mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
6f96bb40e7
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
918 lines
24 KiB
Plaintext
918 lines
24 KiB
Plaintext
<!--
|
|
vim:ft=dtd
|
|
-->
|
|
|
|
<!-- Email Address' -->
|
|
<!ENTITY email.dbannon 'D.Bannon@latrobe.edu.au'>
|
|
<!ENTITY email.jerry 'jerry@samba.org'>
|
|
<!ENTITY email.patches 'samba-patches@samba.org'>
|
|
<!ENTITY email.jelmer 'jelmer@samba.org'>
|
|
<!ENTITY email.jht 'jht@samba.org'>
|
|
<!ENTITY email.ghenry 'ghenry@suretecsystems.com'>
|
|
<!ENTITY email.asn 'asn@samba.org'>
|
|
|
|
<!-- Author entities -->
|
|
<!ENTITY person.asn '
|
|
<firstname>Andreas</firstname><surname>Schneider</surname>
|
|
<affiliation>
|
|
<orgname>The Samba Team</orgname>
|
|
<address><email>asn@samba.org</email></address>
|
|
</affiliation>'>
|
|
|
|
<!ENTITY author.asn '<author>&person.asn;</author>'>
|
|
|
|
<!ENTITY person.jelmer '
|
|
<firstname>Jelmer</firstname><othername>R.</othername><surname>Vernooij</surname><othername>R.</othername>
|
|
<affiliation>
|
|
<orgname>The Samba Team</orgname>
|
|
<address><email>jelmer@samba.org</email></address>
|
|
</affiliation>'>
|
|
|
|
<!ENTITY author.jelmer '<author>&person.jelmer;</author>'>
|
|
|
|
<!ENTITY person.jerry '
|
|
<firstname>Gerald</firstname><surname>Carter</surname><othername>(Jerry)</othername>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>jerry@samba.org</email></address>
|
|
</affiliation>'>
|
|
|
|
<!ENTITY author.jerry '<author>&person.jerry;</author>'>
|
|
|
|
<!ENTITY author.jeremy '
|
|
<author>
|
|
<firstname>Jeremy</firstname><surname>Allison</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>jra@samba.org</email></address>
|
|
</affiliation>
|
|
</author>'>
|
|
|
|
<!ENTITY person.jht '
|
|
<firstname>John</firstname><surname>Terpstra</surname><othername>H.</othername>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>jht@samba.org</email></address>
|
|
</affiliation>'>
|
|
|
|
<!ENTITY author.jht '<author>&person.jht;</author>'>
|
|
|
|
<!ENTITY person.gd '
|
|
<firstname>Guenther</firstname><surname>Deschner</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>gd@samba.org</email></address>
|
|
</affiliation>'>
|
|
|
|
<!ENTITY author.gd '<author>&person.gd;</author>'>
|
|
|
|
<!ENTITY person.kauer '
|
|
<firstname>Karl</firstname><surname>Auer</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>kauer@biplane.com.au</email></address>
|
|
</affiliation>
|
|
'>
|
|
|
|
<!ENTITY author.kauer '<author>&person.kauer;</author>'>
|
|
|
|
<!ENTITY person.danshearer '
|
|
<firstname>Dan</firstname><surname>Shearer</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>dan@samba.org</email></address>
|
|
</affiliation>
|
|
'>
|
|
|
|
<!ENTITY author.danshearer '<author>&person.danshearer;</author>'>
|
|
|
|
<!ENTITY person.tpot '
|
|
<firstname>Tim</firstname><surname>Potter</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>tpot@samba.org</email></address>
|
|
</affiliation>
|
|
'>
|
|
|
|
<!ENTITY author.tpot '<author>&person.tpot;</author>'>
|
|
|
|
<!ENTITY author.tridge '
|
|
<author>
|
|
<firstname>Andrew</firstname><surname>Tridgell</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>tridge@samba.org</email></address>
|
|
</affiliation>
|
|
</author>'>
|
|
|
|
<!ENTITY person.jmcd '
|
|
<firstname>Jim</firstname><surname>McDonough</surname>
