sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-10 12:58:35 +03:00
Code

- Regenerate docs

Browse Source 
- Fix db2latex (it depended on the $Id$ tags)
- Fix CUPS-Printing syntax
- Update instructions in docbook.txt
(This used to be commit 8d7c96a4e267c5546518d097edbe03e27b1ad073)
This commit is contained in:
Jelmer Vernooij 2003-06-06 20:07:16 +00:00
parent bea0cf2c79
commit f7e07eafc8
79 changed files with 14344 additions and 63546 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/Samba-Developers-Guide.pdf
View File

Binary file not shown.

BIN
docs/Samba-HOWTO-Collection.pdf
View File

Binary file not shown.

2
docs/docbook/Makefile.in
View File

@ -224,7 +224,7 @@ $(MANDIR)/%: $(MANPROJDOC)/%.xml
clean:
@rm -f $(MANPAGES) $(MANPAGES_HTML) $(HTMLDIR)/*.html $(HTMLDIR)/*.css $(TXTDIR)/*.txt $(PSDIR)/*.ps $(PDFDIR)/*.pdf
@rm -f $(MANPROJDOC)/smb.conf.5.xml $(SMBDOTCONFDOC)/parameters.*.xml
@rm -f $(MANPROJDOC)/smb.conf.5.xml $(SMBDOTCONFDOC)/parameters.*.xml $(DVIDIR)/*.dvi
@rm -f samba-doc.* dev-doc.* $(PROJDOC)/attributions.xml
@rm -f $(IMAGEPROJDIR)/*.eps

66
docs/docbook/docbook.txt
View File

@ -1,72 +1,74 @@
!==
!== docbook.txt for Samba HEAD
!== docbook.txt for Samba 3.0
!==
!== Author: David Bannon, D.Bannon@latrobe.edu.au November, 2000
!== Updates: Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001
!== Updates: Jelmer Vernooij, jelmer@samba.org, Aug, 2002
!== Updates: Jelmer Vernooij, jelmer@samba.org, Jun, 2003
What are DocBook documents doing in the Samba Distribution ?
-----------------------------------------------------------
We are planning to convert all of the samba docs to SGML/DocBook V4.1
We have converted all samba docs to XML/DocBook V4.2
in order to make them easier to maintain and produce a nicer looking
product.
This short note (strange isn't it how it always starts out as a short note
and becomes a long one ?) will explain very briefly how and why we are
doing this.
and becomes a long one ?) will explain very briefly how and why we have
done this.
The format
----------
If you are new to xml, regard an xml file as 'source code'. You don't
read it directly, but use it to create other formats (like the txt and html
included in ../txtdocs and ../htmldocs).
If you are new to sgml, regard an sgml file as 'source code'. You don't
read it directly, use it to create other formats (like the txt and html
included in ../txt and ../html).
Docbook is a particular SGML style, particularly suited to producing
technical manuals. In the two documents I have produced so far I have used
DocBook 4.1, it seems that products like RedHat Linux is still include only
version 3.1, the differences are minor. The Linux Documentation Project is
using a modified version of 3.1 but are really geared up to make multi
paged documents, something we want to avoid for logistic reasons.
Docbook is a particular XML style, particularly suited to producing
technical manuals.
For more information on DocBook tags and format, see "DocBook: The
Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing.
This book covers DocBook V3.1 and is available on-line
This book covers DocBook V4.2 and is available on-line
at http://www.docbook.org/
The Output
----------
The current Samba CVS tree contains the SGML/DocBook source files as well
The current Samba CVS tree contains the XML/DocBook source files as well
as the following autogenerated formats:
* man pages
* HTML
* ASCII text (where appropriate)
* PDF
The following formats are not available in CVS but can be generated by
the build scripts:
* PostScript
* DVI
* LaTeX
* ASCII text
The Tools
---------
To generate the docs, you need to have the following packages installed:
* docbook-utils
* pdflatex
* docbook-utils
* xsltproc
* pngtopnm and pnmtops (from the netpbm utilities)
For generating PDF (thru LaTeX):
* pdflatex
For generating PostScript (thru LaTeX):
* latex
* dvips
For generating ASCII:
* xmlto
This directory now contains a ./configure script and Makefile to
support the automated building of man pages (including HTML versions), and
the building of the Samba-HOWTO-Collection (HTML,PDF versions).
In order to be able to build some other (more rarely used) formats, you need:
- PostScript:
* LaTeX
* dvips
- Text
* xmlto
Another good tool is 'xmllint' that can be used to check the syntax of
XML files.
the building of the Samba-HOWTO-Collection and the
Samba Developers Guide (HTML,DVI,TeX,PDF,PS,Text versions).

5
docs/docbook/projdoc/CUPS-printing.xml
View File

@ -3850,7 +3850,7 @@ An alternative command could be this:
flags:[0x800000]
name:[\\transmeta\ir85wm]
description:[\\transmeta\ir85wm,ir85wm,DPD]
comment:[CUPS PostScript-Treiber für WinNT/2K/XP]
comment:[CUPS PostScript-Treiber for WinNT/2K/XP]
</screen></para>
@ -4496,7 +4496,7 @@ data should look like and which printer commands to embed into the
data stream.
</para>
<highlights><para>
<para>
You need:
</para>
@ -4524,7 +4524,6 @@ the selected "driver" for your model (as shown by "gs
produced for cupsomatic don't work with
foomatic-rip).</para></listitem>
</itemizedlist>
</highlights>
</sect2>
</sect1>

3
docs/docbook/xslt/db2latex/docbook.xsl
View File

@ -101,9 +101,6 @@
<xsl:message> XSLT stylesheets DocBook - LaTeX 2e </xsl:message>
<xsl:message> Reqs: LaTeX 2e installation common packages </xsl:message>
<xsl:message>################################################################################</xsl:message>
<xsl:message> RELEASE : <xsl:value-of select="$VERSION"/> </xsl:message>
<xsl:message> VERSION : <xsl:value-of select="$CVSVERSION"/> </xsl:message>
<xsl:message> TAG : <xsl:value-of select="$TAG"/> </xsl:message>
<xsl:message> WWW : http://db2latex.sourceforge.net </xsl:message>
<xsl:message> SUMMARY : http://www.sourceforge.net/projects/db2latex </xsl:message>
<xsl:message> AUTHOR : Ramon Casellas casellas@infres.enst.fr </xsl:message>

1
docs/docbook/xslt/generate-attributions.xsl
View File

@ -45,6 +45,7 @@
<xsl:text> &lt;</xsl:text>
<xsl:element name="ulink">
<xsl:attribute name="url">
<xsl:text>mailto:</xsl:text>
<xsl:value-of select="affiliation/address/email"/>
</xsl:attribute>
<xsl:value-of select="affiliation/address/email"/>

350
docs/faq/samba-faq.html
View File

@ -1,350 +1,10 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Samba FAQ</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="NEXT"
TITLE="General Information"
HREF="general.html"></HEAD
><BODY
CLASS="BOOK"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="BOOK"
><A
NAME="SAMBA-FAQ"><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="SAMBA-FAQ">Samba FAQ</H1
><H3
CLASS="AUTHOR"
><A
NAME="AEN4">Samba Team</H3
><HR></DIV
><H1
><A
NAME="AEN7">Dedication</H1
><P
>This is the Frequently Asked Questions (FAQ) document for
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Samba FAQ</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="samba-faq.html" title="Samba FAQ"><link rel="next" href="FAQ-general.html" title="Chapter 1. General Information"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Samba FAQ</th></tr><tr><td width="20%" align="left"> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="FAQ-general.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="Samba-FAQ"></a>Samba FAQ</h1></div><div><div class="author"><h3 class="author"><span class="surname">Samba Team</span></h3></div></div><div><p class="pubdate">October 2002</p></div></div><div></div><hr></div><div class="dedication" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="id2881798"></a>Dedication</h2></div></div><div></div></div><p>
This is the Frequently Asked Questions (FAQ) document for
Samba, the free and very popular SMB server product. An SMB server
allows file and printer connections from clients such as Windows,
OS/2, Linux and others. Current to version 3.0. Please send any
corrections to the samba documentation mailinglist at
<A
HREF="mailto:samba-doc@samba.org"
TARGET="_top"
>samba-doc@samba.org</A
>.
<a href="mailto:samba-doc@samba.org" target="_top">samba-doc@samba.org</a>.
This FAQ was based on the old Samba FAQ by Dan Shearer and Paul Blackman,
and the old samba text documents which were mostly written by John Terpstra.</P
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>1. <A
HREF="general.html"
>General Information</A
></DT
><DD
><DL
><DT
>1.1. <A
HREF="general.html#AEN12"
>Where can I get it?</A
></DT
><DT
>1.2. <A
HREF="general.html#AEN16"
>What do the version numbers mean?</A
></DT
><DT
>1.3. <A
HREF="general.html#AEN28"
>What platforms are supported?</A
></DT
><DT
>1.4. <A
HREF="general.html#AEN71"
>How do I subscribe to the Samba Mailing Lists?</A
></DT
><DT
>1.5. <A
HREF="general.html#AEN75"
>Pizza supply details</A
></DT
></DL
></DD
><DT
>2. <A
HREF="install.html"
>Compiling and installing Samba on a Unix host</A
></DT
><DD
><DL
><DT
>2.1. <A
HREF="install.html#AEN84"
>I can't see the Samba server in any browse lists!</A
></DT
><DT
>2.2. <A
HREF="install.html#AEN89"
>Some files that I KNOW are on the server doesn't show up when I view the files from my client!</A
></DT
><DT
>2.3. <A
HREF="install.html#AEN92"
>Some files on the server show up with really wierd filenames when I view the files from my client!</A
></DT
><DT
>2.4. <A
HREF="install.html#AEN96"
>My client reports "cannot locate specified computer" or similar</A
></DT
><DT
>2.5. <A
HREF="install.html#AEN103"
>My client reports "cannot locate specified share name" or similar</A
></DT
><DT
>2.6. <A
HREF="install.html#AEN112"
>Printing doesn't work</A
></DT
><DT
>2.7. <A
HREF="install.html#AEN120"
>My client reports "This server is not configured to list shared resources"</A
></DT
><DT
>2.8. <A
HREF="install.html#AEN124"
>Log message "you appear to have a trapdoor uid system"</A
></DT
><DT
>2.9. <A
HREF="install.html#AEN132"
>Why are my file's timestamps off by an hour, or by a few hours?</A
></DT
><DT
>2.10. <A
HREF="install.html#AEN155"
>How do I set the printer driver name correctly?</A
></DT
></DL
></DD
><DT
>3. <A
HREF="config.html"
>Configuration problems</A
></DT
><DD
><DL
><DT
>3.1. <A
HREF="config.html#AEN169"
>I have set 'force user' and samba still makes 'root' the owner of all the files I touch!</A
></DT
></DL
></DD
><DT
>4. <A
HREF="clientapp.html"
>Specific client application problems</A
></DT
><DD
><DL
><DT
>4.1. <A
HREF="clientapp.html#AEN174"
>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A
></DT
><DT
>4.2. <A
HREF="clientapp.html#AEN179"
>How to use a Samba share as an administrative share for MS Office, etc.</A
></DT
><DT
>4.3. <A
HREF="clientapp.html#AEN194"
>Microsoft Access database opening errors</A
></DT
></DL
></DD
><DT
>5. <A
HREF="errors.html"
>Common errors</A
></DT
><DD
><DL
><DT
>5.1. <A
HREF="errors.html#AEN205"
>Not listening for calling name</A
></DT
><DT
>5.2. <A
HREF="errors.html#AEN212"
>System Error 1240</A
></DT
><DT
>5.3. <A
HREF="errors.html#AEN219"
>smbclient ignores -N !</A
></DT
><DT
>5.4. <A
HREF="errors.html#AEN228"
>The data on the CD-Drive I've shared seems to be corrupted!</A
></DT
><DT
>5.5. <A
HREF="errors.html#AEN232"
>Why can users access home directories of other users?</A
></DT
><DT
>5.6. <A
HREF="errors.html#AEN245"
>Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</A
></DT
><DT
>5.7. <A
HREF="errors.html#AEN248"
>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</A
></DT
></DL
></DD
><DT
>6. <A
HREF="features.html"
>Features</A
></DT
><DD
><DL
><DT
>6.1. <A
HREF="features.html#AEN253"
>How can I prevent my samba server from being used to distribute the Nimda worm?</A
></DT
><DT
>6.2. <A
HREF="features.html#AEN267"
>How can I use samba as a fax server?</A
></DT
><DD
><DL
><DT
>6.2.1. <A
HREF="features.html#AEN278"
>Tools for printing faxes</A
></DT
><DT
>6.2.2. <A
HREF="features.html#AEN288"
>Making the fax-server</A
></DT
><DT
>6.2.3. <A
HREF="features.html#AEN304"
>Installing the client drivers</A
></DT
><DT
>6.2.4. <A
HREF="features.html#AEN318"
>Example smb.conf</A
></DT
></DL
></DD
><DT
>6.3. <A
HREF="features.html#AEN322"
>Samba doesn't work well together with DHCP!</A
></DT
><DT
>6.4. <A
HREF="features.html#AEN335"
>How can I assign NetBIOS names to clients with DHCP?</A
></DT
><DT
>6.5. <A
HREF="features.html#AEN342"
>How do I convert between unix and dos text formats?</A
></DT
><DT
>6.6. <A
HREF="features.html#AEN347"
>Does samba have wins replication support?</A
></DT
></DL
></DD
></DL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="general.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>General Information</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
and the old samba text documents which were mostly written by John Terpstra.
</p></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="FAQ-general.html">General Information</a></dt><dd><dl><dt><a href="FAQ-general.html#id2868206">Where can I get it?</a></dt><dt><a href="FAQ-general.html#id2868226">What do the version numbers mean?</a></dt><dt><a href="FAQ-general.html#id2812633">What platforms are supported?</a></dt><dt><a href="FAQ-general.html#id2816472">How do I subscribe to the Samba Mailing Lists?</a></dt></dl></dd><dt>2. <a href="FAQ-Install.html">Compiling and installing Samba on a Unix host</a></dt><dd><dl><dt><a href="FAQ-Install.html#id2814644">My client reports &quot;cannot locate specified share name&quot; or similar</a></dt><dt><a href="FAQ-Install.html#id2814696">Why are my file's timestamps off by an hour, or by a few hours?</a></dt></dl></dd><dt>3. <a href="FAQ-ClientApp.html">Specific client application problems</a></dt><dd><dl><dt><a href="FAQ-ClientApp.html#id2815240">MS Office Setup reports &quot;Cannot change properties of '\\MSOFFICE\\SETUP.INI'&quot;</a></dt><dt><a href="FAQ-ClientApp.html#id2814506">How to use a Samba share as an administrative share for MS Office, etc.</a></dt><dt><a href="FAQ-ClientApp.html#id2814601">Microsoft Access database opening errors</a></dt></dl></dd><dt>4. <a href="FAQ-errors.html">Common errors</a></dt><dd><dl><dt><a href="FAQ-errors.html#id2815193">Not listening for calling name</a></dt><dt><a href="FAQ-errors.html#id2815954">System Error 1240</a></dt><dt><a href="FAQ-errors.html#id2815994">smbclient ignores -N !</a></dt><dt><a href="FAQ-errors.html#id2816048">The data on the CD-Drive I've shared seems to be corrupted!</a></dt></dl></dd><dt>5. <a href="FAQ-features.html">Features</a></dt><dd><dl><dt><a href="FAQ-features.html#id2814469">How can I use samba as a fax server?</a></dt><dd><dl><dt><a href="FAQ-features.html#id2814427">Tools for printing faxes</a></dt><dt><a href="FAQ-features.html#id2882827">Making the fax-server</a></dt><dt><a href="FAQ-features.html#id2882919">Installing the client drivers</a></dt><dt><a href="FAQ-features.html#id2883004">Example smb.conf</a></dt></dl></dd><dt><a href="FAQ-features.html#id2883029">Samba doesn't work well together with DHCP!</a></dt><dt><a href="FAQ-features.html#id2883155">How can I assign NetBIOS names to clients with DHCP?</a></dt><dt><a href="FAQ-features.html#id2883203">How do I convert between unix and dos text formats?</a></dt><dt><a href="FAQ-features.html#id2883232">Does samba have wins replication support?</a></dt></dl></dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="FAQ-general.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"> </td><td width="40%" align="right" valign="top"> Chapter 1. General Information</td></tr></table></div></body></html>

10559
docs/htmldocs/Samba-Developers-Guide.html
View File

File diff suppressed because one or more lines are too long

411
docs/htmldocs/bugreport.html
View File

@ -1,352 +1,119 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Reporting Bugs</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="Samba and other CIFS clients"
HREF="other-clients.html"><LINK
REL="NEXT"
TITLE="Diagnosing your samba server"
HREF="diagnosis.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="other-clients.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="diagnosis.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="BUGREPORT">Chapter 25. Reporting Bugs</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3309">25.1. Introduction</H1
><P
>The email address for bug reports for stable releases is <A
HREF="samba@samba.org"
TARGET="_top"
>samba@samba.org</A
>.
Bug reports for alpha releases should go to <A
HREF="mailto:samba-technical@samba.org"
TARGET="_top"
>samba-technical@samba.org</A
>.</P
><P
>Please take the time to read this file before you submit a bug
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 35. Reporting Bugs</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="problems.html" title="Chapter 34. Analysing and solving samba problems"><link rel="next" href="Appendixes.html" title="Part VI. Appendixes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 35. Reporting Bugs</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="problems.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="Appendixes.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="bugreport"></a>Chapter 35. Reporting Bugs</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="surname">Someone; Tridge or Karl Auer perhaps?</span></h3></div></div><div><p class="pubdate"> 27 June 1997 </p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="bugreport.html#id3011690">Introduction</a></dt><dt><a href="bugreport.html#id3011912">General info</a></dt><dt><a href="bugreport.html#id3011949">Debug levels</a></dt><dt><a href="bugreport.html#id3012091">Internal errors</a></dt><dt><a href="bugreport.html#id3012199">Attaching to a running process</a></dt><dt><a href="bugreport.html#id3012246">Patches</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011690"></a>Introduction</h2></div></div><div></div></div><p>Please report bugs using
<a href="https://bugzilla.samba.org/" target="_top">bugzilla</a>.</p><p>
Please take the time to read this file before you submit a bug
report. Also, please see if it has changed between releases, as we
may be changing the bug reporting mechanism at some time.</P
><P
>Please also do as much as you can yourself to help track down the
may be changing the bug reporting mechanism at some time.
</p><p>
Please also do as much as you can yourself to help track down the
bug. Samba is maintained by a dedicated group of people who volunteer
their time, skills and efforts. We receive far more mail about it than
we can possibly answer, so you have a much higher chance of an answer
and a fix if you send us a "developer friendly" bug report that lets
us fix it fast. </P
><P
>Do not assume that if you post the bug to the comp.protocols.smb
and a fix if you send us a &quot;developer friendly&quot; bug report that lets
us fix it fast.
</p><p>
Do not assume that if you post the bug to the comp.protocols.smb
newsgroup or the mailing list that we will read it. If you suspect that your
problem is not a bug but a configuration problem then it is better to send
it to the Samba mailing list, as there are (at last count) 5000 other users on
that list that may be able to help you.</P
><P
>You may also like to look though the recent mailing list archives,
that list that may be able to help you.
</p><p>
You may also like to look though the recent mailing list archives,
which are conveniently accessible on the Samba web pages
at <A
HREF="http://samba.org/samba/"
TARGET="_top"
>http://samba.org/samba/</A
>.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3319">25.2. General info</H1
><P
>Before submitting a bug report check your config for silly
at <a href="http://samba.org/samba/" target="_top">http://samba.org/samba/</a>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011912"></a>General info</h2></div></div><div></div></div><p>
Before submitting a bug report check your config for silly
errors. Look in your log files for obvious messages that tell you that
you've misconfigured something and run testparm to test your config
file for correct syntax.</P
><P
>Have you run through the <A
HREF="Diagnosis.html"
TARGET="_top"
>diagnosis</A
>?
This is very important.</P
><P
>If you include part of a log file with your bug report then be sure to
file for correct syntax.
</p><p>
Have you run through the <a href="diagnosis.html" title="Chapter 33. The samba checklist">diagnosis</a>?
This is very important.
</p><p>
If you include part of a log file with your bug report then be sure to
annotate it with exactly what you were doing on the client at the
time, and exactly what the results were.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3325">25.3. Debug levels</H1
><P
>If the bug has anything to do with Samba behaving incorrectly as a
time, and exactly what the results were.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011949"></a>Debug levels</h2></div></div><div></div></div><p>
If the bug has anything to do with Samba behaving incorrectly as a
server (like refusing to open a file) then the log files will probably
be very useful. Depending on the problem a log level of between 3 and
10 showing the problem may be appropriate. A higher level givesmore
detail, but may use too much disk space.</P
><P
>To set the debug level use <B
CLASS="COMMAND"
>log level =</B
> in your
<TT
CLASS="FILENAME"
>smb.conf</TT
>. You may also find it useful to set the log
detail, but may use too much disk space.
</p><p>
To set the debug level use the <i class="parameter"><tt>log level</tt></i> in your
<tt class="filename">smb.conf</tt>. You may also find it useful to set the log
level higher for just one machine and keep separate logs for each machine.
To do this use:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>log level = 10
To do this use:
</p><pre class="programlisting">
log level = 10
log file = /usr/local/samba/lib/log.%m
include = /usr/local/samba/lib/smb.conf.%m</PRE
></P
><P
>then create a file
<TT
CLASS="FILENAME"
>/usr/local/samba/lib/smb.conf.machine</TT
> where
"machine" is the name of the client you wish to debug. In that file
put any smb.conf commands you want, for example
<B
CLASS="COMMAND"
>log level=</B
> may be useful. This also allows you to
include = /usr/local/samba/lib/smb.conf.%m
</pre><p>
then create a file
<tt class="filename">/usr/local/samba/lib/smb.conf.<i class="replaceable"><tt>machine</tt></i></tt> where
<i class="replaceable"><tt>machine</tt></i> is the name of the client you wish to debug. In that file
put any <tt class="filename">smb.conf</tt> commands you want, for example
<i class="parameter"><tt>log level</tt></i> may be useful. This also allows you to
experiment with different security systems, protocol levels etc on just
one machine.</P
><P
>The <TT
CLASS="FILENAME"
>smb.conf</TT
> entry <B
CLASS="COMMAND"
>log level =</B
>
is synonymous with the entry <B
CLASS="COMMAND"
>debuglevel =</B
> that has been
used in older versions of Samba and is being retained for backwards
compatibility of smb.conf files.</P
><P
>As the <B
CLASS="COMMAND"
>log level =</B
> value is increased you will record
one machine.
</p><p>
The <tt class="filename">smb.conf</tt> entry <i class="parameter"><tt>log level</tt></i>
is synonymous with the parameter <i class="parameter"><tt>debuglevel</tt></i> that has
been used in older versions of Samba and is being retained for backwards
compatibility of <tt class="filename">smb.conf</tt> files.
</p><p>
As the <i class="parameter"><tt>log level</tt></i> value is increased you will record
a significantly increasing level of debugging information. For most
debugging operations you may not need a setting higher than 3. Nearly
all bugs can be tracked at a setting of 10, but be prepared for a VERY
large volume of log data.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3342">25.4. Internal errors</H1
><P
>If you get a "INTERNAL ERROR" message in your log files it means that
Samba got an unexpected signal while running. It is probably a
debugging operations you may not need a setting higher than
<tt class="constant">3</tt>. Nearly
all bugs can be tracked at a setting of <tt class="constant">10</tt>, but be
prepared for a VERY large volume of log data.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012091"></a>Internal errors</h2></div></div><div></div></div><p>
If you get a <span class="errorname">INTERNAL ERROR</span> message in your log files
it means that Samba got an unexpected signal while running. It is probably a
segmentation fault and almost certainly means a bug in Samba (unless
you have faulty hardware or system software)</P
><P
>If the message came from smbd then it will probably be accompanied by
you have faulty hardware or system software).
</p><p>
If the message came from smbd then it will probably be accompanied by
a message which details the last SMB message received by smbd. This
info is often very useful in tracking down the problem so please
include it in your bug report.</P
><P
>You should also detail how to reproduce the problem, if
possible. Please make this reasonably detailed.</P
><P
>You may also find that a core file appeared in a "corefiles"
include it in your bug report.
</p><p>
You should also detail how to reproduce the problem, if
possible. Please make this reasonably detailed.
</p><p>
You may also find that a core file appeared in a <tt class="filename">corefiles</tt>
subdirectory of the directory where you keep your samba log
files. This file is the most useful tool for tracking down the bug. To
use it you do this:</P
><P
><B
CLASS="COMMAND"
>gdb smbd core</B
></P
><P
>adding appropriate paths to smbd and core so gdb can find them. If you
don't have gdb then try "dbx". Then within the debugger use the
command "where" to give a stack trace of where the problem
occurred. Include this in your mail.</P
><P
>If you known any assembly language then do a "disass" of the routine
use it you do this:
</p><pre class="screen">
<tt class="prompt">$ </tt><b class="userinput"><tt>gdb smbd core</tt></b>
</pre><p>
adding appropriate paths to smbd and core so gdb can find them. If you
don't have gdb then try <b class="userinput"><tt>dbx</tt></b>. Then within the debugger
use the command <b class="command">where</b> to give a stack trace of where the
problem occurred. Include this in your report.
</p><p>
If you know any assembly language then do a
<b class="command">disass</b> of the routine
where the problem occurred (if its in a library routine then
disassemble the routine that called it) and try to work out exactly
where the problem is by looking at the surrounding code. Even if you
don't know assembly then incuding this info in the bug report can be
useful. </P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3352">25.5. Attaching to a running process</H1
><P
>Unfortunately some unixes (in particular some recent linux kernels)
useful.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012199"></a>Attaching to a running process</h2></div></div><div></div></div><p>
Unfortunately some unixes (in particular some recent linux kernels)
refuse to dump a core file if the task has changed uid (which smbd
does often). To debug with this sort of system you could try to attach
to the running process using "gdb smbd PID" where you get PID from
smbstatus. Then use "c" to continue and try to cause the core dump
to the running process using
<b class="userinput"><tt>gdb smbd <i class="replaceable"><tt>PID</tt></i></tt></b> where you get
<i class="replaceable"><tt>PID</tt></i> from <span class="application">smbstatus</span>.
Then use <b class="command">c</b> to continue and try to cause the core dump
using the client. The debugger should catch the fault and tell you
where it occurred.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3355">25.6. Patches</H1
><P
>The best sort of bug report is one that includes a fix! If you send us
patches please use <B
CLASS="COMMAND"
>diff -u</B
> format if your version of
diff supports it, otherwise use <B
CLASS="COMMAND"
>diff -c4</B
>. Make sure
your do the diff against a clean version of the source and let me know
exactly what version you used. </P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="other-clients.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="diagnosis.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Samba and other CIFS clients</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Diagnosing your samba server</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
where it occurred.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012246"></a>Patches</h2></div></div><div></div></div><p>
The best sort of bug report is one that includes a fix! If you send us
patches please use <b class="userinput"><tt>diff -u</tt></b> format if your version of
diff supports it, otherwise use <b class="userinput"><tt>diff -c4</tt></b>. Make sure
you do the diff against a clean version of the source and let me know
exactly what version you used.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="problems.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Appendixes.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 34. Analysing and solving samba problems </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Part VI. Appendixes</td></tr></table></div></body></html>

835
docs/htmldocs/diagnosis.html
View File

@ -1,627 +1,302 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Diagnosing your samba server</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="Reporting Bugs"
HREF="bugreport.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="bugreport.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
>&nbsp;</TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="DIAGNOSIS">Chapter 26. Diagnosing your samba server</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3378">26.1. Introduction</H1
><P
>This file contains a list of tests you can perform to validate your
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 33. The samba checklist</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="next" href="problems.html" title="Chapter 34. Analysing and solving samba problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 33. The samba checklist</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="diagnosis"></a>Chapter 33. The samba checklist</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">Wed Jan 15</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="diagnosis.html#id3005492">Introduction</a></dt><dt><a href="diagnosis.html#id3007352">Assumptions</a></dt><dt><a href="diagnosis.html#id3007529">The tests</a></dt><dt><a href="diagnosis.html#id3008704">Still having troubles?</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3005492"></a>Introduction</h2></div></div><div></div></div><p>
This file contains a list of tests you can perform to validate your
Samba server. It also tells you what the likely cause of the problem
is if it fails any one of these steps. If it passes all these tests
then it is probably working fine.</P
><P
>You should do ALL the tests, in the order shown. We have tried to
then it is probably working fine.
</p><p>
You should do ALL the tests, in the order shown. We have tried to
carefully choose them so later tests only use capabilities verified in
the earlier tests.</P
><P
>If you send one of the samba mailing lists an email saying "it doesn't work"
the earlier tests. However, do not stop at the first error as there
have been some instances when continuing with the tests has helped
to solve a problem.
</p><p>
If you send one of the samba mailing lists an email saying &quot;it doesn't work&quot;
and you have not followed this test procedure then you should not be surprised
your email is ignored.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3383">26.2. Assumptions</H1
><P
>In all of the tests it is assumed you have a Samba server called
BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.</P
><P
>The procedure is similar for other types of clients.</P
><P
>It is also assumed you know the name of an available share in your
smb.conf. I will assume this share is called "tmp". You can add a
"tmp" share like by adding the following to smb.conf:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>&#13;[tmp]
if your email is ignored.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3007352"></a>Assumptions</h2></div></div><div></div></div><p>
In all of the tests it is assumed you have a Samba server called
BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.
</p><p>
The procedure is similar for other types of clients.
</p><p>
It is also assumed you know the name of an available share in your
<tt class="filename">smb.conf</tt>. I will assume this share is called <i class="replaceable"><tt>tmp</tt></i>.
You can add a <i class="replaceable"><tt>tmp</tt></i> share like this by adding the
following to <tt class="filename">smb.conf</tt>:
</p><pre class="programlisting">
[tmp]
comment = temporary files
path = /tmp
read only = yes&#13;</PRE
></P
><P
>THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME
COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
><P
>Please pay attention to the error messages you receive. If any error message
reports that your server is being unfriendly you should first check that you
IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
file points to name servers that really do exist.</P
><P
>Also, if you do not have DNS server access for name resolution please check
that the settings for your smb.conf file results in "dns proxy = no". The
best way to check this is with "testparm smb.conf"</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3393">26.3. Tests</H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3395">26.3.1. Test 1</H2
><P
>In the directory in which you store your smb.conf file, run the command
"testparm smb.conf". If it reports any errors then your smb.conf
configuration file is faulty.</P
><P
>Note: Your smb.conf file may be located in: <TT
CLASS="FILENAME"
>/etc/samba</TT
>
Or in: <TT
CLASS="FILENAME"
>/usr/local/samba/lib</TT
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3401">26.3.2. Test 2</H2
><P
>Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
read only = yes
</pre><p>
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
These tests assume version 3.0 or later of the samba suite.
Some commands shown did not exist in earlier versions.
</p></div><p>
Please pay attention to the error messages you receive. If any error message
reports that your server is being unfriendly you should first check that your
IP name resolution is correctly set up. eg: Make sure your <tt class="filename">/etc/resolv.conf</tt>
file points to name servers that really do exist.
</p><p>
Also, if you do not have DNS server access for name resolution please check
that the settings for your <tt class="filename">smb.conf</tt> file results in <b class="command">dns proxy = no</b>. The
best way to check this is with <b class="userinput"><tt>testparm smb.conf</tt></b>.
</p><p>
It is helpful to monitor the log files during testing by using the
<b class="command">tail -F <i class="replaceable"><tt>log_file_name</tt></i></b> in a separate
terminal console (use ctrl-alt-F1 through F6 or multiple terminals in X).
Relevant log files can be found (for default installations) in
<tt class="filename">/usr/local/samba/var</tt>. Also, connection logs from
machines can be found here or possibly in <tt class="filename">/var/log/samba</tt>
depending on how or if you specified logging in your <tt class="filename">smb.conf</tt> file.
</p><p>
If you make changes to your <tt class="filename">smb.conf</tt> file while going through these test,
don't forget to restart <span class="application">smbd</span> and <span class="application">nmbd</span>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3007529"></a>The tests</h2></div></div><div></div></div><div class="procedure"><p class="title"><b>Procedure 33.1. Diagnosing your samba server</b></p><ol type="1"><li><p>
In the directory in which you store your <tt class="filename">smb.conf</tt> file, run the command
<b class="userinput"><tt>testparm smb.conf</tt></b>. If it reports any errors then your <tt class="filename">smb.conf</tt>
configuration file is faulty.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Your <tt class="filename">smb.conf</tt> file may be located in: <tt class="filename">/etc/samba</tt>
Or in: <tt class="filename">/usr/local/samba/lib</tt>
</p></div></li><li><p>
Run the command <b class="userinput"><tt>ping BIGSERVER</tt></b> from the PC and
<b class="userinput"><tt>ping ACLIENT</tt></b> from
the unix box. If you don't get a valid response then your TCP/IP
software is not correctly installed. </P
><P
>Note that you will need to start a "dos prompt" window on the PC to
run ping.</P
><P
>If you get a message saying "host not found" or similar then your DNS
software or /etc/hosts file is not correctly setup. It is possible to
software is not correctly installed.
</p><p>
Note that you will need to start a &quot;dos prompt&quot; window on the PC to
run ping.
</p><p>
If you get a message saying <span class="errorname">host not found</span> or similar then your DNS
software or <tt class="filename">/etc/hosts</tt> file is not correctly setup.
It is possible to
run samba without DNS entries for the server and client, but I assume
you do have correct entries for the remainder of these tests. </P
><P
>Another reason why ping might fail is if your host is running firewall
you do have correct entries for the remainder of these tests.
</p><p>
Another reason why ping might fail is if your host is running firewall
software. You will need to relax the rules to let in the workstation
in question, perhaps by allowing access from another subnet (on Linux
this is done via the ipfwadm program.)</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3407">26.3.3. Test 3</H2
><P
>Run the command "smbclient -L BIGSERVER" on the unix box. You
should get a list of available shares back. </P
><P
>If you get a error message containing the string "Bad password" then
you probably have either an incorrect "hosts allow", "hosts deny" or
"valid users" line in your smb.conf, or your guest account is not
valid. Check what your guest account is using "testparm" and
temporarily remove any "hosts allow", "hosts deny", "valid users" or
"invalid users" lines.</P
><P
>If you get a "connection refused" response then the smbd server may
this is done via the <span class="application">ipfwadm</span> program.)
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Modern Linux distributions install ipchains/iptables by default.
This is a common problem that is often overlooked.
</p></div></li><li><p>
Run the command <b class="userinput"><tt>smbclient -L BIGSERVER</tt></b> on the unix box. You
should get a list of available shares back.
</p><p>
If you get a error message containing the string &quot;Bad password&quot; then
you probably have either an incorrect <b class="command">hosts allow</b>,
<b class="command">hosts deny</b> or <b class="command">valid users</b> line in your
<tt class="filename">smb.conf</tt>, or your guest account is not
valid. Check what your guest account is using <span class="application">testparm</span> and
temporarily remove any <b class="command">hosts allow</b>, <b class="command">hosts deny</b>, <b class="command">valid users</b> or <b class="command">invalid users</b> lines.
</p><p>
If you get a <span class="errorname">connection refused</span> response then the smbd server may
not be running. If you installed it in inetd.conf then you probably edited
that file incorrectly. If you installed it as a daemon then check that
it is running, and check that the netbios-ssn port is in a LISTEN
state using "netstat -a".</P
><P
>If you get a "session request failed" then the server refused the
connection. If it says "Your server software is being unfriendly" then
its probably because you have invalid command line parameters to smbd,
or a similar fatal problem with the initial startup of smbd. Also
check your config file (smb.conf) for syntax errors with "testparm"
state using <b class="userinput"><tt>netstat -a</tt></b>.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Some Unix / Linux systems use <b class="command">xinetd</b> in place of
<b class="command">inetd</b>. Check your system documentation for the location
of the control file/s for your particular system implementation of
this network super daemon.
</p></div><p>
If you get a <span class="errorname">session request failed</span> then the server refused the
connection. If it says &quot;Your server software is being unfriendly&quot; then
its probably because you have invalid command line parameters to <span class="application">smbd</span>,
or a similar fatal problem with the initial startup of <span class="application">smbd</span>. Also
check your config file (<tt class="filename">smb.conf</tt>) for syntax errors with <span class="application">testparm</span>
and that the various directories where samba keeps its log and lock
files exist.</P
><P
>There are a number of reasons for which smbd may refuse or decline
files exist.
</p><p>
There are a number of reasons for which smbd may refuse or decline
a session request. The most common of these involve one or more of
the following smb.conf file entries:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> hosts deny = ALL
the following <tt class="filename">smb.conf</tt> file entries:
</p><pre class="programlisting">
hosts deny = ALL
hosts allow = xxx.xxx.xxx.xxx/yy
bind interfaces only = Yes</PRE
></P
><P
>In the above, no allowance has been made for any session requests that
bind interfaces only = Yes
</pre><p>
In the above, no allowance has been made for any session requests that
will automatically translate to the loopback adaptor address 127.0.0.1.
To solve this problem change these lines to:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> hosts deny = ALL
hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
></P
><P
>Do NOT use the "bind interfaces only" parameter where you may wish to
use the samba password change facility, or where smbclient may need to
access local service for name resolution or for local resource
connections. (Note: the "bind interfaces only" parameter deficiency
To solve this problem change these lines to:
</p><pre class="programlisting">
hosts deny = ALL
hosts allow = xxx.xxx.xxx.xxx/yy 127.
</pre><p>
Do <span class="emphasis"><em>not</em></span> use the <b class="command">bind interfaces only</b> parameter where you
may wish to
use the samba password change facility, or where <span class="application">smbclient</span> may need to
access a local service for name resolution or for local resource
connections. (Note: the <b class="command">bind interfaces only</b> parameter deficiency
where it will not allow connections to the loopback address will be
fixed soon).</P
><P
>Another common cause of these two errors is having something already running
on port 139, such as Samba (ie: smbd is running from inetd already) or
something like Digital's Pathworks. Check your inetd.conf file before trying
to start smbd as a daemon, it can avoid a lot of frustration!</P
><P
>And yet another possible cause for failure of TEST 3 is when the subnet mask
fixed soon).
</p><p>
Another common cause of these two errors is having something already running
on port <tt class="constant">139</tt>, such as Samba
(ie: <span class="application">smbd</span> is running from <span class="application">inetd</span> already) or
something like Digital's Pathworks. Check your <tt class="filename">inetd.conf</tt> file before trying
to start <span class="application">smbd</span> as a daemon, it can avoid a lot of frustration!
</p><p>
And yet another possible cause for failure of this test is when the subnet mask
and / or broadcast address settings are incorrect. Please check that the
network interface IP Address / Broadcast Address / Subnet Mask settings are
correct and that Samba has correctly noted these in the log.nmb file.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3422">26.3.4. Test 4</H2
><P
>Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
IP address of your Samba server back.</P
><P
>If you don't then nmbd is incorrectly installed. Check your inetd.conf
correct and that Samba has correctly noted these in the <tt class="filename">log.nmb</tt> file.
</p></li><li><p>
Run the command <b class="userinput"><tt>nmblookup -B BIGSERVER __SAMBA__</tt></b>. You should get the
IP address of your Samba server back.
</p><p>
If you don't then nmbd is incorrectly installed. Check your <tt class="filename">inetd.conf</tt>
if you run it from there, or that the daemon is running and listening
to udp port 137.</P
><P
>One common problem is that many inetd implementations can't take many
to udp port 137.
</p><p>
One common problem is that many inetd implementations can't take many
parameters on the command line. If this is the case then create a
one-line script that contains the right parameters and run that from
inetd.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3427">26.3.5. Test 5</H2
><P
>run the command <B
CLASS="COMMAND"
>nmblookup -B ACLIENT '*'</B
></P
><P
>You should get the PCs IP address back. If you don't then the client
inetd.
</p></li><li><p>run the command <b class="userinput"><tt>nmblookup -B ACLIENT '*'</tt></b></p><p>
You should get the PCs IP address back. If you don't then the client
software on the PC isn't installed correctly, or isn't started, or you
got the name of the PC wrong. </P
><P
>If ACLIENT doesn't resolve via DNS then use the IP address of the
client in the above test.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3433">26.3.6. Test 6</H2
><P
>Run the command <B
CLASS="COMMAND"
>nmblookup -d 2 '*'</B
></P
><P
>This time we are trying the same as the previous test but are trying
got the name of the PC wrong.
</p><p>
If ACLIENT doesn't resolve via DNS then use the IP address of the
client in the above test.
</p></li><li><p>
Run the command <b class="userinput"><tt>nmblookup -d 2 '*'</tt></b>
</p><p>
This time we are trying the same as the previous test but are trying
it via a broadcast to the default broadcast address. A number of
Netbios/TCPIP hosts on the network should respond, although Samba may
not catch all of the responses in the short time it listens. You
should see "got a positive name query response" messages from several
hosts.</P
><P
>If this doesn't give a similar result to the previous test then
should see <span class="errorname">got a positive name query response</span>
messages from several hosts.
</p><p>
If this doesn't give a similar result to the previous test then
nmblookup isn't correctly getting your broadcast address through its
automatic mechanism. In this case you should experiment use the
"interfaces" option in smb.conf to manually configure your IP
address, broadcast and netmask. </P
><P
>If your PC and server aren't on the same subnet then you will need to
use the -B option to set the broadcast address to the that of the PCs
subnet.</P
><P
>This test will probably fail if your subnet mask and broadcast address are
not correct. (Refer to TEST 3 notes above).</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3441">26.3.7. Test 7</H2
><P
>Run the command <B
CLASS="COMMAND"
>smbclient //BIGSERVER/TMP</B
>. You should
automatic mechanism. In this case you should experiment with the
<b class="command">interfaces</b> option in <tt class="filename">smb.conf</tt> to manually configure your IP
address, broadcast and netmask.
</p><p>
If your PC and server aren't on the same subnet then you will need to
use the <i class="parameter"><tt>-B</tt></i> option to set the broadcast address to that of the PCs
subnet.
</p><p>
This test will probably fail if your subnet mask and broadcast address are
not correct. (Refer to TEST 3 notes above).
</p></li><li><p>
Run the command <b class="userinput"><tt>smbclient //BIGSERVER/TMP</tt></b>. You should
then be prompted for a password. You should use the password of the account
you are logged into the unix box with. If you want to test with
another account then add the -U &gt;accountname&lt; option to the end of
another account then add the <i class="parameter"><tt>-U <i class="replaceable"><tt>accountname</tt></i></tt></i> option to the end of
the command line. eg:
<B
CLASS="COMMAND"
>smbclient //bigserver/tmp -Ujohndoe</B
></P
><P
>Note: It is possible to specify the password along with the username
<b class="userinput"><tt>smbclient //bigserver/tmp -Ujohndoe</tt></b>
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
It is possible to specify the password along with the username
as follows:
<B
CLASS="COMMAND"
>smbclient //bigserver/tmp -Ujohndoe%secret</B
></P
><P
>Once you enter the password you should get the "smb&#62;" prompt. If you
don't then look at the error message. If it says "invalid network
name" then the service "tmp" is not correctly setup in your smb.conf.</P
><P
>If it says "bad password" then the likely causes are:</P
><P
></P
><OL
TYPE="1"
><LI
><P
> you have shadow passords (or some other password system) but didn't
compile in support for them in smbd
</P
></LI
><LI
><P
> your "valid users" configuration is incorrect
</P
></LI
><LI
><P
> you have a mixed case password and you haven't enabled the "password
level" option at a high enough level
</P
></LI
><LI
><P
> the "path =" line in smb.conf is incorrect. Check it with testparm
</P
></LI
><LI
><P
> you enabled password encryption but didn't create the SMB encrypted
password file
</P
></LI
></OL
><P
>Once connected you should be able to use the commands
<B
CLASS="COMMAND"
>dir</B
> <B
CLASS="COMMAND"
>get</B
> <B
CLASS="COMMAND"
>put</B
> etc.
Type <B
CLASS="COMMAND"
>help &gt;command&lt;</B
> for instructions. You should
<b class="userinput"><tt>smbclient //bigserver/tmp -Ujohndoe%secret</tt></b>
</p></div><p>
Once you enter the password you should get the <tt class="prompt">smb&gt;</tt> prompt. If you
don't then look at the error message. If it says <span class="errorname">invalid network
name</span> then the service <span class="emphasis"><em>&quot;tmp&quot;</em></span> is not correctly setup in your <tt class="filename">smb.conf</tt>.
</p><p>
If it says <span class="errorname">bad password</span> then the likely causes are:
</p><div class="orderedlist"><ol type="1"><li><p>
you have shadow passords (or some other password system) but didn't
compile in support for them in <span class="application">smbd</span>
</p></li><li><p>
your <b class="command">valid users</b> configuration is incorrect
</p></li><li><p>
you have a mixed case password and you haven't enabled the <b class="command">password
level</b> option at a high enough level
</p></li><li><p>
the <b class="command">path =</b> line in <tt class="filename">smb.conf</tt> is incorrect. Check it with <span class="application">testparm</span>
</p></li><li><p>
you enabled password encryption but didn't map unix to samba users
</p></li></ol></div><p>
Once connected you should be able to use the commands
<b class="command">dir</b> <b class="command">get</b> <b class="command">put</b> etc.
Type <b class="command">help <i class="replaceable"><tt>command</tt></i></b> for instructions. You should
especially check that the amount of free disk space shown is correct
when you type <B
CLASS="COMMAND"
>dir</B
>.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3467">26.3.8. Test 8</H2
><P
>On the PC type the command <B
CLASS="COMMAND"
>net view \\BIGSERVER</B
>. You will
need to do this from within a "dos prompt" window. You should get back a
list of available shares on the server.</P
><P
>If you get a "network name not found" or similar error then netbios
when you type <b class="command">dir</b>.
</p></li><li><p>
On the PC, type the command <b class="userinput"><tt>net view \\BIGSERVER</tt></b>. You will
need to do this from within a &quot;dos prompt&quot; window. You should get back a
list of available shares on the server.
</p><p>
If you get a <span class="errorname">network name not found</span> or similar error then netbios
name resolution is not working. This is usually caused by a problem in
nmbd. To overcome it you could do one of the following (you only need
to choose one of them):</P
><P
></P
><OL
TYPE="1"
><LI
><P
> fixup the nmbd installation</P
></LI
><LI
><P
> add the IP address of BIGSERVER to the "wins server" box in the
advanced tcp/ip setup on the PC.</P
></LI
><LI
><P
> enable windows name resolution via DNS in the advanced section of
the tcp/ip setup</P
></LI
><LI
><P
> add BIGSERVER to your lmhosts file on the PC.</P
></LI
></OL
><P
>If you get a "invalid network name" or "bad password error" then the
same fixes apply as they did for the "smbclient -L" test above. In
particular, make sure your "hosts allow" line is correct (see the man
pages)</P
><P
>Also, do not overlook that fact that when the workstation requests the
to choose one of them):
</p><div class="orderedlist"><ol type="1"><li><p>
fixup the <span class="application">nmbd</span> installation
</p></li><li><p>
add the IP address of BIGSERVER to the <b class="command">wins server</b> box in the
advanced tcp/ip setup on the PC.
</p></li><li><p>
enable windows name resolution via DNS in the advanced section of
the tcp/ip setup
</p></li><li><p>
add BIGSERVER to your lmhosts file on the PC.
</p></li></ol></div><p>
If you get a <span class="errorname">invalid network name</span> or <span class="errorname">bad password error</span> then the
same fixes apply as they did for the <b class="userinput"><tt>smbclient -L</tt></b> test above. In
particular, make sure your <b class="command">hosts allow</b> line is correct (see the man
pages)
</p><p>
Also, do not overlook that fact that when the workstation requests the
connection to the samba server it will attempt to connect using the
name with which you logged onto your Windows machine. You need to make
sure that an account exists on your Samba server with that exact same
name and password.</P
><P
>If you get "specified computer is not receiving requests" or similar
name and password.
</p><p>
If you get <span class="errorname">specified computer is not receiving requests</span> or similar
it probably means that the host is not contactable via tcp services.
Check to see if the host is running tcp wrappers, and if so add an entry in
the hosts.allow file for your client (or subnet, etc.)</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3484">26.3.9. Test 9</H2
><P
>Run the command <B
CLASS="COMMAND"
>net use x: \\BIGSERVER\TMP</B
>. You should
be prompted for a password then you should get a "command completed
successfully" message. If not then your PC software is incorrectly
installed or your smb.conf is incorrect. make sure your "hosts allow"
and other config lines in smb.conf are correct.</P
><P
>It's also possible that the server can't work out what user name to
connect you as. To see if this is the problem add the line "user =
USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
the <tt class="filename">hosts.allow</tt> file for your client (or subnet, etc.)
</p></li><li><p>
Run the command <b class="userinput"><tt>net use x: \\BIGSERVER\TMP</tt></b>. You should
be prompted for a password then you should get a <tt class="computeroutput">command completed
successfully</tt> message. If not then your PC software is incorrectly
installed or your smb.conf is incorrect. make sure your <b class="command">hosts allow</b>
and other config lines in <tt class="filename">smb.conf</tt> are correct.
</p><p>
It's also possible that the server can't work out what user name to
connect you as. To see if this is the problem add the line <i class="parameter"><tt>user =
<i class="replaceable"><tt>username</tt></i></tt></i> to the <i class="parameter"><tt>[tmp]</tt></i> section of
<tt class="filename">smb.conf</tt> where <i class="replaceable"><tt>username</tt></i> is the
username corresponding to the password you typed. If you find this
fixes things you may need the username mapping option. </P
><P
>It might also be the case that your client only sends encrypted passwords
and you have <B
CLASS="COMMAND"
>encrypt passwords = no</B
> in <TT
CLASS="FILENAME"
>smb.conf</TT
>.
Turn it back on to fix.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3492">26.3.10. Test 10</H2
><P
>Run the command <B
CLASS="COMMAND"
>nmblookup -M TESTGROUP</B
> where
TESTGROUP is the name of the workgroup that your Samba server and
fixes things you may need the username mapping option.
</p><p>
It might also be the case that your client only sends encrypted passwords
and you have <i class="parameter"><tt>encrypt passwords = no</tt></i> in <tt class="filename">smb.conf</tt>
Turn it back on to fix.
</p></li><li><p>
Run the command <b class="userinput"><tt>nmblookup -M <i class="replaceable"><tt>testgroup</tt></i></tt></b> where
<i class="replaceable"><tt>testgroup</tt></i> is the name of the workgroup that your Samba server and
Windows PCs belong to. You should get back the IP address of the
master browser for that workgroup.</P
><P
>If you don't then the election process has failed. Wait a minute to
master browser for that workgroup.
</p><p>
If you don't then the election process has failed. Wait a minute to
see if it is just being slow then try again. If it still fails after
that then look at the browsing options you have set in smb.conf. Make
sure you have <B
CLASS="COMMAND"
>preferred master = yes</B
> to ensure that
an election is held at startup.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3498">26.3.11. Test 11</H2
><P
>From file manager try to browse the server. Your samba server should
that then look at the browsing options you have set in <tt class="filename">smb.conf</tt>. Make
sure you have <i class="parameter"><tt>preferred master = yes</tt></i> to ensure that
an election is held at startup.
</p></li><li><p>
&gt;From file manager try to browse the server. Your samba server should
appear in the browse list of your local workgroup (or the one you
specified in smb.conf). You should be able to double click on the name
of the server and get a list of shares. If you get a "invalid
password" error when you do then you are probably running WinNT and it
of the server and get a list of shares. If you get a &quot;invalid
password&quot; error when you do then you are probably running WinNT and it
is refusing to browse a server that has no encrypted password
capability and is in user level security mode. In this case either set
<B
CLASS="COMMAND"
>security = server</B
> AND
<B
CLASS="COMMAND"
>password server = Windows_NT_Machine</B
> in your
smb.conf file, or enable encrypted passwords AFTER compiling in support
for encrypted passwords (refer to the Makefile).</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3503">26.4. Still having troubles?</H1
><P
>Try the mailing list or newsgroup, or use the ethereal utility to
sniff the problem. The official samba mailing list can be reached at
<A
HREF="mailto:samba@samba.org"
TARGET="_top"
>samba@samba.org</A
>. To find
out more about samba and how to subscribe to the mailing list check
out the samba web page at
<A
HREF="http://samba.org/samba"
TARGET="_top"
>http://samba.org/samba</A
></P
><P
>Also look at the other docs in the Samba package!</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="bugreport.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>&nbsp;</TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Reporting Bugs</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>&nbsp;</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
<i class="parameter"><tt>security = server</tt></i> AND
<i class="parameter"><tt>password server = Windows_NT_Machine</tt></i> in your
<tt class="filename">smb.conf</tt> file, or make sure <i class="parameter"><tt>encrypted passwords</tt></i> is
set to &quot;yes&quot;.
</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3008704"></a>Still having troubles?</h2></div></div><div></div></div><p>Read the chapter on
<a href="problems.html" title="Chapter 34. Analysing and solving samba problems">Analysing and Solving Problems</a>.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part V. Troubleshooting </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 34. Analysing and solving samba problems</td></tr></table></div></body></html>

307
docs/htmldocs/findsmb.1.html
View File

@ -1,214 +1,41 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>findsmb</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="FINDSMB">findsmb</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>findsmb&nbsp;--&nbsp;list info about machines that respond to SMB
name queries on a subnet</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>findsmb</B
> [subnet broadcast address]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN12"
></A
><H2
>DESCRIPTION</H2
><P
>This perl script is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>findsmb</B
> is a perl script that
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>findsmb</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="findsmb.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>findsmb &#8212; list info about machines that respond to SMB
name queries on a subnet</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">findsmb</tt> [subnet broadcast address]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This perl script is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>
suite.</p><p><b class="command">findsmb</b> is a perl script that
prints out several pieces of information about machines
on a subnet that respond to SMB name query requests.
It uses <A
HREF="nmblookup.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
> nmblookup(1)</B
></A
> and <A
HREF="smbclient.1.html"
TARGET="_top"
> <B
CLASS="COMMAND"
>smbclient(1)</B
></A
> to obtain this information.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-r</DT
><DD
><P
>Controls whether <B
CLASS="COMMAND"
>findsmb</B
> takes
It uses <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
and <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>
to obtain this information.
</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>Controls whether <b class="command">findsmb</b> takes
bugs in Windows95 into account when trying to find a Netbios name
registered of the remote machine. This option is disabled by default
because it is specific to Windows 95 and Windows 95 machines only.
If set, <A
HREF="nmblookup.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>nmblookup</B
></A
>
will be called with <TT
CLASS="CONSTANT"
>-B</TT
> option.</P
></DD
><DT
>subnet broadcast address</DT
><DD
><P
>Without this option, <B
CLASS="COMMAND"
>findsmb
</B
> will probe the subnet of the machine where
<B
CLASS="COMMAND"
>findsmb</B
> is run. This value is passed
to <B
CLASS="COMMAND"
>nmblookup</B
> as part of the
<TT
CLASS="CONSTANT"
>-B</TT
> option.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN41"
></A
><H2
>EXAMPLES</H2
><P
>The output of <B
CLASS="COMMAND"
>findsmb</B
> lists the following
If set, <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
will be called with <tt class="constant">-B</tt> option.</p></dd><dt><span class="term">subnet broadcast address</span></dt><dd><p>Without this option, <b class="command">findsmb
</b> will probe the subnet of the machine where
<a href="findsmb.1.html"><span class="citerefentry"><span class="refentrytitle">findsmb</span>(1)</span></a>
is run. This value is passed to
<a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
as part of the <tt class="constant">-B</tt> option.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXAMPLES</h2><p>The output of <b class="command">findsmb</b> lists the following
information for all machines that respond to the initial
<B
CLASS="COMMAND"
>nmblookup</B
> for any name: IP address, NetBIOS name,
Workgroup name, operating system, and SMB server version.</P
><P
>There will be a '+' in front of the workgroup name for
<b class="command">nmblookup</b> for any name: IP address, NetBIOS name,
Workgroup name, operating system, and SMB server version.</p><p>There will be a '+' in front of the workgroup name for
machines that are local master browsers for that workgroup. There
will be an '*' in front of the workgroup name for
machines that are the domain master browser for that workgroup.
Machines that are running Windows, Windows 95 or Windows 98 will
not show any information about the operating system or server
version.</P
><P
>The command with <TT
CLASS="CONSTANT"
>-r</TT
> option
must be run on a system without <A
HREF="nmbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>nmbd</B
></A
> running.
If <B
CLASS="COMMAND"
>nmbd</B
> is running on the system, you will
version.</p><p>The command with <tt class="constant">-r</tt> option
must be run on a system without <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> running.
If <b class="command">nmbd</b> is running on the system, you will
only get the IP address and the DNS name of the machine. To
get proper responses from Windows 95 and Windows 98 machines,
the command must be run as root and with <TT
CLASS="CONSTANT"
>-r</TT
>
option on a machine without <B
CLASS="COMMAND"
>nmbd</B
> running.</P
><P
>For example, running <B
CLASS="COMMAND"
>findsmb</B
> without
<TT
CLASS="CONSTANT"
>-r</TT
> option set would yield output similar
to the following</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
><TT
CLASS="COMPUTEROUTPUT"
>IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
the command must be run as root and with <tt class="constant">-r</tt>
option on a machine without <b class="command">nmbd</b> running.</p><p>For example, running <b class="command">findsmb</b>
without <tt class="constant">-r</tt> option set would yield output similar
to the following</p><pre class="screen">
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
192.168.35.10 MINESET-TEST1 [DMVENGR]
192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6]
@ -220,81 +47,15 @@ CLASS="COMPUTEROUTPUT"
192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
</TT
></PRE
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN59"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN62"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="nmbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>nmbd(8)</B
></A
>,
<A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)
</B
></A
>, and <A
HREF="nmblookup.1.html"
TARGET="_top"
> <B
CLASS="COMMAND"
>nmblookup(1)</B
></A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN71"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
</pre></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>,
<a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, and <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">ftp://ftp.icce.rug.nl/pub/unix/</a>)
and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

412
docs/htmldocs/groupmapping.html
View File

@ -1,235 +1,177 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Group mapping HOWTO</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="HOWTO Access Samba source code via CVS"
HREF="cvs-access.html"><LINK
REL="NEXT"
TITLE="Samba performance issues"
HREF="speed.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="cvs-access.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="speed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="GROUPMAPPING">Chapter 21. Group mapping HOWTO</H1
><P
>
Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
current method (likely to change) to manage the groups is a new command called
<B
CLASS="COMMAND"
>smbgroupedit</B
>.</P
><P
>The first immediate reason to use the group mapping on a PDC, is that
the <B
CLASS="COMMAND"
>domain admin group</B
> of <TT
CLASS="FILENAME"
>smb.conf</TT
> is
now gone. This parameter was used to give the listed users local admin rights
on their workstations. It was some magic stuff that simply worked but didn't
scale very well for complex setups.</P
><P
>Let me explain how it works on NT/W2K, to have this magic fade away.
When installing NT/W2K on a computer, the installer program creates some users
and groups. Notably the 'Administrators' group, and gives to that group some
privileges like the ability to change the date and time or to kill any process
(or close too) running on the local machine. The 'Administrator' user is a
member of the 'Administrators' group, and thus 'inherit' the 'Administrators'
group privileges. If a 'joe' user is created and become a member of the
'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.</P
><P
>When a NT/W2K machine is joined to a domain, during that phase, the "Domain
Administrators' group of the PDC is added to the 'Administrators' group of the
workstation. Every members of the 'Domain Administrators' group 'inherit' the
rights of the 'Administrators' group when logging on the workstation.</P
><P
>You are now wondering how to make some of your samba PDC users members of the
'Domain Administrators' ? That's really easy.</P
><P
></P
><OL
TYPE="1"
><LI
><P
>create a unix group (usually in <TT
CLASS="FILENAME"
>/etc/group</TT
>), let's call it domadm</P
></LI
><LI
><P
>add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in <TT
CLASS="FILENAME"
>/etc/group</TT
> will look like:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>domadm:x:502:joe,john,mary</PRE
></P
></LI
><LI
><P
>Map this domadm group to the <B
CLASS="COMMAND"
>domain admins</B
> group by running the command:</P
><P
><B
CLASS="COMMAND"
>smbgroupedit -c "Domain Admins" -u domadm</B
></P
></LI
></OL
><P
>You're set, joe, john and mary are domain administrators !</P
><P
>Like the Domain Admins group, you can map any arbitrary Unix group to any NT
group. You can also make any Unix group a domain group. For example, on a domain
member machine (an NT/W2K or a samba server running winbind), you would like to
give access to a certain directory to some users who are member of a group on
your samba PDC. Flag that group as a domain group by running:</P
><P
><B
CLASS="COMMAND"
>smbgroupedit -a unixgroup -td</B
></P
><P
>You can list the various groups in the mapping database like this</P
><P
><B
CLASS="COMMAND"
>smbgroupedit -v</B
></P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="cvs-access.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="speed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>HOWTO Access Samba source code via CVS</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Samba performance issues</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 12. Mapping MS Windows and Unix Groups</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="passdb.html" title="Chapter 11. Account Information Databases"><link rel="next" href="AccessControls.html" title="Chapter 13. File, Directory and Share Access Controls"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Mapping MS Windows and Unix Groups</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="passdb.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="AccessControls.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="groupmapping"></a>Chapter 12. Mapping MS Windows and Unix Groups</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jean François</span> <span class="surname">Micouleau</span></h3></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jerry@samba.org">jerry@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="groupmapping.html#id2921059">Features and Benefits</a></dt><dt><a href="groupmapping.html#id2921161">Discussion</a></dt><dd><dl><dt><a href="groupmapping.html#id2921352">Example Configuration</a></dt></dl></dd><dt><a href="groupmapping.html#id2921416">Configuration Scripts</a></dt><dd><dl><dt><a href="groupmapping.html#id2921430">Sample smb.conf add group script</a></dt><dt><a href="groupmapping.html#id2921498">Script to configure Group Mapping</a></dt></dl></dd><dt><a href="groupmapping.html#id2921590">Common Errors</a></dt><dd><dl><dt><a href="groupmapping.html#id2921606">Adding Groups Fails</a></dt><dt><a href="groupmapping.html#id2921666">Adding MS Windows Groups to MS Windows Groups Fails</a></dt></dl></dd></dl></div><p>
Starting with Samba-3, new group mapping functionality is available to create associations
between Windows group SIDs and UNIX groups. The <i class="parameter"><tt>groupmap</tt></i> subcommand
included with the <span class="application">net</span> tool can be used to manage these associations.
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
The first immediate reason to use the group mapping on a Samba PDC, is that
the <i class="parameter"><tt>domain admin group</tt></i> has been removed and should no longer
be specified in <tt class="filename">smb.conf</tt>. This parameter was used to give the listed users membership
in the <tt class="constant">Domain Admins</tt> Windows group which gave local admin rights on their workstations
(in default configurations).
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921059"></a>Features and Benefits</h2></div></div><div></div></div><p>
Samba allows the administrator to create MS Windows NT4 / 200x group accounts and to
arbitrarily associate them with Unix/Linux group accounts.
</p><p>
Group accounts can be managed using the MS Windows NT4 or MS Windows 200x MMC tools
so long as appropriate interface scripts have been provided to <tt class="filename">smb.conf</tt>
</p><p>
Administrators should be aware that where <tt class="filename">smb.conf</tt> group interface scripts make
direct calls to the Unix/Linux system tools (eg: the shadow utilities, <b class="command">groupadd</b>,
<b class="command">groupdel</b>, <b class="command">groupmod</b>) then the resulting Unix/Linux group names will be subject
to any limits imposed by these tools. If the tool does NOT allow upper case characters
or space characters, then the creation of an MS Windows NT4 / 200x style group of
<i class="parameter"><tt>Engineering Managers</tt></i> will attempt to create an identically named
Unix/Linux group, an attempt that will of course fail!
</p><p>
There are several possible work-arounds for the operating system tools limitation. One
method is to use a script that generates a name for the Unix/Linux system group that
fits the operating system limits, and that then just passes the Unix/Linux group id (GID)
back to the calling samba interface. This will provide a dynamic work-around solution.
</p><p>
Another work-around is to manually create a Unix/Linux group, then manually create the
MS Windows NT4 / 200x group on the Samba server and then use the <b class="command">net groupmap</b>
tool to connect the two to each other.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921161"></a>Discussion</h2></div></div><div></div></div><p>
When installing <span class="application">MS Windows NT4 / 200x</span> on a computer, the installation
program creates default users and groups. Notably the <tt class="constant">Administrators</tt> group,
and gives to that group privileges necessary privilidges to perform essential system tasks.
eg: Ability to change the date and time or to kill any process (or close too) running on the
local machine.
</p><p>
The 'Administrator' user is a member of the 'Administrators' group, and thus inherits
'Administrators' group privileges. If a 'joe' user is created to be a member of the
'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.
</p><p>
When an MS Windows NT4 / W200x is made a domain member, the &quot;Domain Adminis&quot; group of the
PDC is added to the local 'Administrators' group of the workstation. Every member of the
'Domain Administrators' group inherits the rights of the local 'Administrators' group when
logging on the workstation.
</p><p>
The following steps describe how to make samba PDC users members of the 'Domain Admins' group?
</p><div class="orderedlist"><ol type="1"><li><p>
create a unix group (usually in <tt class="filename">/etc/group</tt>), let's call it domadm
</p></li><li><p>add to this group the users that must be Administrators. For example
if you want joe,john and mary, your entry in <tt class="filename">/etc/group</tt> will
look like:
</p><pre class="programlisting">
domadm:x:502:joe,john,mary
</pre><p>
</p></li><li><p>
Map this domadm group to the &quot;Domain Admins&quot; group by running the command:
</p><p>
</p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>net groupmap add ntgroup=&quot;Domain Admins&quot; unixgroup=domadm</tt></b>
</pre><p>
</p><p>
The quotes around &quot;Domain Admins&quot; are necessary due to the space in the group name.
Also make sure to leave no whitespace surrounding the equal character (=).
</p></li></ol></div><p>
Now joe, john and mary are domain administrators!
</p><p>
It is possible to map any arbitrary UNIX group to any Windows NT4 / 200x group as well as
making any UNIX group a Windows domain group. For example, if you wanted to include a
UNIX group (e.g. acct) in a ACL on a local file or printer on a domain member machine,
you would flag that group as a domain group by running the following on the Samba PDC:
</p><p>
</p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>net groupmap add rid=1000 ntgroup=&quot;Accounting&quot; unixgroup=acct</tt></b>
</pre><p>
</p><p>
Be aware that the RID parmeter is a unsigned 32 bit integer that should
normally start at 1000. However, this rid must not overlap with any RID assigned
to a user. Verifying this is done differently depending on on the passdb backend
you are using. Future versions of the tools may perform the verification automatically,
but for now the burden is on you.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921352"></a>Example Configuration</h3></div></div><div></div></div><p>
You can list the various groups in the mapping database by executing
<b class="command">net groupmap list</b>. Here is an example:
</p><p>
</p><pre class="screen">
<tt class="prompt">root# </tt> <b class="userinput"><tt>net groupmap list</tt></b>
System Administrators (S-1-5-21-2547222302-1596225915-2414751004-1002) -&gt; sysadmin
Domain Admins (S-1-5-21-2547222302-1596225915-2414751004-512) -&gt; domadmin
Domain Users (S-1-5-21-2547222302-1596225915-2414751004-513) -&gt; domuser
Domain Guests (S-1-5-21-2547222302-1596225915-2414751004-514) -&gt; domguest
</pre><p>
</p><p>
For complete details on <b class="command">net groupmap</b>, refer to the net(8) man page.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921416"></a>Configuration Scripts</h2></div></div><div></div></div><p>
Everyone needs tools. Some of us like to create our own, others prefer to use canned tools
(ie: prepared by someone else for general use).
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921430"></a>Sample <tt class="filename">smb.conf</tt> add group script</h3></div></div><div></div></div><p>
A script to great complying group names for use by the samba group interfaces:
</p><p>
</p><div class="example"><a name="id2921453"></a><p class="title"><b>Example 12.1. smbgrpadd.sh</b></p><pre class="programlisting">
#!/bin/bash
# Add the group using normal system groupadd tool.
groupadd smbtmpgrp00
thegid=`cat /etc/group | grep smbtmpgrp00 | cut -d &quot;:&quot; -f3`
# Now change the name to what we want for the MS Windows networking end
cat /etc/group | sed s/smbtmpgrp00/$1/g &gt; /etc/group
# Now return the GID as would normally happen.
echo $thegid
exit 0
</pre></div><p>
</p><p>
The <tt class="filename">smb.conf</tt> entry for the above script would look like:
</p><pre class="programlisting">
add group script = /path_to_tool/smbgrpadd.sh %g
</pre><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921498"></a>Script to configure Group Mapping</h3></div></div><div></div></div><p>
In our example we have created a Unix/Linux group called <i class="parameter"><tt>ntadmin</tt></i>.
Our script will create the additional groups <i class="parameter"><tt>Engineers, Marketoids, Gnomes</tt></i>:
</p><p>
</p><pre class="programlisting">
#!/bin/bash
net groupmap modify ntgroup=&quot;Domain Admins&quot; unixgroup=ntadmin
net groupmap modify ntgroup=&quot;Domain Users&quot; unixgroup=users
net groupmap modify ntgroup=&quot;Domain Guests&quot; unixgroup=nobody
net groupmap modify ntgroup=&quot;Administrators&quot; unixgroup=root
net groupmap modify ntgroup=&quot;Users&quot; unixgroup=users
net groupmap modify ntgroup=&quot;Guests&quot; unixgroup=nobody
net groupmap modify ntgroup=&quot;System Operators&quot; unixgroup=sys
net groupmap modify ntgroup=&quot;Account Operators&quot; unixgroup=root
net groupmap modify ntgroup=&quot;Backup Operators&quot; unixgroup=bin
net groupmap modify ntgroup=&quot;Print Operators&quot; unixgroup=lp
net groupmap modify ntgroup=&quot;Replicators&quot; unixgroup=daemon
net groupmap modify ntgroup=&quot;Power Users&quot; unixgroup=sys
#groupadd Engineers
#groupadd Marketoids
#groupadd Gnomes
#net groupmap add ntgroup=&quot;Engineers&quot; unixgroup=Engineers type=d
#net groupmap add ntgroup=&quot;Marketoids&quot; unixgroup=Marketoids type=d
#net groupmap add ntgroup=&quot;Gnomes&quot; unixgroup=Gnomes type=d
</pre><p>
</p><p>
Of course it is expected that the admininstrator will modify this to suit local needs.
For information regarding the use of the <b class="command">net groupmap</b> tool please
refer to the man page.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921590"></a>Common Errors</h2></div></div><div></div></div><p>
At this time there are many little surprises for the unwary administrator. In a real sense
it is imperative that every step of automated control scripts must be carefully tested
manually before putting them into active service.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921606"></a>Adding Groups Fails</h3></div></div><div></div></div><p>
This is a common problem when the <b class="command">groupadd</b> is called directly
by the samba interface script for the <i class="parameter"><tt>add group script</tt></i> in
the <tt class="filename">smb.conf</tt> file.
</p><p>
The most common cause of failure is an attempt to add an MS Windows group acocunt
that has either an upper case character and/or a space character in it.
</p><p>
There are three possible work-arounds. Firstly, use only group names that comply
with the limitations of the Unix/Linux <b class="command">groupadd</b> system tool.
The second involves use of the script mentioned earlier in this chapter, and the
third option is to manually create a Unix/Linux group account that can substitute
for the MS Windows group name, then use the procedure listed above to map that group
to the MS Windows group.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921666"></a>Adding MS Windows Groups to MS Windows Groups Fails</h3></div></div><div></div></div><p>
Samba-3 does NOT support nested groups from the MS Windows control environment.
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="passdb.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="AccessControls.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 11. Account Information Databases </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 13. File, Directory and Share Access Controls</td></tr></table></div></body></html>

1039
docs/htmldocs/install.html
View File

File diff suppressed because it is too large Load Diff

1221
docs/htmldocs/integrate-ms-networks.html
View File

File diff suppressed because it is too large Load Diff

424
docs/htmldocs/introduction.html
View File

@ -1,421 +1,5 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>General installation</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="PREVIOUS"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="NEXT"
TITLE="How to Install and Test SAMBA"
HREF="install.html"></HEAD
><BODY
CLASS="PART"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="install.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="PART"
><A
NAME="INTRODUCTION"><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
>I. General installation</H1
><DIV
CLASS="PARTINTRO"
><A
NAME="AEN21"><H1
>Introduction</H1
><P
>This part contains general info on how to install samba
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part I. General Installation</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="index.html" title="SAMBA Project Documentation"><link rel="next" href="IntroSMB.html" title="Chapter 1. Introduction to Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part I. General Installation</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="IntroSMB.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>General Installation</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2884272"></a>Preparing Samba for Configuration</h1></div></div><div></div></div><p>This section of the Samba-HOWTO-Collection contains general info on how to install samba
and how to configure the parts of samba you will most likely need.
PLEASE read this.</P
></DIV
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>1. <A
HREF="install.html"
>How to Install and Test SAMBA</A
></DT
><DD
><DL
><DT
>1.1. <A
HREF="install.html#AEN26"
>Read the man pages</A
></DT
><DT
>1.2. <A
HREF="install.html#AEN36"
>Building the Binaries</A
></DT
><DT
>1.3. <A
HREF="install.html#AEN64"
>The all important step</A
></DT
><DT
>1.4. <A
HREF="install.html#AEN68"
>Create the smb configuration file.</A
></DT
><DT
>1.5. <A
HREF="install.html#AEN82"
>Test your config file with
<B
CLASS="COMMAND"
>testparm</B
></A
></DT
><DT
>1.6. <A
HREF="install.html#AEN90"
>Starting the smbd and nmbd</A
></DT
><DD
><DL
><DT
>1.6.1. <A
HREF="install.html#AEN100"
>Starting from inetd.conf</A
></DT
><DT
>1.6.2. <A
HREF="install.html#AEN129"
>Alternative: starting it as a daemon</A
></DT
></DL
></DD
><DT
>1.7. <A
HREF="install.html#AEN145"
>Try listing the shares available on your
server</A
></DT
><DT
>1.8. <A
HREF="install.html#AEN154"
>Try connecting with the unix client</A
></DT
><DT
>1.9. <A
HREF="install.html#AEN170"
>Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</A
></DT
><DT
>1.10. <A
HREF="install.html#AEN184"
>What If Things Don't Work?</A
></DT
><DD
><DL
><DT
>1.10.1. <A
HREF="install.html#AEN189"
>Diagnosing Problems</A
></DT
><DT
>1.10.2. <A
HREF="install.html#AEN193"
>Scope IDs</A
></DT
><DT
>1.10.3. <A
HREF="install.html#AEN196"
>Choosing the Protocol Level</A
></DT
><DT
>1.10.4. <A
HREF="install.html#AEN205"
>Printing from UNIX to a Client PC</A
></DT
><DT
>1.10.5. <A
HREF="install.html#AEN210"
>Locking</A
></DT
><DT
>1.10.6. <A
HREF="install.html#AEN219"
>Mapping Usernames</A
></DT
></DL
></DD
></DL
></DD
><DT
>2. <A
HREF="improved-browsing.html"
>Improved browsing in samba</A
></DT
><DD
><DL
><DT
>2.1. <A
HREF="improved-browsing.html#AEN229"
>Overview of browsing</A
></DT
><DT
>2.2. <A
HREF="improved-browsing.html#AEN233"
>Browsing support in samba</A
></DT
><DT
>2.3. <A
HREF="improved-browsing.html#AEN242"
>Problem resolution</A
></DT
><DT
>2.4. <A
HREF="improved-browsing.html#AEN249"
>Browsing across subnets</A
></DT
><DD
><DL
><DT
>2.4.1. <A
HREF="improved-browsing.html#AEN254"
>How does cross subnet browsing work ?</A
></DT
></DL
></DD
><DT
>2.5. <A
HREF="improved-browsing.html#AEN289"
>Setting up a WINS server</A
></DT
><DT
>2.6. <A
HREF="improved-browsing.html#AEN308"
>Setting up Browsing in a WORKGROUP</A
></DT
><DT
>2.7. <A
HREF="improved-browsing.html#AEN326"
>Setting up Browsing in a DOMAIN</A
></DT
><DT
>2.8. <A
HREF="improved-browsing.html#AEN336"
>Forcing samba to be the master</A
></DT
><DT
>2.9. <A
HREF="improved-browsing.html#AEN345"
>Making samba the domain master</A
></DT
><DT
>2.10. <A
HREF="improved-browsing.html#AEN363"
>Note about broadcast addresses</A
></DT
><DT
>2.11. <A
HREF="improved-browsing.html#AEN366"
>Multiple interfaces</A
></DT
></DL
></DD
><DT
>3. <A
HREF="browsing-quick.html"
>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
></DT
><DD
><DL
><DT
>3.1. <A
HREF="browsing-quick.html#AEN377"
>Discussion</A
></DT
><DT
>3.2. <A
HREF="browsing-quick.html#AEN385"
>Use of the "Remote Announce" parameter</A
></DT
><DT
>3.3. <A
HREF="browsing-quick.html#AEN399"
>Use of the "Remote Browse Sync" parameter</A
></DT
><DT
>3.4. <A
HREF="browsing-quick.html#AEN404"
>Use of WINS</A
></DT
><DT
>3.5. <A
HREF="browsing-quick.html#AEN415"
>Do NOT use more than one (1) protocol on MS Windows machines</A
></DT
><DT
>3.6. <A
HREF="browsing-quick.html#AEN421"
>Name Resolution Order</A
></DT
></DL
></DD
><DT
>4. <A
HREF="pwencrypt.html"
>LanMan and NT Password Encryption in Samba</A
></DT
><DD
><DL
><DT
>4.1. <A
HREF="pwencrypt.html#AEN457"
>Introduction</A
></DT
><DT
>4.2. <A
HREF="pwencrypt.html#AEN462"
>Important Notes About Security</A
></DT
><DD
><DL
><DT
>4.2.1. <A
HREF="pwencrypt.html#AEN481"
>Advantages of SMB Encryption</A
></DT
><DT
>4.2.2. <A
HREF="pwencrypt.html#AEN488"
>Advantages of non-encrypted passwords</A
></DT
></DL
></DD
><DT
>4.3. <A
HREF="pwencrypt.html#AEN497"
>The smbpasswd Command</A
></DT
></DL
></DD
></DL
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="install.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>SAMBA Project Documentation</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>How to Install and Test SAMBA</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
PLEASE read this.</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="IntroSMB.html">Introduction to Samba</a></dt><dd><dl><dt><a href="IntroSMB.html#id2885554">Background</a></dt><dt><a href="IntroSMB.html#id2885765">Terminology</a></dt><dt><a href="IntroSMB.html#id2885920">Related Projects</a></dt><dt><a href="IntroSMB.html#id2885988">SMB Methodology</a></dt><dt><a href="IntroSMB.html#id2886076">Epilogue</a></dt><dt><a href="IntroSMB.html#id2886150">Miscellaneous</a></dt></dl></dd><dt>2. <a href="install.html">How to Install and Test SAMBA</a></dt><dd><dl><dt><a href="install.html#id2886809">Obtaining and installing samba</a></dt><dt><a href="install.html#id2886850">Configuring samba (smb.conf)</a></dt><dd><dl><dt><a href="install.html#id2886887">Example Configuration</a></dt><dt><a href="install.html#id2887037">SWAT</a></dt></dl></dd><dt><a href="install.html#id2887081">Try listing the shares available on your
server</a></dt><dt><a href="install.html#id2887132">Try connecting with the unix client</a></dt><dt><a href="install.html#id2887232">Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</a></dt><dt><a href="install.html#id2887296">What If Things Don't Work?</a></dt><dt><a href="install.html#id2887329">Common Errors</a></dt><dd><dl><dt><a href="install.html#id2887342">Why are so many smbd processes eating memory?</a></dt><dt><a href="install.html#id2887558">I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</a></dt></dl></dd></dl></dd><dt>3. <a href="FastStart.html">FastStart for the Impatient</a></dt><dd><dl><dt><a href="FastStart.html#id2886685">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="IntroSMB.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">SAMBA Project Documentation </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 1. Introduction to Samba</td></tr></table></div></body></html>

