Appendix C. Summary of Samba Daemons and Commands

This appendix is a reference listing of command-line options and other information to help you use the programs that come with the Samba distribution.

Samba Daemons

The following sections provide information about the command-line parameters for smbd, nmbd, and winbindd.

smbd

The smbd program provides Samba's file and printer services, using one TCP/IP stream and one daemon per client. It is controlled from /usr/local/samba/lib/smb.conf, the default configuration file, which can be overridden by command-line options.

The configuration file is automatically reevaluated every minute. If it has changed, most new options are immediately effective. You can force Samba to reload the configuration file immediately by sending a SIGHUP signal to smbd. Reloading the configuration file does not affect any clients that are already connected. To escape this condition, a client would need to disconnect and reconnect, or the server itself would have to be restarted, forcing all clients to reconnect.

Other Signals

To shut down an smbd process, send it the termination signal SIGTERM (15), which allows it to die gracefully, instead of a SIGKILL (9). With Samba versions prior to 2.2, the debugging level could be raised or lowered using SIGUSR1 or SIGUSR2. This is no longer supported. Use smbcontrol instead.

Command synopsis

smbd [options]

Options

-a

Causes each new connection to the Samba server to append all logging messages to the log file. This option is the opposite of -o and is the default.

-D

Runs the smbd program as a daemon. This is the recommended way to use smbd. It is also the default action when smbd is run from an interactive command line. In addition, smbd can be run from inetd.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the smb.conf file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow smbd considerably.

-h

Prints usage information for the smbd command.

-i

Runs smbd interactively, rather than as a daemon. This option is used to override the default daemon mode when smbd is run from the command line.

-l log_ directory

Sends the log messages to somewhere other than the location compiled into the executable or specified in the smb.conf file. The default is often /usr/local/samba/var/, /usr/samba/var/, or /var/log/. The log file is placed in the specified directory and named log.smbd. If the directory does not exist, Samba's compiled-in default will be used.

-O socket_options

Sets the TCP/IP socket options, using the same parameters as the socket options configuration option. Often used for performance tuning and testing.

-o

Causes log files to be overwritten when opened (the opposite of -a). Using this option saves you from hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.

-p port_number

Sets the TCP/IP port number from which the server will accept requests. All Microsoft clients send to the default port of 139, except for Windows 2000/XP, which can use port 445 for SMB networking, without the NetBIOS protocol layer.

-P

Causes smbd to run in "passive" mode, in which it just listens, and does not transmit any network traffic. This is useful only for debugging by developers.

-s configuration_ file

Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it on the command line. Typically used for debugging.

-v

Prints the current version of Samba.

nmbd

The nmbd program is Samba's NetBIOS name service and browsing daemon. It replies to NetBIOS over TCP/IP (also called NetBT or NBT) name-service requests broadcast from SMB clients, and optionally to Microsoft's Windows Internet Name Service (WINS) requests. Both are versions of the name-to-address lookup required by SMB clients. The broadcast version uses UDP broadcast on the local subnet only, while WINS uses TCP, which can be routed. If running as a WINS server, nmbd keeps a current name and address database in the file /usr/local/samba/var/locks/wins.dat.

An active nmbd daemon also responds to browsing protocol requests used by the Windows Network Neighborhood. This protocol provides a dynamic directory of servers, as well as the disks and printers that the servers are providing. As with WINS, this was initially done by making UDP broadcasts on the local subnet. With the addition of the local master browser to the network architecture, it is done by making TCP connections to a server. If nmbd is acting as a local master browser, it stores the browsing database in the file /usr/local/samba/var/locks/browse.dat.

Some clients (especially older ones) cannot use the WINS protocol. To support these clients, nmbd can act as a WINS proxy, accepting broadcast requests from the non-WINS clients, contacting a WINS server on their behalf, and returning the WINS server's response to them.

Signals

Like smbd, the nmbd program responds to several Unix signals. Sending nmbd a SIGHUP signal causes it to dump the names it knows about to the /usr/local/samba/var/locks/namelist.debug file. To shut down an nmbd process and allow it to die gracefully, send it a SIGTERM (15) signal, rather than a SIGKILL (9). With Samba versions prior to 2.2, the debugging level could be raised or lowered using SIGUSR1 or SIGUSR2. This is no longer supported. Use smbcontrol instead.

Command synopsis

nmbd [options]

Options

-a

Causes each new connection to the Samba server to append all logging messages to the log file. This option is the opposite of -o and is the default.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the smb.conf file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow nmbd considerably.