|
|
<affiliation>
|
|
<orgname>IBM</orgname>
|
|
<address><email>jmcd@us.ibm.com</email></address>
|
|
</affiliation>'>
|
|
|
|
<!ENTITY author.jmcd '<author>&person.jmcd;</author>'>
|
|
|
|
<!ENTITY person.vl '
|
|
<firstname>Volker</firstname><surname>Lendecke</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>Volker.Lendecke@SerNet.DE</email></address>
|
|
</affiliation>'>
|
|
|
|
<!ENTITY author.vl '<author>&person.vl;</author>'>
|
|
|
|
<!ENTITY author.dbannon '
|
|
<author>
|
|
<firstname>David</firstname><surname>Bannon</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>dbannon@samba.org</email></address>
|
|
</affiliation>
|
|
</author>'>
|
|
|
|
<!ENTITY author.mimir '
|
|
<author>
|
|
<firstname>Rafal</firstname><surname>Szczesniak</surname>
|
|
<affiliation>
|
|
<orgname>Samba Team</orgname>
|
|
<address><email>mimir@samba.org</email></address>
|
|
</affiliation>
|
|
</author>'>
|
|
|
|
<!ENTITY author.dlechnyr '
|
|
<author>
|
|
<firstname>David</firstname><surname>Lechnyr</surname>
|
|
<affiliation>
|
|
<orgname>Unofficial HOWTO</orgname>
|
|
<address><email>david@lechnyr.com</email></address>
|
|
</affiliation>
|
|
</author>'>
|
|
|
|
<!ENTITY author.eroseme '
|
|
<author>
|
|
<firstname>Eric</firstname><surname>Roseme</surname>
|
|
<affiliation>
|
|
<orgname>HP Oplocks Usage Recommendations Whitepaper</orgname>
|
|
<address><email>eric.roseme@hp.com</email></address>
|
|
</affiliation>
|
|
</author>'>
|
|
|
|
<!ENTITY author.ghenry '
|
|
<author>
|
|
<firstname>Gavin</firstname><surname>Henry</surname>
|
|
<affiliation>
|
|
<orgname>Suretec Systems Limited, UK</orgname>
|
|
<address><email>ghenry@suretecsystems.com</email></address>
|
|
</affiliation>
|
|
</author>'>
|
|
|
|
<!ENTITY cmdline.common.debug.client '
|
|
<varlistentry>
|
|
<term>-d|--debuglevel=DEBUGLEVEL</term>
|
|
<listitem>
|
|
<para>
|
|
<replaceable>level</replaceable> is an integer from 0
|
|
to 10. The default value if this parameter is not
|
|
specified is 1 for client applications.
|
|
</para>
|
|
|
|
<para>
|
|
The higher this value, the more detail will be logged
|
|
to the log files about the activities of the server. At
|
|
level 0, only critical errors and serious warnings will
|
|
be logged. Level 1 is a reasonable level for day-to-day
|
|
running - it generates a small amount of information
|
|
about operations carried out.
|
|
</para>
|
|
|
|
<para>
|
|
Levels above 1 will generate considerable amounts of
|
|
log data, and should only be used when investigating a
|
|
problem. Levels above 3 are designed for use only by
|
|
developers and generate HUGE amounts of log data, most
|
|
of which is extremely cryptic.
|
|
</para>
|
|
|
|
<para>
|
|
Note that specifying this parameter here will override
|
|
the <smbconfoption name="log level" /> parameter in the
|
|
&smb.conf; file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>--debug-stdout</term>
|
|
<listitem>
|
|
<para>
|
|
This will redirect debug output to STDOUT. By default
|
|
all clients are logging to STDERR.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.debug.server '
|
|
<varlistentry>
|
|
<term>-d|--debuglevel=DEBUGLEVEL</term>
|
|
|
|
<listitem>
|
|
<para>
|
|
<replaceable>level</replaceable> is an integer from 0
|
|
to 10. The default value if this parameter is not
|
|
specified is 0.