215
docs/htmldocs/lmhosts.5.html
View File

@ -1,210 +1,37 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>lmhosts</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="LMHOSTS"
></A
>lmhosts</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>lmhosts&nbsp;--&nbsp;The Samba NetBIOS hosts file</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><TT
CLASS="FILENAME"
>lmhosts</TT
> is the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> NetBIOS name to IP address mapping file.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN12"
></A
><H2
>DESCRIPTION</H2
><P
>This file is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><TT
CLASS="FILENAME"
>lmhosts</TT
> is the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Samba
</I
></SPAN
> NetBIOS name to IP address mapping file. It
is very similar to the <TT
CLASS="FILENAME"
>/etc/hosts</TT
> file
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>lmhosts</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="lmhosts.5"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>lmhosts &#8212; The Samba NetBIOS hosts file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><tt class="filename">lmhosts</tt> is the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> NetBIOS name to IP address mapping file.</p></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This file is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><tt class="filename">lmhosts</tt> is the <span class="emphasis"><em>Samba
</em></span> NetBIOS name to IP address mapping file. It
is very similar to the <tt class="filename">/etc/hosts</tt> file
format, except that the hostname component must correspond
to the NetBIOS naming format.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN20"
></A
><H2
>FILE FORMAT</H2
><P
>It is an ASCII file containing one line for NetBIOS name.
to the NetBIOS naming format.</p></div><div class="refsect1" lang="en"><h2>FILE FORMAT</h2><p>It is an ASCII file containing one line for NetBIOS name.
The two fields on each line are separated from each other by
white space. Any entry beginning with '#' is ignored. Each line
in the lmhosts file contains the following information :</P
><P
></P
><UL
><LI
><P
>IP Address - in dotted decimal format.</P
></LI
><LI
><P
>NetBIOS Name - This name format is a
in the lmhosts file contains the following information:</p><div class="itemizedlist"><ul type="disc"><li><p>IP Address - in dotted decimal format.</p></li><li><p>NetBIOS Name - This name format is a
maximum fifteen character host name, with an optional
trailing '#' character followed by the NetBIOS name type
as two hexadecimal digits.</P
><P
>If the trailing '#' is omitted then the given IP
as two hexadecimal digits.</p><p>If the trailing '#' is omitted then the given IP
address will be returned for all names that match the given
name, whatever the NetBIOS name type in the lookup.</P
></LI
></UL
><P
>An example follows :</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#
name, whatever the NetBIOS name type in the lookup.</p></li></ul></div><p>An example follows:</p><pre class="programlisting">
#
# Sample Samba lmhosts file.
#
192.9.200.1 TESTPC
192.9.200.20 NTSERVER#20
192.9.200.21 SAMBASERVER
</PRE
></P
><P
>Contains three IP to NetBIOS name mappings. The first
and third will be returned for any queries for the names "TESTPC"
and "SAMBASERVER" respectively, whatever the type component of
the NetBIOS name requested.</P
><P
>The second mapping will be returned only when the "0x20" name
type for a name "NTSERVER" is queried. Any other name type will not
be resolved.</P
><P
>The default location of the <TT
CLASS="FILENAME"
>lmhosts</TT
> file
is in the same directory as the <A
HREF="smb.conf.5.html"
TARGET="_top"
>
smb.conf(5)&#62;</A
> file.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN37"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN40"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)
</B
></A
>, <A
HREF="smb.conf.5.html#NAMERESOLVEORDER"
TARGET="_top"
> smb.conf(5)</A
>, and <A
HREF="smbpasswd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
> smbpasswd(8)</B
></A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN48"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
</pre><p>Contains three IP to NetBIOS name mappings. The first
and third will be returned for any queries for the names &quot;TESTPC&quot;
and &quot;SAMBASERVER&quot; respectively, whatever the type component of
the NetBIOS name requested.</p><p>The second mapping will be returned only when the &quot;0x20&quot; name
type for a name &quot;NTSERVER&quot; is queried. Any other name type will not
be resolved.</p><p>The default location of the <tt class="filename">lmhosts</tt> file
is in the same directory as the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, and <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>
</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
<a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 was done by Alexander Bokovoy.</p></div></div></body></html>

359
docs/htmldocs/msdfs.html
View File

@ -1,321 +1,62 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Hosting a Microsoft Distributed File System tree on Samba</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Configuring PAM for distributed but centrally
managed authentication"
HREF="pam.html"><LINK
REL="NEXT"
TITLE="Printing Support"
HREF="printing.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="pam.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="printing.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="MSDFS">Chapter 13. Hosting a Microsoft Distributed File System tree on Samba</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1859">13.1. Instructions</H1
><P
>The Distributed File System (or Dfs) provides a means of
separating the logical view of files and directories that users
see from the actual physical locations of these resources on the
network. It allows for higher availability, smoother storage expansion,
load balancing etc. For more information about Dfs, refer to <A
HREF="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp"
TARGET="_top"
> Microsoft documentation</A
>. </P
><P
>This document explains how to host a Dfs tree on a Unix
machine (for Dfs-aware clients to browse) using Samba.</P
><P
>To enable SMB-based DFS for Samba, configure it with the
<TT
CLASS="PARAMETER"
><I
>--with-msdfs</I
></TT
> option. Once built, a
Samba server can be made a Dfs server by setting the global
boolean <A
HREF="smb.conf.5.html#HOSTMSDFS"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
> host msdfs</I
></TT
></A
> parameter in the <TT
CLASS="FILENAME"
>smb.conf
</TT
> file. You designate a share as a Dfs root using the share
level boolean <A
HREF="smb.conf.5.html#MSDFSROOT"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
> msdfs root</I
></TT
></A
> parameter. A Dfs root directory on
Samba hosts Dfs links in the form of symbolic links that point
to other servers. For example, a symbolic link
<TT
CLASS="FILENAME"
>junction-&gt;msdfs:storage1\share1</TT
> in
the share directory acts as the Dfs junction. When Dfs-aware
clients attempt to access the junction link, they are redirected
to the storage location (in this case, \\storage1\share1).</P
><P
>Dfs trees on Samba work with all Dfs-aware clients ranging
from Windows 95 to 2000.</P
><P
>Here's an example of setting up a Dfs tree on a Samba
server.</P
><P
><PRE
CLASS="PROGRAMLISTING"
># The smb.conf file:
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 17. Hosting a Microsoft Distributed File System tree on Samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="InterdomainTrusts.html" title="Chapter 16. Interdomain Trust Relationships"><link rel="next" href="printing.html" title="Chapter 18. Classical Printing Support"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 17. Hosting a Microsoft Distributed File System tree on Samba</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="InterdomainTrusts.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="printing.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="msdfs"></a>Chapter 17. Hosting a Microsoft Distributed File System tree on Samba</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Shirish</span> <span class="surname">Kalele</span></h3><div class="affiliation"><span class="orgname">Samba Team &amp; Veritas Software<br></span><div class="address"><p><br>
<tt class="email">&lt;<a href="mailto:samba@samba.org">samba@samba.org</a>&gt;</tt><br>
</p></div></div></div></div><div><p class="pubdate">12 Jul 2000</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="msdfs.html#id2932887">Features and Benefits</a></dt><dt><a href="msdfs.html#id2934539">Common Errors</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2932887"></a>Features and Benefits</h2></div></div><div></div></div><p>
The Distributed File System (or DFS) provides a means of separating the logical
view of files and directories that users see from the actual physical locations
of these resources on the network. It allows for higher availability, smoother
storage expansion, load balancing etc.
</p><p>
For information about DFS, refer to
<a href="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp" target="_top">
Microsoft documentation at http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp</a>.
</p><p>
This document explains how to host a DFS tree on a Unix machine (for DFS-aware
clients to browse) using Samba.
</p><p>
To enable SMB-based DFS for Samba, configure it with the <i class="parameter"><tt>--with-msdfs</tt></i>
option. Once built, a Samba server can be made a DFS server by setting the global
boolean <a href="smb.conf.5.html#HOSTMSDFS" target="_top"><i class="parameter"><tt> host msdfs</tt></i></a>
parameter in the <tt class="filename">smb.conf </tt> file. You designate a share as a DFS
root using the share level boolean <a href="smb.conf.5.html#MSDFSROOT" target="_top"><i class="parameter"><tt>
msdfs root</tt></i></a> parameter. A DFS root directory on Samba hosts DFS
links in the form of symbolic links that point to other servers. For example, a symbolic link
<tt class="filename">junction-&gt;msdfs:storage1\share1</tt> in the share directory acts
as the DFS junction. When DFS-aware clients attempt to access the junction link,
they are redirected to the storage location (in this case, \\storage1\share1).
</p><p>
DFS trees on Samba work with all DFS-aware clients ranging from Windows 95 to 200x.
</p><p>
Here's an example of setting up a DFS tree on a Samba server.
</p><pre class="programlisting">
# The smb.conf file:
[global]
netbios name = SAMBA
netbios name = SMOKEY
host msdfs = yes
[dfs]
path = /export/dfsroot
msdfs root = yes
</PRE
></P
><P
>In the /export/dfsroot directory we set up our dfs links to
other servers on the network.</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>cd /export/dfsroot</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>chown root /export/dfsroot</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>chmod 755 /export/dfsroot</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>ln -s msdfs:storageA\\shareA linka</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>ln -s msdfs:serverB\\share,serverC\\share linkb</B
></TT
></P
><P
>You should set up the permissions and ownership of
the directory acting as the Dfs root such that only designated
</pre><p>In the /export/dfsroot directory we set up our dfs links to
other servers on the network.</p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>cd /export/dfsroot</tt></b>
<tt class="prompt">root# </tt><b class="userinput"><tt>chown root /export/dfsroot</tt></b>
<tt class="prompt">root# </tt><b class="userinput"><tt>chmod 755 /export/dfsroot</tt></b>
<tt class="prompt">root# </tt><b class="userinput"><tt>ln -s msdfs:storageA\\shareA linka</tt></b>
<tt class="prompt">root# </tt><b class="userinput"><tt>ln -s msdfs:serverB\\share,serverC\\share linkb</tt></b>
</pre><p>You should set up the permissions and ownership of
the directory acting as the DFS root such that only designated
users can create, delete or modify the msdfs links. Also note
that symlink names should be all lowercase. This limitation exists
to have Samba avoid trying all the case combinations to get at
the link name. Finally set up the symbolic links to point to the
network shares you want, and start Samba.</P
><P
>Users on Dfs-aware clients can now browse the Dfs tree
network shares you want, and start Samba.</p><p>Users on DFS-aware clients can now browse the DFS tree
on the Samba server at \\samba\dfs. Accessing
links linka or linkb (which appear as directories to the client)
takes users directly to the appropriate shares on the network.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1894">13.1.1. Notes</H2
><P
></P
><UL
><LI
><P
>Windows clients need to be rebooted
if a previously mounted non-dfs share is made a dfs
root or vice versa. A better way is to introduce a
new share and make it the dfs root.</P
></LI
><LI
><P
>Currently there's a restriction that msdfs
symlink names should all be lowercase.</P
></LI
><LI
><P
>For security purposes, the directory
acting as the root of the Dfs tree should have ownership
and permissions set so that only designated users can
modify the symbolic links in the directory.</P
></LI
></UL
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="pam.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="printing.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Configuring PAM for distributed but centrally
managed authentication</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Printing Support</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
takes users directly to the appropriate shares on the network.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2934539"></a>Common Errors</h2></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>Windows clients need to be rebooted
if a previously mounted non-dfs share is made a dfs
root or vice versa. A better way is to introduce a
new share and make it the dfs root.</p></li><li><p>Currently there's a restriction that msdfs
symlink names should all be lowercase.</p></li><li><p>For security purposes, the directory
acting as the root of the DFS tree should have ownership
and permissions set so that only designated users can
modify the symbolic links in the directory.</p></li></ul></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="InterdomainTrusts.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="printing.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 16. Interdomain Trust Relationships </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 18. Classical Printing Support</td></tr></table></div></body></html>

545
docs/htmldocs/net.8.html
View File

@ -1,403 +1,146 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>net</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="NET"
></A
>net</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>net&nbsp;--&nbsp;Tool for administration of Samba and remote
CIFS servers.</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>net</B
> {&lt;ads|rap|rpc&gt;} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-C comment] [-M maxusers] [-F flags] [-j jobid] [-l] [-r] [-f] [-t timeout] [-P] [-D debuglevel]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN31"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>The samba net utility is meant to work just like the net utility
available for windows and DOS.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN36"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-h</DT
><DD
><P
> Display summary of all available options.
</P
></DD
><DT
>-w target-workgroup</DT
><DD
><P
> Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
</P
></DD
><DT
>-W workgroup</DT
><DD
><P
> Sets client workgroup or domain
</P
></DD
><DT
>-U user</DT
><DD
><P
> User name to use
</P
></DD
><DT
>-I ip-address</DT
><DD
><P
> IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
</P
></DD
><DT
>-p port</DT
><DD
><P
> Port on the target server to connect to.
</P
></DD
><DT
>-n myname</DT
><DD
><P
> Sets name of the client.
</P
></DD
><DT
>-s conffile</DT
><DD
><P
> Specify alternative configuration file that should be loaded.
</P
></DD
><DT
>-S server</DT
><DD
><P
> Name of target server. You should specify either this option or a target workgroup or a target IP address.
</P
></DD
><DT
>-C comment</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-M maxusers</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-F flags</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-j jobid</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-l</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-r</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-f</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-t timeout</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-P</DT
><DD
><P
> Make queries to the external server using the machine account of the local server.
</P
></DD
><DT
>-D debuglevel</DT
><DD
><P
>set the debuglevel. Debug level 0 is the lowest
and 100 being the highest. This should be set to 100 if you are
planning on submitting a bug report to the Samba team (see
<TT
CLASS="FILENAME"
>BUGS.txt</TT
>).
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN116"
></A
><H2
>TIME</H2
><P
>The <B
CLASS="COMMAND"
>NET TIME</B
> command allows you to view the time on a remote server
or synchronise the time on the local server with the time on the remote server.</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
></DT
><DD
><P
> Without any options, the <B
CLASS="COMMAND"
>NET TIME</B
> command
displays the time on the remote server.
</P
></DD
><DT
>SYSTEM</DT
><DD
><P
> Displays the time on the remote server in a format ready for /bin/date
</P
></DD
><DT
>SET</DT
><DD
><P
> Tries to set the date and time of the local server to that on
the remote server using /bin/date.
</P
></DD
><DT
>ZONE</DT
><DD
><P
> Displays the timezone in hours from GMT on the remote computer.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN138"
></A
><H2
>RPC</H2
><P
>The <B
CLASS="COMMAND"
>NET RPC</B
> command allows you to do various
NT4 operations.</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>JOIN -U username[%password] [options]</DT
><DD
><P
> Join a domain with specified username and password. Password
will be prompted if none is specified.</P
></DD
><DT
>JOIN [options except -U]</DT
><DD
><P
> to join a domain created in server manager
</P
></DD
><DT
>USER [misc. options] [targets]</DT
><DD
><P
> List users
</P
></DD
><DT
>USER DELETE &lt;name&gt; [misc options]</DT
><DD
><P
> delete specified user
</P
></DD
><DT
>USER INFO &lt;name&gt; [misc options]</DT
><DD
><P
> list the domain groups of the specified user
</P
></DD
><DT
>USER ADD &lt;name&gt; [password] [-F user flags] [misc. options</DT
><DD
><P
> Add specified user
</P
></DD
><DT
>GROUP [misc options] [targets]</DT
><DD
><P
> List user groups
</P
></DD
><DT
>GROUP DELETE &lt;name&gt; [misc. options] [targets]</DT
><DD
><P
> Delete specified group
</P
></DD
><DT
>GROUP ADD &lt;name&gt; [-C comment]</DT
><DD
><P
> Create specified group
</P
></DD
><DT
>SHARE [misc. options] [targets]</DT
><DD
><P
> enumerates all exported resources (network shares) on target server
</P
></DD
><DT
>SHARE ADD &lt;name=serverpath&gt; [misc. options] [targets]</DT
><DD
><P
> Adds a share from a server (makes the export active)
</P
></DD
><DT
>SHARE DELETE &lt;sharenam</DT
><DD
><P
></P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN191"
></A
><H2
>VERSION</H2
><P
>This man page is incomplete for version 3.0 of the Samba
suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN194"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>net</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="net.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>net &#8212; Tool for administration of Samba and remote
CIFS servers.
</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">net</tt> {&lt;ads|rap|rpc&gt;} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-D debuglevel]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The samba net utility is meant to work just like the net utility
available for windows and DOS. The first argument should be used
to specify the protocol to use when executing a certain command.
ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
clients and RPC can be used for NT4 and Windows 2000. If this
argument is omitted, net will try to determine it automatically.
Not all commands are available on all protocols.
</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-w target-workgroup</span></dt><dd><p>
Sets target workgroup or domain. You have to specify
either this option or the IP address or the name of a server.
</p></dd><dt><span class="term">-W workgroup</span></dt><dd><p>
Sets client workgroup or domain
</p></dd><dt><span class="term">-U user</span></dt><dd><p>
User name to use
</p></dd><dt><span class="term">-I ip-address</span></dt><dd><p>
IP address of target server to use. You have to
specify either this option or a target workgroup or
a target server.
</p></dd><dt><span class="term">-p port</span></dt><dd><p>
Port on the target server to connect to (usually 139 or 445).
Defaults to trying 445 first, then 139.
</p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical
to setting the <a href="smb.conf.5.html#netbiosname" target="_top"><i class="parameter"><tt>NetBIOS
name</tt></i></a> parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. However, a command
line setting will take precedence over settings in
<a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-S server</span></dt><dd><p>
Name of target server. You should specify either
this option or a target workgroup or a target IP address.
</p></dd><dt><span class="term">-l</span></dt><dd><p>
When listing data, give more information on each item.
</p></dd><dt><span class="term">-P</span></dt><dd><p>
Make queries to the external server using the machine account of the local server.
</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMMANDS</h2><div class="refsect2" lang="en"><h3>TIME</h3><p>The <b class="command">NET TIME</b> command allows you to view the time on a remote server
or synchronise the time on the local server with the time on the remote server.</p><div class="refsect3" lang="en"><h4>TIME</h4><p>Without any options, the <b class="command">NET TIME</b> command
displays the time on the remote server.
</p></div><div class="refsect3" lang="en"><h4>TIME SYSTEM</h4><p> Displays the time on the remote server in a format ready for <b class="command">/bin/date</b></p></div><div class="refsect3" lang="en"><h4>TIME SET</h4><p>Tries to set the date and time of the local server to that on
the remote server using <b class="command">/bin/date</b>. </p></div><div class="refsect3" lang="en"><h4>TIME ZONE</h4><p>Displays the timezone in hours from GMT on the remote computer.</p></div></div><div class="refsect2" lang="en"><h3>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]</h3><p>
Join a domain. If the account already exists on the server, and
[TYPE] is MEMBER, the machine will attempt to join automatically.
(Assuming that the machine has been created in server manager)
Otherwise, a password will be prompted for, and a new account may
be created.</p><p>
[TYPE] may be PDC, BDC or MEMBER to specify the type of server
joining the domain.
</p></div><div class="refsect2" lang="en"><h3>[RPC] OLDJOIN [options]</h3><p>Join a domain. Use the OLDJOIN option to join the domain
using the old style of domain joining - you need to create a trust
account in server manager first.</p></div><div class="refsect2" lang="en"><h3>[RPC|ADS] USER</h3><div class="refsect3" lang="en"><h4>[RPC|ADS] USER DELETE <i class="replaceable"><tt>target</tt></i></h4><p>Delete specified user</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] USER LIST</h4><p>List all users</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] USER INFO <i class="replaceable"><tt>target</tt></i></h4><p>List the domain groups of a the specified user.</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] USER ADD <i class="replaceable"><tt>name</tt></i> [password] [-F user flags] [-C comment]</h4><p>Add specified user.</p></div></div><div class="refsect2" lang="en"><h3>[RPC|ADS] GROUP</h3><div class="refsect3" lang="en"><h4>[RPC|ADS] GROUP [misc options] [targets]</h4><p>List user groups.</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] GROUP DELETE <i class="replaceable"><tt>name</tt></i> [misc. options]</h4><p>Delete specified group.</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] GROUP ADD <i class="replaceable"><tt>name</tt></i> [-C comment]</h4><p>Create specified group.</p></div></div><div class="refsect2" lang="en"><h3>[RAP|RPC] SHARE</h3><div class="refsect3" lang="en"><h4>[RAP|RPC] SHARE [misc. options] [targets]</h4><p>Enumerates all exported resources (network shares) on target server.</p></div><div class="refsect3" lang="en"><h4>[RAP|RPC] SHARE ADD <i class="replaceable"><tt>name=serverpath</tt></i> [-C comment] [-M maxusers] [targets]</h4><p>Adds a share from a server (makes the export active). Maxusers
specifies the number of users that can be connected to the
share simultaneously.</p></div><div class="refsect3" lang="en"><h4>SHARE DELETE <i class="replaceable"><tt>sharenam</tt></i></h4><p>Delete specified share.</p></div></div><div class="refsect2" lang="en"><h3>[RPC|RAP] FILE</h3><div class="refsect3" lang="en"><h4>[RPC|RAP] FILE</h4><p>List all open files on remote server.</p></div><div class="refsect3" lang="en"><h4>[RPC|RAP] FILE CLOSE <i class="replaceable"><tt>fileid</tt></i></h4><p>Close file with specified <i class="replaceable"><tt>fileid</tt></i> on
remote server.</p></div><div class="refsect3" lang="en"><h4>[RPC|RAP] FILE INFO <i class="replaceable"><tt>fileid</tt></i></h4><p>
Print information on specified <i class="replaceable"><tt>fileid</tt></i>.
Currently listed are: file-id, username, locks, path, permissions.
</p></div><div class="refsect3" lang="en"><h4>[RAP|RPC] FILE USER</h4><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div></div><div class="refsect2" lang="en"><h3>SESSION</h3><div class="refsect3" lang="en"><h4>RAP SESSION</h4><p>Without any other options, SESSION enumerates all active SMB/CIFS
sessions on the target server.</p></div><div class="refsect3" lang="en"><h4>RAP SESSION DELETE|CLOSE <i class="replaceable"><tt>CLIENT_NAME</tt></i></h4><p>Close the specified sessions.</p></div><div class="refsect3" lang="en"><h4>RAP SESSION INFO <i class="replaceable"><tt>CLIENT_NAME</tt></i></h4><p>Give a list with all the open files in specified session.</p></div></div><div class="refsect2" lang="en"><h3>RAP SERVER <i class="replaceable"><tt>DOMAIN</tt></i></h3><p>List all servers in specified domain or workgroup. Defaults
to local domain.</p></div><div class="refsect2" lang="en"><h3>RAP DOMAIN</h3><p>Lists all domains and workgroups visible on the
current network.</p></div><div class="refsect2" lang="en"><h3>RAP PRINTQ</h3><div class="refsect3" lang="en"><h4>RAP PRINTQ LIST <i class="replaceable"><tt>QUEUE_NAME</tt></i></h4><p>Lists the specified print queue and print jobs on the server.
If the <i class="replaceable"><tt>QUEUE_NAME</tt></i> is omitted, all
queues are listed.</p></div><div class="refsect3" lang="en"><h4>RAP PRINTQ DELETE <i class="replaceable"><tt>JOBID</tt></i></h4><p>Delete job with specified id.</p></div></div><div class="refsect2" lang="en"><h3>RAP VALIDATE <i class="replaceable"><tt>user</tt></i> [<i class="replaceable"><tt>password</tt></i>]</h3><p>
Validate whether the specified user can log in to the
remote server. If the password is not specified on the commandline, it
will be prompted.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" lang="en"><h3>RAP GROUPMEMBER</h3><div class="refsect3" lang="en"><h4>RAP GROUPMEMBER LIST <i class="replaceable"><tt>GROUP</tt></i></h4><p>List all members of the specified group.</p></div><div class="refsect3" lang="en"><h4>RAP GROUPMEMBER DELETE <i class="replaceable"><tt>GROUP</tt></i> <i class="replaceable"><tt>USER</tt></i></h4><p>Delete member from group.</p></div><div class="refsect3" lang="en"><h4>RAP GROUPMEMBER ADD <i class="replaceable"><tt>GROUP</tt></i> <i class="replaceable"><tt>USER</tt></i></h4><p>Add member to group.</p></div></div><div class="refsect2" lang="en"><h3>RAP ADMIN <i class="replaceable"><tt>command</tt></i></h3><p>Execute the specified <i class="replaceable"><tt>command</tt></i> on
the remote server. Only works with OS/2 servers.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" lang="en"><h3>RAP SERVICE</h3><div class="refsect3" lang="en"><h4>RAP SERVICE START <i class="replaceable"><tt>NAME</tt></i> [arguments...]</h4><p>Start the specified service on the remote server. Not implemented yet.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect3" lang="en"><h4>RAP SERVICE STOP</h4><p>Stop the specified service on the remote server.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div></div><div class="refsect2" lang="en"><h3>RAP PASSWORD <i class="replaceable"><tt>USER</tt></i> <i class="replaceable"><tt>OLDPASS</tt></i> <i class="replaceable"><tt>NEWPASS</tt></i></h3><p>
Change password of <i class="replaceable"><tt>USER</tt></i> from <i class="replaceable"><tt>OLDPASS</tt></i> to <i class="replaceable"><tt>NEWPASS</tt></i>.
</p></div><div class="refsect2" lang="en"><h3>LOOKUP</h3><div class="refsect3" lang="en"><h4>LOOKUP HOST <i class="replaceable"><tt>HOSTNAME</tt></i> [<i class="replaceable"><tt>TYPE</tt></i>]</h4><p>
Lookup the IP address of the given host with the specified type (netbios suffix).
The type defaults to 0x20 (workstation).
</p></div><div class="refsect3" lang="en"><h4>LOOKUP LDAP [<i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Give IP address of LDAP server of specified <i class="replaceable"><tt>DOMAIN</tt></i>. Defaults to local domain.</p></div><div class="refsect3" lang="en"><h4>LOOKUP KDC [<i class="replaceable"><tt>REALM</tt></i>]</h4><p>Give IP address of KDC for the specified <i class="replaceable"><tt>REALM</tt></i>.
Defaults to local realm.</p></div><div class="refsect3" lang="en"><h4>LOOKUP DC [<i class="replaceable"><tt>DOMAIN</tt></i>]</h4><p>Give IP's of Domain Controllers for specified <i class="replaceable"><tt>
DOMAIN</tt></i>. Defaults to local domain.</p></div><div class="refsect3" lang="en"><h4>LOOKUP MASTER <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Give IP of master browser for specified <i class="replaceable"><tt>DOMAIN</tt></i>
or workgroup. Defaults to local domain.</p></div></div><div class="refsect2" lang="en"><h3>CACHE</h3><p>Samba uses a general caching interface called 'gencache'. It
can be controlled using 'NET CACHE'.</p><p>All the timeout parameters support the suffixes:
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>s - Seconds</td></tr><tr><td>m - Minutes</td></tr><tr><td>h - Hours</td></tr><tr><td>d - Days</td></tr><tr><td>w - Weeks</td></tr></table><p>
</p><div class="refsect3" lang="en"><h4>CACHE ADD <i class="replaceable"><tt>key</tt></i> <i class="replaceable"><tt>data</tt></i> <i class="replaceable"><tt>time-out</tt></i></h4><p>Add specified key+data to the cache with the given timeout.</p></div><div class="refsect3" lang="en"><h4>CACHE DEL <i class="replaceable"><tt>key</tt></i></h4><p>Delete key from the cache.</p></div><div class="refsect3" lang="en"><h4>CACHE SET <i class="replaceable"><tt>key</tt></i> <i class="replaceable"><tt>data</tt></i> <i class="replaceable"><tt>time-out</tt></i></h4><p>Update data of existing cache entry.</p></div><div class="refsect3" lang="en"><h4>CACHE SEARCH <i class="replaceable"><tt>PATTERN</tt></i></h4><p>Search for the specified pattern in the cache data.</p></div><div class="refsect3" lang="en"><h4>CACHE LIST</h4><p>
List all current items in the cache.
</p></div><div class="refsect3" lang="en"><h4>CACHE FLUSH</h4><p>Remove all the current items from the cache.</p></div></div><div class="refsect2" lang="en"><h3>GETLOCALSID [DOMAIN]</h3><p>Print the SID of the specified domain, or if the parameter is
omitted, the SID of the domain the local server is in.</p></div><div class="refsect2" lang="en"><h3>SETLOCALSID S-1-5-21-x-y-z</h3><p>Sets domain sid for the local server to the specified SID.</p></div><div class="refsect2" lang="en"><h3>GROUPMAP</h3><p>Manage the mappings between Windows group SIDs and UNIX groups.
Parameters take the for &quot;parameter=value&quot;. Common options include:</p><div class="itemizedlist"><ul type="disc"><li><p>unixgroup - Name of the UNIX group</p></li><li><p>ntgroup - Name of the Windows NT group (must be
resolvable to a SID</p></li><li><p>rid - Unsigned 32-bit integer</p></li><li><p>sid - Full SID in the form of &quot;S-1-...&quot;</p></li><li><p>type - Type of the group; either 'domain', 'local',
or 'builtin'</p></li><li><p>comment - Freeform text description of the group</p></li></ul></div><div class="refsect3" lang="en"><h4>GROUPMAP ADD</h4><p>Add a new group mapping entry</p><p>net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string]</p></div><div class="refsect3" lang="en"><h4>GROUPMAP DELETE</h4><p>Delete a group mapping entry</p><p>net groupmap delete {ntgroup=string|sid=SID}</p></div><div class="refsect3" lang="en"><h4>GROUPMAP MODIFY</h4><p>Update en existing group entry</p><p>net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}</p></div><div class="refsect3" lang="en"><h4>GROUPMAP LIST</h4><p>List existing group mapping entries</p><p>net groupmap list [verbose] [ntgroup=string] [sid=SID]</p></div></div><div class="refsect2" lang="en"><h3>MAXRID</h3><p>Prints out the highest RID currently in use on the local
server (by the active 'passdb backend').
</p></div><div class="refsect2" lang="en"><h3>RPC INFO</h3><p>Print information about the domain of the remote server,
such as domain name, domain sid and number of users and groups.
</p></div><div class="refsect2" lang="en"><h3>[RPC|ADS] TESTJOIN</h3><p>Check whether participation in a domain is still valid.</p></div><div class="refsect2" lang="en"><h3>[RPC|ADS] CHANGETRUSTPW</h3><p>Force change of domain trust password.</p></div><div class="refsect2" lang="en"><h3>RPC TRUSTDOM</h3><div class="refsect3" lang="en"><h4>RPC TRUSTDOM ADD <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Add a interdomain trust account for
<i class="replaceable"><tt>DOMAIN</tt></i> to the remote server.
</p></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM DEL <i class="replaceable"><tt>DOMAIM</tt></i></h4><p>Remove interdomain trust account for
<i class="replaceable"><tt>DOMAIN</tt></i> from the remote server.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM ESTABLISH <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>
Establish a trust relationship to a trusting domain.
Interdomain account must already be created on the remote PDC.
</p></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM REVOKE <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Abandon relationship to trusted domain</p></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM LIST</h4><p>List all current interdomain trust relationships.</p></div></div><div class="refsect2" lang="en"><h3>RPC ABORTSHUTDOWN</h3><p>Abort the shutdown of a remote server.</p></div><div class="refsect2" lang="en"><h3>SHUTDOWN [-t timeout] [-r] [-f] [-C message]</h3><p>Shut down the remote server.</p><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>
Reboot after shutdown.
</p></dd><dt><span class="term">-f</span></dt><dd><p>
Force shutting down all applications.
</p></dd><dt><span class="term">-t timeout</span></dt><dd><p>
Timeout before system will be shut down. An interactive
user of the system can use this time to cancel the shutdown.
</p></dd><dt><span class="term">-C message</span></dt><dd><p>Display the specified message on the screen to
announce the shutdown.</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SAMDUMP</h3><p>Print out sam database of remote server. You need
to run this on either a BDC. </p></div><div class="refsect2" lang="en"><h3>VAMPIRE</h3><p>Export users, aliases and groups from remote server to
local server. Can only be run an a BDC.
</p></div><div class="refsect2" lang="en"><h3>GETSID</h3><p>Fetch domain SID and store it in the local <tt class="filename">secrets.tdb</tt>. </p></div><div class="refsect2" lang="en"><h3>ADS LEAVE</h3><p>Make the remote host leave the domain it is part of. </p></div><div class="refsect2" lang="en"><h3>ADS STATUS</h3><p>Print out status of machine account of the local machine in ADS.
Prints out quite some debug info. Aimed at developers, regular
users should use <b class="command">NET ADS TESTJOIN</b>.</p></div><div class="refsect2" lang="en"><h3>ADS PRINTER</h3><div class="refsect3" lang="en"><h4>ADS PRINTER INFO [<i class="replaceable"><tt>PRINTER</tt></i>] [<i class="replaceable"><tt>SERVER</tt></i>]</h4><p>
Lookup info for <i class="replaceable"><tt>PRINTER</tt></i> on <i class="replaceable"><tt>SERVER</tt></i>. The printer name defaults to &quot;*&quot;, the
server name defaults to the local host.</p></div><div class="refsect3" lang="en"><h4>ADS PRINTER PUBLISH <i class="replaceable"><tt>PRINTER</tt></i></h4><p>Publish specified printer using ADS.</p></div><div class="refsect3" lang="en"><h4>ADS PRINTER REMOVE <i class="replaceable"><tt>PRINTER</tt></i></h4><p>Remove specified printer from ADS directory.</p></div></div><div class="refsect2" lang="en"><h3>ADS SEARCH <i class="replaceable"><tt>EXPRESSION</tt></i> <i class="replaceable"><tt>ATTRIBUTES...</tt></i></h3><p>Perform a raw LDAP search on a ADS server and dump the results. The
expression is a standard LDAP search expression, and the
attributes are a list of LDAP fields to show in the results.</p><p>Example: <b class="userinput"><tt>net ads search '(objectCategory=group)' sAMAccountName</tt></b>
</p></div><div class="refsect2" lang="en"><h3>ADS DN <i class="replaceable"><tt>DN</tt></i> <i class="replaceable"><tt>(attributes)</tt></i></h3><p>
Perform a raw LDAP search on a ADS server and dump the results. The
DN standard LDAP DN, and the attributes are a list of LDAP fields
to show in the result.
</p><p>Example: <b class="userinput"><tt>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</tt></b></p></div><div class="refsect2" lang="en"><h3>WORKGROUP</h3><p>Print out workgroup name for specified kerberos realm.</p></div><div class="refsect2" lang="en"><h3>HELP [COMMAND]</h3><p>Gives usage information for the specified command.</p></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is complete for version 3.0 of the Samba
suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
The current set of manpages and documentation is maintained
by the Samba Team in the same fashion as the Samba source code.</P
></DIV
></BODY
></HTML
>
to the way the Linux kernel is developed.</p><p>The net manpage was written by Jelmer Vernooij.</p></div></div></body></html>

821
docs/htmldocs/nmbd.8.html
View File

@ -1,754 +1,153 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>nmbd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="NMBD">nmbd</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>nmbd&nbsp;--&nbsp;NetBIOS name server to provide NetBIOS
over IP naming services to clients</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>nmbd</B
> [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d &#60;debug level&#62;] [-H &#60;lmhosts file&#62;] [-l &#60;log directory&#62;] [-n &#60;primary netbios name&#62;] [-p &#60;port number&#62;] [-s &#60;configuration file&#62;]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN25"
></A
><H2
>DESCRIPTION</H2
><P
>This program is part of the Samba suite.</P
><P
><B
CLASS="COMMAND"
>nmbd</B
> is a server that understands
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>nmbd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="nmbd.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>nmbd &#8212; NetBIOS name server to provide NetBIOS
over IP naming services to clients</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">nmbd</tt> [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d &lt;debug level&gt;] [-H &lt;lmhosts file&gt;] [-l &lt;log directory&gt;] [-n &lt;primary netbios name&gt;] [-p &lt;port number&gt;] [-s &lt;configuration file&gt;]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This program is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">nmbd</b> is a server that understands
and can reply to NetBIOS over IP name service requests, like
those produced by SMB/CIFS clients such as Windows 95/98/ME,
Windows NT, Windows 2000, Windows XP and LanManager clients. It also
participates in the browsing protocols which make up the
Windows "Network Neighborhood" view.</P
><P
>SMB/CIFS clients, when they start up, may wish to
Windows &quot;Network Neighborhood&quot; view.</p><p>SMB/CIFS clients, when they start up, may wish to
locate an SMB/CIFS server. That is, they wish to know what
IP number a specified host is using.</P
><P
>Amongst other services, <B
CLASS="COMMAND"
>nmbd</B
> will
IP number a specified host is using.</p><p>Amongst other services, <b class="command">nmbd</b> will
listen for such requests, and if its own NetBIOS name is
specified it will respond with the IP number of the host it
is running on. Its "own NetBIOS name" is by
is running on. Its &quot;own NetBIOS name&quot; is by
default the primary DNS name of the host it is running on,
but this can be overridden with the <I
CLASS="EMPHASIS"
>-n</I
>
option (see OPTIONS below). Thus <B
CLASS="COMMAND"
>nmbd</B
> will
but this can be overridden with the <span class="emphasis"><em>-n</em></span>
option (see OPTIONS below). Thus <b class="command">nmbd</b> will
reply to broadcast queries for its own name(s). Additional
names for <B
CLASS="COMMAND"
>nmbd</B
> to respond on can be set
via parameters in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
> smb.conf(5)</TT
></A
> configuration file.</P
><P
><B
CLASS="COMMAND"
>nmbd</B
> can also be used as a WINS
names for <b class="command">nmbd</b> to respond on can be set
via parameters in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> configuration file.</p><p><b class="command">nmbd</b> can also be used as a WINS
(Windows Internet Name Server) server. What this basically means
is that it will act as a WINS database server, creating a
database from name registration requests that it receives and
replying to queries from clients for these names.</P
><P
>In addition, <B
CLASS="COMMAND"
>nmbd</B
> can act as a WINS
replying to queries from clients for these names.</p><p>In addition, <b class="command">nmbd</b> can act as a WINS
proxy, relaying broadcast queries from clients that do
not understand how to talk the WINS protocol to a WINS
server.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN42"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-D</DT
><DD
><P
>If specified, this parameter causes
<B
CLASS="COMMAND"
>nmbd</B
> to operate as a daemon. That is,
server.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-D</span></dt><dd><p>If specified, this parameter causes
<b class="command">nmbd</b> to operate as a daemon. That is,
it detaches itself and runs in the background, fielding
requests on the appropriate port. By default, <B
CLASS="COMMAND"
>nmbd</B
>
requests on the appropriate port. By default, <b class="command">nmbd</b>
will operate as a daemon if launched from a command shell.
nmbd can also be operated from the <B
CLASS="COMMAND"
>inetd</B
>
nmbd can also be operated from the <b class="command">inetd</b>
meta-daemon, although this is not recommended.
</P
></DD
><DT
>-F</DT
><DD
><P
>If specified, this parameter causes
the main <B
CLASS="COMMAND"
>nmbd</B
> process to not daemonize,
</p></dd><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes
the main <b class="command">nmbd</b> process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
<B
CLASS="COMMAND"
>nmbd</B
> under process supervisors such
as <B
CLASS="COMMAND"
>supervise</B
> and <B
CLASS="COMMAND"
>svscan</B
>
from Daniel J. Bernstein's <B
CLASS="COMMAND"
>daemontools</B
>
<b class="command">nmbd</b> under process supervisors such
as <b class="command">supervise</b> and <b class="command">svscan</b>
from Daniel J. Bernstein's <b class="command">daemontools</b>
package, or the AIX process monitor.
</P
></DD
><DT
>-S</DT
><DD
><P
>If specified, this parameter causes
<B
CLASS="COMMAND"
>nmbd</B
> to log to standard output rather
than a file.</P
></DD
><DT
>-a</DT
><DD
><P
>If this parameter is specified, each new
connection will append log messages to the log file.
This is the default.</P
></DD
><DT
>-i</DT
><DD
><P
>If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
</p></dd><dt><span class="term">-S</span></dt><dd><p>If specified, this parameter causes
<b class="command">nmbd</b> to log to standard output rather
than a file.</p></dd><dt><span class="term">-i</span></dt><dd><p>If this parameter is specified it causes the
server to run &quot;interactively&quot;, not as a daemon, even if the
server is executed on the command line of a shell. Setting this
parameter negates the implicit daemon mode when run from the
command line. <B
CLASS="COMMAND"
>nmbd</B
> also logs to standard
output, as if the <B
CLASS="COMMAND"
>-S</B
> parameter had been
given. </P
></DD
><DT
>-o</DT
><DD
><P
>If this parameter is specified, the
log files will be overwritten when opened. By default,
<B
CLASS="COMMAND"
>smbd</B
> will append entries to the log
files.</P
></DD
><DT
>-h</DT
><DD
><P
>Prints the help information (usage)
for <B
CLASS="COMMAND"
>nmbd</B
>.</P
></DD
><DT
>-H &#60;filename&#62;</DT
><DD
><P
>NetBIOS lmhosts file. The lmhosts
command line. <b class="command">nmbd</b> also logs to standard
output, as if the <tt class="constant">-S</tt> parameter had been
given. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-H &lt;filename&gt;</span></dt><dd><p>NetBIOS lmhosts file. The lmhosts
file is a list of NetBIOS names to IP addresses that
is loaded by the nmbd server and used via the name
resolution mechanism <A
HREF="smb.conf.5.html#nameresolveorder"
TARGET="_top"
> name resolve order</A
> described in <A
HREF="smb.conf.5.html"
TARGET="_top"
> <TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
>
to resolve any NetBIOS name queries needed by the server. Note
that the contents of this file are <I
CLASS="EMPHASIS"
>NOT</I
>
used by <B
CLASS="COMMAND"
>nmbd</B
> to answer any name queries.
resolution mechanism <a href="smb.conf.5.html#nameresolveorder" target="_top"><i class="parameter"><tt>name resolve
order</tt></i></a> described in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> to resolve any
NetBIOS name queries needed by the server. Note
that the contents of this file are <span class="emphasis"><em>NOT</em></span>
used by <b class="command">nmbd</b> to answer any name queries.
Adding a line to this file affects name NetBIOS resolution
from this host <I
CLASS="EMPHASIS"
>ONLY</I
>.</P
><P
>The default path to this file is compiled into
from this host <span class="emphasis"><em>ONLY</em></span>.</p><p>The default path to this file is compiled into
Samba as part of the build process. Common defaults
are <TT
CLASS="FILENAME"
>/usr/local/samba/lib/lmhosts</TT
>,
<TT
CLASS="FILENAME"
>/usr/samba/lib/lmhosts</TT
> or
<TT
CLASS="FILENAME"
>/etc/lmhosts</TT
>. See the
<A
HREF="lmhosts.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>lmhosts(5)</TT
></A
>
man page for details on the contents of this file.</P
></DD
><DT
>-V</DT
><DD
><P
>Prints the version number for
<B
CLASS="COMMAND"
>nmbd</B
>.</P
></DD
><DT
>-d &#60;debug level&#62;</DT
><DD
><P
>debuglevel is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will
be logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable amounts
of log data, and should only be used when investigating
a problem. Levels above 3 are designed for use only by developers
and generate HUGE amounts of log data, most of which is extremely
cryptic.</P
><P
>Note that specifying this parameter here will override
the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log level</A
>
parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
> smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-l &#60;log directory&#62;</DT
><DD
><P
>The -l parameter specifies a directory
into which the "log.nmbd" log file will be created
for operational data from the running <B
CLASS="COMMAND"
>nmbd</B
>
server. The default log directory is compiled into Samba
as part of the build process. Common defaults are <TT
CLASS="FILENAME"
> /usr/local/samba/var/log.nmb</TT
>, <TT
CLASS="FILENAME"
> /usr/samba/var/log.nmb</TT
> or
<TT
CLASS="FILENAME"
>/var/log/log.nmb</TT
>. <I
CLASS="EMPHASIS"
>Beware:</I
>
If the directory specified does not exist, <B
CLASS="COMMAND"
>nmbd</B
>
will log to the default debug log location defined at compile time.
</P
></DD
><DT
>-n &#60;primary NetBIOS name&#62;</DT
><DD
><P
>This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical
to setting the <A
HREF="smb.conf.5.html#netbiosname"
TARGET="_top"
> NetBIOS name</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
>
<TT
CLASS="FILENAME"
>smb.conf</TT
></A
> file. However, a command
line setting will take precedence over settings in
<TT
CLASS="FILENAME"
>smb.conf</TT
>.</P
></DD
><DT
>-p &#60;UDP port number&#62;</DT
><DD
><P
>UDP port number is a positive integer value.
are <tt class="filename">/usr/local/samba/lib/lmhosts</tt>,
<tt class="filename">/usr/samba/lib/lmhosts</tt> or
<tt class="filename">/etc/samba/lmhosts</tt>. See the <a href="lmhosts.5.html"><span class="citerefentry"><span class="refentrytitle">lmhosts</span>(5)</span></a> man page for details on the contents of this file.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd><dt><span class="term">-p &lt;UDP port number&gt;</span></dt><dd><p>UDP port number is a positive integer value.
This option changes the default UDP port number (normally 137)
that <B
CLASS="COMMAND"
>nmbd</B
> responds to name queries on. Don't
that <b class="command">nmbd</b> responds to name queries on. Don't
use this option unless you are an expert, in which case you
won't need help!</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
><DD
><P
>The default configuration file name
is set at build time, typically as <TT
CLASS="FILENAME"
> /usr/local/samba/lib/smb.conf</TT
>, but
this may be changed when Samba is autoconfigured.</P
><P
>The file specified contains the configuration details
required by the server. See <A
HREF="smb.conf.5.html"
TARGET="_top"
> <TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> for more information.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN148"
></A
><H2
>FILES</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
></DT
><DD
><P
>If the server is to be run by the
<B
CLASS="COMMAND"
>inetd</B
> meta-daemon, this file
won't need help!</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/inetd.conf</tt></span></dt><dd><p>If the server is to be run by the
<b class="command">inetd</b> meta-daemon, this file
must contain suitable startup information for the
meta-daemon. See the <A
HREF="UNIX_INSTALL.html"
TARGET="_top"
>UNIX_INSTALL.html</A
> document
meta-daemon. See the <a href="install.html" target="_top">install</a> document
for details.
</P
></DD
><DT
><TT
CLASS="FILENAME"
>/etc/rc</TT
></DT
><DD
><P
>or whatever initialization script your
system uses).</P
><P
>If running the server as a daemon at startup,
</p></dd><dt><span class="term"><tt class="filename">/etc/rc</tt></span></dt><dd><p>or whatever initialization script your
system uses).</p><p>If running the server as a daemon at startup,
this file will need to contain an appropriate startup
sequence for the server. See the <A
HREF="UNIX_INSTALL.html"
TARGET="_top"
>UNIX_INSTALL.html</A
> document
for details.</P
></DD
><DT
><TT
CLASS="FILENAME"
>/etc/services</TT
></DT
><DD
><P
>If running the server via the
meta-daemon <B
CLASS="COMMAND"
>inetd</B
>, this file
sequence for the server. See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a> document
for details.</p></dd><dt><span class="term"><tt class="filename">/etc/services</tt></span></dt><dd><p>If running the server via the
meta-daemon <b class="command">inetd</b>, this file
must contain a mapping of service name (e.g., netbios-ssn)
to service port (e.g., 139) and protocol type (e.g., tcp).
See the <A
HREF="UNIX_INSTALL.html"
TARGET="_top"
>UNIX_INSTALL.html</A
>
document for details.</P
></DD
><DT
><TT
CLASS="FILENAME"
>/usr/local/samba/lib/smb.conf</TT
></DT
><DD
><P
>This is the default location of the
<A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf</TT
></A
>
server configuration file. Other common places that systems
install this file are <TT
CLASS="FILENAME"
>/usr/samba/lib/smb.conf</TT
>
and <TT
CLASS="FILENAME"
>/etc/smb.conf</TT
>.</P
><P
>When run as a WINS server (see the
<A
HREF="smb.conf.5.html#WINSSUPPORT"
TARGET="_top"
>wins support</A
>
parameter in the <TT
CLASS="FILENAME"
>smb.conf(5)</TT
> man page),
<B
CLASS="COMMAND"
>nmbd</B
>
will store the WINS database in the file <TT
CLASS="FILENAME"
>wins.dat</TT
>
in the <TT
CLASS="FILENAME"
>var/locks</TT
> directory configured under
wherever Samba was configured to install itself.</P
><P
>If <B
CLASS="COMMAND"
>nmbd</B
> is acting as a <I
CLASS="EMPHASIS"
> browse master</I
> (see the <A
HREF="smb.conf.5.html#LOCALMASTER"
TARGET="_top"
>local master</A
>
parameter in the <TT
CLASS="FILENAME"
>smb.conf(5)</TT
> man page,
<B
CLASS="COMMAND"
>nmbd</B
>
will store the browsing database in the file <TT
CLASS="FILENAME"
>browse.dat
</TT
> in the <TT
CLASS="FILENAME"
>var/locks</TT
> directory
See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
document for details.</p></dd><dt><span class="term"><tt class="filename">/usr/local/samba/lib/smb.conf</tt></span></dt><dd><p>This is the default location of
the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> server
configuration file. Other common places that systems
install this file are <tt class="filename">/usr/samba/lib/smb.conf</tt>
and <tt class="filename">/etc/samba/smb.conf</tt>.</p><p>When run as a WINS server (see the
<a href="smb.conf.5.html#WINSSUPPORT" target="_top"><tt class="constant">wins support</tt></a>
parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> man page),
<b class="command">nmbd</b>
will store the WINS database in the file <tt class="filename">wins.dat</tt>
in the <tt class="filename">var/locks</tt> directory configured under
wherever Samba was configured to install itself.</p><p>If <b class="command">nmbd</b> is acting as a <span class="emphasis"><em>
browse master</em></span> (see the <a href="smb.conf.5.html#LOCALMASTER" target="_top"><tt class="constant">local master</tt></a>
parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> man page, <b class="command">nmbd</b>
will store the browsing database in the file <tt class="filename">browse.dat
</tt> in the <tt class="filename">var/locks</tt> directory
configured under wherever Samba was configured to install itself.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN195"
></A
><H2
>SIGNALS</H2
><P
>To shut down an <B
CLASS="COMMAND"
>nmbd</B
> process it is recommended
that SIGKILL (-9) <I
CLASS="EMPHASIS"
>NOT</I
> be used, except as a last
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>SIGNALS</h2><p>To shut down an <b class="command">nmbd</b> process it is recommended
that SIGKILL (-9) <span class="emphasis"><em>NOT</em></span> be used, except as a last
resort, as this may leave the name database in an inconsistent state.
The correct way to terminate <B
CLASS="COMMAND"
>nmbd</B
> is to send it
a SIGTERM (-15) signal and wait for it to die on its own.</P
><P
><B
CLASS="COMMAND"
>nmbd</B
> will accept SIGHUP, which will cause
it to dump out its namelists into the file <TT
CLASS="FILENAME"
>namelist.debug
</TT
> in the <TT
CLASS="FILENAME"
>/usr/local/samba/var/locks</TT
>
directory (or the <TT
CLASS="FILENAME"
>var/locks</TT
> directory configured
The correct way to terminate <b class="command">nmbd</b> is to send it
a SIGTERM (-15) signal and wait for it to die on its own.</p><p><b class="command">nmbd</b> will accept SIGHUP, which will cause
it to dump out its namelists into the file <tt class="filename">namelist.debug
</tt> in the <tt class="filename">/usr/local/samba/var/locks</tt>
directory (or the <tt class="filename">var/locks</tt> directory configured
under wherever Samba was configured to install itself). This will also
cause <B
CLASS="COMMAND"
>nmbd</B
> to dump out its server database in
the <TT
CLASS="FILENAME"
>log.nmb</TT
> file.</P
><P
>The debug log level of nmbd may be raised or lowered using
<A
HREF="smbcontrol.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbcontrol(1)</B
>
</A
> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
to allow transient problems to be diagnosed, whilst still running
at a normally low log level.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN211"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN214"
></A
><H2
>SEE ALSO</H2
><P
><B
CLASS="COMMAND"
>inetd(8)</B
>, <A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
<A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
>
</A
>, <A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)
</B
></A
>, <A
HREF="testparm.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
> testparm(1)</B
></A
>, <A
HREF="testprns.1.html"
TARGET="_top"
> <B
CLASS="COMMAND"
>testprns(1)</B
></A
>, and the Internet RFC's
<TT
CLASS="FILENAME"
>rfc1001.txt</TT
>, <TT
CLASS="FILENAME"
>rfc1002.txt</TT
>.
cause <b class="command">nmbd</b> to dump out its server database in
the <tt class="filename">log.nmb</tt> file.</p><p>The debug log level of nmbd may be raised or lowered
using <a href="smbcontrol.1.html"><span class="citerefentry"><span class="refentrytitle">smbcontrol</span>(1)</span></a> (SIGUSR[1|2] signals
are no longer used since Samba 2.2). This is to allow
transient problems to be diagnosed, whilst still running
at a normally low log level.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p>
<a href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>, and the Internet
RFC's <tt class="filename">rfc1001.txt</tt>, <tt class="filename">rfc1002.txt</tt>.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page <A
HREF="http://samba.org/cifs/"
TARGET="_top"
>
http://samba.org/cifs/</A
>.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN231"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
as a link from the Web page <a href="http://samba.org/cifs/" target="_top">
http://samba.org/cifs/</a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

467
docs/htmldocs/nmblookup.1.html
View File

@ -1,412 +1,107 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>nmblookup</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="NMBLOOKUP"
></A
>nmblookup</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>nmblookup&nbsp;--&nbsp;NetBIOS over TCP/IP client used to lookup NetBIOS
names</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>nmblookup</B
> [-M] [-R] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] [-f] {name}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN25"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>nmblookup</B
> is used to query NetBIOS names
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>nmblookup</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="nmblookup"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>nmblookup &#8212; NetBIOS over TCP/IP client used to lookup NetBIOS
names</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">nmblookup</tt> [-M] [-R] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] [-f] {name}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">nmblookup</b> is used to query NetBIOS names
and map them to IP addresses in a network using NetBIOS over TCP/IP
queries. The options allow the name queries to be directed at a
particular IP broadcast area or to a particular machine. All queries
are done over UDP.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN31"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-M</DT
><DD
><P
>Searches for a master browser by looking
up the NetBIOS name <TT
CLASS="REPLACEABLE"
><I
>name</I
></TT
> with a
type of <TT
CLASS="CONSTANT"
>0x1d</TT
>. If <TT
CLASS="REPLACEABLE"
><I
> name</I
></TT
> is "-" then it does a lookup on the special name
<TT
CLASS="CONSTANT"
>__MSBROWSE__</TT
>.</P
></DD
><DT
>-R</DT
><DD
><P
>Set the recursion desired bit in the packet
are done over UDP.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-M</span></dt><dd><p>Searches for a master browser by looking
up the NetBIOS name <i class="replaceable"><tt>name</tt></i> with a
type of <tt class="constant">0x1d</tt>. If <i class="replaceable"><tt>
name</tt></i> is &quot;-&quot; then it does a lookup on the special name
<tt class="constant">__MSBROWSE__</tt>. Please note that in order to
use the name &quot;-&quot;, you need to make sure &quot;-&quot; isn't parsed as an
argument, e.g. use :
<b class="userinput"><tt>nmblookup -M -- -</tt></b>.</p></dd><dt><span class="term">-R</span></dt><dd><p>Set the recursion desired bit in the packet
to do a recursive lookup. This is used when sending a name
query to a machine running a WINS server and the user wishes
to query the names in the WINS server. If this bit is unset
the normal (broadcast responding) NetBIOS processing code
on a machine is used instead. See rfc1001, rfc1002 for details.
</P
></DD
><DT
>-S</DT
><DD
><P
>Once the name query has returned an IP
on a machine is used instead. See RFC1001, RFC1002 for details.
</p></dd><dt><span class="term">-S</span></dt><dd><p>Once the name query has returned an IP
address then do a node status query as well. A node status
query returns the NetBIOS names registered by a host.
</P
></DD
><DT
>-r</DT
><DD
><P
>Try and bind to UDP port 137 to send and receive UDP
</p></dd><dt><span class="term">-r</span></dt><dd><p>Try and bind to UDP port 137 to send and receive UDP
datagrams. The reason for this option is a bug in Windows 95
where it ignores the source port of the requesting packet
and only replies to UDP port 137. Unfortunately, on most UNIX
systems root privilege is needed to bind to this port, and
in addition, if the <A
HREF="nmbd.8.html"
TARGET="_top"
>nmbd(8)</A
>
daemon is running on this machine it also binds to this port.
</P
></DD
><DT
>-A</DT
><DD
><P
>Interpret <TT
CLASS="REPLACEABLE"
><I
>name</I
></TT
> as
an IP Address and do a node status query on this address.</P
></DD
><DT
>-h</DT
><DD
><P
>Print a help (usage) message.</P
></DD
><DT
>-B &lt;broadcast address&gt;</DT
><DD
><P
>Send the query to the given broadcast address. Without
in addition, if the <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> daemon is running on this machine it also binds to this port.
</p></dd><dt><span class="term">-A</span></dt><dd><p>Interpret <i class="replaceable"><tt>name</tt></i> as
an IP Address and do a node status query on this address.</p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical
to setting the <a href="smb.conf.5.html#netbiosname" target="_top"><i class="parameter"><tt>NetBIOS
name</tt></i></a> parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. However, a command
line setting will take precedence over settings in
<a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-i &lt;scope&gt;</span></dt><dd><p>This specifies a NetBIOS scope that
<b class="command">nmblookup</b> will use to communicate with when
generating NetBIOS names. For details on the use of NetBIOS
scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
<span class="emphasis"><em>very</em></span> rarely used, only set this parameter
if you are the system administrator in charge of all the
NetBIOS systems you communicate with.</p></dd><dt><span class="term">-W|--workgroup=domain</span></dt><dd><p>Set the SMB domain of the username. This
overrides the default domain which is the domain defined in
smb.conf. If the domain specified is the same as the servers
NetBIOS name, it causes the client to log on using the servers local
SAM (as opposed to the Domain SAM). </p></dd><dt><span class="term">-O socket options</span></dt><dd><p>TCP socket options to set on the client
socket. See the socket options parameter in
the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manual page for the list of valid
options. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-B &lt;broadcast address&gt;</span></dt><dd><p>Send the query to the given broadcast address. Without
this option the default behavior of nmblookup is to send the
query to the broadcast address of the network interfaces as
either auto-detected or defined in the <A
HREF="smb.conf.5.html#INTERFACES"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>interfaces</I
></TT
>
</A
> parameter of the <TT
CLASS="FILENAME"
>smb.conf (5)</TT
> file.
</P
></DD
><DT
>-U &lt;unicast address&gt;</DT
><DD
><P
>Do a unicast query to the specified address or
host <TT
CLASS="REPLACEABLE"
><I
>unicast address</I
></TT
>. This option
(along with the <TT
CLASS="PARAMETER"
><I
>-R</I
></TT
> option) is needed to
query a WINS server.</P
></DD
><DT
>-d &lt;debuglevel&gt;</DT
><DD
><P
>debuglevel is an integer from 0 to 10.</P
><P
>The default value if this parameter is not specified
is zero.</P
><P
>The higher this value, the more detail will be logged
about the activities of <B
CLASS="COMMAND"
>nmblookup</B
>. At level
0, only critical errors and serious warnings will be logged.</P
><P
>Levels above 1 will generate considerable amounts of
log data, and should only be used when investigating a problem.
Levels above 3 are designed for use only by developers and
generate HUGE amounts of data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will override
the <A
HREF="smb.conf.5.html#LOGLEVEL"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
> log level</I
></TT
></A
> parameter in the <TT
CLASS="FILENAME"
> smb.conf(5)</TT
> file.</P
></DD
><DT
>-s &lt;smb.conf&gt;</DT
><DD
><P
>This parameter specifies the pathname to
the Samba configuration file, <A
HREF="smb.conf.5.html"
TARGET="_top"
> smb.conf(5)</A
>. This file controls all aspects of
the Samba setup on the machine.</P
></DD
><DT
>-i &lt;scope&gt;</DT
><DD
><P
>This specifies a NetBIOS scope that
<B
CLASS="COMMAND"
>nmblookup</B
> will use to communicate with when
generating NetBIOS names. For details on the use of NetBIOS
scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>very</I
></SPAN
> rarely used, only set this parameter
if you are the system administrator in charge of all the
NetBIOS systems you communicate with.</P
></DD
><DT
>-T</DT
><DD
><P
>This causes any IP addresses found in the
either auto-detected or defined in the <a href="smb.conf.5.html#INTERFACES" target="_top"><i class="parameter"><tt>interfaces</tt></i>
</a> parameter of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.
</p></dd><dt><span class="term">-U &lt;unicast address&gt;</span></dt><dd><p>Do a unicast query to the specified address or
host <i class="replaceable"><tt>unicast address</tt></i>. This option
(along with the <i class="parameter"><tt>-R</tt></i> option) is needed to
query a WINS server.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd><dt><span class="term">-T</span></dt><dd><p>This causes any IP addresses found in the
lookup to be looked up via a reverse DNS lookup into a
DNS name, and printed out before each</P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>IP address .... NetBIOS name</I
></SPAN
></P
><P
> pair that is the normal output.</P
></DD
><DT
>-f</DT
><DD
><P
> Show which flags apply to the name that has been looked up. Possible
DNS name, and printed out before each</p><p><span class="emphasis"><em>IP address .... NetBIOS name</em></span></p><p> pair that is the normal output.</p></dd><dt><span class="term">-f</span></dt><dd><p>
Show which flags apply to the name that has been looked up. Possible
answers are zero or more of: Response, Authoritative,
Truncated, Recursion_Desired, Recursion_Available, Broadcast.
</P
></DD
><DT
>name</DT
><DD
><P
>This is the NetBIOS name being queried. Depending
</p></dd><dt><span class="term">name</span></dt><dd><p>This is the NetBIOS name being queried. Depending
upon the previous options this may be a NetBIOS name or IP address.
If a NetBIOS name then the different name types may be specified
by appending '#&lt;type&gt;' to the name. This name may also be
'*', which will return all registered names within a broadcast
area.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN115"
></A
><H2
>EXAMPLES</H2
><P
><B
CLASS="COMMAND"
>nmblookup</B
> can be used to query
a WINS server (in the same way <B
CLASS="COMMAND"
>nslookup</B
> is
used to query DNS servers). To query a WINS server,
<B
CLASS="COMMAND"
>nmblookup</B
> must be called like this:</P
><P
><B
CLASS="COMMAND"
>nmblookup -U server -R 'name'</B
></P
><P
>For example, running :</P
><P
><B
CLASS="COMMAND"
>nmblookup -U samba.org -R 'IRIX#1B'</B
></P
><P
>would query the WINS server samba.org for the domain
master browser (1B name type) for the IRIX workgroup.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN127"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN130"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="nmbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>nmbd(8)</B
></A
>,
<A
HREF="samba.7.html"
TARGET="_top"
>samba(7)</A
>, and <A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN137"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
area.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXAMPLES</h2><p><b class="command">nmblookup</b> can be used to query
a WINS server (in the same way <b class="command">nslookup</b> is
used to query DNS servers). To query a WINS server, <b class="command">nmblookup</b>
must be called like this:</p><p><b class="command">nmblookup -U server -R 'name'</b></p><p>For example, running :</p><p><b class="command">nmblookup -U samba.org -R 'IRIX#1B'</b></p><p>would query the WINS server samba.org for the domain
master browser (1B name type) for the IRIX workgroup.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, and <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

