+
+This appendix is a reference listing of command-line options and +other information to help you use the programs that come with the +Samba distribution.
+ + + +The following sections provide information about the command-line +parameters for smbd, nmbd, +and winbindd.
+ +| smbd |
The smbd program provides +Samba's file and printer services, using one TCP/IP +stream and one daemon per client. It is controlled from +/usr/local/samba/lib/smb.conf, the default +configuration file, which can be overridden by command-line options.
The configuration file is automatically reevaluated every minute. If +it has changed, most new options are immediately effective. You can +force Samba to reload the configuration file immediately by sending a +SIGHUP signal to smbd. Reloading the +configuration file does not affect any clients that are already +connected. To escape this condition, a client would need to +disconnect and reconnect, or the server itself would have to be +restarted, forcing all clients to reconnect.
+To shut down an smbd process, send it the +termination signal SIGTERM (15), which allows it to die gracefully, +instead of a SIGKILL (9). With Samba versions prior to 2.2, the +debugging level could be raised or lowered using SIGUSR1 or SIGUSR2. +This is no longer supported. Use smbcontrol +instead.
+ +Causes each new connection to the Samba server to append all logging +messages to the log file. This option is the opposite of +-o and is the default.
+Runs the smbd program as a daemon. This is the +recommended way to use smbd. It is also the +default action when smbd is run from an +interactive command line. In addition, smbd can +be run from inetd.
+Sets the debug (sometimes called logging) level. The level can range +from 0 to 10. Specifying the value on the command line overrides the +value specified in the smb.conf file. Debug +level 0 logs only the most important messages; level 1 is normal; +levels 3 and above are primarily for debugging and slow +smbd considerably.
+Prints usage information for the smbd command.
+Runs smbd interactively, rather than as a +daemon. This option is used to override the default daemon mode when +smbd is run from the command line.
+Sends the log messages to somewhere other than the location compiled +into the executable or specified in the smb.conf +file. The default is often +/usr/local/samba/var/, +/usr/samba/var/, or +/var/log/. The log file is placed in the +specified directory and named log.smbd. If the +directory does not exist, Samba's compiled-in +default will be used.
+Sets the TCP/IP socket options, using the same parameters as the +socket options configuration option. Often used +for performance tuning and testing.
+Causes log files to be overwritten when opened (the opposite of +-a). Using this option saves you from hunting for +the right log entries if you are performing a series of tests and +inspecting the log file each time.
+Sets the TCP/IP port number from which the server will accept +requests. All Microsoft clients send to the default port of 139, +except for Windows 2000/XP, which can use port 445 for SMB +networking, without the NetBIOS protocol layer.
+Causes smbd to run in +"passive" mode, in which it just +listens, and does not transmit any network traffic. This is useful +only for debugging by developers.
+Specifies the location of the Samba configuration file. Although the +file defaults to /usr/local/samba/lib/smb.conf, +you can override it on the command line. Typically used for +debugging.
+Prints the current version of Samba.
+| nmbd |
The nmbd program is Samba's +NetBIOS name service and browsing daemon. It replies to NetBIOS over +TCP/IP (also called NetBT or NBT) name-service requests broadcast +from SMB clients, and optionally to Microsoft's +Windows Internet Name Service (WINS) requests. Both are versions of +the name-to-address lookup required by SMB clients. The broadcast +version uses UDP broadcast on the local subnet only, while WINS uses +TCP, which can be routed. If running as a WINS server, +nmbd keeps a current name and address database +in the file /usr/local/samba/var/locks/wins.dat.
An active nmbd daemon also responds to browsing +protocol requests used by the Windows Network Neighborhood. This +protocol provides a dynamic directory of servers, as well as the +disks and printers that the servers are providing. As with WINS, this +was initially done by making UDP broadcasts on the local subnet. With +the addition of the local master browser to the network architecture, +it is done by making TCP connections to a server. If +nmbd is acting as a local master browser, it +stores the browsing database in the file +/usr/local/samba/var/locks/browse.dat.
Some clients (especially older ones) cannot use the WINS protocol. To +support these clients, nmbd can act as a WINS +proxy, accepting broadcast requests from the non-WINS clients, +contacting a WINS server on their behalf, and returning the WINS +server's response to them.
+Like smbd, the nmbd program +responds to several Unix signals. Sending nmbd a +SIGHUP signal causes it to dump the names it knows about to the +/usr/local/samba/var/locks/namelist.debug file. +To shut down an nmbd process and allow it to die +gracefully, send it a SIGTERM (15) signal, rather than a SIGKILL (9). +With Samba versions prior to 2.2, the debugging level could be raised +or lowered using SIGUSR1 or SIGUSR2. This is no longer supported. Use +smbcontrol instead.
+ +Causes each new connection to the Samba server to append all logging +messages to the log file. This option is the opposite of +-o and is the default.
+Sets the debug (sometimes called logging) level. The level can range +from 0 to 10. Specifying the value on the command line overrides the +value specified in the smb.conf file. Debug +level 0 logs only the most important messages; level 1 is normal; +levels 3 and above are primarily for debugging and slow +nmbd considerably.
+Instructs the nmbd program to run as a daemon. +This is the recommended way to use nmbd and is +the default when nmbd is run from an interactive +shell. In addition, nmbd can be run from +inetd.
+Prints usage information for the nmbd command.
+Specifies the location of the lmhosts file for +name resolution. This file is used only to resolve names for the +local server, and not to answer queries from remote systems. The +compiled-in default is commonly +/usr/local/samba/lib/lmhosts, +/usr/samba/lib/lmhosts, or +/etc/lmhosts.
+Runs nmbd interactively, rather than as a +daemon. This option is used to override the default daemon mode when +nmbd is run from the command line.
+Sends the log messages to somewhere other than the location compiled +into the executable or specified in the smb.conf +file. The default is often +/usr/local/samba/var/log.nmbd, +/usr/samba/var/log.nmbd, or /var/log +/log.nmbd.
+Allows you to override the NetBIOS name by which the daemon +advertises itself. Specifying this option on the command line +overrides the netbios name option in the Samba +configuration file.
+Sets the TCP/IP socket options, using the same parameters as the +socket options configuration option. Often used +for performance tuning and testing.
+Causes log files to be overwritten when opened (the opposite of +-a). This option saves you from hunting for the +right log entries if you are performing a series of tests and +inspecting the log file each time.
+Sets the UDP port number from which the server accepts requests. +Currently, all Microsoft clients use only the default port, 137.
+Specifies the location of the Samba configuration file. Although the +file defaults to /usr/local/samba/lib/smb.conf, +you can override it here on the command line. Typically used for +debugging.
+Prints the current version of Samba.
+| winbindd |
The winbindd daemon is part of the winbind +service and is used to allow Unix systems to obtain user and group +information from a Windows NT/2000 server. Winbind maps Windows +relative IDs (RIDs) to Unix UIDs and GIDs and allows accounts stored +on the Windows server to be used for Unix authentication. Its purpose +is to ease integration of Microsoft and Unix networks when a +preexisting Windows domain controller is set up to handle user and +computer accounts.
The daemon is accessed by users via the name service switch and PAM. +The name service switch calls a library +(/lib/libnss_winbind.so), which calls the +daemon, which in turn calls the Windows NT/2000 server using +Microsoft RPC. The PAM module for winbind can call the daemon +similarly, allowing users whose accounts are stored on the Windows +server to log in to the Unix system and run an interactive shell, +FTP, or any other program that authenticates users through PAM.
The winbind subsystem is currently available only for the Linux +operating system and a few other systems that use shared libraries, +nsswitch and PAM.