|
|
</para>
|
|
|
|
<para>
|
|
The higher this value, the more detail will be logged
|
|
to the log files about the activities of the server. At
|
|
level 0, only critical errors and serious warnings will
|
|
be logged. Level 1 is a reasonable level for day-to-day
|
|
running - it generates a small amount of information
|
|
about operations carried out.
|
|
</para>
|
|
|
|
<para>
|
|
Levels above 1 will generate considerable amounts of
|
|
log data, and should only be used when investigating a
|
|
problem. Levels above 3 are designed for use only by
|
|
developers and generate HUGE amounts of log data, most
|
|
of which is extremely cryptic.
|
|
</para>
|
|
|
|
<para>
|
|
Note that specifying this parameter here will override
|
|
the <smbconfoption name="log level" /> parameter in the
|
|
&smb.conf; file.
|
|
</para>
|
|
</listitem>
|
|
|
|
<term>--debug-stdout</term>
|
|
<listitem>
|
|
<para>
|
|
This will redirect debug output to STDOUT. By default
|
|
server daemons are logging to a log file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.option '
|
|
<varlistentry>
|
|
<term>--option=<name>=<value></term>
|
|
<listitem>
|
|
<para>
|
|
Set the
|
|
<citerefentry><refentrytitle>smb.conf</refentrytitle>
|
|
<manvolnum>5</manvolnum></citerefentry> option
|
|
"<name>" to value "<value>" from the
|
|
command line. This overrides compiled-in defaults and
|
|
options read from the configuration file. If a name or
|
|
a value includes a space, wrap whole
|
|
--option=name=value into quotes.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.config.client '
|
|
<varlistentry>
|
|
<term>--configfile=<configuration file></term>
|
|
<listitem>
|
|
<para>
|
|
The file specified contains the configuration details
|
|
required by the client. The information in this file
|
|
can be general for client and server or only provide
|
|
client specific like options such as
|
|
<smbconfoption name="client smb encrypt" />. See
|
|
&smb.conf; for more information. The default
|
|
configuration file name is determined at compile time.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.config.server '
|
|
<varlistentry>
|
|
<term>--configfile=CONFIGFILE</term>
|
|
<listitem>
|
|
<para>
|
|
The file specified contains the configuration details
|
|
required by the server. The information in this file
|
|
includes server-specific information such as what
|
|
printcap file to use, as well as descriptions of all
|
|
the services that the server is to provide. See
|
|
&smb.conf; for more information. The default
|
|
configuration file name is determined at compile
|
|
time.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.version '
|
|
<varlistentry>
|
|
<term>-V|--version</term>
|
|
<listitem>
|
|
<para>
|
|
Prints the program version number.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.samba.logbasename '
|
|
<varlistentry>
|
|
<term>-l|--log-basename=logdirectory</term>
|
|
<listitem>
|
|
<para>
|
|
Base directory name for log/debug files. The extension
|
|
<constant>".progname"</constant> will be appended (e.g.
|
|
log.smbclient, log.smbd, etc...). The log file is never
|
|
removed by the client.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.samba.leakreport '
|
|
<varlistentry>
|
|
<term>--leak-report</term>
|
|
<listitem>
|
|
<para>
|
|
Enable talloc leak reporting on exit.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.samba.leakreportfull '
|
|
<varlistentry>
|
|
<term>--leak-report-full</term>
|
|
<listitem>
|
|
<para>
|
|
Enable full talloc leak reporting on exit.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.samba.client '
|
|
&cmdline.common.debug.client;
|
|
&cmdline.common.config.client;
|
|
&cmdline.common.option;
|
|
&cmdline.common.samba.logbasename;
|
|
&cmdline.common.samba.leakreport;
|
|
&cmdline.common.samba.leakreportfull;
|
|
&cmdline.version;
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.samba.server '
|
|
&cmdline.common.debug.server;
|
|
&cmdline.common.config.server;
|
|
&cmdline.common.option;
|
|
&cmdline.common.samba.logbasename;
|
|
&cmdline.common.samba.leakreport;
|
|
&cmdline.common.samba.leakreportfull;
|
|
&cmdline.version;
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.connection.nameresolve '
|
|
<varlistentry>
|
|
<term>-R|--name-resolve=NAME-RESOLVE-ORDER</term>
|
|
<listitem>
|
|
<para>
|
|
This option is used to determine what naming services
|
|
and in what order to resolve host names to IP
|
|
addresses. The option takes a space-separated string of
|
|
different name resolution options. The best ist to wrap
|
|
the whole --name-resolve=NAME-RESOLVE-ORDER into
|
|
quotes.