924
docs/htmldocs/optional.html
View File

File diff suppressed because one or more lines are too long

861
docs/htmldocs/pam.html
View File

@ -1,158 +1,290 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Configuring PAM for distributed but centrally
managed authentication</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="UNIX Permission Bits and Windows NT Access Control Lists"
HREF="unix-permissions.html"><LINK
REL="NEXT"
TITLE="Hosting a Microsoft Distributed File System tree on Samba"
HREF="msdfs.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="unix-permissions.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="msdfs.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="PAM">Chapter 12. Configuring PAM for distributed but centrally
managed authentication</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1788">12.1. Samba and PAM</H1
><P
>A number of Unix systems (eg: Sun Solaris), as well as the
xxxxBSD family and Linux, now utilize the Pluggable Authentication
Modules (PAM) facility to provide all authentication,
authorization and resource control services. Prior to the
introduction of PAM, a decision to use an alternative to
the system password database (<TT
CLASS="FILENAME"
>/etc/passwd</TT
>)
would require the provision of alternatives for all programs that provide
security services. Such a choice would involve provision of
alternatives to such programs as: <B
CLASS="COMMAND"
>login</B
>,
<B
CLASS="COMMAND"
>passwd</B
>, <B
CLASS="COMMAND"
>chown</B
>, etc.</P
><P
>PAM provides a mechanism that disconnects these security programs
from the underlying authentication/authorization infrastructure.
PAM is configured either through one file <TT
CLASS="FILENAME"
>/etc/pam.conf</TT
> (Solaris),
or by editing individual files that are located in <TT
CLASS="FILENAME"
>/etc/pam.d</TT
>.</P
><P
>The following is an example <TT
CLASS="FILENAME"
>/etc/pam.d/login</TT
> configuration file.
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 25. PAM based Distributed Authentication</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="ProfileMgmt.html" title="Chapter 24. Desktop Profile Management"><link rel="next" href="integrate-ms-networks.html" title="Chapter 26. Integrating MS Windows networks with Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 25. PAM based Distributed Authentication</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ProfileMgmt.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="integrate-ms-networks.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="pam"></a>Chapter 25. PAM based Distributed Authentication</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><tt class="email">&lt;<a href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">May 31, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="pam.html#id2995226">Features and Benefits</a></dt><dt><a href="pam.html#id2995494">Technical Discussion</a></dt><dd><dl><dt><a href="pam.html#id2995512">PAM Configuration Syntax</a></dt><dt><a href="pam.html#id2996183">Example System Configurations</a></dt><dt><a href="pam.html#id2996484">smb.conf PAM Configuration</a></dt><dt><a href="pam.html#id2996541">Remote CIFS Authentication using winbindd.so</a></dt><dt><a href="pam.html#id2996625">Password Synchronization using pam_smbpass.so</a></dt></dl></dd><dt><a href="pam.html#id2996992">Common Errors</a></dt><dd><dl><dt><a href="pam.html#id2997005">pam_winbind problem</a></dt></dl></dd></dl></div><p>
This chapter you should help you to deploy winbind based authentication on any PAM enabled
Unix/Linux system. Winbind can be used to enable user level application access authentication
from any MS Windows NT Domain, MS Windows 200x Active Directory based domain, or any Samba
based domain environment. It will also help you to configure PAM based local host access
controls that are appropriate to your Samba configuration.
</p><p>
In addition to knowing how to configure winbind into PAM, you will learn generic PAM managment
possibilities and in particular how to deploy tools like pam_smbpass.so to your adavantage.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
The use of Winbind require more than PAM configuration alone. Please refer to <a href="winbind.html" title="Chapter 21. Integrated Logon Support using Winbind">the Winbind chapter</a>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2995226"></a>Features and Benefits</h2></div></div><div></div></div><p>
A number of Unix systems (eg: Sun Solaris), as well as the xxxxBSD family and Linux,
now utilize the Pluggable Authentication Modules (PAM) facility to provide all authentication,
authorization and resource control services. Prior to the introduction of PAM, a decision
to use an alternative to the system password database (<tt class="filename">/etc/passwd</tt>)
would require the provision of alternatives for all programs that provide security services.
Such a choice would involve provision of alternatives to such programs as: <b class="command">login</b>,
<b class="command">passwd</b>, <b class="command">chown</b>, etc.
</p><p>
PAM provides a mechanism that disconnects these security programs from the underlying
authentication/authorization infrastructure. PAM is configured either through one file
<tt class="filename">/etc/pam.conf</tt> (Solaris), or by editing individual files that are
located in <tt class="filename">/etc/pam.d</tt>.
</p><p>
On PAM enabled Unix/Linux systems it is an easy matter to configure the system to use any
authentication backend, so long as the appropriate dynamically loadable library modules
are available for it. The backend may be local to the system, or may be centralised on a
remote server.
</p><p>
PAM support modules are available for:
</p><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/passwd</tt></span></dt><dd><p>-</p><p>
There are several PAM modules that interact with this standard Unix user
database. The most common are called: pam_unix.so, pam_unix2.so, pam_pwdb.so
and pam_userdb.so.
</p></dd><dt><span class="term">Kerberos</span></dt><dd><p>-</p><p>
The pam_krb5.so module allows the use of any Kerberos compliant server.
This tool is used to access MIT Kerberos, Heimdal Kerberos, and potentially
Microsoft Active Directory (if enabled).
</p></dd><dt><span class="term">LDAP</span></dt><dd><p>-</p><p>
The pam_ldap.so module allows the use of any LDAP v2 or v3 compatible backend
server. Commonly used LDAP backend servers include: OpenLDAP v2.0 and v2.1,
Sun ONE iDentity server, Novell eDirectory server, Microsoft Active Directory.
</p></dd><dt><span class="term">NetWare Bindery</span></dt><dd><p>-</p><p>
The pam_ncp_auth.so module allows authentication off any bindery enabled
NetWare Core Protocol based server.
</p></dd><dt><span class="term">SMB Password</span></dt><dd><p>-</p><p>
This module, called pam_smbpass.so, will allow user authentication off
the passdb backend that is configured in the Samba <tt class="filename">smb.conf</tt> file.
</p></dd><dt><span class="term">SMB Server</span></dt><dd><p>-</p><p>
The pam_smb_auth.so module is the original MS Windows networking authentication
tool. This module has been somewhat outdated by the Winbind module.
</p></dd><dt><span class="term">Winbind</span></dt><dd><p>-</p><p>
The pam_winbind.so module allows Samba to obtain authentication from any
MS Windows Domain Controller. It can just as easily be used to authenticate
users for access to any PAM enabled application.
</p></dd><dt><span class="term">RADIUS</span></dt><dd><p>-</p><p>
There is a PAM RADIUS (Remote Access Dial-In User Service) authentication
module. In most cases the administrator will need to locate the source code
for this tool and compile and install it themselves. RADIUS protocols are
used by many routers and terminal servers.
</p></dd></dl></div><p>
Of the above, Samba provides the pam_smbpasswd.so and the pam_winbind.so modules alone.
</p><p>
Once configured, these permit a remarkable level of flexibility in the location and use
of distributed samba domain controllers that can provide wide are network bandwidth
efficient authentication services for PAM capable systems. In effect, this allows the
deployment of centrally managed and maintained distributed authentication from a single
user account database.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2995494"></a>Technical Discussion</h2></div></div><div></div></div><p>
PAM is designed to provide the system administrator with a great deal of flexibility in
configuration of the privilege granting applications of their system. The local
configuration of system security controlled by PAM is contained in one of two places:
either the single system file, /etc/pam.conf; or the /etc/pam.d/ directory.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995512"></a>PAM Configuration Syntax</h3></div></div><div></div></div><p>
In this section we discuss the correct syntax of and generic options respected by entries to these files.
PAM specific tokens in the configuration file are case insensitive. The module paths, however, are case
sensitive since they indicate a file's name and reflect the case dependence of typical file-systems.
The case-sensitivity of the arguments to any given module is defined for each module in turn.
</p><p>
In addition to the lines described below, there are two special characters provided for the convenience
of the system administrator: comments are preceded by a `#' and extend to the next end-of-line; also,
module specification lines may be extended with a `\' escaped newline.
</p><p>
If the PAM authentication module (loadable link library file) is located in the
default location then it is not necessary to specify the path. In the case of
Linux, the default location is <tt class="filename">/lib/security</tt>. If the module
is located outside the default then the path must be specified as:
</p><p>
</p><pre class="screen">
auth required /other_path/pam_strange_module.so
</pre><p>
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2995568"></a>Anatomy of <tt class="filename">/etc/pam.d</tt> Entries</h4></div></div><div></div></div><p>
The remaining information in this subsection was taken from the documentation of the Linux-PAM
project. For more information on PAM, see
<a href="http://ftp.kernel.org/pub/linux/libs/pam/" target="_top">
http://ftp.kernel.org/pub/linux/libs/pam</a> The Official Linux-PAM home page.
</p><p>
A general configuration line of the /etc/pam.conf file has the following form:
</p><p>
</p><pre class="screen">
service-name module-type control-flag module-path args
</pre><p>
</p><p>
Below, we explain the meaning of each of these tokens. The second (and more recently adopted)
way of configuring Linux-PAM is via the contents of the <tt class="filename">/etc/pam.d/</tt> directory.
Once we have explained the meaning of the above tokens, we will describe this method.
</p><div class="variablelist"><dl><dt><span class="term">service-name</span></dt><dd><p>-</p><p>
The name of the service associated with this entry. Frequently the service name is the conventional
name of the given application. For example, `ftpd', `rlogind' and `su', etc. .
</p><p>
There is a special service-name, reserved for defining a default authentication mechanism. It has
the name `OTHER' and may be specified in either lower or upper case characters. Note, when there
is a module specified for a named service, the `OTHER' entries are ignored.
</p></dd><dt><span class="term">module-type</span></dt><dd><p>-</p><p>
One of (currently) four types of module. The four types are as follows:
</p><div class="itemizedlist"><ul type="disc"><li><p>
<span class="emphasis"><em>auth:</em></span> this module type provides two aspects of authenticating the user.
Firstly, it establishes that the user is who they claim to be, by instructing the application
to prompt the user for a password or other means of identification. Secondly, the module can
grant group membership (independently of the <tt class="filename">/etc/groups</tt> file discussed
above) or other privileges through its credential granting properties.
</p></li><li><p>
<span class="emphasis"><em>account:</em></span> this module performs non-authentication based account management.
It is typically used to restrict/permit access to a service based on the time of day, currently
available system resources (maximum number of users) or perhaps the location of the applicant
user `root' login only on the console.
</p></li><li><p>
<span class="emphasis"><em>session:</em></span> primarily, this module is associated with doing things that need
to be done for the user before/after they can be given service. Such things include the loggin
of information concerning the opening/closing of some data exchange with a user, mountin
directories, etc.
</p></li><li><p>
<span class="emphasis"><em>password:</em></span> this last module type is required for updating the authentication
token associated with the user. Typically, there is one module for each `challenge/response'
based authentication (auth) module-type.
</p></li></ul></div></dd><dt><span class="term">control-flag</span></dt><dd><p>-</p><p>
The control-flag is used to indicate how the PAM library will react to the success or failure of the
module it is associated with. Since modules can be stacked (modules of the same type execute in series,
one after another), the control-flags determine the relative importance of each module. The application
is not made aware of the individual success or failure of modules listed in the
<tt class="filename">/etc/pam.conf</tt> file. Instead, it receives a summary success or fail response from
the Linux-PAM library. The order of execution of these modules is that of the entries in the
<tt class="filename">/etc/pam.conf</tt> file; earlier entries are executed before later ones.
As of Linux-PAM v0.60, this control-flag can be defined with one of two syntaxes.
</p><p>
The simpler (and historical) syntax for the control-flag is a single keyword defined to indicate the
severity of concern associated with the success or failure of a specific module. There are four such
<span class="emphasis"><em>keywords: required, requisite, sufficient and optional</em></span>.
</p><p>
The Linux-PAM library interprets these keywords in the following manner:
</p><div class="itemizedlist"><ul type="disc"><li><p>
<span class="emphasis"><em>required:</em></span> this indicates that the success of the module is required for the
module-type facility to succeed. Failure of this module will not be apparent to the user until all
of the remaining modules (of the same module-type) have been executed.
</p></li><li><p>
<span class="emphasis"><em>requisite:</em></span> like required, however, in the case that such a module returns a
failure, control is directly returned to the application. The return value is that associated with
the first required or requisite module to fail. Note, this flag can be used to protect against the
possibility of a user getting the opportunity to enter a password over an unsafe medium. It is
conceivable that such behavior might inform an attacker of valid accounts on a system. This
possibility should be weighed against the not insignificant concerns of exposing a sensitive
password in a hostile environment.
</p></li><li><p>
<span class="emphasis"><em>sufficient:</em></span> the success of this module is deemed `sufficient' to satisfy
the Linux-PAM library that this module-type has succeeded in its purpose. In the event that no
previous required module has failed, no more `stacked' modules of this type are invoked. (Note,
in this case subsequent required modules are not invoked.). A failure of this module is not deemed
as fatal to satisfying the application that this module-type has succeeded.
</p></li><li><p>
<span class="emphasis"><em>optional:</em></span> as its name suggests, this control-flag marks the module as not
being critical to the success or failure of the user's application for service. In general,
Linux-PAM ignores such a module when determining if the module stack will succeed or fail.
However, in the absence of any definite successes or failures of previous or subsequent stacked
modules this module will determine the nature of the response to the application. One example of
this latter case, is when the other modules return something like PAM_IGNORE.
</p></li></ul></div><p>
The more elaborate (newer) syntax is much more specific and gives the administrator a great deal of control
over how the user is authenticated. This form of the control flag is delimeted with square brackets and
consists of a series of value=action tokens:
</p><pre class="screen">
[value1=action1 value2=action2 ...]
</pre><p>
Here, valueI is one of the following return values: success; open_err; symbol_err; service_err;
system_err; buf_err; perm_denied; auth_err; cred_insufficient; authinfo_unavail; user_unknown; maxtries;
new_authtok_reqd; acct_expired; session_err; cred_unavail; cred_expired; cred_err; no_module_data; conv_err;
authtok_err; authtok_recover_err; authtok_lock_busy; authtok_disable_aging; try_again; ignore; abort;
authtok_expired; module_unknown; bad_item; and default. The last of these (default) can be used to set
the action for those return values that are not explicitly defined.
</p><p>
The actionI can be a positive integer or one of the following tokens: ignore; ok; done; bad; die; and reset.
A positive integer, J, when specified as the action, can be used to indicate that the next J modules of the
current module-type will be skipped. In this way, the administrator can develop a moderately sophisticated
stack of modules with a number of different paths of execution. Which path is taken can be determined by the
reactions of individual modules.
</p><div class="itemizedlist"><ul type="disc"><li><p>
<span class="emphasis"><em>ignore:</em></span> when used with a stack of modules, the module's return status will not
contribute to the return code the application obtains.
</p></li><li><p>
<span class="emphasis"><em>bad:</em></span> this action indicates that the return code should be thought of as indicative
of the module failing. If this module is the first in the stack to fail, its status value will be used
for that of the whole stack.
</p></li><li><p>
<span class="emphasis"><em>die:</em></span> equivalent to bad with the side effect of terminating the module stack and
PAM immediately returning to the application.
</p></li><li><p>
<span class="emphasis"><em>ok:</em></span> this tells PAM that the administrator thinks this return code should
contribute directly to the return code of the full stack of modules. In other words, if the former
state of the stack would lead to a return of PAM_SUCCESS, the module's return code will override
this value. Note, if the former state of the stack holds some value that is indicative of a modules
failure, this 'ok' value will not be used to override that value.
</p></li><li><p>
<span class="emphasis"><em>done:</em></span> equivalent to ok with the side effect of terminating the module stack and
PAM immediately returning to the application.
</p></li><li><p>
<span class="emphasis"><em>reset:</em></span> clear all memory of the state of the module stack and start again with
the next stacked module.
</p></li></ul></div><p>
Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in
terms of the [...] syntax. They are as follows:
</p><p>
</p><div class="itemizedlist"><ul type="disc"><li><p>
required is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=bad]
</p></li><li><p>
requisite is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=die]
</p></li><li><p>
sufficient is equivalent to [success=done new_authtok_reqd=done default=ignore]
</p></li><li><p>
optional is equivalent to [success=ok new_authtok_reqd=ok default=ignore]
</p></li></ul></div><p>
</p><p>
Just to get a feel for the power of this new syntax, here is a taste of what you can do with it. With Linux-PAM-0.63,
the notion of client plug-in agents was introduced. This is something that makes it possible for PAM to support
machine-machine authentication using the transport protocol inherent to the client/server application. With the
<span class="emphasis"><em>[ ... value=action ... ]</em></span> control syntax, it is possible for an application to be configured
to support binary prompts with compliant clients, but to gracefully fall over into an alternative authentication
mode for older, legacy, applications.
</p></dd><dt><span class="term">module-path</span></dt><dd><p>-</p><p>
The path-name of the dynamically loadable object file; the pluggable module itself. If the first character of the
module path is `/', it is assumed to be a complete path. If this is not the case, the given module path is appended
to the default module path: <tt class="filename">/lib/security</tt> (but see the notes above).
</p><p>
The args are a list of tokens that are passed to the module when it is invoked. Much like arguments to a typical
Linux shell command. Generally, valid arguments are optional and are specific to any given module. Invalid arguments
are ignored by a module, however, when encountering an invalid argument, the module is required to write an error
to syslog(3). For a list of generic options see the next section.
</p><p>
Note, if you wish to include spaces in an argument, you should surround that argument with square brackets. For example:
</p><pre class="screen">
squid auth required pam_mysql.so user=passwd_query passwd=mada \
db=eminence [query=select user_name from internet_service where \
user_name='%u' and password=PASSWORD('%p') and \
service='web_proxy']
</pre><p>
Note, when using this convention, you can include `[' characters inside the string, and if you wish to include a `]'
character inside the string that will survive the argument parsing, you should use `\['. In other words:
</p><pre class="screen">
[..[..\]..] --&gt; ..[..]..
</pre><p>
Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the
side of caution) to make the authentication process fail. A corresponding error is written to the system log files
with a call to syslog(3).
</p></dd></dl></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996183"></a>Example System Configurations</h3></div></div><div></div></div><p>
The following is an example <tt class="filename">/etc/pam.d/login</tt> configuration file.
This example had all options been uncommented is probably not usable
as it stacks many conditions before allowing successful completion
of the login process. Essentially all conditions can be disabled
by commenting them out except the calls to <TT
CLASS="FILENAME"
>pam_pwdb.so</TT
>.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
by commenting them out except the calls to <tt class="filename">pam_pwdb.so</tt>.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996213"></a>PAM: original login config</h4></div></div><div></div></div><pre class="screen">
#%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_securetty.so
auth required pam_nologin.so
# auth required pam_dialup.so
# auth optional pam_mail.so
auth required pam_pwdb.so shadow md5
# account requisite pam_time.so
account required pam_pwdb.so
session required pam_pwdb.so
# session optional pam_lastlog.so
# password required pam_cracklib.so retry=3
password required pam_pwdb.so shadow md5</PRE
></P
><P
>PAM allows use of replacable modules. Those available on a
sample system include:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>$ /bin/ls /lib/security
auth required pam_securetty.so
auth required pam_nologin.so
# auth required pam_dialup.so
# auth optional pam_mail.so
auth required pam_pwdb.so shadow md5
# account requisite pam_time.so
account required pam_pwdb.so
session required pam_pwdb.so
# session optional pam_lastlog.so
# password required pam_cracklib.so retry=3
password required pam_pwdb.so shadow md5
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996239"></a>PAM: login using pam_smbpass</h4></div></div><div></div></div><p>
PAM allows use of replacable modules. Those available on a sample system include:
</p><p><tt class="prompt">$</tt><b class="userinput"><tt>/bin/ls /lib/security</tt></b>
</p><pre class="screen">
pam_access.so pam_ftp.so pam_limits.so
pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so
pam_cracklib.so pam_group.so pam_listfile.so
@ -164,262 +296,227 @@ pam_pwdb.so pam_shells.so pam_unix.so
pam_env.so pam_ldap.so pam_motd.so
pam_radius.so pam_smbpass.so pam_unix_acct.so
pam_wheel.so pam_unix_auth.so pam_unix_passwd.so
pam_userdb.so pam_warn.so pam_unix_session.so</PRE
></P
><P
>The following example for the login program replaces the use of
the <TT
CLASS="FILENAME"
>pam_pwdb.so</TT
> module which uses the system
password database (<TT
CLASS="FILENAME"
>/etc/passwd</TT
>,
<TT
CLASS="FILENAME"
>/etc/shadow</TT
>, <TT
CLASS="FILENAME"
>/etc/group</TT
>) with
the module <TT
CLASS="FILENAME"
>pam_smbpass.so</TT
> which uses the Samba
pam_userdb.so pam_warn.so pam_unix_session.so
</pre><p>
The following example for the login program replaces the use of
the <tt class="filename">pam_pwdb.so</tt> module which uses the system
password database (<tt class="filename">/etc/passwd</tt>,
<tt class="filename">/etc/shadow</tt>, <tt class="filename">/etc/group</tt>) with
the module <tt class="filename">pam_smbpass.so</tt> which uses the Samba
database which contains the Microsoft MD4 encrypted password
hashes. This database is stored in either
<TT
CLASS="FILENAME"
>/usr/local/samba/private/smbpasswd</TT
>,
<TT
CLASS="FILENAME"
>/etc/samba/smbpasswd</TT
>, or in
<TT
CLASS="FILENAME"
>/etc/samba.d/smbpasswd</TT
>, depending on the
<tt class="filename">/usr/local/samba/private/smbpasswd</tt>,
<tt class="filename">/etc/samba/smbpasswd</tt>, or in
<tt class="filename">/etc/samba.d/smbpasswd</tt>, depending on the
Samba implementation for your Unix/Linux system. The
<TT
CLASS="FILENAME"
>pam_smbpass.so</TT
> module is provided by
<tt class="filename">pam_smbpass.so</tt> module is provided by
Samba version 2.2.1 or later. It can be compiled by specifying the
<B
CLASS="COMMAND"
>--with-pam_smbpass</B
> options when running Samba's
<TT
CLASS="FILENAME"
>configure</TT
> script. For more information
on the <TT
CLASS="FILENAME"
>pam_smbpass</TT
> module, see the documentation
in the <TT
CLASS="FILENAME"
>source/pam_smbpass</TT
> directory of the Samba
source distribution.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
<tt class="option">--with-pam_smbpass</tt> options when running Samba's
<b class="command">configure</b> script. For more information
on the <tt class="filename">pam_smbpass</tt> module, see the documentation
in the <tt class="filename">source/pam_smbpass</tt> directory of the Samba
source distribution.
</p><pre class="screen">
#%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_smbpass.so nodelay
account required pam_smbpass.so nodelay
session required pam_smbpass.so nodelay
password required pam_smbpass.so nodelay</PRE
></P
><P
>The following is the PAM configuration file for a particular
Linux system. The default condition uses <TT
CLASS="FILENAME"
>pam_pwdb.so</TT
>.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
auth required pam_smbpass.so nodelay
account required pam_smbpass.so nodelay
session required pam_smbpass.so nodelay
password required pam_smbpass.so nodelay
</pre><p>
The following is the PAM configuration file for a particular
Linux system. The default condition uses <tt class="filename">pam_pwdb.so</tt>.
</p><pre class="screen">
#%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_pwdb.so shadow md5</PRE
></P
><P
>In the following example the decision has been made to use the
auth required pam_pwdb.so nullok nodelay shadow audit
account required pam_pwdb.so audit nodelay
session required pam_pwdb.so nodelay
password required pam_pwdb.so shadow md5
</pre><p>
In the following example the decision has been made to use the
smbpasswd database even for basic samba authentication. Such a
decision could also be made for the passwd program and would
thus allow the smbpasswd passwords to be changed using the passwd
program.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
program.
</p><pre class="screen">
#%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_smbpass.so nodelay
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
></P
><P
>Note: PAM allows stacking of authentication mechanisms. It is
auth required pam_smbpass.so nodelay
account required pam_pwdb.so audit nodelay
session required pam_pwdb.so nodelay
password required pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf
</pre><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>PAM allows stacking of authentication mechanisms. It is
also possible to pass information obtained within one PAM module through
to the next module in the PAM stack. Please refer to the documentation for
your particular system implementation for details regarding the specific
capabilities of PAM in this environment. Some Linux implmentations also
provide the <TT
CLASS="FILENAME"
>pam_stack.so</TT
> module that allows all
provide the <tt class="filename">pam_stack.so</tt> module that allows all
authentication to be configured in a single central file. The
<TT
CLASS="FILENAME"
>pam_stack.so</TT
> method has some very devoted followers
<tt class="filename">pam_stack.so</tt> method has some very devoted followers
on the basis that it allows for easier administration. As with all issues in
life though, every decision makes trade-offs, so you may want examine the
PAM documentation for further helpful information.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1832">12.2. Distributed Authentication</H1
><P
>The astute administrator will realize from this that the
combination of <TT
CLASS="FILENAME"
>pam_smbpass.so</TT
>,
<B
CLASS="COMMAND"
>winbindd</B
>, and <B
CLASS="COMMAND"
>rsync</B
> (see
<A
HREF="http://rsync.samba.org/"
TARGET="_top"
>http://rsync.samba.org/</A
>)
will allow the establishment of a centrally managed, distributed
user/password database that can also be used by all
PAM (eg: Linux) aware programs and applications. This arrangement
can have particularly potent advantages compared with the
use of Microsoft Active Directory Service (ADS) in so far as
reduction of wide area network authentication traffic.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1839">12.3. PAM Configuration in smb.conf</H1
><P
>There is an option in smb.conf called <A
HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
TARGET="_top"
>obey pam restrictions</A
>.
The following is from the on-line help for this option in SWAT;</P
><P
>When Samba 2.2 is configure to enable PAM support (i.e.
<TT
CLASS="CONSTANT"
>--with-pam</TT
>), this parameter will
PAM documentation for further helpful information.
</p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996484"></a>smb.conf PAM Configuration</h3></div></div><div></div></div><p>
There is an option in smb.conf called <a href="smb.conf.5.html#OBEYPAMRESTRICTIONS" target="_top">obey pam restrictions</a>.
The following is from the on-line help for this option in SWAT;
</p><p>
When Samba-3 is configured to enable PAM support (i.e.
<tt class="option">--with-pam</tt>), this parameter will
control whether or not Samba should obey PAM's account
and session management directives. The default behavior
is to use PAM for clear text authentication only and to
ignore any account or session management. Note that Samba always
ignores PAM for authentication in the case of
<A
HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
TARGET="_top"
>encrypt passwords = yes</A
>.
<a href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = yes</a>.
The reason is that PAM modules cannot support the challenge/response
authentication mechanism needed in the presence of SMB
password encryption. </P
><P
>Default: <B
CLASS="COMMAND"
>obey pam restrictions = no</B
></P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="unix-permissions.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="msdfs.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>UNIX Permission Bits and Windows NT Access Control Lists</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Hosting a Microsoft Distributed File System tree on Samba</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
password encryption.
</p><p>Default: <i class="parameter"><tt>obey pam restrictions = no</tt></i></p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996541"></a>Remote CIFS Authentication using winbindd.so</h3></div></div><div></div></div><p>
All operating systems depend on the provision of users credentials accecptable to the platform.
Unix requires the provision of a user identifier (UID) as well as a group identifier (GID).
These are both simple integer type numbers that are obtained from a password backend such
as <tt class="filename">/etc/passwd</tt>.
</p><p>
Users and groups on a Windows NT server are assigned a relative id (rid) which is unique for
the domain when the user or group is created. To convert the Windows NT user or group into
a unix user or group, a mapping between rids and unix user and group ids is required. This
is one of the jobs that winbind performs.
</p><p>
As winbind users and groups are resolved from a server, user and group ids are allocated
from a specified range. This is done on a first come, first served basis, although all
existing users and groups will be mapped as soon as a client performs a user or group
enumeration command. The allocated unix ids are stored in a database file under the Samba
lock directory and will be remembered.
</p><p>
The astute administrator will realize from this that the combination of <tt class="filename">pam_smbpass.so</tt>,
<b class="command">winbindd</b>, and a distributed passdb backend, such as ldap, will allow the establishment of a
centrally managed, distributed user/password database that can also be used by all PAM (eg: Linux) aware
programs and applications. This arrangement can have particularly potent advantages compared with the use of
Microsoft Active Directory Service (ADS) in so far as reduction of wide area network authentication traffic.
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
The rid to unix id database is the only location where the user and group mappings are
stored by winbindd. If this file is deleted or corrupted, there is no way for winbindd
to determine which user and group ids correspond to Windows NT user and group rids.
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996625"></a>Password Synchronization using pam_smbpass.so</h3></div></div><div></div></div><p>
pam_smbpass is a PAM module which can be used on conforming systems to
keep the smbpasswd (Samba password) database in sync with the unix
password file. PAM (Pluggable Authentication Modules) is an API supported
under some Unices, such as Solaris, HPUX and Linux, that provides a
generic interface to authentication mechanisms.
</p><p>
This module authenticates a local smbpasswd user database. If you require
support for authenticating against a remote SMB server, or if you're
concerned about the presence of suid root binaries on your system, it is
recommended that you use pam_winbind instead.
</p><p>
Options recognized by this module are as follows:
</p><div class="table"><a name="id2996658"></a><p class="title"><b>Table 25.1. Options recognized by pam_smbpass</b></p><table summary="Options recognized by pam_smbpass" border="1"><colgroup><col><col></colgroup><tbody><tr><td align="left">debug</td><td align="left">log more debugging info</td></tr><tr><td align="left">audit</td><td align="left">like debug, but also logs unknown usernames</td></tr><tr><td align="left">use_first_pass</td><td align="left">don't prompt the user for passwords; take them from PAM_ items instead</td></tr><tr><td align="left">try_first_pass</td><td align="left">try to get the password from a previous PAM module, fall back to prompting the user</td></tr><tr><td align="left">use_authtok</td><td align="left">like try_first_pass, but *fail* if the new PAM_AUTHTOK has not been previously set. (intended for stacking password modules only)</td></tr><tr><td align="left">not_set_pass</td><td align="left">don't make passwords used by this module available to other modules.</td></tr><tr><td align="left">nodelay</td><td align="left">don't insert ~1 second delays on authentication failure.</td></tr><tr><td align="left">nullok</td><td align="left">null passwords are allowed.</td></tr><tr><td align="left">nonull</td><td align="left">null passwords are not allowed. Used to override the Samba configuration.</td></tr><tr><td align="left">migrate</td><td align="left">only meaningful in an &quot;auth&quot; context; used to update smbpasswd file with a password used for successful authentication.</td></tr><tr><td align="left">smbconf=<i class="replaceable"><tt>file</tt></i></td><td align="left">specify an alternate path to the <tt class="filename">smb.conf</tt> file.</td></tr></tbody></table></div><p>
</p><p>
Thanks go to the following people:
</p><table class="simplelist" border="0" summary="Simple list"><tr><td><a href="mailto:morgan@transmeta.com" target="_top">Andrew Morgan</a>, for providing the Linux-PAM
framework, without which none of this would have happened</td></tr><tr><td><a href="gafton@redhat.com" target="_top">Christian Gafton</a> and Andrew Morgan again, for the
pam_pwdb module upon which pam_smbpass was originally based</td></tr><tr><td><a href="lkcl@switchboard.net" target="_top">Luke Leighton</a> for being receptive to the idea,
and for the occasional good-natured complaint about the project's status
that keep me working on it :)</td></tr></table><p>.
</p><p>
The following are examples of the use of pam_smbpass.so in the format of Linux
<tt class="filename">/etc/pam.d/</tt> files structure. Those wishing to implement this
tool on other platforms will need to adapt this appropriately.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996858"></a>Password Synchronisation Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration that shows the use of pam_smbpass to make
sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
is changed. Useful when an expired password might be changed by an
application (such as ssh).
</p><pre class="screen">
#%PAM-1.0
# password-sync
#
auth requisite pam_nologin.so
auth required pam_unix.so
account required pam_unix.so
password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password required pam_smbpass.so nullok use_authtok try_first_pass
session required pam_unix.so
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996891"></a>Password Migration Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration that shows the use of pam_smbpass to migrate
from plaintext to encrypted passwords for Samba. Unlike other methods,
this can be used for users who have never connected to Samba shares:
password migration takes place when users ftp in, login using ssh, pop
their mail, etc.
</p><pre class="screen">
#%PAM-1.0
# password-migration
#
auth requisite pam_nologin.so
# pam_smbpass is called IF pam_unix succeeds.
auth requisite pam_unix.so
auth optional pam_smbpass.so migrate
account required pam_unix.so
password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password optional pam_smbpass.so nullok use_authtok try_first_pass
session required pam_unix.so
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996926"></a>Mature Password Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration for a 'mature' smbpasswd installation.
private/smbpasswd is fully populated, and we consider it an error if
the smbpasswd doesn't exist or doesn't match the Unix password.
</p><pre class="screen">
#%PAM-1.0
# password-mature
#
auth requisite pam_nologin.so
auth required pam_unix.so
account required pam_unix.so
password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password required pam_smbpass.so use_authtok use_first_pass
session required pam_unix.so
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996958"></a>Kerberos Password Integration Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration that shows pam_smbpass used together with
pam_krb5. This could be useful on a Samba PDC that is also a member of
a Kerberos realm.
</p><pre class="screen">
#%PAM-1.0
# kdc-pdc
#
auth requisite pam_nologin.so
auth requisite pam_krb5.so
auth optional pam_smbpass.so migrate
account required pam_krb5.so
password requisite pam_cracklib.so retry=3
password optional pam_smbpass.so nullok use_authtok try_first_pass
password required pam_krb5.so use_authtok try_first_pass
session required pam_krb5.so
</pre></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2996992"></a>Common Errors</h2></div></div><div></div></div><p>
PAM can be a very fickle and sensitive to configuration glitches. Here we look at a few cases from
the Samba mailing list.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2997005"></a>pam_winbind problem</h3></div></div><div></div></div><p>
I have the following PAM configuration:
</p><p>
</p><pre class="screen">
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass nullok
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
</pre><p>
</p><p>
When I open a new console with [ctrl][alt][F1], then I cant log in with my user &quot;pitie&quot;.
I've tried with user &quot;scienceu+pitie&quot; also.
</p><p>
Answer: The problem may lie with your inclusion of <i class="parameter"><tt>pam_stack.so
service=system-auth</tt></i>. That file often contains a lot of stuff that may
duplicate what you're already doing. Try commenting out the pam_stack lines
for auth and account and see if things work. If they do, look at
<tt class="filename">/etc/pam.d/system-auth</tt> and copy only what you need from it into your
<tt class="filename">/etc/pam.d/login</tt> file. Alternatively, if you want all services to use
winbind, you can put the winbind-specific stuff in <tt class="filename">/etc/pam.d/system-auth</tt>.
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ProfileMgmt.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="integrate-ms-networks.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 24. Desktop Profile Management </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 26. Integrating MS Windows networks with Samba</td></tr></table></div></body></html>

686
docs/htmldocs/pdbedit.8.html
View File

@ -1,606 +1,136 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>pdbedit</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="PDBEDIT">pdbedit</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>pdbedit&nbsp;--&nbsp;manage the SAM database</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>pdbedit</B
> [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-g] [-b passdb-backend] [-d debuglevel] [-s configfile] [-P account-policy] [-V value]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN31"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>The pdbedit program is used to manage the users accounts
stored in the sam database and can only be run by root.</P
><P
>The pdbedit tool uses the passdb modular interface and is
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>pdbedit</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="pdbedit.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>pdbedit &#8212; manage the SAM database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">pdbedit</tt> [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The pdbedit program is used to manage the users accounts
stored in the sam database and can only be run by root.</p><p>The pdbedit tool uses the passdb modular interface and is
independent from the kind of users database used (currently there
are smbpasswd, ldap, nis+ and tdb based and more can be added
without changing the tool).</P
><P
>There are five main ways to use pdbedit: adding a user account,
without changing the tool).</p><p>There are five main ways to use pdbedit: adding a user account,
removing a user account, modifing a user account, listing user
accounts, importing users accounts.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN38"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-l</DT
><DD
><P
>This option lists all the user accounts
accounts, importing users accounts.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-L</span></dt><dd><p>This option lists all the user accounts
present in the users database.
This option prints a list of user/uid pairs separated by
the ':' character.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -l</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> sorce:500:Simo Sorce
samba:45:Test User
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
>-v</DT
><DD
><P
>This option enables the verbose listing format.
the ':' character.</p><p>Example: <b class="command">pdbedit -L</b></p><pre class="screen">
sorce:500:Simo Sorce
samba:45:Test User
</pre></dd><dt><span class="term">-v</span></dt><dd><p>This option enables the verbose listing format.
It causes pdbedit to list the users in the database, printing
out the account fields in a descriptive format.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -l -v</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> ---------------
username: sorce
user ID/Group: 500/500
user RID/GRID: 2000/2001
Full Name: Simo Sorce
Home Directory: \\BERSERKER\sorce
HomeDir Drive: H:
Logon Script: \\BERSERKER\netlogon\sorce.bat
Profile Path: \\BERSERKER\profile
---------------
username: samba
user ID/Group: 45/45
user RID/GRID: 1090/1091
Full Name: Test User
Home Directory: \\BERSERKER\samba
HomeDir Drive:
Logon Script:
Profile Path: \\BERSERKER\profile
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
>-w</DT
><DD
><P
>This option sets the "smbpasswd" listing format.
out the account fields in a descriptive format.</p><p>Example: <b class="command">pdbedit -l -v</b></p><pre class="screen">
---------------
username: sorce
user ID/Group: 500/500
user RID/GRID: 2000/2001
Full Name: Simo Sorce
Home Directory: \\BERSERKER\sorce
HomeDir Drive: H:
Logon Script: \\BERSERKER\netlogon\sorce.bat
Profile Path: \\BERSERKER\profile
---------------
username: samba
user ID/Group: 45/45
user RID/GRID: 1090/1091
Full Name: Test User
Home Directory: \\BERSERKER\samba
HomeDir Drive:
Logon Script:
Profile Path: \\BERSERKER\profile
</pre></dd><dt><span class="term">-w</span></dt><dd><p>This option sets the &quot;smbpasswd&quot; listing format.
It will make pdbedit list the users in the database, printing
out the account fields in a format compatible with the
<TT
CLASS="FILENAME"
>smbpasswd</TT
> file format. (see the <A
HREF="smbpasswd.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smbpasswd(5)</TT
></A
> for details)</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -l -w</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
>-u username</DT
><DD
><P
>This option specifies the username to be
<tt class="filename">smbpasswd</tt> file format. (see the
<a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for details)</p><p>Example: <b class="command">pdbedit -L -w</b></p><pre class="screen">
sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
</pre></dd><dt><span class="term">-u username</span></dt><dd><p>This option specifies the username to be
used for the operation requested (listing, adding, removing).
It is <I
CLASS="EMPHASIS"
>required</I
> in add, remove and modify
operations and <I
CLASS="EMPHASIS"
>optional</I
> in list
operations.</P
></DD
><DT
>-f fullname</DT
><DD
><P
>This option can be used while adding or
It is <span class="emphasis"><em>required</em></span> in add, remove and modify
operations and <span class="emphasis"><em>optional</em></span> in list
operations.</p></dd><dt><span class="term">-f fullname</span></dt><dd><p>This option can be used while adding or
modifing a user account. It will specify the user's full
name. </P
><P
>Example: <B
CLASS="COMMAND"
>-f "Simo Sorce"</B
></P
></DD
><DT
>-h homedir</DT
><DD
><P
>This option can be used while adding or
name. </p><p>Example: <b class="command">-f &quot;Simo Sorce&quot;</b></p></dd><dt><span class="term">-h homedir</span></dt><dd><p>This option can be used while adding or
modifing a user account. It will specify the user's home
directory network path.</P
><P
>Example: <B
CLASS="COMMAND"
>-h "\\\\BERSERKER\\sorce"</B
>
</P
></DD
><DT
>-D drive</DT
><DD
><P
>This option can be used while adding or
directory network path.</p><p>Example: <b class="command">-h &quot;\\\\BERSERKER\\sorce&quot;</b>
</p></dd><dt><span class="term">-D drive</span></dt><dd><p>This option can be used while adding or
modifing a user account. It will specify the windows drive
letter to be used to map the home directory.</P
><P
>Example: <B
CLASS="COMMAND"
>-d "H:"</B
>
</P
></DD
><DT
>-S script</DT
><DD
><P
>This option can be used while adding or
letter to be used to map the home directory.</p><p>Example: <b class="command">-d &quot;H:&quot;</b>
</p></dd><dt><span class="term">-S script</span></dt><dd><p>This option can be used while adding or
modifing a user account. It will specify the user's logon
script path.</P
><P
>Example: <B
CLASS="COMMAND"
>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</B
>
</P
></DD
><DT
>-p profile</DT
><DD
><P
>This option can be used while adding or
script path.</p><p>Example: <b class="command">-s &quot;\\\\BERSERKER\\netlogon\\sorce.bat&quot;</b>
</p></dd><dt><span class="term">-p profile</span></dt><dd><p>This option can be used while adding or
modifing a user account. It will specify the user's profile
directory.</P
><P
>Example: <B
CLASS="COMMAND"
>-p "\\\\BERSERKER\\netlogon"</B
>
</P
></DD
><DT
>-a</DT
><DD
><P
>This option is used to add a user into the
directory.</p><p>Example: <b class="command">-p &quot;\\\\BERSERKER\\netlogon&quot;</b>
</p></dd><dt><span class="term">-G SID|rid</span></dt><dd><p>
This option can be used while adding or modifying a user account. It
will specify the users' new primary group SID (Security Identifier) or
rid. </p><p>Example: <b class="command">-G S-1-5-21-2447931902-1787058256-3961074038-1201</b></p></dd><dt><span class="term">-U SID|rid</span></dt><dd><p>
This option can be used while adding or modifying a user account. It
will specify the users' new SID (Security Identifier) or
rid. </p><p>Example: <b class="command">-U S-1-5-21-2447931902-1787058256-3961074038-5004</b></p></dd><dt><span class="term">-c account-control</span></dt><dd><p>This option can be used while adding or modifying a user
account. It will specify the users' account control property. Possible
flags that can be set are: N, D, H, L, X.
</p><p>Example: <b class="command">-c &quot;[X ]&quot;</b></p></dd><dt><span class="term">-a</span></dt><dd><p>This option is used to add a user into the
database. This command needs a user name specified with
the -u switch. When adding a new user, pdbedit will also
ask for the password to be used.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -a -u sorce</B
>
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>new password:
retype new password</PRE
></TD
></TR
></TABLE
>
</P
></DD
><DT
>-m</DT
><DD
><P
>This option may only be used in conjunction
with the <TT
CLASS="PARAMETER"
><I
>-a</I
></TT
> option. It will make
ask for the password to be used.</p><p>Example: <b class="command">pdbedit -a -u sorce</b>
</p><pre class="programlisting">new password:
retype new password
</pre><p>
</p></dd><dt><span class="term">-r</span></dt><dd><p>This option is used to modify an existing user
in the database. This command needs a user name specified with the -u
switch. Other options can be specified to modify the properties of
the specified user. This flag is kept for backwards compatibility, but
it is no longer necessary to specify it.
</p></dd><dt><span class="term">-m</span></dt><dd><p>This option may only be used in conjunction
with the <i class="parameter"><tt>-a</tt></i> option. It will make
pdbedit to add a machine trust account instead of a user
account (-u username will provide the machine name).</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -a -m -u w2k-wks</B
>
</P
></DD
><DT
>-x</DT
><DD
><P
>This option causes pdbedit to delete an account
account (-u username will provide the machine name).</p><p>Example: <b class="command">pdbedit -a -m -u w2k-wks</b>
</p></dd><dt><span class="term">-x</span></dt><dd><p>This option causes pdbedit to delete an account
from the database. It needs a username specified with the
-u switch.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -x -u bob</B
></P
></DD
><DT
>-i passdb-backend</DT
><DD
><P
>Use a different passdb backend to retrieve users
-u switch.</p><p>Example: <b class="command">pdbedit -x -u bob</b></p></dd><dt><span class="term">-i passdb-backend</span></dt><dd><p>Use a different passdb backend to retrieve users
than the one specified in smb.conf. Can be used to import data into
your local user database.</P
><P
>This option will ease migration from one passdb backend to
another.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -i smbpasswd:/etc/smbpasswd.old
</B
></P
></DD
><DT
>-e passdb-backend</DT
><DD
><P
>Exports all currently available users to the
specified password database backend.</P
><P
>This option will ease migration from one passdb backend to
another and will ease backing up.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -e smbpasswd:/root/samba-users.backup</B
></P
></DD
><DT
>-g</DT
><DD
><P
>If you specify <TT
CLASS="PARAMETER"
><I
>-g</I
></TT
>,
then <TT
CLASS="PARAMETER"
><I
>-i in-backend -e out-backend</I
></TT
>
applies to the group mapping instead of the user database.
</P
><P
>This option will ease migration from one passdb backend to
another and will ease backing up.</P
></DD
><DT
>-b passdb-backend</DT
><DD
><P
>Use a different default passdb backend. </P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -b xml:/root/pdb-backup.xml -l</B
></P
></DD
><DT
>-P account-policy</DT
><DD
><P
>Display an account policy</P
><P
>Valid policies are: minimum password age, reset count minutes, disconnect time,
your local user database.</p><p>This option will ease migration from one passdb backend to
another.</p><p>Example: <b class="command">pdbedit -i smbpasswd:/etc/smbpasswd.old
</b></p></dd><dt><span class="term">-e passdb-backend</span></dt><dd><p>Exports all currently available users to the
specified password database backend.</p><p>This option will ease migration from one passdb backend to
another and will ease backing up.</p><p>Example: <b class="command">pdbedit -e smbpasswd:/root/samba-users.backup</b></p></dd><dt><span class="term">-g</span></dt><dd><p>If you specify <i class="parameter"><tt>-g</tt></i>,
then <i class="parameter"><tt>-i in-backend -e out-backend</tt></i>
applies to the group mapping instead of the user database.</p><p>This option will ease migration from one passdb backend to
another and will ease backing up.</p></dd><dt><span class="term">-b passdb-backend</span></dt><dd><p>Use a different default passdb backend. </p><p>Example: <b class="command">pdbedit -b xml:/root/pdb-backup.xml -l</b></p></dd><dt><span class="term">-P account-policy</span></dt><dd><p>Display an account policy</p><p>Valid policies are: minimum password age, reset count minutes, disconnect time,
user must logon to change password, password history, lockout duration, min password length,
maximum password age and bad lockout attempt.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -P "bad lockout attempt"</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> account policy value for bad lockout attempt is 0
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
>-V account-policy-value</DT
><DD
><P
>Sets an account policy to a specified value.
maximum password age and bad lockout attempt.</p><p>Example: <b class="command">pdbedit -P &quot;bad lockout attempt&quot;</b></p><pre class="programlisting">
account policy value for bad lockout attempt is 0
</pre></dd><dt><span class="term">-C account-policy-value</span></dt><dd><p>Sets an account policy to a specified value.
This option may only be used in conjunction
with the <TT
CLASS="PARAMETER"
><I
>-P</I
></TT
> option.
</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -P "bad lockout attempt" -V 3</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
>-d|--debug=debuglevel</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>debuglevel</I
></TT
> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will
override the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log
level</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
><DD
><P
>The file specified contains the
with the <i class="parameter"><tt>-P</tt></i> option.
</p><p>Example: <b class="command">pdbedit -P &quot;bad lockout attempt&quot; -C 3</b></p><pre class="programlisting">
account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
</pre></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> for more information.
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN190"
></A
><H2
>NOTES</H2
><P
>This command may be used only by root.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN193"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN196"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbpasswd.8.html"
TARGET="_top"
>smbpasswd(8)</A
>,
<A
HREF="samba.7.html"
TARGET="_top"
>samba(7)</A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN201"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>NOTES</h2><p>This command may be used only by root.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
to the way the Linux kernel is developed.</p></div></div></body></html>

3604
docs/htmldocs/printing.html
View File

File diff suppressed because it is too large Load Diff

871
docs/htmldocs/rpcclient.1.html
View File

@ -1,781 +1,198 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>rpcclient</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="RPCCLIENT"
></A
>rpcclient</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>rpcclient&nbsp;--&nbsp;tool for executing client side
MS-RPC functions</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>rpcclient</B
> [-A authfile] [-c &lt;command string&gt;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &lt;smb config file&gt;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN23"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>rpcclient</B
> is a utility initially developed
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>rpcclient</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="rpcclient.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>rpcclient &#8212; tool for executing client side
MS-RPC functions</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">rpcclient</tt> [-A authfile] [-c &lt;command string&gt;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &lt;smb config file&gt;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">rpcclient</b> is a utility initially developed
to test MS-RPC functionality in Samba itself. It has undergone
several stages of development and stability. Many system administrators
have now written scripts around it to manage Windows NT clients from
their UNIX workstation. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN29"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>server</DT
><DD
><P
>NetBIOS name of Server to which to connect.
their UNIX workstation. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">server</span></dt><dd><p>NetBIOS name of Server to which to connect.
The server can be any SMB/CIFS server. The name is
resolved using the <A
HREF="smb.conf.5.html#NAMERESOLVEORDER"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>name resolve order</I
></TT
></A
> line from
<TT
CLASS="FILENAME"
>smb.conf(5)</TT
>.</P
></DD
><DT
>-A|--authfile=filename</DT
><DD
><P
>This option allows
you to specify a file from which to read the username and
password used in the connection. The format of the file is
</P
><P
><PRE
CLASS="PROGRAMLISTING"
> username = &lt;value&gt;
password = &lt;value&gt;
domain = &lt;value&gt;
</PRE
></P
><P
>Make certain that the permissions on the file restrict
access from unwanted users. </P
></DD
><DT
>-c|--command='command string'</DT
><DD
><P
>execute semicolon separated commands (listed
below)) </P
></DD
><DT
>-d|--debug=debuglevel</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>debuglevel</I
></TT
> is an integer
resolved using the <a href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">
<i class="parameter"><tt>name resolve order</tt></i></a> line from <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-c|--command='command string'</span></dt><dd><p>execute semicolon separated commands (listed
below)) </p></dd><dt><span class="term">-I IP-address</span></dt><dd><p><i class="replaceable"><tt>IP address</tt></i> is the address of the server to connect to.
It should be specified in standard &quot;a.b.c.d&quot; notation. </p><p>Normally the client would attempt to locate a named
SMB/CIFS server by looking it up via the NetBIOS name resolution
mechanism described above in the <i class="parameter"><tt>name resolve order</tt></i>
parameter above. Using this parameter will force the client
to assume that the server is on the machine with the specified IP
address and the NetBIOS name component of the resource being
connected to will be ignored. </p><p>There is no default for this parameter. If not supplied,
it will be determined automatically by the client as described
above. </p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will be
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will
override the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log
level</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
><DT
>-I IP-address</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>IP address</I
></TT
> is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation. </P
><P
>Normally the client would attempt to locate a named
SMB/CIFS server by looking it up via the NetBIOS name resolution
mechanism described above in the <TT
CLASS="PARAMETER"
><I
>name resolve order</I
></TT
>
parameter above. Using this parameter will force the client
to assume that the server is on the machine with the specified IP
address and the NetBIOS name component of the resource being
connected to will be ignored. </P
><P
>There is no default for this parameter. If not supplied,
it will be determined automatically by the client as described
above. </P
></DD
><DT
>-l|--logfile=logbasename</DT
><DD
><P
>File name for log/debug files. The extension
<TT
CLASS="CONSTANT"
>'.client'</TT
> will be appended. The log file is
never removed by the client.
</P
></DD
><DT
>-N|--nopass</DT
><DD
><P
>instruct <B
CLASS="COMMAND"
>rpcclient</B
> not to ask
for a password. By default, <B
CLASS="COMMAND"
>rpcclient</B
> will
prompt for a password. See also the <TT
CLASS="PARAMETER"
><I
>-U</I
></TT
>
option.</P
></DD
><DT
>-s|--conf=smb.conf</DT
><DD
><P
>Specifies the location of the all-important
<TT
CLASS="FILENAME"
>smb.conf</TT
> file. </P
></DD
><DT
>-U|--user=username[%password]</DT
><DD
><P
>Sets the SMB username or username and password. </P
><P
>If %password is not specified, the user will be prompted. The
client will first check the <TT
CLASS="ENVAR"
>USER</TT
> environment variable, then the
<TT
CLASS="ENVAR"
>LOGNAME</TT
> variable and if either exists, the
string is uppercased. If these environmental variables are not
found, the username <TT
CLASS="CONSTANT"
>GUEST</TT
> is used. </P
><P
>A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
<TT
CLASS="PARAMETER"
><I
>-A</I
></TT
> for more details. </P
><P
>Be cautious about including passwords in scripts. Also, on
many systems the command line of a running process may be seen
via the <B
CLASS="COMMAND"
>ps</B
> command. To be safe always allow
<B
CLASS="COMMAND"
>rpcclient</B
> to prompt for a password and type
it in directly. </P
></DD
><DT
>-W|--workgroup=domain</DT
><DD
><P
>Set the SMB domain of the username. This
overrides the default domain which is the domain defined in
smb.conf. If the domain specified is the same as the server's NetBIOS name,
it causes the client to log on using the server's local SAM (as
opposed to the Domain SAM). </P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN107"
></A
><H2
>COMMANDS</H2
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>LSARPC</I
></SPAN
></P
><P
></P
><UL
><LI
><P
><B
CLASS="COMMAND"
>lsaquery</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>lookupsids</B
> - Resolve a list
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd><dt><span class="term">-N</span></dt><dd><p>If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password. </p><p>Unless a password is specified on the command line or
this parameter is specified, the client will request a
password.</p></dd><dt><span class="term">-k</span></dt><dd><p>
Try to authenticate with kerberos. Only useful in
an Active Directory environment.
</p></dd><dt><span class="term">-A|--authfile=filename</span></dt><dd><p>This option allows
you to specify a file from which to read the username and
password used in the connection. The format of the file is
</p><pre class="programlisting">
username = &lt;value&gt;
password = &lt;value&gt;
domain = &lt;value&gt;
</pre><p>Make certain that the permissions on the file restrict
access from unwanted users. </p></dd><dt><span class="term">-U|--user=username[%password]</span></dt><dd><p>Sets the SMB username or username and password. </p><p>If %password is not specified, the user will be prompted. The
client will first check the <tt class="envar">USER</tt> environment variable, then the
<tt class="envar">LOGNAME</tt> variable and if either exists, the
string is uppercased. If these environmental variables are not
found, the username <tt class="constant">GUEST</tt> is used. </p><p>A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
<i class="parameter"><tt>-A</tt></i> for more details. </p><p>Be cautious about including passwords in scripts. Also, on
many systems the command line of a running process may be seen
via the <b class="command">ps</b> command. To be safe always allow
<b class="command">rpcclient</b> to prompt for a password and type
it in directly. </p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical
to setting the <a href="smb.conf.5.html#netbiosname" target="_top"><i class="parameter"><tt>NetBIOS
name</tt></i></a> parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. However, a command
line setting will take precedence over settings in
<a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-i &lt;scope&gt;</span></dt><dd><p>This specifies a NetBIOS scope that
<b class="command">nmblookup</b> will use to communicate with when
generating NetBIOS names. For details on the use of NetBIOS
scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
<span class="emphasis"><em>very</em></span> rarely used, only set this parameter
if you are the system administrator in charge of all the
NetBIOS systems you communicate with.</p></dd><dt><span class="term">-W|--workgroup=domain</span></dt><dd><p>Set the SMB domain of the username. This
overrides the default domain which is the domain defined in
smb.conf. If the domain specified is the same as the servers
NetBIOS name, it causes the client to log on using the servers local
SAM (as opposed to the Domain SAM). </p></dd><dt><span class="term">-O socket options</span></dt><dd><p>TCP socket options to set on the client
socket. See the socket options parameter in
the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manual page for the list of valid
options. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMMANDS</h2><div class="refsect2" lang="en"><h3>LSARPC</h3><div class="variablelist"><dl><dt><span class="term">lsaquery</span></dt><dd><p>Query info policy</p></dd><dt><span class="term">lookupsids</span></dt><dd><p>Resolve a list
of SIDs to usernames.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>lookupnames</B
> - Resolve a list
</p></dd><dt><span class="term">lookupnames</span></dt><dd><p>Resolve a list
of usernames to SIDs.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>enumtrusts</B
></P
></LI
></UL
><P
> </P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SAMR</I
></SPAN
></P
><P
></P
><UL
><LI
><P
><B
CLASS="COMMAND"
>queryuser</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>querygroup</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>queryusergroups</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>querygroupmem</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>queryaliasmem</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>querydispinfo</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>querydominfo</B
></P
></LI
><LI
><P
><B
CLASS="COMMAND"
>enumdomgroups</B
></P
></LI
></UL
><P
> </P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SPOOLSS</I
></SPAN
></P
><P
></P
><UL
><LI
><P
><B
CLASS="COMMAND"
>adddriver &lt;arch&gt; &lt;config&gt;</B
>
- Execute an AddPrinterDriver() RPC to install the printer driver
</p></dd><dt><span class="term">enumtrusts</span></dt><dd><p>Enumerate trusted domains</p></dd><dt><span class="term">enumprivs</span></dt><dd><p>Enumerate privileges</p></dd><dt><span class="term">getdispname</span></dt><dd><p>Get the privilege name</p></dd><dt><span class="term">lsaenumsid</span></dt><dd><p>Enumerate the LSA SIDS</p></dd><dt><span class="term">lsaenumprivsaccount</span></dt><dd><p>Enumerate the privileges of an SID</p></dd><dt><span class="term">lsaenumacctrights</span></dt><dd><p>Enumerate the rights of an SID</p></dd><dt><span class="term">lsaenumacctwithright</span></dt><dd><p>Enumerate accounts with a right</p></dd><dt><span class="term">lsaaddacctrights</span></dt><dd><p>Add rights to an account</p></dd><dt><span class="term">lsaremoveacctrights</span></dt><dd><p>Remove rights from an account</p></dd><dt><span class="term">lsalookupprivvalue</span></dt><dd><p>Get a privilege value given its name</p></dd><dt><span class="term">lsaquerysecobj</span></dt><dd><p>Query LSA security object</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>LSARPC-DS</h3><div class="variablelist"><dl><dt><span class="term">dsroledominfo</span></dt><dd><p>Get Primary Domain Information</p></dd></dl></div><p> </p><p><span class="emphasis"><em>DFS</em></span></p><div class="variablelist"><dl><dt><span class="term">dfsexist</span></dt><dd><p>Query DFS support</p></dd><dt><span class="term">dfsadd</span></dt><dd><p>Add a DFS share</p></dd><dt><span class="term">dfsremove</span></dt><dd><p>Remove a DFS share</p></dd><dt><span class="term">dfsgetinfo</span></dt><dd><p>Query DFS share info</p></dd><dt><span class="term">dfsenum</span></dt><dd><p>Enumerate dfs shares</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>REG</h3><div class="variablelist"><dl><dt><span class="term">shutdown</span></dt><dd><p>Remote Shutdown</p></dd><dt><span class="term">abortshutdown</span></dt><dd><p>Abort Shutdown</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SRVSVC</h3><div class="variablelist"><dl><dt><span class="term">srvinfo</span></dt><dd><p>Server query info</p></dd><dt><span class="term">netshareenum</span></dt><dd><p>Enumerate shares</p></dd><dt><span class="term">netfileenum</span></dt><dd><p>Enumerate open files</p></dd><dt><span class="term">netremotetod</span></dt><dd><p>Fetch remote time of day</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SAMR</h3><div class="variablelist"><dl><dt><span class="term">queryuser</span></dt><dd><p>Query user info</p></dd><dt><span class="term">querygroup</span></dt><dd><p>Query group info</p></dd><dt><span class="term">queryusergroups</span></dt><dd><p>Query user groups</p></dd><dt><span class="term">querygroupmem</span></dt><dd><p>Query group membership</p></dd><dt><span class="term">queryaliasmem</span></dt><dd><p>Query alias membership</p></dd><dt><span class="term">querydispinfo</span></dt><dd><p>Query display info</p></dd><dt><span class="term">querydominfo</span></dt><dd><p>Query domain info</p></dd><dt><span class="term">enumdomusers</span></dt><dd><p>Enumerate domain users</p></dd><dt><span class="term">enumdomgroups</span></dt><dd><p>Enumerate domain groups</p></dd><dt><span class="term">enumalsgroups</span></dt><dd><p>Enumerate alias groups</p></dd><dt><span class="term">createdomuser</span></dt><dd><p>Create domain user</p></dd><dt><span class="term">samlookupnames</span></dt><dd><p>Look up names</p></dd><dt><span class="term">samlookuprids</span></dt><dd><p>Look up names</p></dd><dt><span class="term">deletedomuser</span></dt><dd><p>Delete domain user</p></dd><dt><span class="term">samquerysecobj</span></dt><dd><p>Query SAMR security object</p></dd><dt><span class="term">getdompwinfo</span></dt><dd><p>Retrieve domain password info</p></dd><dt><span class="term">lookupdomain</span></dt><dd><p>Look up domain</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SPOOLSS</h3><div class="variablelist"><dl><dt><span class="term">adddriver &lt;arch&gt; &lt;config&gt;</span></dt><dd><p>
Execute an AddPrinterDriver() RPC to install the printer driver
information on the server. Note that the driver files should
already exist in the directory returned by
<B
CLASS="COMMAND"
>getdriverdir</B
>. Possible values for
<TT
CLASS="PARAMETER"
><I
>arch</I
></TT
> are the same as those for
the <B
CLASS="COMMAND"
>getdriverdir</B
> command.
The <TT
CLASS="PARAMETER"
><I
>config</I
></TT
> parameter is defined as
follows: </P
><P
><PRE
CLASS="PROGRAMLISTING"
> Long Printer Name:\
Driver File Name:\
Data File Name:\
Config File Name:\
Help File Name:\
Language Monitor Name:\
Default Data Type:\
Comma Separated list of Files
</PRE
></P
><P
>Any empty fields should be enter as the string "NULL". </P
><P
>Samba does not need to support the concept of Print Monitors
<b class="command">getdriverdir</b>. Possible values for
<i class="parameter"><tt>arch</tt></i> are the same as those for
the <b class="command">getdriverdir</b> command.
The <i class="parameter"><tt>config</tt></i> parameter is defined as
follows: </p><pre class="programlisting">
Long Printer Name:\
Driver File Name:\
Data File Name:\
Config File Name:\
Help File Name:\
Language Monitor Name:\
Default Data Type:\
Comma Separated list of Files
</pre><p>Any empty fields should be enter as the string &quot;NULL&quot;. </p><p>Samba does not need to support the concept of Print Monitors
since these only apply to local printers whose driver can make
use of a bi-directional link for communication. This field should
be "NULL". On a remote NT print server, the Print Monitor for a
be &quot;NULL&quot;. On a remote NT print server, the Print Monitor for a
driver must already be installed prior to adding the driver or
else the RPC will fail. </P
></LI
><LI
><P
><B
CLASS="COMMAND"
>addprinter &lt;printername&gt;
&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</B
>
- Add a printer on the remote server. This printer
else the RPC will fail. </p></dd><dt><span class="term">addprinter &lt;printername&gt;
&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</span></dt><dd><p>
Add a printer on the remote server. This printer
will be automatically shared. Be aware that the printer driver
must already be installed on the server (see <B
CLASS="COMMAND"
>adddriver</B
>)
and the <TT
CLASS="PARAMETER"
><I
>port</I
></TT
>must be a valid port name (see
<B
CLASS="COMMAND"
>enumports</B
>.</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>deldriver</B
> - Delete the
must already be installed on the server (see <b class="command">adddriver</b>)
and the <i class="parameter"><tt>port</tt></i>must be a valid port name (see
<b class="command">enumports</b>.</p></dd><dt><span class="term">deldriver</span></dt><dd><p>Delete the
specified printer driver for all architectures. This
does not delete the actual driver files from the server,
only the entry from the server's list of drivers.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>enumdata</B
> - Enumerate all
</p></dd><dt><span class="term">enumdata</span></dt><dd><p>Enumerate all
printer setting data stored on the server. On Windows NT clients,
these values are stored in the registry, while Samba servers
store them in the printers TDB. This command corresponds
to the MS Platform SDK GetPrinterData() function (* This
command is currently unimplemented).</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>enumjobs &lt;printer&gt;</B
>
- List the jobs and status of a given printer.
command is currently unimplemented).</p></dd><dt><span class="term">enumdataex</span></dt><dd><p>Enumerate printer data for a key</p></dd><dt><span class="term">enumjobs &lt;printer&gt;</span></dt><dd><p>List the jobs and status of a given printer.
This command corresponds to the MS Platform SDK EnumJobs()
function (* This command is currently unimplemented).</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>enumports [level]</B
>
- Executes an EnumPorts() call using the specified
function</p></dd><dt><span class="term">enumkey</span></dt><dd><p>Enumerate
printer keys</p></dd><dt><span class="term">enumports [level]</span></dt><dd><p>
Executes an EnumPorts() call using the specified
info level. Currently only info levels 1 and 2 are supported.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>enumdrivers [level]</B
>
- Execute an EnumPrinterDrivers() call. This lists the various installed
</p></dd><dt><span class="term">enumdrivers [level]</span></dt><dd><p>
Execute an EnumPrinterDrivers() call. This lists the various installed
printer drivers for all architectures. Refer to the MS Platform SDK
documentation for more details of the various flags and calling
options. Currently supported info levels are 1, 2, and 3.</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>enumprinters [level]</B
>
- Execute an EnumPrinters() call. This lists the various installed
options. Currently supported info levels are 1, 2, and 3.</p></dd><dt><span class="term">enumprinters [level]</span></dt><dd><p>Execute an EnumPrinters() call. This lists the various installed
and share printers. Refer to the MS Platform SDK documentation for
more details of the various flags and calling options. Currently
supported info levels are 0, 1, and 2.</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>getdata &lt;printername&gt;</B
>
- Retrieve the data for a given printer setting. See
the <B
CLASS="COMMAND"
>enumdata</B
> command for more information.
supported info levels are 1, 2 and 5.</p></dd><dt><span class="term">getdata &lt;printername&gt; &lt;valuename;&gt;</span></dt><dd><p>Retrieve the data for a given printer setting. See
the <b class="command">enumdata</b> command for more information.
This command corresponds to the GetPrinterData() MS Platform
SDK function (* This command is currently unimplemented). </P
></LI
><LI
><P
><B
CLASS="COMMAND"
>getdriver &lt;printername&gt;</B
>
- Retrieve the printer driver information (such as driver file,
SDK function. </p></dd><dt><span class="term">getdataex</span></dt><dd><p>Get
printer driver data with
keyname</p></dd><dt><span class="term">getdriver &lt;printername&gt;</span></dt><dd><p>
Retrieve the printer driver information (such as driver file,
config file, dependent files, etc...) for
the given printer. This command corresponds to the GetPrinterDriver()
MS Platform SDK function. Currently info level 1, 2, and 3 are supported.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>getdriverdir &lt;arch&gt;</B
>
- Execute a GetPrinterDriverDirectory()
</p></dd><dt><span class="term">getdriverdir &lt;arch&gt;</span></dt><dd><p>
Execute a GetPrinterDriverDirectory()
RPC to retrieve the SMB share name and subdirectory for
storing printer driver files for a given architecture. Possible
values for <TT
CLASS="PARAMETER"
><I
>arch</I
></TT
> are "Windows 4.0"
(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
Alpha_AXP", and "Windows NT R4000". </P
></LI
><LI
><P
><B
CLASS="COMMAND"
>getprinter &lt;printername&gt;</B
>
- Retrieve the current printer information. This command
values for <i class="parameter"><tt>arch</tt></i> are &quot;Windows 4.0&quot;
(for Windows 95/98), &quot;Windows NT x86&quot;, &quot;Windows NT PowerPC&quot;, &quot;Windows
Alpha_AXP&quot;, and &quot;Windows NT R4000&quot;. </p></dd><dt><span class="term">getprinter &lt;printername&gt;</span></dt><dd><p>Retrieve the current printer information. This command
corresponds to the GetPrinter() MS Platform SDK function.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>openprinter &lt;printername&gt;</B
>
- Execute an OpenPrinterEx() and ClosePrinter() RPC
against a given printer. </P
></LI
><LI
><P
><B
CLASS="COMMAND"
>setdriver &lt;printername&gt;
&lt;drivername&gt;</B
>
- Execute a SetPrinter() command to update the printer driver
</p></dd><dt><span class="term">getprintprocdir</span></dt><dd><p>Get
print processor
directory</p></dd><dt><span class="term">openprinter &lt;printername&gt;</span></dt><dd><p>Execute an OpenPrinterEx() and ClosePrinter() RPC
against a given printer. </p></dd><dt><span class="term">setdriver &lt;printername&gt;
&lt;drivername&gt;</span></dt><dd><p>Execute a SetPrinter() command to update the printer driver
associated with an installed printer. The printer driver must
already be correctly installed on the print server. </P
><P
>See also the <B
CLASS="COMMAND"
>enumprinters</B
> and
<B
CLASS="COMMAND"
>enumdrivers</B
> commands for obtaining a list of
of installed printers and drivers.</P
></LI
></UL
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>GENERAL OPTIONS</I
></SPAN
></P
><P
></P
><UL
><LI
><P
><B
CLASS="COMMAND"
>debuglevel</B
> - Set the current
debug level used to log information.</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>help (?)</B
> - Print a listing of all
already be correctly installed on the print server. </p><p>See also the <b class="command">enumprinters</b> and
<b class="command">enumdrivers</b> commands for obtaining a list of
of installed printers and drivers.</p></dd><dt><span class="term">addform</span></dt><dd><p>Add form</p></dd><dt><span class="term">setform</span></dt><dd><p>Set form</p></dd><dt><span class="term">getform</span></dt><dd><p>Get form</p></dd><dt><span class="term">deleteform</span></dt><dd><p>Delete form</p></dd><dt><span class="term">enumforms</span></dt><dd><p>Enumerate form</p></dd><dt><span class="term">setprinter</span></dt><dd><p>Set printer comment</p></dd><dt><span class="term">setprinterdata</span></dt><dd><p>Set REG_SZ printer data</p></dd><dt><span class="term">rffpcnex</span></dt><dd><p>Rffpcnex test</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>NETLOGON</h3><div class="variablelist"><dl><dt><span class="term">logonctrl2</span></dt><dd><p>Logon Control 2</p></dd><dt><span class="term">logonctrl</span></dt><dd><p>Logon Control</p></dd><dt><span class="term">samsync</span></dt><dd><p>Sam Synchronisation</p></dd><dt><span class="term">samdeltas</span></dt><dd><p>Query Sam Deltas</p></dd><dt><span class="term">samlogon</span></dt><dd><p>Sam Logon</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>GENERAL COMMANDS</h3><div class="variablelist"><dl><dt><span class="term">debuglevel</span></dt><dd><p>Set the current
debug level used to log information.</p></dd><dt><span class="term">help (?)</span></dt><dd><p>Print a listing of all
known commands or extended help on a particular command.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>quit (exit)</B
> - Exit <B
CLASS="COMMAND"
>rpcclient
</B
>.</P
></LI
></UL
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN227"
></A
><H2
>BUGS</H2
><P
><B
CLASS="COMMAND"
>rpcclient</B
> is designed as a developer testing tool
</p></dd><dt><span class="term">quit (exit)</span></dt><dd><p>Exit <b class="command">rpcclient
</b>.</p></dd></dl></div></div></div><div class="refsect1" lang="en"><h2>BUGS</h2><p><b class="command">rpcclient</b> is designed as a developer testing tool
and may not be robust in certain areas (such as command line parsing).
It has been known to generate a core dump upon failures when invalid
parameters where passed to the interpreter. </P
><P
>From Luke Leighton's original rpcclient man page:</P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>"WARNING!</I
></SPAN
> The MSRPC over SMB code has
parameters where passed to the interpreter. </p><p>From Luke Leighton's original rpcclient man page:</p><p><span class="emphasis"><em>WARNING!</em></span> The MSRPC over SMB code has
been developed from examining Network traces. No documentation is
available from the original creators (Microsoft) on how MSRPC over
SMB works, or how the individual MSRPC services work. Microsoft's
implementation of these services has been demonstrated (and reported)
to be... a bit flaky in places. </P
><P
>The development of Samba's implementation is also a bit rough,
and as more of the services are understood, it can even result in
versions of <B
CLASS="COMMAND"
>smbd(8)</B
> and <B
CLASS="COMMAND"
>rpcclient(1)</B
>
that are incompatible for some commands or services. Additionally,
to be... a bit flaky in places. </p><p>The development of Samba's implementation is also a bit rough,
and as more of the services are understood, it can even result in
versions of <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and <a href="rpcclient.1.html"><span class="citerefentry"><span class="refentrytitle">rpcclient</span>(1)</span></a> that are incompatible for some commands or services. Additionally,
the developers are sending reports to Microsoft, and problems found
or reported to Microsoft are fixed in Service Packs, which may
result in incompatibilities." </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN237"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of the Samba
suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN240"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
result in incompatibilities.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba
suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original rpcclient man page was written by Matthew
to the way the Linux kernel is developed.</p><p>The original rpcclient man page was written by Matthew
Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.
The conversion to DocBook for Samba 2.2 was done by Gerald
Carter.</P
></DIV
></BODY
></HTML
>
Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was
done by Alexander Bokovoy.</p></div></div></body></html>

592
docs/htmldocs/samba-bdc.html
View File

@ -1,348 +1,246 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Type of installation"
HREF="type.html"><LINK
REL="PREVIOUS"
TITLE="How to Configure Samba as a NT4 Primary Domain Controller"
HREF="samba-pdc.html"><LINK
REL="NEXT"
TITLE="Samba as a ADS domain member"
HREF="ads.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="samba-pdc.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="ads.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="SAMBA-BDC">Chapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1127">7.1. Prerequisite Reading</H1
><P
>Before you continue reading in this chapter, please make sure
that you are comfortable with configuring a Samba PDC
as described in the <A
HREF="Samba-PDC-HOWTO.html"
TARGET="_top"
>Samba-PDC-HOWTO</A
>.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1131">7.2. Background</H1
><P
>What is a Domain Controller? It is a machine that is able to answer
logon requests from workstations in a Windows NT Domain. Whenever a
user logs into a Windows NT Workstation, the workstation connects to a
Domain Controller and asks him whether the username and password the
user typed in is correct. The Domain Controller replies with a lot of
information about the user, for example the place where the users
profile is stored, the users full name of the user. All this
information is stored in the NT user database, the so-called SAM.</P
><P
>There are two kinds of Domain Controller in a NT 4 compatible Domain:
A Primary Domain Controller (PDC) and one or more Backup Domain
Controllers (BDC). The PDC contains the master copy of the
SAM. Whenever the SAM has to change, for example when a user changes
his password, this change has to be done on the PDC. A Backup Domain
Controller is a machine that maintains a read-only copy of the
SAM. This way it is able to reply to logon requests and authenticate
users in case the PDC is not available. During this time no changes to
the SAM are possible. Whenever changes to the SAM are done on the PDC,
all BDC receive the changes from the PDC.</P
><P
>Since version 2.2 Samba officially supports domain logons for all
current Windows Clients, including Windows 2000 and XP. This text
assumes the domain to be named SAMBA. To be able to act as a PDC, some
parameters in the [global]-section of the smb.conf have to be set:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>workgroup = SAMBA
domain master = yes
domain logons = yes</PRE
></P
><P
>Several other things like a [homes] and a [netlogon] share also may be
set along with settings for the profile path, the users home drive and
others. This will not be covered in this document.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1139">7.3. What qualifies a Domain Controller on the network?</H1
><P
>Every machine that is a Domain Controller for the domain SAMBA has to
register the NetBIOS group name SAMBA#1c with the WINS server and/or
by broadcast on the local network. The PDC also registers the unique
NetBIOS name SAMBA#1b with the WINS server. The name type #1b is
normally reserved for the domain master browser, a role that has
nothing to do with anything related to authentication, but the
Microsoft Domain implementation requires the domain master browser to
be on the same machine as the PDC.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1142">7.3.1. How does a Workstation find its domain controller?</H2
><P
>A NT workstation in the domain SAMBA that wants a local user to be
authenticated has to find the domain controller for SAMBA. It does
this by doing a NetBIOS name query for the group name SAMBA#1c. It
assumes that each of the machines it gets back from the queries is a
domain controller and can answer logon requests. To not open security
holes both the workstation and the selected (TODO: How is the DC
chosen) domain controller authenticate each other. After that the
workstation sends the user's credentials (his name and password) to
the domain controller, asking for approval.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1145">7.3.2. When is the PDC needed?</H2
><P
>Whenever a user wants to change his password, this has to be done on
the PDC. To find the PDC, the workstation does a NetBIOS name query
for SAMBA#1b, assuming this machine maintains the master copy of the
SAM. The workstation contacts the PDC, both mutually authenticate and
the password change is done.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1148">7.4. Can Samba be a Backup Domain Controller?</H1
><P
>With version 2.2, no. The native NT SAM replication protocols have
not yet been fully implemented. The Samba Team is working on
understanding and implementing the protocols, but this work has not
been finished for version 2.2.</P
><P
>Can I get the benefits of a BDC with Samba? Yes. The main reason for
implementing a BDC is availability. If the PDC is a Samba machine,
a second Samba machine can be set up to
service logon requests whenever the PDC is down.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1152">7.5. How do I set up a Samba BDC?</H1
><P
>Several things have to be done:</P
><P
></P
><UL
><LI
><P
>The domain SID has to be the same on the PDC and the BDC. This used to
be stored in the file private/MACHINE.SID. This file is not created
anymore since Samba 2.2.5 or even earlier. Nowadays the domain SID is
stored in the file private/secrets.tdb. Simply copying the secrets.tdb
from the PDC to the BDC does not work, as the BDC would
generate a new SID for itself and override the domain SID with this
new BDC SID.</P
><P
>To retrieve the domain SID from the PDC or an existing BDC and store it in the
secrets.tdb, execute 'net rpc getsid' on the BDC.</P
></LI
><LI
><P
>The Unix user database has to be synchronized from the PDC to the
BDC. This means that both the /etc/passwd and /etc/group have to be
replicated from the PDC to the BDC. This can be done manually
whenever changes are made, or the PDC is set up as a NIS master
server and the BDC as a NIS slave server. To set up the BDC as a
mere NIS client would not be enough, as the BDC would not be able to
access its user database in case of a PDC failure.</P
></LI
><LI
><P
>The Samba password database in the file private/smbpasswd has to be
replicated from the PDC to the BDC. This is a bit tricky, see the
next section.</P
></LI
><LI
><P
>Any netlogon share has to be replicated from the PDC to the
BDC. This can be done manually whenever login scripts are changed,
or it can be done automatically together with the smbpasswd
synchronization.</P
></LI
></UL
><P
>Finally, the BDC has to be found by the workstations. This can be done
by setting</P
><P
><PRE
CLASS="PROGRAMLISTING"
>workgroup = samba
domain master = no
domain logons = yes</PRE
></P
><P
>in the [global]-section of the smb.conf of the BDC. This makes the BDC
only register the name SAMBA#1c with the WINS server. This is no
problem as the name SAMBA#1c is a NetBIOS group name that is meant to
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. Backup Domain Control</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="samba-pdc.html" title="Chapter 5. Domain Control"><link rel="next" href="domain-member.html" title="Chapter 7. Domain Membership"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. Backup Domain Control</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="samba-pdc.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="domain-member.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="samba-bdc"></a>Chapter 6. Backup Domain Control</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Volker</span> <span class="surname">Lendecke</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:Volker.Lendecke@SerNet.DE">Volker.Lendecke@SerNet.DE</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="samba-bdc.html#id2895956">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896128">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896156">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2896368">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2896390">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2896416">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896462">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896532">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896591">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896605">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2896630">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2896663">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2896692">Can I do this all with LDAP?</a></dt></dl></dd></dl></div><p>
Before you continue reading in this section, please make sure that you are comfortable
with configuring a Samba Domain Controller as described in the
<a href="Samba-PDC-HOWTO.html" target="_top">Domain Control Chapter</a>.
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2895956"></a>Features And Benefits</h2></div></div><div></div></div><p>
This is one of the most difficult chapters to summarise. It matters not what we say here
for someone will still draw conclusions and / or approach the Samba-Team with expectations
that are either not yet capable of being delivered, or that can be achieved for more
effectively using a totally different approach. Since this HOWTO is already so large and
extensive, we have taken the decision to provide sufficient (but not comprehensive)
information regarding Backup Domain Control. In the event that you should have a persistent
concern that is not addressed in this HOWTO document then please email
<a href="mailto:jht@samba.org" target="_top">John H Terpstra</a> clearly setting out your requirements
and / or question and we will do our best to provide a solution.
</p><p>
Samba-3 is capable of acting as a Backup Domain Controller to another Samba Primary Domain
Controller. A Samba-3 PDC can operate with an LDAP Account backend. The Samba-3 BDC can
operate with a slave LDAP server for the Account backend. This effectively gives samba a high
degree of scalability. This is a very sweet (nice) solution for large organisations.
</p><p>
While it is possible to run a Samba-3 BDC with non-LDAP backend, the administrator will
need to figure out precisely what is the best way to replicate (copy / distribute) the
user and machine Accounts backend.
</p><p>
The use of a non-LDAP backend SAM database is particularly problematic because Domain member
servers and workstations periodically change the machine trust account password. The new
password is then stored only locally. This means that in the absence of a centrally stored
accounts database (such as that provided with an LDAP based solution) if Samba-3 is running
as a BDC, the PDC instance of the Domain member trust account password will not reach the
PDC (master) copy of the SAM. If the PDC SAM is then replicated to BDCs this results in
overwriting of the SAM that contains the updated (changed) trust account password with resulting
breakage of the domain trust.
</p><p>
Considering the number of comments and questions raised concerning how to configure a BDC
lets consider each possible option and look at the pro's and con's for each theoretical solution:
</p><div class="itemizedlist"><p class="title"><b>Backup Domain Backend Account Distribution Options</b></p><ul type="disc"><li><p>
Solution: Passwd Backend is LDAP based, BDCs use a slave LDAP server
</p><p>
Arguments For: This is a neat and manageable solution. The LDAP based SAM (ldapsam)
is constantly kept up to date.
</p><p>
Arguments Against: Complexity
</p></li><li><p>
Passdb Backend is tdbsam based, BDCs use cron based &quot;net rcp vampire&quot; to
suck down the Accounts database from the PDC
</p><p>
Arguments For: It would be a nice solution
</p><p>
Arguments Against: It does not work because Samba-3 does not support the required
protocols. This may become a later feature but is not available today.
</p></li><li><p>
Make use of rsync to replicate (pull down) copies of the essential account files
</p><p>
Arguments For: It is a simple solution, easy to set up as a scheduled job
</p><p>
Arguments Against: This will over-write the locally changed machine trust account
passwords. This is a broken and flawed solution. Do NOT do this.
</p></li><li><p>
Operate with an entirely local accounts database (not recommended)
</p><p>
Arguments For: Simple, easy to maintain
</p><p>
Arguments Against: All machine trust accounts and user accounts will be locally
maintained. Domain users will NOT be able to roam from office to office. This is
a broken and flawed solution. Do NOT do this.
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896128"></a>Essential Background Information</h2></div></div><div></div></div><p>
A Domain Controller is a machine that is able to answer logon requests from network
workstations. Microsoft LanManager and IBM LanServer were two early products that
provided this capability. The technology has become known as the LanMan Netlogon service.
</p><p>
When MS Windows NT3.10 was first released it supported an new style of Domain Control
and with it a new form of the network logon service that has extended functionality.
This service became known as the NT NetLogon Service. The nature of this service has
changed with the evolution of MS Windows NT and today provides a very complex array of
services that are implemented over a complex spectrum of technologies.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896156"></a>MS Windows NT4 Style Domain Control</h3></div></div><div></div></div><p>
Whenever a user logs into a Windows NT4 / 200x / XP Profresional Workstation,
the workstation connects to a Domain Controller (authentication server) to validate
the username and password that the user entered are valid. If the information entered
does not validate against the account information that has been stored in the Domain
Control database (the SAM, or Security Accounts Manager database) then a set of error
codes is returned to the workstation that has made the authentication request.
</p><p>
When the username / password pair has been validated, the Domain Controller
(authentication server) will respond with full enumeration of the account information
that has been stored regarding that user in the User and Machine Accounts database
for that Domain. This information contains a complete network access profile for
the user but excludes any information that is particular to the user's desktop profile,
or for that matter it excludes all desktop profiles for groups that the user may
belong to. It does include password time limits, password uniqueness controls,
network access time limits, account validity information, machine names from which the
user may access the network, and much more. All this information was stored in the SAM
in all versions of MS Windows NT (3.10, 3.50, 3.51, 4.0).
</p><p>
The account information (user and machine) on Domain Controllers is stored in two files,
one containing the Security information and the other the SAM. These are stored in files
by the same name in the <tt class="filename">C:\WinNT\System32\config</tt> directory. These
are the files that are involved in replication of the SAM database where Backup Domain
Controllers are present on the network.
</p><p>
There are two situations in which it is desirable to install Backup Domain Controllers:
</p><div class="itemizedlist"><ul type="disc"><li><p>
On the local network that the Primary Domain Controller is on if there are many
workstations and/or where the PDC is generally very busy. In this case the BDCs
will pick up network logon requests and help to add robustness to network services.
</p></li><li><p>
At each remote site, to reduce wide area network traffic and to add stability to
remote network operations. The design of the network, the strategic placement of
Backup Domain Controllers, together with an implementation that localises as much
of network to client interchange as possible will help to minimise wide area network
bandwidth needs (and thus costs).
</p></li></ul></div><p>
The PDC contains the master copy of the SAM. In the event that an administrator makes a
change to the user account database while physically present on the local network that
has the PDC, the change will likely be made directly to the PDC instance of the master
copy of the SAM. In the event that this update may be performed in a branch office the
change will likely be stored in a delta file on the local BDC. The BDC will then send
a trigger to the PDC to commence the process of SAM synchronisation. The PDC will then
request the delta from the BDC and apply it to the master SAM. THe PDC will then contact
all the BDCs in the Domain and trigger them to obtain the update and then apply that to
their own copy of the SAM.
</p><p>
Thus the BDC is said to hold a <span class="emphasis"><em>read-only</em></span> of the SAM from which
it is able to process network logon requests and to authenticate users. The BDC can
continue to provide this service, particularly while, for example, the wide area
network link to the PDC is down. Thus a BDC plays a very important role in both
maintenance of Domain security as well as in network integrity.
</p><p>
In the event that the PDC should need to be taken out of service, or if it dies, then
one of the BDCs can be promoted to a PDC. If this happens while the original PDC is on
line then it is automatically demoted to a BDC. This is an important aspect of Domain
Controller management. The tool that is used to affect a promotion or a demotion is the
Server Manager for Domains.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2896305"></a>Example PDC Configuration</h4></div></div><div></div></div><p>
Since version 2.2 Samba officially supports domain logons for all current Windows Clients,
including Windows NT4, 2003 and XP Professional. For samba to be enabled as a PDC some
parameters in the <i class="parameter"><tt>[global]</tt></i>-section of the <tt class="filename">smb.conf</tt> have to be set:
</p><pre class="programlisting">
workgroup = SAMBA
domain master = yes
domain logons = yes
</pre><p>
Several other things like a <i class="parameter"><tt>[homes]</tt></i> and a <i class="parameter"><tt>[netlogon]</tt></i> share also need to be set along with
settings for the profile path, the users home drive, etc.. This will not be covered in this
chapter, for more information please refer to the chapter on Domain Control.
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896368"></a>Active Directory Domain Control</h3></div></div><div></div></div><p>
As of the release of MS Windows 2000 and Active Directory, this information is now stored
in a directory that can be replicated and for which partial or full administrative control
can be delegated. Samba-3 is NOT able to be a Domain Controller within an Active Directory
tree, and it can not be an Active Directory server. This means that Samba-3 also can NOT
act as a Backup Domain Contoller to an Active Directory Domain Controller.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896390"></a>What qualifies a Domain Controller on the network?</h3></div></div><div></div></div><p>
Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS
group name SAMBA&lt;#1c&gt; with the WINS server and/or by broadcast on the local network.
The PDC also registers the unique NetBIOS name SAMBA&lt;#1b&gt; with the WINS server.
The name type &lt;#1b&gt; name is normally reserved for the Domain Master Browser, a role
that has nothing to do with anything related to authentication, but the Microsoft Domain
implementation requires the domain master browser to be on the same machine as the PDC.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896416"></a>How does a Workstation find its domain controller?</h3></div></div><div></div></div><p>
An MS Windows NT4 / 200x / XP Professional workstation in the domain SAMBA that wants a
local user to be authenticated has to find the domain controller for SAMBA. It does this
by doing a NetBIOS name query for the group name SAMBA&lt;#1c&gt;. It assumes that each
of the machines it gets back from the queries is a domain controller and can answer logon
requests. To not open security holes both the workstation and the selected domain controller
authenticate each other. After that the workstation sends the user's credentials (name and
password) to the local Domain Controller, for valdation.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896462"></a>Backup Domain Controller Configuration</h2></div></div><div></div></div><p>
Several things have to be done:
</p><div class="itemizedlist"><ul type="disc"><li><p>
The domain SID has to be the same on the PDC and the BDC. This used to
be stored in the file private/MACHINE.SID. This file is not created
anymore since Samba 2.2.5 or even earlier. Nowadays the domain SID is
stored in the file private/secrets.tdb. Simply copying the secrets.tdb
from the PDC to the BDC does not work, as the BDC would
generate a new SID for itself and override the domain SID with this
new BDC SID.</p><p>
To retrieve the domain SID from the PDC or an existing BDC and store it in the
secrets.tdb, execute 'net rpc getsid' on the BDC.
</p></li><li><p>
The Unix user database has to be synchronized from the PDC to the
BDC. This means that both the /etc/passwd and /etc/group have to be
replicated from the PDC to the BDC. This can be done manually
whenever changes are made, or the PDC is set up as a NIS master
server and the BDC as a NIS slave server. To set up the BDC as a
mere NIS client would not be enough, as the BDC would not be able to
access its user database in case of a PDC failure.
</p></li><li><p>
The Samba password database in the file private/smbpasswd has to be
replicated from the PDC to the BDC. This is a bit tricky, see the
next section.
</p></li><li><p>
Any netlogon share has to be replicated from the PDC to the
BDC. This can be done manually whenever login scripts are changed,
or it can be done automatically together with the smbpasswd
synchronization.
</p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896532"></a>Example Configuration</h3></div></div><div></div></div><p>
Finally, the BDC has to be found by the workstations. This can be done by setting:
</p><pre class="programlisting">
workgroup = SAMBA
domain master = no
domain logons = yes
</pre><p>
in the <i class="parameter"><tt>[global]</tt></i>-section of the <tt class="filename">smb.conf</tt> of the BDC. This makes the BDC
only register the name SAMBA&lt;#1c&gt; with the WINS server. This is no
problem as the name SAMBA&lt;#1c&gt; is a NetBIOS group name that is meant to
be registered by more than one machine. The parameter 'domain master =
no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
name is reserved for the Primary Domain Controller.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1169">7.5.1. How do I replicate the smbpasswd file?</H2
><P
>Replication of the smbpasswd file is sensitive. It has to be done
whenever changes to the SAM are made. Every user's password change is
done in the smbpasswd file and has to be replicated to the BDC. So
replicating the smbpasswd file very often is necessary.</P
><P
>As the smbpasswd file contains plain text password equivalents, it
must not be sent unencrypted over the wire. The best way to set up
smbpasswd replication from the PDC to the BDC is to use the utility
rsync. rsync can use ssh as a transport. ssh itself can be set up to
accept *only* rsync transfer without requiring the user to type a
password.</P
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="samba-pdc.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="ads.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>How to Configure Samba as a NT4 Primary Domain Controller</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="type.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Samba as a ADS domain member</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
no' forces the BDC not to register SAMBA&lt;#1b&gt; which as a unique NetBIOS
name is reserved for the Primary Domain Controller.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896591"></a>Common Errors</h2></div></div><div></div></div><p>
As this is a rather new area for Samba there are not many examples that we may refer to. Keep
watching for updates to this section.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896605"></a>Machine Accounts keep expiring, what can I do?</h3></div></div><div></div></div><p>
This problem will occur when occur when the passdb (SAM) files are copied from a central
server but the local Backup Domain Controllers. Local machine trust account password updates
are not copied back to the central server. The newer machine account password is then over
written when the SAM is copied from the PDC. The result is that the Domain member machine
on start up will find that it's passwords does not match the one now in the database and
since the startup security check will now fail, this machine will not allow logon attempts
to procede and the account expiry error will be reported.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896630"></a>Can Samba be a Backup Domain Controller to an NT4 PDC?</h3></div></div><div></div></div><p>
With version 2.2, no. The native NT4 SAM replication protocols have not yet been fully
implemented. The Samba Team is working on understanding and implementing the protocols,
but this work has not been finished for version 2.2.
</p><p>
With version 3.0, the work on both the replication protocols and a suitable storage
mechanism has progressed, and some form of NT4 BDC support is expected soon.
</p><p>
Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a
BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to
service logon requests whenever the PDC is down.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896663"></a>How do I replicate the smbpasswd file?</h3></div></div><div></div></div><p>
Replication of the smbpasswd file is sensitive. It has to be done whenever changes
to the SAM are made. Every user's password change is done in the smbpasswd file and
has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary.
</p><p>
As the smbpasswd file contains plain text password equivalents, it must not be
sent unencrypted over the wire. The best way to set up smbpasswd replication from
the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport.
Ssh itself can be set up to accept *only* rsync transfer without requiring the user
to type a password.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896692"></a>Can I do this all with LDAP?</h3></div></div><div></div></div><p>
The simple answer is YES. Samba's pdb_ldap code supports binding to a replica
LDAP server, and will also follow referrals and rebind to the master if it ever
needs to make a modification to the database. (Normally BDCs are read only, so
this will not occur often).
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="samba-pdc.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="type.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="domain-member.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 5. Domain Control </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 7. Domain Membership</td></tr></table></div></body></html>