+ + +Sets the debug (sometimes called logging) level. The level can range +from 0 to 10. Specifying the value on the command line overrides the +value specified in the smb.conf file. Debug +level 0 logs only the most important messages; level 1 is normal; +levels 3 and above are primarily for debugging.
+Runs winbindd interactively. This option is used +to override the default, which is for winbindd to detach and run as a +daemon.
+This section lists the command-line options and subcommands provided +by each nondaemon program in the Samba distribution.
+ +| findsmb |
This Perl script reports information about systems on the subnet that +respond to SMB name-query requests. The report includes the IP +address, NetBIOS name, workgroup/domain, and operating system of each +system.
++findsmb [subnet_broadcast_address]
If a different subnet's broadcast address is +provided, it will find SMB servers on that subnet. If no subnet +broadcast address is supplied, findsmb will look +on the local subnet.
+ +The output from findsmb looks like this:
++$ findsmb + *=DMB + +=LMB +IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION +--------------------------------------------------------------------- +172.16.1.1 TOLTEC *[METRAN] [Unix] [Samba 2.2.6] +172.16.1.3 MIXTEC +[METRAN] [Unix] [Samba 2.2.6] +172.16.1.4 ZAPOTEC [METRAN] [Windows 5.0] [Windows 2000 LAN Manager] +172.16.1.5 HUASTEC [ METRAN ] +172.16.1.6 MAYA [ METRAN ] +172.16.1.7 OLMEC [METRAN] [Windows 5.1] [Windows 2000 LAN Manager] +172.16.1.10 UTE [ METRAN ] +172.16.1.13 DINE [METRAN] [Windows NT 4.0] [NT LAN Manager 4.0]
The system with an asterisk (*) in front of its +workgroup name is the domain master browser for the workgroup/domain, +and the system with a plus sign (+) preceding its workgroup name is +the local master browser.
+ +The findsmb command was introduced during the +development of Samba 2.2 and is installed by default in Samba +Versions 2.2.5 and later.
+ +| make_smbcodepage |
This program is part of the +internationalization features of +Samba 2.2 and is obsolete in Samba 3.0, which supports +Unicode +automatically. The make_smbcodepage program +compiles a binary codepage file from a text-format codepage +definition. It can also perform the reverse operation, decompiling a +binary codepage file into a text version. Examples of text-format +codepage files can be found in the Samba distribution in the +source/codepages directory. After Samba has been +installed, examples of binary codepages can be found in the directory +/usr/local/samba/lib/codepages.
++make_smbcodepage c|d codepage_number input_file output_file
For the first argument, use c to compile a +codepage and d to decompile a codepage file. The +codepage_number argument is the number of +the codepage being processed (e.g., 850). The +input_file and +output_file are the text- and +binary-format codepages, with the types dependent on the operation +(compiling or decompiling) that is being performed.
+ +| make_unicodemap |
This program is part of the internationalization features of Samba +2.2 and is obsolete in Samba 3.0, which supports Unicode +automatically. The make_unicodemap command +compiles binary Unicode maps from text files, so Samba can display +non-ASCII characters in file and directory names via the Unicode +international alphabets. Examples of input mapping files can be found +in the directory source/codepages in the Samba +source distribution.
+ +| net |
The net command, new to Samba 3.0, is a program +with a syntax similar to the MS-DOS/Windows command of the same name. +It is used for performing various administrative functions related to +Windows networking, which can be executed either locally or on a +remote system.
++net [method] function [misc_options] [target_options]
The function argument is made up of one or +more space-separated words. In Windows terminology, it is sometimes +referred to as a function with options. Here we list every function +in its complete form, including multiple words.
+ +By default, the action is performed on the local system. The +target_options argument can be used to +specify a remote system (either by hostname or IP address), a domain, +or a workgroup.
+ +Depending on the function, the method +argument can be optional, required, or disallowed. It specifies one +of three methods for performing the operation specified by the rest +of the command. It can be ads (Active Directory), +rpc (Microsoft's DCE/RPC), or +rap (Microsoft's original SMB +remote procedure call). To determine which methods (if any) can be +used with a function, the net help ads, +net help rap, and net help rpc +commands can be used to list the functions for each method.
+ +Sets the debug (sometimes called logging) level. The level can range +from 0 to 10.
+Specifies the long listing mode. This is provided +for functions that print informational listings.
+Specifies the NetBIOS name for the client.
+Specifies the port number to use.
+Specifies the name of the Samba configuration file, overriding the +compiled-in default.
+Specifies the username and, optionally, the password to use for +functions that require authentication.
+Specifies the name of the client's workgroup, +overriding the definition of the workgroup +parameter in the Samba configuration file.
+Specifies the remote system using a hostname or NetBIOS name.
+Specifies the remote system using its IP address.
+Specifies the name of the target domain or workgroup.
+See the rpc abortshutdown +function.
+Prints information about the Active Directory server. The method +(ads) must be specified to differentiate this +function from the rpc info function.
+Joins the local system to the Active Directory realm (organizational +unit) specified by OU. The method (ads) must be +specified to differentiate this function from the rpc +join function.
+Removes the local system from the Active Directory realm.
+Changes the Active Directory password for the user specified by +username@REALM. +The administrative account authentication information is specified +with the -U option. The Active Directory realm +must be supplied in all uppercase.
+Prints information on the specified printer on the specified server. +The printer argument defaults to an +asterisk (*), meaning all printers, and the +server argument defaults to +localhost.
+Publishes the specified printer in Active Directory.
+Removes the specified printer from Active Directory.
+Performs a raw Active Directory search, using the standard LDAP +search expression and attributes specified by the +expr and attrib +arguments, respectively.
+Prints details about the Active Directory computer account of the +system.
+Changes the Active Directory password for the local +system's computer trust account.
+Lists the domains or workgroups on the network.
+Lists open files on the server.
+Closes the specified file.
+Prints information about the specified file, which must be open.
+Lists all files opened on the server by the user specified by +username.
+Adds the specified group. This function accepts the miscellaneous +option -C comment +(which can also be specified as - +-comment=string) to set the +descriptive comment for the group.
+Deletes the specified group.
+Adds the user specified by username to the +group specified by group_name.
+Deletes the user specified by username +from the group specified by group_name.
+Lists the users who are members of the specified group.
+Prints a help message for the net command.
+Prints a help message for method, which +can be ads, rap, or +rpc. This lists the functions that can use the +method, along with a brief description.
+Prints a help message for the specified function, which can be more +than one word.
+Must be preceded by a method. See the ads +info and rpc +info functions.
+Joins the computer to a Windows NT domain or Active Directory realm. +If the method argument is not specified, a check is made to determine +if Active Directory is in use, and if so, ads join +is performed. Otherwise, rpc join is run. See also +the ads join and rpc join +functions.
+Must be preceded by a method. See the ads +leave function.
+Prints the IP address of the specified domain's +domain controllers. The domain defaults to the value of the +workgroup parameter in the Samba configuration +file.
+Prints the IP address of the specified host.
+Prints the IP address of the specified realm's +Kerberos domain controller. If realm is +not specified, it defaults to the value of the +realm parameter in the Samba configuration file.
+Prints the IP address of the specified domain's LDAP +server. If domain is not specified, it +defaults to the value of the workgroup parameter +in the Samba configuration file.
+Prints the IP address of the master browser of the specified domain +or workgroup. If domain is not specified, +it defaults to the value of the workgroup +parameter in the Samba configuration file.
+Changes the password for the user specified by the +username argument. The +user's old and new passwords are provided in plain +text as part of the command. Be careful regarding security issues. +See also the ads password function.
+See the ads printer info function.
+See the ads printer publish function.
+See the ads printer remove function.
+Prints information (including the job IDs) about printer queues on +the server.