|
|
</para>
|
|
|
|
<para>
|
|
The options are: "lmhosts", "host", "wins" and "bcast".
|
|
They cause names to be resolved as follows:
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<constant>lmhosts</constant>: Lookup an
|
|
IP address in the Samba lmhosts file.
|
|
If the line in lmhosts has no name type
|
|
attached to the NetBIOS name (see the
|
|
<citerefentry><refentrytitle>lmhosts</refentrytitle>
|
|
<manvolnum>5</manvolnum></citerefentry>
|
|
for details) then any name type matches
|
|
for lookup.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
<constant>host</constant>: Do a
|
|
standard host name to IP address
|
|
resolution, using the system
|
|
<filename>/etc/hosts</filename>, NIS,
|
|
or DNS lookups. This method of name
|
|
resolution is operating system
|
|
dependent, for instance on IRIX or
|
|
Solaris this may be controlled by the
|
|
<filename>/etc/nsswitch.conf
|
|
</filename> file). Note that this
|
|
method is only used if the NetBIOS name
|
|
type being queried is the 0x20 (server)
|
|
name type, otherwise it is ignored.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
<constant>wins</constant>: Query a name
|
|
with the IP address listed in the
|
|
<parameter>wins server</parameter>
|
|
parameter. If no WINS server has been
|
|
specified this method will be ignored.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
<constant>bcast</constant>: Do a
|
|
broadcast on each of the known local
|
|
interfaces listed in the
|
|
<parameter>interfaces</parameter>
|
|
parameter. This is the least reliable
|
|
of the name resolution methods as it
|
|
depends on the target host being on a
|
|
locally connected subnet.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<para>
|
|
If this parameter is not set then the name resolve
|
|
order defined in the &smb.conf; file parameter
|
|
(<smbconfoption name="name resolve order" />) will be
|
|
used.
|
|
</para>
|
|
|
|
<para>
|
|
The default order is lmhosts, host, wins, bcast.
|
|
Without this parameter or any entry in the
|
|
<smbconfoption name="name resolve order" /> parameter
|
|
of the &smb.conf; file, the name resolution methods
|
|
will be attempted in this order.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.connection.socketoptions '
|
|
<varlistentry>
|
|
<term>-O|--socket-options=SOCKETOPTIONS</term>
|
|
<listitem>
|
|
<para>
|
|
TCP socket options to set on the client socket. See the
|
|
socket options parameter in the &smb.conf; manual page
|
|
for the list of valid options.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.connection.netbiosname '
|
|
<varlistentry>
|
|
<term>-n|--netbiosname=NETBIOSNAME</term>
|
|
<listitem>
|
|
<para>
|
|
This option allows you to override the NetBIOS name
|
|
that Samba uses for itself. This is identical to
|
|
setting the <smbconfoption name="netbios name" />
|
|
parameter in the &smb.conf; file. However, a command
|
|
line setting will take precedence over settings in
|
|
&smb.conf;.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.connection.workgroup '
|
|
<varlistentry>
|
|
<term>-W|--workgroup=WORKGROUP</term>
|
|
<listitem>
|
|
<para>
|
|
Set the SMB domain of the username. This overrides
|
|
the default domain which is the domain defined in
|
|
smb.conf. If the domain specified is the same as the
|
|
servers NetBIOS name, it causes the client to log on
|
|
using the servers local SAM (as opposed to the Domain
|
|
SAM).