3070
docs/htmldocs/samba-pdc.html
View File

File diff suppressed because it is too large Load Diff

427
docs/htmldocs/samba.7.html
View File

@ -1,384 +1,113 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>samba</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SAMBA"
></A
>samba</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>SAMBA&nbsp;--&nbsp;A Windows SMB/CIFS fileserver for UNIX</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>Samba</B
> </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN11"
></A
><H2
>DESCRIPTION</H2
><P
>The Samba software suite is a collection of programs
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="samba.7"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>Samba &#8212; A Windows SMB/CIFS fileserver for UNIX</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">Samba</tt> </p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>The Samba software suite is a collection of programs
that implements the Server Message Block (commonly abbreviated
as SMB) protocol for UNIX systems. This protocol is sometimes
also referred to as the Common Internet File System (CIFS). For a
more thorough description, see <A
HREF="http://www.ubiqx.org/cifs/"
TARGET="_top"
> http://www.ubiqx.org/cifs/</A
>. Samba also implements the NetBIOS
protocol in nmbd.</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><B
CLASS="COMMAND"
>smbd</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>smbd </B
>
daemon provides the file and print services to
more thorough description, see <a href="http://www.ubiqx.org/cifs/" target="_top">
http://www.ubiqx.org/cifs/</a>. Samba also implements the NetBIOS
protocol in nmbd.</p><div class="variablelist"><dl><dt><span class="term"><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a></span></dt><dd><p>The <b class="command">smbd</b> daemon provides the file and print services to
SMB clients, such as Windows 95/98, Windows NT, Windows
for Workgroups or LanManager. The configuration file
for this daemon is described in <TT
CLASS="FILENAME"
>smb.conf</TT
>
</P
></DD
><DT
><B
CLASS="COMMAND"
>nmbd</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>nmbd</B
>
for this daemon is described in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>
</p></dd><dt><span class="term"><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a></span></dt><dd><p>The <b class="command">nmbd</b>
daemon provides NetBIOS nameservice and browsing
support. The configuration file for this daemon
is described in <TT
CLASS="FILENAME"
>smb.conf</TT
></P
></DD
><DT
><B
CLASS="COMMAND"
>smbclient</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>smbclient</B
>
is described in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></p></dd><dt><span class="term"><a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbclient</b>
program implements a simple ftp-like client. This
is useful for accessing SMB shares on other compatible
servers (such as Windows NT), and can also be used
to allow a UNIX box to print to a printer attached to
any SMB server (such as a PC running Windows NT).</P
></DD
><DT
><B
CLASS="COMMAND"
>testparm</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>testparm</B
>
utility is a simple syntax checker for Samba's
<TT
CLASS="FILENAME"
>smb.conf</TT
>configuration file.</P
></DD
><DT
><B
CLASS="COMMAND"
>testprns</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>testprns</B
>
any SMB server (such as a PC running Windows NT).</p></dd><dt><span class="term"><a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a></span></dt><dd><p>The <b class="command">testparm</b>
utility is a simple syntax checker for Samba's <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> configuration file.</p></dd><dt><span class="term"><a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a></span></dt><dd><p>The <b class="command">testprns</b>
utility supports testing printer names defined
in your <TT
CLASS="FILENAME"
>printcap</TT
> file used
by Samba.</P
></DD
><DT
><B
CLASS="COMMAND"
>smbstatus</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>smbstatus</B
>
in your <tt class="filename">printcap</tt> file used
by Samba.</p></dd><dt><span class="term"><a href="smbstatus.1.html"><span class="citerefentry"><span class="refentrytitle">smbstatus</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbstatus</b>
tool provides access to information about the
current connections to <B
CLASS="COMMAND"
>smbd</B
>.</P
></DD
><DT
><B
CLASS="COMMAND"
>nmblookup</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>nmblookup</B
>
current connections to <b class="command">smbd</b>.</p></dd><dt><span class="term"><a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a></span></dt><dd><p>The <b class="command">nmblookup</b>
tools allows NetBIOS name queries to be made
from a UNIX host.</P
></DD
><DT
><B
CLASS="COMMAND"
>make_smbcodepage</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>make_smbcodepage</B
>
utility provides a means of creating SMB code page
definition files for your <B
CLASS="COMMAND"
>smbd</B
> server.</P
></DD
><DT
><B
CLASS="COMMAND"
>smbpasswd</B
></DT
><DD
><P
>The <B
CLASS="COMMAND"
>smbpasswd</B
>
from a UNIX host.</p></dd><dt><span class="term"><a href="smbgroupedit.8.html"><span class="citerefentry"><span class="refentrytitle">smbgroupedit</span>(8)</span></a></span></dt><dd><p>The <b class="command">smbgroupedit</b>
tool allows for mapping unix groups to NT Builtin,
Domain, or Local groups. Also it allows setting
priviledges for that group, such as saAddUser, etc.</p></dd><dt><span class="term"><a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a></span></dt><dd><p>The <b class="command">smbpasswd</b>
command is a tool for changing LanMan and Windows NT
password hashes on Samba and Windows NT servers.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN76"
></A
><H2
>COMPONENTS</H2
><P
>The Samba suite is made up of several components. Each
password hashes on Samba and Windows NT servers.</p></dd><dt><span class="term"><a href="smbcacls.1.html"><span class="citerefentry"><span class="refentrytitle">smbcacls</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbcacls</b> command is
a tool to set ACL's on remote CIFS servers. </p></dd><dt><span class="term"><a href="smbsh.1.html"><span class="citerefentry"><span class="refentrytitle">smbsh</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbsh</b> command is
a program that allows you to run a unix shell with
with an overloaded VFS.</p></dd><dt><span class="term"><a href="smbtree.1.html"><span class="citerefentry"><span class="refentrytitle">smbtree</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbtree</b> command
is a text-based network neighborhood tool.</p></dd><dt><span class="term"><a href="smbtar.1.html"><span class="citerefentry"><span class="refentrytitle">smbtar</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbtar</b> can make
backups of data on CIFS/SMB servers.</p></dd><dt><span class="term"><a href="smbspool.8.html"><span class="citerefentry"><span class="refentrytitle">smbspool</span>(8)</span></a></span></dt><dd><p><b class="command">smbspool</b> is a
helper utility for printing on printers connected
to CIFS servers. </p></dd><dt><span class="term"><a href="smbcontrol.1.html"><span class="citerefentry"><span class="refentrytitle">smbcontrol</span>(1)</span></a></span></dt><dd><p><b class="command">smbcontrol</b> is a utility
that can change the behaviour of running samba daemons.
</p></dd><dt><span class="term"><a href="rpcclient.1.html"><span class="citerefentry"><span class="refentrytitle">rpcclient</span>(1)</span></a></span></dt><dd><p><b class="command">rpcclient</b> is a utility
that can be used to execute RPC commands on remote
CIFS servers.</p></dd><dt><span class="term"><a href="pdbedit.8.html"><span class="citerefentry"><span class="refentrytitle">pdbedit</span>(8)</span></a></span></dt><dd><p>The <b class="command">pdbedit</b> command
can be used to maintain the local user database on
a samba server.</p></dd><dt><span class="term"><a href="findsmb.1.html"><span class="citerefentry"><span class="refentrytitle">findsmb</span>(1)</span></a></span></dt><dd><p>The <b class="command">findsmb</b> command
can be used to find SMB servers on the local network.
</p></dd><dt><span class="term"><a href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a></span></dt><dd><p>The <b class="command">net</b> command
is supposed to work similar to the DOS/Windows
NET.EXE command.</p></dd><dt><span class="term"><a href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a></span></dt><dd><p><b class="command">swat</b> is a web-based
interface to configuring <tt class="filename">smb.conf</tt>.
</p></dd><dt><span class="term"><a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a></span></dt><dd><p><b class="command">winbindd</b> is a daemon
that is used for integrating authentication and
the user database into unix.</p></dd><dt><span class="term"><a href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a></span></dt><dd><p><b class="command">wbinfo</b> is a utility
that retrieves and stores information related to winbind.
</p></dd><dt><span class="term"><a href="editreg.1.html"><span class="citerefentry"><span class="refentrytitle">editreg</span>(1)</span></a></span></dt><dd><p><b class="command">editreg</b> is a command-line
utility that can edit windows registry files.
</p></dd><dt><span class="term"><a href="profiles.1.html"><span class="citerefentry"><span class="refentrytitle">profiles</span>(1)</span></a></span></dt><dd><p><b class="command">profiles</b> is a command-line
utility that can be used to replace all occurences of
a certain SID with another SID.
</p></dd><dt><span class="term"><a href="vfstest.1.html"><span class="citerefentry"><span class="refentrytitle">vfstest</span>(1)</span></a></span></dt><dd><p><b class="command">vfstest</b> is a utility
that can be used to test vfs modules.</p></dd><dt><span class="term"><a href="ntlm_auth.1.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(1)</span></a></span></dt><dd><p><b class="command">ntlm_auth</b> is a helper-utility
for external programs wanting to do NTLM-authentication.
</p></dd><dt><span class="term"><a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a>, <a href="smbumount.8.html"><span class="citerefentry"><span class="refentrytitle">smbumount</span>(8)</span></a>, <a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a></span></dt><dd><p><b class="command">smbmount</b>,<b class="command">smbmnt</b> and <b class="command">smbmnt</b> are commands that can be used to
mount CIFS/SMB shares on Linux.
</p></dd><dt><span class="term"><a href="smbcquotas.1.html"><span class="citerefentry"><span class="refentrytitle">smbcquotas</span>(1)</span></a></span></dt><dd><p><b class="command">smbcquotas</b> is a tool that
can set remote QUOTA's on server with NTFS 5. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMPONENTS</h2><p>The Samba suite is made up of several components. Each
component is described in a separate manual page. It is strongly
recommended that you read the documentation that comes with Samba
and the manual pages of those components that you use. If the
manual pages and documents aren't clear enough then please visit
<A
HREF="http://devel.samba.org/"
TARGET="_top"
>http://devel.samba.org</A
>
for information on how to file a bug report or submit a patch.</P
><P
>If you require help, visit the Samba webpage at
<A
HREF="http://samba.org/"
TARGET="_top"
>http://www.samba.org/</A
> and
<a href="http://devel.samba.org/" target="_top">http://devel.samba.org</a>
for information on how to file a bug report or submit a patch.</p><p>If you require help, visit the Samba webpage at
<a href="http://samba.org/" target="_top">http://www.samba.org/</a> and
explore the many option available to you.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN82"
></A
><H2
>AVAILABILITY</H2
><P
>The Samba software suite is licensed under the
</p></div><div class="refsect1" lang="en"><h2>AVAILABILITY</h2><p>The Samba software suite is licensed under the
GNU Public License(GPL). A copy of that license should
have come with the package in the file COPYING. You are
encouraged to distribute copies of the Samba suite, but
please obey the terms of this license.</P
><P
>The latest version of the Samba suite can be
please obey the terms of this license.</p><p>The latest version of the Samba suite can be
obtained via anonymous ftp from samba.org in the
directory pub/samba/. It is also available on several
mirror sites worldwide.</P
><P
>You may also find useful information about Samba
on the newsgroup <A
HREF="news:comp.protocols.smb"
TARGET="_top"
> comp.protocol.smb</A
> and the Samba mailing
mirror sites worldwide.</p><p>You may also find useful information about Samba
on the newsgroup <a href="news:comp.protocols.smb" target="_top">
comp.protocol.smb</a> and the Samba mailing
list. Details on how to join the mailing list are given in
the README file that comes with Samba.</P
><P
>If you have access to a WWW viewer (such as Netscape
or Mosaic) then you will also find lots of useful information,
the README file that comes with Samba.</p><p>If you have access to a WWW viewer (such as Mozilla
or Konqueror) then you will also find lots of useful information,
including back issues of the Samba mailing list, at
<A
HREF="http://lists.samba.org/"
TARGET="_top"
>http://lists.samba.org</A
>.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN90"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of the
Samba suite. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN93"
></A
><H2
>CONTRIBUTIONS</H2
><P
>If you wish to contribute to the Samba project,
<a href="http://lists.samba.org/" target="_top">http://lists.samba.org</a>.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the
Samba suite. </p></div><div class="refsect1" lang="en"><h2>CONTRIBUTIONS</h2><p>If you wish to contribute to the Samba project,
then I suggest you join the Samba mailing list at
<A
HREF="http://lists.samba.org/"
TARGET="_top"
>http://lists.samba.org</A
>.
</P
><P
>If you have patches to submit, visit
<A
HREF="http://devel.samba.org/"
TARGET="_top"
>http://devel.samba.org/</A
>
for information on how to do it properly. We prefer patches in
<B
CLASS="COMMAND"
>diff -u</B
> format.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN100"
></A
><H2
>CONTRIBUTORS</H2
><P
>Contributors to the project are now too numerous
<a href="http://lists.samba.org/" target="_top">http://lists.samba.org</a>.
</p><p>If you have patches to submit, visit
<a href="http://devel.samba.org/" target="_top">http://devel.samba.org/</a>
for information on how to do it properly. We prefer patches
in <b class="command">diff -u</b> format.</p></div><div class="refsect1" lang="en"><h2>CONTRIBUTORS</h2><p>Contributors to the project are now too numerous
to mention here but all deserve the thanks of all Samba
users. To see a full list, look at <A
HREF="ftp://samba.org/pub/samba/alpha/change-log"
TARGET="_top"
> ftp://samba.org/pub/samba/alpha/change-log</A
>
for the pre-CVS changes and at <A
HREF="ftp://samba.org/pub/samba/alpha/cvs.log"
TARGET="_top"
> ftp://samba.org/pub/samba/alpha/cvs.log</A
>
users. To see a full list, look at the
<tt class="filename">change-log</tt> in the source package
for the pre-CVS changes and at <a href="http://cvs.samba.org/" target="_top">
http://cvs.samba.org/</a>
for the contributors to Samba post-CVS. CVS is the Open Source
source code control system used by the Samba Team to develop
Samba. The project would have been unmanageable without it.</P
><P
>In addition, several commercial organizations now help
fund the Samba Team with money and equipment. For details see
the Samba Web pages at <A
HREF="http://samba.org/samba/samba-thanks.html"
TARGET="_top"
> http://samba.org/samba/samba-thanks.html</A
>.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN107"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
Samba. The project would have been unmanageable without it.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML
4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

19827
docs/htmldocs/smb.conf.5.html
View File

File diff suppressed because it is too large Load Diff

460
docs/htmldocs/smbcacls.1.html
View File

@ -1,415 +1,95 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbcacls</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBCACLS"
></A
>smbcacls</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbcacls&nbsp;--&nbsp;Set or get ACLs on an NT file or directory names</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbcacls</B
> {//server/share} {filename} [-U username] [-A acls] [-M acls] [-D acls] [-S acls] [-C name] [-G name] [-n] [-h]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>The <B
CLASS="COMMAND"
>smbcacls</B
> program manipulates NT Access Control
Lists (ACLs) on SMB file shares. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN28"
></A
><H2
>OPTIONS</H2
><P
>The following options are available to the <B
CLASS="COMMAND"
>smbcacls</B
> program.
The format of ACLs is described in the section ACL FORMAT </P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-A acls</DT
><DD
><P
>Add the ACLs specified to the ACL list. Existing
access control entries are unchanged. </P
></DD
><DT
>-M acls</DT
><DD
><P
>Modify the mask value (permissions) for the ACLs
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcacls</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbcacls.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbcacls &#8212; Set or get ACLs on an NT file or directory names</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbcacls</tt> {//server/share} {filename} [-D acls] [-M acls] [-A acls] [-S acls] [-C name] [-G name] [-n] [-t] [-U username] [-h] [-d]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The <b class="command">smbcacls</b> program manipulates NT Access Control
Lists (ACLs) on SMB file shares. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><p>The following options are available to the <b class="command">smbcacls</b> program.
The format of ACLs is described in the section ACL FORMAT </p><div class="variablelist"><dl><dt><span class="term">-A acls</span></dt><dd><p>Add the ACLs specified to the ACL list. Existing
access control entries are unchanged. </p></dd><dt><span class="term">-M acls</span></dt><dd><p>Modify the mask value (permissions) for the ACLs
specified on the command line. An error will be printed for each
ACL specified that was not already present in the ACL list
</P
></DD
><DT
>-D acls</DT
><DD
><P
>Delete any ACLs specified on the command line.
</p></dd><dt><span class="term">-D acls</span></dt><dd><p>Delete any ACLs specified on the command line.
An error will be printed for each ACL specified that was not
already present in the ACL list. </P
></DD
><DT
>-S acls</DT
><DD
><P
>This command sets the ACLs on the file with
already present in the ACL list. </p></dd><dt><span class="term">-S acls</span></dt><dd><p>This command sets the ACLs on the file with
only the ones specified on the command line. All other ACLs are
erased. Note that the ACL specified must contain at least a revision,
type, owner and group for the call to succeed. </P
></DD
><DT
>-U username</DT
><DD
><P
>Specifies a username used to connect to the
specified service. The username may be of the form "username" in
type, owner and group for the call to succeed. </p></dd><dt><span class="term">-U username</span></dt><dd><p>Specifies a username used to connect to the
specified service. The username may be of the form &quot;username&quot; in
which case the user is prompted to enter in a password and the
workgroup specified in the <TT
CLASS="FILENAME"
>smb.conf</TT
> file is
used, or "username%password" or "DOMAIN\username%password" and the
password and workgroup names are used as provided. </P
></DD
><DT
>-C name</DT
><DD
><P
>The owner of a file or directory can be changed
to the name given using the <TT
CLASS="PARAMETER"
><I
>-C</I
></TT
> option.
workgroup specified in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file is
used, or &quot;username%password&quot; or &quot;DOMAIN\username%password&quot; and the
password and workgroup names are used as provided. </p></dd><dt><span class="term">-C name</span></dt><dd><p>The owner of a file or directory can be changed
to the name given using the <i class="parameter"><tt>-C</tt></i> option.
The name can be a sid in the form S-1-x-y-z or a name resolved
against the server specified in the first argument. </P
><P
>This command is a shortcut for -M OWNER:name.
</P
></DD
><DT
>-G name</DT
><DD
><P
>The group owner of a file or directory can
be changed to the name given using the <TT
CLASS="PARAMETER"
><I
>-G</I
></TT
>
against the server specified in the first argument. </p><p>This command is a shortcut for -M OWNER:name.
</p></dd><dt><span class="term">-G name</span></dt><dd><p>The group owner of a file or directory can
be changed to the name given using the <i class="parameter"><tt>-G</tt></i>
option. The name can be a sid in the form S-1-x-y-z or a name
resolved against the server specified n the first argument.
</P
><P
>This command is a shortcut for -M GROUP:name.</P
></DD
><DT
>-n</DT
><DD
><P
>This option displays all ACL information in numeric
</p><p>This command is a shortcut for -M GROUP:name.</p></dd><dt><span class="term">-n</span></dt><dd><p>This option displays all ACL information in numeric
format. The default is to convert SIDs to names and ACE types
and masks to a readable string format. </P
></DD
><DT
>-h</DT
><DD
><P
>Print usage information on the <B
CLASS="COMMAND"
>smbcacls
</B
> program.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN75"
></A
><H2
>ACL FORMAT</H2
><P
>The format of an ACL is one or more ACL entries separated by
either commas or newlines. An ACL entry is one of the following: </P
><P
><PRE
CLASS="PROGRAMLISTING"
>
and masks to a readable string format. </p></dd><dt><span class="term">-t</span></dt><dd><p>
Don't actually do anything, only validate the correctness of
the arguments.
</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>ACL FORMAT</h2><p>The format of an ACL is one or more ACL entries separated by
either commas or newlines. An ACL entry is one of the following: </p><pre class="programlisting">
REVISION:&lt;revision number&gt;
OWNER:&lt;sid or name&gt;
GROUP:&lt;sid or name&gt;
ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
</PRE
></P
><P
>The revision of the ACL specifies the internal Windows
</pre><p>The revision of the ACL specifies the internal Windows
NT ACL revision for the security descriptor.
If not specified it defaults to 1. Using values other than 1 may
cause strange behaviour. </P
><P
>The owner and group specify the owner and group sids for the
cause strange behaviour. </p><p>The owner and group specify the owner and group sids for the
object. If a SID in the format CWS-1-x-y-z is specified this is used,
otherwise the name specified is resolved using the server on which
the file or directory resides. </P
><P
>ACLs specify permissions granted to the SID. This SID again
can be specified in CWS-1-x-y-z format or as a name in which case
it is resolved against the server on which the file or directory
resides. The type, flags and mask values determine the type of
access granted to the SID. </P
><P
>The type can be either 0 or 1 corresponding to ALLOWED or
DENIED access to the SID. The flags values are generally
zero for file ACLs and either 9 or 2 for directory ACLs. Some
common flags are: </P
><P
></P
><UL
><LI
><P
>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</P
></LI
><LI
><P
>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</P
></LI
><LI
><P
>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
</P
></LI
><LI
><P
>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</P
></LI
></UL
><P
>At present flags can only be specified as decimal or
hexadecimal values.</P
><P
>The mask is a value which expresses the access right
the file or directory resides. </p><p>ACLs specify permissions granted to the SID. This SID again
can be specified in CWS-1-x-y-z format or as a name in which case
it is resolved against the server on which the file or directory
resides. The type, flags and mask values determine the type of
access granted to the SID. </p><p>The type can be either 0 or 1 corresponding to ALLOWED or
DENIED access to the SID. The flags values are generally
zero for file ACLs and either 9 or 2 for directory ACLs. Some
common flags are: </p><div class="itemizedlist"><ul type="disc"><li><p><tt class="constant">#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</tt></p></li><li><p><tt class="constant">#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</tt></p></li><li><p><tt class="constant">#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</tt></p></li><li><p><tt class="constant">#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</tt></p></li></ul></div><p>At present flags can only be specified as decimal or
hexadecimal values.</p><p>The mask is a value which expresses the access right
granted to the SID. It can be given as a decimal or hexadecimal value,
or by using one of the following text strings which map to the NT
file permissions of the same name. </P
><P
></P
><UL
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>R</I
></SPAN
> - Allow read access </P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>W</I
></SPAN
> - Allow write access</P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>X</I
></SPAN
> - Execute permission on the object</P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>D</I
></SPAN
> - Delete the object</P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>P</I
></SPAN
> - Change permissions</P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>O</I
></SPAN
> - Take ownership</P
></LI
></UL
><P
>The following combined permissions can be specified:</P
><P
></P
><UL
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>READ</I
></SPAN
> - Equivalent to 'RX'
permissions</P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>CHANGE</I
></SPAN
> - Equivalent to 'RXWD' permissions
</P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>FULL</I
></SPAN
> - Equivalent to 'RWXDPO'
permissions</P
></LI
></UL
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN125"
></A
><H2
>EXIT STATUS</H2
><P
>The <B
CLASS="COMMAND"
>smbcacls</B
> program sets the exit status
file permissions of the same name. </p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>R</em></span> - Allow read access </p></li><li><p><span class="emphasis"><em>W</em></span> - Allow write access</p></li><li><p><span class="emphasis"><em>X</em></span> - Execute permission on the object</p></li><li><p><span class="emphasis"><em>D</em></span> - Delete the object</p></li><li><p><span class="emphasis"><em>P</em></span> - Change permissions</p></li><li><p><span class="emphasis"><em>O</em></span> - Take ownership</p></li></ul></div><p>The following combined permissions can be specified:</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>READ</em></span> - Equivalent to 'RX'
permissions</p></li><li><p><span class="emphasis"><em>CHANGE</em></span> - Equivalent to 'RXWD' permissions
</p></li><li><p><span class="emphasis"><em>FULL</em></span> - Equivalent to 'RWXDPO'
permissions</p></li></ul></div></div><div class="refsect1" lang="en"><h2>EXIT STATUS</h2><p>The <b class="command">smbcacls</b> program sets the exit status
depending on the success or otherwise of the operations performed.
The exit status may be one of the following values. </P
><P
>If the operation succeeded, smbcacls returns and exit
status of 0. If <B
CLASS="COMMAND"
>smbcacls</B
> couldn't connect to the specified server,
The exit status may be one of the following values. </p><p>If the operation succeeded, smbcacls returns and exit
status of 0. If <b class="command">smbcacls</b> couldn't connect to the specified server,
or there was an error getting or setting the ACLs, an exit status
of 1 is returned. If there was an error parsing any command line
arguments, an exit status of 2 is returned. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN131"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN134"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
arguments, an exit status of 2 is returned. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
><B
CLASS="COMMAND"
>smbcacls</B
> was written by Andrew Tridgell
and Tim Potter.</P
><P
>The conversion to DocBook for Samba 2.2 was done
by Gerald Carter</P
></DIV
></BODY
></HTML
>
to the way the Linux kernel is developed.</p><p><b class="command">smbcacls</b> was written by Andrew Tridgell
and Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done
by Alexander Bokovoy.</p></div></div></body></html>

1747
docs/htmldocs/smbclient.1.html
View File

File diff suppressed because it is too large Load Diff

444
docs/htmldocs/smbcontrol.1.html
View File

@ -1,385 +1,71 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbcontrol</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBCONTROL"
></A
>smbcontrol</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbcontrol&nbsp;--&nbsp;send messages to smbd, nmbd or winbindd processes</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbcontrol</B
> [-i]</P
><P
><B
CLASS="COMMAND"
>smbcontrol</B
> [destination] [message-type] [parameter]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN17"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>smbcontrol</B
> is a very small program, which
sends messages to an <A
HREF="smbd.8.html"
TARGET="_top"
>smbd(8)</A
>,
an <A
HREF="nmbd.8.html"
TARGET="_top"
>nmbd(8)</A
>
or a <A
HREF="winbindd.8.html"
TARGET="_top"
>winbindd(8)</A
>
daemon running on the system.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-i</DT
><DD
><P
>Run interactively. Individual commands
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcontrol</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbcontrol.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbcontrol &#8212; send messages to smbd, nmbd or winbindd processes</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbcontrol</tt> [-i] [-s]</p></div><div class="cmdsynopsis"><p><tt class="command">smbcontrol</tt> [destination] [message-type] [parameter]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbcontrol</b> is a very small program, which
sends messages to a <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, a <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, or a <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon running on the system.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-i</span></dt><dd><p>Run interactively. Individual commands
of the form destination message-type parameters can be entered
on STDIN. An empty command line or a "q" will quit the
program.</P
></DD
><DT
>destination</DT
><DD
><P
>One of <TT
CLASS="PARAMETER"
><I
>nmbd</I
></TT
>
<TT
CLASS="PARAMETER"
><I
>smbd</I
></TT
> or a process ID.</P
><P
>The <TT
CLASS="PARAMETER"
><I
>smbd</I
></TT
> destination causes the
message to "broadcast" to all smbd daemons.</P
><P
>The <TT
CLASS="PARAMETER"
><I
>nmbd</I
></TT
> destination causes the
on STDIN. An empty command line or a &quot;q&quot; will quit the
program.</p></dd><dt><span class="term">destination</span></dt><dd><p>One of <i class="parameter"><tt>nmbd</tt></i>, <i class="parameter"><tt>smbd</tt></i> or a process ID.</p><p>The <i class="parameter"><tt>smbd</tt></i> destination causes the
message to &quot;broadcast&quot; to all smbd daemons.</p><p>The <i class="parameter"><tt>nmbd</tt></i> destination causes the
message to be sent to the nmbd daemon specified in the
<TT
CLASS="FILENAME"
>nmbd.pid</TT
> file.</P
><P
>If a single process ID is given, the message is sent
to only that process.</P
></DD
><DT
>message-type</DT
><DD
><P
>One of: <TT
CLASS="CONSTANT"
>close-share</TT
>,
<TT
CLASS="CONSTANT"
>debug</TT
>,
<TT
CLASS="CONSTANT"
>force-election</TT
>, <TT
CLASS="CONSTANT"
>ping
</TT
>, <TT
CLASS="CONSTANT"
>profile</TT
>, <TT
CLASS="CONSTANT"
> debuglevel</TT
>, <TT
CLASS="CONSTANT"
>profilelevel</TT
>,
or <TT
CLASS="CONSTANT"
>printnotify</TT
>.</P
><P
>The <TT
CLASS="CONSTANT"
>close-share</TT
> message-type sends a
message to smbd which will then close the client connections to
the named share. Note that this doesn't affect client connections
to any other shares. This message-type takes an argument of the
share name for which client connections will be closed, or the
"*" character which will close all currently open shares.
This may be useful if you made changes to the access controls on the share.
This message can only be sent to <TT
CLASS="CONSTANT"
>smbd</TT
>.</P
><P
>The <TT
CLASS="CONSTANT"
>debug</TT
> message-type allows
the debug level to be set to the value specified by the
parameter. This can be sent to any of the destinations.</P
><P
>The <TT
CLASS="CONSTANT"
>force-election</TT
> message-type can only be
sent to the <TT
CLASS="CONSTANT"
>nmbd</TT
> destination. This message
causes the <B
CLASS="COMMAND"
>nmbd</B
> daemon to force a new browse
master election.</P
><P
>The <TT
CLASS="CONSTANT"
>ping</TT
> message-type sends the
number of "ping" messages specified by the parameter and waits
for the same number of reply "pong" messages. This can be sent to
any of the destinations.</P
><P
>The <TT
CLASS="CONSTANT"
>profile</TT
> message-type sends a
message to an smbd to change the profile settings based on the
parameter. The parameter can be "on" to turn on profile stats
collection, "off" to turn off profile stats collection, "count"
to enable only collection of count stats (time stats are
disabled), and "flush" to zero the current profile stats. This can
be sent to any smbd or nmbd destinations.</P
><P
>The <TT
CLASS="CONSTANT"
>debuglevel</TT
> message-type sends
a "request debug level" message. The current debug level setting
is returned by a "debuglevel" message. This can be
sent to any of the destinations.</P
><P
>The <TT
CLASS="CONSTANT"
>profilelevel</TT
> message-type sends
a "request profile level" message. The current profile level
setting is returned by a "profilelevel" message. This can be sent
to any smbd or nmbd destinations.</P
><P
>The <TT
CLASS="CONSTANT"
>printnotify</TT
> message-type sends a
message to smbd which in turn sends a printer notify message to
any Windows NT clients connected to a printer. This message-type
takes the following arguments:
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>queuepause printername</DT
><DD
><P
>Send a queue pause change notify
message to the printer specified.</P
></DD
><DT
>queueresume printername</DT
><DD
><P
>Send a queue resume change notify
message for the printer specified.</P
></DD
><DT
>jobpause printername unixjobid</DT
><DD
><P
>Send a job pause change notify
message for the printer and unix jobid
specified.</P
></DD
><DT
>jobresume printername unixjobid</DT
><DD
><P
>Send a job resume change notify
message for the printer and unix jobid
specified.</P
></DD
><DT
>jobdelete printername unixjobid</DT
><DD
><P
>Send a job delete change notify
message for the printer and unix jobid
specified.</P
></DD
></DL
></DIV
>
Note that this message only sends notification that an
event has occured. It doesn't actually cause the
event to happen.
This message can only be sent to <TT
CLASS="CONSTANT"
>smbd</TT
>.
</P
></DD
><DT
>parameters</DT
><DD
><P
>any parameters required for the message-type</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN102"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN105"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="nmbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>nmbd(8)</B
></A
>,
and <A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN112"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
<tt class="filename">nmbd.pid</tt> file.</p><p>If a single process ID is given, the message is sent
to only that process.</p></dd><dt><span class="term">message-type</span></dt><dd><p>Type of message to send. See
the section <tt class="constant">MESSAGE-TYPES</tt> for details.
</p></dd><dt><span class="term">parameters</span></dt><dd><p>any parameters required for the message-type</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>MESSAGE-TYPES</h2><p>Available message types are:</p><div class="variablelist"><dl><dt><span class="term">close-share</span></dt><dd><p>Order smbd to close the client
connections to the named share. Note that this doesn't affect client
connections to any other shares. This message-type takes an argument of the
share name for which client connections will be closed, or the
&quot;*&quot; character which will close all currently open shares.
This may be useful if you made changes to the access controls on the share.
This message can only be sent to <tt class="constant">smbd</tt>.</p></dd><dt><span class="term">debug</span></dt><dd><p>Set debug level to the value specified by the
parameter. This can be sent to any of the destinations.</p></dd><dt><span class="term">force-election</span></dt><dd><p>This message causes the <b class="command">nmbd</b> daemon to
force a new browse master election. </p></dd><dt><span class="term">ping</span></dt><dd><p>
Send specified number of &quot;ping&quot; messages and
wait for the same number of reply &quot;pong&quot; messages. This can be sent to
any of the destinations.</p></dd><dt><span class="term">profile</span></dt><dd><p>Change profile settings of a daemon, based on the
parameter. The parameter can be &quot;on&quot; to turn on profile stats
collection, &quot;off&quot; to turn off profile stats collection, &quot;count&quot;
to enable only collection of count stats (time stats are
disabled), and &quot;flush&quot; to zero the current profile stats. This can
be sent to any smbd or nmbd destinations.</p></dd><dt><span class="term">debuglevel</span></dt><dd><p>
Request debuglevel of a certain daemon and write it to stdout. This
can be sent to any of the destinations.</p></dd><dt><span class="term">profilelevel</span></dt><dd><p>
Request profilelevel of a certain daemon and write it to stdout.
This can be sent to any smbd or nmbd destinations.</p></dd><dt><span class="term">printnotify</span></dt><dd><p>
Order smbd to send a printer notify message to any Windows NT clients
connected to a printer. This message-type takes the following arguments:
</p><div class="variablelist"><dl><dt><span class="term">queuepause printername</span></dt><dd><p>Send a queue pause change notify
message to the printer specified.</p></dd><dt><span class="term">queueresume printername</span></dt><dd><p>Send a queue resume change notify
message for the printer specified.</p></dd><dt><span class="term">jobpause printername unixjobid</span></dt><dd><p>Send a job pause change notify
message for the printer and unix jobid
specified.</p></dd><dt><span class="term">jobresume printername unixjobid</span></dt><dd><p>Send a job resume change notify
message for the printer and unix jobid
specified.</p></dd><dt><span class="term">jobdelete printername unixjobid</span></dt><dd><p>Send a job delete change notify
message for the printer and unix jobid
specified.</p></dd></dl></div><p>
Note that this message only sends notification that an
event has occured. It doesn't actually cause the
event to happen.
</p><p>This message can only be sent to <tt class="constant">smbd</tt>. </p></dd><dt><span class="term">samsync</span></dt><dd><p>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <tt class="constant">smbd</tt>. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Not working at the moment</p></div></dd><dt><span class="term">samrepl</span></dt><dd><p>Send sam replication message, with specified serial. Can only be sent to <tt class="constant">smbd</tt>. Should not be used manually.</p></dd><dt><span class="term">dmalloc-mark</span></dt><dd><p>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </p></dd><dt><span class="term">dmalloc-log-changed</span></dt><dd><p>
Dump the pointers that have changed since the mark set by dmalloc-mark.
Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </p></dd><dt><span class="term">shutdown</span></dt><dd><p>Shut down specified daemon. Can be sent to both smbd and nmbd.</p></dd><dt><span class="term">pool-usage</span></dt><dd><p>Print a human-readable description of all
talloc(pool) memory usage by the specified daemon/process. Available
for both smbd and nmbd.</p></dd><dt><span class="term">drvupgrade</span></dt><dd><p>Force clients of printers using specified driver
to update their local version of the driver. Can only be
sent to smbd.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> and <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

807
docs/htmldocs/smbd.8.html
View File

@ -1,780 +1,183 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>smbd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBD">smbd</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbd&nbsp;--&nbsp;server to provide SMB/CIFS services to clients</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbd</B
> [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d &#60;debug level&#62;] [-l &#60;log directory&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN23"
></A
><H2
>DESCRIPTION</H2
><P
>This program is part of the Samba suite.</P
><P
><B
CLASS="COMMAND"
>smbd</B
> is the server daemon that
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbd.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbd &#8212; server to provide SMB/CIFS services to clients</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbd</tt> [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d &lt;debug level&gt;] [-l &lt;log directory&gt;] [-p &lt;port number&gt;] [-O &lt;socket option&gt;] [-s &lt;configuration file&gt;]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This program is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbd</b> is the server daemon that
provides filesharing and printing services to Windows clients.
The server provides filespace and printer services to
clients using the SMB (or CIFS) protocol. This is compatible
with the LanManager protocol, and can service LanManager
clients. These include MSCLIENT 3.0 for DOS, Windows for
Workgroups, Windows 95/98/ME, Windows NT, Windows 2000,
OS/2, DAVE for Macintosh, and smbfs for Linux.</P
><P
>An extensive description of the services that the
OS/2, DAVE for Macintosh, and smbfs for Linux.</p><p>An extensive description of the services that the
server can provide is given in the man page for the
configuration file controlling the attributes of those
services (see <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)
</TT
></A
>. This man page will not describe the
services (see <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>. This man page will not describe the
services, but will concentrate on the administrative aspects
of running the server.</P
><P
>Please note that there are significant security
implications to running this server, and the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
>
manpage should be regarded as mandatory reading before
proceeding with installation.</P
><P
>A session is created whenever a client requests one.
of running the server.</p><p>Please note that there are significant security
implications to running this server, and the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manual page should be regarded as mandatory reading before
proceeding with installation.</p><p>A session is created whenever a client requests one.
Each client gets a copy of the server for each session. This
copy then services all connections made by the client during
that session. When all connections from its client are closed,
the copy of the server for that client terminates.</P
><P
>The configuration file, and any files that it includes,
the copy of the server for that client terminates.</p><p>The configuration file, and any files that it includes,
are automatically reloaded every minute, if they change. You
can force a reload by sending a SIGHUP to the server. Reloading
the configuration file will not affect connections to any service
that is already established. Either the user will have to
disconnect from the service, or <B
CLASS="COMMAND"
>smbd</B
> killed and restarted.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN37"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-D</DT
><DD
><P
>If specified, this parameter causes
disconnect from the service, or <b class="command">smbd</b> killed and restarted.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-D</span></dt><dd><p>If specified, this parameter causes
the server to operate as a daemon. That is, it detaches
itself and runs in the background, fielding requests
on the appropriate port. Operating the server as a
daemon is the recommended way of running <B
CLASS="COMMAND"
>smbd</B
> for
daemon is the recommended way of running <b class="command">smbd</b> for
servers that provide more than casual use file and
print services. This switch is assumed if <B
CLASS="COMMAND"
>smbd
</B
> is executed on the command line of a shell.
</P
></DD
><DT
>-F</DT
><DD
><P
>If specified, this parameter causes
the main <B
CLASS="COMMAND"
>smbd</B
> process to not daemonize,
print services. This switch is assumed if <b class="command">smbd
</b> is executed on the command line of a shell.
</p></dd><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes
the main <b class="command">smbd</b> process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
<B
CLASS="COMMAND"
>smbd</B
> under process supervisors such
as <B
CLASS="COMMAND"
>supervise</B
> and <B
CLASS="COMMAND"
>svscan</B
>
from Daniel J. Bernstein's <B
CLASS="COMMAND"
>daemontools</B
>
<b class="command">smbd</b> under process supervisors such
as <b class="command">supervise</b> and <b class="command">svscan</b>
from Daniel J. Bernstein's <b class="command">daemontools</b>
package, or the AIX process monitor.
</P
></DD
><DT
>-S</DT
><DD
><P
>If specified, this parameter causes
<B
CLASS="COMMAND"
>smbd</B
> to log to standard output rather
than a file.</P
></DD
><DT
>-i</DT
><DD
><P
>If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
</p></dd><dt><span class="term">-S</span></dt><dd><p>If specified, this parameter causes
<b class="command">smbd</b> to log to standard output rather
than a file.</p></dd><dt><span class="term">-i</span></dt><dd><p>If this parameter is specified it causes the
server to run &quot;interactively&quot;, not as a daemon, even if the
server is executed on the command line of a shell. Setting this
parameter negates the implicit deamon mode when run from the
command line. <B
CLASS="COMMAND"
>smbd</B
> also logs to standard
output, as if the <B
CLASS="COMMAND"
>-S</B
> parameter had been
command line. <b class="command">smbd</b> also logs to standard
output, as if the <b class="command">-S</b> parameter had been
given.
</P
></DD
><DT
>-h</DT
><DD
><P
>Prints the help information (usage)
for <B
CLASS="COMMAND"
>smbd</B
>.</P
></DD
><DT
>-V</DT
><DD
><P
>Prints the version number for
<B
CLASS="COMMAND"
>smbd</B
>.</P
></DD
><DT
>-b</DT
><DD
><P
>Prints information about how
Samba was built.</P
></DD
><DT
>-d &#60;debug level&#62;</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>debuglevel</I
></TT
> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will
override the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log
level</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
> <TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-l &#60;log directory&#62;</DT
><DD
><P
>If specified,
<TT
CLASS="REPLACEABLE"
><I
>log directory</I
></TT
>
specifies a log directory into which the "log.smbd" log
</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-b</span></dt><dd><p>Prints information about how
Samba was built.</p></dd><dt><span class="term">-l &lt;log directory&gt;</span></dt><dd><p>If specified,
<i class="replaceable"><tt>log directory</tt></i>
specifies a log directory into which the &quot;log.smbd&quot; log
file will be created for informational and debug
messages from the running server. The log
file generated is never removed by the server although
its size may be controlled by the <A
HREF="smb.conf.5.html#maxlogsize"
TARGET="_top"
>max log size</A
>
option in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
> smb.conf(5)</TT
></A
> file. <I
CLASS="EMPHASIS"
>Beware:</I
>
If the directory specified does not exist, <B
CLASS="COMMAND"
>smbd</B
>
its size may be controlled by the <a href="smb.conf.5.html#maxlogsize" target="_top"><i class="parameter"><tt>max log size</tt></i></a>
option in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. <span class="emphasis"><em>Beware:</em></span>
If the directory specified does not exist, <b class="command">smbd</b>
will log to the default debug log location defined at compile time.
</P
><P
>The default log directory is specified at
compile time.</P
></DD
><DT
>-O &#60;socket options&#62;</DT
><DD
><P
>See the <A
HREF="smb.conf.5.html#socketoptions"
TARGET="_top"
>socket options</A
>
parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)
</TT
></A
> file for details.</P
></DD
><DT
>-p &#60;port number&#62;</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>port number</I
></TT
> is a positive integer
</p><p>The default log directory is specified at
compile time.</p></dd><dt><span class="term">-p &lt;port number&gt;</span></dt><dd><p><i class="replaceable"><tt>port number</tt></i> is a positive integer
value. The default value if this parameter is not
specified is 139.</P
><P
>This number is the port number that will be
specified is 139.</p><p>This number is the port number that will be
used when making connections to the server from client
software. The standard (well-known) port number for the
SMB over TCP is 139, hence the default. If you wish to
run the server as an ordinary user rather than
as root, most systems will require you to use a port
number greater than 1024 - ask your system administrator
for help if you are in this situation.</P
><P
>In order for the server to be useful by most
for help if you are in this situation.</p><p>In order for the server to be useful by most
clients, should you configure it on a port other
than 139, you will require port redirection services
on port 139, details of which are outlined in rfc1002.txt
section 4.3.5.</P
><P
>This parameter is not normally specified except
in the above situation.</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
><DD
><P
>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
> smb.conf(5)</TT
></A
> for more information.
The default configuration file name is determined at
compile time.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN123"
></A
><H2
>FILES</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
></DT
><DD
><P
>If the server is to be run by the
<B
CLASS="COMMAND"
>inetd</B
> meta-daemon, this file
section 4.3.5.</p><p>This parameter is not normally specified except
in the above situation.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/inetd.conf</tt></span></dt><dd><p>If the server is to be run by the
<b class="command">inetd</b> meta-daemon, this file
must contain suitable startup information for the
meta-daemon. See the <A
HREF="UNIX_INSTALL.html"
TARGET="_top"
>UNIX_INSTALL.html</A
>
meta-daemon. See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
document for details.
</P
></DD
><DT
><TT
CLASS="FILENAME"
>/etc/rc</TT
></DT
><DD
><P
>or whatever initialization script your
system uses).</P
><P
>If running the server as a daemon at startup,
</p></dd><dt><span class="term"><tt class="filename">/etc/rc</tt></span></dt><dd><p>or whatever initialization script your
system uses).</p><p>If running the server as a daemon at startup,
this file will need to contain an appropriate startup
sequence for the server. See the <A
HREF="UNIX_INSTALL.html"
TARGET="_top"
>UNIX_INSTALL.html</A
>
document for details.</P
></DD
><DT
><TT
CLASS="FILENAME"
>/etc/services</TT
></DT
><DD
><P
>If running the server via the
meta-daemon <B
CLASS="COMMAND"
>inetd</B
>, this file
sequence for the server. See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
document for details.</p></dd><dt><span class="term"><tt class="filename">/etc/services</tt></span></dt><dd><p>If running the server via the
meta-daemon <b class="command">inetd</b>, this file
must contain a mapping of service name (e.g., netbios-ssn)
to service port (e.g., 139) and protocol type (e.g., tcp).
See the <A
HREF="UNIX_INSTALL.html"
TARGET="_top"
>UNIX_INSTALL.html</A
>
document for details.</P
></DD
><DT
><TT
CLASS="FILENAME"
>/usr/local/samba/lib/smb.conf</TT
></DT
><DD
><P
>This is the default location of the
<A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf</TT
></A
>
server configuration file. Other common places that systems
install this file are <TT
CLASS="FILENAME"
>/usr/samba/lib/smb.conf</TT
>
and <TT
CLASS="FILENAME"
>/etc/smb.conf</TT
>.</P
><P
>This file describes all the services the server
is to make available to clients. See <A
HREF="smb.conf.5.html"
TARGET="_top"
> <TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> for more information.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN159"
></A
><H2
>LIMITATIONS</H2
><P
>On some systems <B
CLASS="COMMAND"
>smbd</B
> cannot change uid back
See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
document for details.</p></dd><dt><span class="term"><tt class="filename">/usr/local/samba/lib/smb.conf</tt></span></dt><dd><p>This is the default location of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> server configuration file. Other common places that systems
install this file are <tt class="filename">/usr/samba/lib/smb.conf</tt>
and <tt class="filename">/etc/samba/smb.conf</tt>.</p><p>This file describes all the services the server
is to make available to clients. See <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> for more information.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>LIMITATIONS</h2><p>On some systems <b class="command">smbd</b> cannot change uid back
to root after a setuid() call. Such systems are called
trapdoor uid systems. If you have such a system,
you will be unable to connect from a client (such as a PC) as
two different users at once. Attempts to connect the
second user will result in access denied or
similar.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN163"
></A
><H2
>ENVIRONMENT VARIABLES</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="ENVAR"
>PRINTER</TT
></DT
><DD
><P
>If no printer name is specified to
similar.</p></div><div class="refsect1" lang="en"><h2>ENVIRONMENT VARIABLES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="envar">PRINTER</tt></span></dt><dd><p>If no printer name is specified to
printable services, most systems will use the value of
this variable (or <TT
CLASS="CONSTANT"
>lp</TT
> if this variable is
this variable (or <tt class="constant">lp</tt> if this variable is
not defined) as the name of the printer to use. This
is not specific to the server, however.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN172"
></A
><H2
>PAM INTERACTION</H2
><P
>Samba uses PAM for authentication (when presented with a plaintext
is not specific to the server, however.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>PAM INTERACTION</h2><p>Samba uses PAM for authentication (when presented with a plaintext
password), for account checking (is this account disabled?) and for
session management. The degree too which samba supports PAM is restricted
by the limitations of the SMB protocol and the
<A
HREF="smb.conf.5.html#OBEYPAMRESRICTIONS"
TARGET="_top"
>obey pam restricions</A
>
smb.conf paramater. When this is set, the following restrictions apply:
</P
><P
></P
><UL
><LI
><P
><I
CLASS="EMPHASIS"
>Account Validation</I
>: All accesses to a
by the limitations of the SMB protocol and the <a href="smb.conf.5.html#OBEYPAMRESRICTIONS" target="_top"><i class="parameter"><tt>obey
pam restricions</tt></i></a> <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> paramater. When this is set, the following restrictions apply:
</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>Account Validation</em></span>: All accesses to a
samba server are checked
against PAM to see if the account is vaild, not disabled and is permitted to
login at this time. This also applies to encrypted logins.
</P
></LI
><LI
><P
><I
CLASS="EMPHASIS"
>Session Management</I
>: When not using share
</p></li><li><p><span class="emphasis"><em>Session Management</em></span>: When not using share
level secuirty, users must pass PAM's session checks before access
is granted. Note however, that this is bypassed in share level secuirty.
Note also that some older pam configuration files may need a line
added for session support.
</P
></LI
></UL
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN183"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN186"
></A
><H2
>DIAGNOSTICS</H2
><P
>Most diagnostics issued by the server are logged
</p></li></ul></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>Most diagnostics issued by the server are logged
in a specified log file. The log file name is specified
at compile time, but may be overridden on the command line.</P
><P
>The number and nature of diagnostics available depends
at compile time, but may be overridden on the command line.</p><p>The number and nature of diagnostics available depends
on the debug level used by the server. If you have problems, set
the debug level to 3 and peruse the log files.</P
><P
>Most messages are reasonably self-explanatory. Unfortunately,
the debug level to 3 and peruse the log files.</p><p>Most messages are reasonably self-explanatory. Unfortunately,
at the time this man page was created, there are too many diagnostics
available in the source code to warrant describing each and every
diagnostic. At this stage your best bet is still to grep the
source code and inspect the conditions that gave rise to the
diagnostics you are seeing.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN191"
></A
><H2
>SIGNALS</H2
><P
>Sending the <B
CLASS="COMMAND"
>smbd</B
> a SIGHUP will cause it to
reload its <TT
CLASS="FILENAME"
>smb.conf</TT
> configuration
file within a short period of time.</P
><P
>To shut down a user's <B
CLASS="COMMAND"
>smbd</B
> process it is recommended
that <B
CLASS="COMMAND"
>SIGKILL (-9)</B
> <I
CLASS="EMPHASIS"
>NOT</I
>
diagnostics you are seeing.</p></div><div class="refsect1" lang="en"><h2>SIGNALS</h2><p>Sending the <b class="command">smbd</b> a SIGHUP will cause it to
reload its <tt class="filename">smb.conf</tt> configuration
file within a short period of time.</p><p>To shut down a user's <b class="command">smbd</b> process it is recommended
that <b class="command">SIGKILL (-9)</b> <span class="emphasis"><em>NOT</em></span>
be used, except as a last resort, as this may leave the shared
memory area in an inconsistent state. The safe way to terminate
an <B
CLASS="COMMAND"
>smbd</B
> is to send it a SIGTERM (-15) signal and wait for
it to die on its own.</P
><P
>The debug log level of <B
CLASS="COMMAND"
>smbd</B
> may be raised
or lowered using <A
HREF="smbcontrol.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbcontrol(1)
</B
></A
> program (SIGUSR[1|2] signals are no longer used in
Samba 2.2). This is to allow transient problems to be diagnosed,
whilst still running at a normally low log level.</P
><P
>Note that as the signal handlers send a debug write,
they are not re-entrant in <B
CLASS="COMMAND"
>smbd</B
>. This you should wait until
<B
CLASS="COMMAND"
>smbd</B
> is in a state of waiting for an incoming SMB before
an <b class="command">smbd</b> is to send it a SIGTERM (-15) signal and wait for
it to die on its own.</p><p>The debug log level of <b class="command">smbd</b> may be raised
or lowered using <a href="smbcontrol.1.html"><span class="citerefentry"><span class="refentrytitle">smbcontrol</span>(1)</span></a> program (SIGUSR[1|2] signals are no longer
used since Samba 2.2). This is to allow transient problems to be diagnosed,
whilst still running at a normally low log level.</p><p>Note that as the signal handlers send a debug write,
they are not re-entrant in <b class="command">smbd</b>. This you should wait until
<b class="command">smbd</b> is in a state of waiting for an incoming SMB before
issuing them. It is possible to make the signal handlers safe
by un-blocking the signals before the select call and re-blocking
them after, however this would affect performance.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN208"
></A
><H2
>SEE ALSO</H2
><P
>hosts_access(5), <B
CLASS="COMMAND"
>inetd(8)</B
>,
<A
HREF="nmbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>nmbd(8)</B
></A
>,
<A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
>
</A
>, <A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)
</B
></A
>, <A
HREF="testparm.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
> testparm(1)</B
></A
>, <A
HREF="testprns.1.html"
TARGET="_top"
> <B
CLASS="COMMAND"
>testprns(1)</B
></A
>, and the Internet RFC's
<TT
CLASS="FILENAME"
>rfc1001.txt</TT
>, <TT
CLASS="FILENAME"
>rfc1002.txt</TT
>.
them after, however this would affect performance.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="hosts_access.5.html"><span class="citerefentry"><span class="refentrytitle">hosts_access</span>(5)</span></a>, <a href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>, and the
Internet RFC's <tt class="filename">rfc1001.txt</tt>, <tt class="filename">rfc1002.txt</tt>.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page <A
HREF="http://samba.org/cifs/"
TARGET="_top"
>
http://samba.org/cifs/</A
>.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN225"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
as a link from the Web page <a href="http://samba.org/cifs/" target="_top">
http://samba.org/cifs/</a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

197
docs/htmldocs/smbmnt.8.html
View File

@ -1,179 +1,24 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbmnt</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBMNT"
></A
>smbmnt</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbmnt&nbsp;--&nbsp;helper utility for mounting SMB filesystems</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbmnt</B
> {mount-point} [-s &lt;share&gt;] [-r] [-u &lt;uid&gt;] [-g &lt;gid&gt;] [-f &lt;mask&gt;] [-d &lt;mask&gt;] [-o &lt;options&gt;]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN19"
></A
><H2
>DESCRIPTION</H2
><P
><B
CLASS="COMMAND"
>smbmnt</B
> is a helper application used
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbmnt</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbmnt.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbmnt &#8212; helper utility for mounting SMB filesystems</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbmnt</tt> {mount-point} [-s &lt;share&gt;] [-r] [-u &lt;uid&gt;] [-g &lt;gid&gt;] [-f &lt;mask&gt;] [-d &lt;mask&gt;] [-o &lt;options&gt;] [-h]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p><b class="command">smbmnt</b> is a helper application used
by the smbmount program to do the actual mounting of SMB shares.
<B
CLASS="COMMAND"
>smbmnt</B
> can be installed setuid root if you want
normal users to be able to mount their SMB shares.</P
><P
>A setuid smbmnt will only allow mounts on directories owned
by the user, and that the user has write permission on.</P
><P
>The <B
CLASS="COMMAND"
>smbmnt</B
> program is normally invoked
by <A
HREF="smbmount.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbmount(8)</B
>
</A
>. It should not be invoked directly by users. </P
><P
>smbmount searches the normal PATH for smbmnt. You must ensure
that the smbmnt version in your path matches the smbmount used.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN30"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-r</DT
><DD
><P
>mount the filesystem read-only
</P
></DD
><DT
>-u uid</DT
><DD
><P
>specify the uid that the files will
be owned by </P
></DD
><DT
>-g gid</DT
><DD
><P
>specify the gid that the files will be
owned by </P
></DD
><DT
>-f mask</DT
><DD
><P
>specify the octal file mask applied
</P
></DD
><DT
>-d mask</DT
><DD
><P
>specify the octal directory mask
applied </P
></DD
><DT
>-o options</DT
><DD
><P
> list of options that are passed as-is to smbfs, if this
<b class="command">smbmnt</b> can be installed setuid root if you want
normal users to be able to mount their SMB shares.</p><p>A setuid smbmnt will only allow mounts on directories owned
by the user, and that the user has write permission on.</p><p>The <b class="command">smbmnt</b> program is normally invoked
by <a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a>. It should not be invoked directly by users. </p><p>smbmount searches the normal PATH for smbmnt. You must ensure
that the smbmnt version in your path matches the smbmount used.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>mount the filesystem read-only
</p></dd><dt><span class="term">-u uid</span></dt><dd><p>specify the uid that the files will
be owned by </p></dd><dt><span class="term">-g gid</span></dt><dd><p>specify the gid that the files will be
owned by </p></dd><dt><span class="term">-f mask</span></dt><dd><p>specify the octal file mask applied
</p></dd><dt><span class="term">-d mask</span></dt><dd><p>specify the octal directory mask
applied </p></dd><dt><span class="term">-o options</span></dt><dd><p>
list of options that are passed as-is to smbfs, if this
command is run on a 2.4 or higher Linux kernel.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN57"
></A
><H2
>AUTHOR</H2
><P
>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.</P
><P
>The current maintainer of smbfs and the userspace
tools <B
CLASS="COMMAND"
>smbmount</B
>, <B
CLASS="COMMAND"
>smbumount</B
>,
and <B
CLASS="COMMAND"
>smbmnt</B
> is <A
HREF="mailto:urban@teststation.com"
TARGET="_top"
>Urban Widmark</A
>.
The <A
HREF="mailto:samba@samba.org"
TARGET="_top"
>SAMBA Mailing list</A
>
</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.</p><p>The current maintainer of smbfs and the userspace
tools <b class="command">smbmount</b>, <b class="command">smbumount</b>,
and <b class="command">smbmnt</b> is <a href="mailto:urban@teststation.com" target="_top">Urban Widmark</a>.
The <a href="mailto:samba@samba.org" target="_top">SAMBA Mailing list</a>
is the preferred place to ask questions regarding these programs.
</P
><P
>The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter</P
></DIV
></BODY
></HTML
>
</p><p>The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
was done by Alexander Bokovoy.</p></div></div></body></html>

482
docs/htmldocs/smbmount.8.html
View File

@ -1,321 +1,72 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbmount</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBMOUNT"
></A
>smbmount</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbmount&nbsp;--&nbsp;mount an smbfs filesystem</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbmount</B
> {service} {mount-point} [-o options]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN14"
></A
><H2
>DESCRIPTION</H2
><P
><B
CLASS="COMMAND"
>smbmount</B
> mounts a Linux SMB filesystem. It
is usually invoked as <B
CLASS="COMMAND"
>mount.smbfs</B
> by
the <B
CLASS="COMMAND"
>mount(8)</B
> command when using the
"-t smbfs" option. This command only works in Linux, and the kernel must
support the smbfs filesystem. </P
><P
>Options to <B
CLASS="COMMAND"
>smbmount</B
> are specified as a comma-separated
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbmount</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbmount.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbmount &#8212; mount an smbfs filesystem</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbmount</tt> {service} {mount-point} [-o options]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p><b class="command">smbmount</b> mounts a Linux SMB filesystem. It
is usually invoked as <b class="command">mount.smbfs</b> by
the <a href="mount.8.html"><span class="citerefentry"><span class="refentrytitle">mount</span>(8)</span></a> command when using the
&quot;-t smbfs&quot; option. This command only works in Linux, and the kernel must
support the smbfs filesystem. </p><p>Options to <b class="command">smbmount</b> are specified as a comma-separated
list of key=value pairs. It is possible to send options other
than those listed here, assuming that smbfs supports them. If
you get mount failures, check your kernel log for errors on
unknown options.</P
><P
><B
CLASS="COMMAND"
>smbmount</B
> is a daemon. After mounting it keeps running until
unknown options.</p><p><b class="command">smbmount</b> is a daemon. After mounting it keeps running until
the mounted smbfs is umounted. It will log things that happen
when in daemon mode using the "machine name" smbmount, so
typically this output will end up in <TT
CLASS="FILENAME"
>log.smbmount</TT
>. The
<B
CLASS="COMMAND"
>smbmount</B
> process may also be called mount.smbfs.</P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE:</I
></SPAN
> <B
CLASS="COMMAND"
>smbmount</B
>
calls <B
CLASS="COMMAND"
>smbmnt(8)</B
> to do the actual mount. You
must make sure that <B
CLASS="COMMAND"
>smbmnt</B
> is in the path so
that it can be found. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN31"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>username=&lt;arg&gt;</DT
><DD
><P
>specifies the username to connect as. If
this is not given, then the environment variable <TT
CLASS="ENVAR"
> USER</TT
> is used. This option can also take the
form "user%password" or "user/workgroup" or
"user/workgroup%password" to allow the password and workgroup
to be specified as part of the username.</P
></DD
><DT
>password=&lt;arg&gt;</DT
><DD
><P
>specifies the SMB password. If this
when in daemon mode using the &quot;machine name&quot; smbmount, so
typically this output will end up in <tt class="filename">log.smbmount</tt>. The <b class="command">
smbmount</b> process may also be called mount.smbfs.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> <b class="command">smbmount</b>
calls <a href="smbmnt.8.html"><span class="citerefentry"><span class="refentrytitle">smbmnt</span>(8)</span></a> to do the actual mount. You
must make sure that <b class="command">smbmnt</b> is in the path so
that it can be found. </p></div></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">username=&lt;arg&gt;</span></dt><dd><p>specifies the username to connect as. If
this is not given, then the environment variable <tt class="envar">
USER</tt> is used. This option can also take the
form &quot;user%password&quot; or &quot;user/workgroup&quot; or
&quot;user/workgroup%password&quot; to allow the password and workgroup
to be specified as part of the username.</p></dd><dt><span class="term">password=&lt;arg&gt;</span></dt><dd><p>specifies the SMB password. If this
option is not given then the environment variable
<TT
CLASS="ENVAR"
>PASSWD</TT
> is used. If it can find
no password <B
CLASS="COMMAND"
>smbmount</B
> will prompt
<tt class="envar">PASSWD</tt> is used. If it can find
no password <b class="command">smbmount</b> will prompt
for a passeword, unless the guest option is
given. </P
><P
> Note that passwords which contain the argument delimiter
given. </p><p>
Note that passwords which contain the argument delimiter
character (i.e. a comma ',') will failed to be parsed correctly
on the command line. However, the same password defined
in the PASSWD environment variable or a credentials file (see
below) will be read correctly.
</P
></DD
><DT
>credentials=&lt;filename&gt;</DT
><DD
><P
>specifies a file that contains a username
and/or password. The format of the file is:</P
><P
> <PRE
CLASS="PROGRAMLISTING"
> username = &lt;value&gt;
password = &lt;value&gt;
</PRE
>
</P
><P
>This is preferred over having passwords in plaintext in a
shared file, such as <TT
CLASS="FILENAME"
>/etc/fstab</TT
>. Be sure to protect any
</p></dd><dt><span class="term">credentials=&lt;filename&gt;</span></dt><dd><p>specifies a file that contains a username and/or password.
The format of the file is:
</p><pre class="programlisting">
username = &lt;value&gt;
password = &lt;value&gt;
</pre><p>This is preferred over having passwords in plaintext in a
shared file, such as <tt class="filename">/etc/fstab</tt>. Be sure to protect any
credentials file properly.
</P
></DD
><DT
>netbiosname=&lt;arg&gt;</DT
><DD
><P
>sets the source NetBIOS name. It defaults
to the local hostname. </P
></DD
><DT
>uid=&lt;arg&gt;</DT
><DD
><P
>sets the uid that will own all files on
</p></dd><dt><span class="term">krb</span></dt><dd><p>Use kerberos (Active Directory). </p></dd><dt><span class="term">netbiosname=&lt;arg&gt;</span></dt><dd><p>sets the source NetBIOS name. It defaults
to the local hostname. </p></dd><dt><span class="term">uid=&lt;arg&gt;</span></dt><dd><p>sets the uid that will own all files on
the mounted filesystem.
It may be specified as either a username or a numeric uid.
</P
></DD
><DT
>gid=&lt;arg&gt;</DT
><DD
><P
>sets the gid that will own all files on
</p></dd><dt><span class="term">gid=&lt;arg&gt;</span></dt><dd><p>sets the gid that will own all files on
the mounted filesystem.
It may be specified as either a groupname or a numeric
gid. </P
></DD
><DT
>port=&lt;arg&gt;</DT
><DD
><P
>sets the remote SMB port number. The default
is 139. </P
></DD
><DT
>fmask=&lt;arg&gt;</DT
><DD
><P
>sets the file mask. This determines the
gid. </p></dd><dt><span class="term">port=&lt;arg&gt;</span></dt><dd><p>sets the remote SMB port number. The default
is 139. </p></dd><dt><span class="term">fmask=&lt;arg&gt;</span></dt><dd><p>sets the file mask. This determines the
permissions that remote files have in the local filesystem.
The default is based on the current umask. </P
></DD
><DT
>dmask=&lt;arg&gt;</DT
><DD
><P
>sets the directory mask. This determines the
This is not a umask, but the actual permissions for the files.
The default is based on the current umask. </p></dd><dt><span class="term">dmask=&lt;arg&gt;</span></dt><dd><p>Sets the directory mask. This determines the
permissions that remote directories have in the local filesystem.
The default is based on the current umask. </P
></DD
><DT
>debug=&lt;arg&gt;</DT
><DD
><P
>sets the debug level. This is useful for
This is not a umask, but the actual permissions for the directories.
The default is based on the current umask. </p></dd><dt><span class="term">debug=&lt;arg&gt;</span></dt><dd><p>Sets the debug level. This is useful for
tracking down SMB connection problems. A suggested value to
start with is 4. If set too high there will be a lot of
output, possibly hiding the useful output.</P
></DD
><DT
>ip=&lt;arg&gt;</DT
><DD
><P
>sets the destination host or IP address.
</P
></DD
><DT
>workgroup=&lt;arg&gt;</DT
><DD
><P
>sets the workgroup on the destination </P
></DD
><DT
>sockopt=&lt;arg&gt;</DT
><DD
><P
>sets the TCP socket options. See the <A
HREF="smb.conf.5.html#SOCKETOPTIONS"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf
</TT
></A
> <TT
CLASS="PARAMETER"
><I
>socket options</I
></TT
> option.
</P
></DD
><DT
>scope=&lt;arg&gt;</DT
><DD
><P
>sets the NetBIOS scope </P
></DD
><DT
>guest</DT
><DD
><P
>don't prompt for a password </P
></DD
><DT
>ro</DT
><DD
><P
>mount read-only </P
></DD
><DT
>rw</DT
><DD
><P
>mount read-write </P
></DD
><DT
>iocharset=&lt;arg&gt;</DT
><DD
><P
> sets the charset used by the Linux side for codepage
output, possibly hiding the useful output.</p></dd><dt><span class="term">ip=&lt;arg&gt;</span></dt><dd><p>Sets the destination host or IP address.
</p></dd><dt><span class="term">workgroup=&lt;arg&gt;</span></dt><dd><p>Sets the workgroup on the destination </p></dd><dt><span class="term">sockopt=&lt;arg&gt;</span></dt><dd><p>Sets the TCP socket options. See the <a href="smb.conf.5.html#SOCKETOPTIONS" target="_top"><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></a> <i class="parameter"><tt>socket options</tt></i> option.
</p></dd><dt><span class="term">scope=&lt;arg&gt;</span></dt><dd><p>Sets the NetBIOS scope </p></dd><dt><span class="term">guest</span></dt><dd><p>Don't prompt for a password </p></dd><dt><span class="term">ro</span></dt><dd><p>mount read-only </p></dd><dt><span class="term">rw</span></dt><dd><p>mount read-write </p></dd><dt><span class="term">iocharset=&lt;arg&gt;</span></dt><dd><p>
sets the charset used by the Linux side for codepage
to charset translations (NLS). Argument should be the
name of a charset, like iso8859-1. (Note: only kernel
2.4.0 or later)
</P
></DD
><DT
>codepage=&lt;arg&gt;</DT
><DD
><P
> sets the codepage the server uses. See the iocharset
</p></dd><dt><span class="term">codepage=&lt;arg&gt;</span></dt><dd><p>
sets the codepage the server uses. See the iocharset
option. Example value cp850. (Note: only kernel 2.4.0
or later)
</P
></DD
><DT
>ttl=&lt;arg&gt;</DT
><DD
><P
> sets how long a directory listing is cached in milliseconds
</p></dd><dt><span class="term">ttl=&lt;arg&gt;</span></dt><dd><p>
sets how long a directory listing is cached in milliseconds
(also affects visibility of file size and date
changes). A higher value means that changes on the
server take longer to be noticed but it can give
@ -324,141 +75,34 @@ CLASS="PARAMETER"
like 10000ms (10 seconds) is probably more reasonable
in many cases.
(Note: only kernel 2.4.2 or later)
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN125"
></A
><H2
>ENVIRONMENT VARIABLES</H2
><P
>The variable <TT
CLASS="ENVAR"
>USER</TT
> may contain the username of the
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>ENVIRONMENT VARIABLES</h2><p>The variable <tt class="envar">USER</tt> may contain the username of the
person using the client. This information is used only if the
protocol level is high enough to support session-level
passwords. The variable can be used to set both username and
password by using the format username%password.</P
><P
>The variable <TT
CLASS="ENVAR"
>PASSWD</TT
> may contain the password of the
password by using the format username%password.</p><p>The variable <tt class="envar">PASSWD</tt> may contain the password of the
person using the client. This information is used only if the
protocol level is high enough to support session-level
passwords.</P
><P
>The variable <TT
CLASS="ENVAR"
>PASSWD_FILE</TT
> may contain the pathname
passwords.</p><p>The variable <tt class="envar">PASSWD_FILE</tt> may contain the pathname
of a file to read the password from. A single line of input is
read and used as the password.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN133"
></A
><H2
>BUGS</H2
><P
>Passwords and other options containing , can not be handled.
read and used as the password.</p></div><div class="refsect1" lang="en"><h2>BUGS</h2><p>Passwords and other options containing , can not be handled.
For passwords an alternative way of passing them is in a credentials
file or in the PASSWD environment.</P
><P
>The credentials file does not handle usernames or passwords with
leading space.</P
><P
>One smbfs bug is important enough to mention here, even if it
is a bit misplaced:</P
><P
></P
><UL
><LI
><P
>Mounts sometimes stop working. This is usually
file or in the PASSWD environment.</p><p>The credentials file does not handle usernames or passwords with
leading space.</p><p>One smbfs bug is important enough to mention here, even if it
is a bit misplaced:</p><div class="itemizedlist"><ul type="disc"><li><p>Mounts sometimes stop working. This is usually
caused by smbmount terminating. Since smbfs needs smbmount to
reconnect when the server disconnects, the mount will eventually go
dead. An umount/mount normally fixes this. At least 2 ways to
trigger this bug are known.</P
></LI
></UL
><P
>Note that the typical response to a bug report is suggestion
trigger this bug are known.</p></li></ul></div><p>Note that the typical response to a bug report is suggestion
to try the latest version first. So please try doing that first,
and always include which versions you use of relevant software
when reporting bugs (minimum: samba, kernel, distribution)</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN142"
></A
><H2
>SEE ALSO</H2
><P
>Documentation/filesystems/smbfs.txt in the linux kernel
source tree may contain additional options and information.</P
><P
>FreeBSD also has a smbfs, but it is not related to smbmount</P
><P
>For Solaris, HP-UX and others you may want to look at
<A
HREF="smbsh.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbsh(1)</B
></A
> or at other
solutions, such as sharity or perhaps replacing the SMB server with
a NFS server.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN149"
></A
><H2
>AUTHOR</H2
><P
>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.</P
><P
>The current maintainer of smbfs and the userspace
tools <B
CLASS="COMMAND"
>smbmount</B
>, <B
CLASS="COMMAND"
>smbumount</B
>,
and <B
CLASS="COMMAND"
>smbmnt</B
> is <A
HREF="mailto:urban@teststation.com"
TARGET="_top"
>Urban Widmark</A
>.
The <A
HREF="mailto:samba@samba.org"
TARGET="_top"
>SAMBA Mailing list</A
>
when reporting bugs (minimum: samba, kernel, distribution)</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p>Documentation/filesystems/smbfs.txt in the linux kernel
source tree may contain additional options and information.</p><p>FreeBSD also has a smbfs, but it is not related to smbmount</p><p>For Solaris, HP-UX and others you may want to look at <a href="smbsh.1.html"><span class="citerefentry"><span class="refentrytitle">smbsh</span>(1)</span></a> or at other solutions, such as
Sharity or perhaps replacing the SMB server with a NFS server.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.</p><p>The current maintainer of smbfs and the userspace
tools <b class="command">smbmount</b>, <b class="command">smbumount</b>,
and <b class="command">smbmnt</b> is <a href="mailto:urban@teststation.com" target="_top">Urban Widmark</a>.
The <a href="mailto:samba@samba.org" target="_top">SAMBA Mailing list</a>
is the preferred place to ask questions regarding these programs.
</P
><P
>The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter</P
></DIV
></BODY
></HTML
>
</p><p>The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
was done by Alexander Bokovoy.</p></div></div></body></html>

342
docs/htmldocs/smbpasswd.5.html
View File

@ -1,357 +1,89 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbpasswd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBPASSWD"
></A
>smbpasswd</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbpasswd&nbsp;--&nbsp;The Samba encrypted password file</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><TT
CLASS="FILENAME"
>smbpasswd</TT
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN11"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>smbpasswd is the Samba encrypted password file. It contains
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbpasswd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbpasswd.5"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbpasswd &#8212; The Samba encrypted password file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><tt class="filename">smbpasswd</tt></p></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>smbpasswd is the Samba encrypted password file. It contains
the username, Unix user id and the SMB hashed passwords of the
user, as well as account flag information and the time the
password was last changed. This file format has been evolving with
Samba and has had several different formats in the past. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN16"
></A
><H2
>FILE FORMAT</H2
><P
>The format of the smbpasswd file used by Samba 2.2
is very similar to the familiar Unix <TT
CLASS="FILENAME"
>passwd(5)</TT
>
Samba and has had several different formats in the past. </p></div><div class="refsect1" lang="en"><h2>FILE FORMAT</h2><p>The format of the smbpasswd file used by Samba 2.2
is very similar to the familiar Unix <tt class="filename">passwd(5)</tt>
file. It is an ASCII file containing one line for each user. Each field
ithin each line is separated from the next by a colon. Any entry
beginning with '#' is ignored. The smbpasswd file contains the
following information for each user: </P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>name</DT
><DD
><P
> This is the user name. It must be a name that
already exists in the standard UNIX passwd file. </P
></DD
><DT
>uid</DT
><DD
><P
>This is the UNIX uid. It must match the uid
following information for each user: </p><div class="variablelist"><dl><dt><span class="term">name</span></dt><dd><p> This is the user name. It must be a name that
already exists in the standard UNIX passwd file. </p></dd><dt><span class="term">uid</span></dt><dd><p>This is the UNIX uid. It must match the uid
field for the same user entry in the standard UNIX passwd file.
If this does not match then Samba will refuse to recognize
this smbpasswd file entry as being valid for a user.
</P
></DD
><DT
>Lanman Password Hash</DT
><DD
><P
>This is the LANMAN hash of the user's password,
</p></dd><dt><span class="term">Lanman Password Hash</span></dt><dd><p>This is the LANMAN hash of the user's password,
encoded as 32 hex digits. The LANMAN hash is created by DES
encrypting a well known string with the user's password as the
DES key. This is the same password used by Windows 95/98 machines.
Note that this password hash is regarded as weak as it is
vulnerable to dictionary attacks and if two users choose the
same password this entry will be identical (i.e. the password
is not "salted" as the UNIX password is). If the user has a
null password this field will contain the characters "NO PASSWORD"
is not &quot;salted&quot; as the UNIX password is). If the user has a
null password this field will contain the characters &quot;NO PASSWORD&quot;
as the start of the hex string. If the hex string is equal to
32 'X' characters then the user's account is marked as
<TT
CLASS="CONSTANT"
>disabled</TT
> and the user will not be able to
log onto the Samba server. </P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>WARNING !!</I
></SPAN
> Note that, due to
<tt class="constant">disabled</tt> and the user will not be able to
log onto the Samba server. </p><p><span class="emphasis"><em>WARNING !!</em></span> Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>plain text
equivalents</I
></SPAN
> and must <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
> be made
reason these hashes are known as <span class="emphasis"><em>plain text
equivalents</em></span> and must <span class="emphasis"><em>NOT</em></span> be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
traverse access only to the root user and the smbpasswd file
itself must be set to be read/write only by root, with no
other access. </P
></DD
><DT
>NT Password Hash</DT
><DD
><P
>This is the Windows NT hash of the user's
other access. </p></dd><dt><span class="term">NT Password Hash</span></dt><dd><p>This is the Windows NT hash of the user's
password, encoded as 32 hex digits. The Windows NT hash is
created by taking the user's password as represented in
16-bit, little-endian UNICODE and then applying the MD4
(internet rfc1321) hashing algorithm to it. </P
><P
>This password hash is considered more secure than
(internet rfc1321) hashing algorithm to it. </p><p>This password hash is considered more secure than
the LANMAN Password Hash as it preserves the case of the
password and uses a much higher quality hashing algorithm.
However, it is still the case that if two users choose the same
password this entry will be identical (i.e. the password is
not "salted" as the UNIX password is). </P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>WARNING !!</I
></SPAN
>. Note that, due to
not &quot;salted&quot; as the UNIX password is). </p><p><span class="emphasis"><em>WARNING !!</em></span>. Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>plain text
equivalents</I
></SPAN
> and must <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
> be made
reason these hashes are known as <span class="emphasis"><em>plain text
equivalents</em></span> and must <span class="emphasis"><em>NOT</em></span> be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
traverse access only to the root user and the smbpasswd file
itself must be set to be read/write only by root, with no
other access. </P
></DD
><DT
>Account Flags</DT
><DD
><P
>This section contains flags that describe
other access. </p></dd><dt><span class="term">Account Flags</span></dt><dd><p>This section contains flags that describe
the attributes of the users account. In the Samba 2.2 release
this field is bracketed by '[' and ']' characters and is always
13 characters in length (including the '[' and ']' characters).
The contents of this field may be any of the characters.
</P
><P
></P
><UL
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>U</I
></SPAN
> - This means
this is a "User" account, i.e. an ordinary user. Only User
The contents of this field may be any of the following characters:
</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>U</em></span> - This means
this is a &quot;User&quot; account, i.e. an ordinary user. Only User
and Workstation Trust accounts are currently supported
in the smbpasswd file. </P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>N</I
></SPAN
> - This means the
in the smbpasswd file. </p></li><li><p><span class="emphasis"><em>N</em></span> - This means the
account has no password (the passwords in the fields LANMAN
Password Hash and NT Password Hash are ignored). Note that this
will only allow users to log on with no password if the <TT
CLASS="PARAMETER"
><I
> null passwords</I
></TT
> parameter is set in the <A
HREF="smb.conf.5.html#NULLPASSWORDS"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)
</TT
></A
> config file. </P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>D</I
></SPAN
> - This means the account
is disabled and no SMB/CIFS logins will be allowed for
this user. </P
></LI
><LI
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>W</I
></SPAN
> - This means this account
is a "Workstation Trust" account. This kind of account is used
will only allow users to log on with no password if the <i class="parameter"><tt>
null passwords</tt></i> parameter is set in the <a href="smb.conf.5.html#NULLPASSWORDS" target="_top"><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></a> config file. </p></li><li><p><span class="emphasis"><em>D</em></span> - This means the account
is disabled and no SMB/CIFS logins will be allowed for this user. </p></li><li><p><span class="emphasis"><em>W</em></span> - This means this account
is a &quot;Workstation Trust&quot; account. This kind of account is used
in the Samba PDC code stream to allow Windows NT Workstations
and Servers to join a Domain hosted by a Samba PDC. </P
></LI
></UL
><P
>Other flags may be added as the code is extended in future.
The rest of this field space is filled in with spaces. </P
></DD
><DT
>Last Change Time</DT
><DD
><P
>This field consists of the time the account was
and Servers to join a Domain hosted by a Samba PDC. </p></li></ul></div><p>Other flags may be added as the code is extended in future.
The rest of this field space is filled in with spaces. </p></dd><dt><span class="term">Last Change Time</span></dt><dd><p>This field consists of the time the account was
last modified. It consists of the characters 'LCT-' (standing for
"Last Change Time") followed by a numeric encoding of the UNIX time
&quot;Last Change Time&quot;) followed by a numeric encoding of the UNIX time
in seconds since the epoch (1970) that the last change was made.
</P
></DD
></DL
></DIV
><P
>All other colon separated fields are ignored at this time.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN73"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN76"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbpasswd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbpasswd(8)</B
></A
>,
<A
HREF="samba.7.html"
TARGET="_top"
>samba(7)</A
>, and
</p></dd></dl></div><p>All other colon separated fields are ignored at this time.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>, and
the Internet RFC1321 for details on the MD4 algorithm.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN82"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