+Deletes the specified printer queue. The +-j +job_id (which can also be +specified as +--jobid=job_id +) option may be used to specify the job ID of the queue.
+Aborts the shutdown of a remote server.
+Prints information about the server's domain. The +method (rpc) must be specified to differentiate +this function from the ads info +function.
+Joins a computer to a Windows NT domain. If the -U +username%password +option is included, the specified username and password will be used +as the administrative account required for authenticating with the +PDC. If the -U option is not included, this +function can be used only to join the computer to the domain after +the computer account has been created using the Server Manager. The +method (rpc) must be specified to differentiate +this function from the ads join +function.
+Shuts down a server. This function accepts the -r, +-f, -t, and +-c miscellaneous options. The +-r option (which can also be specified as +--reboot) requests that the system reboot after +shutting down. The -f option (which can also be +specified as --force) forces a shutdown. The +-t timeout option +(which can also be specified as - +-timeout=number) specifies the +number of seconds to wait before shutting down, and the +-c comment option +(which can also be specified as - +-comment=string) can be used to +specify a message to the client user. On Windows, the comment appears +in the Message area in the System Shutdown dialog box.
+Adds an account for the trust relationship with the specified Windows +NT domain.
+Establishes a trust relationship with the specified Windows NT domain.
+Revokes the trust relationship with the specified Windows NT domain.
+See the ads search function.
+Lists servers in the domain or workgroup, which defaults to the value +of the workgroup parameter in the Samba +configuration file.
+Lists clients with open sessions to the server.
+Closes the session to the server from the specified client. A synonym +is session close.
+A synonym for session delete.
+Lists the shares offered by the server. When a Windows 95/98/Me +server is the target system, it might be necessary to specify the +method as rap for this to work properly.
+Adds a share on the target server. The name of the share and the +folder to be shared are specified by the +share_name=server_path +argument, with server_path the Windows +directory name, with spaces and other special characters (if any) +quoted and with the backslashes escaped (e.g., +"data=C:\\Documents and +Settings\\jay\\Desktop\\data"). The +-C comment option +(which can also be specified as - +-comment=string) can be used to +define a description for the share. The -M +number option (which can also be specified +as --maxusers=number) +can be used to set the maximum number of users that can connect to +the share. The method (rap or +rpc) might need to be specified for this function +to work. The regular folder icon cannot change into a +"shared folder" icon in Windows +Explorer until the display is refreshed.
+Deletes a share from the target server. The +share_name argument is simply the name of +the share on the target server, not a UNC. The method +(rap or rpc) might need to be +specified for this function to work. The "shared +folder" icon in Windows Explorer cannot change back +to the regular folder icon until the display is refreshed.
+See the rpc shutdown function.
+See the ads status function.
+Displays the system time—in Unix date +command format—on the target system.
+Sets the local system's hardware clock using the +time obtained from the operating system.
+Sets the time on the local system using the time obtained from the +remote system.
+Prints the time zone (in hours from GMT) in use on the system.
+See the rpc trustdom add function.
+See the rpc trustdom establish function.
+See the rpc trustdom revoke function.
+Lists user accounts. The method can be specified as +ads, rap, or +rpc.
+Adds a user account for the user specified by +username. The -c +comment option (which can also be +specified as - +-comment=string) can be used to +set a comment for the account. The -F +user_flags option can be used to set flags +(specified in numeric format) for the account. The method can be +specified as ads, rap, or +rpc.
+Deletes the specified user's account. The method can +be specified as ads, rap, or +rpc.
+Lists the domain groups to which the specified user belongs. The +method can be specified as ads, +rap, or rpc.
+| nmblookup |
The nmblookup program is a client program that +allows command-line access to NetBIOS name service for resolving +NetBIOS computer names into IP addresses. The program works by +broadcasting its queries on the local subnet until a machine with the +specified name responds. You can think of it as a Windows analog of +nslookup or dig. This is +useful for looking up regular computer names, as well as +special-purpose names, such as _ _MSBROWSE_ _ . If you wish to query +for a particular type of NetBIOS name, add the NetBIOS type to the +end of the name, using the format +netbios_name#<dd>.
+ + +Interprets netbios_name as an IP address +and does a node status query on it.
+Sends the query to the given broadcast address. The default is to +send the query to the broadcast address of the primary network +interface.
+Sets the debug (sometimes called logging) level. The level can range +from 0 to 10. Debug level 0 logs only the most important messages. +Level 1 is normal; levels 3 and above are primarily used by +developers for debugging the nmblookup program +itself and slow the program considerably.
+Prints the flags in the packet headers.
+Prints command-line usage information for the program.
+Sets a NetBIOS scope identifier. NetBIOS scope is a rarely used +precursor to workgroups.
+Searches for a local master browser by looking up +netbios_name<1d>. +If netbios_name is specified as a dash +(-), a lookup is done on the special name _ +_MSBROWSE_ _ .
+Sets the "recursion desired" bit in +the packet. This causes the system that responds to try a WINS lookup +and return the address and any other information the WINS server has +saved.
+Uses the root port of 137. This option exists as a +bug workaround for Windows 95. This option might require the user to +be superuser.
+Performs a node status query once the name query has returned an IP +address. This returns all the resource types that the system knows +about, including their numeric attributes. For example:
+ + ++$ nmblookup -S toltec +querying toltec on 172.16.1.255 +172.16.1.1 toltec<00> +Looking up status of 172.16.1.1 + TOLTEC <00> - M <ACTIVE> + TOLTEC <03> - M <ACTIVE> + TOLTEC <20> - M <ACTIVE> + ..__MSBROWSE__. <01> - <GROUP> M <ACTIVE> + METRAN <00> - <GROUP> M <ACTIVE> + METRAN <1b> - M <ACTIVE> + METRAN <1c> - <GROUP> M <ACTIVE> + METRAN <1d> - M <ACTIVE> + METRAN <1e> - <GROUP> M <ACTIVE>
Specifies the location of the Samba configuration file. Although the +file defaults to /usr/local/samba/lib/smb.conf, +you can override it here on the command line. Normally used for +debugging.
+Translates IP addresses into resolved names.
+Performs a unicast query to the specified address. Used with +-R to query WINS servers.
+Note that nmblookup has no option for setting +the workgroup. You can get around this by putting +workgroup = +workgroup_name in a file and passing it to +nmblookup with the +-s option.
+ +| pdbedit |
This program, new to Samba 3.0, can be used to manage accounts that +are held in a SAM database. The implementation of the database can be +any of the types supported by Samba, including the +smbpasswd file, LDAP, NIS+ and the +tdb database library. The user must be the +superuser to use this tool.
+ + +Adds the user specified by the -u option to the +SAM database. The command issues a prompt for the +user's password.
+Sets the Windows drive letter to which to map the +user's home directory. The drive letter should be +specified as a letter followed by a colon—e.g., +H:.
+Sets the debug (sometimes called logging) level. The level can range +from 0 to 10. Debug level 0 logs only the most important messages. +Level 1 is normal, and levels 3 and above are primarily for +debugging.
+Exports the user account database to another format, written to the +specified location. Used for migrating from one type of account +database to another. The pwdb_backend +argument is specified in the format of a database type, followed by a +colon, then the location of the database. For example, to export the +existing account database to an smbpasswd +database in the file +/usr/local/samba/private/smbpw, +pwdb_backend would be specified as +smbpasswd:/usr/local/samba/private/smbpw. The +allowable database types are smbpasswd, +smbpasswd nua, tdbsam, +tdbsam nua, ldapsam, +ldapsam_nua, and plugin.
+Sets the full name of the user specified with the +-u option.
+Sets the home directory path (as a UNC) for the user specified with +the -u option.