|
|
</para>
|
|
|
|
<para>
|
|
Note that specifying this parameter here will override
|
|
the <smbconfoption name="workgroup" /> parameter in the
|
|
&smb.conf; file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.connection.realm '
|
|
<varlistentry>
|
|
<term>-r|--realm=REALM</term>
|
|
<listitem>
|
|
<para>
|
|
Set the realm for the domain.
|
|
</para>
|
|
|
|
<para>
|
|
Note that specifying this parameter here will override
|
|
the <smbconfoption name="realm" /> parameter in the
|
|
&smb.conf; file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>'>
|
|
|
|
<!ENTITY cmdline.common.connection.netbiosscope '
|
|
<varlistentry>
|
|
<term>--netbios-scope=SCOPE</term>
|
|
<listitem>
|
|
<para>
|
|
This specifies a NetBIOS scope that
|
|
<command>nmblookup</command> will use to communicate
|
|
with when generating NetBIOS names. For details on the
|
|
use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt.
|
|
NetBIOS scopes are <emphasis>very</emphasis> rarely
|
|
used, only set this parameter if you are the system
|
|
administrator in charge of all the NetBIOS systems you
|
|
communicate with.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.connection.max-protocol '
|
|
<varlistentry>
|
|
<term>-m|--max-protocol=MAXPROTOCOL</term>
|
|
<listitem>
|
|
<para>
|
|
The value of the parameter (a string) is the highest
|
|
protocol level that will be supported by the client.
|
|
</para>
|
|
|
|
<para>
|
|
Note that specifying this parameter here will override
|
|
the <smbconfoption name="client max protocol" />
|
|
parameter in the &smb.conf; file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.connection '
|
|
&cmdline.common.connection.nameresolve;
|
|
&cmdline.common.connection.socketoptions;
|
|
&cmdline.common.connection.max-protocol;
|
|
&cmdline.common.connection.netbiosname;
|
|
&cmdline.common.connection.netbiosscope;
|
|
&cmdline.common.connection.workgroup;
|
|
&cmdline.common.connection.realm;
|
|
'>
|
|
|
|
<!ENTITY pct "%">
|
|
|
|
<!ENTITY cmdline.common.credentials.user '
|
|
<varlistentry>
|
|
<term>-U|--user=[DOMAIN\]USERNAME[&pct;PASSWORD]</term>
|
|
<listitem>
|
|
<para>
|
|
Sets the SMB username or username and password.
|
|
</para>
|
|
|
|
<para>
|
|
If &pct;PASSWORD is not specified, the user will be
|
|
prompted. The client will first check the
|
|
<envar>USER</envar> environment variable
|
|
(which is also permitted to also contain the
|
|
password separated by a &pct;), then the
|
|
<envar>LOGNAME</envar> variable (which is not
|
|
permitted to contain a password) and if either exists,
|
|
the value is used. If these environmental
|
|
variables are not found, the username
|
|
found in a Kerberos Credentials cache may be used.
|
|
</para>
|
|
|
|
<para>
|
|
A third option is to use a credentials file which
|
|
contains the plaintext of the username and password.
|
|
This option is mainly provided for scripts where the
|
|
admin does not wish to pass the credentials on the
|
|
command line or via environment variables. If this
|
|
method is used, make certain that the permissions on
|
|
the file restrict access from unwanted users. See the
|
|
<parameter>-A</parameter> for more details.
|
|
</para>
|
|
|
|
<para>
|
|
Be cautious about including passwords in scripts
|
|
or passing user-supplied values onto the command line. For
|
|
security it is better to let the Samba client tool ask for the
|
|
password if needed, or obtain the password once with <command>kinit</command>.
|
|
</para>
|
|
<para>
|
|
While Samba will attempt to scrub the password
|
|
from the process title (as seen in ps), this
|
|
is after startup and so is subject to a race.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.nopass '
|
|
<varlistentry>
|
|
<term>-N|--no-pass</term>
|
|
<listitem>
|
|
<para>
|
|
If specified, this parameter suppresses the normal
|
|
password prompt from the client to the user. This is
|
|
useful when accessing a service that does not require a
|
|
password.