-D

Instructs the nmbd program to run as a daemon. This is the recommended way to use nmbd and is the default when nmbd is run from an interactive shell. In addition, nmbd can be run from inetd.

-h

Prints usage information for the nmbd command.

-H lmhosts_ file

Specifies the location of the lmhosts file for name resolution. This file is used only to resolve names for the local server, and not to answer queries from remote systems. The compiled-in default is commonly /usr/local/samba/lib/lmhosts, /usr/samba/lib/lmhosts, or /etc/lmhosts.

-i

Runs nmbd interactively, rather than as a daemon. This option is used to override the default daemon mode when nmbd is run from the command line.

-l log_ file

Sends the log messages to somewhere other than the location compiled into the executable or specified in the smb.conf file. The default is often /usr/local/samba/var/log.nmbd, /usr/samba/var/log.nmbd, or /var/log /log.nmbd.

-n NetBIOS_name

Allows you to override the NetBIOS name by which the daemon advertises itself. Specifying this option on the command line overrides the netbios name option in the Samba configuration file.

-O socket_options

Sets the TCP/IP socket options, using the same parameters as the socket options configuration option. Often used for performance tuning and testing.

-o

Causes log files to be overwritten when opened (the opposite of -a). This option saves you from hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.

-p port_number

Sets the UDP port number from which the server accepts requests. Currently, all Microsoft clients use only the default port, 137.

-s configuration_ file

Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it here on the command line. Typically used for debugging.

-v

Prints the current version of Samba.

winbindd

The winbindd daemon is part of the winbind service and is used to allow Unix systems to obtain user and group information from a Windows NT/2000 server. Winbind maps Windows relative IDs (RIDs) to Unix UIDs and GIDs and allows accounts stored on the Windows server to be used for Unix authentication. Its purpose is to ease integration of Microsoft and Unix networks when a preexisting Windows domain controller is set up to handle user and computer accounts.

The daemon is accessed by users via the name service switch and PAM. The name service switch calls a library (/lib/libnss_winbind.so), which calls the daemon, which in turn calls the Windows NT/2000 server using Microsoft RPC. The PAM module for winbind can call the daemon similarly, allowing users whose accounts are stored on the Windows server to log in to the Unix system and run an interactive shell, FTP, or any other program that authenticates users through PAM.

The winbind subsystem is currently available only for the Linux operating system and a few other systems that use shared libraries, nsswitch and PAM.

Command synopsis

winbindd [options]

Options

-d debuglevel

Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the smb.conf file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging.

-i

Runs winbindd interactively. This option is used to override the default, which is for winbindd to detach and run as a daemon.

Samba Distribution Programs

This section lists the command-line options and subcommands provided by each nondaemon program in the Samba distribution.

findsmb

This Perl script reports information about systems on the subnet that respond to SMB name-query requests. The report includes the IP address, NetBIOS name, workgroup/domain, and operating system of each system.

Command synopsis

findsmb [subnet_broadcast_address]

If a different subnet's broadcast address is provided, it will find SMB servers on that subnet. If no subnet broadcast address is supplied, findsmb will look on the local subnet.

The output from findsmb looks like this:

$ findsmb
                                *=DMB
                                +=LMB
IP ADDR         NETBIOS NAME     WORKGROUP/OS/VERSION
---------------------------------------------------------------------
172.16.1.1      TOLTEC         *[METRAN] [Unix] [Samba 2.2.6]
172.16.1.3      MIXTEC         +[METRAN] [Unix] [Samba 2.2.6]
172.16.1.4      ZAPOTEC         [METRAN] [Windows 5.0] [Windows 2000 LAN Manager]
172.16.1.5      HUASTEC         [       METRAN        ]
172.16.1.6      MAYA            [       METRAN        ]
172.16.1.7      OLMEC           [METRAN] [Windows 5.1] [Windows 2000 LAN Manager]
172.16.1.10     UTE             [       METRAN        ]
172.16.1.13     DINE            [METRAN] [Windows NT 4.0] [NT LAN Manager 4.0]

The system with an asterisk (*) in front of its workgroup name is the domain master browser for the workgroup/domain, and the system with a plus sign (+) preceding its workgroup name is the local master browser.

The findsmb command was introduced during the development of Samba 2.2 and is installed by default in Samba Versions 2.2.5 and later.

make_smbcodepage

This program is part of the internationalization features of Samba 2.2 and is obsolete in Samba 3.0, which supports Unicode automatically. The make_smbcodepage program compiles a binary codepage file from a text-format codepage definition. It can also perform the reverse operation, decompiling a binary codepage file into a text version. Examples of text-format codepage files can be found in the Samba distribution in the source/codepages directory. After Samba has been installed, examples of binary codepages can be found in the directory /usr/local/samba/lib/codepages.