+Specifies a password database backend from which to retrieve account +information, overriding the one specified by the passdb +backend parameter in the Samba configuration file. This, +along with the -e option, is useful for migrating +user accounts from one type of account database to another. See the +-e option regarding how to specify the +pwdb_backend argument.
+Lists the user accounts in the database. See also the +-v option.
+Indicates that the account is a computer account rather than a user +account. Used only with the -a option when +creating the account. In this case, the -u option +specifies the computer name rather than a username.
+Sets the directory in which the user's profile is +kept. The directory is specified as a UNC.
+Specifies the UNC of the user's logon script.
+Specifies the username of the account to add (with the +-a option), delete (with the -x +option), or modify.
+Selects verbose mode when listing accounts with the +-l option. The account fields will be printed.
+Selects the smbpasswd listing mode, for use with +the -l option, which prints information in the +same format as it would appear in an smbpasswd +file.
+Deletes the user (specified with the -u option) +from the account database.
+| rpcclient |
This is a program for issuing administrative commands that are +implemented using Microsoft RPCs. It provides access to the RPCs that +Windows administrative GUIs use for system management. The +rpcclient command is mainly for use by advanced +users who understand the RPCs. More information on these can be found +in Microsoft's Platform Software Development Kit +(SDK), available for download from the Microsoft web site at +http://www.microsoft.com.
You can run a single rpcclient command by using +the -c command string option, or interactively +with rpcclient prompting for commands.
+ + +Specifies a file from which to read the authentication values used in +the connection. The format of the file is as follows:
+ ++ +username = value +password = value +domain = value
This option is used to avoid password prompts or to have the password +appear in plain text inside scripts. The permissions on the file +should be very restrictive (0600, for example) to prevent access from +unwanted users.
+Executes a sequence of semicolon-separated commands. Commands are +listed in the following section.
+Sets the debug (sometimes called logging) level. The level can range +from 0 to 10. Specifying the value on the command line overrides the +value specified in the smb.conf file. Debug +level 0 logs only the most important messages; level 1 is normal; +levels 3 and above are primarily for debugging and slow the program +considerably.
+Prints a summary of options.
+Sets the filename for log/debug files. The extension +.client is appended to the filename.
+Does not prompt for a password. This is used when Samba is configured +for share-mode security and a service with no password is being +accessed.
+Specifies the location of the Samba configuration file, which by +default is usually +/usr/local/samba/lib/smb.conf.
+Sets the SMB username or username and password to use. Be careful +when specifying the password with +%password; this is a +major security risk. If +%password is not +specified, the user will be prompted for the password, which will not +be echoed. Normally the user is set from the USER or LOGNAME +environment variable. The -U option by itself +means to use the guest account. See also -A.
+Sets the domain, overriding the workgroup +parameter in the Samba configuration file. If the domain is the +server's NetBIOS name, it causes the client to log +on using the server's local SAM database rather than +the SAM of the domain.
+| rpcclient commands |
Aside from a few miscellaneous commands, the +rpclient commands fall into three groups: +LSARPC, SAMR, and SPOOLSS. The function names mentioned in some of +the commands are those documented in the Microsoft Platform SDK.
+Sets the debugging level to level. With no +argument, the current debugging level is printed.
+Prints help on the commands.
+Exits rpcclient. A synonym is +exit.
+Lists the types of privileges known to this domain.
+Lists the domains trusted by this domain.
+Prints information on the privilege named +priv_name.
+Finds a name that corresponds to a security identifier (SID).
+Finds the SID for one or more names.
+Queries the LSA object.
+Lists SIDs for the local LSA.
+Prints information on security objects for the LSA.
+Adds a new user in the domain.
+Removes a user from the domain.
+Lists alias groups in the domain, along with their group RIDs. The +type argument can be either +builtin, to list Windows built-in groups such as +Administrators and Power +Users, or domain, to list +groups in the domain. See also the +queryuseraliases command.
+Lists the groups in the domain, along with their group RIDs.
+Prints information regarding alias membership. See also the +queryuseraliases command.
+Prints out the account database. The information printed includes the +RID, username, and full name of each user. The RID is printed in +hexadecimal notation and can be used in this form for commands that +take a RID as an argument.
+Prints information regarding the domain. This includes the name of +the domain, as well as the number of users, groups, and aliases.
+Given a group RID, prints the group name, description, number of +members, and group description.
+Given a user RID, prints the corresponding username, full name, and +other information pertaining to the user.
+Prints aliases for the user. The type +argument can be either builtin or +domain. Aliases are used with the Windows +messaging service and act like usernames, but they can be attached to +a computer rather than a user. This allows messages intended for a +user to be sent to a computer on which the user is either not logged +on, or logged on under another username.
+Prints information on each group inhabited by the user.
+Prints the RID and attributes for each member of the group.
+Looks up the username in the SAM database +and prints its associated RID. The type +argument can be either builtin, to look up +built-in Windows usernames, or domain, to look up +names in the domain.
+Looks up rid in the SAM database and +prints its associated group or username. The +type argument can be either +builtin, to look up built-in Windows usernames, or +domain, to look up names in the domain. The RID +argument can be given in either 0xDDD hexadecimal notation or +decimal.
+Prints information on security objects (such as ACLs) in the SAM +database.
+Adds a printer driver to the server. The driver files must already +exist in the directory returned by getdriverdir. +The arch argument can be one of +Windows 4.0 for Windows 95/98/Me, or +Windows NT x86, Windows NT +PowerPC, Windows Alpha_AXP, and +Windows NT R4000. Others might be introduced in +the future.
+ + +The config_file should contain:
+ ++ +Long Printer Name:\ +Driver File Name:\ +Data File Name:\ +Config File Name:\ +Help File Name:\ +NULL:\ +Default Data Type:\
followed by a comma-separated list of files. Any empty fields should +contain the string NULL.
+Adds a printer on the remote server as +sharename. The printer driver must already +be installed on the server with adddriver, and +the port must be a valid port name returned by +enumports.
+Deletes a printer driver (for all architectures) from the +server's list of printer drivers.
+Prints information regarding the printer ports on the server. The +level argument can be 1 +or 2. Level 1 is the default and prints out only +the Port Name. Information level 2 is the Port Name, Monitor Name, +Description, and Port Type.
+Lists all the printer drivers on the system. The +level argument specifies the information +level. Level 1 is the default and prints the Driver Name(s). Level 2 +prints the Version, Driver Name, Architecture, Driver Path, Data +File, and Config File. Level 3 prints the contents of Level 2, plus +the Help File, one or more Dependent Files, Monitor Name, and Default +Data Type.
+Lists all installed printers, regardless of whether they are shared. +The level argument specifies the +information level. Level 1 is the default, and prints Flags, Name, +Description, and Comment. Level 2 prints the Server Name, Printer +Name, Share Name, Port Name, Driver Name, Comment, Location, +Separator File, Print Processor, Data Type, Parameters, Attributes, +Priority, Default Priority, Start Time, Until Time, Status, Current +Jobs, Average PPM (pages per minute), and a Security Descriptor.
+Prints the printer driver information for the given printer. The +level argument specifies the information +level.
+ + +Level 1 is the default, and prints the Driver Name. Level 2 prints +the Version, Driver Name, Architecture, Driver Path, Data File, and +Config File. Level 3 prints the contents of level 2, plus the Help +File, one or more Dependent Files, Monitor Name, and Default Data +Type.
+Retrieves the share name and directory for storing printer driver +files for a given architecture. Possible values for +arch are "Windows +4.0" for Windows 95/98/Me, +"Windows NT +x86" for Windows NT on Intel, +"Windows NT +PowerPC" for Windows NT on PowerPC, +"Windows Alpha +AXP" for Windows NT on Alpha, and +"Windows NT +R4000" for Windows NT on MIPS. Include the quote +marks in the command.