663
docs/htmldocs/smbpasswd.8.html
View File

@ -1,626 +1,163 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>smbpasswd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBPASSWD">smbpasswd</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbpasswd&nbsp;--&nbsp;change a user's SMB password</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbpasswd</B
> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &#60;remote machine&#62;] [-R &#60;name resolve order&#62;] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN27"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>The smbpasswd program has several different
functions, depending on whether it is run by the <I
CLASS="EMPHASIS"
>root</I
>
user or not. When run as a normal user it allows the user to change
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbpasswd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbpasswd.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbpasswd &#8212; change a user's SMB password</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbpasswd</tt> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &lt;remote machine&gt;] [-R &lt;name resolve order&gt;] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The smbpasswd program has several different
functions, depending on whether it is run by the <span class="emphasis"><em>root</em></span> user
or not. When run as a normal user it allows the user to change
the password used for their SMB sessions on any machines that store
SMB passwords. </P
><P
>By default (when run with no arguments) it will attempt to
SMB passwords. </p><p>By default (when run with no arguments) it will attempt to
change the current user's SMB password on the local machine. This is
similar to the way the <B
CLASS="COMMAND"
>passwd(1)</B
> program works.
<B
CLASS="COMMAND"
>smbpasswd</B
> differs from how the passwd program works
however in that it is not <I
CLASS="EMPHASIS"
>setuid root</I
> but works in
a client-server mode and communicates with a locally running
<B
CLASS="COMMAND"
>smbd(8)</B
>. As a consequence in order for this to
similar to the way the <b class="command">passwd(1)</b> program works. <b class="command">
smbpasswd</b> differs from how the passwd program works
however in that it is not <span class="emphasis"><em>setuid root</em></span> but works in
a client-server mode and communicates with a
locally running <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>. As a consequence in order for this to
succeed the smbd daemon must be running on the local machine. On a
UNIX machine the encrypted SMB passwords are usually stored in
the <TT
CLASS="FILENAME"
>smbpasswd(5)</TT
> file. </P
><P
>When run by an ordinary user with no options, smbpasswd
the <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> file. </p><p>When run by an ordinary user with no options, smbpasswd
will prompt them for their old SMB password and then ask them
for their new password twice, to ensure that the new password
was typed correctly. No passwords will be echoed on the screen
whilst being typed. If you have a blank SMB password (specified by
the string "NO PASSWORD" in the smbpasswd file) then just press
the &#60;Enter&#62; key when asked for your old password. </P
><P
>smbpasswd can also be used by a normal user to change their
the string &quot;NO PASSWORD&quot; in the smbpasswd file) then just press
the &lt;Enter&gt; key when asked for your old password. </p><p>smbpasswd can also be used by a normal user to change their
SMB password on remote machines, such as Windows NT Primary Domain
Controllers. See the (-r) and -U options below. </P
><P
>When run by root, smbpasswd allows new users to be added
Controllers. See the (<i class="parameter"><tt>-r</tt></i>) and <i class="parameter"><tt>-U</tt></i> options
below. </p><p>When run by root, smbpasswd allows new users to be added
and deleted in the smbpasswd file, as well as allows changes to
the attributes of the user in this file to be made. When run by root,
<B
CLASS="COMMAND"
>smbpasswd</B
> accesses the local smbpasswd file
the attributes of the user in this file to be made. When run by root, <b class="command">
smbpasswd</b> accesses the local smbpasswd file
directly, thus enabling changes to be made even if smbd is not
running. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN43"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-a</DT
><DD
><P
>This option specifies that the username
running. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-a</span></dt><dd><p>This option specifies that the username
following should be added to the local smbpasswd file, with the
new password typed (type &#60;Enter&#62; for the old password). This
new password typed (type &lt;Enter&gt; for the old password). This
option is ignored if the username following already exists in
the smbpasswd file and it is treated like a regular change
password command. Note that the default passdb backends require
the user to already exist in the system password file (usually
<TT
CLASS="FILENAME"
>/etc/passwd</TT
>), else the request to add the
user will fail. </P
><P
>This option is only available when running smbpasswd
as root. </P
></DD
><DT
>-x</DT
><DD
><P
>This option specifies that the username
<tt class="filename">/etc/passwd</tt>), else the request to add the
user will fail. </p><p>This option is only available when running smbpasswd
as root. </p></dd><dt><span class="term">-x</span></dt><dd><p>This option specifies that the username
following should be deleted from the local smbpasswd file.
</P
><P
>This option is only available when running smbpasswd as
root.</P
></DD
><DT
>-d</DT
><DD
><P
>This option specifies that the username following
should be <TT
CLASS="CONSTANT"
>disabled</TT
> in the local smbpasswd
file. This is done by writing a <TT
CLASS="CONSTANT"
>'D'</TT
> flag
</p><p>This option is only available when running smbpasswd as
root.</p></dd><dt><span class="term">-d</span></dt><dd><p>This option specifies that the username following
should be <tt class="constant">disabled</tt> in the local smbpasswd
file. This is done by writing a <tt class="constant">'D'</tt> flag
into the account control space in the smbpasswd file. Once this
is done all attempts to authenticate via SMB using this username
will fail. </P
><P
>If the smbpasswd file is in the 'old' format (pre-Samba 2.0
will fail. </p><p>If the smbpasswd file is in the 'old' format (pre-Samba 2.0
format) there is no space in the user's password entry to write
this information and the command will FAIL. See <B
CLASS="COMMAND"
>smbpasswd(5)
</B
> for details on the 'old' and new password file formats.
</P
><P
>This option is only available when running smbpasswd as
root.</P
></DD
><DT
>-e</DT
><DD
><P
>This option specifies that the username following
should be <TT
CLASS="CONSTANT"
>enabled</TT
> in the local smbpasswd file,
this information and the command will FAIL. See <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for details on the 'old' and new password file formats.
</p><p>This option is only available when running smbpasswd as
root.</p></dd><dt><span class="term">-e</span></dt><dd><p>This option specifies that the username following
should be <tt class="constant">enabled</tt> in the local smbpasswd file,
if the account was previously disabled. If the account was not
disabled this option has no effect. Once the account is enabled then
the user will be able to authenticate via SMB once again. </P
><P
>If the smbpasswd file is in the 'old' format, then <B
CLASS="COMMAND"
> smbpasswd</B
> will FAIL to enable the account.
See <B
CLASS="COMMAND"
>smbpasswd (5)</B
> for
details on the 'old' and new password file formats. </P
><P
>This option is only available when running smbpasswd as root.
</P
></DD
><DT
>-D debuglevel</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>debuglevel</I
></TT
> is an integer
the user will be able to authenticate via SMB once again. </p><p>If the smbpasswd file is in the 'old' format, then <b class="command">
smbpasswd</b> will FAIL to enable the account.
See <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for
details on the 'old' and new password file formats. </p><p>This option is only available when running smbpasswd as root.
</p></dd><dt><span class="term">-D debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is not specified
is zero. </P
><P
>The higher this value, the more detail will be logged to the
is zero. </p><p>The higher this value, the more detail will be logged to the
log files about the activities of smbpasswd. At level 0, only
critical errors and serious warnings will be logged. </P
><P
>Levels above 1 will generate considerable amounts of log
critical errors and serious warnings will be logged. </p><p>Levels above 1 will generate considerable amounts of log
data, and should only be used when investigating a problem. Levels
above 3 are designed for use only by developers and generate
HUGE amounts of log data, most of which is extremely cryptic.
</P
></DD
><DT
>-n</DT
><DD
><P
>This option specifies that the username following
</p></dd><dt><span class="term">-n</span></dt><dd><p>This option specifies that the username following
should have their password set to null (i.e. a blank password) in
the local smbpasswd file. This is done by writing the string "NO
PASSWORD" as the first part of the first password stored in the
smbpasswd file. </P
><P
>Note that to allow users to logon to a Samba server once
the password has been set to "NO PASSWORD" in the smbpasswd
the local smbpasswd file. This is done by writing the string &quot;NO
PASSWORD&quot; as the first part of the first password stored in the
smbpasswd file. </p><p>Note that to allow users to logon to a Samba server once
the password has been set to &quot;NO PASSWORD&quot; in the smbpasswd
file the administrator must set the following parameter in the [global]
section of the <TT
CLASS="FILENAME"
>smb.conf</TT
> file : </P
><P
><B
CLASS="COMMAND"
>null passwords = yes</B
></P
><P
>This option is only available when running smbpasswd as
root.</P
></DD
><DT
>-r remote machine name</DT
><DD
><P
>This option allows a user to specify what machine
section of the <tt class="filename">smb.conf</tt> file : </p><p><b class="command">null passwords = yes</b></p><p>This option is only available when running smbpasswd as
root.</p></dd><dt><span class="term">-r remote machine name</span></dt><dd><p>This option allows a user to specify what machine
they wish to change their password on. Without this parameter
smbpasswd defaults to the local host. The <TT
CLASS="REPLACEABLE"
><I
>remote
machine name</I
></TT
> is the NetBIOS name of the SMB/CIFS
smbpasswd defaults to the local host. The <i class="replaceable"><tt>remote
machine name</tt></i> is the NetBIOS name of the SMB/CIFS
server to contact to attempt the password change. This name is
resolved into an IP address using the standard name resolution
mechanism in all programs of the Samba suite. See the <TT
CLASS="PARAMETER"
><I
>-R
name resolve order</I
></TT
> parameter for details on changing
this resolving mechanism. </P
><P
>The username whose password is changed is that of the
current UNIX logged on user. See the <TT
CLASS="PARAMETER"
><I
>-U username</I
></TT
>
mechanism in all programs of the Samba suite. See the <i class="parameter"><tt>-R
name resolve order</tt></i> parameter for details on changing
this resolving mechanism. </p><p>The username whose password is changed is that of the
current UNIX logged on user. See the <i class="parameter"><tt>-U username</tt></i>
parameter for details on changing the password for a different
username. </P
><P
>Note that if changing a Windows NT Domain password the
username. </p><p>Note that if changing a Windows NT Domain password the
remote machine specified must be the Primary Domain Controller for
the domain (Backup Domain Controllers only have a read-only
copy of the user account database and will not allow the password
change).</P
><P
><I
CLASS="EMPHASIS"
>Note</I
> that Windows 95/98 do not have
change).</p><p><span class="emphasis"><em>Note</em></span> that Windows 95/98 do not have
a real password database so it is not possible to change passwords
specifying a Win95/98 machine as remote machine target. </P
></DD
><DT
>-R name resolve order</DT
><DD
><P
>This option allows the user of smbpasswd to determine
specifying a Win95/98 machine as remote machine target. </p></dd><dt><span class="term">-R name resolve order</span></dt><dd><p>This option allows the user of smbpasswd to determine
what name resolution services to use when looking up the NetBIOS
name of the host being connected to. </P
><P
>The options are :"lmhosts", "host", "wins" and "bcast". They
cause names to be resolved as follows : </P
><P
></P
><UL
><LI
><P
><TT
CLASS="CONSTANT"
>lmhosts</TT
> : Lookup an IP
name of the host being connected to. </p><p>The options are :&quot;lmhosts&quot;, &quot;host&quot;, &quot;wins&quot; and &quot;bcast&quot;. They
cause names to be resolved as follows: </p><div class="itemizedlist"><ul type="disc"><li><p><tt class="constant">lmhosts</tt>: Lookup an IP
address in the Samba lmhosts file. If the line in lmhosts has
no name type attached to the NetBIOS name (see the <A
HREF="lmhosts.5.html"
TARGET="_top"
>lmhosts(5)</A
> for details) then
any name type matches for lookup.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>host</TT
> : Do a standard host
name to IP address resolution, using the system <TT
CLASS="FILENAME"
>/etc/hosts
</TT
>, NIS, or DNS lookups. This method of name resolution
no name type attached to the NetBIOS name (see the <a href="lmhosts.5.html"><span class="citerefentry"><span class="refentrytitle">lmhosts</span>(5)</span></a> for details) then
any name type matches for lookup.</p></li><li><p><tt class="constant">host</tt>: Do a standard host
name to IP address resolution, using the system <tt class="filename">/etc/hosts
</tt>, NIS, or DNS lookups. This method of name resolution
is operating system depended for instance on IRIX or Solaris this
may be controlled by the <TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
>
may be controlled by the <tt class="filename">/etc/nsswitch.conf</tt>
file). Note that this method is only used if the NetBIOS name
type being queried is the 0x20 (server) name type, otherwise
it is ignored.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>wins</TT
> : Query a name with
the IP address listed in the <TT
CLASS="PARAMETER"
><I
>wins server</I
></TT
>
it is ignored.</p></li><li><p><tt class="constant">wins</tt>: Query a name with
the IP address listed in the <i class="parameter"><tt>wins server</tt></i>
parameter. If no WINS server has been specified this method
will be ignored.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>bcast</TT
> : Do a broadcast on
will be ignored.</p></li><li><p><tt class="constant">bcast</tt>: Do a broadcast on
each of the known local interfaces listed in the
<TT
CLASS="PARAMETER"
><I
>interfaces</I
></TT
> parameter. This is the least
<i class="parameter"><tt>interfaces</tt></i> parameter. This is the least
reliable of the name resolution methods as it depends on the
target host being on a locally connected subnet.</P
></LI
></UL
><P
>The default order is <B
CLASS="COMMAND"
>lmhosts, host, wins, bcast</B
>
and without this parameter or any entry in the
<TT
CLASS="FILENAME"
>smb.conf</TT
> file the name resolution methods will
be attempted in this order. </P
></DD
><DT
>-m</DT
><DD
><P
>This option tells smbpasswd that the account
target host being on a locally connected subnet.</p></li></ul></div><p>The default order is <b class="command">lmhosts, host, wins, bcast</b>
and without this parameter or any entry in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file the name resolution methods will
be attempted in this order. </p></dd><dt><span class="term">-m</span></dt><dd><p>This option tells smbpasswd that the account
being changed is a MACHINE account. Currently this is used
when Samba is being used as an NT Primary Domain Controller.</P
><P
>This option is only available when running smbpasswd as root.
</P
></DD
><DT
>-U username</DT
><DD
><P
>This option may only be used in conjunction
with the <TT
CLASS="PARAMETER"
><I
>-r</I
></TT
> option. When changing
when Samba is being used as an NT Primary Domain Controller.</p><p>This option is only available when running smbpasswd as root.
</p></dd><dt><span class="term">-U username</span></dt><dd><p>This option may only be used in conjunction
with the <i class="parameter"><tt>-r</tt></i> option. When changing
a password on a remote machine it allows the user to specify
the user name on that machine whose password will be changed. It
is present to allow users who have different user names on
different systems to change these passwords. </P
></DD
><DT
>-h</DT
><DD
><P
>This option prints the help string for <B
CLASS="COMMAND"
> smbpasswd</B
>, selecting the correct one for running as root
or as an ordinary user. </P
></DD
><DT
>-s</DT
><DD
><P
>This option causes smbpasswd to be silent (i.e.
different systems to change these passwords. </p></dd><dt><span class="term">-h</span></dt><dd><p>This option prints the help string for <b class="command">
smbpasswd</b>, selecting the correct one for running as root
or as an ordinary user. </p></dd><dt><span class="term">-s</span></dt><dd><p>This option causes smbpasswd to be silent (i.e.
not issue prompts) and to read its old and new passwords from
standard input, rather than from <TT
CLASS="FILENAME"
>/dev/tty</TT
>
(like the <B
CLASS="COMMAND"
>passwd(1)</B
> program does). This option
is to aid people writing scripts to drive smbpasswd</P
></DD
><DT
>-w password</DT
><DD
><P
>This parameter is only available if Samba
standard input, rather than from <tt class="filename">/dev/tty</tt>
(like the <b class="command">passwd(1)</b> program does). This option
is to aid people writing scripts to drive smbpasswd</p></dd><dt><span class="term">-w password</span></dt><dd><p>This parameter is only available if Samba
has been configured to use the experimental
<B
CLASS="COMMAND"
>--with-ldapsam</B
> option. The <TT
CLASS="PARAMETER"
><I
>-w</I
></TT
>
<b class="command">--with-ldapsam</b> option. The <i class="parameter"><tt>-w</tt></i>
switch is used to specify the password to be used with the
<A
HREF="smb.conf.5.html#LDAPADMINDN"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>ldap admin
dn</I
></TT
></A
>. Note that the password is stored in
the <TT
CLASS="FILENAME"
>private/secrets.tdb</TT
> and is keyed off
of the admin's DN. This means that if the value of <TT
CLASS="PARAMETER"
><I
>ldap
admin dn</I
></TT
> ever changes, the password will need to be
<a href="smb.conf.5.html#LDAPADMINDN" target="_top"><i class="parameter"><tt>ldap admin
dn</tt></i></a>. Note that the password is stored in
the <tt class="filename">secrets.tdb</tt> and is keyed off
of the admin's DN. This means that if the value of <i class="parameter"><tt>ldap
admin dn</tt></i> ever changes, the password will need to be
manually updated as well.
</P
></DD
><DT
>-i</DT
><DD
><P
>This option tells smbpasswd that the account
</p></dd><dt><span class="term">-i</span></dt><dd><p>This option tells smbpasswd that the account
being changed is an interdomain trust account. Currently this is used
when Samba is being used as an NT Primary Domain Controller.
The account contains the info about another trusted domain.</P
><P
>This option is only available when running smbpasswd as root.
</P
></DD
><DT
>-L</DT
><DD
><P
>Run in local mode.</P
></DD
><DT
>username</DT
><DD
><P
>This specifies the username for all of the
<I
CLASS="EMPHASIS"
>root only</I
> options to operate on. Only root
The account contains the info about another trusted domain.</p><p>This option is only available when running smbpasswd as root.
</p></dd><dt><span class="term">-L</span></dt><dd><p>Run in local mode.</p></dd><dt><span class="term">username</span></dt><dd><p>This specifies the username for all of the
<span class="emphasis"><em>root only</em></span> options to operate on. Only root
can specify this parameter as only root has the permission needed
to modify attributes directly in the local smbpasswd file.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN173"
></A
><H2
>NOTES</H2
><P
>Since <B
CLASS="COMMAND"
>smbpasswd</B
> works in client-server
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>NOTES</h2><p>Since <b class="command">smbpasswd</b> works in client-server
mode communicating with a local smbd for a non-root user then
the smbd daemon must be running for this to work. A common problem
is to add a restriction to the hosts that may access the <B
CLASS="COMMAND"
> smbd</B
> running on the local machine by specifying a
<TT
CLASS="PARAMETER"
><I
>allow hosts</I
></TT
> or <TT
CLASS="PARAMETER"
><I
>deny hosts</I
></TT
>
entry in the <TT
CLASS="FILENAME"
>smb.conf</TT
> file and neglecting to
allow "localhost" access to the smbd. </P
><P
>In addition, the smbpasswd command is only useful if Samba
has been set up to use encrypted passwords. See the file
<TT
CLASS="FILENAME"
>ENCRYPTION.txt</TT
> in the docs directory for details
on how to do this. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN183"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN186"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbpasswd.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smbpasswd(5)</TT
></A
>,
<A
HREF="samba.7.html"
TARGET="_top"
>samba(7)</A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN192"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
is to add a restriction to the hosts that may access the <b class="command">
smbd</b> running on the local machine by specifying either <i class="parameter"><tt>allow
hosts</tt></i> or <i class="parameter"><tt>deny hosts</tt></i> entry in
the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file and neglecting to
allow &quot;localhost&quot; access to the smbd. </p><p>In addition, the smbpasswd command is only useful if Samba
has been set up to use encrypted passwords. See the document <a href="pwencrypt.html" target="_top">
&quot;LanMan and NT Password Encryption in Samba&quot;</a> in the docs directory for details
on how to do this. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>, <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

551
docs/htmldocs/smbsh.1.html
View File

@ -1,467 +1,110 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>smbsh</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBSH">smbsh</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbsh&nbsp;--&nbsp;Allows access to Windows NT filesystem
using UNIX commands</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbsh</B
> [-W workgroup] [-U username] [-P prefix] [-R &#60;name resolve order&#62;] [-d &#60;debug level&#62;] [-l logfile] [-L libdir]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN18"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>smbsh</B
> allows you to access an NT filesystem
using UNIX commands such as <B
CLASS="COMMAND"
>ls</B
>, <B
CLASS="COMMAND"
> egrep</B
>, and <B
CLASS="COMMAND"
>rcp</B
>. You must use a
shell that is dynamically linked in order for <B
CLASS="COMMAND"
>smbsh</B
>
to work correctly.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN28"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-W WORKGROUP</DT
><DD
><P
>Override the default workgroup specified in the
workgroup parameter of the <TT
CLASS="FILENAME"
>smb.conf</TT
> file
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbsh</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbsh.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbsh &#8212; Allows access to Windows NT filesystem
using UNIX commands</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbsh</tt> [-W workgroup] [-U username] [-P prefix] [-R &lt;name resolve order&gt;] [-d &lt;debug level&gt;] [-l logfile] [-L libdir]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbsh</b> allows you to access an NT filesystem
using UNIX commands such as <b class="command">ls</b>, <b class="command">
egrep</b>, and <b class="command">rcp</b>. You must use a
shell that is dynamically linked in order for <b class="command">smbsh</b>
to work correctly.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-W WORKGROUP</span></dt><dd><p>Override the default workgroup specified in the
workgroup parameter of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file
for this session. This may be needed to connect to some
servers. </P
></DD
><DT
>-U username[%pass]</DT
><DD
><P
>Sets the SMB username or username and password.
servers. </p></dd><dt><span class="term">-U username[%pass]</span></dt><dd><p>Sets the SMB username or username and password.
If this option is not specified, the user will be prompted for
both the username and the password. If %pass is not specified,
the user will be prompted for the password.
</P
></DD
><DT
>-P prefix</DT
><DD
><P
>This option allows
</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>This option allows
the user to set the directory prefix for SMB access. The
default value if this option is not specified is
<I
CLASS="EMPHASIS"
>smb</I
>.
</P
></DD
><DT
>-R &#60;name resolve order&#62;</DT
><DD
><P
>This option is used to determine what naming
services and in what order to resolve
host names to IP addresses. The option takes a space-separated
string of different name resolution options.</P
><P
>The options are :"lmhosts", "host", "wins" and "bcast".
They cause names to be resolved as follows :</P
><P
></P
><UL
><LI
><P
><TT
CLASS="CONSTANT"
>lmhosts</TT
> :
Lookup an IP address in the Samba lmhosts file. If the
line in lmhosts has no name type attached to the
NetBIOS name
(see the <A
HREF="lmhosts.5.html"
TARGET="_top"
>lmhosts(5)</A
>
for details) then any name type matches for lookup.
</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>host</TT
> :
Do a standard host name to IP address resolution, using
the system <TT
CLASS="FILENAME"
>/etc/hosts</TT
>, NIS, or DNS
lookups. This method of name resolution is operating
system dependent, for instance on IRIX or Solaris this
may be controlled by the <TT
CLASS="FILENAME"
>/etc/nsswitch.conf
</TT
> file). Note that this method is only used
if the NetBIOS name type being queried is the 0x20
(server) name type, otherwise it is ignored.
</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>wins</TT
> :
Query a name with the IP address listed in the
<TT
CLASS="PARAMETER"
><I
>wins server</I
></TT
> parameter. If no
WINS server has been specified this method will be
ignored.
</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>bcast</TT
> :
Do a broadcast on each of the known local interfaces
listed in the <TT
CLASS="PARAMETER"
><I
>interfaces</I
></TT
>
parameter. This is the least reliable of the name
resolution methods as it depends on the target host
being on a locally connected subnet.
</P
></LI
></UL
><P
>If this parameter is not set then the name resolve order
defined in the <TT
CLASS="FILENAME"
>smb.conf</TT
> file parameter
(name resolve order) will be used. </P
><P
>The default order is lmhosts, host, wins, bcast. Without
this parameter or any entry in the <TT
CLASS="PARAMETER"
><I
>name resolve order
</I
></TT
> parameter of the <TT
CLASS="FILENAME"
>smb.conf</TT
>
file, the name resolution methods will be attempted in this
order. </P
></DD
><DT
>-d &#60;debug level&#62;</DT
><DD
><P
>debug level is an integer from 0 to 10.</P
><P
>The default value if this parameter is not specified
is zero.</P
><P
>The higher this value, the more detail will be logged
about the activities of <B
CLASS="COMMAND"
>nmblookup</B
>. At level
0, only critical errors and serious warnings will be logged.
</P
></DD
><DT
>-l logfilename</DT
><DD
><P
>If specified causes all debug messages to be
written to the file specified by <TT
CLASS="REPLACEABLE"
><I
>logfilename
</I
></TT
>. If not specified then all messages will be
written to<TT
CLASS="REPLACEABLE"
><I
>stderr</I
></TT
>.
</P
></DD
><DT
>-L libdir</DT
><DD
><P
>This parameter specifies the location of the
shared libraries used by <B
CLASS="COMMAND"
>smbsh</B
>. The default
<span class="emphasis"><em>smb</em></span>.
</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-R &lt;name resolve order&gt;</span></dt><dd><p>This option is used to determine what naming
services and in what order to resolve
host names to IP addresses. The option takes a space-separated
string of different name resolution options.</p><p>The options are: &quot;lmhosts&quot;, &quot;host&quot;, &quot;wins&quot; and &quot;bcast&quot;.
They cause names to be resolved as follows :</p><div class="itemizedlist"><ul type="disc"><li><p><tt class="constant">lmhosts</tt>:
Lookup an IP address in the Samba lmhosts file. If the
line in lmhosts has no name type attached to the
NetBIOS name
(see the <a href="lmhosts.5.html"><span class="citerefentry"><span class="refentrytitle">lmhosts</span>(5)</span></a> for details)
then any name type matches for lookup.
</p></li><li><p><tt class="constant">host</tt>:
Do a standard host name to IP address resolution, using
the system <tt class="filename">/etc/hosts</tt>, NIS, or DNS
lookups. This method of name resolution is operating
system dependent, for instance on IRIX or Solaris this
may be controlled by the <tt class="filename">/etc/nsswitch.conf
</tt> file). Note that this method is only used
if the NetBIOS name type being queried is the 0x20
(server) name type, otherwise it is ignored.
</p></li><li><p><tt class="constant">wins</tt>:
Query a name with the IP address listed in the
<i class="parameter"><tt>wins server</tt></i> parameter. If no
WINS server has been specified this method will be
ignored.
</p></li><li><p><tt class="constant">bcast</tt>:
Do a broadcast on each of the known local interfaces
listed in the <i class="parameter"><tt>interfaces</tt></i>
parameter. This is the least reliable of the name
resolution methods as it depends on the target host
being on a locally connected subnet.
</p></li></ul></div><p>If this parameter is not set then the name resolve order
defined in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file parameter
(<i class="parameter"><tt>name resolve order</tt></i>) will be used. </p><p>The default order is lmhosts, host, wins, bcast. Without
this parameter or any entry in the <i class="parameter"><tt>name resolve order
</tt></i> parameter of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file, the name resolution methods
will be attempted in this order. </p></dd><dt><span class="term">-L libdir</span></dt><dd><p>This parameter specifies the location of the
shared libraries used by <b class="command">smbsh</b>. The default
value is specified at compile time.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN91"
></A
><H2
>EXAMPLES</H2
><P
>To use the <B
CLASS="COMMAND"
>smbsh</B
> command, execute <B
CLASS="COMMAND"
> smbsh</B
> from the prompt and enter the username and password
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXAMPLES</h2><p>To use the <b class="command">smbsh</b> command, execute <b class="command">
smbsh</b> from the prompt and enter the username and password
that authenticates you to the machine running the Windows NT
operating system.</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> <TT
CLASS="PROMPT"
>system% </TT
><TT
CLASS="USERINPUT"
><B
>smbsh</B
></TT
>
<TT
CLASS="PROMPT"
>Username: </TT
><TT
CLASS="USERINPUT"
><B
>user</B
></TT
>
<TT
CLASS="PROMPT"
>Password: </TT
><TT
CLASS="USERINPUT"
><B
>XXXXXXX</B
></TT
>
</PRE
></TD
></TR
></TABLE
></P
><P
>Any dynamically linked command you execute from
this shell will access the <TT
CLASS="FILENAME"
>/smb</TT
> directory
using the smb protocol. For example, the command <B
CLASS="COMMAND"
>ls /smb
</B
> will show a list of workgroups. The command
<B
CLASS="COMMAND"
>ls /smb/MYGROUP </B
> will show all the machines in
operating system.
</p><pre class="programlisting">
<tt class="prompt">system% </tt><b class="userinput"><tt>smbsh</tt></b>
<tt class="prompt">Username: </tt><b class="userinput"><tt>user</tt></b>
<tt class="prompt">Password: </tt><b class="userinput"><tt>XXXXXXX</tt></b>
</pre><p>Any dynamically linked command you execute from
this shell will access the <tt class="filename">/smb</tt> directory
using the smb protocol. For example, the command <b class="command">ls /smb
</b> will show a list of workgroups. The command
<b class="command">ls /smb/MYGROUP </b> will show all the machines in
the workgroup MYGROUP. The command
<B
CLASS="COMMAND"
>ls /smb/MYGROUP/&#60;machine-name&#62;</B
> will show the share
names for that machine. You could then, for example, use the <B
CLASS="COMMAND"
> cd</B
> command to change directories, <B
CLASS="COMMAND"
>vi</B
> to
edit files, and <B
CLASS="COMMAND"
>rcp</B
> to copy files.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN112"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN115"
></A
><H2
>BUGS</H2
><P
><B
CLASS="COMMAND"
>smbsh</B
> works by intercepting the standard
libc calls with the dynamically loaded versions in <TT
CLASS="FILENAME"
> smbwrapper.o</TT
>. Not all calls have been "wrapped", so
some programs may not function correctly under <B
CLASS="COMMAND"
>smbsh
</B
>.</P
><P
>Programs which are not dynamically linked cannot make
use of <B
CLASS="COMMAND"
>smbsh</B
>'s functionality. Most versions
of UNIX have a <B
CLASS="COMMAND"
>file</B
> command that will
describe how a program was linked.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN124"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
<A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN130"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
<b class="command">ls /smb/MYGROUP/&lt;machine-name&gt;</b> will show the share
names for that machine. You could then, for example, use the <b class="command">
cd</b> command to change directories, <b class="command">vi</b> to
edit files, and <b class="command">rcp</b> to copy files.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>BUGS</h2><p><b class="command">smbsh</b> works by intercepting the standard
libc calls with the dynamically loaded versions in <tt class="filename">
smbwrapper.o</tt>. Not all calls have been &quot;wrapped&quot;, so
some programs may not function correctly under <b class="command">smbsh
</b>.</p><p>Programs which are not dynamically linked cannot make
use of <b class="command">smbsh</b>'s functionality. Most versions
of UNIX have a <b class="command">file</b> command that will
describe how a program was linked.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

232
docs/htmldocs/smbspool.8.html
View File

@ -1,227 +1,35 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbspool</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBSPOOL"
></A
>smbspool</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbspool&nbsp;--&nbsp;send a print file to an SMB printer</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbspool</B
> [job] [user] [title] [copies] [options] [filename]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN17"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>smbspool is a very small print spooling program that
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbspool</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbspool.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbspool &#8212; send a print file to an SMB printer</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbspool</tt> {job} {user} {title} {copies} {options} [filename]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>smbspool is a very small print spooling program that
sends a print file to an SMB printer. The command-line arguments
are position-dependent for compatibility with the Common UNIX
Printing System, but you can use smbspool with any printing system
or from a program or script.</P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>DEVICE URI</I
></SPAN
></P
><P
>smbspool specifies the destination using a Uniform Resource
Identifier ("URI") with a method of "smb". This string can take
a number of forms:</P
><P
></P
><UL
><LI
><P
>smb://server/printer</P
></LI
><LI
><P
>smb://workgroup/server/printer</P
></LI
><LI
><P
>smb://username:password@server/printer</P
></LI
><LI
><P
>smb://username:password@workgroup/server/printer
</P
></LI
></UL
><P
>smbspool tries to get the URI from argv[0]. If argv[0]
contains the name of the program then it looks in the <TT
CLASS="ENVAR"
> DEVICE_URI</TT
> environment variable.</P
><P
>Programs using the <B
CLASS="COMMAND"
>exec(2)</B
> functions can
or from a program or script.</p><p><span class="emphasis"><em>DEVICE URI</em></span></p><p>smbspool specifies the destination using a Uniform Resource
Identifier (&quot;URI&quot;) with a method of &quot;smb&quot;. This string can take
a number of forms:</p><div class="itemizedlist"><ul type="disc"><li><p>smb://server/printer</p></li><li><p>smb://workgroup/server/printer</p></li><li><p>smb://username:password@server/printer</p></li><li><p>smb://username:password@workgroup/server/printer</p></li></ul></div><p>smbspool tries to get the URI from argv[0]. If argv[0]
contains the name of the program then it looks in the <tt class="envar">
DEVICE_URI</tt> environment variable.</p><p>Programs using the <b class="command">exec(2)</b> functions can
pass the URI in argv[0], while shell scripts must set the
<TT
CLASS="ENVAR"
>DEVICE_URI</TT
> environment variable prior to
running smbspool.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN39"
></A
><H2
>OPTIONS</H2
><P
></P
><UL
><LI
><P
>The job argument (argv[1]) contains the
<tt class="envar">DEVICE_URI</tt> environment variable prior to
running smbspool.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="itemizedlist"><ul type="disc"><li><p>The job argument (argv[1]) contains the
job ID number and is presently not used by smbspool.
</P
></LI
><LI
><P
>The user argument (argv[2]) contains the
</p></li><li><p>The user argument (argv[2]) contains the
print user's name and is presently not used by smbspool.
</P
></LI
><LI
><P
>The title argument (argv[3]) contains the
</p></li><li><p>The title argument (argv[3]) contains the
job title string and is passed as the remote file name
when sending the print job.</P
></LI
><LI
><P
>The copies argument (argv[4]) contains
when sending the print job.</p></li><li><p>The copies argument (argv[4]) contains
the number of copies to be printed of the named file. If
no filename is provided then this argument is not used by
smbspool.</P
></LI
><LI
><P
>The options argument (argv[5]) contains
smbspool.</p></li><li><p>The options argument (argv[5]) contains
the print options in a single string and is currently
not used by smbspool.</P
></LI
><LI
><P
>The filename argument (argv[6]) contains the
not used by smbspool.</p></li><li><p>The filename argument (argv[6]) contains the
name of the file to print. If this argument is not specified
then the print file is read from the standard input.</P
></LI
></UL
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN54"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN57"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
and <A
HREF="samba.7.html"
TARGET="_top"
>samba(7)</A
>.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN63"
></A
><H2
>AUTHOR</H2
><P
><B
CLASS="COMMAND"
>smbspool</B
> was written by Michael Sweet
at Easy Software Products.</P
><P
>The original Samba software and related utilities
then the print file is read from the standard input.</p></li></ul></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p><b class="command">smbspool</b> was written by Michael Sweet
at Easy Software Products.</p><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

257
docs/htmldocs/smbstatus.1.html
View File

@ -1,223 +1,44 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbstatus</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBSTATUS"
></A
>smbstatus</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbstatus&nbsp;--&nbsp;report on current Samba connections</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbstatus</B
> [-P] [-b] [-d &lt;debug level&gt;] [-v] [-L] [-B] [-p] [-S] [-s &lt;configuration file&gt;] [-u &lt;username&gt;]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN21"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>smbstatus</B
> is a very simple program to
list the current Samba connections.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN27"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-P|--profile</DT
><DD
><P
>If samba has been compiled with the
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbstatus</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbstatus.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbstatus &#8212; report on current Samba connections</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbstatus</tt> [-P] [-b] [-d &lt;debug level&gt;] [-v] [-L] [-B] [-p] [-S] [-s &lt;configuration file&gt;] [-u &lt;username&gt;]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbstatus</b> is a very simple program to
list the current Samba connections.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-P|--profile</span></dt><dd><p>If samba has been compiled with the
profiling option, print only the contents of the profiling
shared memory area.</P
></DD
><DT
>-b|--brief</DT
><DD
><P
>gives brief output.</P
></DD
><DT
>-d|--debug=&lt;debuglevel&gt;</DT
><DD
><P
>sets debugging to specified level</P
></DD
><DT
>-v|--verbose</DT
><DD
><P
>gives verbose output.</P
></DD
><DT
>-L|--locks</DT
><DD
><P
>causes smbstatus to only list locks.</P
></DD
><DT
>-B|--byterange</DT
><DD
><P
>causes smbstatus to include byte range locks.
</P
></DD
><DT
>-p|--processes</DT
><DD
><P
>print a list of <A
HREF="smbd.8.html"
TARGET="_top"
> <B
CLASS="COMMAND"
>smbd(8)</B
></A
> processes and exit.
Useful for scripting.</P
></DD
><DT
>-S|--shares</DT
><DD
><P
>causes smbstatus to only list shares.</P
></DD
><DT
>-s|--conf=&lt;configuration file&gt;</DT
><DD
><P
>The default configuration file name is
determined at compile time. The file specified contains the
configuration details required by the server. See <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
>
</A
> for more information.</P
></DD
><DT
>-u|--user=&lt;username&gt;</DT
><DD
><P
>selects information relevant to
<TT
CLASS="PARAMETER"
><I
>username</I
></TT
> only.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN75"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN78"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
> and
<A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
>.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN84"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
shared memory area.</p></dd><dt><span class="term">-b|--brief</span></dt><dd><p>gives brief output.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd><dt><span class="term">-v|--verbose</span></dt><dd><p>gives verbose output.</p></dd><dt><span class="term">-L|--locks</span></dt><dd><p>causes smbstatus to only list locks.</p></dd><dt><span class="term">-B|--byterange</span></dt><dd><p>causes smbstatus to include byte range locks.
</p></dd><dt><span class="term">-p|--processes</span></dt><dd><p>print a list of <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes and exit.
Useful for scripting.</p></dd><dt><span class="term">-S|--shares</span></dt><dd><p>causes smbstatus to only list shares.</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-u|--user=&lt;username&gt;</span></dt><dd><p>selects information relevant to
<i class="parameter"><tt>username</tt></i> only.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

375
docs/htmldocs/smbtar.1.html
View File

@ -1,356 +1,39 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbtar</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBTAR"
></A
>smbtar</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbtar&nbsp;--&nbsp;shell script for backing up SMB/CIFS shares
directly to UNIX tape drives</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbtar</B
> {-s server} [-p password] [-x services] [-X] [-d directory] [-u user] [-t tape] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l loglevel] [-v] {filenames}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>smbtar</B
> is a very small shell script on top
of <A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)</B
></A
>
which dumps SMB shares directly to tape. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN34"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-s server</DT
><DD
><P
>The SMB/CIFS server that the share resides
upon.</P
></DD
><DT
>-x service</DT
><DD
><P
>The share name on the server to connect to.
The default is "backup".</P
></DD
><DT
>-X</DT
><DD
><P
>Exclude mode. Exclude filenames... from tar
create or restore. </P
></DD
><DT
>-d directory</DT
><DD
><P
>Change to initial <TT
CLASS="PARAMETER"
><I
>directory
</I
></TT
> before restoring / backing up files. </P
></DD
><DT
>-v</DT
><DD
><P
>Verbose mode.</P
></DD
><DT
>-p password</DT
><DD
><P
>The password to use to access a share.
Default: none </P
></DD
><DT
>-u user</DT
><DD
><P
>The user id to connect as. Default:
UNIX login name. </P
></DD
><DT
>-t tape</DT
><DD
><P
>Tape device. May be regular file or tape
device. Default: <TT
CLASS="PARAMETER"
><I
>$TAPE</I
></TT
> environmental
variable; if not set, a file called <TT
CLASS="FILENAME"
>tar.out
</TT
>. </P
></DD
><DT
>-b blocksize</DT
><DD
><P
>Blocking factor. Defaults to 20. See
<B
CLASS="COMMAND"
>tar(1)</B
> for a fuller explanation. </P
></DD
><DT
>-N filename</DT
><DD
><P
>Backup only files newer than filename. Could
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbtar</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbtar.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbtar &#8212; shell script for backing up SMB/CIFS shares
directly to UNIX tape drives</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbtar</tt> [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbtar</b> is a very small shell script on top
of <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a> which dumps SMB shares directly to tape.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-s server</span></dt><dd><p>The SMB/CIFS server that the share resides
upon.</p></dd><dt><span class="term">-x service</span></dt><dd><p>The share name on the server to connect to.
The default is &quot;backup&quot;.</p></dd><dt><span class="term">-X</span></dt><dd><p>Exclude mode. Exclude filenames... from tar
create or restore. </p></dd><dt><span class="term">-d directory</span></dt><dd><p>Change to initial <i class="parameter"><tt>directory
</tt></i> before restoring / backing up files. </p></dd><dt><span class="term">-v</span></dt><dd><p>Verbose mode.</p></dd><dt><span class="term">-p password</span></dt><dd><p>The password to use to access a share.
Default: none </p></dd><dt><span class="term">-u user</span></dt><dd><p>The user id to connect as. Default:
UNIX login name. </p></dd><dt><span class="term">-a</span></dt><dd><p>Reset DOS archive bit mode to
indicate file has been archived. </p></dd><dt><span class="term">-t tape</span></dt><dd><p>Tape device. May be regular file or tape
device. Default: <i class="parameter"><tt>$TAPE</tt></i> environmental
variable; if not set, a file called <tt class="filename">tar.out
</tt>. </p></dd><dt><span class="term">-b blocksize</span></dt><dd><p>Blocking factor. Defaults to 20. See
<b class="command">tar(1)</b> for a fuller explanation. </p></dd><dt><span class="term">-N filename</span></dt><dd><p>Backup only files newer than filename. Could
be used (for example) on a log file to implement incremental
backups. </P
></DD
><DT
>-i</DT
><DD
><P
>Incremental mode; tar files are only backed
backups. </p></dd><dt><span class="term">-i</span></dt><dd><p>Incremental mode; tar files are only backed
up if they have the archive bit set. The archive bit is reset
after each file is read. </P
></DD
><DT
>-r</DT
><DD
><P
>Restore. Files are restored to the share
from the tar file. </P
></DD
><DT
>-l log level</DT
><DD
><P
>Log (debug) level. Corresponds to the
<TT
CLASS="PARAMETER"
><I
>-d</I
></TT
> flag of <B
CLASS="COMMAND"
>smbclient(1)
</B
>. </P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN95"
></A
><H2
>ENVIRONMENT VARIABLES</H2
><P
>The <TT
CLASS="PARAMETER"
><I
>$TAPE</I
></TT
> variable specifies the
after each file is read. </p></dd><dt><span class="term">-r</span></dt><dd><p>Restore. Files are restored to the share
from the tar file. </p></dd><dt><span class="term">-l log level</span></dt><dd><p>Log (debug) level. Corresponds to the
<i class="parameter"><tt>-d</tt></i> flag of <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>ENVIRONMENT VARIABLES</h2><p>The <i class="parameter"><tt>$TAPE</tt></i> variable specifies the
default tape device to write to. May be overridden
with the -t option. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN99"
></A
><H2
>BUGS</H2
><P
>The <B
CLASS="COMMAND"
>smbtar</B
> script has different
options from ordinary tar and from smbclient's tar command. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN103"
></A
><H2
>CAVEATS</H2
><P
>Sites that are more careful about security may not like
with the -t option. </p></div><div class="refsect1" lang="en"><h2>BUGS</h2><p>The <b class="command">smbtar</b> script has different
options from ordinary tar and from smbclient's tar command. </p></div><div class="refsect1" lang="en"><h2>CAVEATS</h2><p>Sites that are more careful about security may not like
the way the script handles PC passwords. Backup and restore work
on entire shares; should work on file lists. smbtar works best
with GNU tar and may not work well with other versions. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN106"
></A
><H2
>DIAGNOSTICS</H2
><P
>See the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>DIAGNOSTICS</I
></SPAN
> section for the
<A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)</B
>
</A
> command.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN112"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN115"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
<A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)</B
></A
>,
<A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
>,
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN123"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
with GNU tar and may not work well with other versions. </p></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>See the <span class="emphasis"><em>DIAGNOSTICS</em></span> section for the <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a> command.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
><A
HREF="mailto:poultenr@logica.co.uk"
TARGET="_top"
>Ricky Poulten</A
>
wrote the tar extension and this man page. The <B
CLASS="COMMAND"
>smbtar</B
>
script was heavily rewritten and improved by <A
HREF="mailto:Martin.Kraemer@mch.sni.de"
TARGET="_top"
>Martin Kraemer</A
>. Many
to the way the Linux kernel is developed.</p><p><a href="mailto:poultenr@logica.co.uk" target="_top">Ricky Poulten</a>
wrote the tar extension and this man page. The <b class="command">smbtar</b>
script was heavily rewritten and improved by <a href="mailto:Martin.Kraemer@mch.sni.de" target="_top">Martin Kraemer</a>. Many
thanks to everyone who suggested extensions, improvements, bug
fixes, etc. The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter.</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

145
docs/htmldocs/smbumount.8.html
View File

@ -1,141 +1,16 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbumount</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBUMOUNT"
></A
>smbumount</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbumount&nbsp;--&nbsp;smbfs umount for normal users</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbumount</B
> {mount-point}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN12"
></A
><H2
>DESCRIPTION</H2
><P
>With this program, normal users can unmount smb-filesystems,
provided that it is suid root. <B
CLASS="COMMAND"
>smbumount</B
> has
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbumount</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbumount.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbumount &#8212; smbfs umount for normal users</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbumount</tt> {mount-point}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>With this program, normal users can unmount smb-filesystems,
provided that it is suid root. <b class="command">smbumount</b> has
been written to give normal Linux users more control over their
resources. It is safe to install this program suid root, because only
the user who has mounted a filesystem is allowed to unmount it again.
For root it is not necessary to use smbumount. The normal umount
program works perfectly well, but it would certainly be problematic
to make umount setuid root.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN16"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>mount-point</DT
><DD
><P
>The directory to unmount.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN23"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbmount.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbmount(8)</B
>
</A
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN28"
></A
><H2
>AUTHOR</H2
><P
>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.</P
><P
>The current maintainer of smbfs and the userspace
tools <B
CLASS="COMMAND"
>smbmount</B
>, <B
CLASS="COMMAND"
>smbumount</B
>,
and <B
CLASS="COMMAND"
>smbmnt</B
> is <A
HREF="mailto:urban@teststation.com"
TARGET="_top"
>Urban Widmark</A
>.
The <A
HREF="mailto:samba@samba.org"
TARGET="_top"
>SAMBA Mailing list</A
>
to make umount setuid root.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">mount-point</span></dt><dd><p>The directory to unmount.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.</p><p>The current maintainer of smbfs and the userspace
tools <b class="command">smbmount</b>, <b class="command">smbumount</b>,
and <b class="command">smbmnt</b> is <a href="mailto:urban@teststation.com" target="_top">Urban Widmark</a>.
The <a href="mailto:samba@samba.org" target="_top">SAMBA Mailing list</a>
is the preferred place to ask questions regarding these programs.
</P
><P
>The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter</P
></DIV
></BODY
></HTML
>
</p><p>The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
was done by Alexander Bokovoy.</p></div></div></body></html>

504
docs/htmldocs/speed.html
View File

@ -1,419 +1,143 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Samba performance issues</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Group mapping HOWTO"
HREF="groupmapping.html"><LINK
REL="NEXT"
TITLE="Appendixes"
HREF="appendixes.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="groupmapping.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="appendixes.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="SPEED">Chapter 22. Samba performance issues</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3055">22.1. Comparisons</H1
><P
>The Samba server uses TCP to talk to the client. Thus if you are
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 39. Samba Performance Tuning</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part VI. Appendixes"><link rel="previous" href="Other-Clients.html" title="Chapter 38. Samba and other CIFS clients"><link rel="next" href="DNSDHCP.html" title="Chapter 40. DNS and DHCP Configuration Guide"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 39. Samba Performance Tuning</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Other-Clients.html">Prev</a> </td><th width="60%" align="center">Part VI. Appendixes</th><td width="20%" align="right"> <a accesskey="n" href="DNSDHCP.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="speed"></a>Chapter 39. Samba Performance Tuning</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Paul</span> <span class="surname">Cochrane</span></h3><div class="affiliation"><span class="orgname">Dundee Limb Fitting Centre<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:paulc@dth.scot.nhs.uk">paulc@dth.scot.nhs.uk</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="speed.html#id3018190">Comparisons</a></dt><dt><a href="speed.html#id3018235">Socket options</a></dt><dt><a href="speed.html#id3018310">Read size</a></dt><dt><a href="speed.html#id3018354">Max xmit</a></dt><dt><a href="speed.html#id3018407">Log level</a></dt><dt><a href="speed.html#id3018430">Read raw</a></dt><dt><a href="speed.html#id3018486">Write raw</a></dt><dt><a href="speed.html#id3018528">Slow Logins</a></dt><dt><a href="speed.html#id3018550">LDAP</a></dt><dt><a href="speed.html#id3018575">Client tuning</a></dt><dt><a href="speed.html#id3018601">Samba performance problem due changing kernel</a></dt><dt><a href="speed.html#id3018632">Corrupt tdb Files</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018190"></a>Comparisons</h2></div></div><div></div></div><p>
The Samba server uses TCP to talk to the client. Thus if you are
trying to see if it performs well you should really compare it to
programs that use the same protocol. The most readily available
programs for file transfer that use TCP are ftp or another TCP based
SMB server.</P
><P
>If you want to test against something like a NT or WfWg server then
SMB server.
</p><p>
If you want to test against something like a NT or WfWg server then
you will have to disable all but TCP on either the client or
server. Otherwise you may well be using a totally different protocol
(such as Netbeui) and comparisons may not be valid.</P
><P
>Generally you should find that Samba performs similarly to ftp at raw
(such as Netbeui) and comparisons may not be valid.
</p><p>
Generally you should find that Samba performs similarly to ftp at raw
transfer speed. It should perform quite a bit faster than NFS,
although this very much depends on your system.</P
><P
>Several people have done comparisons between Samba and Novell, NFS or
although this very much depends on your system.
</p><p>
Several people have done comparisons between Samba and Novell, NFS or
WinNT. In some cases Samba performed the best, in others the worst. I
suspect the biggest factor is not Samba vs some other system but the
hardware and drivers used on the various systems. Given similar
hardware Samba should certainly be competitive in speed with other
systems.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3061">22.2. Socket options</H1
><P
>There are a number of socket options that can greatly affect the
performance of a TCP based server like Samba.</P
><P
>The socket options that Samba uses are settable both on the command
line with the -O option, or in the smb.conf file.</P
><P
>The "socket options" section of the smb.conf manual page describes how
to set these and gives recommendations.</P
><P
>Getting the socket options right can make a big difference to your
systems.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018235"></a>Socket options</h2></div></div><div></div></div><p>
There are a number of socket options that can greatly affect the
performance of a TCP based server like Samba.
</p><p>
The socket options that Samba uses are settable both on the command
line with the <tt class="option">-O</tt> option, or in the <tt class="filename">smb.conf</tt> file.
</p><p>
The <i class="parameter"><tt>socket options</tt></i> section of the <tt class="filename">smb.conf</tt> manual page describes how
to set these and gives recommendations.
</p><p>
Getting the socket options right can make a big difference to your
performance, but getting them wrong can degrade it by just as
much. The correct settings are very dependent on your local network.</P
><P
>The socket option TCP_NODELAY is the one that seems to make the
much. The correct settings are very dependent on your local network.
</p><p>
The socket option TCP_NODELAY is the one that seems to make the
biggest single difference for most networks. Many people report that
adding "socket options = TCP_NODELAY" doubles the read performance of
a Samba drive. The best explanation I have seen for this is that the
Microsoft TCP/IP stack is slow in sending tcp ACKs.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3068">22.3. Read size</H1
><P
>The option "read size" affects the overlap of disk reads/writes with
network reads/writes. If the amount of data being transferred in
several of the SMB commands (currently SMBwrite, SMBwriteX and
adding <i class="parameter"><tt>socket options = TCP_NODELAY</tt></i> doubles the read
performance of a Samba drive. The best explanation I have seen for this is
that the Microsoft TCP/IP stack is slow in sending tcp ACKs.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018310"></a>Read size</h2></div></div><div></div></div><p>
The option <i class="parameter"><tt>read size</tt></i> affects the overlap of disk
reads/writes with network reads/writes. If the amount of data being
transferred in several of the SMB commands (currently SMBwrite, SMBwriteX and
SMBreadbraw) is larger than this value then the server begins writing
the data before it has received the whole packet from the network, or
in the case of SMBreadbraw, it begins writing to the network before
all the data has been read from disk.</P
><P
>This overlapping works best when the speeds of disk and network access
all the data has been read from disk.
</p><p>
This overlapping works best when the speeds of disk and network access
are similar, having very little effect when the speed of one is much
greater than the other.</P
><P
>The default value is 16384, but very little experimentation has been
greater than the other.
</p><p>
The default value is 16384, but very little experimentation has been
done yet to determine the optimal value, and it is likely that the best
value will vary greatly between systems anyway. A value over 65536 is
pointless and will cause you to allocate memory unnecessarily.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3073">22.4. Max xmit</H1
><P
>At startup the client and server negotiate a "maximum transmit" size,
pointless and will cause you to allocate memory unnecessarily.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018354"></a>Max xmit</h2></div></div><div></div></div><p>
At startup the client and server negotiate a <i class="parameter"><tt>maximum transmit</tt></i> size,
which limits the size of nearly all SMB commands. You can set the
maximum size that Samba will negotiate using the "max xmit = " option
in smb.conf. Note that this is the maximum size of SMB request that
maximum size that Samba will negotiate using the <i class="parameter"><tt>max xmit = </tt></i> option
in <tt class="filename">smb.conf</tt>. Note that this is the maximum size of SMB requests that
Samba will accept, but not the maximum size that the *client* will accept.
The client maximum receive size is sent to Samba by the client and Samba
honours this limit.</P
><P
>It defaults to 65536 bytes (the maximum), but it is possible that some
honours this limit.
</p><p>
It defaults to 65536 bytes (the maximum), but it is possible that some
clients may perform better with a smaller transmit unit. Trying values
of less than 2048 is likely to cause severe problems.</P
><P
>In most cases the default is the best option.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3078">22.5. Log level</H1
><P
>If you set the log level (also known as "debug level") higher than 2
of less than 2048 is likely to cause severe problems.
</p><p>
In most cases the default is the best option.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018407"></a>Log level</h2></div></div><div></div></div><p>
If you set the log level (also known as <i class="parameter"><tt>debug level</tt></i>) higher than 2
then you may suffer a large drop in performance. This is because the
server flushes the log file after each operation, which can be very
expensive. </P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3081">22.6. Read raw</H1
><P
>The "read raw" operation is designed to be an optimised, low-latency
expensive.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018430"></a>Read raw</h2></div></div><div></div></div><p>
The <i class="parameter"><tt>read raw</tt></i> operation is designed to be an optimised, low-latency
file read operation. A server may choose to not support it,
however. and Samba makes support for "read raw" optional, with it
being enabled by default.</P
><P
>In some cases clients don't handle "read raw" very well and actually
however. and Samba makes support for <i class="parameter"><tt>read raw</tt></i> optional, with it
being enabled by default.
</p><p>
In some cases clients don't handle <i class="parameter"><tt>read raw</tt></i> very well and actually
get lower performance using it than they get using the conventional
read operations. </P
><P
>So you might like to try "read raw = no" and see what happens on your
read operations.
</p><p>
So you might like to try <i class="parameter"><tt>read raw = no</tt></i> and see what happens on your
network. It might lower, raise or not affect your performance. Only
testing can really tell.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3086">22.7. Write raw</H1
><P
>The "write raw" operation is designed to be an optimised, low-latency
testing can really tell.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018486"></a>Write raw</h2></div></div><div></div></div><p>
The <i class="parameter"><tt>write raw</tt></i> operation is designed to be an optimised, low-latency
file write operation. A server may choose to not support it,
however. and Samba makes support for "write raw" optional, with it
being enabled by default.</P
><P
>Some machines may find "write raw" slower than normal write, in which
case you may wish to change this option.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3090">22.8. Slow Clients</H1
><P
>One person has reported that setting the protocol to COREPLUS rather
than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
><P
>I suspect that his PC's (386sx16 based) were asking for more data than
they could chew. I suspect a similar speed could be had by setting
"read raw = no" and "max xmit = 2048", instead of changing the
protocol. Lowering the "read size" might also help.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3094">22.9. Slow Logins</H1
><P
>Slow logins are almost always due to the password checking time. Using
the lowest practical "password level" will improve things a lot. You
could also enable the "UFC crypt" option in the Makefile.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3097">22.10. Client tuning</H1
><P
>Often a speed problem can be traced to the client. The client (for
however. and Samba makes support for <i class="parameter"><tt>write raw</tt></i> optional, with it
being enabled by default.
</p><p>
Some machines may find <i class="parameter"><tt>write raw</tt></i> slower than normal write, in which
case you may wish to change this option.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018528"></a>Slow Logins</h2></div></div><div></div></div><p>
Slow logins are almost always due to the password checking time. Using
the lowest practical <i class="parameter"><tt>password level</tt></i> will improve things.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018550"></a>LDAP</h2></div></div><div></div></div><p>
LDAP can be vastly improved by using the
<a href="smb.conf.5.html#LDAPTRUSTIDS" target="_top"><i class="parameter"><tt>ldap trust ids</tt></i></a> parameter.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018575"></a>Client tuning</h2></div></div><div></div></div><p>
Often a speed problem can be traced to the client. The client (for
example Windows for Workgroups) can often be tuned for better TCP
performance.</P
><P
>See your client docs for details. In particular, I have heard rumours
that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
large impact on performance.</P
><P
>Also note that some people have found that setting DefaultRcvWindow in
the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
big improvement. I don't know why.</P
><P
>My own experience wth DefaultRcvWindow is that I get much better
performance with a large value (16384 or larger). Other people have
reported that anything over 3072 slows things down enourmously. One
person even reported a speed drop of a factor of 30 when he went from
3072 to 8192. I don't know why.</P
><P
>It probably depends a lot on your hardware, and the type of unix box
you have at the other end of the link.</P
><P
>Paul Cochrane has done some testing on client side tuning and come
to the following conclusions:</P
><P
>Install the W2setup.exe file from www.microsoft.com. This is an
update for the winsock stack and utilities which improve performance.</P
><P
>Configure the win95 TCPIP registry settings to give better
perfomance. I use a program called MTUSPEED.exe which I got off the
net. There are various other utilities of this type freely available.
The setting which give the best performance for me are:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>MaxMTU Remove</P
></LI
><LI
><P
>RWIN Remove</P
></LI
><LI
><P
>MTUAutoDiscover Disable</P
></LI
><LI
><P
>MTUBlackHoleDetect Disable</P
></LI
><LI
><P
>Time To Live Enabled</P
></LI
><LI
><P
>Time To Live - HOPS 32</P
></LI
><LI
><P
>NDI Cache Size 0</P
></LI
></OL
><P
>I tried virtually all of the items mentioned in the document and
the only one which made a difference to me was the socket options. It
turned out I was better off without any!!!!!</P
><P
>In terms of overall speed of transfer, between various win95 clients
and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE
drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>The figures are: Put Get
P166 client 3Com card: 420-440kB/s 500-520kB/s
P100 client 3Com card: 390-410kB/s 490-510kB/s
DX4-75 client NE2000: 370-380kB/s 330-350kB/s</PRE
></P
><P
>I based these test on transfer two files a 4.5MB text file and a 15MB
textfile. The results arn't bad considering the hardware Samba is
running on. It's a crap machine!!!!</P
><P
>The updates mentioned in 1 and 2 brought up the transfer rates from
just over 100kB/s in some clients.</P
><P
>A new client is a P333 connected via a 100MB/s card and hub. The
transfer rates from this were good: 450-500kB/s on put and 600+kB/s
on get.</P
><P
>Looking at standard FTP throughput, Samba is a bit slower (100kB/s
upwards). I suppose there is more going on in the samba protocol, but
if it could get up to the rate of FTP the perfomance would be quite
staggering.</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="groupmapping.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Group mapping HOWTO</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Appendixes</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
performance. Check the sections on the various clients in
<a href="Other-Clients.html" title="Chapter 38. Samba and other CIFS clients">Samba and Other Clients</a>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018601"></a>Samba performance problem due changing kernel</h2></div></div><div></div></div><p>
Hi everyone. I am running Gentoo on my server and samba 2.2.8a. Recently
I changed kernel version from linux-2.4.19-gentoo-r10 to
linux-2.4.20-wolk4.0s. And now I have performance issue with samba. Ok
many of you will probably say that move to vanilla sources...well I ried
it too and it didn't work. I have 100mb LAN and two computers (linux +
Windows2000). Linux server shares directory with DivX files, client
(windows2000) plays them via LAN. Before when I was running 2.4.19 kernel
everything was fine, but now movies freezes and stops...I tried moving
files between server and Windows and it's trerribly slow.
</p><p>
Grab mii-tool and check the duplex settings on the NIC.
My guess is that it is a link layer issue, not an application
layer problem. Also run ifconfig and verify that the framing
error, collisions, etc... look normal for ethernet.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018632"></a>Corrupt tdb Files</h2></div></div><div></div></div><p>
Well today it happend, our first major problem using samba.
Our samba PDC server has been hosting 3 TB of data to our 500+ users
[Windows NT/XP] for the last 3 years using samba, no problem.
But today all shares went SLOW; very slow. Also the main smbd kept
spawning new processes so we had 1600+ running smbd's (normally we avg. 250).
It crashed the SUN E3500 cluster twice. After alot of searching I
decided to <b class="command">rm /var/locks/*.tbl</b>. Happy again.
</p><p>
Q1) Is there any method of keeping the *.tbl files in top condition or
how to early detect corruption?
</p><p>
A1) Yes, run <b class="command">tdbbackup</b> each time after stoping nmbd and before starting nmbd.
</p><p>
Q2) What I also would like to mention is that the service latency seems
alot lower then before the locks cleanup, any ideas on keeping it top notch?
</p><p>
A2) Yes! Samba answer as for Q1!
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Other-Clients.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Appendixes.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="DNSDHCP.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 38. Samba and other CIFS clients </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 40. DNS and DHCP Configuration Guide</td></tr></table></div></body></html>

486
docs/htmldocs/swat.8.html
View File

@ -1,425 +1,87 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>swat</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SWAT"
></A
>swat</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>swat&nbsp;--&nbsp;Samba Web Administration Tool</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>swat</B
> [-s &lt;smb config file&gt;] [-a]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN13"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>swat</B
> allows a Samba administrator to
configure the complex <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
> smb.conf(5)</TT
></A
> file via a Web browser. In addition,
a <B
CLASS="COMMAND"
>swat</B
> configuration page has help links
to all the configurable options in the <TT
CLASS="FILENAME"
>smb.conf</TT
> file allowing an
administrator to easily look up the effects of any change. </P
><P
><B
CLASS="COMMAND"
>swat</B
> is run from <B
CLASS="COMMAND"
>inetd</B
> </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-s smb configuration file</DT
><DD
><P
>The default configuration file path is
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>swat</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="swat.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>swat &#8212; Samba Web Administration Tool</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">swat</tt> [-s &lt;smb config file&gt;] [-a]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">swat</b> allows a Samba administrator to
configure the complex <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file via a Web browser. In addition,
a <b class="command">swat</b> configuration page has help links
to all the configurable options in the <tt class="filename">smb.conf</tt> file allowing an
administrator to easily look up the effects of any change. </p><p><b class="command">swat</b> is run from <b class="command">inetd</b> </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-s smb configuration file</span></dt><dd><p>The default configuration file path is
determined at compile time. The file specified contains
the configuration details required by the <B
CLASS="COMMAND"
>smbd
</B
> server. This is the file that <B
CLASS="COMMAND"
>swat</B
> will modify.
the configuration details required by the <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> server. This is the file
that <b class="command">swat</b> will modify.
The information in this file includes server-specific
information such as what printcap file to use, as well as
descriptions of all the services that the server is to provide.
See <TT
CLASS="FILENAME"
>smb.conf</TT
> for more information.
</P
></DD
><DT
>-a</DT
><DD
><P
>This option disables authentication and puts
<B
CLASS="COMMAND"
>swat</B
> in demo mode. In that mode anyone will be able to modify
the <TT
CLASS="FILENAME"
>smb.conf</TT
> file. </P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>WARNING: Do NOT enable this option on a production
server. </I
></SPAN
></P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN44"
></A
><H2
>INSTALLATION</H2
><P
>After you compile SWAT you need to run <B
CLASS="COMMAND"
>make install
</B
> to install the <B
CLASS="COMMAND"
>swat</B
> binary
See <tt class="filename">smb.conf</tt> for more information.
</p></dd><dt><span class="term">-a</span></dt><dd><p>This option disables authentication and puts
<b class="command">swat</b> in demo mode. In that mode anyone will be able to modify
the <tt class="filename">smb.conf</tt> file. </p><p><span class="emphasis"><em>WARNING: Do NOT enable this option on a production
server. </em></span></p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>INSTALLATION</h2><p>Swat is included as binary package with most distributions. The
package manager in this case takes care of the installation and
configuration. This section is only for those who have compiled
swat from scratch.
</p><p>After you compile SWAT you need to run <b class="command">make install
</b> to install the <b class="command">swat</b> binary
and the various help files and images. A default install would put
these in: </P
><P
></P
><UL
><LI
><P
>/usr/local/samba/bin/swat</P
></LI
><LI
><P
>/usr/local/samba/swat/images/*</P
></LI
><LI
><P
>/usr/local/samba/swat/help/*</P
></LI
></UL
><DIV
CLASS="REFSECT2"
><A
NAME="AEN56"
></A
><H3
>Inetd Installation</H3
><P
>You need to edit your <TT
CLASS="FILENAME"
>/etc/inetd.conf
</TT
> and <TT
CLASS="FILENAME"
>/etc/services</TT
>
to enable SWAT to be launched via <B
CLASS="COMMAND"
>inetd</B
>.</P
><P
>In <TT
CLASS="FILENAME"
>/etc/services</TT
> you need to
add a line like this: </P
><P
><B
CLASS="COMMAND"
>swat 901/tcp</B
></P
><P
>Note for NIS/YP users - you may need to rebuild the
NIS service maps rather than alter your local <TT
CLASS="FILENAME"
> /etc/services</TT
> file. </P
><P
>the choice of port number isn't really important
these in: </p><div class="itemizedlist"><ul type="disc"><li><p>/usr/local/samba/bin/swat</p></li><li><p>/usr/local/samba/swat/images/*</p></li><li><p>/usr/local/samba/swat/help/*</p></li></ul></div><div class="refsect2" lang="en"><h3>Inetd Installation</h3><p>You need to edit your <tt class="filename">/etc/inetd.conf
</tt> and <tt class="filename">/etc/services</tt>
to enable SWAT to be launched via <b class="command">inetd</b>.</p><p>In <tt class="filename">/etc/services</tt> you need to
add a line like this: </p><p><b class="command">swat 901/tcp</b></p><p>Note for NIS/YP and LDAP users - you may need to rebuild the
NIS service maps rather than alter your local <tt class="filename">
/etc/services</tt> file. </p><p>the choice of port number isn't really important
except that it should be less than 1024 and not currently
used (using a number above 1024 presents an obscure security
hole depending on the implementation details of your
<B
CLASS="COMMAND"
>inetd</B
> daemon). </P
><P
>In <TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
> you should
add a line like this: </P
><P
><B
CLASS="COMMAND"
>swat stream tcp nowait.400 root
/usr/local/samba/bin/swat swat</B
></P
><P
>One you have edited <TT
CLASS="FILENAME"
>/etc/services</TT
>
and <TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
> you need to send a
HUP signal to inetd. To do this use <B
CLASS="COMMAND"
>kill -1 PID
</B
> where PID is the process ID of the inetd daemon. </P
></DIV
><DIV
CLASS="REFSECT2"
><A
NAME="AEN78"
></A
><H3
>Launching</H3
><P
>To launch SWAT just run your favorite web browser and
point it at "http://localhost:901/".</P
><P
>Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be sent
in the clear over the wire. </P
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN82"
></A
><H2
>FILES</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
></DT
><DD
><P
>This file must contain suitable startup
information for the meta-daemon.</P
></DD
><DT
><TT
CLASS="FILENAME"
>/etc/services</TT
></DT
><DD
><P
>This file must contain a mapping of service name
<b class="command">inetd</b> daemon). </p><p>In <tt class="filename">/etc/inetd.conf</tt> you should
add a line like this: </p><p><b class="command">swat stream tcp nowait.400 root
/usr/local/samba/bin/swat swat</b></p><p>One you have edited <tt class="filename">/etc/services</tt>
and <tt class="filename">/etc/inetd.conf</tt> you need to send a
HUP signal to inetd. To do this use <b class="command">kill -1 PID
</b> where PID is the process ID of the inetd daemon. </p></div></div><div class="refsect1" lang="en"><h2>LAUNCHING</h2><p>To launch SWAT just run your favorite web browser and
point it at &quot;http://localhost:901/&quot;.</p><p>Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be sent
in the clear over the wire. </p></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/inetd.conf</tt></span></dt><dd><p>This file must contain suitable startup
information for the meta-daemon.</p></dd><dt><span class="term"><tt class="filename">/etc/services</tt></span></dt><dd><p>This file must contain a mapping of service name
(e.g., swat) to service port (e.g., 901) and protocol type
(e.g., tcp). </P
></DD
><DT
><TT
CLASS="FILENAME"
>/usr/local/samba/lib/smb.conf</TT
></DT
><DD
><P
>This is the default location of the <TT
CLASS="FILENAME"
>smb.conf(5)
</TT
> server configuration file that swat edits. Other
common places that systems install this file are <TT
CLASS="FILENAME"
> /usr/samba/lib/smb.conf</TT
> and <TT
CLASS="FILENAME"
>/etc/smb.conf
</TT
>. This file describes all the services the server
is to make available to clients. </P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN103"
></A
><H2
>WARNINGS</H2
><P
><B
CLASS="COMMAND"
>swat</B
> will rewrite your <TT
CLASS="FILENAME"
>smb.conf
</TT
> file. It will rearrange the entries and delete all
comments, <TT
CLASS="PARAMETER"
><I
>include=</I
></TT
> and <TT
CLASS="PARAMETER"
><I
>copy=
</I
></TT
> options. If you have a carefully crafted <TT
CLASS="FILENAME"
> smb.conf</TT
> then back it up or don't use swat! </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN111"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN114"
></A
><H2
>SEE ALSO</H2
><P
><B
CLASS="COMMAND"
>inetd(5)</B
>,
<A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
<A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN121"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
(e.g., tcp). </p></dd><dt><span class="term"><tt class="filename">/usr/local/samba/lib/smb.conf</tt></span></dt><dd><p>This is the default location of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> server configuration file that swat edits. Other
common places that systems install this file are <tt class="filename">
/usr/samba/lib/smb.conf</tt> and <tt class="filename">/etc/smb.conf
</tt>. This file describes all the services the server
is to make available to clients. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>WARNINGS</h2><p><b class="command">swat</b> will rewrite your <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. It will rearrange the entries and delete all
comments, <i class="parameter"><tt>include=</tt></i> and <i class="parameter"><tt>copy=
</tt></i> options. If you have a carefully crafted <tt class="filename">
smb.conf</tt> then back it up or don't use swat! </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><b class="command">inetd(5)</b>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

331
docs/htmldocs/testparm.1.html
View File

@ -1,316 +1,51 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>testparm</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="TESTPARM">testparm</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>testparm&nbsp;--&nbsp;check an smb.conf configuration file for
internal correctness</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>testparm</B
> [-s] [-h] [-v] [-L &#60;servername&#62;] [-t &#60;encoding&#62;] {config filename} [hostname hostIP]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN18"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>testparm</B
> is a very simple test program
to check an <B
CLASS="COMMAND"
>smbd</B
> configuration file for
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>testparm</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="testparm.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>testparm &#8212; check an smb.conf configuration file for
internal correctness</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">testparm</tt> [-s] [-h] [-v] [-L &lt;servername&gt;] [-t &lt;encoding&gt;] {config filename} [hostname hostIP]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">testparm</b> is a very simple test program
to check an <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> configuration file for
internal correctness. If this program reports no problems, you
can use the configuration file with confidence that <B
CLASS="COMMAND"
>smbd
</B
> will successfully load the configuration file.</P
><P
>Note that this is <I
CLASS="EMPHASIS"
>NOT</I
> a guarantee that
can use the configuration file with confidence that <b class="command">smbd
</b> will successfully load the configuration file.</p><p>Note that this is <span class="emphasis"><em>NOT</em></span> a guarantee that
the services specified in the configuration file will be
available or will operate as expected. </P
><P
>If the optional host name and host IP address are
available or will operate as expected. </p><p>If the optional host name and host IP address are
specified on the command line, this test program will run through
the service entries reporting whether the specified host
has access to each service. </P
><P
>If <B
CLASS="COMMAND"
>testparm</B
> finds an error in the <TT
CLASS="FILENAME"
> smb.conf</TT
> file it returns an exit code of 1 to the calling
has access to each service. </p><p>If <b class="command">testparm</b> finds an error in the <tt class="filename">
smb.conf</tt> file it returns an exit code of 1 to the calling
program, else it returns an exit code of 0. This allows shell scripts
to test the output from <B
CLASS="COMMAND"
>testparm</B
>.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN33"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-s</DT
><DD
><P
>Without this option, <B
CLASS="COMMAND"
>testparm</B
>
to test the output from <b class="command">testparm</b>.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-s</span></dt><dd><p>Without this option, <b class="command">testparm</b>
will prompt for a carriage return after printing the service
names and before dumping the service definitions.</P
></DD
><DT
>-h</DT
><DD
><P
>Print usage message </P
></DD
><DT
>-L servername</DT
><DD
><P
>Sets the value of the %L macro to <TT
CLASS="REPLACEABLE"
><I
>servername</I
></TT
>.
names and before dumping the service definitions.</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-L servername</span></dt><dd><p>Sets the value of the %L macro to <i class="replaceable"><tt>servername</tt></i>.
This is useful for testing include files specified with the
%L macro. </P
></DD
><DT
>-v</DT
><DD
><P
>If this option is specified, testparm
will also output all options that were not used in
<TT
CLASS="FILENAME"
>smb.conf</TT
> and are thus set to
their defaults.</P
></DD
><DT
>-t encoding</DT
><DD
><P
> Output data in specified encoding.
</P
></DD
><DT
>configfilename</DT
><DD
><P
>This is the name of the configuration file
%L macro. </p></dd><dt><span class="term">-v</span></dt><dd><p>If this option is specified, testparm
will also output all options that were not used in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> and are thus set to their defaults.</p></dd><dt><span class="term">-t encoding</span></dt><dd><p>
Output data in specified encoding.
</p></dd><dt><span class="term">configfilename</span></dt><dd><p>This is the name of the configuration file
to check. If this parameter is not present then the
default <TT
CLASS="FILENAME"
>smb.conf</TT
> file will be checked.
</P
></DD
><DT
>hostname</DT
><DD
><P
>If this parameter and the following are
specified, then <B
CLASS="COMMAND"
>testparm</B
> will examine the <TT
CLASS="PARAMETER"
><I
>hosts
allow</I
></TT
> and <TT
CLASS="PARAMETER"
><I
>hosts deny</I
></TT
>
parameters in the <TT
CLASS="FILENAME"
>smb.conf</TT
> file to
default <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file will be checked.
</p></dd><dt><span class="term">hostname</span></dt><dd><p>If this parameter and the following are
specified, then <b class="command">testparm</b> will examine the <i class="parameter"><tt>hosts
allow</tt></i> and <i class="parameter"><tt>hosts deny</tt></i>
parameters in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file to
determine if the hostname with this IP address would be
allowed access to the <B
CLASS="COMMAND"
>smbd</B
> server. If
allowed access to the <b class="command">smbd</b> server. If
this parameter is supplied, the hostIP parameter must also
be supplied.</P
></DD
><DT
>hostIP</DT
><DD
><P
>This is the IP address of the host specified
be supplied.</p></dd><dt><span class="term">hostIP</span></dt><dd><p>This is the IP address of the host specified
in the previous parameter. This address must be supplied
if the hostname parameter is supplied. </P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN77"
></A
><H2
>FILES</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="FILENAME"
>smb.conf</TT
></DT
><DD
><P
>This is usually the name of the configuration
file used by <B
CLASS="COMMAND"
>smbd</B
>.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN86"
></A
><H2
>DIAGNOSTICS</H2
><P
>The program will issue a message saying whether the
if the hostname parameter is supplied. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></span></dt><dd><p>This is usually the name of the configuration
file used by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>The program will issue a message saying whether the
configuration file loaded OK or not. This message may be preceded by
errors and warnings if the file did not load. If the file was
loaded OK, the program then dumps all known service details
to stdout. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN89"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN92"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
>,
<A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN99"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
to stdout. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

265
docs/htmldocs/testprns.1.html
View File

@ -1,253 +1,38 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>testprns</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="TESTPRNS"
></A
>testprns</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>testprns&nbsp;--&nbsp;check printer name for validity with smbd</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>testprns</B
> {printername} [printcapname]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN13"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>testprns</B
> is a very simple test program
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>testprns</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="testprns.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>testprns &#8212; check printer name for validity with smbd</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">testprns</tt> {printername} [printcapname]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">testprns</b> is a very simple test program
to determine whether a given printer name is valid for use in
a service to be provided by <A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
> smbd(8)</B
></A
>. </P
><P
>"Valid" in this context means "can be found in the
printcap specified". This program is very stupid - so stupid in
a service to be provided by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.</p><p>&quot;Valid&quot; in this context means &quot;can be found in the
printcap specified&quot;. This program is very stupid - so stupid in
fact that it would be wisest to always specify the printcap file
to use. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>printername</DT
><DD
><P
>The printer name to validate.</P
><P
>Printer names are taken from the first field in each
to use. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">printername</span></dt><dd><p>The printer name to validate.</p><p>Printer names are taken from the first field in each
record in the printcap file, single printer names and sets
of aliases separated by vertical bars ("|") are recognized.
of aliases separated by vertical bars (&quot;|&quot;) are recognized.
Note that no validation or checking of the printcap syntax is
done beyond that required to extract the printer name. It may
be that the print spooling system is more forgiving or less
forgiving than <B
CLASS="COMMAND"
>testprns</B
>. However, if
<B
CLASS="COMMAND"
>testprns</B
> finds the printer then
<B
CLASS="COMMAND"
>smbd</B
> should do so as well. </P
></DD
><DT
>printcapname</DT
><DD
><P
>This is the name of the printcap file within
which to search for the given printer name. </P
><P
>If no printcap name is specified <B
CLASS="COMMAND"
>testprns
</B
> will attempt to scan the printcap file name
specified at compile time. </P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN39"
></A
><H2
>FILES</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="FILENAME"
>/etc/printcap</TT
></DT
><DD
><P
>This is usually the default printcap
file to scan. See <TT
CLASS="FILENAME"
>printcap (5)</TT
>.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN48"
></A
><H2
>DIAGNOSTICS</H2
><P
>If a printer is found to be valid, the message
"Printer name &lt;printername&gt; is valid" will be
displayed. </P
><P
>If a printer is found to be invalid, the message
"Printer name &lt;printername&gt; is not valid" will be
displayed. </P
><P
>All messages that would normally be logged during
forgiving than <b class="command">testprns</b>. However, if
<b class="command">testprns</b> finds the printer then <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> should do so as well. </p></dd><dt><span class="term">printcapname</span></dt><dd><p>This is the name of the printcap file within
which to search for the given printer name. </p><p>If no printcap name is specified <b class="command">testprns
</b> will attempt to scan the printcap file name
specified at compile time. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/printcap</tt></span></dt><dd><p>This is usually the default printcap
file to scan. See <tt class="filename">printcap (5)</tt>.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>If a printer is found to be valid, the message
&quot;Printer name &lt;printername&gt; is valid&quot; will be
displayed. </p><p>If a printer is found to be invalid, the message
&quot;Printer name &lt;printername&gt; is not valid&quot; will be
displayed. </p><p>All messages that would normally be logged during
operation of the Samba daemons are logged by this program to the
file <TT
CLASS="FILENAME"
>test.log</TT
> in the current directory. The
file <tt class="filename">test.log</tt> in the current directory. The
program runs at debuglevel 3, so quite extensive logging
information is written. The log should be checked carefully
for errors and warnings. </P
><P
>Other messages are self-explanatory. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN55"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN58"
></A
><H2
>SEE ALSO</H2
><P
><TT
CLASS="FILENAME"
>printcap(5)</TT
>,
<A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
<A
HREF="smbclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbclient(1)</B
></A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN66"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
for errors and warnings. </p><p>Other messages are self-explanatory. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><tt class="filename">printcap(5)</tt>,
<a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