Command synopsis

make_smbcodepage c|d codepage_number input_file output_file

For the first argument, use c to compile a codepage and d to decompile a codepage file. The codepage_number argument is the number of the codepage being processed (e.g., 850). The input_file and output_file are the text- and binary-format codepages, with the types dependent on the operation (compiling or decompiling) that is being performed.

make_unicodemap

This program is part of the internationalization features of Samba 2.2 and is obsolete in Samba 3.0, which supports Unicode automatically. The make_unicodemap command compiles binary Unicode maps from text files, so Samba can display non-ASCII characters in file and directory names via the Unicode international alphabets. Examples of input mapping files can be found in the directory source/codepages in the Samba source distribution.

Command synopsis

make_unicodemap codepage_number inputfile outputfile

The input file is an ASCII map; the output file is a binary file loadable by Samba. The codepage is the number of the DOS codepage (e.g., 850) for the map.

net

The net command, new to Samba 3.0, is a program with a syntax similar to the MS-DOS/Windows command of the same name. It is used for performing various administrative functions related to Windows networking, which can be executed either locally or on a remote system.

Command synopsis

net [method] function [misc_options] [target_options]

The function argument is made up of one or more space-separated words. In Windows terminology, it is sometimes referred to as a function with options. Here we list every function in its complete form, including multiple words.

By default, the action is performed on the local system. The target_options argument can be used to specify a remote system (either by hostname or IP address), a domain, or a workgroup.

Depending on the function, the method argument can be optional, required, or disallowed. It specifies one of three methods for performing the operation specified by the rest of the command. It can be ads (Active Directory), rpc (Microsoft's DCE/RPC), or rap (Microsoft's original SMB remote procedure call). To determine which methods (if any) can be used with a function, the net help ads, net help rap, and net help rpc commands can be used to list the functions for each method.

Miscellaneous options

-d level
--debug=level

Sets the debug (sometimes called logging) level. The level can range from 0 to 10.

-l
--long

Specifies the long listing mode. This is provided for functions that print informational listings.

-n name
--myname=name

Specifies the NetBIOS name for the client.

-p port
--port=port

Specifies the port number to use.

-s filename
--conf=filename

Specifies the name of the Samba configuration file, overriding the compiled-in default.

-U username[%password]
--user=username[%password]

Specifies the username and, optionally, the password to use for functions that require authentication.

-W name
--myworkgroup=name

Specifies the name of the client's workgroup, overriding the definition of the workgroup parameter in the Samba configuration file.

Target options

-S hostname

Specifies the remote system using a hostname or NetBIOS name.

-I ip_address

Specifies the remote system using its IP address.

-w workgroup

Specifies the name of the target domain or workgroup.

Functions

abortshutdown

See the rpc abortshutdown function.

ads info

Prints information about the Active Directory server. The method (ads) must be specified to differentiate this function from the rpc info function.

ads join OU

Joins the local system to the Active Directory realm (organizational unit) specified by OU. The method (ads) must be specified to differentiate this function from the rpc join function.

ads leave

Removes the local system from the Active Directory realm.

ads password username@REALM -Uadmin_username@REALM%admin_password

Changes the Active Directory password for the user specified by username@REALM. The administrative account authentication information is specified with the -U option. The Active Directory realm must be supplied in all uppercase.

ads printer info [printer] [server]

Prints information on the specified printer on the specified server. The printer argument defaults to an asterisk (*), meaning all printers, and the server argument defaults to localhost.

ads printer publish printer_name

Publishes the specified printer in Active Directory.

ads printer remove printer_name

Removes the specified printer from Active Directory.

ads search expr attrib

Performs a raw Active Directory search, using the standard LDAP search expression and attributes specified by the expr and attrib arguments, respectively.

ads status

Prints details about the Active Directory computer account of the system.

change localhost pass

Changes the Active Directory password for the local system's computer trust account.

domain

Lists the domains or workgroups on the network.

file

Lists open files on the server.

file close file_id

Closes the specified file.

file info file_id

Prints information about the specified file, which must be open.

file user username

Lists all files opened on the server by the user specified by username.

group add group_name

Adds the specified group. This function accepts the miscellaneous option -C comment (which can also be specified as - -comment=string) to set the descriptive comment for the group.

group delete group_name

Deletes the specified group.

groupmember add group_name username

Adds the user specified by username to the group specified by group_name.

groupmember delete group_name username

Deletes the user specified by username from the group specified by group_name.

groupmember list group_name

Lists the users who are members of the specified group.