+Prints the current printer information. The +level argument specifies the information +level.
+Attempts to open and close a specified printer and reports whether it +was successful.
+Unconditionally updates the printer driver used by an installed +printer. Both the printer and printer driver must already be +correctly installed on the print server.
+| smbcacls |
This program provides a way of modifying Windows NT ACLs on files and +directories shared by the Samba server.
+ + +Adds one or more ACLs to the file or directory. Any ACLs already +existing for the file or directory are unchanged.
+Modifies the mask of the ACLs specified. +Refer to the following section, "Specifying +ACLs," for details.
+Deletes the specified ACLs.
+Sets the specified ACLs, deleting any ACLs previously set on the file +or directory. The ACLs must contain at least a revision, type, owner, +and group.
+Sets the username used to connect to the specified service. The user +is prompted for a password unless the argument is specified as +username%password. +(Specifying the password on the command line is a security risk.) If +-U +domain\\username +is specified, the specified domain or workgroup will be used in place +of the one specified in the smb.conf file.
+Changes the owner of the file or directory. This is a shortcut for +-M +OWNER:username. The +username argument can be given as a +username or a SID in the form +S-1-N-N-D-D-D-R.
+Changes the group of the file or directory. This is a shortcut for +-M +GROUP:groupname. The +groupname argument can be given as a group +name or a SID in the form +S-1-N-N-D-D-D-R.
+Causes all ACL information to be displayed in numeric format rather +than in readable strings.
+Prints a help message.
+In the previous options, the same format is always used when +specifying ACLs. An ACL is made up of one or more Access Control +Entries (ACEs), separated by either commas or escaped newlines. An +ACE can be one of the following:
+ ++ ++ + +REVISION:revision_number
+ + + + +OWNER:username_or_SID
+ + + + +GROUP:group_name_or_SID
+ + + + +ACL:name_or_SID:type/flags/mask
+ +
The revision_number should always be 1. +The OWNER and GROUP entries can +be used to set the owner and group for the file or directory. The +names can be the textual ones or SIDs in the form +S-1-N-N-D-D-D-R.
+ +The ACL entry specifies what access rights to +apply to the file or directory. The +name_or_SID field specifies to which user +or group the permissions apply and can be supplied either as a +textual name or a SID. An ACE can be used to either allow or deny +access. The type field is set to +1 to specify a permission to be allowed or +0 for specifying a permission to deny. The +mask field is the name of the permission +and is one of the following:
+ +Read access.
+Write access.
+Execute permission.
+Permission to delete.
+Change permissions on the object.
+Take ownership.
+The following combined permissions can also be specified:
+ +Equivalent to RX permissions
+Equivalent to RWXD permissions
+Equivalent to RWXDPO permissions
+The flags field is for specifying how +objects in directories are to inherit their default permissions from +their parent directory. For files, flags +is normally set to 0. For directories, +flags is usually set to either +9 or 2.
+ +| smbclient |
The smbclient program is the +"Swiss army knife" of the Samba +suite. Initially developed as a testing tool, it has become a command +shell capable of acting as a general-purpose Unix client, with a +command set very similar to that of ftp. It +offers the following set of functions:
Interactive file transfer, similar to ftp
+Interactive printing to shared SMB printers
+Interactive tar format archiving
+Sending messages on the SMB network
+Batch mode tar format archiving
+"What services do you have?" +querying
+Debugging
++smbclient //server/share [ password] [options]
It is possible to run smbclient +noninteractively, for use in scripts, by specifying the +-c option along with a list of commands to +execute. Otherwise, smbclient runs in +interactive mode, prompting for commands such as this:
+ ++smb:\>
The backslash in the prompt is replaced by the current directory +within the share as you change your working directory with +smbclient's +cd command.
+ +Specifies a file from which to read the username and password used +for the connection. The format of the file is as follows:
+ + ++ +username = value +password = value +domain = value
This is to avoid having the password prompted for or have it appear +in plain text in scripts. The permissions on the file should be very +restrictive (0600, for example) to prevent access by unwanted users.
+Sets the size of the buffer used when transferring files. It defaults +to 65520 bytes and can be changed as a tuning measure. Generally it +should be quite large or set to match the size of the buffer on the +remote system. It can be set smaller to work around Windows bugs: +some Windows 98 systems work best with a buffer size of 1200.
+Sets the broadcast address.
+Passes a command string to the smbclient command +interpreter. The argument consists of a semicolon-separated list of +commands to be executed.
+Sets the debug (logging) level, from 0 to 10, with A for all. +Overrides the value in smb.conf. Debug level 0 +logs only the most important messages; level 1 is normal; debug +levels 3 and above are for debugging and slow +smbclient considerably.
+Upon starting up, causes smbclient to change its +working directory to init_dir on the +remote host.
+Sends output from commands to stderr instead of +stdout.
+Prints the command-line help information (usage) for +smbclient.
+Sets the IP address of the server to which the client connects.
+Sets a NetBIOS scope identifier.
+Sends the log messages to log_file rather +than to the log file specified in the Samba configuration file or the +compiled-in default.
+Lists services (shares) offered by the server. This can be used as a +quick way to test an SMB server to see if it is working. If there is +a name-service problem, use the -I option to +specify the server.
+Allows you to send messages using the Windows messaging protocol. +Once a connection is established, you can type your message, pressing +Ctrl-D to end. The -U and -I +options can be used to control the +"From" and +"To" parts of the message.
+Suppresses the password prompt. Useful when using share mode security +and accessing a service that has no password.
+Allows you to override the NetBIOS name by which +smbclient will advertise itself.
+Sets the TCP/IP socket options using the same parameters as the +socket options configuration option. Often used +for performance tuning and testing.
+Sets the port number with which smbclient will +connect.
+Sets the resolve order of the name servers. This option is similar to +the resolve order configuration +option and can take any of the four parameters +lmhosts, host, +wins, and bcast, in any order. +If more than one is specified, the argument is specified as a +space-separated list. This option can be used to test name service by +specifying only the name service to be tested.
+Specifies the location of the Samba configuration file. Used for +debugging.
+Sets the terminal code for Asian languages.
+Runs the tar archiver, which is gtar compatible. +The tar file that is written to or read from is specified by +tarfile. The two main commands are +c (create) and x (extract), +which can be followed by any of these:
+ +Resets the archive attribute on files after they have been saved. See +also the g option.
+Sets the block size for writing the tar file, in 512-byte units.
+Backs up only files that have their archive bit set. See also the +a option.
+Includes files and directories. This is the default, so specifying +this is redundant. To perform pattern matching, see also the +r option.
+Backs up only those files newer than file.
+Suppresses diagnostics.
+Performs regular expression matching, which can be used along with +the I or E option to include or +exclude files.
+Excludes files and directories.
+Sets the username and, optionally, the password used for +authentication when connecting to the share.
+Specifies the workgroup/domain in which +smbclient will claim to be a member.
+With no command specified, prints a list of available commands. If a +command is specified as an argument, a brief help message will be +printed for it.
+Shell escape. With no command specified, runs a Unix shell. If a +command is specified, runs the command in a Unix shell.
+Causes smbclient to request from the server and +then print the old-style, 8.3-format filename for the specified file.
+Causes smbclient to request the server to cancel +one or more print jobs, as specified by the numeric job IDs provided +as arguments. See also the queue command, which +prints job IDs.
+Requests that the server change the Unix file permissions on +filename to +octal_mode, specified in octal numeric +format. Works only if the server supports Unix CIFS extensions.
+Requests that the server change the owner and group of the file +specified by filename to those provided as +decimal numeric arguments UID and +GID. Works only if the server supports +Unix CIFS extensions.