398
docs/htmldocs/type.html
View File

@ -1,389 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Type of installation</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="PREVIOUS"
TITLE="LanMan and NT Password Encryption in Samba"
HREF="pwencrypt.html"><LINK
REL="NEXT"
TITLE="User and Share security level (for servers not in a domain)"
HREF="securitylevels.html"></HEAD
><BODY
CLASS="PART"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="pwencrypt.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="securitylevels.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="PART"
><A
NAME="TYPE"><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
>II. Type of installation</H1
><DIV
CLASS="PARTINTRO"
><A
NAME="AEN531"><H1
>Introduction</H1
><P
>Samba can operate in various SMB networks. This part contains information on configuring samba
for various environments.</P
></DIV
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>5. <A
HREF="securitylevels.html"
>User and Share security level (for servers not in a domain)</A
></DT
><DT
>6. <A
HREF="samba-pdc.html"
>How to Configure Samba as a NT4 Primary Domain Controller</A
></DT
><DD
><DL
><DT
>6.1. <A
HREF="samba-pdc.html#AEN575"
>Prerequisite Reading</A
></DT
><DT
>6.2. <A
HREF="samba-pdc.html#AEN581"
>Background</A
></DT
><DT
>6.3. <A
HREF="samba-pdc.html#AEN620"
>Configuring the Samba Domain Controller</A
></DT
><DT
>6.4. <A
HREF="samba-pdc.html#AEN663"
>Creating Machine Trust Accounts and Joining Clients to the
Domain</A
></DT
><DD
><DL
><DT
>6.4.1. <A
HREF="samba-pdc.html#AEN682"
>Manual Creation of Machine Trust Accounts</A
></DT
><DT
>6.4.2. <A
HREF="samba-pdc.html#AEN723"
>"On-the-Fly" Creation of Machine Trust Accounts</A
></DT
><DT
>6.4.3. <A
HREF="samba-pdc.html#AEN732"
>Joining the Client to the Domain</A
></DT
></DL
></DD
><DT
>6.5. <A
HREF="samba-pdc.html#AEN747"
>Common Problems and Errors</A
></DT
><DT
>6.6. <A
HREF="samba-pdc.html#AEN795"
>System Policies and Profiles</A
></DT
><DT
>6.7. <A
HREF="samba-pdc.html#AEN839"
>What other help can I get?</A
></DT
><DT
>6.8. <A
HREF="samba-pdc.html#AEN953"
>Domain Control for Windows 9x/ME</A
></DT
><DD
><DL
><DT
>6.8.1. <A
HREF="samba-pdc.html#AEN979"
>Configuration Instructions: Network Logons</A
></DT
><DT
>6.8.2. <A
HREF="samba-pdc.html#AEN998"
>Configuration Instructions: Setting up Roaming User Profiles</A
></DT
></DL
></DD
><DT
>6.9. <A
HREF="samba-pdc.html#AEN1091"
>DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
></DT
></DL
></DD
><DT
>7. <A
HREF="samba-bdc.html"
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
></DT
><DD
><DL
><DT
>7.1. <A
HREF="samba-bdc.html#AEN1127"
>Prerequisite Reading</A
></DT
><DT
>7.2. <A
HREF="samba-bdc.html#AEN1131"
>Background</A
></DT
><DT
>7.3. <A
HREF="samba-bdc.html#AEN1139"
>What qualifies a Domain Controller on the network?</A
></DT
><DD
><DL
><DT
>7.3.1. <A
HREF="samba-bdc.html#AEN1142"
>How does a Workstation find its domain controller?</A
></DT
><DT
>7.3.2. <A
HREF="samba-bdc.html#AEN1145"
>When is the PDC needed?</A
></DT
></DL
></DD
><DT
>7.4. <A
HREF="samba-bdc.html#AEN1148"
>Can Samba be a Backup Domain Controller?</A
></DT
><DT
>7.5. <A
HREF="samba-bdc.html#AEN1152"
>How do I set up a Samba BDC?</A
></DT
><DD
><DL
><DT
>7.5.1. <A
HREF="samba-bdc.html#AEN1169"
>How do I replicate the smbpasswd file?</A
></DT
></DL
></DD
></DL
></DD
><DT
>8. <A
HREF="ads.html"
>Samba as a ADS domain member</A
></DT
><DD
><DL
><DT
>8.1. <A
HREF="ads.html#AEN1187"
>Installing the required packages for Debian</A
></DT
><DT
>8.2. <A
HREF="ads.html#AEN1193"
>Installing the required packages for RedHat</A
></DT
><DT
>8.3. <A
HREF="ads.html#AEN1202"
>Compile Samba</A
></DT
><DT
>8.4. <A
HREF="ads.html#AEN1217"
>Setup your /etc/krb5.conf</A
></DT
><DT
>8.5. <A
HREF="ads.html#AEN1227"
>Create the computer account</A
></DT
><DD
><DL
><DT
>8.5.1. <A
HREF="ads.html#AEN1231"
>Possible errors</A
></DT
></DL
></DD
><DT
>8.6. <A
HREF="ads.html#AEN1243"
>Test your server setup</A
></DT
><DT
>8.7. <A
HREF="ads.html#AEN1248"
>Testing with smbclient</A
></DT
><DT
>8.8. <A
HREF="ads.html#AEN1251"
>Notes</A
></DT
></DL
></DD
><DT
>9. <A
HREF="domain-security.html"
>Samba as a NT4 domain member</A
></DT
><DD
><DL
><DT
>9.1. <A
HREF="domain-security.html#AEN1273"
>Joining an NT Domain with Samba 2.2</A
></DT
><DT
>9.2. <A
HREF="domain-security.html#AEN1337"
>Samba and Windows 2000 Domains</A
></DT
><DT
>9.3. <A
HREF="domain-security.html#AEN1342"
>Why is this better than security = server?</A
></DT
></DL
></DD
></DL
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="pwencrypt.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="securitylevels.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>LanMan and NT Password Encryption in Samba</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>User and Share security level (for servers not in a domain)</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part II. Server Configuration Basics</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="FastStart.html" title="Chapter 3. FastStart for the Impatient"><link rel="next" href="ServerType.html" title="Chapter 4. Server Types and Security Modes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part II. Server Configuration Basics</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="FastStart.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ServerType.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="type"></a>Server Configuration Basics</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2886752"></a>First Steps in Server Configuration</h1></div></div><div></div></div><p>
Samba can operate in various modes within SMB networks. This HOWTO section contains information on
configuring samba to function as the type of server your network requires. Please read this
section carefully.
</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>4. <a href="ServerType.html">Server Types and Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2888708">Features and Benefits</a></dt><dt><a href="ServerType.html#id2888804">Server Types</a></dt><dt><a href="ServerType.html#id2888887">Samba Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2889003">User Level Security</a></dt><dt><a href="ServerType.html#id2889136">Share Level Security</a></dt><dt><a href="ServerType.html#id2889257">Domain Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889510">ADS Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889596">Server Security (User Level Security)</a></dt></dl></dd><dt><a href="ServerType.html#id2889820">Seamless Windows Network Integration</a></dt><dt><a href="ServerType.html#id2889997">Common Errors</a></dt><dd><dl><dt><a href="ServerType.html#id2890025">What makes Samba a SERVER?</a></dt><dt><a href="ServerType.html#id2890058">What makes Samba a Domain Controller?</a></dt><dt><a href="ServerType.html#id2890086">What makes Samba a Domain Member?</a></dt><dt><a href="ServerType.html#id2890120">Constantly Losing Connections to Password Server</a></dt></dl></dd></dl></dd><dt>5. <a href="samba-pdc.html">Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2891927">Features and Benefits</a></dt><dt><a href="samba-pdc.html#id2892230">Basics of Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2892246">Domain Controller Types</a></dt><dt><a href="samba-pdc.html#id2892458">Preparing for Domain Control</a></dt></dl></dd><dt><a href="samba-pdc.html#id2892778">Domain Control - Example Configuration</a></dt><dt><a href="samba-pdc.html#id2893076">Samba ADS Domain Control</a></dt><dt><a href="samba-pdc.html#id2893098">Domain and Network Logon Configuration</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893113">Domain Network Logon Service</a></dt><dt><a href="samba-pdc.html#id2893441">Security Mode and Master Browsers</a></dt></dl></dd><dt><a href="samba-pdc.html#id2893548">Common Problems and Errors</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893555">I cannot include a '$' in a machine name</a></dt><dt><a href="samba-pdc.html#id2893594">I get told &quot;You already have a connection to the Domain....&quot;
or &quot;Cannot join domain, the credentials supplied conflict with an
existing set..&quot; when creating a machine trust account.</a></dt><dt><a href="samba-pdc.html#id2893643">The system can not log you on (C000019B)....</a></dt><dt><a href="samba-pdc.html#id2893714">The machine trust account for this computer either does not
exist or is not accessible.</a></dt><dt><a href="samba-pdc.html#id2893771">When I attempt to login to a Samba Domain from a NT4/W2K workstation,
I get a message about my account being disabled.</a></dt><dt><a href="samba-pdc.html#id2893798">Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</a></dt></dl></dd></dl></dd><dt>6. <a href="samba-bdc.html">Backup Domain Control</a></dt><dd><dl><dt><a href="samba-bdc.html#id2895956">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896128">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896156">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2896368">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2896390">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2896416">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896462">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896532">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896591">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896605">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2896630">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2896663">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2896692">Can I do this all with LDAP?</a></dt></dl></dd></dl></dd><dt>7. <a href="domain-member.html">Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2897692">Features and Benefits</a></dt><dt><a href="domain-member.html#id2897816">MS Windows Workstation/Server Machine Trust Accounts</a></dt><dd><dl><dt><a href="domain-member.html#id2897991">Manual Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2898243">Using NT4 Server Manager to Add Machine Accounts to the Domain</a></dt><dt><a href="domain-member.html#id2898440">&quot;On-the-Fly&quot; Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2898502">Making an MS Windows Workstation or Server a Domain Member</a></dt></dl></dd><dt><a href="domain-member.html#id2898648">Domain Member Server</a></dt><dd><dl><dt><a href="domain-member.html#id2898697">Joining an NT4 type Domain with Samba-3</a></dt><dt><a href="domain-member.html#id2899075">Why is this better than security = server?</a></dt></dl></dd><dt><a href="domain-member.html#ads-member">Samba ADS Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2899216">Setup your smb.conf</a></dt><dt><a href="domain-member.html#id2899298">Setup your /etc/krb5.conf</a></dt><dt><a href="domain-member.html#ads-create-machine-account">Create the computer account</a></dt><dt><a href="domain-member.html#ads-test-server">Test your server setup</a></dt><dt><a href="domain-member.html#ads-test-smbclient">Testing with smbclient</a></dt><dt><a href="domain-member.html#id2899656">Notes</a></dt></dl></dd><dt><a href="domain-member.html#id2899678">Common Errors</a></dt><dd><dl><dt><a href="domain-member.html#id2899712">Can Not Add Machine Back to Domain</a></dt><dt><a href="domain-member.html#id2899742">Adding Machine to Domain Fails</a></dt></dl></dd></dl></dd><dt>8. <a href="StandAloneServer.html">Stand-Alone Servers</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2902078">Features and Benefits</a></dt><dt><a href="StandAloneServer.html#id2902275">Background</a></dt><dt><a href="StandAloneServer.html#id2902347">Example Configuration</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2902362">Reference Documentation Server</a></dt><dt><a href="StandAloneServer.html#id2902411">Central Print Serving</a></dt></dl></dd><dt><a href="StandAloneServer.html#id2902618">Common Errors</a></dt></dl></dd><dt>9. <a href="ClientConfig.html">MS Windows Network Configuration Guide</a></dt><dd><dl><dt><a href="ClientConfig.html#id2901732">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="FastStart.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ServerType.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 3. FastStart for the Impatient </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. Server Types and Security Modes</td></tr></table></div></body></html>

502
docs/htmldocs/vfstest.1.html
View File

@ -1,487 +1,43 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>vfstest</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="VFSTEST">vfstest</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>vfstest&nbsp;--&nbsp;tool for testing samba VFS modules </DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>vfstest</B
> [-d debuglevel] [-c command] [-l logfile] [-h]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN15"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>vfstest</B
> is a small command line
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>vfstest</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="vfstest.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>vfstest &#8212; tool for testing samba VFS modules </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">vfstest</tt> [-d debuglevel] [-c command] [-l logfile] [-h]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">vfstest</b> is a small command line
utility that has the ability to test dso samba VFS modules. It gives the
user the ability to call the various VFS functions manually and
supports cascaded VFS modules.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN21"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-c|--command=command</DT
><DD
><P
>Execute the specified (colon-separated) commands.
</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-c|--command=command</span></dt><dd><p>Execute the specified (colon-separated) commands.
See below for the commands that are available.
</P
></DD
><DT
>-d|--debug=debuglevel</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>debuglevel</I
></TT
> is an integer
</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">'.client'</tt> will be appended. The log file is never removed
by the client.
</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
smb.conf(5)</tt></a> for more information.
The default configuration file name is determined at
compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will be
not specified is zero.</p><p>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable
information about operations carried out.</p><p>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will
override the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log
level</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
><DT
>-l|--logfile=logbasename</DT
><DD
><P
>File name for log/debug files. The extension
<TT
CLASS="CONSTANT"
>'.client'</TT
> will be appended. The log file is never removed
by the client.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN48"
></A
><H2
>COMMANDS</H2
><P
><I
CLASS="EMPHASIS"
>VFS COMMANDS</I
></P
><P
></P
><UL
><LI
><P
><B
CLASS="COMMAND"
>load &#60;module.so&#62;</B
> - Load specified VFS module </P
></LI
><LI
><P
><B
CLASS="COMMAND"
>populate &#60;char&#62; &#60;size&#62;</B
> - Populate a data buffer with the specified data
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>showdata [&#60;offset&#62; &#60;len&#62;]</B
> - Show data currently in data buffer
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>connect</B
> - VFS connect()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>disconnect</B
> - VFS disconnect()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>disk_free</B
> - VFS disk_free()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>opendir</B
> - VFS opendir()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>readdir</B
> - VFS readdir()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>mkdir</B
> - VFS mkdir()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>rmdir</B
> - VFS rmdir()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>closedir</B
> - VFS closedir()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>open</B
> - VFS open()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>close</B
> - VFS close()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>read</B
> - VFS read()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>write</B
> - VFS write()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>lseek</B
> - VFS lseek()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>rename</B
> - VFS rename()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>fsync</B
> - VFS fsync()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>stat</B
> - VFS stat()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>fstat</B
> - VFS fstat()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>lstat</B
> - VFS lstat()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>unlink</B
> - VFS unlink()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>chmod</B
> - VFS chmod()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>fchmod</B
> - VFS fchmod()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>chown</B
> - VFS chown()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>fchown</B
> - VFS fchown()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>chdir</B
> - VFS chdir()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>getwd</B
> - VFS getwd()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>utime</B
> - VFS utime()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>ftruncate</B
> - VFS ftruncate()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>lock</B
> - VFS lock()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>symlink</B
> - VFS symlink()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>readlink</B
> - VFS readlink()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>link</B
> - VFS link()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>mknod</B
> - VFS mknod()</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>realpath</B
> - VFS realpath()</P
></LI
></UL
><P
><I
CLASS="EMPHASIS"
>GENERAL COMMANDS</I
></P
><P
></P
><UL
><LI
><P
><B
CLASS="COMMAND"
>conf &#60;smb.conf&#62;</B
> - Load a different configuration file</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>help [&#60;command&#62;]</B
> - Get list of commands or info about specified command</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>debuglevel &#60;level&#62;</B
> - Set debug level</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>freemem</B
> - Free memory currently in use</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>exit</B
> - Exit vfstest</P
></LI
></UL
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN179"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of the Samba
suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN182"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
override the <a href="smb.conf.5.html#loglevel" target="_top">log
level</a> parameter in the <a href="smb.conf.5.html" target="_top">
<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
never removed by the client.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMMANDS</h2><p><span class="emphasis"><em>VFS COMMANDS</em></span></p><div class="itemizedlist"><ul type="disc"><li><p><b class="command">load &lt;module.so&gt;</b> - Load specified VFS module </p></li><li><p><b class="command">populate &lt;char&gt; &lt;size&gt;</b> - Populate a data buffer with the specified data
</p></li><li><p><b class="command">showdata [&lt;offset&gt; &lt;len&gt;]</b> - Show data currently in data buffer
</p></li><li><p><b class="command">connect</b> - VFS connect()</p></li><li><p><b class="command">disconnect</b> - VFS disconnect()</p></li><li><p><b class="command">disk_free</b> - VFS disk_free()</p></li><li><p><b class="command">opendir</b> - VFS opendir()</p></li><li><p><b class="command">readdir</b> - VFS readdir()</p></li><li><p><b class="command">mkdir</b> - VFS mkdir()</p></li><li><p><b class="command">rmdir</b> - VFS rmdir()</p></li><li><p><b class="command">closedir</b> - VFS closedir()</p></li><li><p><b class="command">open</b> - VFS open()</p></li><li><p><b class="command">close</b> - VFS close()</p></li><li><p><b class="command">read</b> - VFS read()</p></li><li><p><b class="command">write</b> - VFS write()</p></li><li><p><b class="command">lseek</b> - VFS lseek()</p></li><li><p><b class="command">rename</b> - VFS rename()</p></li><li><p><b class="command">fsync</b> - VFS fsync()</p></li><li><p><b class="command">stat</b> - VFS stat()</p></li><li><p><b class="command">fstat</b> - VFS fstat()</p></li><li><p><b class="command">lstat</b> - VFS lstat()</p></li><li><p><b class="command">unlink</b> - VFS unlink()</p></li><li><p><b class="command">chmod</b> - VFS chmod()</p></li><li><p><b class="command">fchmod</b> - VFS fchmod()</p></li><li><p><b class="command">chown</b> - VFS chown()</p></li><li><p><b class="command">fchown</b> - VFS fchown()</p></li><li><p><b class="command">chdir</b> - VFS chdir()</p></li><li><p><b class="command">getwd</b> - VFS getwd()</p></li><li><p><b class="command">utime</b> - VFS utime()</p></li><li><p><b class="command">ftruncate</b> - VFS ftruncate()</p></li><li><p><b class="command">lock</b> - VFS lock()</p></li><li><p><b class="command">symlink</b> - VFS symlink()</p></li><li><p><b class="command">readlink</b> - VFS readlink()</p></li><li><p><b class="command">link</b> - VFS link()</p></li><li><p><b class="command">mknod</b> - VFS mknod()</p></li><li><p><b class="command">realpath</b> - VFS realpath()</p></li></ul></div><p><span class="emphasis"><em>GENERAL COMMANDS</em></span></p><div class="itemizedlist"><ul type="disc"><li><p><b class="command">conf &lt;smb.conf&gt;</b> - Load a different configuration file</p></li><li><p><b class="command">help [&lt;command&gt;]</b> - Get list of commands or info about specified command</p></li><li><p><b class="command">debuglevel &lt;level&gt;</b> - Set debug level</p></li><li><p><b class="command">freemem</b> - Free memory currently in use</p></li><li><p><b class="command">exit</b> - Exit vfstest</p></li></ul></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba
suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The vfstest man page was written by Jelmer Vernooij.</P
></DIV
></BODY
></HTML
>
to the way the Linux kernel is developed.</p><p>The vfstest man page was written by Jelmer Vernooij.</p></div></div></body></html>

408
docs/htmldocs/wbinfo.1.html
View File

@ -1,383 +1,71 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>wbinfo</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="WBINFO"
></A
>wbinfo</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>wbinfo&nbsp;--&nbsp;Query information from winbind daemon</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>wbinfo</B
> [-u] [-g] [-i ip] [-N netbios-name] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password] [-p]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN27"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>The <B
CLASS="COMMAND"
>wbinfo</B
> program queries and returns information
created and used by the <A
HREF="winbindd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
> winbindd(8)</B
></A
> daemon. </P
><P
>The <B
CLASS="COMMAND"
>winbindd(8)</B
> daemon must be configured
and running for the <B
CLASS="COMMAND"
>wbinfo</B
> program to be able
to return information.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN38"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-u</DT
><DD
><P
>This option will list all users available
in the Windows NT domain for which the <B
CLASS="COMMAND"
>winbindd(8)
</B
> daemon is operating in. Users in all trusted domains
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>wbinfo</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="wbinfo.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>wbinfo &#8212; Query information from winbind daemon</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">wbinfo</tt> [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password] [-A user%password] [--get-auth-user] [-p]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The <b class="command">wbinfo</b> program queries and returns information
created and used by the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon. </p><p>The <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon must be configured
and running for the <b class="command">wbinfo</b> program to be able
to return information.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-u</span></dt><dd><p>This option will list all users available
in the Windows NT domain for which the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is operating in. Users in all trusted domains
will also be listed. Note that this operation does not assign
user ids to any users that have not already been seen by
<B
CLASS="COMMAND"
>winbindd(8)</B
>.</P
></DD
><DT
>-g</DT
><DD
><P
>This option will list all groups available
in the Windows NT domain for which the <B
CLASS="COMMAND"
>winbindd(8)
</B
> daemon is operating in. Groups in all trusted domains
user ids to any users that have not already been seen by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>
.</p></dd><dt><span class="term">-g</span></dt><dd><p>This option will list all groups available
in the Windows NT domain for which the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> daemon is operating in. Groups in all trusted domains
will also be listed. Note that this operation does not assign
group ids to any groups that have not already been seen by
<B
CLASS="COMMAND"
>winbindd(8)</B
>. </P
></DD
><DT
>-N name</DT
><DD
><P
>The <TT
CLASS="PARAMETER"
><I
>-N</I
></TT
> option
queries <B
CLASS="COMMAND"
>winbindd(8)</B
> to query the WINS
group ids to any groups that have not already been
seen by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>. </p></dd><dt><span class="term">-N name</span></dt><dd><p>The <i class="parameter"><tt>-N</tt></i> option
queries <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to query the WINS
server for the IP address associated with the NetBIOS name
specified by the <TT
CLASS="PARAMETER"
><I
>name</I
></TT
> parameter.
</P
></DD
><DT
>-I ip</DT
><DD
><P
>The <TT
CLASS="PARAMETER"
><I
>-I</I
></TT
> option
queries <B
CLASS="COMMAND"
>winbindd(8)</B
> to send a node status
specified by the <i class="parameter"><tt>name</tt></i> parameter.
</p></dd><dt><span class="term">-I ip</span></dt><dd><p>The <i class="parameter"><tt>-I</tt></i> option
queries <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to send a node status
request to get the NetBIOS name associated with the IP address
specified by the <TT
CLASS="PARAMETER"
><I
>ip</I
></TT
> parameter.
</P
></DD
><DT
>-n name</DT
><DD
><P
>The <TT
CLASS="PARAMETER"
><I
>-n</I
></TT
> option
queries <B
CLASS="COMMAND"
>winbindd(8)</B
> for the SID
specified by the <i class="parameter"><tt>ip</tt></i> parameter.
</p></dd><dt><span class="term">-n name</span></dt><dd><p>The <i class="parameter"><tt>-n</tt></i> option
queries <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> for the SID
associated with the name specified. Domain names can be specified
before the user name by using the winbind separator character.
For example CWDOM1/Administrator refers to the Administrator
user in the domain CWDOM1. If no domain is specified then the
domain used is the one specified in the <TT
CLASS="FILENAME"
>smb.conf</TT
>
<TT
CLASS="PARAMETER"
><I
>workgroup</I
></TT
> parameter. </P
></DD
><DT
>-s sid</DT
><DD
><P
>Use <TT
CLASS="PARAMETER"
><I
>-s</I
></TT
> to resolve
a SID to a name. This is the inverse of the <TT
CLASS="PARAMETER"
><I
>-n
</I
></TT
> option above. SIDs must be specified as ASCII strings
domain used is the one specified in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> <i class="parameter"><tt>workgroup
</tt></i> parameter. </p></dd><dt><span class="term">-s sid</span></dt><dd><p>Use <i class="parameter"><tt>-s</tt></i> to resolve
a SID to a name. This is the inverse of the <i class="parameter"><tt>-n
</tt></i> option above. SIDs must be specified as ASCII strings
in the traditional Microsoft format. For example,
S-1-5-21-1455342024-3071081365-2475485837-500. </P
></DD
><DT
>-U uid</DT
><DD
><P
>Try to convert a UNIX user id to a Windows NT
S-1-5-21-1455342024-3071081365-2475485837-500. </p></dd><dt><span class="term">-U uid</span></dt><dd><p>Try to convert a UNIX user id to a Windows NT
SID. If the uid specified does not refer to one within
the winbind uid range then the operation will fail. </P
></DD
><DT
>-G gid</DT
><DD
><P
>Try to convert a UNIX group id to a Windows
the winbind uid range then the operation will fail. </p></dd><dt><span class="term">-G gid</span></dt><dd><p>Try to convert a UNIX group id to a Windows
NT SID. If the gid specified does not refer to one within
the winbind gid range then the operation will fail. </P
></DD
><DT
>-S sid</DT
><DD
><P
>Convert a SID to a UNIX user id. If the SID
does not correspond to a UNIX user mapped by <B
CLASS="COMMAND"
> winbindd(8)</B
> then the operation will fail. </P
></DD
><DT
>-Y sid</DT
><DD
><P
>Convert a SID to a UNIX group id. If the SID
does not correspond to a UNIX group mapped by <B
CLASS="COMMAND"
> winbindd(8)</B
> then the operation will fail. </P
></DD
><DT
>-t</DT
><DD
><P
>Verify that the workstation trust account
the winbind gid range then the operation will fail. </p></dd><dt><span class="term">-S sid</span></dt><dd><p>Convert a SID to a UNIX user id. If the SID
does not correspond to a UNIX user mapped by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then the operation will fail. </p></dd><dt><span class="term">-Y sid</span></dt><dd><p>Convert a SID to a UNIX group id. If the SID
does not correspond to a UNIX group mapped by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then
the operation will fail. </p></dd><dt><span class="term">-t</span></dt><dd><p>Verify that the workstation trust account
created when the Samba server is added to the Windows NT
domain is working. </P
></DD
><DT
>-m</DT
><DD
><P
>Produce a list of domains trusted by the
Windows NT server <B
CLASS="COMMAND"
>winbindd(8)</B
> contacts
domain is working. </p></dd><dt><span class="term">-m</span></dt><dd><p>Produce a list of domains trusted by the
Windows NT server <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> contacts
when resolving names. This list does not include the Windows
NT domain the server is a Primary Domain Controller for.
</P
></DD
><DT
>-r username</DT
><DD
><P
>Try to obtain the list of UNIX group ids
</p></dd><dt><span class="term">--sequence</span></dt><dd><p>Show sequence numbers of
all known domains</p></dd><dt><span class="term">-r username</span></dt><dd><p>Try to obtain the list of UNIX group ids
to which the user belongs. This only works for users
defined on a Domain Controller.
</P
></DD
><DT
>-a username%password</DT
><DD
><P
>Attempt to authenticate a user via winbindd.
</p></dd><dt><span class="term">-a username%password</span></dt><dd><p>Attempt to authenticate a user via winbindd.
This checks both authenticaion methods and reports its results.
</P
></DD
><DT
>-A username%password</DT
><DD
><P
>Store username and password used by winbindd
</p></dd><dt><span class="term">-A username%password</span></dt><dd><p>Store username and password used by winbindd
during session setup to a domain controller. This enables
winbindd to operate in a Windows 2000 domain with Restrict
Anonymous turned on (a.k.a. Permissions compatiable with
Windows 2000 servers only).
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN120"
></A
><H2
>EXIT STATUS</H2
><P
>The wbinfo program returns 0 if the operation
succeeded, or 1 if the operation failed. If the <B
CLASS="COMMAND"
>winbindd(8)
</B
> daemon is not working <B
CLASS="COMMAND"
>wbinfo</B
> will always return
failure. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN125"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN128"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="winbindd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>winbindd(8)</B
>
</A
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN133"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
</p></dd><dt><span class="term">--get-auth-user</span></dt><dd><p>Print username and password used by winbindd
during session setup to a domain controller. Username
and password can be set using '-A'. Only available for
root.</p></dd><dt><span class="term">-p</span></dt><dd><p>Check whether winbindd is still alive.
Prints out either 'succeeded' or 'failed'.
</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for
<b class="command">smbd</b>.</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXIT STATUS</h2><p>The wbinfo program returns 0 if the operation
succeeded, or 1 if the operation failed. If the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is not working <b class="command">wbinfo</b> will always return
failure. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of
the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
><B
CLASS="COMMAND"
>wbinfo</B
> and <B
CLASS="COMMAND"
>winbindd</B
>
were written by Tim Potter.</P
><P
>The conversion to DocBook for Samba 2.2 was done
by Gerald Carter</P
></DIV
></BODY
></HTML
>
to the way the Linux kernel is developed.</p><p><b class="command">wbinfo</b> and <b class="command">winbindd</b>
were written by Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
3.0 was done by Alexander Bokovoy.</p></div></div></body></html>

1911
docs/htmldocs/winbind.html
View File

File diff suppressed because it is too large Load Diff

999
docs/htmldocs/winbindd.8.html
View File

File diff suppressed because it is too large Load Diff

169
docs/manpages/findsmb.1
View File

@ -1,100 +1,95 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "FINDSMB" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "FINDSMB" 1 "" "" ""
.SH NAME
findsmb \- list info about machines that respond to SMB name queries on a subnet
.SH SYNOPSIS
\fBfindsmb\fR [ \fBsubnet broadcast address\fR ]
.SH "DESCRIPTION"
.PP
This perl script is part of the Samba suite.
.PP
\fBfindsmb\fR is a perl script that
prints out several pieces of information about machines
on a subnet that respond to SMB name query requests.
It uses \fB nmblookup(1)\fR to obtain this information.
.SH "OPTIONS"
.TP
\fB-r\fR
Controls whether \fBfindsmb\fR takes
bugs in Windows95 into account when trying to find a Netbios name
registered of the remote machine. This option is disabled by default
because it is specific to Windows 95 and Windows 95 machines only.
If set, \fBnmblookup\fR
will be called with -B option.
.TP
\fBsubnet broadcast address\fR
Without this option, \fBfindsmb
\fR will probe the subnet of the machine where
\fBfindsmb\fR is run. This value is passed
to \fBnmblookup\fR as part of the
-B option.
.SH "EXAMPLES"
.PP
The output of \fBfindsmb\fR lists the following
information for all machines that respond to the initial
\fBnmblookup\fR for any name: IP address, NetBIOS name,
Workgroup name, operating system, and SMB server version.
.PP
There will be a '+' in front of the workgroup name for
machines that are local master browsers for that workgroup. There
will be an '*' in front of the workgroup name for
machines that are the domain master browser for that workgroup.
Machines that are running Windows, Windows 95 or Windows 98 will
not show any information about the operating system or server
version.
.PP
The command with -r option
must be run on a system without \fBnmbd\fR running.
If \fBnmbd\fR is running on the system, you will
only get the IP address and the DNS name of the machine. To
get proper responses from Windows 95 and Windows 98 machines,
the command must be run as root and with -r
option on a machine without \fBnmbd\fR running.
.PP
For example, running \fBfindsmb\fR without
-r option set would yield output similar
to the following
findsmb \- list info about machines that respond to SMB name queries on a subnet
.SH "SYNOPSIS"
.nf
\fBfindsmb\fR [subnet broadcast address]
.fi
.SH "DESCRIPTION"
.PP
This perl script is part of the \fBSamba\fR(7) suite\&.
.PP
\fBfindsmb\fR is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests\&. It uses \fBnmblookup\fR(1) and \fBsmbclient\fR(1) to obtain this information\&.
.SH "OPTIONS"
.TP
-r
Controls whether \fBfindsmb\fR takes bugs in Windows95 into account when trying to find a Netbios name registered of the remote machine\&. This option is disabled by default because it is specific to Windows 95 and Windows 95 machines only\&. If set, \fBnmblookup\fR(1) will be called with \fB-B\fR option\&.
.TP
subnet broadcast address
Without this option, \fBfindsmb \fR will probe the subnet of the machine where \fBfindsmb\fR(1) is run\&. This value is passed to \fBnmblookup\fR(1) as part of the \fB-B\fR option\&.
.SH "EXAMPLES"
.PP
The output of \fBfindsmb\fR lists the following information for all machines that respond to the initial\fBnmblookup\fR for any name: IP address, NetBIOS name, Workgroup name, operating system, and SMB server version\&.
.PP
There will be a '+' in front of the workgroup name for machines that are local master browsers for that workgroup\&. There will be an '*' in front of the workgroup name for machines that are the domain master browser for that workgroup\&. Machines that are running Windows, Windows 95 or Windows 98 will not show any information about the operating system or server version\&.
.PP
The command with \fB-r\fR option must be run on a system without \fBnmbd\fR(8)running\&. If \fBnmbd\fR is running on the system, you will only get the IP address and the DNS name of the machine\&. To get proper responses from Windows 95 and Windows 98 machines, the command must be run as root and with \fB-r\fR option on a machine without \fBnmbd\fR running\&.
.PP
For example, running \fBfindsmb\fR without \fB-r\fR option set would yield output similar to the following
.nf
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
192.168.35.10 MINESET-TEST1 [DMVENGR]
192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6]
192.168.35.56 HERBNT2 [HERB-NT]
192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10]
192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX]
192.168.35.78 HERBDHCP1 +[HERB]
192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
192\&.168\&.35\&.10 MINESET-TEST1 [DMVENGR]
192\&.168\&.35\&.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2\&.0\&.6]
192\&.168\&.35\&.56 HERBNT2 [HERB-NT]
192\&.168\&.35\&.63 GANDALF [MVENGR] [Unix] [Samba 2\&.0\&.5a for IRIX]
192\&.168\&.35\&.65 SAUNA [WORKGROUP] [Unix] [Samba 1\&.9\&.18p10]
192\&.168\&.35\&.71 FROGSTAR [ENGR] [Unix] [Samba 2\&.0\&.0 for IRIX]
192\&.168\&.35\&.78 HERBDHCP1 +[HERB]
192\&.168\&.35\&.88 SCNT2 +[MVENGR] [Windows NT 4\&.0] [NT LAN Manager 4\&.0]
192\&.168\&.35\&.93 FROGSTAR-PC [MVENGR] [Windows 5\&.0] [Windows 2000 LAN Manager]
192\&.168\&.35\&.97 HERBNT1 *[HERB-NT] [Windows NT 4\&.0] [NT LAN Manager 4\&.0]
.fi
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd(8)\fR
\fBsmbclient(1)
\fR and \fBnmblookup(1)\fR
\fBnmbd\fR(8),\fBsmbclient\fR(1), and \fBnmblookup\fR(1)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

132
docs/manpages/lmhosts.5
View File

@ -1,86 +1,92 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "LMHOSTS" "5" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "LMHOSTS" 5 "" "" ""
.SH NAME
lmhosts \- The Samba NetBIOS hosts file
.SH SYNOPSIS
.SH "SYNOPSIS"
.PP
\fIlmhosts\fR is the Samba NetBIOS name to IP address mapping file.
\fIlmhosts\fR is the \fBSamba\fR(7) NetBIOS name to IP address mapping file\&.
.SH "DESCRIPTION"
.PP
This file is part of the Samba suite.
This file is part of the \fBSamba\fR(7) suite\&.
.PP
\fIlmhosts\fR is the \fBSamba
\fR NetBIOS name to IP address mapping file. It
is very similar to the \fI/etc/hosts\fR file
format, except that the hostname component must correspond
to the NetBIOS naming format.
\fIlmhosts\fR is the \fBSamba \fR NetBIOS name to IP address mapping file\&. It is very similar to the \fI/etc/hosts\fR file format, except that the hostname component must correspond to the NetBIOS naming format\&.
.SH "FILE FORMAT"
.PP
It is an ASCII file containing one line for NetBIOS name.
The two fields on each line are separated from each other by
white space. Any entry beginning with '#' is ignored. Each line
in the lmhosts file contains the following information :
.TP 0.2i
\(bu
IP Address - in dotted decimal format.
.TP 0.2i
\(bu
NetBIOS Name - This name format is a
maximum fifteen character host name, with an optional
trailing '#' character followed by the NetBIOS name type
as two hexadecimal digits.
If the trailing '#' is omitted then the given IP
address will be returned for all names that match the given
name, whatever the NetBIOS name type in the lookup.
.PP
An example follows :
.PP
It is an ASCII file containing one line for NetBIOS name\&. The two fields on each line are separated from each other by white space\&. Any entry beginning with '#' is ignored\&. Each line in the lmhosts file contains the following information:
.TP 3
\(bu
IP Address - in dotted decimal format\&.
.TP
\(bu
NetBIOS Name - This name format is a maximum fifteen character host name, with an optional trailing '#' character followed by the NetBIOS name type as two hexadecimal digits\&.
If the trailing '#' is omitted then the given IP address will be returned for all names that match the given name, whatever the NetBIOS name type in the lookup\&.
.LP
.PP
An example follows:
.nf
#
# Sample Samba lmhosts file.
# Sample Samba lmhosts file\&.
#
192.9.200.1 TESTPC
192.9.200.20 NTSERVER#20
192.9.200.21 SAMBASERVER
.fi
192\&.9\&.200\&.1 TESTPC
192\&.9\&.200\&.20 NTSERVER#20
192\&.9\&.200\&.21 SAMBASERVER
.fi
.PP
Contains three IP to NetBIOS name mappings. The first
and third will be returned for any queries for the names "TESTPC"
and "SAMBASERVER" respectively, whatever the type component of
the NetBIOS name requested.
Contains three IP to NetBIOS name mappings\&. The first and third will be returned for any queries for the names "TESTPC" and "SAMBASERVER" respectively, whatever the type component of the NetBIOS name requested\&.
.PP
The second mapping will be returned only when the "0x20" name
type for a name "NTSERVER" is queried. Any other name type will not
be resolved.
The second mapping will be returned only when the "0x20" name type for a name "NTSERVER" is queried\&. Any other name type will not be resolved\&.
.PP
The default location of the \fIlmhosts\fR file
is in the same directory as the
smb.conf(5)> file.
The default location of the \fIlmhosts\fR file is in the same directory as the \fBsmb.conf\fR(5) file\&.
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbclient(1)
\fR and \fB smbpasswd(8)\fR
\fBsmbclient\fR(1), \fBsmb.conf\fR(5), and \fBsmbpasswd\fR(8)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available atftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 was done by Alexander Bokovoy\&.

624
docs/manpages/net.8
View File

@ -1,151 +1,549 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "NET" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "NET" 8 "" "" ""
.SH NAME
net \- Tool for administration of Samba and remote CIFS servers.
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBnet\fR \fB<ads|rap|rpc>\fR [ \fB-h\fR ] [ \fB-w workgroup\fR ] [ \fB-W myworkgroup\fR ] [ \fB-U user\fR ] [ \fB-I ip-address\fR ] [ \fB-p port\fR ] [ \fB-n myname\fR ] [ \fB-s conffile\fR ] [ \fB-S server\fR ] [ \fB-C comment\fR ] [ \fB-M maxusers\fR ] [ \fB-F flags\fR ] [ \fB-j jobid\fR ] [ \fB-l\fR ] [ \fB-r\fR ] [ \fB-f\fR ] [ \fB-t timeout\fR ] [ \fB-P\fR ] [ \fB-D debuglevel\fR ]
.nf
\fBnet\fR {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address]
[-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-D debuglevel]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
The samba net utility is meant to work just like the net utility
available for windows and DOS.
The samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.
.SH "OPTIONS"
.TP
\fB-h\fR
Display summary of all available options.
-h|--help
Print a summary of command line options\&.
.TP
\fB-w target-workgroup\fR
Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
-w target-workgroup
Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&.
.TP
\fB-W workgroup\fR
-W workgroup
Sets client workgroup or domain
.TP
\fB-U user\fR
-U user
User name to use
.TP
\fB-I ip-address\fR
IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
-I ip-address
IP address of target server to use\&. You have to specify either this option or a target workgroup or a target server\&.
.TP
\fB-p port\fR
Port on the target server to connect to.
-p port
Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&.
.TP
\fB-n myname\fR
Sets name of the client.
-n <primary NetBIOS name>
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&.
.TP
\fB-s conffile\fR
Specify alternative configuration file that should be loaded.
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
\fB-S server\fR
Name of target server. You should specify either this option or a target workgroup or a target IP address.
-S server
Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&.
.TP
\fB-C comment\fR
FIXME
-l
When listing data, give more information on each item\&.
.TP
\fB-M maxusers\fR
FIXME
-P
Make queries to the external server using the machine account of the local server\&.
.TP
\fB-F flags\fR
FIXME
.TP
\fB-j jobid\fR
FIXME
.TP
\fB-l\fR
FIXME
.TP
\fB-r\fR
FIXME
.TP
\fB-f\fR
FIXME
.TP
\fB-t timeout\fR
FIXME
.TP
\fB-P\fR
Make queries to the external server using the machine account of the local server.
.TP
\fB-D debuglevel\fR
set the debuglevel. Debug level 0 is the lowest
and 100 being the highest. This should be set to 100 if you are
planning on submitting a bug report to the Samba team (see
\fIBUGS.txt\fR).
.SH "TIME"
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.SH "COMMANDS"
.SS "TIME"
.PP
The \fBNET TIME\fR command allows you to view the time on a remote server
or synchronise the time on the local server with the time on the remote server.
.TP
\fB\fR
Without any options, the \fBNET TIME\fR command
displays the time on the remote server.
.TP
\fBSYSTEM\fR
Displays the time on the remote server in a format ready for /bin/date
.TP
\fBSET\fR
Tries to set the date and time of the local server to that on
the remote server using /bin/date.
.TP
\fBZONE\fR
Displays the timezone in hours from GMT on the remote computer.
.SH "RPC"
The \fBNET TIME\fR command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server\&.
.PP
The \fBNET RPC\fR command allows you to do various
NT4 operations.
Without any options, the \fBNET TIME\fR command displays the time on the remote server\&.
.PP
Displays the time on the remote server in a format ready for \fB/bin/date\fR
.PP
Tries to set the date and time of the local server to that on the remote server using \fB/bin/date\fR\&.
.PP
Displays the timezone in hours from GMT on the remote computer\&.
.SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]"
.PP
Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&.
.PP
[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain\&.
.SS "[RPC] OLDJOIN [options]"
.PP
Join a domain\&. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust account in server manager first\&.
.SS "[RPC|ADS] USER"
.PP
Delete specified user
.PP
List all users
.PP
List the domain groups of a the specified user\&.
.PP
Add specified user\&.
.SS "[RPC|ADS] GROUP"
.PP
List user groups\&.
.PP
Delete specified group\&.
.PP
Create specified group\&.
.SS "[RAP|RPC] SHARE"
.PP
Enumerates all exported resources (network shares) on target server\&.
.PP
Adds a share from a server (makes the export active)\&. Maxusers specifies the number of users that can be connected to the share simultaneously\&.
.PP
Delete specified share\&.
.SS "[RPC|RAP] FILE"
.PP
List all open files on remote server\&.
.PP
Close file with specified \fIfileid\fR on remote server\&.
.PP
Print information on specified \fIfileid\fR\&. Currently listed are: file-id, username, locks, path, permissions\&.
.RS
.Sh "Note"
.PP
Currently NOT implemented\&.
.RE
.SS "SESSION"
.PP
Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server\&.
.PP
Close the specified sessions\&.
.PP
Give a list with all the open files in specified session\&.
.SS "RAP SERVER DOMAIN"
.PP
List all servers in specified domain or workgroup\&. Defaults to local domain\&.
.SS "RAP DOMAIN"
.PP
Lists all domains and workgroups visible on the current network\&.
.SS "RAP PRINTQ"
.PP
Lists the specified print queue and print jobs on the server\&. If the \fIQUEUE_NAME\fR is omitted, all queues are listed\&.
.PP
Delete job with specified id\&.
.SS "RAP VALIDATE user [password]"
.PP
Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&.
.RS
.Sh "Note"
.PP
Currently NOT implemented\&.
.RE
.SS "RAP GROUPMEMBER"
.PP
List all members of the specified group\&.
.PP
Delete member from group\&.
.PP
Add member to group\&.
.SS "RAP ADMIN command"
.PP
Execute the specified \fIcommand\fR on the remote server\&. Only works with OS/2 servers\&.
.RS
.Sh "Note"
.PP
Currently NOT implemented\&.
.RE
.SS "RAP SERVICE"
.PP
Start the specified service on the remote server\&. Not implemented yet\&.
.RS
.Sh "Note"
.PP
Currently NOT implemented\&.
.RE
.PP
Stop the specified service on the remote server\&.
.RS
.Sh "Note"
.PP
Currently NOT implemented\&.
.RE
.SS "RAP PASSWORD USER OLDPASS NEWPASS"
.PP
Change password of \fIUSER\fR from \fIOLDPASS\fR to \fINEWPASS\fR\&.
.SS "LOOKUP"
.PP
Lookup the IP address of the given host with the specified type (netbios suffix)\&. The type defaults to 0x20 (workstation)\&.
.PP
Give IP address of LDAP server of specified \fIDOMAIN\fR\&. Defaults to local domain\&.
.PP
Give IP address of KDC for the specified \fIREALM\fR\&. Defaults to local realm\&.
.PP
Give IP's of Domain Controllers for specified \fI DOMAIN\fR\&. Defaults to local domain\&.
.PP
Give IP of master browser for specified \fIDOMAIN\fR or workgroup\&. Defaults to local domain\&.
.SS "CACHE"
.PP
Samba uses a general caching interface called 'gencache'\&. It can be controlled using 'NET CACHE'\&.
.PP
All the timeout parameters support the suffixes: s - Secondsm - Minutesh - Hoursd - Daysw - Weeks
.PP
Add specified key+data to the cache with the given timeout\&.
.PP
Delete key from the cache\&.
.PP
Update data of existing cache entry\&.
.PP
Search for the specified pattern in the cache data\&.
.PP
List all current items in the cache\&.
.PP
Remove all the current items from the cache\&.
.SS "GETLOCALSID [DOMAIN]"
.PP
Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in\&.
.SS "SETLOCALSID S-1-5-21-x-y-z"
.PP
Sets domain sid for the local server to the specified SID\&.
.SS "GROUPMAP"
.PP
Manage the mappings between Windows group SIDs and UNIX groups\&. Parameters take the for "parameter=value"\&. Common options include:
.TP 3
\(bu
unixgroup - Name of the UNIX group
.TP
\fBJOIN -U username[%password] [options]\fR
Join a domain with specified username and password. Password
will be prompted if none is specified.
\(bu
ntgroup - Name of the Windows NT group (must be resolvable to a SID
.TP
\fBJOIN [options except -U]\fR
to join a domain created in server manager
\(bu
rid - Unsigned 32-bit integer
.TP
\fBUSER [misc. options] [targets]\fR
List users
\(bu
sid - Full SID in the form of "S-1-\&.\&.\&."
.TP
\fBUSER DELETE <name> [misc options]\fR
delete specified user
\(bu
type - Type of the group; either 'domain', 'local', or 'builtin'
.TP
\fBUSER INFO <name> [misc options]\fR
list the domain groups of the specified user
\(bu
comment - Freeform text description of the group
.LP
.PP
Add a new group mapping entry
.PP
net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string]
.PP
Delete a group mapping entry
.PP
net groupmap delete {ntgroup=string|sid=SID}
.PP
Update en existing group entry
.PP
net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}
.PP
List existing group mapping entries
.PP
net groupmap list [verbose] [ntgroup=string] [sid=SID]
.SS "MAXRID"
.PP
Prints out the highest RID currently in use on the local server (by the active 'passdb backend')\&.
.SS "RPC INFO"
.PP
Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups\&.
.SS "[RPC|ADS] TESTJOIN"
.PP
Check whether participation in a domain is still valid\&.
.SS "[RPC|ADS] CHANGETRUSTPW"
.PP
Force change of domain trust password\&.
.SS "RPC TRUSTDOM"
.PP
Add a interdomain trust account for \fIDOMAIN\fR to the remote server\&.
.PP
Remove interdomain trust account for \fIDOMAIN\fR from the remote server\&.
.RS
.Sh "Note"
.PP
Currently NOT implemented\&.
.RE
.PP
Establish a trust relationship to a trusting domain\&. Interdomain account must already be created on the remote PDC\&.
.PP
Abandon relationship to trusted domain
.PP
List all current interdomain trust relationships\&.
.SS "RPC ABORTSHUTDOWN"
.PP
Abort the shutdown of a remote server\&.
.SS "SHUTDOWN [-t timeout] [-r] [-f] [-C message]"
.PP
Shut down the remote server\&.
.TP
\fBUSER ADD <name> [password] [-F user flags] [misc. options\fR
Add specified user
-r
Reboot after shutdown\&.
.TP
\fBGROUP [misc options] [targets]\fR
List user groups
-f
Force shutting down all applications\&.
.TP
\fBGROUP DELETE <name> [misc. options] [targets]\fR
Delete specified group
-t timeout
Timeout before system will be shut down\&. An interactive user of the system can use this time to cancel the shutdown\&.
.TP
\fBGROUP ADD <name> [-C comment]\fR
Create specified group
.TP
\fBSHARE [misc. options] [targets]\fR
enumerates all exported resources (network shares) on target server
.TP
\fBSHARE ADD <name=serverpath> [misc. options] [targets]\fR
Adds a share from a server (makes the export active)
.TP
\fBSHARE DELETE <sharenam\fR
-C message
Display the specified message on the screen to announce the shutdown\&.
.SS "SAMDUMP"
.PP
Print out sam database of remote server\&. You need to run this on either a BDC\&.
.SS "VAMPIRE"
.PP
Export users, aliases and groups from remote server to local server\&. Can only be run an a BDC\&.
.SS "GETSID"
.PP
Fetch domain SID and store it in the local \fIsecrets\&.tdb\fR\&.
.SS "ADS LEAVE"
.PP
Make the remote host leave the domain it is part of\&.
.SS "ADS STATUS"
.PP
Print out status of machine account of the local machine in ADS\&. Prints out quite some debug info\&. Aimed at developers, regular users should use \fBNET ADS TESTJOIN\fR\&.
.SS "ADS PRINTER"
.PP
Lookup info for \fIPRINTER\fR on \fISERVER\fR\&. The printer name defaults to "*", the server name defaults to the local host\&.
.PP
Publish specified printer using ADS\&.
.PP
Remove specified printer from ADS directory\&.
.SS "ADS SEARCH EXPRESSION ATTRIBUTES..."
.PP
Perform a raw LDAP search on a ADS server and dump the results\&. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results\&.
.PP
Example: \fBnet ads search '(objectCategory=group)' sAMAccountName\fR
.SS "ADS DN DN (attributes)"
.PP
Perform a raw LDAP search on a ADS server and dump the results\&. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result\&.
.PP
Example: \fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR
.SS "WORKGROUP"
.PP
Print out workgroup name for specified kerberos realm\&.
.SS "HELP [COMMAND]"
.PP
Gives usage information for the specified command\&.
.SH "VERSION"
.PP
This man page is incomplete for version 3.0 of the Samba
suite.
This man page is complete for version 3\&.0 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The current set of manpages and documentation is maintained
by the Samba Team in the same fashion as the Samba source code.
The net manpage was written by Jelmer Vernooij\&.

382
docs/manpages/nmbd.8
View File

@ -1,272 +1,178 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "NMBD" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "NMBD" 8 "" "" ""
.SH NAME
nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients
.SH SYNOPSIS
nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients
.SH "SYNOPSIS"
\fBnmbd\fR [ \fB-D\fR ] [ \fB-F\fR ] [ \fB-S\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d <debug level>\fR ] [ \fB-H <lmhosts file>\fR ] [ \fB-l <log directory>\fR ] [ \fB-n <primary netbios name>\fR ] [ \fB-p <port number>\fR ] [ \fB-s <configuration file>\fR ]
.nf
\fBnmbd\fR [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]
.fi
.SH "DESCRIPTION"
.PP
This program is part of the Samba suite.
This program is part of the \fBSamba\fR(7) suite\&.
.PP
\fBnmbd\fR is a server that understands
and can reply to NetBIOS over IP name service requests, like
those produced by SMB/CIFS clients such as Windows 95/98/ME,
Windows NT, Windows 2000, Windows XP and LanManager clients. It also
participates in the browsing protocols which make up the
Windows "Network Neighborhood" view.
\fBnmbd\fR is a server that understands and can reply to NetBIOS over IP name service requests, like those produced by SMB/CIFS clients such as Windows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager clients\&. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view\&.
.PP
SMB/CIFS clients, when they start up, may wish to
locate an SMB/CIFS server. That is, they wish to know what
IP number a specified host is using.
SMB/CIFS clients, when they start up, may wish to locate an SMB/CIFS server\&. That is, they wish to know what IP number a specified host is using\&.
.PP
Amongst other services, \fBnmbd\fR will
listen for such requests, and if its own NetBIOS name is
specified it will respond with the IP number of the host it
is running on. Its "own NetBIOS name" is by
default the primary DNS name of the host it is running on,
but this can be overridden with the \fB-n\fR
option (see OPTIONS below). Thus \fBnmbd\fR will
reply to broadcast queries for its own name(s). Additional
names for \fBnmbd\fR to respond on can be set
via parameters in the \fI smb.conf(5)\fR configuration file.
Amongst other services, \fBnmbd\fR will listen for such requests, and if its own NetBIOS name is specified it will respond with the IP number of the host it is running on\&. Its "own NetBIOS name" is by default the primary DNS name of the host it is running on, but this can be overridden with the \fB-n\fR option (see OPTIONS below)\&. Thus \fBnmbd\fR will reply to broadcast queries for its own name(s)\&. Additional names for \fBnmbd\fR to respond on can be set via parameters in the \fBsmb.conf\fR(5) configuration file\&.
.PP
\fBnmbd\fR can also be used as a WINS
(Windows Internet Name Server) server. What this basically means
is that it will act as a WINS database server, creating a
database from name registration requests that it receives and
replying to queries from clients for these names.
\fBnmbd\fR can also be used as a WINS (Windows Internet Name Server) server\&. What this basically means is that it will act as a WINS database server, creating a database from name registration requests that it receives and replying to queries from clients for these names\&.
.PP
In addition, \fBnmbd\fR can act as a WINS
proxy, relaying broadcast queries from clients that do
not understand how to talk the WINS protocol to a WINS
server.
In addition, \fBnmbd\fR can act as a WINS proxy, relaying broadcast queries from clients that do not understand how to talk the WINS protocol to a WINS server\&.
.SH "OPTIONS"
.TP
\fB-D\fR
If specified, this parameter causes
\fBnmbd\fR to operate as a daemon. That is,
it detaches itself and runs in the background, fielding
requests on the appropriate port. By default, \fBnmbd\fR
will operate as a daemon if launched from a command shell.
nmbd can also be operated from the \fBinetd\fR
meta-daemon, although this is not recommended.
.TP
\fB-F\fR
If specified, this parameter causes
the main \fBnmbd\fR process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
\fBnmbd\fR under process supervisors such
as \fBsupervise\fR and \fBsvscan\fR
from Daniel J. Bernstein's \fBdaemontools\fR
package, or the AIX process monitor.
.TP
\fB-S\fR
If specified, this parameter causes
\fBnmbd\fR to log to standard output rather
than a file.
.TP
\fB-a\fR
If this parameter is specified, each new
connection will append log messages to the log file.
This is the default.
.TP
\fB-i\fR
If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
server is executed on the command line of a shell. Setting this
parameter negates the implicit daemon mode when run from the
command line. \fBnmbd\fR also logs to standard
output, as if the \fB-S\fR parameter had been
given.
.TP
\fB-o\fR
If this parameter is specified, the
log files will be overwritten when opened. By default,
\fBsmbd\fR will append entries to the log
files.
.TP
\fB-h\fR
Prints the help information (usage)
for \fBnmbd\fR.
.TP
\fB-H <filename>\fR
NetBIOS lmhosts file. The lmhosts
file is a list of NetBIOS names to IP addresses that
is loaded by the nmbd server and used via the name
resolution mechanism name resolve order described in \fIsmb.conf(5)\fR
to resolve any NetBIOS name queries needed by the server. Note
that the contents of this file are \fBNOT\fR
used by \fBnmbd\fR to answer any name queries.
Adding a line to this file affects name NetBIOS resolution
from this host \fBONLY\fR.
The default path to this file is compiled into
Samba as part of the build process. Common defaults
are \fI/usr/local/samba/lib/lmhosts\fR,
\fI/usr/samba/lib/lmhosts\fR or
\fI/etc/lmhosts\fR. See the
\fIlmhosts(5)\fR
man page for details on the contents of this file.
.TP
\fB-V\fR
Prints the version number for
\fBnmbd\fR.
.TP
\fB-d <debug level>\fR
debuglevel is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
-D
If specified, this parameter causes \fBnmbd\fR to operate as a daemon\&. That is, it detaches itself and runs in the background, fielding requests on the appropriate port\&. By default, \fBnmbd\fR will operate as a daemon if launched from a command shell\&. nmbd can also be operated from the \fBinetd\fR meta-daemon, although this is not recommended\&.
The higher this value, the more detail will
be logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable amounts
of log data, and should only be used when investigating
a problem. Levels above 3 are designed for use only by developers
and generate HUGE amounts of log data, most of which is extremely
cryptic.
.TP
-F
If specified, this parameter causes the main \fBnmbd\fR process to not daemonize, i\&.e\&. double-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running \fBnmbd\fR under process supervisors such as \fBsupervise\fR and \fBsvscan\fR from Daniel J\&. Bernstein's \fBdaemontools\fR package, or the AIX process monitor\&.
.TP
-S
If specified, this parameter causes \fBnmbd\fR to log to standard output rather than a file\&.
.TP
-i
If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell\&. Setting this parameter negates the implicit daemon mode when run from the command line\&. \fBnmbd\fR also logs to standard output, as if the \fB-S\fR parameter had been given\&.
.TP
-h|--help
Print a summary of command line options\&.
.TP
-H <filename>
NetBIOS lmhosts file\&. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name resolution mechanism \fIname resolve order\fR described in \fBsmb.conf\fR(5) to resolve any NetBIOS name queries needed by the server\&. Note that the contents of this file are \fBNOT\fR used by \fBnmbd\fR to answer any name queries\&. Adding a line to this file affects name NetBIOS resolution from this host \fBONLY\fR\&.
The default path to this file is compiled into Samba as part of the build process\&. Common defaults are \fI/usr/local/samba/lib/lmhosts\fR, \fI/usr/samba/lib/lmhosts\fR or \fI/etc/samba/lmhosts\fR\&. See the \fBlmhosts\fR(5) man page for details on the contents of this file\&.
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.TP
-p <UDP port number>
UDP port number is a positive integer value\&. This option changes the default UDP port number (normally 137) that \fBnmbd\fR responds to name queries on\&. Don't use this option unless you are an expert, in which case you won't need help!
Note that specifying this parameter here will override
the log level
parameter in the \fI smb.conf(5)\fR file.
.TP
\fB-l <log directory>\fR
The -l parameter specifies a directory
into which the "log.nmbd" log file will be created
for operational data from the running \fBnmbd\fR
server. The default log directory is compiled into Samba
as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or
\fI/var/log/log.nmb\fR. \fBBeware:\fR
If the directory specified does not exist, \fBnmbd\fR
will log to the default debug log location defined at compile time.
.TP
\fB-n <primary NetBIOS name>\fR
This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical
to setting the NetBIOS name parameter in the
\fIsmb.conf\fR file. However, a command
line setting will take precedence over settings in
\fIsmb.conf\fR.
.TP
\fB-p <UDP port number>\fR
UDP port number is a positive integer value.
This option changes the default UDP port number (normally 137)
that \fBnmbd\fR responds to name queries on. Don't
use this option unless you are an expert, in which case you
won't need help!
.TP
\fB-s <configuration file>\fR
The default configuration file name
is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but
this may be changed when Samba is autoconfigured.
The file specified contains the configuration details
required by the server. See \fIsmb.conf(5)\fR for more information.
.SH "FILES"
.TP
\fB\fI/etc/inetd.conf\fB\fR
If the server is to be run by the
\fBinetd\fR meta-daemon, this file
must contain suitable startup information for the
meta-daemon. See the UNIX_INSTALL.html document
for details.
.TP
\fB\fI/etc/rc\fB\fR
or whatever initialization script your
system uses).
If running the server as a daemon at startup,
this file will need to contain an appropriate startup
sequence for the server. See the UNIX_INSTALL.html document
for details.
.TP
\fB\fI/etc/services\fB\fR
If running the server via the
meta-daemon \fBinetd\fR, this file
must contain a mapping of service name (e.g., netbios-ssn)
to service port (e.g., 139) and protocol type (e.g., tcp).
See the UNIX_INSTALL.html
document for details.
\fI/etc/inetd\&.conf\fR
If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the install document for details\&.
.TP
\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
This is the default location of the
\fIsmb.conf\fR
server configuration file. Other common places that systems
install this file are \fI/usr/samba/lib/smb.conf\fR
and \fI/etc/smb.conf\fR.
\fI/etc/rc\fR
or whatever initialization script your system uses)\&.
If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&.
.TP
\fI/etc/services\fR
If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&.
.TP
\fI/usr/local/samba/lib/smb\&.conf\fR
This is the default location of the \fBsmb.conf\fR(5) server configuration file\&. Other common places that systems install this file are \fI/usr/samba/lib/smb\&.conf\fR and \fI/etc/samba/smb\&.conf\fR\&.
When run as a WINS server (see the \fBwins support\fR parameter in the \fBsmb.conf\fR(5) man page), \fBnmbd\fR will store the WINS database in the file \fIwins\&.dat\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&.
If \fBnmbd\fR is acting as a \fB browse master\fR (see the \fBlocal master\fR parameter in the \fBsmb.conf\fR(5) man page, \fBnmbd\fR will store the browsing database in the file \fIbrowse\&.dat \fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&.
When run as a WINS server (see the
wins support
parameter in the \fIsmb.conf(5)\fR man page),
\fBnmbd\fR
will store the WINS database in the file \fIwins.dat\fR
in the \fIvar/locks\fR directory configured under
wherever Samba was configured to install itself.
If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master
parameter in the \fIsmb.conf(5)\fR man page,
\fBnmbd\fR
will store the browsing database in the file \fIbrowse.dat
\fR in the \fIvar/locks\fR directory
configured under wherever Samba was configured to install itself.
.SH "SIGNALS"
.PP
To shut down an \fBnmbd\fR process it is recommended
that SIGKILL (-9) \fBNOT\fR be used, except as a last
resort, as this may leave the name database in an inconsistent state.
The correct way to terminate \fBnmbd\fR is to send it
a SIGTERM (-15) signal and wait for it to die on its own.
To shut down an \fBnmbd\fR process it is recommended that SIGKILL (-9) \fBNOT\fR be used, except as a last resort, as this may leave the name database in an inconsistent state\&. The correct way to terminate \fBnmbd\fR is to send it a SIGTERM (-15) signal and wait for it to die on its own\&.
.PP
\fBnmbd\fR will accept SIGHUP, which will cause
it to dump out its namelists into the file \fInamelist.debug
\fR in the \fI/usr/local/samba/var/locks\fR
directory (or the \fIvar/locks\fR directory configured
under wherever Samba was configured to install itself). This will also
cause \fBnmbd\fR to dump out its server database in
the \fIlog.nmb\fR file.
\fBnmbd\fR will accept SIGHUP, which will cause it to dump out its namelists into the file \fInamelist\&.debug \fR in the \fI/usr/local/samba/var/locks\fR directory (or the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself)\&. This will also cause \fBnmbd\fR to dump out its server database in the \fIlog\&.nmb\fR file\&.
.PP
The debug log level of nmbd may be raised or lowered using
\fBsmbcontrol(1)\fR
(SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
to allow transient problems to be diagnosed, whilst still running
at a normally low log level.
The debug log level of nmbd may be raised or lowered using \fBsmbcontrol\fR(1) (SIGUSR[1|2] signals are no longer used since Samba 2\&.2)\&. This is to allow transient problems to be diagnosed, whilst still running at a normally low log level\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBinetd(8)\fR, \fBsmbd(8)\fR
\fIsmb.conf(5)\fR
\fBsmbclient(1)
\fR and the Internet RFC's
\fIrfc1001.txt\fR, \fIrfc1002.txt\fR.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page
http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
\fBinetd\fR(8), \fBsmbd\fR(8), \fBsmb.conf\fR(5), \fBsmbclient\fR(1), \fBtestparm\fR(1), \fBtestprns\fR(1), and the Internet RFC's \fIrfc1001\&.txt\fR, \fIrfc1002\&.txt\fR\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page http://samba\&.org/cifs/\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

287
docs/manpages/nmblookup.1
View File

@ -1,160 +1,185 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "NMBLOOKUP" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "NMBLOOKUP" 1 "" "" ""
.SH NAME
nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names
.SH SYNOPSIS
nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names
.SH "SYNOPSIS"
\fBnmblookup\fR [ \fB-M\fR ] [ \fB-R\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B <broadcast address>\fR ] [ \fB-U <unicast address>\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-i <NetBIOS scope>\fR ] [ \fB-T\fR ] [ \fB-f\fR ] \fBname\fR
.nf
\fBnmblookup\fR [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast
address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>]
[-T] [-f] {name}
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBnmblookup\fR is used to query NetBIOS names
and map them to IP addresses in a network using NetBIOS over TCP/IP
queries. The options allow the name queries to be directed at a
particular IP broadcast area or to a particular machine. All queries
are done over UDP.
\fBnmblookup\fR is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&.
.SH "OPTIONS"
.TP
\fB-M\fR
Searches for a master browser by looking
up the NetBIOS name \fIname\fR with a
type of 0x1d. If \fI name\fR is "-" then it does a lookup on the special name
__MSBROWSE__.
.TP
\fB-R\fR
Set the recursion desired bit in the packet
to do a recursive lookup. This is used when sending a name
query to a machine running a WINS server and the user wishes
to query the names in the WINS server. If this bit is unset
the normal (broadcast responding) NetBIOS processing code
on a machine is used instead. See rfc1001, rfc1002 for details.
.TP
\fB-S\fR
Once the name query has returned an IP
address then do a node status query as well. A node status
query returns the NetBIOS names registered by a host.
.TP
\fB-r\fR
Try and bind to UDP port 137 to send and receive UDP
datagrams. The reason for this option is a bug in Windows 95
where it ignores the source port of the requesting packet
and only replies to UDP port 137. Unfortunately, on most UNIX
systems root privilege is needed to bind to this port, and
in addition, if the nmbd(8)
daemon is running on this machine it also binds to this port.
.TP
\fB-A\fR
Interpret \fIname\fR as
an IP Address and do a node status query on this address.
.TP
\fB-h\fR
Print a help (usage) message.
.TP
\fB-B <broadcast address>\fR
Send the query to the given broadcast address. Without
this option the default behavior of nmblookup is to send the
query to the broadcast address of the network interfaces as
either auto-detected or defined in the \fIinterfaces\fR
parameter of the \fIsmb.conf (5)\fR file.
.TP
\fB-U <unicast address>\fR
Do a unicast query to the specified address or
host \fIunicast address\fR. This option
(along with the \fI-R\fR option) is needed to
query a WINS server.
.TP
\fB-d <debuglevel>\fR
debuglevel is an integer from 0 to 10.
The default value if this parameter is not specified
is zero.
The higher this value, the more detail will be logged
about the activities of \fBnmblookup\fR. At level
0, only critical errors and serious warnings will be logged.
Levels above 1 will generate considerable amounts of
log data, and should only be used when investigating a problem.
Levels above 3 are designed for use only by developers and
generate HUGE amounts of data, most of which is extremely cryptic.
Note that specifying this parameter here will override
the \fI log level\fR parameter in the \fI smb.conf(5)\fR file.
.TP
\fB-s <smb.conf>\fR
This parameter specifies the pathname to
the Samba configuration file, smb.conf(5) This file controls all aspects of
the Samba setup on the machine.
.TP
\fB-i <scope>\fR
This specifies a NetBIOS scope that
\fBnmblookup\fR will use to communicate with when
generating NetBIOS names. For details on the use of NetBIOS
scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
\fBvery\fR rarely used, only set this parameter
if you are the system administrator in charge of all the
NetBIOS systems you communicate with.
.TP
\fB-T\fR
This causes any IP addresses found in the
lookup to be looked up via a reverse DNS lookup into a
DNS name, and printed out before each
-M
Searches for a master browser by looking up the NetBIOS name \fIname\fR with a type of \fB0x1d\fR\&. If \fI name\fR is "-" then it does a lookup on the special name \fB__MSBROWSE__\fR\&. Please note that in order to use the name "-", you need to make sure "-" isn't parsed as an argument, e\&.g\&. use : \fBnmblookup -M -- -\fR\&.
\fBIP address .... NetBIOS name\fR
pair that is the normal output.
.TP
\fB-f\fR
Show which flags apply to the name that has been looked up. Possible
answers are zero or more of: Response, Authoritative,
Truncated, Recursion_Desired, Recursion_Available, Broadcast.
-R
Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&.
.TP
\fBname\fR
This is the NetBIOS name being queried. Depending
upon the previous options this may be a NetBIOS name or IP address.
If a NetBIOS name then the different name types may be specified
by appending '#<type>' to the name. This name may also be
\&'*', which will return all registered names within a broadcast
area.
-S
Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&.
.TP
-r
Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the \fBnmbd\fR(8) daemon is running on this machine it also binds to this port\&.
.TP
-A
Interpret \fIname\fR as an IP Address and do a node status query on this address\&.
.TP
-n <primary NetBIOS name>
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&.
.TP
-i <scope>
This specifies a NetBIOS scope that \fBnmblookup\fR will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are \fBvery\fR rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
.TP
-W|--workgroup=domain
Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
.TP
-O socket options
TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&.
.TP
-h|--help
Print a summary of command line options\&.
.TP
-B <broadcast address>
Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto-detected or defined in the \fIinterfaces\fR parameter of the \fBsmb.conf\fR(5) file\&.
.TP
-U <unicast address>
Do a unicast query to the specified address or host \fIunicast address\fR\&. This option (along with the \fI-R\fR option) is needed to query a WINS server\&.
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.TP
-T
This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each
\fBIP address \&.\&.\&.\&. NetBIOS name\fR
pair that is the normal output\&.
.TP
-f
Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&.
.TP
name
This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending '#<type>' to the name\&. This name may also be '*', which will return all registered names within a broadcast area\&.
.SH "EXAMPLES"
.PP
\fBnmblookup\fR can be used to query
a WINS server (in the same way \fBnslookup\fR is
used to query DNS servers). To query a WINS server,
\fBnmblookup\fR must be called like this:
\fBnmblookup\fR can be used to query a WINS server (in the same way \fBnslookup\fR is used to query DNS servers)\&. To query a WINS server, \fBnmblookup\fR must be called like this:
.PP
\fBnmblookup -U server -R 'name'\fR
.PP
For example, running :
.PP
\fBnmblookup -U samba.org -R 'IRIX#1B'\fR
.PP
would query the WINS server samba.org for the domain
master browser (1B name type) for the IRIX workgroup.
would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd(8)\fR
samba(7) and smb.conf(5)
\fBnmbd\fR(8), \fBsamba\fR(7), and \fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

454
docs/manpages/pdbedit.8
View File

@ -1,279 +1,331 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "PDBEDIT" "8" "30 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "PDBEDIT" 8 "" "" ""
.SH NAME
pdbedit \- manage the SAM database
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-D drive\fR ] [ \fB-S script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i passdb-backend\fR ] [ \fB-e passdb-backend\fR ] [ \fB-g\fR ] [ \fB-b passdb-backend\fR ] [ \fB-d debuglevel\fR ] [ \fB-s configfile\fR ] [ \fB-P account-policy\fR ] [ \fB-V value\fR ]
.nf
\fBpdbedit\fR [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S
script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend]
[-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy]
[-C value]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
.PP
The pdbedit program is used to manage the users accounts
stored in the sam database and can only be run by root.
.PP
The pdbedit tool uses the passdb modular interface and is
independent from the kind of users database used (currently there
are smbpasswd, ldap, nis+ and tdb based and more can be added
without changing the tool).
.PP
There are five main ways to use pdbedit: adding a user account,
removing a user account, modifing a user account, listing user
accounts, importing users accounts.
.SH "OPTIONS"
.TP
\fB-l\fR
This option lists all the user accounts
present in the users database.
This option prints a list of user/uid pairs separated by
the ':' character.
Example: \fBpdbedit -l\fR
.PP
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.
.PP
The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.
.PP
There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.
.SH "OPTIONS"
.TP
-L
This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&.
Example: \fBpdbedit -L\fR
.nf
sorce:500:Simo Sorce
samba:45:Test User
sorce:500:Simo Sorce
samba:45:Test User
.fi
.TP
\fB-v\fR
This option enables the verbose listing format.
It causes pdbedit to list the users in the database, printing
out the account fields in a descriptive format.
-v
This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
Example: \fBpdbedit -l -v\fR
.nf
---------------
username: sorce
user ID/Group: 500/500
user RID/GRID: 2000/2001
Full Name: Simo Sorce
Home Directory: \\\\BERSERKER\\sorce
HomeDir Drive: H:
Logon Script: \\\\BERSERKER\\netlogon\\sorce.bat
Profile Path: \\\\BERSERKER\\profile
---------------
username: samba
user ID/Group: 45/45
user RID/GRID: 1090/1091
Full Name: Test User
Home Directory: \\\\BERSERKER\\samba
HomeDir Drive:
Logon Script:
Profile Path: \\\\BERSERKER\\profile
---------------
username: sorce
user ID/Group: 500/500
user RID/GRID: 2000/2001
Full Name: Simo Sorce
Home Directory: \\\\BERSERKER\\sorce
HomeDir Drive: H:
Logon Script: \\\\BERSERKER\\netlogon\\sorce\&.bat
Profile Path: \\\\BERSERKER\\profile
---------------
username: samba
user ID/Group: 45/45
user RID/GRID: 1090/1091
Full Name: Test User
Home Directory: \\\\BERSERKER\\samba
HomeDir Drive:
Logon Script:
Profile Path: \\\\BERSERKER\\profile
.fi
.TP
\fB-w\fR
This option sets the "smbpasswd" listing format.
It will make pdbedit list the users in the database, printing
out the account fields in a format compatible with the
\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details)
Example: \fBpdbedit -l -w\fR
.nf
sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
.fi
.TP
\fB-u username\fR
This option specifies the username to be
used for the operation requested (listing, adding, removing).
It is \fBrequired\fR in add, remove and modify
operations and \fBoptional\fR in list
operations.
-w
This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the \fIsmbpasswd\fR file format\&. (see the \fBsmbpasswd\fR(5) for details)
Example: \fBpdbedit -L -w\fR
sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
.TP
\fB-f fullname\fR
This option can be used while adding or
modifing a user account. It will specify the user's full
name.
-u username
This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations\&.
.TP
-f fullname
This option can be used while adding or modifing a user account\&. It will specify the user's full name\&.
Example: \fB-f "Simo Sorce"\fR
.TP
\fB-h homedir\fR
This option can be used while adding or
modifing a user account. It will specify the user's home
directory network path.
Example: \fB-h "\\\\\\\\BERSERKER\\\\sorce"\fR
.TP
\fB-D drive\fR
This option can be used while adding or
modifing a user account. It will specify the windows drive
letter to be used to map the home directory.
-h homedir
This option can be used while adding or modifing a user account\&. It will specify the user's home directory network path\&.
Example: \fB-h "\\\\BERSERKER\\sorce"\fR
.TP
-D drive
This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.
Example: \fB-d "H:"\fR
.TP
\fB-S script\fR
This option can be used while adding or
modifing a user account. It will specify the user's logon
script path.
Example: \fB-s "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce.bat"\fR
.TP
\fB-p profile\fR
This option can be used while adding or
modifing a user account. It will specify the user's profile
directory.
Example: \fB-p "\\\\\\\\BERSERKER\\\\netlogon"\fR
.TP
\fB-a\fR
This option is used to add a user into the
database. This command needs a user name specified with
the -u switch. When adding a new user, pdbedit will also
ask for the password to be used.
-S script
This option can be used while adding or modifing a user account\&. It will specify the user's logon script path\&.
Example: \fB-s "\\\\BERSERKER\\netlogon\\sorce.bat"\fR
.TP
-p profile
This option can be used while adding or modifing a user account\&. It will specify the user's profile directory\&.
Example: \fB-p "\\\\BERSERKER\\netlogon"\fR
.TP
-G SID|rid
This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&.
Example: \fB-G S-1-5-21-2447931902-1787058256-3961074038-1201\fR
.TP
-U SID|rid
This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&.
Example: \fB-U S-1-5-21-2447931902-1787058256-3961074038-5004\fR
.TP
-c account-control
This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags that can be set are: N, D, H, L, X\&.
Example: \fB-c "[X ]"\fR
.TP
-a
This option is used to add a user into the database\&. This command needs a user name specified with the -u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.
Example: \fBpdbedit -a -u sorce\fR
.nf
new password:
retype new password
retype new password
.fi
.TP
\fB-m\fR
This option may only be used in conjunction
with the \fI-a\fR option. It will make
pdbedit to add a machine trust account instead of a user
account (-u username will provide the machine name).
-r
This option is used to modify an existing user in the database\&. This command needs a user name specified with the -u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.
.TP
-m
This option may only be used in conjunction with the \fI-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (-u username will provide the machine name)\&.
Example: \fBpdbedit -a -m -u w2k-wks\fR
.TP
\fB-x\fR
This option causes pdbedit to delete an account
from the database. It needs a username specified with the
-u switch.
-x
This option causes pdbedit to delete an account from the database\&. It needs a username specified with the -u switch\&.
Example: \fBpdbedit -x -u bob\fR
.TP
\fB-i passdb-backend\fR
Use a different passdb backend to retrieve users
than the one specified in smb.conf. Can be used to import data into
your local user database.
-i passdb-backend
Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.
This option will ease migration from one passdb backend to another\&.
Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old \fR
This option will ease migration from one passdb backend to
another.
Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old
\fR
.TP
\fB-e passdb-backend\fR
Exports all currently available users to the
specified password database backend.
-e passdb-backend
Exports all currently available users to the specified password database backend\&.
This option will ease migration from one passdb backend to another and will ease backing up\&.
This option will ease migration from one passdb backend to
another and will ease backing up.
Example: \fBpdbedit -e smbpasswd:/root/samba-users.backup\fR
.TP
\fB-g\fR
If you specify \fI-g\fR,
then \fI-i in-backend -e out-backend\fR
applies to the group mapping instead of the user database.
This option will ease migration from one passdb backend to
another and will ease backing up.
.TP
\fB-b passdb-backend\fR
Use a different default passdb backend.
-g
If you specify \fI-g\fR, then \fI-i in-backend -e out-backend\fR applies to the group mapping instead of the user database\&.
This option will ease migration from one passdb backend to another and will ease backing up\&.
.TP
-b passdb-backend
Use a different default passdb backend\&.
Example: \fBpdbedit -b xml:/root/pdb-backup.xml -l\fR
.TP
\fB-P account-policy\fR
-P account-policy
Display an account policy
Valid policies are: minimum password age, reset count minutes, disconnect time,
user must logon to change password, password history, lockout duration, min password length,
maximum password age and bad lockout attempt.
Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.
Example: \fBpdbedit -P "bad lockout attempt"\fR
.nf
account policy value for bad lockout attempt is 0
.fi
.TP
\fB-V account-policy-value\fR
Sets an account policy to a specified value.
This option may only be used in conjunction
with the \fI-P\fR option.
Example: \fBpdbedit -P "bad lockout attempt" -V 3\fR
account policy value for bad lockout attempt is 0
.fi
.TP
-C account-policy-value
Sets an account policy to a specified value\&. This option may only be used in conjunction with the \fI-P\fR option\&.
Example: \fBpdbedit -P "bad lockout attempt" -C 3\fR
.nf
account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
.fi
.TP
\fB-d|--debug=debuglevel\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
.TP
-h|--help
Print a summary of command line options\&.
Note that specifying this parameter here will
override the log
level file.
.TP
\fB-h|--help\fR
Print a summary of command line options.
-V
Prints the version number for \fBsmbd\fR\&.
.TP
\fB-s <configuration file>\fR
The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See \fIsmb.conf(5)\fR for more information.
The default configuration file name is determined at
compile time.
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.SH "NOTES"
.PP
This command may be used only by root.
This command may be used only by root\&.
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
smbpasswd(8)
samba(7)
\fBsmbpasswd\fR(5), \fBsamba\fR(7)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