help

Prints a help message for the net command.

help method

Prints a help message for method, which can be ads, rap, or rpc. This lists the functions that can use the method, along with a brief description.

help function

Prints a help message for the specified function, which can be more than one word.

info

Must be preceded by a method. See the ads info and rpc info functions.

join

Joins the computer to a Windows NT domain or Active Directory realm. If the method argument is not specified, a check is made to determine if Active Directory is in use, and if so, ads join is performed. Otherwise, rpc join is run. See also the ads join and rpc join functions.

leave

Must be preceded by a method. See the ads leave function.

lookup dc [domain]

Prints the IP address of the specified domain's domain controllers. The domain defaults to the value of the workgroup parameter in the Samba configuration file.

lookup host hostname [type]

Prints the IP address of the specified host.

lookup kdc [realm]

Prints the IP address of the specified realm's Kerberos domain controller. If realm is not specified, it defaults to the value of the realm parameter in the Samba configuration file.

lookup ldap [domain]

Prints the IP address of the specified domain's LDAP server. If domain is not specified, it defaults to the value of the workgroup parameter in the Samba configuration file.

lookup master [domain]

Prints the IP address of the master browser of the specified domain or workgroup. If domain is not specified, it defaults to the value of the workgroup parameter in the Samba configuration file.

password username old_password new_password

Changes the password for the user specified by the username argument. The user's old and new passwords are provided in plain text as part of the command. Be careful regarding security issues. See also the ads password function.

printer info

See the ads printer info function.

printer publish

See the ads printer publish function.

printer remove

See the ads printer remove function.

printq

Prints information (including the job IDs) about printer queues on the server.

printq delete queue_name

Deletes the specified printer queue. The -j job_id (which can also be specified as --jobid=job_id ) option may be used to specify the job ID of the queue.

rpc abortshutdown

Aborts the shutdown of a remote server.

rpc info

Prints information about the server's domain. The method (rpc) must be specified to differentiate this function from the ads info function.

rpc join

Joins a computer to a Windows NT domain. If the -U username%password option is included, the specified username and password will be used as the administrative account required for authenticating with the PDC. If the -U option is not included, this function can be used only to join the computer to the domain after the computer account has been created using the Server Manager. The method (rpc) must be specified to differentiate this function from the ads join function.

rpc shutdown

Shuts down a server. This function accepts the -r, -f, -t, and -c miscellaneous options. The -r option (which can also be specified as --reboot) requests that the system reboot after shutting down. The -f option (which can also be specified as --force) forces a shutdown. The -t timeout option (which can also be specified as - -timeout=number) specifies the number of seconds to wait before shutting down, and the -c comment option (which can also be specified as - -comment=string) can be used to specify a message to the client user. On Windows, the comment appears in the Message area in the System Shutdown dialog box.

rpc trustdom add domain_name

Adds an account for the trust relationship with the specified Windows NT domain.

rpc trustdom establish domain_name

Establishes a trust relationship with the specified Windows NT domain.

rpc trustdom revoke domain_name

Revokes the trust relationship with the specified Windows NT domain.

search

See the ads search function.

server

Lists servers in the domain or workgroup, which defaults to the value of the workgroup parameter in the Samba configuration file.

session

Lists clients with open sessions to the server.

session delete NetBIOS_name

Closes the session to the server from the specified client. A synonym is session close.

session close

A synonym for session delete.

share

Lists the shares offered by the server. When a Windows 95/98/Me server is the target system, it might be necessary to specify the method as rap for this to work properly.

share add share_name=server_path

Adds a share on the target server. The name of the share and the folder to be shared are specified by the share_name=server_path argument, with server_path the Windows directory name, with spaces and other special characters (if any) quoted and with the backslashes escaped (e.g., "data=C:\\Documents and Settings\\jay\\Desktop\\data"). The -C comment option (which can also be specified as - -comment=string) can be used to define a description for the share. The -M number option (which can also be specified as --maxusers=number) can be used to set the maximum number of users that can connect to the share. The method (rap or rpc) might need to be specified for this function to work. The regular folder icon cannot change into a "shared folder" icon in Windows Explorer until the display is refreshed.

share delete share_name

Deletes a share from the target server. The share_name argument is simply the name of the share on the target server, not a UNC. The method (rap or rpc) might need to be specified for this function to work. The "shared folder" icon in Windows Explorer cannot change back to the regular folder icon until the display is refreshed.

shutdown

See the rpc shutdown function.

status

See the ads status function.

time

Displays the system time—in Unix date command format—on the target system.

time set

Sets the local system's hardware clock using the time obtained from the operating system.