+With no argument, prints the current working directory on the remote +system. If a directory name is supplied as an argument, changes the +working directory on the remote system to that specified.
+Requests that the server delete one or more files, as specified by +the argument, from the current working directory. The argument can be +a filename globbing pattern using the * and ? characters.
+With no arguments, prints a list of files and directories in the +working directory on the server. If an argument is provided, only +files and directories whose names match the argument will be listed. +The argument can be a filename globbing pattern using the * and ? +characters.
+Quits the smbclient program after terminating +the SMB connection to the server.
+Copies the file specified by remote_file +from the server to the local system. If no +local_file argument is specified, +smbclient will name the local file the same as +it is named on the server. If local_file +is specified, it will be used as the name of the local copy. See also +the lowercase command.
+A synonym for the ? command.
+If no argument is provided, prints the name of +smbclient's working directory +on the local system. If a directory name is provided as an argument, +changes smbclient's working +directory to the directory specified.
+Requests that the server create a hard link to +filename and name it +link_name. This command works only if the +server supports Unix CIFS extensions.
+Toggles the boolean lowercasing setting. When this setting is on, +names of files copied from the server with the +get and mget commands will +be changed to all lowercase. This is mainly used for accessing +servers that report filenames in all uppercase only.
+A synonym for dir.
+Sets the filename globbing pattern for use with the +mget and mput commands when +recursion is turned on. (When recursion is off, the setting has no +effect.) Both mget and mput +accept a globbing pattern as arguments; however, those patterns apply +only to the current directory. This command specifies the pattern +used for all subdirectories that are recursively traversed. The +pattern stays in effect until it is changed with another +mask command. To return the setting to its +original default, specify a +globbing_pattern of an asterisk +(*), which matches all files. See also the +mget, mput, and +recurse commands.
+A synonym for the mkdir command.
+When recursion is turned off, copies files matching the file-globbing +pattern, as specified by the argument, from the current working +directory on the server to the local system. When recursion is on, +the pattern argument is used to match +directories in the current working directory, and the pattern +specified by the mask command is used for +matching files within each directory and all subdirectories. See also +the lowercase, mask, and +recurse commands.
+Prints the specified file. This requires that +smbclient be connected to a print share. See +also the printmode command.
+Sets the mode that is used by the print command. +The mode can be either text, for printing text +files such as the ASCII files commonly found on Unix, or +graphics, for printing binary files.
+Toggles the prompting mode. When prompting is on (the default), the +mget and mput commands will +interactively prompt the user for permission to transfer each file. +The user can answer either y (yes) or +n (no), followed by a newline, to this prompt. +When prompting is off, all the files will be transferred with no +prompts issued.
+Copies the file specified by local_file +from the local to the remote system. If no +remote_file argument is specified, +smbclient will name the remote file the same as +it is named on the local system. If +remote_file is specified, it will be used +as the name of the remote copy. See also the +lowercase command.
+Prints information on the print queue on the server. This requires +that smbclient is connected to a print share.
+A synonym for exit.
+A synonym for rmdir.
+Toggles the recursion mode, which affects the +mget and mput commands. +When recursion is off (the default), the mget +and mput commands will copy only files from the +current working directory that match the file-globbing pattern +specified as an argument to the command, and the pattern set by the +mask command is ignored. When recursion is +turned on, the mget and +mput commands recursively traverse any +directories that match the pattern specified as the argument to the +command, and the pattern set by the mask command +is used to match files in those directories.
+A synonym for del.
+Requests that the server remove the specified directory.
+Requests that the server assign the specified MS-DOS file attributes +on the specified file. The attributes +argument has the format of a leading plus sign (+) +or minus sign (-) either to set or to unset the +attribute(s), respectively, followed by one or more of the characters +r (read), s (system), +h (hidden), or a (archive).
+Requests that the server create a symbolic link named +link_name to +filename. This command works only if the +server supports Unix CIFS extensions. The server will not create a +link that refers to a file not in the share to which +smbclient is connected.
+Performs an archiving operation using the tar format. This is the +interactive form of the -T command-line operation, +and the cmd_str argument is specified in +the same manner. See also the tarmode command.
+Sets the block size, in units of 512 bytes, for files written by the +tar command.
+Specifies how the tar command performs its +archiving, including how it handles the archive attribute on files. +Multiple mode arguments can be provided, +chosen from the following:
+ +All files will be included, regardless of whether their +archive attribute is set. This is the default.
+Only files that have the archive attribute set +will be included in the backup.
+The archive attribute will be unset by +tar after the file is included in the archive.
+The archive attribute will be left unchanged. This +is the default.
+Files with the system attribute set will be +included in the archive. This is the default.
+Files with the system attribute set will not be +included in the archive.
+Files with the hidden attribute set will be +included in the archive. This is the default.
+Files with the hidden attribute set will not be +included in the archive.
+As files are included in the archive (when creating the archive) or +are read from the archive (when extracting it), the name of each file +will be printed. This is the default.
+This turns verbose mode off, causing tar to +perform its work quietly.
+An antonym for the verbose mode. When quiet is on, +verbose is off, and vice versa.
+| smbcontrol |
The smbcontrol command sends control messages to +running smbd or nmbd +processes.
++smbcontrol -i [options]
or:
+ ++ + +smbcontrol [options] process message-type [parameters]
Runs smbcontrol interactively, executing +commands until a blank line or "q" +is read. The user must have superuser privileges.
+Specifies the location of the Samba configuration file.
+Sets the debugging level for logging. The debug level can be set from +to 10.
+Whether smbcontrol commands are issued in +interactive mode or from the command line, the commands are in the +same format. Each command has up to three parts:
+ +Specifies the process or group of processes to which to send the +message. If process is +smbd, all smbd processes will +receive the message. If process is +nmbd, only the main nmbd +process (identified by Samba's +nmbd.pid file) receives the message. If +process is the numeric PID of a running +process on the system, that process will receive the message.
+Specifies the type of message that is sent. For more information, see +smbcontrol message +types that follows.
+Specifies additional parameters required by some messages.
+Closes the connection to a share or shares. If +share_name is specified as an asterisk +(*), connections to all shares will be closed. To +close a single connection, share_name is +given as the name of a share, as specified in the Samba configuration +file, not including the enclosing brackets. Warning: no message is +printed if there is an error in specifying +share_name.
+Sets the debugging level. The num +parameter specifies the level, which can be from 0 to 10.
+Prints the current debugging level.
+Can be used only with nmbd, telling it to force +a master browser election.
+Sends number of pings and reports when they +receive a reply or timeout. Used for connectivity testing.
+Controls profiling statistics collection. If +mode is on, profile +statistics will be collected. If mode is +off, collection of statistics is turned off. If +mode is specified as +count, only counting statistics are collected (and +not timing statistics). If mode is +flush, the data set is cleared (initialized).
+Prints the current profiling level.
+Sends a printer notify message to Windows NT/2000/XP for the +specified printer. This message can be sent only to +smbd. Warning: no message is printed if the +printer_name parameter is specified +incorrectly.
+| smbgroupedit |
This command, new to Samba 3.0, sets up mappings between Unix groups +and Windows NT/2000/XP groups and also allows a Unix group to become +a domain group. This command must be run by the superuser.
+ + +Adds a mapping for the specified Unix group. The +-n option is used along with this option to +specify the Windows NT group to which the Unix group is mapped.
+Changes a mapping between a Windows NT group and a Unix group. The +Windows NT group is specified as a SID with this option, and the Unix +group is specified with the -u option.
+Specifies a comment for the mapping, which will be stored along with +it.