884
docs/manpages/rpcclient.1
View File

@ -1,358 +1,616 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "RPCCLIENT" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "RPCCLIENT" 1 "" "" ""
.SH NAME
rpcclient \- tool for executing client side MS-RPC functions
.SH SYNOPSIS
rpcclient \- tool for executing client side MS-RPC functions
.SH "SYNOPSIS"
\fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c <command string>\fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s <smb config file>\fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] [ \fB-I destinationIP\fR ] \fBserver\fR
.nf
\fBrpcclient\fR [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile]
[-N] [-s <smb config file>] [-U username[%password]] [-W workgroup]
[-N] [-I destinationIP] {server}
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBrpcclient\fR is a utility initially developed
to test MS-RPC functionality in Samba itself. It has undergone
several stages of development and stability. Many system administrators
have now written scripts around it to manage Windows NT clients from
their UNIX workstation.
\fBrpcclient\fR is a utility initially developed to test MS-RPC functionality in Samba itself\&. It has undergone several stages of development and stability\&. Many system administrators have now written scripts around it to manage Windows NT clients from their UNIX workstation\&.
.SH "OPTIONS"
.TP
\fBserver\fR
NetBIOS name of Server to which to connect.
The server can be any SMB/CIFS server. The name is
resolved using the \fIname resolve order\fR line from
\fIsmb.conf(5)\fR.
server
NetBIOS name of Server to which to connect\&. The server can be any SMB/CIFS server\&. The name is resolved using the \fIname resolve order\fR line from \fBsmb.conf\fR(5)\&.
.TP
\fB-A|--authfile=filename\fR
This option allows
you to specify a file from which to read the username and
password used in the connection. The format of the file is
-c|--command='command string'
execute semicolon separated commands (listed below))
.TP
-I IP-address
\fIIP address\fR is the address of the server to connect to\&. It should be specified in standard "a\&.b\&.c\&.d" notation\&.
Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name resolution mechanism described above in the \fIname resolve order\fR parameter above\&. Using this parameter will force the client to assume that the server is on the machine with the specified IP address and the NetBIOS name component of the resource being connected to will be ignored\&.
There is no default for this parameter\&. If not supplied, it will be determined automatically by the client as described above\&.
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.TP
-N
If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
.TP
-k
Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
.TP
-A|--authfile=filename
This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
.nf
username = <value>
password = <value>
domain = <value>
username = <value>
password = <value>
domain = <value>
.fi
Make certain that the permissions on the file restrict
access from unwanted users.
.TP
\fB-c|--command='command string'\fR
execute semicolon separated commands (listed
below))
.TP
\fB-d|--debug=debuglevel\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Make certain that the permissions on the file restrict access from unwanted users\&.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will
override the log
level file.
.TP
\fB-h|--help\fR
Print a summary of command line options.
.TP
\fB-I IP-address\fR
\fIIP address\fR is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation.
-U|--user=username[%password]
Sets the SMB username or username and password\&.
Normally the client would attempt to locate a named
SMB/CIFS server by looking it up via the NetBIOS name resolution
mechanism described above in the \fIname resolve order\fR
parameter above. Using this parameter will force the client
to assume that the server is on the machine with the specified IP
address and the NetBIOS name component of the resource being
connected to will be ignored.
There is no default for this parameter. If not supplied,
it will be determined automatically by the client as described
above.
.TP
\fB-l|--logfile=logbasename\fR
File name for log/debug files. The extension
\&'.client' will be appended. The log file is
never removed by the client.
.TP
\fB-N|--nopass\fR
instruct \fBrpcclient\fR not to ask
for a password. By default, \fBrpcclient\fR will
prompt for a password. See also the \fI-U\fR
option.
.TP
\fB-s|--conf=smb.conf\fR
Specifies the location of the all-important
\fIsmb.conf\fR file.
.TP
\fB-U|--user=username[%password]\fR
Sets the SMB username or username and password.
If %password is not specified, the user will be prompted\&. The client will first check the \fBUSER\fR environment variable, then the \fBLOGNAME\fR variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username \fBGUEST\fR is used\&.
If %password is not specified, the user will be prompted. The
client will first check the \fBUSER\fR environment variable, then the
\fBLOGNAME\fR variable and if either exists, the
string is uppercased. If these environmental variables are not
found, the username GUEST is used.
A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
\fI-A\fR for more details.
A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the \fI-A\fR for more details\&.
Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the \fBps\fR command\&. To be safe always allow \fBrpcclient\fR to prompt for a password and type it in directly\&.
Be cautious about including passwords in scripts. Also, on
many systems the command line of a running process may be seen
via the \fBps\fR command. To be safe always allow
\fBrpcclient\fR to prompt for a password and type
it in directly.
.TP
\fB-W|--workgroup=domain\fR
Set the SMB domain of the username. This
overrides the default domain which is the domain defined in
smb.conf. If the domain specified is the same as the server's NetBIOS name,
it causes the client to log on using the server's local SAM (as
opposed to the Domain SAM).
-n <primary NetBIOS name>
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&.
.TP
-i <scope>
This specifies a NetBIOS scope that \fBnmblookup\fR will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are \fBvery\fR rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
.TP
-W|--workgroup=domain
Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
.TP
-O socket options
TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&.
.TP
-h|--help
Print a summary of command line options\&.
.SH "COMMANDS"
.SS "LSARPC"
.TP
lsaquery
Query info policy
.TP
lookupsids
Resolve a list of SIDs to usernames\&.
.TP
lookupnames
Resolve a list of usernames to SIDs\&.
.TP
enumtrusts
Enumerate trusted domains
.TP
enumprivs
Enumerate privileges
.TP
getdispname
Get the privilege name
.TP
lsaenumsid
Enumerate the LSA SIDS
.TP
lsaenumprivsaccount
Enumerate the privileges of an SID
.TP
lsaenumacctrights
Enumerate the rights of an SID
.TP
lsaenumacctwithright
Enumerate accounts with a right
.TP
lsaaddacctrights
Add rights to an account
.TP
lsaremoveacctrights
Remove rights from an account
.TP
lsalookupprivvalue
Get a privilege value given its name
.TP
lsaquerysecobj
Query LSA security object
.SS "LSARPC-DS"
.TP
dsroledominfo
Get Primary Domain Information
.PP
\fBLSARPC\fR
.TP 0.2i
\(bu
\fBlsaquery\fR
.TP 0.2i
\(bu
\fBlookupsids\fR - Resolve a list
of SIDs to usernames.
.TP 0.2i
\(bu
\fBlookupnames\fR - Resolve a list
of usernames to SIDs.
.TP 0.2i
\(bu
\fBenumtrusts\fR
.PP
.PP
\fBSAMR\fR
.TP 0.2i
\(bu
\fBqueryuser\fR
.TP 0.2i
\(bu
\fBquerygroup\fR
.TP 0.2i
\(bu
\fBqueryusergroups\fR
.TP 0.2i
\(bu
\fBquerygroupmem\fR
.TP 0.2i
\(bu
\fBqueryaliasmem\fR
.TP 0.2i
\(bu
\fBquerydispinfo\fR
.TP 0.2i
\(bu
\fBquerydominfo\fR
.TP 0.2i
\(bu
\fBenumdomgroups\fR
.PP
.PP
\fBSPOOLSS\fR
.TP 0.2i
\(bu
\fBadddriver <arch> <config>\fR
- Execute an AddPrinterDriver() RPC to install the printer driver
information on the server. Note that the driver files should
already exist in the directory returned by
\fBgetdriverdir\fR. Possible values for
\fIarch\fR are the same as those for
the \fBgetdriverdir\fR command.
The \fIconfig\fR parameter is defined as
follows:
\fBDFS\fR
.TP
dfsexist
Query DFS support
.TP
dfsadd
Add a DFS share
.TP
dfsremove
Remove a DFS share
.TP
dfsgetinfo
Query DFS share info
.TP
dfsenum
Enumerate dfs shares
.SS "REG"
.TP
shutdown
Remote Shutdown
.TP
abortshutdown
Abort Shutdown
.SS "SRVSVC"
.TP
srvinfo
Server query info
.TP
netshareenum
Enumerate shares
.TP
netfileenum
Enumerate open files
.TP
netremotetod
Fetch remote time of day
.SS "SAMR"
.TP
queryuser
Query user info
.TP
querygroup
Query group info
.TP
queryusergroups
Query user groups
.TP
querygroupmem
Query group membership
.TP
queryaliasmem
Query alias membership
.TP
querydispinfo
Query display info
.TP
querydominfo
Query domain info
.TP
enumdomusers
Enumerate domain users
.TP
enumdomgroups
Enumerate domain groups
.TP
enumalsgroups
Enumerate alias groups
.TP
createdomuser
Create domain user
.TP
samlookupnames
Look up names
.TP
samlookuprids
Look up names
.TP
deletedomuser
Delete domain user
.TP
samquerysecobj
Query SAMR security object
.TP
getdompwinfo
Retrieve domain password info
.TP
lookupdomain
Look up domain
.SS "SPOOLSS"
.TP
adddriver <arch> <config>
Execute an AddPrinterDriver() RPC to install the printer driver information on the server\&. Note that the driver files should already exist in the directory returned by \fBgetdriverdir\fR\&. Possible values for \fIarch\fR are the same as those for the \fBgetdriverdir\fR command\&. The \fIconfig\fR parameter is defined as follows:
.nf
Long Printer Name:\\
Driver File Name:\\
Data File Name:\\
Config File Name:\\
Help File Name:\\
Language Monitor Name:\\
Default Data Type:\\
Comma Separated list of Files
Long Printer Name:\\
Driver File Name:\\
Data File Name:\\
Config File Name:\\
Help File Name:\\
Language Monitor Name:\\
Default Data Type:\\
Comma Separated list of Files
.fi
Any empty fields should be enter as the string "NULL".
Samba does not need to support the concept of Print Monitors
since these only apply to local printers whose driver can make
use of a bi-directional link for communication. This field should
be "NULL". On a remote NT print server, the Print Monitor for a
driver must already be installed prior to adding the driver or
else the RPC will fail.
.TP 0.2i
\(bu
\fBaddprinter <printername>
<sharename> <drivername> <port>\fR
- Add a printer on the remote server. This printer
will be automatically shared. Be aware that the printer driver
must already be installed on the server (see \fBadddriver\fR)
and the \fIport\fRmust be a valid port name (see
\fBenumports\fR.
.TP 0.2i
\(bu
\fBdeldriver\fR - Delete the
specified printer driver for all architectures. This
does not delete the actual driver files from the server,
only the entry from the server's list of drivers.
.TP 0.2i
\(bu
\fBenumdata\fR - Enumerate all
printer setting data stored on the server. On Windows NT clients,
these values are stored in the registry, while Samba servers
store them in the printers TDB. This command corresponds
to the MS Platform SDK GetPrinterData() function (* This
command is currently unimplemented).
.TP 0.2i
\(bu
\fBenumjobs <printer>\fR
- List the jobs and status of a given printer.
This command corresponds to the MS Platform SDK EnumJobs()
function (* This command is currently unimplemented).
.TP 0.2i
\(bu
\fBenumports [level]\fR
- Executes an EnumPorts() call using the specified
info level. Currently only info levels 1 and 2 are supported.
.TP 0.2i
\(bu
\fBenumdrivers [level]\fR
- Execute an EnumPrinterDrivers() call. This lists the various installed
printer drivers for all architectures. Refer to the MS Platform SDK
documentation for more details of the various flags and calling
options. Currently supported info levels are 1, 2, and 3.
.TP 0.2i
\(bu
\fBenumprinters [level]\fR
- Execute an EnumPrinters() call. This lists the various installed
and share printers. Refer to the MS Platform SDK documentation for
more details of the various flags and calling options. Currently
supported info levels are 0, 1, and 2.
.TP 0.2i
\(bu
\fBgetdata <printername>\fR
- Retrieve the data for a given printer setting. See
the \fBenumdata\fR command for more information.
This command corresponds to the GetPrinterData() MS Platform
SDK function (* This command is currently unimplemented).
.TP 0.2i
\(bu
\fBgetdriver <printername>\fR
- Retrieve the printer driver information (such as driver file,
config file, dependent files, etc...) for
the given printer. This command corresponds to the GetPrinterDriver()
MS Platform SDK function. Currently info level 1, 2, and 3 are supported.
.TP 0.2i
\(bu
\fBgetdriverdir <arch>\fR
- Execute a GetPrinterDriverDirectory()
RPC to retrieve the SMB share name and subdirectory for
storing printer driver files for a given architecture. Possible
values for \fIarch\fR are "Windows 4.0"
(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
Alpha_AXP", and "Windows NT R4000".
.TP 0.2i
\(bu
\fBgetprinter <printername>\fR
- Retrieve the current printer information. This command
corresponds to the GetPrinter() MS Platform SDK function.
.TP 0.2i
\(bu
\fBopenprinter <printername>\fR
- Execute an OpenPrinterEx() and ClosePrinter() RPC
against a given printer.
.TP 0.2i
\(bu
\fBsetdriver <printername>
<drivername>\fR
- Execute a SetPrinter() command to update the printer driver
associated with an installed printer. The printer driver must
already be correctly installed on the print server.
Any empty fields should be enter as the string "NULL"\&.
Samba does not need to support the concept of Print Monitors since these only apply to local printers whose driver can make use of a bi-directional link for communication\&. This field should be "NULL"\&. On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or else the RPC will fail\&.
.TP
addprinter <printername> <sharename> <drivername> <port>
Add a printer on the remote server\&. This printer will be automatically shared\&. Be aware that the printer driver must already be installed on the server (see \fBadddriver\fR) and the \fIport\fRmust be a valid port name (see \fBenumports\fR\&.
.TP
deldriver
Delete the specified printer driver for all architectures\&. This does not delete the actual driver files from the server, only the entry from the server's list of drivers\&.
.TP
enumdata
Enumerate all printer setting data stored on the server\&. On Windows NT clients, these values are stored in the registry, while Samba servers store them in the printers TDB\&. This command corresponds to the MS Platform SDK GetPrinterData() function (* This command is currently unimplemented)\&.
.TP
enumdataex
Enumerate printer data for a key
.TP
enumjobs <printer>
List the jobs and status of a given printer\&. This command corresponds to the MS Platform SDK EnumJobs() function
.TP
enumkey
Enumerate printer keys
.TP
enumports [level]
Executes an EnumPorts() call using the specified info level\&. Currently only info levels 1 and 2 are supported\&.
.TP
enumdrivers [level]
Execute an EnumPrinterDrivers() call\&. This lists the various installed printer drivers for all architectures\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 1, 2, and 3\&.
.TP
enumprinters [level]
Execute an EnumPrinters() call\&. This lists the various installed and share printers\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 1, 2 and 5\&.
.TP
getdata <printername> <valuename;>
Retrieve the data for a given printer setting\&. See the \fBenumdata\fR command for more information\&. This command corresponds to the GetPrinterData() MS Platform SDK function\&.
.TP
getdataex
Get printer driver data with keyname
.TP
getdriver <printername>
Retrieve the printer driver information (such as driver file, config file, dependent files, etc\&.\&.\&.) for the given printer\&. This command corresponds to the GetPrinterDriver() MS Platform SDK function\&. Currently info level 1, 2, and 3 are supported\&.
.TP
getdriverdir <arch>
Execute a GetPrinterDriverDirectory() RPC to retrieve the SMB share name and subdirectory for storing printer driver files for a given architecture\&. Possible values for \fIarch\fR are "Windows 4\&.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows Alpha_AXP", and "Windows NT R4000"\&.
.TP
getprinter <printername>
Retrieve the current printer information\&. This command corresponds to the GetPrinter() MS Platform SDK function\&.
.TP
getprintprocdir
Get print processor directory
.TP
openprinter <printername>
Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer\&.
.TP
setdriver <printername> <drivername>
Execute a SetPrinter() command to update the printer driver associated with an installed printer\&. The printer driver must already be correctly installed on the print server\&.
See also the \fBenumprinters\fR and \fBenumdrivers\fR commands for obtaining a list of of installed printers and drivers\&.
.TP
addform
Add form
.TP
setform
Set form
.TP
getform
Get form
.TP
deleteform
Delete form
.TP
enumforms
Enumerate form
.TP
setprinter
Set printer comment
.TP
setprinterdata
Set REG_SZ printer data
.TP
rffpcnex
Rffpcnex test
.SS "NETLOGON"
.TP
logonctrl2
Logon Control 2
.TP
logonctrl
Logon Control
.TP
samsync
Sam Synchronisation
.TP
samdeltas
Query Sam Deltas
.TP
samlogon
Sam Logon
.SS "GENERAL COMMANDS"
.TP
debuglevel
Set the current debug level used to log information\&.
.TP
help (?)
Print a listing of all known commands or extended help on a particular command\&.
.TP
quit (exit)
Exit \fBrpcclient \fR\&.
See also the \fBenumprinters\fR and
\fBenumdrivers\fR commands for obtaining a list of
of installed printers and drivers.
.PP
\fBGENERAL OPTIONS\fR
.TP 0.2i
\(bu
\fBdebuglevel\fR - Set the current
debug level used to log information.
.TP 0.2i
\(bu
\fBhelp (?)\fR - Print a listing of all
known commands or extended help on a particular command.
.TP 0.2i
\(bu
\fBquit (exit)\fR - Exit \fBrpcclient
\fR.
.SH "BUGS"
.PP
\fBrpcclient\fR is designed as a developer testing tool
and may not be robust in certain areas (such as command line parsing).
It has been known to generate a core dump upon failures when invalid
parameters where passed to the interpreter.
\fBrpcclient\fR is designed as a developer testing tool and may not be robust in certain areas (such as command line parsing)\&. It has been known to generate a core dump upon failures when invalid parameters where passed to the interpreter\&.
.PP
From Luke Leighton's original rpcclient man page:
.PP
\fB"WARNING!\fR The MSRPC over SMB code has
been developed from examining Network traces. No documentation is
available from the original creators (Microsoft) on how MSRPC over
SMB works, or how the individual MSRPC services work. Microsoft's
implementation of these services has been demonstrated (and reported)
to be... a bit flaky in places.
\fBWARNING!\fR The MSRPC over SMB code has been developed from examining Network traces\&. No documentation is available from the original creators (Microsoft) on how MSRPC over SMB works, or how the individual MSRPC services work\&. Microsoft's implementation of these services has been demonstrated (and reported) to be\&.\&.\&. a bit flaky in places\&.
.PP
The development of Samba's implementation is also a bit rough,
and as more of the services are understood, it can even result in
versions of \fBsmbd(8)\fR and \fBrpcclient(1)\fR
that are incompatible for some commands or services. Additionally,
the developers are sending reports to Microsoft, and problems found
or reported to Microsoft are fixed in Service Packs, which may
result in incompatibilities."
The development of Samba's implementation is also a bit rough, and as more of the services are understood, it can even result in versions of \fBsmbd\fR(8) and \fBrpcclient\fR(1) that are incompatible for some commands or services\&. Additionally, the developers are sending reports to Microsoft, and problems found or reported to Microsoft are fixed in Service Packs, which may result in incompatibilities\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of the Samba
suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original rpcclient man page was written by Matthew
Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.
The conversion to DocBook for Samba 2.2 was done by Gerald
Carter.
The original rpcclient man page was written by Matthew Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

7757
docs/manpages/smb.conf.5
View File

File diff suppressed because it is too large Load Diff

312
docs/manpages/smbcacls.1
View File

@ -1,82 +1,135 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBCACLS" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBCACLS" 1 "" "" ""
.SH NAME
smbcacls \- Set or get ACLs on an NT file or directory names
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ] [ \fB-A acls\fR ] [ \fB-M acls\fR ] [ \fB-D acls\fR ] [ \fB-S acls\fR ] [ \fB-C name\fR ] [ \fB-G name\fR ] [ \fB-n\fR ] [ \fB-h\fR ]
.nf
\fBsmbcacls\fR {//server/share} {filename} [-D acls] [-M acls] [-A acls] [-S acls] [-C name] [-G name] [-n] [-t] [-U username] [-h] [-d]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
The \fBsmbcacls\fR program manipulates NT Access Control
Lists (ACLs) on SMB file shares.
The \fBsmbcacls\fR program manipulates NT Access Control Lists (ACLs) on SMB file shares\&.
.SH "OPTIONS"
.PP
The following options are available to the \fBsmbcacls\fR program.
The format of ACLs is described in the section ACL FORMAT
.TP
\fB-A acls\fR
Add the ACLs specified to the ACL list. Existing
access control entries are unchanged.
.TP
\fB-M acls\fR
Modify the mask value (permissions) for the ACLs
specified on the command line. An error will be printed for each
ACL specified that was not already present in the ACL list
.TP
\fB-D acls\fR
Delete any ACLs specified on the command line.
An error will be printed for each ACL specified that was not
already present in the ACL list.
.TP
\fB-S acls\fR
This command sets the ACLs on the file with
only the ones specified on the command line. All other ACLs are
erased. Note that the ACL specified must contain at least a revision,
type, owner and group for the call to succeed.
.TP
\fB-U username\fR
Specifies a username used to connect to the
specified service. The username may be of the form "username" in
which case the user is prompted to enter in a password and the
workgroup specified in the \fIsmb.conf\fR file is
used, or "username%password" or "DOMAIN\\username%password" and the
password and workgroup names are used as provided.
.TP
\fB-C name\fR
The owner of a file or directory can be changed
to the name given using the \fI-C\fR option.
The name can be a sid in the form S-1-x-y-z or a name resolved
against the server specified in the first argument.
The following options are available to the \fBsmbcacls\fR program\&. The format of ACLs is described in the section ACL FORMAT
This command is a shortcut for -M OWNER:name.
.TP
\fB-G name\fR
The group owner of a file or directory can
be changed to the name given using the \fI-G\fR
option. The name can be a sid in the form S-1-x-y-z or a name
resolved against the server specified n the first argument.
-A acls
Add the ACLs specified to the ACL list\&. Existing access control entries are unchanged\&.
This command is a shortcut for -M GROUP:name.
.TP
\fB-n\fR
This option displays all ACL information in numeric
format. The default is to convert SIDs to names and ACE types
and masks to a readable string format.
-M acls
Modify the mask value (permissions) for the ACLs specified on the command line\&. An error will be printed for each ACL specified that was not already present in the ACL list
.TP
\fB-h\fR
Print usage information on the \fBsmbcacls
\fR program.
-D acls
Delete any ACLs specified on the command line\&. An error will be printed for each ACL specified that was not already present in the ACL list\&.
.TP
-S acls
This command sets the ACLs on the file with only the ones specified on the command line\&. All other ACLs are erased\&. Note that the ACL specified must contain at least a revision, type, owner and group for the call to succeed\&.
.TP
-U username
Specifies a username used to connect to the specified service\&. The username may be of the form "username" in which case the user is prompted to enter in a password and the workgroup specified in the \fBsmb.conf\fR(5) file is used, or "username%password" or "DOMAIN\\username%password" and the password and workgroup names are used as provided\&.
.TP
-C name
The owner of a file or directory can be changed to the name given using the \fI-C\fR option\&. The name can be a sid in the form S-1-x-y-z or a name resolved against the server specified in the first argument\&.
This command is a shortcut for -M OWNER:name\&.
.TP
-G name
The group owner of a file or directory can be changed to the name given using the \fI-G\fR option\&. The name can be a sid in the form S-1-x-y-z or a name resolved against the server specified n the first argument\&.
This command is a shortcut for -M GROUP:name\&.
.TP
-n
This option displays all ACL information in numeric format\&. The default is to convert SIDs to names and ACE types and masks to a readable string format\&.
.TP
-t
Don't actually do anything, only validate the correctness of the arguments\&.
.TP
-h|--help
Print a summary of command line options\&.
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.SH "ACL FORMAT"
.PP
The format of an ACL is one or more ACL entries separated by
either commas or newlines. An ACL entry is one of the following:
The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
.PP
.nf
@ -85,104 +138,109 @@ REVISION:<revision number>
OWNER:<sid or name>
GROUP:<sid or name>
ACL:<sid or name>:<type>/<flags>/<mask>
.fi
.PP
The revision of the ACL specifies the internal Windows
NT ACL revision for the security descriptor.
If not specified it defaults to 1. Using values other than 1 may
cause strange behaviour.
The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor\&. If not specified it defaults to 1\&. Using values other than 1 may cause strange behaviour\&.
.PP
The owner and group specify the owner and group sids for the
object. If a SID in the format CWS-1-x-y-z is specified this is used,
otherwise the name specified is resolved using the server on which
the file or directory resides.
The owner and group specify the owner and group sids for the object\&. If a SID in the format CWS-1-x-y-z is specified this is used, otherwise the name specified is resolved using the server on which the file or directory resides\&.
.PP
ACLs specify permissions granted to the SID. This SID again
can be specified in CWS-1-x-y-z format or as a name in which case
it is resolved against the server on which the file or directory
resides. The type, flags and mask values determine the type of
access granted to the SID.
ACLs specify permissions granted to the SID\&. This SID again can be specified in CWS-1-x-y-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
.PP
The type can be either 0 or 1 corresponding to ALLOWED or
DENIED access to the SID. The flags values are generally
zero for file ACLs and either 9 or 2 for directory ACLs. Some
common flags are:
.TP 0.2i
The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to the SID\&. The flags values are generally zero for file ACLs and either 9 or 2 for directory ACLs\&. Some common flags are:
.TP 3
\(bu
#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
.TP 0.2i
\fB#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1\fR
.TP
\(bu
#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
.TP 0.2i
\fB#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2\fR
.TP
\(bu
#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
.TP 0.2i
\fB#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4\fR
.TP
\(bu
#define SEC_ACE_FLAG_INHERIT_ONLY 0x8
\fB#define SEC_ACE_FLAG_INHERIT_ONLY 0x8\fR
.LP
.PP
At present flags can only be specified as decimal or
hexadecimal values.
At present flags can only be specified as decimal or hexadecimal values\&.
.PP
The mask is a value which expresses the access right
granted to the SID. It can be given as a decimal or hexadecimal value,
or by using one of the following text strings which map to the NT
file permissions of the same name.
.TP 0.2i
The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
.TP 3
\(bu
\fBR\fR - Allow read access
.TP 0.2i
\fBR\fR - Allow read access
.TP
\(bu
\fBW\fR - Allow write access
.TP 0.2i
.TP
\(bu
\fBX\fR - Execute permission on the object
.TP 0.2i
.TP
\(bu
\fBD\fR - Delete the object
.TP 0.2i
.TP
\(bu
\fBP\fR - Change permissions
.TP 0.2i
.TP
\(bu
\fBO\fR - Take ownership
.LP
.PP
The following combined permissions can be specified:
.TP 0.2i
.TP 3
\(bu
\fBREAD\fR - Equivalent to 'RX'
permissions
.TP 0.2i
\fBREAD\fR - Equivalent to 'RX' permissions
.TP
\(bu
\fBCHANGE\fR - Equivalent to 'RXWD' permissions
.TP 0.2i
.TP
\(bu
\fBFULL\fR - Equivalent to 'RWXDPO'
permissions
\fBFULL\fR - Equivalent to 'RWXDPO' permissions
.LP
.SH "EXIT STATUS"
.PP
The \fBsmbcacls\fR program sets the exit status
depending on the success or otherwise of the operations performed.
The exit status may be one of the following values.
The \fBsmbcacls\fR program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
.PP
If the operation succeeded, smbcacls returns and exit
status of 0. If \fBsmbcacls\fR couldn't connect to the specified server,
or there was an error getting or setting the ACLs, an exit status
of 1 is returned. If there was an error parsing any command line
arguments, an exit status of 2 is returned.
If the operation succeeded, smbcacls returns and exit status of 0\&. If \fBsmbcacls\fR couldn't connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
\fBsmbcacls\fR was written by Andrew Tridgell
and Tim Potter.
\fBsmbcacls\fR was written by Andrew Tridgell and Tim Potter\&.
.PP
The conversion to DocBook for Samba 2.2 was done
by Gerald Carter
The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

1181
docs/manpages/smbclient.1
View File

File diff suppressed because it is too large Load Diff

313
docs/manpages/smbcontrol.1
View File

@ -1,151 +1,216 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBCONTROL" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBCONTROL" 1 "" "" ""
.SH NAME
smbcontrol \- send messages to smbd, nmbd or winbindd processes
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbcontrol\fR [ \fB-i\fR ]
.nf
\fBsmbcontrol\fR [-i] [-s]
.fi
\fBsmbcontrol\fR [ \fBdestination\fR ] [ \fBmessage-type\fR ] [ \fBparameter\fR ]
.nf
\fBsmbcontrol\fR [destination] [message-type] [parameter]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBsmbcontrol\fR is a very small program, which
sends messages to an smbd(8)
an nmbd(8)
or a winbindd(8)
daemon running on the system.
\fBsmbcontrol\fR is a very small program, which sends messages to a \fBsmbd\fR(8), a \fBnmbd\fR(8), or a \fBwinbindd\fR(8) daemon running on the system\&.
.SH "OPTIONS"
.TP
\fB-i\fR
Run interactively. Individual commands
of the form destination message-type parameters can be entered
on STDIN. An empty command line or a "q" will quit the
program.
-h|--help
Print a summary of command line options\&.
.TP
\fBdestination\fR
One of \fInmbd\fR
\fIsmbd\fR or a process ID.
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
The \fIsmbd\fR destination causes the
message to "broadcast" to all smbd daemons.
The \fInmbd\fR destination causes the
message to be sent to the nmbd daemon specified in the
\fInmbd.pid\fR file.
If a single process ID is given, the message is sent
to only that process.
.TP
\fBmessage-type\fR
One of: close-share,
debug,
force-election, ping
, profile, debuglevel, profilelevel,
or printnotify.
-i
Run interactively\&. Individual commands of the form destination message-type parameters can be entered on STDIN\&. An empty command line or a "q" will quit the program\&.
The close-share message-type sends a
message to smbd which will then close the client connections to
the named share. Note that this doesn't affect client connections
to any other shares. This message-type takes an argument of the
share name for which client connections will be closed, or the
"*" character which will close all currently open shares.
This may be useful if you made changes to the access controls on the share.
This message can only be sent to smbd.
The debug message-type allows
the debug level to be set to the value specified by the
parameter. This can be sent to any of the destinations.
The force-election message-type can only be
sent to the nmbd destination. This message
causes the \fBnmbd\fR daemon to force a new browse
master election.
The ping message-type sends the
number of "ping" messages specified by the parameter and waits
for the same number of reply "pong" messages. This can be sent to
any of the destinations.
The profile message-type sends a
message to an smbd to change the profile settings based on the
parameter. The parameter can be "on" to turn on profile stats
collection, "off" to turn off profile stats collection, "count"
to enable only collection of count stats (time stats are
disabled), and "flush" to zero the current profile stats. This can
be sent to any smbd or nmbd destinations.
The debuglevel message-type sends
a "request debug level" message. The current debug level setting
is returned by a "debuglevel" message. This can be
sent to any of the destinations.
The profilelevel message-type sends
a "request profile level" message. The current profile level
setting is returned by a "profilelevel" message. This can be sent
to any smbd or nmbd destinations.
The printnotify message-type sends a
message to smbd which in turn sends a printer notify message to
any Windows NT clients connected to a printer. This message-type
takes the following arguments:
.RS
.TP
\fBqueuepause printername\fR
Send a queue pause change notify
message to the printer specified.
destination
One of \fInmbd\fR, \fIsmbd\fR or a process ID\&.
The \fIsmbd\fR destination causes the message to "broadcast" to all smbd daemons\&.
The \fInmbd\fR destination causes the message to be sent to the nmbd daemon specified in the \fInmbd\&.pid\fR file\&.
If a single process ID is given, the message is sent to only that process\&.
.TP
\fBqueueresume printername\fR
Send a queue resume change notify
message for the printer specified.
message-type
Type of message to send\&. See the section \fBMESSAGE-TYPES\fR for details\&.
.TP
\fBjobpause printername unixjobid\fR
Send a job pause change notify
message for the printer and unix jobid
specified.
.TP
\fBjobresume printername unixjobid\fR
Send a job resume change notify
message for the printer and unix jobid
specified.
.TP
\fBjobdelete printername unixjobid\fR
Send a job delete change notify
message for the printer and unix jobid
specified.
.RE
Note that this message only sends notification that an
event has occured. It doesn't actually cause the
event to happen.
This message can only be sent to smbd.
.TP
\fBparameters\fR
parameters
any parameters required for the message-type
.SH "MESSAGE-TYPES"
.PP
Available message types are:
.TP
close-share
Order smbd to close the client connections to the named share\&. Note that this doesn't affect client connections to any other shares\&. This message-type takes an argument of the share name for which client connections will be closed, or the "*" character which will close all currently open shares\&. This may be useful if you made changes to the access controls on the share\&. This message can only be sent to \fBsmbd\fR\&.
.TP
debug
Set debug level to the value specified by the parameter\&. This can be sent to any of the destinations\&.
.TP
force-election
This message causes the \fBnmbd\fR daemon to force a new browse master election\&.
.TP
ping
Send specified number of "ping" messages and wait for the same number of reply "pong" messages\&. This can be sent to any of the destinations\&.
.TP
profile
Change profile settings of a daemon, based on the parameter\&. The parameter can be "on" to turn on profile stats collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats\&. This can be sent to any smbd or nmbd destinations\&.
.TP
debuglevel
Request debuglevel of a certain daemon and write it to stdout\&. This can be sent to any of the destinations\&.
.TP
profilelevel
Request profilelevel of a certain daemon and write it to stdout\&. This can be sent to any smbd or nmbd destinations\&.
.TP
printnotify
Order smbd to send a printer notify message to any Windows NT clients connected to a printer\&. This message-type takes the following arguments:
.RS
.TP
queuepause printername
Send a queue pause change notify message to the printer specified\&.
.TP
queueresume printername
Send a queue resume change notify message for the printer specified\&.
.TP
jobpause printername unixjobid
Send a job pause change notify message for the printer and unix jobid specified\&.
.TP
jobresume printername unixjobid
Send a job resume change notify message for the printer and unix jobid specified\&.
.TP
jobdelete printername unixjobid
Send a job delete change notify message for the printer and unix jobid specified\&.
.RE
Note that this message only sends notification that an event has occured\&. It doesn't actually cause the event to happen\&.
This message can only be sent to \fBsmbd\fR\&.
.TP
samsync
Order smbd to synchronise sam database from PDC (being BDC)\&. Can only be sent to \fBsmbd\fR\&.
Not working at the moment
.TP
samrepl
Send sam replication message, with specified serial\&. Can only be sent to \fBsmbd\fR\&. Should not be used manually\&.
.TP
dmalloc-mark
Set a mark for dmalloc\&. Can be sent to both smbd and nmbd\&. Only available if samba is built with dmalloc support\&.
.TP
dmalloc-log-changed
Dump the pointers that have changed since the mark set by dmalloc-mark\&. Can be sent to both smbd and nmbd\&. Only available if samba is built with dmalloc support\&.
.TP
shutdown
Shut down specified daemon\&. Can be sent to both smbd and nmbd\&.
.TP
pool-usage
Print a human-readable description of all talloc(pool) memory usage by the specified daemon/process\&. Available for both smbd and nmbd\&.
.TP
drvupgrade
Force clients of printers using specified driver to update their local version of the driver\&. Can only be sent to smbd\&.
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd(8)\fR
and \fBsmbd(8)\fR
\fBnmbd\fR(8) and \fBsmbd\fR(8)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

448
docs/manpages/smbd.8
View File

@ -1,316 +1,230 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBD" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBD" 8 "" "" ""
.SH NAME
smbd \- server to provide SMB/CIFS services to clients
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbd\fR [ \fB-D\fR ] [ \fB-F\fR ] [ \fB-S\fR ] [ \fB-i\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-b\fR ] [ \fB-d <debug level>\fR ] [ \fB-l <log directory>\fR ] [ \fB-p <port number>\fR ] [ \fB-O <socket option>\fR ] [ \fB-s <configuration file>\fR ]
.nf
\fBsmbd\fR [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>]
[-p <port number>] [-O <socket option>] [-s <configuration file>]
.fi
.SH "DESCRIPTION"
.PP
This program is part of the Samba suite.
This program is part of the \fBSamba\fR(7) suite\&.
.PP
\fBsmbd\fR is the server daemon that
provides filesharing and printing services to Windows clients.
The server provides filespace and printer services to
clients using the SMB (or CIFS) protocol. This is compatible
with the LanManager protocol, and can service LanManager
clients. These include MSCLIENT 3.0 for DOS, Windows for
Workgroups, Windows 95/98/ME, Windows NT, Windows 2000,
OS/2, DAVE for Macintosh, and smbfs for Linux.
\fBsmbd\fR is the server daemon that provides filesharing and printing services to Windows clients\&. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol\&. This is compatible with the LanManager protocol, and can service LanManager clients\&. These include MSCLIENT 3\&.0 for DOS, Windows for Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh, and smbfs for Linux\&.
.PP
An extensive description of the services that the
server can provide is given in the man page for the
configuration file controlling the attributes of those
services (see \fIsmb.conf(5)
\fR This man page will not describe the
services, but will concentrate on the administrative aspects
of running the server.
An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those services (see \fBsmb.conf\fR(5)\&. This man page will not describe the services, but will concentrate on the administrative aspects of running the server\&.
.PP
Please note that there are significant security
implications to running this server, and the \fIsmb.conf(5)\fR
manpage should be regarded as mandatory reading before
proceeding with installation.
Please note that there are significant security implications to running this server, and the \fBsmb.conf\fR(5) manual page should be regarded as mandatory reading before proceeding with installation\&.
.PP
A session is created whenever a client requests one.
Each client gets a copy of the server for each session. This
copy then services all connections made by the client during
that session. When all connections from its client are closed,
the copy of the server for that client terminates.
A session is created whenever a client requests one\&. Each client gets a copy of the server for each session\&. This copy then services all connections made by the client during that session\&. When all connections from its client are closed, the copy of the server for that client terminates\&.
.PP
The configuration file, and any files that it includes,
are automatically reloaded every minute, if they change. You
can force a reload by sending a SIGHUP to the server. Reloading
the configuration file will not affect connections to any service
that is already established. Either the user will have to
disconnect from the service, or \fBsmbd\fR killed and restarted.
The configuration file, and any files that it includes, are automatically reloaded every minute, if they change\&. You can force a reload by sending a SIGHUP to the server\&. Reloading the configuration file will not affect connections to any service that is already established\&. Either the user will have to disconnect from the service, or \fBsmbd\fR killed and restarted\&.
.SH "OPTIONS"
.TP
\fB-D\fR
If specified, this parameter causes
the server to operate as a daemon. That is, it detaches
itself and runs in the background, fielding requests
on the appropriate port. Operating the server as a
daemon is the recommended way of running \fBsmbd\fR for
servers that provide more than casual use file and
print services. This switch is assumed if \fBsmbd
\fR is executed on the command line of a shell.
.TP
\fB-F\fR
If specified, this parameter causes
the main \fBsmbd\fR process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
\fBsmbd\fR under process supervisors such
as \fBsupervise\fR and \fBsvscan\fR
from Daniel J. Bernstein's \fBdaemontools\fR
package, or the AIX process monitor.
.TP
\fB-S\fR
If specified, this parameter causes
\fBsmbd\fR to log to standard output rather
than a file.
.TP
\fB-i\fR
If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
server is executed on the command line of a shell. Setting this
parameter negates the implicit deamon mode when run from the
command line. \fBsmbd\fR also logs to standard
output, as if the \fB-S\fR parameter had been
given.
.TP
\fB-h\fR
Prints the help information (usage)
for \fBsmbd\fR.
.TP
\fB-V\fR
Prints the version number for
\fBsmbd\fR.
.TP
\fB-b\fR
Prints information about how
Samba was built.
.TP
\fB-d <debug level>\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will
override the log
level file.
.TP
\fB-l <log directory>\fR
If specified,
\fIlog directory\fR
specifies a log directory into which the "log.smbd" log
file will be created for informational and debug
messages from the running server. The log
file generated is never removed by the server although
its size may be controlled by the max log size
option in the \fI smb.conf(5)\fR file. \fBBeware:\fR
If the directory specified does not exist, \fBsmbd\fR
will log to the default debug log location defined at compile time.
-D
If specified, this parameter causes the server to operate as a daemon\&. That is, it detaches itself and runs in the background, fielding requests on the appropriate port\&. Operating the server as a daemon is the recommended way of running \fBsmbd\fR for servers that provide more than casual use file and print services\&. This switch is assumed if \fBsmbd \fR is executed on the command line of a shell\&.
The default log directory is specified at
compile time.
.TP
\fB-O <socket options>\fR
See the socket options
parameter in the \fIsmb.conf(5)
\fR file for details.
-F
If specified, this parameter causes the main \fBsmbd\fR process to not daemonize, i\&.e\&. double-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running \fBsmbd\fR under process supervisors such as \fBsupervise\fR and \fBsvscan\fR from Daniel J\&. Bernstein's \fBdaemontools\fR package, or the AIX process monitor\&.
.TP
\fB-p <port number>\fR
\fIport number\fR is a positive integer
value. The default value if this parameter is not
specified is 139.
-S
If specified, this parameter causes \fBsmbd\fR to log to standard output rather than a file\&.
This number is the port number that will be
used when making connections to the server from client
software. The standard (well-known) port number for the
SMB over TCP is 139, hence the default. If you wish to
run the server as an ordinary user rather than
as root, most systems will require you to use a port
number greater than 1024 - ask your system administrator
for help if you are in this situation.
In order for the server to be useful by most
clients, should you configure it on a port other
than 139, you will require port redirection services
on port 139, details of which are outlined in rfc1002.txt
section 4.3.5.
This parameter is not normally specified except
in the above situation.
.TP
\fB-s <configuration file>\fR
The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See \fI smb.conf(5)\fR for more information.
The default configuration file name is determined at
compile time.
-i
If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell\&. Setting this parameter negates the implicit deamon mode when run from the command line\&. \fBsmbd\fR also logs to standard output, as if the \fB-S\fR parameter had been given\&.
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.TP
-h|--help
Print a summary of command line options\&.
.TP
-b
Prints information about how Samba was built\&.
.TP
-l <log directory>
If specified, \fIlog directory\fR specifies a log directory into which the "log\&.smbd" log file will be created for informational and debug messages from the running server\&. The log file generated is never removed by the server although its size may be controlled by the \fImax log size\fR option in the \fBsmb.conf\fR(5) file\&. \fBBeware:\fR If the directory specified does not exist, \fBsmbd\fR will log to the default debug log location defined at compile time\&.
The default log directory is specified at compile time\&.
.TP
-p <port number>
\fIport number\fR is a positive integer value\&. The default value if this parameter is not specified is 139\&.
This number is the port number that will be used when making connections to the server from client software\&. The standard (well-known) port number for the SMB over TCP is 139, hence the default\&. If you wish to run the server as an ordinary user rather than as root, most systems will require you to use a port number greater than 1024 - ask your system administrator for help if you are in this situation\&.
In order for the server to be useful by most clients, should you configure it on a port other than 139, you will require port redirection services on port 139, details of which are outlined in rfc1002\&.txt section 4\&.3\&.5\&.
This parameter is not normally specified except in the above situation\&.
.SH "FILES"
.TP
\fB\fI/etc/inetd.conf\fB\fR
If the server is to be run by the
\fBinetd\fR meta-daemon, this file
must contain suitable startup information for the
meta-daemon. See the UNIX_INSTALL.html
document for details.
.TP
\fB\fI/etc/rc\fB\fR
or whatever initialization script your
system uses).
If running the server as a daemon at startup,
this file will need to contain an appropriate startup
sequence for the server. See the UNIX_INSTALL.html
document for details.
.TP
\fB\fI/etc/services\fB\fR
If running the server via the
meta-daemon \fBinetd\fR, this file
must contain a mapping of service name (e.g., netbios-ssn)
to service port (e.g., 139) and protocol type (e.g., tcp).
See the UNIX_INSTALL.html
document for details.
.TP
\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
This is the default location of the
\fIsmb.conf\fR
server configuration file. Other common places that systems
install this file are \fI/usr/samba/lib/smb.conf\fR
and \fI/etc/smb.conf\fR.
\fI/etc/inetd\&.conf\fR
If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the "How to Install and Test SAMBA" document for details\&.
.TP
\fI/etc/rc\fR
or whatever initialization script your system uses)\&.
If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&.
.TP
\fI/etc/services\fR
If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&.
.TP
\fI/usr/local/samba/lib/smb\&.conf\fR
This is the default location of the \fBsmb.conf\fR(5) server configuration file\&. Other common places that systems install this file are \fI/usr/samba/lib/smb\&.conf\fR and \fI/etc/samba/smb\&.conf\fR\&.
This file describes all the services the server is to make available to clients\&. See \fBsmb.conf\fR(5) for more information\&.
This file describes all the services the server
is to make available to clients. See \fIsmb.conf(5)\fR for more information.
.SH "LIMITATIONS"
.PP
On some systems \fBsmbd\fR cannot change uid back
to root after a setuid() call. Such systems are called
trapdoor uid systems. If you have such a system,
you will be unable to connect from a client (such as a PC) as
two different users at once. Attempts to connect the
second user will result in access denied or
similar.
On some systems \fBsmbd\fR cannot change uid back to root after a setuid() call\&. Such systems are called trapdoor uid systems\&. If you have such a system, you will be unable to connect from a client (such as a PC) as two different users at once\&. Attempts to connect the second user will result in access denied or similar\&.
.SH "ENVIRONMENT VARIABLES"
.TP
\fBPRINTER\fR
If no printer name is specified to
printable services, most systems will use the value of
this variable (or lp if this variable is
not defined) as the name of the printer to use. This
is not specific to the server, however.
If no printer name is specified to printable services, most systems will use the value of this variable (or \fBlp\fR if this variable is not defined) as the name of the printer to use\&. This is not specific to the server, however\&.
.SH "PAM INTERACTION"
.PP
Samba uses PAM for authentication (when presented with a plaintext
password), for account checking (is this account disabled?) and for
session management. The degree too which samba supports PAM is restricted
by the limitations of the SMB protocol and the
obey pam restricions
smb.conf paramater. When this is set, the following restrictions apply:
.TP 0.2i
Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the \fIobey pam restricions\fR \fBsmb.conf\fR(5) paramater\&. When this is set, the following restrictions apply:
.TP 3
\(bu
\fBAccount Validation\fR: All accesses to a
samba server are checked
against PAM to see if the account is vaild, not disabled and is permitted to
login at this time. This also applies to encrypted logins.
.TP 0.2i
\fBAccount Validation\fR: All accesses to a samba server are checked against PAM to see if the account is vaild, not disabled and is permitted to login at this time\&. This also applies to encrypted logins\&.
.TP
\(bu
\fBSession Management\fR: When not using share
level secuirty, users must pass PAM's session checks before access
is granted. Note however, that this is bypassed in share level secuirty.
Note also that some older pam configuration files may need a line
added for session support.
\fBSession Management\fR: When not using share level secuirty, users must pass PAM's session checks before access is granted\&. Note however, that this is bypassed in share level secuirty\&. Note also that some older pam configuration files may need a line added for session support\&.
.LP
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "DIAGNOSTICS"
.PP
Most diagnostics issued by the server are logged
in a specified log file. The log file name is specified
at compile time, but may be overridden on the command line.
Most diagnostics issued by the server are logged in a specified log file\&. The log file name is specified at compile time, but may be overridden on the command line\&.
.PP
The number and nature of diagnostics available depends
on the debug level used by the server. If you have problems, set
the debug level to 3 and peruse the log files.
The number and nature of diagnostics available depends on the debug level used by the server\&. If you have problems, set the debug level to 3 and peruse the log files\&.
.PP
Most messages are reasonably self-explanatory. Unfortunately,
at the time this man page was created, there are too many diagnostics
available in the source code to warrant describing each and every
diagnostic. At this stage your best bet is still to grep the
source code and inspect the conditions that gave rise to the
diagnostics you are seeing.
Most messages are reasonably self-explanatory\&. Unfortunately, at the time this man page was created, there are too many diagnostics available in the source code to warrant describing each and every diagnostic\&. At this stage your best bet is still to grep the source code and inspect the conditions that gave rise to the diagnostics you are seeing\&.
.SH "SIGNALS"
.PP
Sending the \fBsmbd\fR a SIGHUP will cause it to
reload its \fIsmb.conf\fR configuration
file within a short period of time.
Sending the \fBsmbd\fR a SIGHUP will cause it to reload its \fIsmb\&.conf\fR configuration file within a short period of time\&.
.PP
To shut down a user's \fBsmbd\fR process it is recommended
that \fBSIGKILL (-9)\fR \fBNOT\fR
be used, except as a last resort, as this may leave the shared
memory area in an inconsistent state. The safe way to terminate
an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for
it to die on its own.
To shut down a user's \fBsmbd\fR process it is recommended that \fBSIGKILL (-9)\fR \fBNOT\fR be used, except as a last resort, as this may leave the shared memory area in an inconsistent state\&. The safe way to terminate an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for it to die on its own\&.
.PP
The debug log level of \fBsmbd\fR may be raised
or lowered using \fBsmbcontrol(1)
\fR program (SIGUSR[1|2] signals are no longer used in
Samba 2.2). This is to allow transient problems to be diagnosed,
whilst still running at a normally low log level.
The debug log level of \fBsmbd\fR may be raised or lowered using \fBsmbcontrol\fR(1) program (SIGUSR[1|2] signals are no longer used since Samba 2\&.2)\&. This is to allow transient problems to be diagnosed, whilst still running at a normally low log level\&.
.PP
Note that as the signal handlers send a debug write,
they are not re-entrant in \fBsmbd\fR. This you should wait until
\fBsmbd\fR is in a state of waiting for an incoming SMB before
issuing them. It is possible to make the signal handlers safe
by un-blocking the signals before the select call and re-blocking
them after, however this would affect performance.
Note that as the signal handlers send a debug write, they are not re-entrant in \fBsmbd\fR\&. This you should wait until\fBsmbd\fR is in a state of waiting for an incoming SMB before issuing them\&. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking them after, however this would affect performance\&.
.SH "SEE ALSO"
.PP
hosts_access(5), \fBinetd(8)\fR,
\fBnmbd(8)\fR
\fIsmb.conf(5)\fR
\fBsmbclient(1)
\fR and the Internet RFC's
\fIrfc1001.txt\fR, \fIrfc1002.txt\fR.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page
http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
\fBhosts_access\fR(5), \fBinetd\fR(8), \fBnmbd\fR(8), \fBsmb.conf\fR(5), \fBsmbclient\fR(1), \fBtestparm\fR(1), \fBtestprns\fR(1), and the Internet RFC's\fIrfc1001\&.txt\fR, \fIrfc1002\&.txt\fR\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page http://samba\&.org/cifs/\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

113
docs/manpages/smbmnt.8
View File

@ -1,64 +1,91 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBMNT" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBMNT" 8 "" "" ""
.SH NAME
smbmnt \- helper utility for mounting SMB filesystems
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbmnt\fR \fBmount-point\fR [ \fB-s <share>\fR ] [ \fB-r\fR ] [ \fB-u <uid>\fR ] [ \fB-g <gid>\fR ] [ \fB-f <mask>\fR ] [ \fB-d <mask>\fR ] [ \fB-o <options>\fR ]
.nf
\fBsmbmnt\fR {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>] [-h]
.fi
.SH "DESCRIPTION"
.PP
\fBsmbmnt\fR is a helper application used
by the smbmount program to do the actual mounting of SMB shares.
\fBsmbmnt\fR can be installed setuid root if you want
normal users to be able to mount their SMB shares.
\fBsmbmnt\fR is a helper application used by the smbmount program to do the actual mounting of SMB shares\&.\fBsmbmnt\fR can be installed setuid root if you want normal users to be able to mount their SMB shares\&.
.PP
A setuid smbmnt will only allow mounts on directories owned
by the user, and that the user has write permission on.
A setuid smbmnt will only allow mounts on directories owned by the user, and that the user has write permission on\&.
.PP
The \fBsmbmnt\fR program is normally invoked
by \fBsmbmount(8)\fR
It should not be invoked directly by users.
The \fBsmbmnt\fR program is normally invoked by \fBsmbmount\fR(8)\&. It should not be invoked directly by users\&.
.PP
smbmount searches the normal PATH for smbmnt. You must ensure
that the smbmnt version in your path matches the smbmount used.
smbmount searches the normal PATH for smbmnt\&. You must ensure that the smbmnt version in your path matches the smbmount used\&.
.SH "OPTIONS"
.TP
\fB-r\fR
mount the filesystem read-only
-r
mount the filesystem read-only
.TP
\fB-u uid\fR
specify the uid that the files will
be owned by
-u uid
specify the uid that the files will be owned by
.TP
\fB-g gid\fR
specify the gid that the files will be
owned by
-g gid
specify the gid that the files will be owned by
.TP
\fB-f mask\fR
-f mask
specify the octal file mask applied
.TP
\fB-d mask\fR
specify the octal directory mask
applied
-d mask
specify the octal directory mask applied
.TP
\fB-o options\fR
list of options that are passed as-is to smbfs, if this
command is run on a 2.4 or higher Linux kernel.
-o options
list of options that are passed as-is to smbfs, if this command is run on a 2\&.4 or higher Linux kernel\&.
.TP
-h|--help
Print a summary of command line options\&.
.SH "AUTHOR"
.PP
Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.
Volker Lendecke, Andrew Tridgell, Michael H\&. Warfield and others\&.
.PP
The current maintainer of smbfs and the userspace
tools \fBsmbmount\fR, \fBsmbumount\fR,
and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
The SAMBA Mailing list <URL:mailto:samba@samba.org>
is the preferred place to ask questions regarding these programs.
The current maintainer of smbfs and the userspace tools \fBsmbmount\fR, \fBsmbumount\fR, and \fBsmbmnt\fR is Urban Widmark\&. The SAMBA Mailing list is the preferred place to ask questions regarding these programs\&.
.PP
The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter
The conversion of this manpage for Samba 2\&.2 was performed by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

350
docs/manpages/smbmount.8
View File

@ -1,215 +1,219 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBMOUNT" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBMOUNT" 8 "" "" ""
.SH NAME
smbmount \- mount an smbfs filesystem
.SH SYNOPSIS
\fBsmbmount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ]
.SH "DESCRIPTION"
.PP
\fBsmbmount\fR mounts a Linux SMB filesystem. It
is usually invoked as \fBmount.smbfs\fR by
the \fBmount(8)\fR command when using the
"-t smbfs" option. This command only works in Linux, and the kernel must
support the smbfs filesystem.
.PP
Options to \fBsmbmount\fR are specified as a comma-separated
list of key=value pairs. It is possible to send options other
than those listed here, assuming that smbfs supports them. If
you get mount failures, check your kernel log for errors on
unknown options.
.PP
\fBsmbmount\fR is a daemon. After mounting it keeps running until
the mounted smbfs is umounted. It will log things that happen
when in daemon mode using the "machine name" smbmount, so
typically this output will end up in \fIlog.smbmount\fR. The
\fBsmbmount\fR process may also be called mount.smbfs.
.PP
\fBNOTE:\fR \fBsmbmount\fR
calls \fBsmbmnt(8)\fR to do the actual mount. You
must make sure that \fBsmbmnt\fR is in the path so
that it can be found.
.SH "OPTIONS"
.TP
\fBusername=<arg>\fR
specifies the username to connect as. If
this is not given, then the environment variable \fB USER\fR is used. This option can also take the
form "user%password" or "user/workgroup" or
"user/workgroup%password" to allow the password and workgroup
to be specified as part of the username.
.TP
\fBpassword=<arg>\fR
specifies the SMB password. If this
option is not given then the environment variable
\fBPASSWD\fR is used. If it can find
no password \fBsmbmount\fR will prompt
for a passeword, unless the guest option is
given.
Note that passwords which contain the argument delimiter
character (i.e. a comma ',') will failed to be parsed correctly
on the command line. However, the same password defined
in the PASSWD environment variable or a credentials file (see
below) will be read correctly.
.TP
\fBcredentials=<filename>\fR
specifies a file that contains a username
and/or password. The format of the file is:
.SH "SYNOPSIS"
.nf
username = <value>
password = <value>
\fBsmbmount\fR {service} {mount-point} [-o options]
.fi
This is preferred over having passwords in plaintext in a
shared file, such as \fI/etc/fstab\fR. Be sure to protect any
credentials file properly.
.SH "DESCRIPTION"
.PP
\fBsmbmount\fR mounts a Linux SMB filesystem\&. It is usually invoked as \fBmount.smbfs\fR by the \fBmount\fR(8) command when using the "-t smbfs" option\&. This command only works in Linux, and the kernel must support the smbfs filesystem\&.
.PP
Options to \fBsmbmount\fR are specified as a comma-separated list of key=value pairs\&. It is possible to send options other than those listed here, assuming that smbfs supports them\&. If you get mount failures, check your kernel log for errors on unknown options\&.
.PP
\fBsmbmount\fR is a daemon\&. After mounting it keeps running until the mounted smbfs is umounted\&. It will log things that happen when in daemon mode using the "machine name" smbmount, so typically this output will end up in \fIlog\&.smbmount\fR\&. The \fB smbmount\fR process may also be called mount\&.smbfs\&.
.RS
.Sh "Note"
.PP
\fBsmbmount\fR calls \fBsmbmnt\fR(8) to do the actual mount\&. You must make sure that \fBsmbmnt\fR is in the path so that it can be found\&.
.RE
.SH "OPTIONS"
.TP
\fBnetbiosname=<arg>\fR
sets the source NetBIOS name. It defaults
to the local hostname.
username=<arg>
specifies the username to connect as\&. If this is not given, then the environment variable \fB USER\fR is used\&. This option can also take the form "user%password" or "user/workgroup" or "user/workgroup%password" to allow the password and workgroup to be specified as part of the username\&.
.TP
\fBuid=<arg>\fR
sets the uid that will own all files on
the mounted filesystem.
It may be specified as either a username or a numeric uid.
password=<arg>
specifies the SMB password\&. If this option is not given then the environment variable \fBPASSWD\fR is used\&. If it can find no password \fBsmbmount\fR will prompt for a passeword, unless the guest option is given\&.
Note that passwords which contain the argument delimiter character (i\&.e\&. a comma ',') will failed to be parsed correctly on the command line\&. However, the same password defined in the PASSWD environment variable or a credentials file (see below) will be read correctly\&.
.TP
\fBgid=<arg>\fR
sets the gid that will own all files on
the mounted filesystem.
It may be specified as either a groupname or a numeric
gid.
credentials=<filename>
specifies a file that contains a username and/or password\&.
The format of the file is:
.nf
username = <value>
password = <value>
.fi
This is preferred over having passwords in plaintext in a shared file, such as \fI/etc/fstab\fR\&. Be sure to protect any credentials file properly\&.
.TP
\fBport=<arg>\fR
sets the remote SMB port number. The default
is 139.
krb
Use kerberos (Active Directory)\&.
.TP
\fBfmask=<arg>\fR
sets the file mask. This determines the
permissions that remote files have in the local filesystem.
The default is based on the current umask.
netbiosname=<arg>
sets the source NetBIOS name\&. It defaults to the local hostname\&.
.TP
\fBdmask=<arg>\fR
sets the directory mask. This determines the
permissions that remote directories have in the local filesystem.
The default is based on the current umask.
uid=<arg>
sets the uid that will own all files on the mounted filesystem\&. It may be specified as either a username or a numeric uid\&.
.TP
\fBdebug=<arg>\fR
sets the debug level. This is useful for
tracking down SMB connection problems. A suggested value to
start with is 4. If set too high there will be a lot of
output, possibly hiding the useful output.
gid=<arg>
sets the gid that will own all files on the mounted filesystem\&. It may be specified as either a groupname or a numeric gid\&.
.TP
\fBip=<arg>\fR
sets the destination host or IP address.
port=<arg>
sets the remote SMB port number\&. The default is 139\&.
.TP
\fBworkgroup=<arg>\fR
sets the workgroup on the destination
fmask=<arg>
sets the file mask\&. This determines the permissions that remote files have in the local filesystem\&. This is not a umask, but the actual permissions for the files\&. The default is based on the current umask\&.
.TP
\fBsockopt=<arg>\fR
sets the TCP socket options. See the \fIsmb.conf
\fR \fIsocket options\fR option.
dmask=<arg>
Sets the directory mask\&. This determines the permissions that remote directories have in the local filesystem\&. This is not a umask, but the actual permissions for the directories\&. The default is based on the current umask\&.
.TP
\fBscope=<arg>\fR
sets the NetBIOS scope
debug=<arg>
Sets the debug level\&. This is useful for tracking down SMB connection problems\&. A suggested value to start with is 4\&. If set too high there will be a lot of output, possibly hiding the useful output\&.
.TP
\fBguest\fR
don't prompt for a password
ip=<arg>
Sets the destination host or IP address\&.
.TP
\fBro\fR
mount read-only
workgroup=<arg>
Sets the workgroup on the destination
.TP
\fBrw\fR
mount read-write
sockopt=<arg>
Sets the TCP socket options\&. See the \fBsmb.conf\fR(5) \fIsocket options\fR option\&.
.TP
\fBiocharset=<arg>\fR
sets the charset used by the Linux side for codepage
to charset translations (NLS). Argument should be the
name of a charset, like iso8859-1. (Note: only kernel
2.4.0 or later)
scope=<arg>
Sets the NetBIOS scope
.TP
\fBcodepage=<arg>\fR
sets the codepage the server uses. See the iocharset
option. Example value cp850. (Note: only kernel 2.4.0
or later)
guest
Don't prompt for a password
.TP
\fBttl=<arg>\fR
sets how long a directory listing is cached in milliseconds
(also affects visibility of file size and date
changes). A higher value means that changes on the
server take longer to be noticed but it can give
better performance on large directories, especially
over long distances. Default is 1000ms but something
like 10000ms (10 seconds) is probably more reasonable
in many cases.
(Note: only kernel 2.4.2 or later)
ro
mount read-only
.TP
rw
mount read-write
.TP
iocharset=<arg>
sets the charset used by the Linux side for codepage to charset translations (NLS)\&. Argument should be the name of a charset, like iso8859-1\&. (Note: only kernel 2\&.4\&.0 or later)
.TP
codepage=<arg>
sets the codepage the server uses\&. See the iocharset option\&. Example value cp850\&. (Note: only kernel 2\&.4\&.0 or later)
.TP
ttl=<arg>
sets how long a directory listing is cached in milliseconds (also affects visibility of file size and date changes)\&. A higher value means that changes on the server take longer to be noticed but it can give better performance on large directories, especially over long distances\&. Default is 1000ms but something like 10000ms (10 seconds) is probably more reasonable in many cases\&. (Note: only kernel 2\&.4\&.2 or later)
.SH "ENVIRONMENT VARIABLES"
.PP
The variable \fBUSER\fR may contain the username of the
person using the client. This information is used only if the
protocol level is high enough to support session-level
passwords. The variable can be used to set both username and
password by using the format username%password.
The variable \fBUSER\fR may contain the username of the person using the client\&. This information is used only if the protocol level is high enough to support session-level passwords\&. The variable can be used to set both username and password by using the format username%password\&.
.PP
The variable \fBPASSWD\fR may contain the password of the
person using the client. This information is used only if the
protocol level is high enough to support session-level
passwords.
The variable \fBPASSWD\fR may contain the password of the person using the client\&. This information is used only if the protocol level is high enough to support session-level passwords\&.
.PP
The variable \fBPASSWD_FILE\fR may contain the pathname
of a file to read the password from. A single line of input is
read and used as the password.
The variable \fBPASSWD_FILE\fR may contain the pathname of a file to read the password from\&. A single line of input is read and used as the password\&.
.SH "BUGS"
.PP
Passwords and other options containing , can not be handled.
For passwords an alternative way of passing them is in a credentials
file or in the PASSWD environment.
Passwords and other options containing , can not be handled\&. For passwords an alternative way of passing them is in a credentials file or in the PASSWD environment\&.
.PP
The credentials file does not handle usernames or passwords with
leading space.
The credentials file does not handle usernames or passwords with leading space\&.
.PP
One smbfs bug is important enough to mention here, even if it
is a bit misplaced:
.TP 0.2i
One smbfs bug is important enough to mention here, even if it is a bit misplaced:
.TP 3
\(bu
Mounts sometimes stop working. This is usually
caused by smbmount terminating. Since smbfs needs smbmount to
reconnect when the server disconnects, the mount will eventually go
dead. An umount/mount normally fixes this. At least 2 ways to
trigger this bug are known.
Mounts sometimes stop working\&. This is usually caused by smbmount terminating\&. Since smbfs needs smbmount to reconnect when the server disconnects, the mount will eventually go dead\&. An umount/mount normally fixes this\&. At least 2 ways to trigger this bug are known\&.
.LP
.PP
Note that the typical response to a bug report is suggestion
to try the latest version first. So please try doing that first,
and always include which versions you use of relevant software
when reporting bugs (minimum: samba, kernel, distribution)
Note that the typical response to a bug report is suggestion to try the latest version first\&. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: samba, kernel, distribution)
.SH "SEE ALSO"
.PP
Documentation/filesystems/smbfs.txt in the linux kernel
source tree may contain additional options and information.
Documentation/filesystems/smbfs\&.txt in the linux kernel source tree may contain additional options and information\&.
.PP
FreeBSD also has a smbfs, but it is not related to smbmount
.PP
For Solaris, HP-UX and others you may want to look at
\fBsmbsh(1)\fR or at other
solutions, such as sharity or perhaps replacing the SMB server with
a NFS server.
For Solaris, HP-UX and others you may want to look at \fBsmbsh\fR(1) or at other solutions, such as Sharity or perhaps replacing the SMB server with a NFS server\&.
.SH "AUTHOR"
.PP
Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.
Volker Lendecke, Andrew Tridgell, Michael H\&. Warfield and others\&.
.PP
The current maintainer of smbfs and the userspace
tools \fBsmbmount\fR, \fBsmbumount\fR,
and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
The SAMBA Mailing list <URL:mailto:samba@samba.org>
is the preferred place to ask questions regarding these programs.
The current maintainer of smbfs and the userspace tools \fBsmbmount\fR, \fBsmbumount\fR, and \fBsmbmnt\fR is Urban Widmark\&. The SAMBA Mailing list is the preferred place to ask questions regarding these programs\&.
.PP
The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter
The conversion of this manpage for Samba 2\&.2 was performed by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

220
docs/manpages/smbpasswd.5
View File

@ -1,157 +1,111 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBPASSWD" "5" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBPASSWD" 5 "" "" ""
.SH NAME
smbpasswd \- The Samba encrypted password file
.SH SYNOPSIS
.SH "SYNOPSIS"
.PP
\fIsmbpasswd\fR
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
smbpasswd is the Samba encrypted password file. It contains
the username, Unix user id and the SMB hashed passwords of the
user, as well as account flag information and the time the
password was last changed. This file format has been evolving with
Samba and has had several different formats in the past.
smbpasswd is the Samba encrypted password file\&. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed\&. This file format has been evolving with Samba and has had several different formats in the past\&.
.SH "FILE FORMAT"
.PP
The format of the smbpasswd file used by Samba 2.2
is very similar to the familiar Unix \fIpasswd(5)\fR
file. It is an ASCII file containing one line for each user. Each field
ithin each line is separated from the next by a colon. Any entry
beginning with '#' is ignored. The smbpasswd file contains the
following information for each user:
.TP
\fBname\fR
This is the user name. It must be a name that
already exists in the standard UNIX passwd file.
.TP
\fBuid\fR
This is the UNIX uid. It must match the uid
field for the same user entry in the standard UNIX passwd file.
If this does not match then Samba will refuse to recognize
this smbpasswd file entry as being valid for a user.
.TP
\fBLanman Password Hash\fR
This is the LANMAN hash of the user's password,
encoded as 32 hex digits. The LANMAN hash is created by DES
encrypting a well known string with the user's password as the
DES key. This is the same password used by Windows 95/98 machines.
Note that this password hash is regarded as weak as it is
vulnerable to dictionary attacks and if two users choose the
same password this entry will be identical (i.e. the password
is not "salted" as the UNIX password is). If the user has a
null password this field will contain the characters "NO PASSWORD"
as the start of the hex string. If the hex string is equal to
32 'X' characters then the user's account is marked as
disabled and the user will not be able to
log onto the Samba server.
The format of the smbpasswd file used by Samba 2\&.2 is very similar to the familiar Unix \fIpasswd(5)\fR file\&. It is an ASCII file containing one line for each user\&. Each field ithin each line is separated from the next by a colon\&. Any entry beginning with '#' is ignored\&. The smbpasswd file contains the following information for each user:
\fBWARNING !!\fR Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as \fBplain text
equivalents\fR and must \fBNOT\fR be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
traverse access only to the root user and the smbpasswd file
itself must be set to be read/write only by root, with no
other access.
.TP
\fBNT Password Hash\fR
This is the Windows NT hash of the user's
password, encoded as 32 hex digits. The Windows NT hash is
created by taking the user's password as represented in
16-bit, little-endian UNICODE and then applying the MD4
(internet rfc1321) hashing algorithm to it.
name
This is the user name\&. It must be a name that already exists in the standard UNIX passwd file\&.
This password hash is considered more secure than
the LANMAN Password Hash as it preserves the case of the
password and uses a much higher quality hashing algorithm.
However, it is still the case that if two users choose the same
password this entry will be identical (i.e. the password is
not "salted" as the UNIX password is).
\fBWARNING !!\fR. Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as \fBplain text
equivalents\fR and must \fBNOT\fR be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
traverse access only to the root user and the smbpasswd file
itself must be set to be read/write only by root, with no
other access.
.TP
\fBAccount Flags\fR
This section contains flags that describe
the attributes of the users account. In the Samba 2.2 release
this field is bracketed by '[' and ']' characters and is always
13 characters in length (including the '[' and ']' characters).
The contents of this field may be any of the characters.
.RS
.TP 0.2i
\(bu
\fBU\fR - This means
this is a "User" account, i.e. an ordinary user. Only User
and Workstation Trust accounts are currently supported
in the smbpasswd file.
.TP 0.2i
\(bu
\fBN\fR - This means the
account has no password (the passwords in the fields LANMAN
Password Hash and NT Password Hash are ignored). Note that this
will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5)
\fR config file.
.TP 0.2i
\(bu
\fBD\fR - This means the account
is disabled and no SMB/CIFS logins will be allowed for
this user.
.TP 0.2i
\(bu
\fBW\fR - This means this account
is a "Workstation Trust" account. This kind of account is used
in the Samba PDC code stream to allow Windows NT Workstations
and Servers to join a Domain hosted by a Samba PDC.
.RE
uid
This is the UNIX uid\&. It must match the uid field for the same user entry in the standard UNIX passwd file\&. If this does not match then Samba will refuse to recognize this smbpasswd file entry as being valid for a user\&.
Other flags may be added as the code is extended in future.
The rest of this field space is filled in with spaces.
.TP
\fBLast Change Time\fR
This field consists of the time the account was
last modified. It consists of the characters 'LCT-' (standing for
"Last Change Time") followed by a numeric encoding of the UNIX time
in seconds since the epoch (1970) that the last change was made.
Lanman Password Hash
This is the LANMAN hash of the user's password, encoded as 32 hex digits\&. The LANMAN hash is created by DES encrypting a well known string with the user's password as the DES key\&. This is the same password used by Windows 95/98 machines\&. Note that this password hash is regarded as weak as it is vulnerable to dictionary attacks and if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&. If the user has a null password this field will contain the characters "NO PASSWORD" as the start of the hex string\&. If the hex string is equal to 32 'X' characters then the user's account is marked as \fBdisabled\fR and the user will not be able to log onto the Samba server\&.
\fBWARNING !!\fR Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
.TP
NT Password Hash
This is the Windows NT hash of the user's password, encoded as 32 hex digits\&. The Windows NT hash is created by taking the user's password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it\&.
This password hash is considered more secure than the LANMAN Password Hash as it preserves the case of the password and uses a much higher quality hashing algorithm\&. However, it is still the case that if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&.
\fBWARNING !!\fR\&. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
.TP
Account Flags
This section contains flags that describe the attributes of the users account\&. In the Samba 2\&.2 release this field is bracketed by '[' and ']' characters and is always 13 characters in length (including the '[' and ']' characters)\&. The contents of this field may be any of the following characters:
\fBU\fR - This means this is a "User" account, i\&.e\&. an ordinary user\&. Only User and Workstation Trust accounts are currently supported in the smbpasswd file\&.
\fBN\fR - This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored)\&. Note that this will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fBsmb.conf\fR(5) config file\&.
\fBD\fR - This means the account is disabled and no SMB/CIFS logins will be allowed for this user\&.
\fBW\fR - This means this account is a "Workstation Trust" account\&. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC\&.
Other flags may be added as the code is extended in future\&. The rest of this field space is filled in with spaces\&.
.TP
Last Change Time
This field consists of the time the account was last modified\&. It consists of the characters 'LCT-' (standing for "Last Change Time") followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made\&.
.PP
All other colon separated fields are ignored at this time.
All other colon separated fields are ignored at this time\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbpasswd(8)\fR
samba(7) and
the Internet RFC1321 for details on the MD4 algorithm.
\fBsmbpasswd\fR(8), \fBSamba\fR(7), and the Internet RFC1321 for details on the MD4 algorithm\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