|
|
</para>
|
|
|
|
<para>
|
|
Unless a password is specified on the command line or
|
|
this parameter is specified, the client will request a
|
|
password.
|
|
</para>
|
|
|
|
<para>
|
|
If a password is specified on the command line and this
|
|
option is also defined the password on the command line
|
|
will be silently ignored and no password will be
|
|
used.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.password '
|
|
<varlistentry>
|
|
<term>--password</term>
|
|
<listitem>
|
|
<para>
|
|
Specify the password on the commandline.
|
|
</para>
|
|
|
|
<para> Be cautious about including passwords in
|
|
scripts or passing user-supplied values onto
|
|
the command line. For security it is better to
|
|
let the Samba client tool ask for the password
|
|
if needed, or obtain the password once with
|
|
<command>kinit</command>.
|
|
</para>
|
|
|
|
<para> If --password is not specified,
|
|
the tool will check the <envar>PASSWD</envar>
|
|
environment variable, followed by <envar>PASSWD_FD</envar>
|
|
which is expected to contain an open
|
|
file descriptor (FD) number.
|
|
</para>
|
|
<para>
|
|
Finally it will check <envar>PASSWD_FILE</envar> (containing
|
|
a file path to be opened). The file should only
|
|
contain the password. Make certain that the
|
|
permissions on the file restrict
|
|
access from unwanted users!
|
|
</para>
|
|
<para>
|
|
While Samba will attempt to scrub the password
|
|
from the process title (as seen in ps), this
|
|
is after startup and so is subject to a race.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.pwnthash '
|
|
<varlistentry>
|
|
<term>--pw-nt-hash</term>
|
|
<listitem>
|
|
<para>
|
|
The supplied password is the NT hash.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.authenticationfile '
|
|
<varlistentry>
|
|
<term>-A|--authentication-file=filename</term>
|
|
<listitem>
|
|
<para>
|
|
This option allows you to specify a file from which to
|
|
read the username and password used in the connection.
|
|
The format of the file is:
|
|
</para>
|
|
|
|
<para>
|
|
<programlisting>
|
|
username = <value>
|
|
password = <value>
|
|
domain = <value>
|
|
</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
Make certain that the permissions on the file restrict
|
|
access from unwanted users!
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.machinepass '
|
|
<varlistentry>
|
|
<term>-P|--machine-pass</term>
|
|
<listitem>
|
|
<para>
|
|
Use stored machine account password.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.simplebinddn '
|
|
<varlistentry>
|
|
<term>--simple-bind-dn=DN</term>
|
|
<listitem>
|
|
<para>
|
|
DN to use for a simple bind.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.usekerberos '
|
|
<varlistentry>
|
|
<term>--use-kerberos=desired|required|off</term>
|
|
<listitem>
|
|
<para>
|
|
This parameter determines whether Samba client tools
|
|
will try to authenticate using Kerberos. For Kerberos
|
|
authentication you need to use dns names instead of IP
|
|
addresses when connecting to a service.
|
|
</para>
|
|
|
|
<para>
|
|
Note that specifying this parameter here will override
|
|
the <smbconfoption name="client use kerberos" />
|
|
parameter in the &smb.conf; file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.usekrb5ccache '
|
|
<varlistentry>
|
|
<term>--use-krb5-ccache=CCACHE</term>
|
|
<listitem>
|
|
<para>
|
|
Specifies the credential cache location for Kerberos
|
|
authentication.
|
|
</para>
|
|
|
|
<para>
|
|
This will set --use-kerberos=required too.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.usewinbindccache '
|
|
<varlistentry>
|
|
<term>--use-winbind-ccache</term>
|
|
<listitem>
|
|
<para>
|
|
Try to use the credential cache by winbind.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials.clientprotection '
|
|
<varlistentry>
|
|
<term>--client-protection=sign|encrypt|off</term>
|
|
<listitem>
|
|
<para>
|
|
Sets the connection protection the client tool should
|
|
use.
