link(-s sid)(minuss)] [link(-U uid)(minusU)] [link(-G gid)(minusG)]
[link(-S sid)(minusS)] [link(-Y sid)(minusY)] [link(-t)(minust)]
[link(-m)(minusm)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite version 3.0 and describes
functionality not yet implemented in the main version of Samba.
The bf(wbinfo) program queries and returns information created and used by
the url(bf(winbindd(8)))(winbindd.8.html) daemon.
The url(bf(winbindd(8)))(winbindd.8.html) daemon must be configured and
running for the bf(wbinfo) program to be able to return information.
label(OPTIONS)
manpageoptions()
The following options are available to the bf(wbinfo) program:
startdit()
label(minusu)
dit(bf(-u))
This option will list all users available in the Windows NT domain for
which the url(bf(winbindd(8)))(winbindd.8.html) daemon is operating in.
Users in all trusted domains will also be listed. Note that this operation
does not assign user ids to any users that have not already been seen by
url(bf(winbindd(8)))(winbindd.8.html).
label(minusg)
dit(bf(-g))
This option will list all groups available in the Windows NT domain for
which the url(bf(winbindd(8)))(winbindd.8.html) daemon is operating in.
Groups in all trusted domains will also be listed. Note that this
operation does not assign group ids to any groups that have not already
been seen by url(bf(winbindd(8)))(winbindd.8.html).
label(minusn)
dit(bf(-n name))
The bf(-n) option queries url(bf(winbindd(8)))(winbindd.8.html) for the SID
associated with the name specified. Domain names can be specified before
the user name by using the winbind separator character. For example
tt(DOM1/Administrator) refers to the tt(Administrator) user in the domain
tt(DOM1). If no domain is specified then the domain used is the one
specified in the bf(smb.conf) bf(workgroup) parameter.
label(minuss)
dit(bf(-s sid))
Use bf(-s) to resolve a SID to a name. This is the inverse of the bf(-n)
option above. SIDs must be specified as ASCII strings in the traditional
Microsoft format. For example
tt(S-1-5-21-1455342024-3071081365-2475485837-500).
label(minusU)
dit(bf(-U uid))
Try to convert a UNIX user id to a Windows NT SID. If the uid specified
does not refer to one within the bf(winbind uid range) then the operation
will fail.
label(minusG)
dit(bf(-G gid))
Try to convert a UNIX group id to a Windows NT SID. If the gid specified
does not refer to one within the bf(winbind gid range) then the operation
will fail.
label(minusS)
dit(bf(-S sid))
Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX
user mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
will fail.
label(minusY)
dit(bf(-Y sid))
Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX
group mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
will fail.
label(minust)
dit(bf(-t))
Verify that the workstation trust account created when the Samba server is
added to the Windows NT domain is working.
label(minusm)
dit(bf(-m))
Produce a list of domains trusted by the Windows NT server
url(bf(winbindd(8)))(winbindd.8.html) contacts when resolving names. This
list does not include the Windows NT domain the server is a Primary Domain
Controller for.
enddit()
label(EXIT STATUS)
manpagesection(EXIT STATUS)
The bf(wbinfo) program returns 0 if the operation succeeded, or 1 if
the operation failed. If the url(bf(winbindd(8)))(winbindd.8.html) daemon
is not working bf(wbinfo) will always return failure.
label(SEEALSO)
manpageseealso()
url(bf(winbindd(8)))(winbindd.8.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project.
bf(wbinfo) was written by Tim Potter.

400
docs/yodldocs/winbindd.8.yo
View File

@ -1,400 +0,0 @@
mailto(samba-bugs@samba.org)
manpage(winbindd htmlcommand((8)))(8)(13 Jun 2000)(Samba)(SAMBA)
label(NAME)
manpagename(winbindd)(Name Service Switch daemon for resolving names from NT servers)
label(SYNOPSIS)
manpagesynopsis()
bf(winbindd) [link(-d debuglevel)(minusd)] [link(-i)(minusi)]
label(DESCRIPTION)
manpagedescription()
This program is part of the bf(Samba) suite version 3.0 and describes
functionality not yet implemented in the main version of Samba.
bf(winbindd) is a daemon that provides a service for the Name Service
Switch capability that is present in most modern C libraries. The Name
Service Switch allows user and system information to be obtained from
different databases services such as NIS or DNS. The exact behaviour can
be configured throught the tt(/etc/nsswitch.conf) file. Users and groups
are allocated as they are resolved to a range of user and group ids
specified by the administrator of the Samba system.
The service provided by bf(winbindd) is called `winbind' and can be
used to resolve user and group information from a Windows NT server.
The service can also provide authentication services via an associated
PAM module.