412
docs/manpages/smbpasswd.8
View File

@ -1,293 +1,219 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBPASSWD" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBPASSWD" 8 "" "" ""
.SH NAME
smbpasswd \- change a user's SMB password
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbpasswd\fR [ \fB-a\fR ] [ \fB-x\fR ] [ \fB-d\fR ] [ \fB-e\fR ] [ \fB-D debuglevel\fR ] [ \fB-n\fR ] [ \fB-r <remote machine>\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-m\fR ] [ \fB-U username[%password]\fR ] [ \fB-h\fR ] [ \fB-s\fR ] [ \fB-w pass\fR ] [ \fB-i\fR ] [ \fB-L\fR ] [ \fBusername\fR ]
.nf
\fBsmbpasswd\fR [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
The smbpasswd program has several different
functions, depending on whether it is run by the \fBroot\fR
user or not. When run as a normal user it allows the user to change
the password used for their SMB sessions on any machines that store
SMB passwords.
The smbpasswd program has several different functions, depending on whether it is run by the \fBroot\fR user or not\&. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store SMB passwords\&.
.PP
By default (when run with no arguments) it will attempt to
change the current user's SMB password on the local machine. This is
similar to the way the \fBpasswd(1)\fR program works.
\fBsmbpasswd\fR differs from how the passwd program works
however in that it is not \fBsetuid root\fR but works in
a client-server mode and communicates with a locally running
\fBsmbd(8)\fR. As a consequence in order for this to
succeed the smbd daemon must be running on the local machine. On a
UNIX machine the encrypted SMB passwords are usually stored in
the \fIsmbpasswd(5)\fR file.
By default (when run with no arguments) it will attempt to change the current user's SMB password on the local machine\&. This is similar to the way the \fBpasswd(1)\fR program works\&. \fB smbpasswd\fR differs from how the passwd program works however in that it is not \fBsetuid root\fR but works in a client-server mode and communicates with a locally running \fBsmbd\fR(8)\&. As a consequence in order for this to succeed the smbd daemon must be running on the local machine\&. On a UNIX machine the encrypted SMB passwords are usually stored in the \fBsmbpasswd\fR(5) file\&.
.PP
When run by an ordinary user with no options, smbpasswd
will prompt them for their old SMB password and then ask them
for their new password twice, to ensure that the new password
was typed correctly. No passwords will be echoed on the screen
whilst being typed. If you have a blank SMB password (specified by
the string "NO PASSWORD" in the smbpasswd file) then just press
the <Enter> key when asked for your old password.
When run by an ordinary user with no options, smbpasswd will prompt them for their old SMB password and then ask them for their new password twice, to ensure that the new password was typed correctly\&. No passwords will be echoed on the screen whilst being typed\&. If you have a blank SMB password (specified by the string "NO PASSWORD" in the smbpasswd file) then just press the <Enter> key when asked for your old password\&.
.PP
smbpasswd can also be used by a normal user to change their
SMB password on remote machines, such as Windows NT Primary Domain
Controllers. See the (-r) and -U options below.
smbpasswd can also be used by a normal user to change their SMB password on remote machines, such as Windows NT Primary Domain Controllers\&. See the (\fI-r\fR) and \fI-U\fR options below\&.
.PP
When run by root, smbpasswd allows new users to be added
and deleted in the smbpasswd file, as well as allows changes to
the attributes of the user in this file to be made. When run by root,
\fBsmbpasswd\fR accesses the local smbpasswd file
directly, thus enabling changes to be made even if smbd is not
running.
When run by root, smbpasswd allows new users to be added and deleted in the smbpasswd file, as well as allows changes to the attributes of the user in this file to be made\&. When run by root, \fB smbpasswd\fR accesses the local smbpasswd file directly, thus enabling changes to be made even if smbd is not running\&.
.SH "OPTIONS"
.TP
\fB-a\fR
This option specifies that the username
following should be added to the local smbpasswd file, with the
new password typed (type <Enter> for the old password). This
option is ignored if the username following already exists in
the smbpasswd file and it is treated like a regular change
password command. Note that the default passdb backends require
the user to already exist in the system password file (usually
\fI/etc/passwd\fR), else the request to add the
user will fail.
-a
This option specifies that the username following should be added to the local smbpasswd file, with the new password typed (type <Enter> for the old password)\&. This option is ignored if the username following already exists in the smbpasswd file and it is treated like a regular change password command\&. Note that the default passdb backends require the user to already exist in the system password file (usually \fI/etc/passwd\fR), else the request to add the user will fail\&.
This option is only available when running smbpasswd as root\&.
This option is only available when running smbpasswd
as root.
.TP
\fB-x\fR
This option specifies that the username
following should be deleted from the local smbpasswd file.
-x
This option specifies that the username following should be deleted from the local smbpasswd file\&.
This option is only available when running smbpasswd as root\&.
This option is only available when running smbpasswd as
root.
.TP
\fB-d\fR
This option specifies that the username following
should be disabled in the local smbpasswd
file. This is done by writing a 'D' flag
into the account control space in the smbpasswd file. Once this
is done all attempts to authenticate via SMB using this username
will fail.
-d
This option specifies that the username following should be \fBdisabled\fR in the local smbpasswd file\&. This is done by writing a \fB'D'\fR flag into the account control space in the smbpasswd file\&. Once this is done all attempts to authenticate via SMB using this username will fail\&.
If the smbpasswd file is in the 'old' format (pre-Samba 2\&.0 format) there is no space in the user's password entry to write this information and the command will FAIL\&. See \fBsmbpasswd\fR(5) for details on the 'old' and new password file formats\&.
This option is only available when running smbpasswd as root\&.
If the smbpasswd file is in the 'old' format (pre-Samba 2.0
format) there is no space in the user's password entry to write
this information and the command will FAIL. See \fBsmbpasswd(5)
\fR for details on the 'old' and new password file formats.
This option is only available when running smbpasswd as
root.
.TP
\fB-e\fR
This option specifies that the username following
should be enabled in the local smbpasswd file,
if the account was previously disabled. If the account was not
disabled this option has no effect. Once the account is enabled then
the user will be able to authenticate via SMB once again.
-e
This option specifies that the username following should be \fBenabled\fR in the local smbpasswd file, if the account was previously disabled\&. If the account was not disabled this option has no effect\&. Once the account is enabled then the user will be able to authenticate via SMB once again\&.
If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will FAIL to enable the account\&. See \fBsmbpasswd\fR(5) for details on the 'old' and new password file formats\&.
This option is only available when running smbpasswd as root\&.
If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will FAIL to enable the account.
See \fBsmbpasswd (5)\fR for
details on the 'old' and new password file formats.
This option is only available when running smbpasswd as root.
.TP
\fB-D debuglevel\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is not specified
is zero.
-D debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of smbpasswd\&. At level 0, only critical errors and serious warnings will be logged\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
The higher this value, the more detail will be logged to the
log files about the activities of smbpasswd. At level 0, only
critical errors and serious warnings will be logged.
Levels above 1 will generate considerable amounts of log
data, and should only be used when investigating a problem. Levels
above 3 are designed for use only by developers and generate
HUGE amounts of log data, most of which is extremely cryptic.
.TP
\fB-n\fR
This option specifies that the username following
should have their password set to null (i.e. a blank password) in
the local smbpasswd file. This is done by writing the string "NO
PASSWORD" as the first part of the first password stored in the
smbpasswd file.
-n
This option specifies that the username following should have their password set to null (i\&.e\&. a blank password) in the local smbpasswd file\&. This is done by writing the string "NO PASSWORD" as the first part of the first password stored in the smbpasswd file\&.
Note that to allow users to logon to a Samba server once the password has been set to "NO PASSWORD" in the smbpasswd file the administrator must set the following parameter in the [global] section of the \fIsmb\&.conf\fR file :
Note that to allow users to logon to a Samba server once
the password has been set to "NO PASSWORD" in the smbpasswd
file the administrator must set the following parameter in the [global]
section of the \fIsmb.conf\fR file :
\fBnull passwords = yes\fR
This option is only available when running smbpasswd as
root.
.TP
\fB-r remote machine name\fR
This option allows a user to specify what machine
they wish to change their password on. Without this parameter
smbpasswd defaults to the local host. The \fIremote
machine name\fR is the NetBIOS name of the SMB/CIFS
server to contact to attempt the password change. This name is
resolved into an IP address using the standard name resolution
mechanism in all programs of the Samba suite. See the \fI-R
name resolve order\fR parameter for details on changing
this resolving mechanism.
The username whose password is changed is that of the
current UNIX logged on user. See the \fI-U username\fR
parameter for details on changing the password for a different
username.
This option is only available when running smbpasswd as root\&.
Note that if changing a Windows NT Domain password the
remote machine specified must be the Primary Domain Controller for
the domain (Backup Domain Controllers only have a read-only
copy of the user account database and will not allow the password
change).
\fBNote\fR that Windows 95/98 do not have
a real password database so it is not possible to change passwords
specifying a Win95/98 machine as remote machine target.
.TP
\fB-R name resolve order\fR
This option allows the user of smbpasswd to determine
what name resolution services to use when looking up the NetBIOS
name of the host being connected to.
-r remote machine name
This option allows a user to specify what machine they wish to change their password on\&. Without this parameter smbpasswd defaults to the local host\&. The \fIremote machine name\fR is the NetBIOS name of the SMB/CIFS server to contact to attempt the password change\&. This name is resolved into an IP address using the standard name resolution mechanism in all programs of the Samba suite\&. See the \fI-R name resolve order\fR parameter for details on changing this resolving mechanism\&.
The options are :"lmhosts", "host", "wins" and "bcast". They
cause names to be resolved as follows :
.RS
.TP 0.2i
\(bu
lmhosts : Lookup an IP
address in the Samba lmhosts file. If the line in lmhosts has
no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
any name type matches for lookup.
.TP 0.2i
\(bu
host : Do a standard host
name to IP address resolution, using the system \fI/etc/hosts
\fR, NIS, or DNS lookups. This method of name resolution
is operating system depended for instance on IRIX or Solaris this
may be controlled by the \fI/etc/nsswitch.conf\fR
file). Note that this method is only used if the NetBIOS name
type being queried is the 0x20 (server) name type, otherwise
it is ignored.
.TP 0.2i
\(bu
wins : Query a name with
the IP address listed in the \fIwins server\fR
parameter. If no WINS server has been specified this method
will be ignored.
.TP 0.2i
\(bu
bcast : Do a broadcast on
each of the known local interfaces listed in the
\fIinterfaces\fR parameter. This is the least
reliable of the name resolution methods as it depends on the
target host being on a locally connected subnet.
.RE
The default order is \fBlmhosts, host, wins, bcast\fR
and without this parameter or any entry in the
\fIsmb.conf\fR file the name resolution methods will
be attempted in this order.
.TP
\fB-m\fR
This option tells smbpasswd that the account
being changed is a MACHINE account. Currently this is used
when Samba is being used as an NT Primary Domain Controller.
The username whose password is changed is that of the current UNIX logged on user\&. See the \fI-U username\fR parameter for details on changing the password for a different username\&.
Note that if changing a Windows NT Domain password the remote machine specified must be the Primary Domain Controller for the domain (Backup Domain Controllers only have a read-only copy of the user account database and will not allow the password change)\&.
\fBNote\fR that Windows 95/98 do not have a real password database so it is not possible to change passwords specifying a Win95/98 machine as remote machine target\&.
This option is only available when running smbpasswd as root.
.TP
\fB-U username\fR
This option may only be used in conjunction
with the \fI-r\fR option. When changing
a password on a remote machine it allows the user to specify
the user name on that machine whose password will be changed. It
is present to allow users who have different user names on
different systems to change these passwords.
.TP
\fB-h\fR
This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root
or as an ordinary user.
.TP
\fB-s\fR
This option causes smbpasswd to be silent (i.e.
not issue prompts) and to read its old and new passwords from
standard input, rather than from \fI/dev/tty\fR
(like the \fBpasswd(1)\fR program does). This option
is to aid people writing scripts to drive smbpasswd
.TP
\fB-w password\fR
This parameter is only available if Samba
has been configured to use the experimental
\fB--with-ldapsam\fR option. The \fI-w\fR
switch is used to specify the password to be used with the
\fIldap admin
dn\fR Note that the password is stored in
the \fIprivate/secrets.tdb\fR and is keyed off
of the admin's DN. This means that if the value of \fIldap
admin dn\fR ever changes, the password will need to be
manually updated as well.
.TP
\fB-i\fR
This option tells smbpasswd that the account
being changed is an interdomain trust account. Currently this is used
when Samba is being used as an NT Primary Domain Controller.
The account contains the info about another trusted domain.
This option is only available when running smbpasswd as root.
.TP
\fB-L\fR
Run in local mode.
-R name resolve order
This option allows the user of smbpasswd to determine what name resolution services to use when looking up the NetBIOS name of the host being connected to\&.
The options are :"lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows:
\fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the \fBlmhosts\fR(5) for details) then any name type matches for lookup\&.
\fBhost\fR: Do a standard host name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fR file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&.
\fBwins\fR: Query a name with the IP address listed in the \fIwins server\fR parameter\&. If no WINS server has been specified this method will be ignored\&.
\fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
The default order is \fBlmhosts, host, wins, bcast\fR and without this parameter or any entry in the \fBsmb.conf\fR(5) file the name resolution methods will be attempted in this order\&.
.TP
\fBusername\fR
This specifies the username for all of the
\fBroot only\fR options to operate on. Only root
can specify this parameter as only root has the permission needed
to modify attributes directly in the local smbpasswd file.
-m
This option tells smbpasswd that the account being changed is a MACHINE account\&. Currently this is used when Samba is being used as an NT Primary Domain Controller\&.
This option is only available when running smbpasswd as root\&.
.TP
-U username
This option may only be used in conjunction with the \fI-r\fR option\&. When changing a password on a remote machine it allows the user to specify the user name on that machine whose password will be changed\&. It is present to allow users who have different user names on different systems to change these passwords\&.
.TP
-h
This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root or as an ordinary user\&.
.TP
-s
This option causes smbpasswd to be silent (i\&.e\&. not issue prompts) and to read its old and new passwords from standard input, rather than from \fI/dev/tty\fR (like the \fBpasswd(1)\fR program does)\&. This option is to aid people writing scripts to drive smbpasswd
.TP
-w password
This parameter is only available if Samba has been configured to use the experimental \fB--with-ldapsam\fR option\&. The \fI-w\fR switch is used to specify the password to be used with the \fIldap admin dn\fR\&. Note that the password is stored in the \fIsecrets\&.tdb\fR and is keyed off of the admin's DN\&. This means that if the value of \fIldap admin dn\fR ever changes, the password will need to be manually updated as well\&.
.TP
-i
This option tells smbpasswd that the account being changed is an interdomain trust account\&. Currently this is used when Samba is being used as an NT Primary Domain Controller\&. The account contains the info about another trusted domain\&.
This option is only available when running smbpasswd as root\&.
.TP
-L
Run in local mode\&.
.TP
username
This specifies the username for all of the \fBroot only\fR options to operate on\&. Only root can specify this parameter as only root has the permission needed to modify attributes directly in the local smbpasswd file\&.
.SH "NOTES"
.PP
Since \fBsmbpasswd\fR works in client-server
mode communicating with a local smbd for a non-root user then
the smbd daemon must be running for this to work. A common problem
is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying a
\fIallow hosts\fR or \fIdeny hosts\fR
entry in the \fIsmb.conf\fR file and neglecting to
allow "localhost" access to the smbd.
Since \fBsmbpasswd\fR works in client-server mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work\&. A common problem is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying either \fIallow hosts\fR or \fIdeny hosts\fR entry in the \fBsmb.conf\fR(5) file and neglecting to allow "localhost" access to the smbd\&.
.PP
In addition, the smbpasswd command is only useful if Samba
has been set up to use encrypted passwords. See the file
\fIENCRYPTION.txt\fR in the docs directory for details
on how to do this.
In addition, the smbpasswd command is only useful if Samba has been set up to use encrypted passwords\&. See the document "LanMan and NT Password Encryption in Samba" in the docs directory for details on how to do this\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fIsmbpasswd(5)\fR
samba(7)
\fBsmbpasswd\fR(5), \fBSamba\fR(7)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

281
docs/manpages/smbsh.1
View File

@ -1,170 +1,141 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBSH" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBSH" 1 "" "" ""
.SH NAME
smbsh \- Allows access to Windows NT filesystem using UNIX commands
.SH SYNOPSIS
\fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-d <debug level>\fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ]
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
.PP
\fBsmbsh\fR allows you to access an NT filesystem
using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a
shell that is dynamically linked in order for \fBsmbsh\fR
to work correctly.
.SH "OPTIONS"
.TP
\fB-W WORKGROUP\fR
Override the default workgroup specified in the
workgroup parameter of the \fIsmb.conf\fR file
for this session. This may be needed to connect to some
servers.
.TP
\fB-U username[%pass]\fR
Sets the SMB username or username and password.
If this option is not specified, the user will be prompted for
both the username and the password. If %pass is not specified,
the user will be prompted for the password.
.TP
\fB-P prefix\fR
This option allows
the user to set the directory prefix for SMB access. The
default value if this option is not specified is
\fBsmb\fR.
.TP
\fB-R <name resolve order>\fR
This option is used to determine what naming
services and in what order to resolve
host names to IP addresses. The option takes a space-separated
string of different name resolution options.
The options are :"lmhosts", "host", "wins" and "bcast".
They cause names to be resolved as follows :
.RS
.TP 0.2i
\(bu
lmhosts :
Lookup an IP address in the Samba lmhosts file. If the
line in lmhosts has no name type attached to the
NetBIOS name
(see the lmhosts(5)
for details) then any name type matches for lookup.
.TP 0.2i
\(bu
host :
Do a standard host name to IP address resolution, using
the system \fI/etc/hosts\fR, NIS, or DNS
lookups. This method of name resolution is operating
system dependent, for instance on IRIX or Solaris this
may be controlled by the \fI/etc/nsswitch.conf
\fR file). Note that this method is only used
if the NetBIOS name type being queried is the 0x20
(server) name type, otherwise it is ignored.
.TP 0.2i
\(bu
wins :
Query a name with the IP address listed in the
\fIwins server\fR parameter. If no
WINS server has been specified this method will be
ignored.
.TP 0.2i
\(bu
bcast :
Do a broadcast on each of the known local interfaces
listed in the \fIinterfaces\fR
parameter. This is the least reliable of the name
resolution methods as it depends on the target host
being on a locally connected subnet.
.RE
If this parameter is not set then the name resolve order
defined in the \fIsmb.conf\fR file parameter
(name resolve order) will be used.
The default order is lmhosts, host, wins, bcast. Without
this parameter or any entry in the \fIname resolve order
\fR parameter of the \fIsmb.conf\fR
file, the name resolution methods will be attempted in this
order.
.TP
\fB-d <debug level>\fR
debug level is an integer from 0 to 10.
The default value if this parameter is not specified
is zero.
The higher this value, the more detail will be logged
about the activities of \fBnmblookup\fR. At level
0, only critical errors and serious warnings will be logged.
.TP
\fB-l logfilename\fR
If specified causes all debug messages to be
written to the file specified by \fIlogfilename
\fR. If not specified then all messages will be
written to\fIstderr\fR.
.TP
\fB-L libdir\fR
This parameter specifies the location of the
shared libraries used by \fBsmbsh\fR. The default
value is specified at compile time.
.SH "EXAMPLES"
.PP
To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password
that authenticates you to the machine running the Windows NT
operating system.
.PP
smbsh \- Allows access to Windows NT filesystem using UNIX commands
.SH "SYNOPSIS"
.nf
system% \fBsmbsh\fR
Username: \fBuser\fR
Password: \fBXXXXXXX\fR
\fBsmbsh\fR [-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logfile] [-L libdir]
.fi
.SH "DESCRIPTION"
.PP
Any dynamically linked command you execute from
this shell will access the \fI/smb\fR directory
using the smb protocol. For example, the command \fBls /smb
\fR will show a list of workgroups. The command
\fBls /smb/MYGROUP \fR will show all the machines in
the workgroup MYGROUP. The command
\fBls /smb/MYGROUP/<machine-name>\fR will show the share
names for that machine. You could then, for example, use the \fB cd\fR command to change directories, \fBvi\fR to
edit files, and \fBrcp\fR to copy files.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBsmbsh\fR allows you to access an NT filesystem using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR\&. You must use a shell that is dynamically linked in order for \fBsmbsh\fR to work correctly\&.
.SH "OPTIONS"
.TP
-W WORKGROUP
Override the default workgroup specified in the workgroup parameter of the \fBsmb.conf\fR(5) file for this session\&. This may be needed to connect to some servers\&.
.TP
-U username[%pass]
Sets the SMB username or username and password\&. If this option is not specified, the user will be prompted for both the username and the password\&. If %pass is not specified, the user will be prompted for the password\&.
.TP
-P prefix
This option allows the user to set the directory prefix for SMB access\&. The default value if this option is not specified is \fBsmb\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-R <name resolve order>
This option is used to determine what naming services and in what order to resolve host names to IP addresses\&. The option takes a space-separated string of different name resolution options\&.
The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows :
\fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the \fBlmhosts\fR(5) for details) then any name type matches for lookup\&.
\fBhost\fR: Do a standard host name to IP address resolution, using the system \fI/etc/hosts\fR, NIS, or DNS lookups\&. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf \fR file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&.
\fBwins\fR: Query a name with the IP address listed in the \fIwins server\fR parameter\&. If no WINS server has been specified this method will be ignored\&.
\fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
If this parameter is not set then the name resolve order defined in the \fBsmb.conf\fR(5) file parameter (\fIname resolve order\fR) will be used\&.
The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the \fIname resolve order \fR parameter of the \fBsmb.conf\fR(5) file, the name resolution methods will be attempted in this order\&.
.TP
-L libdir
This parameter specifies the location of the shared libraries used by \fBsmbsh\fR\&. The default value is specified at compile time\&.
.SH "EXAMPLES"
.PP
To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password that authenticates you to the machine running the Windows NT operating system\&.
.nf
system% \fBsmbsh\fR
Username: \fBuser\fR
Password: \fBXXXXXXX\fR
.fi
.PP
Any dynamically linked command you execute from this shell will access the \fI/smb\fR directory using the smb protocol\&. For example, the command \fBls /smb \fR will show a list of workgroups\&. The command\fBls /smb/MYGROUP \fR will show all the machines in the workgroup MYGROUP\&. The command\fBls /smb/MYGROUP/<machine-name>\fR will show the share names for that machine\&. You could then, for example, use the \fB cd\fR command to change directories, \fBvi\fR to edit files, and \fBrcp\fR to copy files\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "BUGS"
.PP
\fBsmbsh\fR works by intercepting the standard
libc calls with the dynamically loaded versions in \fI smbwrapper.o\fR. Not all calls have been "wrapped", so
some programs may not function correctly under \fBsmbsh
\fR.
\fBsmbsh\fR works by intercepting the standard libc calls with the dynamically loaded versions in \fI smbwrapper\&.o\fR\&. Not all calls have been "wrapped", so some programs may not function correctly under \fBsmbsh \fR\&.
.PP
Programs which are not dynamically linked cannot make
use of \fBsmbsh\fR's functionality. Most versions
of UNIX have a \fBfile\fR command that will
describe how a program was linked.
Programs which are not dynamically linked cannot make use of \fBsmbsh\fR's functionality\&. Most versions of UNIX have a \fBfile\fR command that will describe how a program was linked\&.
.SH "SEE ALSO"
.PP
\fBsmbd(8)\fR
smb.conf(5)
\fBsmbd\fR(8), \fBsmb.conf\fR(5)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

146
docs/manpages/smbspool.8
View File

@ -1,101 +1,115 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBSPOOL" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBSPOOL" 8 "" "" ""
.SH NAME
smbspool \- send a print file to an SMB printer
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ]
.nf
\fBsmbspool\fR {job} {user} {title} {copies} {options} [filename]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
smbspool is a very small print spooling program that
sends a print file to an SMB printer. The command-line arguments
are position-dependent for compatibility with the Common UNIX
Printing System, but you can use smbspool with any printing system
or from a program or script.
smbspool is a very small print spooling program that sends a print file to an SMB printer\&. The command-line arguments are position-dependent for compatibility with the Common UNIX Printing System, but you can use smbspool with any printing system or from a program or script\&.
.PP
\fBDEVICE URI\fR
.PP
smbspool specifies the destination using a Uniform Resource
Identifier ("URI") with a method of "smb". This string can take
a number of forms:
.TP 0.2i
smbspool specifies the destination using a Uniform Resource Identifier ("URI") with a method of "smb"\&. This string can take a number of forms:
.TP 3
\(bu
smb://server/printer
.TP 0.2i
.TP
\(bu
smb://workgroup/server/printer
.TP 0.2i
.TP
\(bu
smb://username:password@server/printer
.TP 0.2i
.TP
\(bu
smb://username:password@workgroup/server/printer
.LP
.PP
smbspool tries to get the URI from argv[0]. If argv[0]
contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable.
smbspool tries to get the URI from argv[0]\&. If argv[0] contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable\&.
.PP
Programs using the \fBexec(2)\fR functions can
pass the URI in argv[0], while shell scripts must set the
\fBDEVICE_URI\fR environment variable prior to
running smbspool.
Programs using the \fBexec(2)\fR functions can pass the URI in argv[0], while shell scripts must set the\fBDEVICE_URI\fR environment variable prior to running smbspool\&.
.SH "OPTIONS"
.TP 0.2i
.TP 3
\(bu
The job argument (argv[1]) contains the
job ID number and is presently not used by smbspool.
.TP 0.2i
The job argument (argv[1]) contains the job ID number and is presently not used by smbspool\&.
.TP
\(bu
The user argument (argv[2]) contains the
print user's name and is presently not used by smbspool.
.TP 0.2i
The user argument (argv[2]) contains the print user's name and is presently not used by smbspool\&.
.TP
\(bu
The title argument (argv[3]) contains the
job title string and is passed as the remote file name
when sending the print job.
.TP 0.2i
The title argument (argv[3]) contains the job title string and is passed as the remote file name when sending the print job\&.
.TP
\(bu
The copies argument (argv[4]) contains
the number of copies to be printed of the named file. If
no filename is provided then this argument is not used by
smbspool.
.TP 0.2i
The copies argument (argv[4]) contains the number of copies to be printed of the named file\&. If no filename is provided then this argument is not used by smbspool\&.
.TP
\(bu
The options argument (argv[5]) contains
the print options in a single string and is currently
not used by smbspool.
.TP 0.2i
The options argument (argv[5]) contains the print options in a single string and is currently not used by smbspool\&.
.TP
\(bu
The filename argument (argv[6]) contains the
name of the file to print. If this argument is not specified
then the print file is read from the standard input.
The filename argument (argv[6]) contains the name of the file to print\&. If this argument is not specified then the print file is read from the standard input\&.
.LP
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbd(8)\fR
and samba(7)
\fBsmbd\fR(8) and \fBSamba\fR(7)\&.
.SH "AUTHOR"
.PP
\fBsmbspool\fR was written by Michael Sweet
at Easy Software Products.
\fBsmbspool\fR was written by Michael Sweet at Easy Software Products\&.
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

158
docs/manpages/smbstatus.1
View File

@ -1,77 +1,131 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBSTATUS" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBSTATUS" 1 "" "" ""
.SH NAME
smbstatus \- report on current Samba connections
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbstatus\fR [ \fB-P\fR ] [ \fB-b\fR ] [ \fB-d <debug level>\fR ] [ \fB-v\fR ] [ \fB-L\fR ] [ \fB-B\fR ] [ \fB-p\fR ] [ \fB-S\fR ] [ \fB-s <configuration file>\fR ] [ \fB-u <username>\fR ]
.nf
\fBsmbstatus\fR [-P] [-b] [-d <debug level>] [-v] [-L] [-B] [-p] [-S] [-s <configuration
file>] [-u <username>]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBsmbstatus\fR is a very simple program to
list the current Samba connections.
\fBsmbstatus\fR is a very simple program to list the current Samba connections\&.
.SH "OPTIONS"
.TP
\fB-P|--profile\fR
If samba has been compiled with the
profiling option, print only the contents of the profiling
shared memory area.
-P|--profile
If samba has been compiled with the profiling option, print only the contents of the profiling shared memory area\&.
.TP
\fB-b|--brief\fR
gives brief output.
-b|--brief
gives brief output\&.
.TP
\fB-d|--debug=<debuglevel>\fR
sets debugging to specified level
-V
Prints the version number for \fBsmbd\fR\&.
.TP
\fB-v|--verbose\fR
gives verbose output.
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
\fB-L|--locks\fR
causes smbstatus to only list locks.
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
\fB-B|--byterange\fR
causes smbstatus to include byte range locks.
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.TP
\fB-p|--processes\fR
print a list of \fBsmbd(8)\fR processes and exit.
Useful for scripting.
-v|--verbose
gives verbose output\&.
.TP
\fB-S|--shares\fR
causes smbstatus to only list shares.
-L|--locks
causes smbstatus to only list locks\&.
.TP
\fB-s|--conf=<configuration file>\fR
The default configuration file name is
determined at compile time. The file specified contains the
configuration details required by the server. See \fIsmb.conf(5)\fR
for more information.
-B|--byterange
causes smbstatus to include byte range locks\&.
.TP
\fB-u|--user=<username>\fR
selects information relevant to
\fIusername\fR only.
-p|--processes
print a list of \fBsmbd\fR(8) processes and exit\&. Useful for scripting\&.
.TP
-S|--shares
causes smbstatus to only list shares\&.
.TP
-h|--help
Print a summary of command line options\&.
.TP
-u|--user=<username>
selects information relevant to \fIusername\fR only\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbd(8)\fR and
smb.conf(5)
\fBsmbd\fR(8) and \fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

199
docs/manpages/smbtar.1
View File

@ -1,121 +1,148 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBTAR" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBTAR" 1 "" "" ""
.SH NAME
smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives
.SH SYNOPSIS
smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives
.SH "SYNOPSIS"
\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR
.nf
\fBsmbtar\fR [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename]
[-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBsmbtar\fR is a very small shell script on top
of \fBsmbclient(1)\fR
which dumps SMB shares directly to tape.
\fBsmbtar\fR is a very small shell script on top of \fBsmbclient\fR(1) which dumps SMB shares directly to tape\&.
.SH "OPTIONS"
.TP
\fB-s server\fR
The SMB/CIFS server that the share resides
upon.
-s server
The SMB/CIFS server that the share resides upon\&.
.TP
\fB-x service\fR
The share name on the server to connect to.
The default is "backup".
-x service
The share name on the server to connect to\&. The default is "backup"\&.
.TP
\fB-X\fR
Exclude mode. Exclude filenames... from tar
create or restore.
-X
Exclude mode\&. Exclude filenames\&.\&.\&. from tar create or restore\&.
.TP
\fB-d directory\fR
Change to initial \fIdirectory
\fR before restoring / backing up files.
-d directory
Change to initial \fIdirectory \fR before restoring / backing up files\&.
.TP
\fB-v\fR
Verbose mode.
-v
Verbose mode\&.
.TP
\fB-p password\fR
The password to use to access a share.
Default: none
-p password
The password to use to access a share\&. Default: none
.TP
\fB-u user\fR
The user id to connect as. Default:
UNIX login name.
-u user
The user id to connect as\&. Default: UNIX login name\&.
.TP
\fB-t tape\fR
Tape device. May be regular file or tape
device. Default: \fI$TAPE\fR environmental
variable; if not set, a file called \fItar.out
\fR.
-a
Reset DOS archive bit mode to indicate file has been archived\&.
.TP
\fB-b blocksize\fR
Blocking factor. Defaults to 20. See
\fBtar(1)\fR for a fuller explanation.
-t tape
Tape device\&. May be regular file or tape device\&. Default: \fI$TAPE\fR environmental variable; if not set, a file called \fItar\&.out \fR\&.
.TP
\fB-N filename\fR
Backup only files newer than filename. Could
be used (for example) on a log file to implement incremental
backups.
-b blocksize
Blocking factor\&. Defaults to 20\&. See \fBtar(1)\fR for a fuller explanation\&.
.TP
\fB-i\fR
Incremental mode; tar files are only backed
up if they have the archive bit set. The archive bit is reset
after each file is read.
-N filename
Backup only files newer than filename\&. Could be used (for example) on a log file to implement incremental backups\&.
.TP
\fB-r\fR
Restore. Files are restored to the share
from the tar file.
-i
Incremental mode; tar files are only backed up if they have the archive bit set\&. The archive bit is reset after each file is read\&.
.TP
\fB-l log level\fR
Log (debug) level. Corresponds to the
\fI-d\fR flag of \fBsmbclient(1)
\fR.
-r
Restore\&. Files are restored to the share from the tar file\&.
.TP
-l log level
Log (debug) level\&. Corresponds to the \fI-d\fR flag of \fBsmbclient\fR(1)\&.
.SH "ENVIRONMENT VARIABLES"
.PP
The \fI$TAPE\fR variable specifies the
default tape device to write to. May be overridden
with the -t option.
The \fI$TAPE\fR variable specifies the default tape device to write to\&. May be overridden with the -t option\&.
.SH "BUGS"
.PP
The \fBsmbtar\fR script has different
options from ordinary tar and from smbclient's tar command.
The \fBsmbtar\fR script has different options from ordinary tar and from smbclient's tar command\&.
.SH "CAVEATS"
.PP
Sites that are more careful about security may not like
the way the script handles PC passwords. Backup and restore work
on entire shares; should work on file lists. smbtar works best
with GNU tar and may not work well with other versions.
Sites that are more careful about security may not like the way the script handles PC passwords\&. Backup and restore work on entire shares; should work on file lists\&. smbtar works best with GNU tar and may not work well with other versions\&.
.SH "DIAGNOSTICS"
.PP
See the \fBDIAGNOSTICS\fR section for the
\fBsmbclient(1)\fR
command.
See the \fBDIAGNOSTICS\fR section for the \fBsmbclient\fR(1) command\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbd(8)\fR
\fBsmbclient(1)\fR
smb.conf(5)
\fBsmbd\fR(8), \fBsmbclient\fR(1), \fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
Ricky Poulten <URL:mailto:poultenr@logica.co.uk>
wrote the tar extension and this man page. The \fBsmbtar\fR
script was heavily rewritten and improved by Martin Kraemer <URL:mailto:Martin.Kraemer@mch.sni.de>. Many
thanks to everyone who suggested extensions, improvements, bug
fixes, etc. The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter.
Ricky Poulten wrote the tar extension and this man page\&. The \fBsmbtar\fR script was heavily rewritten and improved by Martin Kraemer\&. Many thanks to everyone who suggested extensions, improvements, bug fixes, etc\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

69
docs/manpages/smbumount.8
View File

@ -1,43 +1,56 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBUMOUNT" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SMBUMOUNT" 8 "" "" ""
.SH NAME
smbumount \- smbfs umount for normal users
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBsmbumount\fR \fBmount-point\fR
.nf
\fBsmbumount\fR {mount-point}
.fi
.SH "DESCRIPTION"
.PP
With this program, normal users can unmount smb-filesystems,
provided that it is suid root. \fBsmbumount\fR has
been written to give normal Linux users more control over their
resources. It is safe to install this program suid root, because only
the user who has mounted a filesystem is allowed to unmount it again.
For root it is not necessary to use smbumount. The normal umount
program works perfectly well, but it would certainly be problematic
to make umount setuid root.
With this program, normal users can unmount smb-filesystems, provided that it is suid root\&. \fBsmbumount\fR has been written to give normal Linux users more control over their resources\&. It is safe to install this program suid root, because only the user who has mounted a filesystem is allowed to unmount it again\&. For root it is not necessary to use smbumount\&. The normal umount program works perfectly well, but it would certainly be problematic to make umount setuid root\&.
.SH "OPTIONS"
.TP
\fBmount-point\fR
The directory to unmount.
mount-point
The directory to unmount\&.
.SH "SEE ALSO"
.PP
\fBsmbmount(8)\fR
\fBsmbmount\fR(8)
.SH "AUTHOR"
.PP
Volker Lendecke, Andrew Tridgell, Michael H. Warfield
and others.
Volker Lendecke, Andrew Tridgell, Michael H\&. Warfield and others\&.
.PP
The current maintainer of smbfs and the userspace
tools \fBsmbmount\fR, \fBsmbumount\fR,
and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
The SAMBA Mailing list <URL:mailto:samba@samba.org>
is the preferred place to ask questions regarding these programs.
The current maintainer of smbfs and the userspace tools \fBsmbmount\fR, \fBsmbumount\fR, and \fBsmbmnt\fR is Urban Widmark\&. The SAMBA Mailing list is the preferred place to ask questions regarding these programs\&.
.PP
The conversion of this manpage for Samba 2.2 was performed
by Gerald Carter
The conversion of this manpage for Samba 2\&.2 was performed by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

243
docs/manpages/swat.8
View File

@ -1,141 +1,184 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SWAT" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "SWAT" 8 "" "" ""
.SH NAME
swat \- Samba Web Administration Tool
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBswat\fR [ \fB-s <smb config file>\fR ] [ \fB-a\fR ]
.nf
\fBswat\fR [-s <smb config file>] [-a]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBswat\fR allows a Samba administrator to
configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition,
a \fBswat\fR configuration page has help links
to all the configurable options in the \fIsmb.conf\fR file allowing an
administrator to easily look up the effects of any change.
\fBswat\fR allows a Samba administrator to configure the complex \fBsmb.conf\fR(5) file via a Web browser\&. In addition, a \fBswat\fR configuration page has help links to all the configurable options in the \fIsmb\&.conf\fR file allowing an administrator to easily look up the effects of any change\&.
.PP
\fBswat\fR is run from \fBinetd\fR
.SH "OPTIONS"
.TP
\fB-s smb configuration file\fR
The default configuration file path is
determined at compile time. The file specified contains
the configuration details required by the \fBsmbd
\fR server. This is the file that \fBswat\fR will modify.
The information in this file includes server-specific
information such as what printcap file to use, as well as
descriptions of all the services that the server is to provide.
See \fIsmb.conf\fR for more information.
.TP
\fB-a\fR
This option disables authentication and puts
\fBswat\fR in demo mode. In that mode anyone will be able to modify
the \fIsmb.conf\fR file.
\fBWARNING: Do NOT enable this option on a production
server. \fR
.SH "OPTIONS"
.TP
-s smb configuration file
The default configuration file path is determined at compile time\&. The file specified contains the configuration details required by the \fBsmbd\fR(8) server\&. This is the file that \fBswat\fR will modify\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&.
.TP
-a
This option disables authentication and puts \fBswat\fR in demo mode\&. In that mode anyone will be able to modify the \fIsmb\&.conf\fR file\&.
\fBWARNING: Do NOT enable this option on a production server\&. \fR
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.TP
-h|--help
Print a summary of command line options\&.
.SH "INSTALLATION"
.PP
After you compile SWAT you need to run \fBmake install
\fR to install the \fBswat\fR binary
and the various help files and images. A default install would put
these in:
.TP 0.2i
Swat is included as binary package with most distributions\&. The package manager in this case takes care of the installation and configuration\&. This section is only for those who have compiled swat from scratch\&.
.PP
After you compile SWAT you need to run \fBmake install \fR to install the \fBswat\fR binary and the various help files and images\&. A default install would put these in:
.TP 3
\(bu
/usr/local/samba/bin/swat
.TP 0.2i
.TP
\(bu
/usr/local/samba/swat/images/*
.TP 0.2i
.TP
\(bu
/usr/local/samba/swat/help/*
.SS "INETD INSTALLATION"
.LP
.SS "Inetd Installation"
.PP
You need to edit your \fI/etc/inetd.conf
\fR and \fI/etc/services\fR
to enable SWAT to be launched via \fBinetd\fR.
You need to edit your \fI/etc/inetd\&.conf \fR and \fI/etc/services\fR to enable SWAT to be launched via \fBinetd\fR\&.
.PP
In \fI/etc/services\fR you need to
add a line like this:
In \fI/etc/services\fR you need to add a line like this:
.PP
\fBswat 901/tcp\fR
\fBswat 901/tcp\fR
.PP
Note for NIS/YP users - you may need to rebuild the
NIS service maps rather than alter your local \fI /etc/services\fR file.
Note for NIS/YP and LDAP users - you may need to rebuild the NIS service maps rather than alter your local \fI /etc/services\fR file\&.
.PP
the choice of port number isn't really important
except that it should be less than 1024 and not currently
used (using a number above 1024 presents an obscure security
hole depending on the implementation details of your
\fBinetd\fR daemon).
the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your\fBinetd\fR daemon)\&.
.PP
In \fI/etc/inetd.conf\fR you should
add a line like this:
In \fI/etc/inetd\&.conf\fR you should add a line like this:
.PP
\fBswat stream tcp nowait.400 root
/usr/local/samba/bin/swat swat\fR
\fBswat stream tcp nowait.400 root /usr/local/samba/bin/swat swat\fR
.PP
One you have edited \fI/etc/services\fR
and \fI/etc/inetd.conf\fR you need to send a
HUP signal to inetd. To do this use \fBkill -1 PID
\fR where PID is the process ID of the inetd daemon.
.SS "LAUNCHING"
One you have edited \fI/etc/services\fR and \fI/etc/inetd\&.conf\fR you need to send a HUP signal to inetd\&. To do this use \fBkill -1 PID \fR where PID is the process ID of the inetd daemon\&.
.SH "LAUNCHING"
.PP
To launch SWAT just run your favorite web browser and
point it at "http://localhost:901/".
To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\&.
.PP
Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be sent
in the clear over the wire.
Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent in the clear over the wire\&.
.SH "FILES"
.TP
\fB\fI/etc/inetd.conf\fB\fR
This file must contain suitable startup
information for the meta-daemon.
\fI/etc/inetd\&.conf\fR
This file must contain suitable startup information for the meta-daemon\&.
.TP
\fB\fI/etc/services\fB\fR
This file must contain a mapping of service name
(e.g., swat) to service port (e.g., 901) and protocol type
(e.g., tcp).
\fI/etc/services\fR
This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&.
.TP
\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
This is the default location of the \fIsmb.conf(5)
\fR server configuration file that swat edits. Other
common places that systems install this file are \fI /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf
\fR. This file describes all the services the server
is to make available to clients.
\fI/usr/local/samba/lib/smb\&.conf\fR
This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. Other common places that systems install this file are \fI /usr/samba/lib/smb\&.conf\fR and \fI/etc/smb\&.conf \fR\&. This file describes all the services the server is to make available to clients\&.
.SH "WARNINGS"
.PP
\fBswat\fR will rewrite your \fIsmb.conf
\fR file. It will rearrange the entries and delete all
comments, \fIinclude=\fR and \fIcopy=
\fR options. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat!
\fBswat\fR will rewrite your \fBsmb.conf\fR(5) file\&. It will rearrange the entries and delete all comments, \fIinclude=\fR and \fIcopy= \fR options\&. If you have a carefully crafted \fI smb\&.conf\fR then back it up or don't use swat!
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBinetd(5)\fR,
\fBsmbd(8)\fR
smb.conf(5)
\fBinetd(5)\fR, \fBsmbd\fR(8), \fBsmb.conf\fR(5)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

175
docs/manpages/testparm.1
View File

@ -1,110 +1,123 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "TESTPARM" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "TESTPARM" 1 "" "" ""
.SH NAME
testparm \- check an smb.conf configuration file for internal correctness
.SH SYNOPSIS
testparm \- check an smb.conf configuration file for internal correctness
.SH "SYNOPSIS"
\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [ \fB-v\fR ] [ \fB-L <servername>\fR ] [ \fB-t <encoding>\fR ] \fBconfig filename\fR [ \fBhostname hostIP\fR ]
.nf
\fBtestparm\fR [-s] [-h] [-v] [-L <servername>] [-t <encoding>] {config filename} [hostname
hostIP]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBtestparm\fR is a very simple test program
to check an \fBsmbd\fR configuration file for
internal correctness. If this program reports no problems, you
can use the configuration file with confidence that \fBsmbd
\fR will successfully load the configuration file.
\fBtestparm\fR is a very simple test program to check an \fBsmbd\fR(8) configuration file for internal correctness\&. If this program reports no problems, you can use the configuration file with confidence that \fBsmbd \fR will successfully load the configuration file\&.
.PP
Note that this is \fBNOT\fR a guarantee that
the services specified in the configuration file will be
available or will operate as expected.
Note that this is \fBNOT\fR a guarantee that the services specified in the configuration file will be available or will operate as expected\&.
.PP
If the optional host name and host IP address are
specified on the command line, this test program will run through
the service entries reporting whether the specified host
has access to each service.
If the optional host name and host IP address are specified on the command line, this test program will run through the service entries reporting whether the specified host has access to each service\&.
.PP
If \fBtestparm\fR finds an error in the \fI smb.conf\fR file it returns an exit code of 1 to the calling
program, else it returns an exit code of 0. This allows shell scripts
to test the output from \fBtestparm\fR.
If \fBtestparm\fR finds an error in the \fI smb\&.conf\fR file it returns an exit code of 1 to the calling program, else it returns an exit code of 0\&. This allows shell scripts to test the output from \fBtestparm\fR\&.
.SH "OPTIONS"
.TP
\fB-s\fR
Without this option, \fBtestparm\fR
will prompt for a carriage return after printing the service
names and before dumping the service definitions.
-s
Without this option, \fBtestparm\fR will prompt for a carriage return after printing the service names and before dumping the service definitions\&.
.TP
\fB-h\fR
Print usage message
-h|--help
Print a summary of command line options\&.
.TP
\fB-L servername\fR
Sets the value of the %L macro to \fIservername\fR.
This is useful for testing include files specified with the
%L macro.
-V
Prints the version number for \fBsmbd\fR\&.
.TP
\fB-v\fR
If this option is specified, testparm
will also output all options that were not used in
\fIsmb.conf\fR and are thus set to
their defaults.
-L servername
Sets the value of the %L macro to \fIservername\fR\&. This is useful for testing include files specified with the %L macro\&.
.TP
\fB-t encoding\fR
Output data in specified encoding.
-v
If this option is specified, testparm will also output all options that were not used in \fBsmb.conf\fR(5) and are thus set to their defaults\&.
.TP
\fBconfigfilename\fR
This is the name of the configuration file
to check. If this parameter is not present then the
default \fIsmb.conf\fR file will be checked.
-t encoding
Output data in specified encoding\&.
.TP
\fBhostname\fR
If this parameter and the following are
specified, then \fBtestparm\fR will examine the \fIhosts
allow\fR and \fIhosts deny\fR
parameters in the \fIsmb.conf\fR file to
determine if the hostname with this IP address would be
allowed access to the \fBsmbd\fR server. If
this parameter is supplied, the hostIP parameter must also
be supplied.
configfilename
This is the name of the configuration file to check\&. If this parameter is not present then the default \fBsmb.conf\fR(5) file will be checked\&.
.TP
\fBhostIP\fR
This is the IP address of the host specified
in the previous parameter. This address must be supplied
if the hostname parameter is supplied.
hostname
If this parameter and the following are specified, then \fBtestparm\fR will examine the \fIhosts allow\fR and \fIhosts deny\fR parameters in the \fBsmb.conf\fR(5) file to determine if the hostname with this IP address would be allowed access to the \fBsmbd\fR server\&. If this parameter is supplied, the hostIP parameter must also be supplied\&.
.TP
hostIP
This is the IP address of the host specified in the previous parameter\&. This address must be supplied if the hostname parameter is supplied\&.
.SH "FILES"
.TP
\fB\fIsmb.conf\fB\fR
This is usually the name of the configuration
file used by \fBsmbd\fR.
\fBsmb.conf\fR(5)
This is usually the name of the configuration file used by \fBsmbd\fR(8)\&.
.SH "DIAGNOSTICS"
.PP
The program will issue a message saying whether the
configuration file loaded OK or not. This message may be preceded by
errors and warnings if the file did not load. If the file was
loaded OK, the program then dumps all known service details
to stdout.
The program will issue a message saying whether the configuration file loaded OK or not\&. This message may be preceded by errors and warnings if the file did not load\&. If the file was loaded OK, the program then dumps all known service details to stdout\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fIsmb.conf(5)\fR
\fBsmbd(8)\fR
\fBsmb.conf\fR(5), \fBsmbd\fR(8)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

135
docs/manpages/testprns.1
View File

@ -1,91 +1,96 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "TESTPRNS" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "TESTPRNS" 1 "" "" ""
.SH NAME
testprns \- check printer name for validity with smbd
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ]
.nf
\fBtestprns\fR {printername} [printcapname]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBtestprns\fR is a very simple test program
to determine whether a given printer name is valid for use in
a service to be provided by \fB smbd(8)\fR
\fBtestprns\fR is a very simple test program to determine whether a given printer name is valid for use in a service to be provided by \fBsmbd\fR(8)\&.
.PP
"Valid" in this context means "can be found in the
printcap specified". This program is very stupid - so stupid in
fact that it would be wisest to always specify the printcap file
to use.
"Valid" in this context means "can be found in the printcap specified"\&. This program is very stupid - so stupid in fact that it would be wisest to always specify the printcap file to use\&.
.SH "OPTIONS"
.TP
\fBprintername\fR
The printer name to validate.
Printer names are taken from the first field in each
record in the printcap file, single printer names and sets
of aliases separated by vertical bars ("|") are recognized.
Note that no validation or checking of the printcap syntax is
done beyond that required to extract the printer name. It may
be that the print spooling system is more forgiving or less
forgiving than \fBtestprns\fR. However, if
\fBtestprns\fR finds the printer then
\fBsmbd\fR should do so as well.
.TP
\fBprintcapname\fR
This is the name of the printcap file within
which to search for the given printer name.
printername
The printer name to validate\&.
Printer names are taken from the first field in each record in the printcap file, single printer names and sets of aliases separated by vertical bars ("|") are recognized\&. Note that no validation or checking of the printcap syntax is done beyond that required to extract the printer name\&. It may be that the print spooling system is more forgiving or less forgiving than \fBtestprns\fR\&. However, if \fBtestprns\fR finds the printer then \fBsmbd\fR(8) should do so as well\&.
.TP
printcapname
This is the name of the printcap file within which to search for the given printer name\&.
If no printcap name is specified \fBtestprns \fR will attempt to scan the printcap file name specified at compile time\&.
If no printcap name is specified \fBtestprns
\fR will attempt to scan the printcap file name
specified at compile time.
.SH "FILES"
.TP
\fB\fI/etc/printcap\fB\fR
This is usually the default printcap
file to scan. See \fIprintcap (5)\fR.
\fI/etc/printcap\fR
This is usually the default printcap file to scan\&. See \fIprintcap (5)\fR\&.
.SH "DIAGNOSTICS"
.PP
If a printer is found to be valid, the message
"Printer name <printername> is valid" will be
displayed.
If a printer is found to be valid, the message "Printer name <printername> is valid" will be displayed\&.
.PP
If a printer is found to be invalid, the message
"Printer name <printername> is not valid" will be
displayed.
If a printer is found to be invalid, the message "Printer name <printername> is not valid" will be displayed\&.
.PP
All messages that would normally be logged during
operation of the Samba daemons are logged by this program to the
file \fItest.log\fR in the current directory. The
program runs at debuglevel 3, so quite extensive logging
information is written. The log should be checked carefully
for errors and warnings.
All messages that would normally be logged during operation of the Samba daemons are logged by this program to the file \fItest\&.log\fR in the current directory\&. The program runs at debuglevel 3, so quite extensive logging information is written\&. The log should be checked carefully for errors and warnings\&.
.PP
Other messages are self-explanatory.
Other messages are self-explanatory\&.
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fIprintcap(5)\fR,
\fBsmbd(8)\fR
\fBsmbclient(1)\fR
\fIprintcap(5)\fR,\fBsmbd\fR(8), \fBsmbclient\fR(1)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

262
docs/manpages/vfstest.1
View File

@ -1,195 +1,271 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "VFSTEST" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "VFSTEST" 1 "" "" ""
.SH NAME
vfstest \- tool for testing samba VFS modules
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBvfstest\fR [ \fB-d debuglevel\fR ] [ \fB-c command\fR ] [ \fB-l logfile\fR ] [ \fB-h\fR ]
.nf
\fBvfstest\fR [-d debuglevel] [-c command] [-l logfile] [-h]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
\fBvfstest\fR is a small command line
utility that has the ability to test dso samba VFS modules. It gives the
user the ability to call the various VFS functions manually and
supports cascaded VFS modules.
\fBvfstest\fR is a small command line utility that has the ability to test dso samba VFS modules\&. It gives the user the ability to call the various VFS functions manually and supports cascaded VFS modules\&.
.SH "OPTIONS"
.TP
\fB-c|--command=command\fR
Execute the specified (colon-separated) commands.
See below for the commands that are available.
.TP
\fB-d|--debug=debuglevel\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will
override the log
level file.
.TP
\fB-h|--help\fR
Print a summary of command line options.
-c|--command=command
Execute the specified (colon-separated) commands\&. See below for the commands that are available\&.
.TP
\fB-l|--logfile=logbasename\fR
File name for log/debug files. The extension
\&'.client' will be appended. The log file is never removed
by the client.
-h|--help
Print a summary of command line options\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB'\&.client'\fR will be appended\&. The log file is never removed by the client\&.
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.SH "COMMANDS"
.PP
\fBVFS COMMANDS\fR
.TP 0.2i
.TP 3
\(bu
\fBload <module.so>\fR - Load specified VFS module
.TP 0.2i
\fBload <module.so>\fR - Load specified VFS module
.TP
\(bu
\fBpopulate <char> <size>\fR - Populate a data buffer with the specified data
.TP 0.2i
.TP
\(bu
\fBshowdata [<offset> <len>]\fR - Show data currently in data buffer
.TP 0.2i
.TP
\(bu
\fBconnect\fR - VFS connect()
.TP 0.2i
.TP
\(bu
\fBdisconnect\fR - VFS disconnect()
.TP 0.2i
.TP
\(bu
\fBdisk_free\fR - VFS disk_free()
.TP 0.2i
.TP
\(bu
\fBopendir\fR - VFS opendir()
.TP 0.2i
.TP
\(bu
\fBreaddir\fR - VFS readdir()
.TP 0.2i
.TP
\(bu
\fBmkdir\fR - VFS mkdir()
.TP 0.2i
.TP
\(bu
\fBrmdir\fR - VFS rmdir()
.TP 0.2i
.TP
\(bu
\fBclosedir\fR - VFS closedir()
.TP 0.2i
.TP
\(bu
\fBopen\fR - VFS open()
.TP 0.2i
.TP
\(bu
\fBclose\fR - VFS close()
.TP 0.2i
.TP
\(bu
\fBread\fR - VFS read()
.TP 0.2i
.TP
\(bu
\fBwrite\fR - VFS write()
.TP 0.2i
.TP
\(bu
\fBlseek\fR - VFS lseek()
.TP 0.2i
.TP
\(bu
\fBrename\fR - VFS rename()
.TP 0.2i
.TP
\(bu
\fBfsync\fR - VFS fsync()
.TP 0.2i
.TP
\(bu
\fBstat\fR - VFS stat()
.TP 0.2i
.TP
\(bu
\fBfstat\fR - VFS fstat()
.TP 0.2i
.TP
\(bu
\fBlstat\fR - VFS lstat()
.TP 0.2i
.TP
\(bu
\fBunlink\fR - VFS unlink()
.TP 0.2i
.TP
\(bu
\fBchmod\fR - VFS chmod()
.TP 0.2i
.TP
\(bu
\fBfchmod\fR - VFS fchmod()
.TP 0.2i
.TP
\(bu
\fBchown\fR - VFS chown()
.TP 0.2i
.TP
\(bu
\fBfchown\fR - VFS fchown()
.TP 0.2i
.TP
\(bu
\fBchdir\fR - VFS chdir()
.TP 0.2i
.TP
\(bu
\fBgetwd\fR - VFS getwd()
.TP 0.2i
.TP
\(bu
\fButime\fR - VFS utime()
.TP 0.2i
.TP
\(bu
\fBftruncate\fR - VFS ftruncate()
.TP 0.2i
.TP
\(bu
\fBlock\fR - VFS lock()
.TP 0.2i
.TP
\(bu
\fBsymlink\fR - VFS symlink()
.TP 0.2i
.TP
\(bu
\fBreadlink\fR - VFS readlink()
.TP 0.2i
.TP
\(bu
\fBlink\fR - VFS link()
.TP 0.2i
.TP
\(bu
\fBmknod\fR - VFS mknod()
.TP 0.2i
.TP
\(bu
\fBrealpath\fR - VFS realpath()
.LP
.PP
\fBGENERAL COMMANDS\fR
.TP 0.2i
.TP 3
\(bu
\fBconf <smb.conf>\fR - Load a different configuration file
.TP 0.2i
.TP
\(bu
\fBhelp [<command>]\fR - Get list of commands or info about specified command
.TP 0.2i
.TP
\(bu
\fBdebuglevel <level>\fR - Set debug level
.TP 0.2i
.TP
\(bu
\fBfreemem\fR - Free memory currently in use
.TP 0.2i
.TP
\(bu
\fBexit\fR - Exit vfstest
.LP
.SH "VERSION"
.PP
This man page is correct for version 3.0 of the Samba
suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The vfstest man page was written by Jelmer Vernooij.
The vfstest man page was written by Jelmer Vernooij\&.

238
docs/manpages/wbinfo.1
View File

@ -1,139 +1,169 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "WBINFO" "1" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "WBINFO" 1 "" "" ""
.SH NAME
wbinfo \- Query information from winbind daemon
.SH SYNOPSIS
.SH "SYNOPSIS"
\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-i ip\fR ] [ \fB-N netbios-name\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] [ \fB-p\fR ]
.nf
\fBwbinfo\fR [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid]
[-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password]
[-A user%password] [--get-auth-user] [-p]
.fi
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
This tool is part of the \fBSamba\fR(7) suite\&.
.PP
The \fBwbinfo\fR program queries and returns information
created and used by the \fB winbindd(8)\fR daemon.
The \fBwbinfo\fR program queries and returns information created and used by the \fBwinbindd\fR(8) daemon\&.
.PP
The \fBwinbindd(8)\fR daemon must be configured
and running for the \fBwbinfo\fR program to be able
to return information.
The \fBwinbindd\fR(8) daemon must be configured and running for the \fBwbinfo\fR program to be able to return information\&.
.SH "OPTIONS"
.TP
\fB-u\fR
This option will list all users available
in the Windows NT domain for which the \fBwinbindd(8)
\fR daemon is operating in. Users in all trusted domains
will also be listed. Note that this operation does not assign
user ids to any users that have not already been seen by
\fBwinbindd(8)\fR.
-u
This option will list all users available in the Windows NT domain for which the \fBwinbindd\fR(8) daemon is operating in\&. Users in all trusted domains will also be listed\&. Note that this operation does not assign user ids to any users that have not already been seen by \fBwinbindd\fR(8) \&.
.TP
\fB-g\fR
This option will list all groups available
in the Windows NT domain for which the \fBwinbindd(8)
\fR daemon is operating in. Groups in all trusted domains
will also be listed. Note that this operation does not assign
group ids to any groups that have not already been seen by
\fBwinbindd(8)\fR.
-g
This option will list all groups available in the Windows NT domain for which the \fBSamba\fR(7) daemon is operating in\&. Groups in all trusted domains will also be listed\&. Note that this operation does not assign group ids to any groups that have not already been seen by \fBwinbindd\fR(8)\&.
.TP
\fB-N name\fR
The \fI-N\fR option
queries \fBwinbindd(8)\fR to query the WINS
server for the IP address associated with the NetBIOS name
specified by the \fIname\fR parameter.
-N name
The \fI-N\fR option queries \fBwinbindd\fR(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the \fIname\fR parameter\&.
.TP
\fB-I ip\fR
The \fI-I\fR option
queries \fBwinbindd(8)\fR to send a node status
request to get the NetBIOS name associated with the IP address
specified by the \fIip\fR parameter.
-I ip
The \fI-I\fR option queries \fBwinbindd\fR(8) to send a node status request to get the NetBIOS name associated with the IP address specified by the \fIip\fR parameter\&.
.TP
\fB-n name\fR
The \fI-n\fR option
queries \fBwinbindd(8)\fR for the SID
associated with the name specified. Domain names can be specified
before the user name by using the winbind separator character.
For example CWDOM1/Administrator refers to the Administrator
user in the domain CWDOM1. If no domain is specified then the
domain used is the one specified in the \fIsmb.conf\fR
\fIworkgroup\fR parameter.
-n name
The \fI-n\fR option queries \fBwinbindd\fR(8) for the SID associated with the name specified\&. Domain names can be specified before the user name by using the winbind separator character\&. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1\&. If no domain is specified then the domain used is the one specified in the \fBsmb.conf\fR(5) \fIworkgroup \fR parameter\&.
.TP
\fB-s sid\fR
Use \fI-s\fR to resolve
a SID to a name. This is the inverse of the \fI-n
\fR option above. SIDs must be specified as ASCII strings
in the traditional Microsoft format. For example,
S-1-5-21-1455342024-3071081365-2475485837-500.
-s sid
Use \fI-s\fR to resolve a SID to a name\&. This is the inverse of the \fI-n \fR option above\&. SIDs must be specified as ASCII strings in the traditional Microsoft format\&. For example, S-1-5-21-1455342024-3071081365-2475485837-500\&.
.TP
\fB-U uid\fR
Try to convert a UNIX user id to a Windows NT
SID. If the uid specified does not refer to one within
the winbind uid range then the operation will fail.
-U uid
Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the winbind uid range then the operation will fail\&.
.TP
\fB-G gid\fR
Try to convert a UNIX group id to a Windows
NT SID. If the gid specified does not refer to one within
the winbind gid range then the operation will fail.
-G gid
Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified does not refer to one within the winbind gid range then the operation will fail\&.
.TP
\fB-S sid\fR
Convert a SID to a UNIX user id. If the SID
does not correspond to a UNIX user mapped by \fB winbindd(8)\fR then the operation will fail.
-S sid
Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX user mapped by \fBwinbindd\fR(8) then the operation will fail\&.
.TP
\fB-Y sid\fR
Convert a SID to a UNIX group id. If the SID
does not correspond to a UNIX group mapped by \fB winbindd(8)\fR then the operation will fail.
-Y sid
Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX group mapped by \fBwinbindd\fR(8) then the operation will fail\&.
.TP
\fB-t\fR
Verify that the workstation trust account
created when the Samba server is added to the Windows NT
domain is working.
-t
Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working\&.
.TP
\fB-m\fR
Produce a list of domains trusted by the
Windows NT server \fBwinbindd(8)\fR contacts
when resolving names. This list does not include the Windows
NT domain the server is a Primary Domain Controller for.
-m
Produce a list of domains trusted by the Windows NT server \fBwinbindd\fR(8) contacts when resolving names\&. This list does not include the Windows NT domain the server is a Primary Domain Controller for\&.
.TP
\fB-r username\fR
Try to obtain the list of UNIX group ids
to which the user belongs. This only works for users
defined on a Domain Controller.
--sequence
Show sequence numbers of all known domains
.TP
\fB-a username%password\fR
Attempt to authenticate a user via winbindd.
This checks both authenticaion methods and reports its results.
-r username
Try to obtain the list of UNIX group ids to which the user belongs\&. This only works for users defined on a Domain Controller\&.
.TP
\fB-A username%password\fR
Store username and password used by winbindd
during session setup to a domain controller. This enables
winbindd to operate in a Windows 2000 domain with Restrict
Anonymous turned on (a.k.a. Permissions compatiable with
Windows 2000 servers only).
-a username%password
Attempt to authenticate a user via winbindd\&. This checks both authenticaion methods and reports its results\&.
.TP
-A username%password
Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&.
.TP
--get-auth-user
Print username and password used by winbindd during session setup to a domain controller\&. Username and password can be set using '-A'\&. Only available for root\&.
.TP
-p
Check whether winbindd is still alive\&. Prints out either 'succeeded' or 'failed'\&.
.TP
-V
Prints the version number for \fBsmbd\fR\&.
.TP
-h|--help
Print a summary of command line options\&.
.SH "EXIT STATUS"
.PP
The wbinfo program returns 0 if the operation
succeeded, or 1 if the operation failed. If the \fBwinbindd(8)
\fR daemon is not working \fBwbinfo\fR will always return
failure.
The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed\&. If the \fBwinbindd\fR(8) daemon is not working \fBwbinfo\fR will always return failure\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBwinbindd(8)\fR
\fBwinbindd\fR(8)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
\fBwbinfo\fR and \fBwinbindd\fR
were written by Tim Potter.
\fBwbinfo\fR and \fBwinbindd\fR were written by Tim Potter\&.
.PP
The conversion to DocBook for Samba 2.2 was done
by Gerald Carter
The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

536
docs/manpages/winbindd.8
View File

@ -1,242 +1,240 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "WINBINDD" "8" "04 March 2003" "" ""
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "WINBINDD" 8 "" "" ""
.SH NAME
winbindd \- Name Service Switch daemon for resolving names from NT servers
.SH SYNOPSIS
winbindd \- Name Service Switch daemon for resolving names from NT servers
.SH "SYNOPSIS"
\fBwinbindd\fR [ \fB-F\fR ] [ \fB-S\fR ] [ \fB-i\fR ] [ \fB-B\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-n\fR ]
.nf
\fBwinbindd\fR [-F] [-S] [-i] [-B] [-d <debug level>] [-s <smb config file>] [-n]
.fi
.SH "DESCRIPTION"
.PP
This program is part of the Samba suite.
.PP
\fBwinbindd\fR is a daemon that provides
a service for the Name Service Switch capability that is present
in most modern C libraries. The Name Service Switch allows user
and system information to be obtained from different databases
services such as NIS or DNS. The exact behaviour can be configured
throught the \fI/etc/nsswitch.conf\fR file.
Users and groups are allocated as they are resolved to a range
of user and group ids specified by the administrator of the
Samba system.
.PP
The service provided by \fBwinbindd\fR is called `winbind' and
can be used to resolve user and group information from a
Windows NT server. The service can also provide authentication
services via an associated PAM module.
.PP
The \fIpam_winbind\fR module in the 2.2.2 release only
supports the \fIauth\fR and \fIaccount\fR
module-types. The latter simply
performs a getpwnam() to verify that the system can obtain a uid for the
user. If the \fIlibnss_winbind\fR library has been correctly
installed, this should always succeed.
.PP
The following nsswitch databases are implemented by
the winbindd service:
.TP
\fBhosts\fR
User information traditionally stored in
the \fIhosts(5)\fR file and used by
\fBgethostbyname(3)\fR functions. Names are
resolved through the WINS server or by broadcast.
.TP
\fBpasswd\fR
User information traditionally stored in
the \fIpasswd(5)\fR file and used by
\fBgetpwent(3)\fR functions.
.TP
\fBgroup\fR
Group information traditionally stored in
the \fIgroup(5)\fR file and used by
\fBgetgrent(3)\fR functions.
.PP
For example, the following simple configuration in the
\fI/etc/nsswitch.conf\fR file can be used to initially
resolve user and group information from \fI/etc/passwd
\fR and \fI/etc/group\fR and then from the
Windows NT server.
.PP
.PP
This program is part of the \fBSamba\fR(7) suite\&.
.PP
\fBwinbindd\fR is a daemon that provides a service for the Name Service Switch capability that is present in most modern C libraries\&. The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\&. The exact behaviour can be configured throught the \fI/etc/nsswitch\&.conf\fR file\&. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system\&.
.PP
The service provided by \fBwinbindd\fR is called `winbind' and can be used to resolve user and group information from a Windows NT server\&. The service can also provide authentication services via an associated PAM module\&.
.PP
The \fIpam_winbind\fR module in the 2\&.2\&.2 release only supports the \fIauth\fR and \fIaccount\fR module-types\&. The latter simply performs a getpwnam() to verify that the system can obtain a uid for the user\&. If the \fIlibnss_winbind\fR library has been correctly installed, this should always succeed\&.
.PP
The following nsswitch databases are implemented by the winbindd service:
.TP
hosts
User information traditionally stored in the \fIhosts(5)\fR file and used by \fBgethostbyname(3)\fR functions\&. Names are resolved through the WINS server or by broadcast\&.
.TP
passwd
User information traditionally stored in the \fIpasswd(5)\fR file and used by \fBgetpwent(3)\fR functions\&.
.TP
group
Group information traditionally stored in the \fIgroup(5)\fR file and used by \fBgetgrent(3)\fR functions\&.
.PP
For example, the following simple configuration in the\fI/etc/nsswitch\&.conf\fR file can be used to initially resolve user and group information from \fI/etc/passwd \fR and \fI/etc/group\fR and then from the Windows NT server\&.
.nf
passwd: files winbind
group: files winbind
.fi
.PP
The following simple configuration in the
\fI/etc/nsswitch.conf\fR file can be used to initially
resolve hostnames from \fI/etc/hosts\fR and then from the
WINS server.
The following simple configuration in the\fI/etc/nsswitch\&.conf\fR file can be used to initially resolve hostnames from \fI/etc/hosts\fR and then from the WINS server\&.
.SH "OPTIONS"
.TP
\fB-F\fR
If specified, this parameter causes
the main \fBwinbindd\fR process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
\fBwinbindd\fR under process supervisors such
as \fBsupervise\fR and \fBsvscan\fR
from Daniel J. Bernstein's \fBdaemontools\fR
package, or the AIX process monitor.
-F
If specified, this parameter causes the main \fBwinbindd\fR process to not daemonize, i\&.e\&. double-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running \fBwinbindd\fR under process supervisors such as \fBsupervise\fR and \fBsvscan\fR from Daniel J\&. Bernstein's \fBdaemontools\fR package, or the AIX process monitor\&.
.TP
\fB-S\fR
If specified, this parameter causes
\fBwinbindd\fR to log to standard output rather
than a file.
-S
If specified, this parameter causes \fBwinbindd\fR to log to standard output rather than a file\&.
.TP
\fB-d debuglevel\fR
Sets the debuglevel to an integer between
0 and 100. 0 is for no debugging and 100 is for reams and
reams. To submit a bug report to the Samba Team, use debug
level 100 (see BUGS.txt).
-V
Prints the version number for \fBsmbd\fR\&.
.TP
\fB-i\fR
Tells \fBwinbindd\fR to not
become a daemon and detach from the current terminal. This
option is used by developers when interactive debugging
of \fBwinbindd\fR is required.
\fBwinbindd\fR also logs to standard output,
as if the \fB-S\fR parameter had been given.
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
.TP
\fB-n\fR
Disable caching. This means winbindd will
always have to wait for a response from the domain controller
before it can respond to a client and this thus makes things
slower. The results will however be more accurate, since
results from the cache might not be up-to-date. This
might also temporarily hang winbindd if the DC doesn't respond.
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
.TP
\fB-B\fR
Dual daemon mode. This means winbindd will run
as 2 threads. The first will answer all requests from the cache,
thus making responses to clients faster. The other will
update the cache for the query that the first has just responded.
Advantage of this is that responses are accurate and fast.
-l|--logfile=logbasename
File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
.TP
\fB-s|--conf=smb.conf\fR
Specifies the location of the all-important
\fIsmb.conf\fR file.
-h|--help
Print a summary of command line options\&.
.TP
-i
Tells \fBwinbindd\fR to not become a daemon and detach from the current terminal\&. This option is used by developers when interactive debugging of \fBwinbindd\fR is required\&. \fBwinbindd\fR also logs to standard output, as if the \fB-S\fR parameter had been given\&.
.TP
-n
Disable caching\&. This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower\&. The results will however be more accurate, since results from the cache might not be up-to-date\&. This might also temporarily hang winbindd if the DC doesn't respond\&.
.TP
-B
Dual daemon mode\&. This means winbindd will run as 2 threads\&. The first will answer all requests from the cache, thus making responses to clients faster\&. The other will update the cache for the query that the first has just responded\&. Advantage of this is that responses stay accurate and are faster\&.
.SH "NAME AND ID RESOLUTION"
.PP
Users and groups on a Windows NT server are assigned
a relative id (rid) which is unique for the domain when the
user or group is created. To convert the Windows NT user or group
into a unix user or group, a mapping between rids and unix user
and group ids is required. This is one of the jobs that \fB winbindd\fR performs.
Users and groups on a Windows NT server are assigned a relative id (rid) which is unique for the domain when the user or group is created\&. To convert the Windows NT user or group into a unix user or group, a mapping between rids and unix user and group ids is required\&. This is one of the jobs that \fB winbindd\fR performs\&.
.PP
As winbindd users and groups are resolved from a server, user
and group ids are allocated from a specified range. This
is done on a first come, first served basis, although all existing
users and groups will be mapped as soon as a client performs a user
or group enumeration command. The allocated unix ids are stored
in a database file under the Samba lock directory and will be
remembered.
As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range\&. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command\&. The allocated unix ids are stored in a database file under the Samba lock directory and will be remembered\&.
.PP
WARNING: The rid to unix id database is the only location
where the user and group mappings are stored by winbindd. If this
file is deleted or corrupted, there is no way for winbindd to
determine which user and group ids correspond to Windows NT user
and group rids.
WARNING: The rid to unix id database is the only location where the user and group mappings are stored by winbindd\&. If this file is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids\&.
.SH "CONFIGURATION"
.PP
Configuration of the \fBwinbindd\fR daemon
is done through configuration parameters in the \fIsmb.conf(5)
\fR file. All parameters should be specified in the
[global] section of smb.conf.
.TP 0.2i
Configuration of the \fBwinbindd\fR daemon is done through configuration parameters in the \fBsmb.conf\fR(5) file\&. All parameters should be specified in the [global] section of smb\&.conf\&.
.TP 3
\(bu
\fIwinbind separator\fR
.TP 0.2i
.TP
\(bu
\fIwinbind uid\fR
.TP 0.2i
.TP
\(bu
\fIwinbind gid\fR
.TP 0.2i
.TP
\(bu
\fIwinbind cache time\fR
.TP 0.2i
.TP
\(bu
\fIwinbind enum users\fR
.TP 0.2i
.TP
\(bu
\fIwinbind enum groups\fR
.TP 0.2i
.TP
\(bu
\fItemplate homedir\fR
.TP 0.2i
.TP
\(bu
\fItemplate shell\fR
.TP 0.2i
.TP
\(bu
\fIwinbind use default domain\fR
.SH "EXAMPLE SETUP"
.PP
To setup winbindd for user and group lookups plus
authentication from a domain controller use something like the
following setup. This was tested on a RedHat 6.2 Linux box.
.PP
In \fI/etc/nsswitch.conf\fR put the
following:
.PP
.LP
.SH "EXAMPLE SETUP"
.PP
To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\&. This was tested on a RedHat 6\&.2 Linux box\&.
.PP
In \fI/etc/nsswitch\&.conf\fR put the following:
.nf
passwd: files winbind
group: files winbind
.fi
.PP
In \fI/etc/pam.d/*\fR replace the
\fIauth\fR lines with something like this:
.PP
.PP
In \fI/etc/pam\&.d/*\fR replace the \fI auth\fR lines with something like this:
.nf
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
auth required /lib/security/pam_securetty\&.so
auth required /lib/security/pam_nologin\&.so
auth sufficient /lib/security/pam_winbind\&.so
auth required /lib/security/pam_pwdb\&.so use_first_pass shadow nullok
.fi
.PP
Note in particular the use of the \fIsufficient\fR
keyword and the \fIuse_first_pass\fR keyword.
.PP
Now replace the account lines with this:
.PP
\fBaccount required /lib/security/pam_winbind.so
\fR
.PP
The next step is to join the domain. To do that use the
\fBsmbpasswd\fR program like this:
.PP
\fBsmbpasswd -j DOMAIN -r PDC -U
Administrator\fR
.PP
The username after the \fI-U\fR can be any
Domain user that has administrator privileges on the machine.
Substitute your domain name for "DOMAIN" and the name of your PDC
for "PDC".
.PP
Next copy \fIlibnss_winbind.so\fR to
\fI/lib\fR and \fIpam_winbind.so\fR
to \fI/lib/security\fR. A symbolic link needs to be
made from \fI/lib/libnss_winbind.so\fR to
\fI/lib/libnss_winbind.so.2\fR. If you are using an
older version of glibc then the target of the link should be
\fI/lib/libnss_winbind.so.1\fR.
.PP
Finally, setup a \fIsmb.conf\fR containing directives like the
following:
.PP
.PP
Note in particular the use of the \fIsufficient \fR keyword and the \fIuse_first_pass\fR keyword\&.
.PP
Now replace the account lines with this:
.PP
\fBaccount required /lib/security/pam_winbind.so \fR
.PP
The next step is to join the domain\&. To do that use the\fBnet\fR program like this:
.PP
\fBnet join -S PDC -U Administrator\fR
.PP
The username after the \fI-U\fR can be any Domain user that has administrator privileges on the machine\&. Substitute the name or IP of your PDC for "PDC"\&.
.PP
Next copy \fIlibnss_winbind\&.so\fR to\fI/lib\fR and \fIpam_winbind\&.so \fR to \fI/lib/security\fR\&. A symbolic link needs to be made from \fI/lib/libnss_winbind\&.so\fR to\fI/lib/libnss_winbind\&.so\&.2\fR\&. If you are using an older version of glibc then the target of the link should be\fI/lib/libnss_winbind\&.so\&.1\fR\&.
.PP
Finally, setup a \fBsmb.conf\fR(5) containing directives like the following:
.nf
[global]
winbind separator = +
winbind cache time = 10
@ -247,105 +245,97 @@ following:
workgroup = DOMAIN
security = domain
password server = *
.fi
.PP
Now start winbindd and you should find that your user and
group database is expanded to include your NT users and groups,
and that you can login to your unix box as a domain user, using
the DOMAIN+user syntax for the username. You may wish to use the
commands \fBgetent passwd\fR and \fBgetent group
\fR to confirm the correct operation of winbindd.
.SH "NOTES"
.PP
The following notes are useful when configuring and
running \fBwinbindd\fR:
.PP
\fBnmbd\fR must be running on the local machine
for \fBwinbindd\fR to work. \fBwinbindd\fR
queries the list of trusted domains for the Windows NT server
on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between
servers, it must be sent a SIGHUP signal.
.PP
Client processes resolving names through the \fBwinbindd\fR
nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR. If this variable contains a comma separated
list of Windows NT domain names, then winbindd will only resolve users
and groups within those Windows NT domains.
.PP
PAM is really easy to misconfigure. Make sure you know what
you are doing when modifying PAM configuration files. It is possible
to set up PAM such that you can no longer log into your system.
.PP
If more than one UNIX machine is running \fBwinbindd\fR,
then in general the user and groups ids allocated by winbindd will not
be the same. The user and group ids will only be valid for the local
machine.
.PP
If the the Windows NT RID to UNIX user and group id mapping
file is damaged or destroyed then the mappings will be lost.
.SH "SIGNALS"
.PP
The following signals can be used to manipulate the
\fBwinbindd\fR daemon.
.TP
\fBSIGHUP\fR
Reload the \fIsmb.conf(5)\fR
file and apply any parameter changes to the running
version of winbindd. This signal also clears any cached
user and group information. The list of other domains trusted
by winbindd is also reloaded.
.TP
\fBSIGUSR1\fR
The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind
log file including information about the number of user and
group ids allocated by \fBwinbindd\fR.
Log files are stored in the filename specified by the
log file parameter.
.PP
Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username\&. You may wish to use the commands \fBgetent passwd\fR and \fBgetent group \fR to confirm the correct operation of winbindd\&.
.SH "NOTES"
.PP
The following notes are useful when configuring and running \fBwinbindd\fR:
.PP
\fBnmbd\fR(8) must be running on the local machine for \fBwinbindd\fR to work\&. \fBwinbindd\fR queries the list of trusted domains for the Windows NT server on startup and when a SIGHUP is received\&. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between servers, it must be sent a SIGHUP signal\&.
.PP
PAM is really easy to misconfigure\&. Make sure you know what you are doing when modifying PAM configuration files\&. It is possible to set up PAM such that you can no longer log into your system\&.
.PP
If more than one UNIX machine is running \fBwinbindd\fR, then in general the user and groups ids allocated by winbindd will not be the same\&. The user and group ids will only be valid for the local machine\&.
.PP
If the the Windows NT RID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\&.
.SH "SIGNALS"
.PP
The following signals can be used to manipulate the\fBwinbindd\fR daemon\&.
.TP
SIGHUP
Reload the \fBsmb.conf\fR(5) file and apply any parameter changes to the running version of winbindd\&. This signal also clears any cached user and group information\&. The list of other domains trusted by winbindd is also reloaded\&.
.TP
SIGUSR1
The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind log file including information about the number of user and group ids allocated by \fBwinbindd\fR\&.
Log files are stored in the filename specified by the log file parameter\&.
.SH "FILES"
.TP
\fB\fI/etc/nsswitch.conf(5)\fB\fR
Name service switch configuration file.
\fI/etc/nsswitch\&.conf(5)\fR
Name service switch configuration file\&.
.TP
\fB/tmp/.winbindd/pipe\fR
The UNIX pipe over which clients communicate with
the \fBwinbindd\fR program. For security reasons, the
winbind client will only attempt to connect to the winbindd daemon
if both the \fI/tmp/.winbindd\fR directory
and \fI/tmp/.winbindd/pipe\fR file are owned by
root.
/tmp/\&.winbindd/pipe
The UNIX pipe over which clients communicate with the \fBwinbindd\fR program\&. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the \fI/tmp/\&.winbindd\fR directory and \fI/tmp/\&.winbindd/pipe\fR file are owned by root\&.
.TP
\fB/lib/libnss_winbind.so.X\fR
Implementation of name service switch library.
$LOCKDIR/winbindd_privilaged/pipe
The UNIX pipe over which 'privilaged' clients communicate with the \fBwinbindd\fR program\&. For security reasons, access to some winbindd functions - like those needed by the \fBntlm_auth\fR utility - is restricted\&. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privilaged to allow programs like 'squid' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the \fI$LOCKDIR/winbindd_privilaged\fR directory and \fI$LOCKDIR/winbindd_privilaged/pipe\fR file are owned by root\&.
.TP
\fB$LOCKDIR/winbindd_idmap.tdb\fR
Storage for the Windows NT rid to UNIX user/group
id mapping. The lock directory is specified when Samba is initially
compiled using the \fI--with-lockdir\fR option.
This directory is by default \fI/usr/local/samba/var/locks
\fR.
/lib/libnss_winbind\&.so\&.X
Implementation of name service switch library\&.
.TP
\fB$LOCKDIR/winbindd_cache.tdb\fR
Storage for cached user and group information.
$LOCKDIR/winbindd_idmap\&.tdb
Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock directory is specified when Samba is initially compiled using the \fI--with-lockdir\fR option\&. This directory is by default \fI/usr/local/samba/var/locks \fR\&.
.TP
$LOCKDIR/winbindd_cache\&.tdb
Storage for cached user and group information\&.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of
the Samba suite.
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fInsswitch.conf(5)\fR,
samba(7)
wbinfo(1)
smb.conf(5)
\fInsswitch\&.conf(5)\fR, \fBSamba\fR(7), \fBwbinfo\fR(8), \fBsmb.conf\fR(5)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
\fBwbinfo\fR and \fBwinbindd\fR
were written by Tim Potter.
\fBwbinfo\fR and \fBwinbindd\fR were written by Tim Potter\&.
.PP
The conversion to DocBook for Samba 2.2 was done
by Gerald Carter
The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.