|
|
</para>
|
|
|
|
<para>
|
|
Note that specifying this parameter here will override
|
|
the <smbconfoption name="client protection" />
|
|
parameter in the &smb.conf; file.
|
|
</para>
|
|
|
|
<para>
|
|
In case you need more fine grained control you can use:
|
|
<command>--option=clientsmbencrypt=OPTION</command>,
|
|
<command>--option=clientipcsigning=OPTION</command>,
|
|
<command>--option=clientsigning=OPTION</command>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.common.credentials '
|
|
&cmdline.common.credentials.user;
|
|
&cmdline.common.credentials.nopass;
|
|
&cmdline.common.credentials.password;
|
|
&cmdline.common.credentials.pwnthash;
|
|
&cmdline.common.credentials.authenticationfile;
|
|
&cmdline.common.credentials.machinepass;
|
|
&cmdline.common.credentials.simplebinddn;
|
|
&cmdline.common.credentials.usekerberos;
|
|
&cmdline.common.credentials.usekrb5ccache;
|
|
&cmdline.common.credentials.usewinbindccache;
|
|
&cmdline.common.credentials.clientprotection;
|
|
'>
|
|
|
|
<!ENTITY cmdline.legacy.kerberos.s3 '
|
|
<varlistentry>
|
|
<term>-k|--kerberos</term>
|
|
<listitem>
|
|
<para>
|
|
Use kerberos authentication. This option is deprecated.
|
|
Migrate to --use-kerberos!
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY cmdline.legacy.kerberos.s4 '
|
|
<varlistentry>
|
|
<term>-k|--kerberos=yes|no</term>
|
|
<listitem>
|
|
<para>
|
|
Wether to use kerberos authentication. This option is
|
|
deprecated. Migrate to --use-kerberos!
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
|
|
|
|
|
|
<!ENTITY stdarg.help '
|
|
<varlistentry>
|
|
<term>-?|--help</term>
|
|
<listitem><para>Print a summary of command line options.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY stdarg.usage '
|
|
<varlistentry>
|
|
<term>--usage</term>
|
|
<listitem><para>Display brief usage message.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
'>
|
|
|
|
<!ENTITY popt.autohelp '
|
|
&stdarg.help;
|
|
&stdarg.usage;
|
|
'>
|
|
|
|
<!-- Entities for the various programs -->
|
|
<!ENTITY OL '<application>OpenLDAP</application>'>
|
|
<!ENTITY smbd '<application>smbd</application>'>
|
|
<!ENTITY nmbd '<application>nmbd</application>'>
|
|
<!ENTITY testparm '<application>testparm</application>'>
|
|
<!ENTITY smb.conf '<filename>&pathconfig.CONFIGFILE;</filename>'>
|
|
<!ENTITY smbclient '<application>smbclient</application>'>
|
|
<!ENTITY winbindd '<application>winbindd</application>'>
|
|
<!ENTITY net '<application>net</application>'>
|
|
|
|
<!ENTITY not.implemented "<note><para>Currently NOT implemented.</para></note>">
|
|
<!ENTITY rootprompt "<prompt>root# </prompt>">
|
|
<!ENTITY prompt "<prompt>$ </prompt>">
|
|
<!ENTITY dosprompt "<prompt>C:\> </prompt>">
|
|
|
|
<!ENTITY example.workgroup "MIDEARTH">
|
|
<!ENTITY example.server.samba "GANDALF">
|
|
<!ENTITY example.server.windows "SARUMAN">
|
|
<!ENTITY example.workstation.windows "FRODO">
|
|
<!ENTITY example.workstation.samba "BILBO">
|
|
<!ENTITY example.pdc.samba "SAURON">
|
|
<!ENTITY example.server.wins "noldor">
|
|
|
|
<!ENTITY smbmdash "<?latex --- ?>">
|