The following nsswitch databases are implemented by the bf(winbindd)
service:
startdit()
dit(passwd)
User information traditionally stored in the bf(passwd(5)) file and used by
bf(getpwent(3)) functions.
dit(group)
Group information traditionally stored in the bf(group(5)) file and used by
bf(getgrent(3)) functions.
enddit()
For example, the following simple configuration in the
tt(/etc/nsswitch.conf) file can be used to initially resolve user and group
information from tt(/etc/passwd) and tt(/etc/group) and then from the
Windows NT server.
verb(
passwd: files winbind
group: files winbind
)
label(OPTIONS)
manpageoptions()
The following options are available to the bf(winbindd) daemon:
startdit()
label(minusd)
dit(bf(-d debuglevel))
Sets the debuglevel to an integer between 0 and 100. 0 is for no debugging
and 100 is for reams and reams. To submit a bug report to the Samba Team,
use debug level 100 (see bf(BUGS.txt)).
label(minusi)
dit(bf(-i))
Tells bf(winbindd) to not become a daemon and detach from the current terminal.
This option is used by developers when interactive debugging of bf(winbindd) is
required.
enddit()
label(NAMEANDIDRESOLUTION)
manpagesection(NAME AND ID RESOLUTION)
Users and groups on a Windows NT server are assigned a relative id (rid)
which is unique for the domain when the user or group is created. To
convert the Windows NT user or group into a unix user or group, a mapping
between rids and unix user and group ids is required. This is one of the
jobs that bf(winbindd) performs.
As bf(winbindd) users and groups are resolved from a server, user and group
ids are allocated from a specified range. This is done on a first come,
first served basis, although all existing users and groups will be mapped
as soon as a client performs a user or group enumeration command. The
allocated unix ids are stored in a database file under the Samba lock
directory and will be remembered.
WARNING: The rid to unix id database is the only location where the user
and group mappings are stored by bf(winbindd). If this file is deleted or
corrupted, there is no way for bf(winbindd) to determine which user and
group ids correspond to Windows NT user and group rids.
label(CONFIGURATION)
manpagesection(CONFIGURATION)
Configuration of the bf(winbindd) daemon is done through configuration
parameters in the url(bf(smb.conf))(smb.conf.5.html) file. All parameters
should be specified in the [global] section of
url(bf(smb.conf))(smb.conf.5.html).
startdit()
dit(winbind separator)
The winbind separator option allows you to specify how NT domain names
and user names are combined into unix user names when presented to
users. By default winbind will use the traditional \ separator so
that the unix user names look like DOMAIN\username. In some cases
this separator character may cause problems as the \ character has
special meaning in unix shells. In that case you can use the winbind
separator option to specify an alternative sepataror character. Good
alternatives may be / (although that conflicts with the unix directory
separator) or a + character. The + character appears to be the best
choice for 100% compatibility with existing unix utilities, but may be
an aesthetically bad choice depending on your taste.
bf(Default:)
tt( winbind separator = \)
bf(Example:)
tt( winbind separator = +)
dit(winbind uid)
The winbind uid parameter specifies the range of user ids that are
allocated by the bf(winbindd) daemon. This range of
ids should have no existing local or nis users within it as strange
conflicts can occur otherwise.
bf(Default:)
tt( winbind uid = <empty string>)
bf(Example:)
tt( winbind uid = 10000-20000)
dit(winbind gid)
The winbind gid parameter specifies the range of group ids that are
allocated by the bf(winbindd) daemon. This range of group ids should have
no existing local or nis groups within it as strange conflicts can occur
otherwise.
bf(Default:)
tt( winbind gid = <empty string>)
bf(Example:)
tt( winbind gid = 10000-20000)
dit(winbind cache time)
This parameter specifies the number of seconds the bf(winbindd) daemon will
cache user and group information before querying a Windows NT server
again. When a item in the cache is older than this time bf(winbindd) will ask
the domain controller for the sequence number of the servers account
database. If the sequence number has not changed then the cached item is
marked as valid for a further "winbind cache time" seconds. Otherwise the
item is fetched from the server. This means that as long as the account
database is not actively changing bf(winbindd) will only have to send one
sequence number query packet every "winbind cache time" seconds.
bf(Default:)
tt( winbind cache time = 15)
dit(winbind enum users)
On large installations it may be necessary to suppress the enumeration of
users through the tt(setpwent), tt(getpwent) and tt(endpwent) group of
system calls. If the tt(winbind enum users) parameter is false, calls to
the tt(getpwent) system call will not return any data.
Warning: Turning off user enumeration may cause some programs to behave
oddly. For example, the finger program relies on having access to the full
user list when searching for matching usernames.
bf(Default:)
tt( winbind enum users = true)
dit(winbind enum groups)
On large installations it may be necessary to suppress the enumeration of
groups through the tt(setgrent), tt(getgrent) and tt(endgrent) group of
system calls. If the tt(winbind enum groups) parameter is false, calls to
the tt(getgrent) system call will not return any data.