+When used with the -v option, prints a long +listing. This is the default. The information printed includes the +name of the Windows NT group, its SID, its corresponding Unix group +(if a mapping has been defined), the group type, the comment, and the +privileges of the group.
+Specifies the name of the Windows NT group. Used with the +-a option.
+Used along with the -a option to specify a Windows +NT privilege to be given to the Unix group.
+When used with the -v option, prints a short +listing. The information printed includes just the name of the +Windows NT group, its SID, and, if a mapping has been defined, its +corresponding Unix group. This option is useful for determining the +SID of a group, for use with the -c option.
+Assigns a Windows group type to the group. +TYPE is a single character, and is one of +b (built-in), d (domain), or +l (local).
+Specifies the name of the Unix group to map to the Windows NT group. +Used with the -c option.
+Prints a list of groups in the Windows NT domain in which the Samba +server is operating. See also the -l and +-s options.
+Deletes the mapping for the Unix group specified.
+| smbmnt |
This is a low-level helper program for mounting smbfs filesystems. It +used by smbmount to do the privileged part of +the mount operation on behalf of an ordinary user. Generally, users +should not run this command directly.
+ + +Mounts the filesystem as read-only.
+Specifies the UID to use for the owner of the files.
+Specifies the GID to use for the group of the files.
+Specifies the octal file mask.
+Specifies the octal directory mask.
+Specifies the list of options that are passed to the smbfs module.
+To allow users to mount SMB shares without help from an +administrator, set the "set user +ID" permission on the smbmnt +executable. However, note that this can raise security issues.
+ +| smbmount |
This program mounts an smbfs filesystem on a mount point in the Unix +filesystem. It is typically called as mount.smb +from mount, although it can also be run directly +by users. After mounting the smbfs filesystem, +smbmount continues to run as a daemon as long as +the filesystem is mounted. It logs events in the file +log.smbmount in the same directory as the other +Samba log files (which is commonly +/usr/local/samba/var by default). The logging +level is controlled by the debug level parameter +in the Samba configuration file.
++smbmount service mount_point [-o options]
The service argument specifies the SMB share to mount, given as a +UNC. The mount_point argument specifies a +directory to use as the mount point. The options to +smbmount are specified as a comma-separated list +of +key=value +pairs. The documented options are as follows. Others can be passed if +the kernel supports them.
+ +Specifies the username to connect as. If this is not provided, the +environment variable USER will be tried. The name can be specified as +username%password, +user/workgroup, +or +user/workgroup%password.
+Specifies the SMB password. If no password is provided using this +option, the username option, or the +credentials option, the environment variable +PASSWD is used. If that also does not exist, +smbmount will prompt interactively for a +password.
+Specifies a file that contains a username and password in the +following format:
+ + ++username = value +password = value
Sets the Unix user ID to be used as the owner of all files in the +mounted filesystem. It can be specified as a username or numeric UID. +Defaults to the UID of the user running +smbmount.
+Sets the Unix group ID to be used as the group for all files in the +mounted filesystem. It can be specified as a group name or a numeric +GID. Defaults to the GID of the user running +smbmount.
+Sets the TCP port number. This is 139, which is required by most +Windows versions.
+Sets the Unix permissions of all files in the mounted filesystem. +Defaults to the user's current umask.
+Sets the Unix permissions of all directories in the mounted +filesystem. Defaults to the current umask.
+Sets the debugging level.
+Sets the destination hostname or IP address.
+Sets the computer name to connect as. This defaults to the hostname +of the local system.
+Sets the workgroup or domain.
+Sets TCP socket options.
+Sets the NetBIOS scope.
+Don't expect or prompt for a password.
+Mounts the share read-only.
+Mounts the share read-write.
+Sets the charset used by the Linux machine for codepage-to-charset +translation. See also the codepage option.
+Sets the DOS code page. See also the iocharset +option.
+Sets the time to live, in milliseconds, for entries in the directory +cache. A higher value gives better performance on large directories +and/or slower connections. The default is 1000ms. Try 10000ms (10 +seconds) as a starting value if directory operations are visibly +slow.
+| smbpasswd |
The smbpasswd program provides the general +function of managing encrypted +passwords. How it works depends on whether it is run by the superuser +or an ordinary user.
For the superuser, smbpasswd can be used to +maintain Samba's smbpasswd +file. It can add or delete users, change their passwords, and modify +other attributes pertaining to the user that are held in the +smbpasswd file.
When run by ordinary users, smbpasswd can be +used only to change their encrypted passwords. In this mode of +operation, smbpasswd acts as a client to the +smbd daemon. The program will fail if +smbd is not operating, if the hosts +allow or hosts deny parameters in the +Samba configuration file do not permit connections from localhost (IP +address 127.0.0.1), or if the encrypted passwords +option is set to no. It is also possible for +smbpasswd to change a user's +password when it is maintained on a remote system, including a +Windows NT domain controller.
+When run by the superuser:
+ ++smbpasswd [options] [username] [password]
In this case, the username of the user whose +smbpasswd entry is to be modified is provided as +the second argument.
+ +Otherwise:
+ ++ + +smbpasswd [options] [password]
Adds a user to the encrypted password file. The user must already +exist in the system password file (/etc/passwd +). If the user already exists in the smbpasswd +file, the -a option changes the existing password.
+Disables a user in the encrypted password file. The +user's entry in the file will remain, but will be +marked with a flag disabling the user from authenticating.
+Enables a disabled user in the encrypted password file. This +overrides the effect of the -d option.
+Joins the Samba server to a Windows NT domain as a domain member +server. The domain argument is the NetBIOS +name of the Windows NT domain that is being joined. See also the +-r and -U options.
+Indicates that the account is a computer account in a Windows NT +domain rather than a domain user account.
+Sets the user's password to a null password. For the +user to authenticate, the parameter null +passwords = +yes must exist in the [global] +section of the Samba configuration file.
+Sets the resolve order of the name servers. This option is similar to +the resolve order configuration +option and can take any of the four parameters +lmhosts, host, +wins, and bcast, in any order. +If more than one is specified, the argument is specified as a +space-separated list.
+For use when Samba has been compiled with the +--with-ldapsam configure option. Specifies the +password that goes with the value of the ldap admin +dn Samba configuration file parameter.
+Deletes the user from the smbpasswd file. This +is a one-way operation, and all information associated with the entry +is lost. To disable the account without deleting the +user's entry in the file, see the +-d option.
+Specifies the Samba configuration file, overriding the compiled-in +default.
+Sets the debug (also called logging) level. The level can range from +to 10. Debug level 0 logs only the most important messages; level 1 +is normal; levels 3 and above are primarily for debugging and slow +the program considerably.
+Prints command-line usage information.
+Causes smbpasswd to run in local mode, in which +ordinary users are allowed to use the superuser-only options. This +requires that the smbpasswd file be made +readable and writable by the user. This is for testing purposes.
+Specifies on which machine the password should change. If changing a +Windows NT domain password, the remote system specified by +NetBIOS_name must be the PDC for the +domain. The user's username on the local system is +used by default. See also the -U option for use +when the user's Samba username is different from the +local username.
+Sets the resolve order of the name servers. This option is similar to +the resolve order configuration option and can take any of the four +parameters lmhosts, host, +wins, and bcast, in any order. +If more than one is specified, the argument is specified as a +space-separated list.
+Causes smbpasswd not to prompt for passwords +from /dev/tty, but instead to read the old and +new passwords from the standard input. This is useful when calling +smbpasswd from a script.
+Queries the domain controller of the domain, as specified by the +workgroup parameter in the Samba configuration +file, and retrieves the domain's SID. This will then +be used as the SID for the local system. A specific PDC can be +selected by combining this option with the -r +option, and its domain's SID will be used. This +option is for migrating domain accounts from a Windows NT primary +domain controller to a Samba PDC.