Warning: Turning off group enumeration may cause some programs to behave
oddly.
bf(Default:)
tt( winbind enum groups = true)
dit(template homedir)
When filling out the user information for a Windows NT user, the
bf(winbindd) daemon uses this parameter to fill in the home directory for
that user. If the string tt(%D) is present it is substituted with the
user's Windows NT domain name. If the string tt(%U) is present it is
substituted with the user's Windows NT user name.
bf(Default:)
tt( template homedir = /home/%D/%U)
dit(template shell)
When filling out the user information for a Windows NT user, the
bf(winbindd) daemon uses this parameter to fill in the shell for that user.
bf(Default:)
tt( template shell = /bin/false)
enddit()
label(EXAMPLESETUP)
manpagesection(EXAMPLE SETUP)
To setup bf(winbindd) for user and group lookups plus authentication from
a domain controller use something like the following setup. This was
tested on a RedHat 6.2 Linux box.
In tt(/etc/nsswitch.conf) put the following:
verb(
passwd: files winbind
group: files winbind
)
In tt(/etc/pam.d/*) replace the tt(auth) lines with something like this:
verb(
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
)
Note in particular the use of the tt(sufficient) keyword and the
tt(use_first_pass) keyword.
Now replace the account lines with this:
verb(
account required /lib/security/pam_winbind.so
)
The next step is to join the domain. To do that use the samedit
program like this:
verb(
samedit -S '*' -W DOMAIN -UAdministrator
)
The username after the -U can be any Domain user that has administrator
priviliges on the machine. Next from within samedit, run the command:
verb(
createuser MACHINE$ -j DOMAIN -L
)
This assumes your domain is called tt(DOMAIN) and your Samba workstation
is called tt(MACHINE).
Next copy tt(libnss_winbind.so.2) to tt(/lib) and tt(pam_winbind.so) to
tt(/lib/security).
Finally, setup a smb.conf containing directives like the following:
verb(
[global]
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
workgroup = DOMAIN
security = domain
password server = *
)
Now start bf(winbindd) and you should find that your user and group
database is expanded to include your NT users and groups, and that you
can login to your unix box as a domain user, using the tt(DOMAIN+user)
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
bf(winbindd).
label(NOTES)
manpagesection(NOTES)
The following notes are useful when configuring and running bf(winbindd):
startdit()
dit()
url(bf(nmbd))(nmbd.8.html) must be running on the local machine for
bf(winbindd) to work.
dit()
bf(winbindd) queries the list of trusted domains for the Windows NT server
on startup and when a SIGHUP is received. Thus, for a running bf(winbindd)
to become aware of new trust relationships between servers, it must be sent
a SIGHUP signal.
dit()
Client processes resolving names through the bf(winbindd) nsswitch module
read an environment variable named tt(WINBINDD_DOMAIN). If this variable
contains a comma separated list of Windows NT domain names, then bf(winbindd)
will only resolve users and groups within those Windows NT domains.
dit()
PAM is really easy to misconfigure. Make sure you know what you are doing
when modifying PAM configuration files. It is possible to set up PAM
such that you can no longer log into your system.
dit()
If more than one UNIX machine is running bf(winbindd), then in general the
user and groups ids allocated by bf(winbindd) will not be the same. The
user and group ids will only be valid for the local machine.
dit()
If the the Windows NT RID to UNIX user and group id mapping file
is damaged or destroyed then the mappings will be lost.
enddit()
label(SIGNALS)
manpagesection(SIGNALS)
The following signals can be used to manipulate the bf(winbindd) daemon.
startdit()
dit(tt(SIGHUP))
Reload the tt(smb.conf) file and apply any parameter changes to the running
version of bf(winbindd). This signal also clears any cached user and group
information. The list of other domains trusted by bf(winbindd) is also
reloaded.
dit(tt(SIGUSR1))
The tt(SIGUSR1) signal will cause bf(winbindd) to write status information
to the winbind log file including information about the number of user and
group ids allocated by bf(winbindd).
Log files are stored in the filename specified by the bf(log file) parameter.
enddit()
label(FILES)
manpagefiles()
The following files are relevant to the operation of the bf(winbindd)
daemon.
startdit()
dit(/etc/nsswitch.conf(5))
Name service switch configuration file.
dit(/tmp/.winbindd/pipe)
The UNIX pipe over which clients communicate with the bf(winbindd) program.
For security reasons, the winbind client will only attempt to connect to the
bf(winbindd) daemon if both the tt(/tmp/.winbindd) directory and
tt(/tmp/.winbindd/pipe) file are owned by root.
dit(/lib/libnss_winbind.so.X)
Implementation of name service switch library.
dit($LOCKDIR/winbindd_idmap.tdb)
Storage for the Windows NT rid to UNIX user/group id mapping. The lock
directory is specified when Samba is initially compiled using the
tt(--with-lockdir) option. This directory is by default
tt(/usr/local/samba/var/locks).
dit($LOCKDIR/winbindd_cache.tdb)
Storage for cached user and group information.
enddit()
label(SEEALSO)
manpageseealso()
url(bf(samba(7)))(samba.7.html), url(bf(smb.conf(5)))(smb.conf.5.html),
bf(nsswitch.conf(5)), url(bf(wbinfo(1)))(wbinfo.1.html)
label(AUTHOR)
manpageauthor()
The original Samba software and related utilities were created by
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project.
bf(winbindd) was written by Tim Potter.