+Changes the password for username on the +remote system. This is to handle instances in which the remote +username and local username are different. This option requires that +-r also be used. Often used with +-j to provide the username of the administrative +user on the primary domain controller for adding computer accounts.
+| smbsh |
The smbsh program allows SMB shares to be +accessed from a Unix system. When smbsh is run, +an extra directory tree called /smb becomes +available to dynamically linked shell commands. The first level of +directories under /smb represent available +workgroups, the next level of subdirectories represent the SMB +servers in each workgroup, and the third level of subdirectories +represent the disk and printer shares of each server.
Samba must be compiled with the --with-smbwrappers +option to enable smbsh.
+Sets the debug (sometimes called logging) level. The level can range +from 0, the default, to 10. Debug level 0 logs only the most +important messages; level 1 is normal; levels 3 and above are +primarily for debugging and slow smbsh +considerably.
+Sets the name of the logging file. By default, messages are sent to +stderr.
+Specifies the location of +smbsh's shared libraries, +overriding the compiled-in default.
+Sets the name of the root directory to use for the +SMB filesystem. The default is /smb.
+Sets the resolve order of the name servers. This option is similar to +the resolve order configuration +option and can take any of the four parameters +lmhosts, host, +wins, and bcast, in any order. +If more than one is specified, the argument is specified as a +space-separated list.
+Provides the username, and optionally the password, for +authenticating the connection to the SMB server. The password can be +supplied using the +username%password +format. If either or both the username and password are not provided, +smbsh will prompt interactively for them.
+Specifies the NetBIOS workgroup or domain to which the client will +connect. This overrides the workgroup parameter in the Samba +configuration file and is sometimes necessary to connect to some +servers.
+| smbspool |
The smbspool program provides a +CUPS-compatible +interface to Samba printing by providing a way to send a print job to +an SMB printer using the command-line format specified by CUPS +printers. Although smbspool is designed to work +best with CUPS printers, it can be used to send print jobs to +non-CUPS Samba printers as well.
++smbspool job user title copies options filename
The arguments for smbspool, as shown here, are +those used in the CUPS printing system. However, some of the +arguments are currently ignored because they don't +correspond to the Samba printing system. These arguments must be +supplied in the command and can be filled in with +"dummy" values.
+ +The job argument refers to the job number +and is currently ignored. The user +argument is the name of the user who submitted the print job and is +also ignored. The title argument is the +name of the print job and must be supplied. It is used as the name of +the remote print file. The copies argument +is the number of copies that will be printed. This number is used +only if the (optional) filename argument is +supplied. Otherwise, only one copy is printed. The +options argument, for specifying printing +options, is ignored. The filename argument +is used for specifying the name of the file to be printed. If it is +not provided, the standard input will be used.
+ +The printer that the job is to be sent to is specified in the +DEVICE_URI environment variable. The format for the printer name is a +device Universal Resource Indicator, which can be in any of the +following formats:
+ ++ ++ + +smb://server/printer
+ + + + +smb://workgroup/server/printer
+ + + + +smb://username:password@server/printer
+ + + + +smb://username:password@workgroup/server/printer
+ +
| smbstatus |
This program lists the current connections on a Samba server.
+Causes smbstatus to produce brief output. This +includes the version of Samba and auditing information about the +users that are connected to the server.
+Gives verbose output, which includes a list of services, a list of +locked files, and memory usage statistics. This is the default.
+Prints only the list of current file locks.
+Prints only a list of smbd process IDs.
+Prints only the contents of the profiling memory area. Requires that +Samba has been compiled with the profiling option.
+Prints only a list of shares and their connections.
+Specifies the Samba configuration file to use when processing this +command.
+Limits the report to the activity of a single user.
+| smbtar |
The smbtar program is a shell-script wrapper +around smbclient for doing tar-format archiving +operations. It is functionally very similar to the Unix +tar program.
+ + +Resets (clears) the archive attribute on files after they are backed +up. The default is to leave the archive attribute unchanged.
+Sets block size, in units of 512 bytes, for reading or writing the +archive file. Defaults to 20, which results in a block size of 10240 +bytes.
+Changes the working directory on the remote system to +directory before starting the restore or +backup operation.
+Specifies incremental mode; files are backed up only if they have the +DOS archive attribute set. The archive attribute is reset (cleared) +after each file is read.
+Sets the logging level. This corresponds to the -d +option of smbclient and other Samba programs.
+Backs up only files newer than filename. For +incremental backups.
+Specifies the password to use to access a share. An alternative to +using the +username%password +format with the -u option.
+Restores files to the share from the tar file.
+Specifies the SMB server. See also the -x option.
+Specifies the file or Unix device to use as the archiving medium. The +default is tar.out or the value of the TAPE +environment variable, if it has been set.
+Specifies the user account to use when connecting to the share. You +can specify the password as well, in the format +username%password. +The username defaults to the user's Unix username.
+Operates in verbose mode, printing error messages and additional +information that can be used in debugging and monitoring. Backup and +restore operations will list each file as it is processed.
+States the name of the share on the server to which to connect. The +default is backup. See also the +-s option.
+Tells smbtar to exclude the specified files from +the backup or restore operation.
+| smbumount |
The smbumount command exists to allow an +ordinary (nonsuperuser) user to unmount a smbfs filesystem, which the +user had previously mounted using smbmount.
+ +| testparm |
The testparm program checks a Samba +configuration file for obvious errors.
++testparm [options] [filename] [hostname IP_addr]
If the configuration file is not provided using the +filename argument, then it defaults to +/usr/local/samba/lib/smb.conf. If the hostname +and an IP address of a system are included, an extra check is made to +ensure that the system is allowed to connect to each service defined +in the configuration file. This is done by comparing the hostname and +IP address to the definitions of the hosts allow +and hosts deny parameters.
+ +Prints usage information for the program.
+Sets the %L configuration variable to the +specified server name.
+Disables the default behavior of prompting for the Enter key to be +pressed before printing the list of configuration options for the +server.
+| testprns |
This is a very simple program that checks to see if a specified +printer name exists in the system printer capabilities (printcap) +file.
+ +| wbinfo |
This program retrieves and prints information from the +winbindd daemon, which must be running for +wbinfo to function.
+ + +Prints all usernames that have been mapped from the Windows NT domain +to Unix users. Users in all trusted domains are also listed.
+Prints all group names that have been mapped from the Windows NT +domain to Unix groups. Groups in all trusted domains are also +reported.
+Queries the WINS server and prints the IP address of the specified +system.
+Prints the SID corresponding to the name specified. The argument can +be specified as DOMAIN/name (or by using a +character other than the slash, as defined by the winbind separator +character) to specify both the domain and the name. If the domain and +separator are omitted, the value of the workgroup +parameter in the Samba configuration file is used as the name of the +domain.
+Prints the name mapped to a SID, which is specified in the format +S-1-N-N-D-D-D-R.
+Prints the SID mapped to a Unix UID, if one exists in the current +domain.
+Prints the SID mapped to a Unix group ID, if one exists in the +current domain.
+Prints the Unix UID that winbind has mapped to the specified SID, if +one exists.
+Prints the Unix group ID that winbind has mapped to the specified +SID, if one exists.
+Tests to see that the workstation trust account for the Samba server +is valid.
+Prints a list of Windows NT domains trusted by the Windows server. +This does not include the PDC's domain.
+Prints the list of Unix group IDs to which the user belongs. This +works only if the user's account is maintained on a +domain controller.
+Checks to see if a user can authenticate through +winbindd using the specified username and +password.
+Saves the username and password used by winbindd +to the domain controller. For use when operating in a Windows 2000 +domain.
+