time system

Sets the time on the local system using the time obtained from the remote system.

time zone

Prints the time zone (in hours from GMT) in use on the system.

trustdom add

See the rpc trustdom add function.

trustdom establish

See the rpc trustdom establish function.

trustdom revoke

See the rpc trustdom revoke function.

user

Lists user accounts. The method can be specified as ads, rap, or rpc.

user add username [password]

Adds a user account for the user specified by username. The -c comment option (which can also be specified as - -comment=string) can be used to set a comment for the account. The -F user_flags option can be used to set flags (specified in numeric format) for the account. The method can be specified as ads, rap, or rpc.

user delete username

Deletes the specified user's account. The method can be specified as ads, rap, or rpc.

user info username

Lists the domain groups to which the specified user belongs. The method can be specified as ads, rap, or rpc.

nmblookup

The nmblookup program is a client program that allows command-line access to NetBIOS name service for resolving NetBIOS computer names into IP addresses. The program works by broadcasting its queries on the local subnet until a machine with the specified name responds. You can think of it as a Windows analog of nslookup or dig. This is useful for looking up regular computer names, as well as special-purpose names, such as _ _MSBROWSE_ _ . If you wish to query for a particular type of NetBIOS name, add the NetBIOS type to the end of the name, using the format netbios_name#<dd>.

Command synopsis

nmblookup [options] netbios_name

Options

-A

Interprets netbios_name as an IP address and does a node status query on it.

-B broadcast_address

Sends the query to the given broadcast address. The default is to send the query to the broadcast address of the primary network interface.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Debug level 0 logs only the most important messages. Level 1 is normal; levels 3 and above are primarily used by developers for debugging the nmblookup program itself and slow the program considerably.

-f

Prints the flags in the packet headers.

-h

Prints command-line usage information for the program.

-i scope

Sets a NetBIOS scope identifier. NetBIOS scope is a rarely used precursor to workgroups.

-M

Searches for a local master browser by looking up netbios_name<1d>. If netbios_name is specified as a dash (-), a lookup is done on the special name _ _MSBROWSE_ _ .

-R

Sets the "recursion desired" bit in the packet. This causes the system that responds to try a WINS lookup and return the address and any other information the WINS server has saved.

-r

Uses the root port of 137. This option exists as a bug workaround for Windows 95. This option might require the user to be superuser.

-S

Performs a node status query once the name query has returned an IP address. This returns all the resource types that the system knows about, including their numeric attributes. For example:

$ nmblookup -S toltec
querying toltec on 172.16.1.255
172.16.1.1 toltec<00>
Looking up status of 172.16.1.1
    TOLTEC          <00> -         M <ACTIVE>
    TOLTEC          <03> -         M <ACTIVE>
    TOLTEC          <20> -         M <ACTIVE>
    ..__MSBROWSE__. <01> - <GROUP> M <ACTIVE>
    METRAN          <00> - <GROUP> M <ACTIVE>
    METRAN          <1b> -         M <ACTIVE>
    METRAN          <1c> - <GROUP> M <ACTIVE>
    METRAN          <1d> -         M <ACTIVE>
    METRAN          <1e> - <GROUP> M <ACTIVE>
-s configuration_ file

Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it here on the command line. Normally used for debugging.

-T

Translates IP addresses into resolved names.

-U unicast_address

Performs a unicast query to the specified address. Used with -R to query WINS servers.

Note that nmblookup has no option for setting the workgroup. You can get around this by putting workgroup = workgroup_name in a file and passing it to nmblookup with the -s option.

pdbedit

This program, new to Samba 3.0, can be used to manage accounts that are held in a SAM database. The implementation of the database can be any of the types supported by Samba, including the smbpasswd file, LDAP, NIS+ and the tdb database library. The user must be the superuser to use this tool.

Command synopsis

pdbedit [options]

Options

-a

Adds the user specified by the -u option to the SAM database. The command issues a prompt for the user's password.

-d drive_letter

Sets the Windows drive letter to which to map the user's home directory. The drive letter should be specified as a letter followed by a colon—e.g., H:.

-D debug_level

Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Debug level 0 logs only the most important messages. Level 1 is normal, and levels 3 and above are primarily for debugging.

-e pwdb_backend

Exports the user account database to another format, written to the specified location. Used for migrating from one type of account database to another. The pwdb_backend argument is specified in the format of a database type, followed by a colon, then the location of the database. For example, to export the existing account database to an smbpasswd database in the file /usr/local/samba/private/smbpw, pwdb_backend would be specified as smbpasswd:/usr/local/samba/private/smbpw. The allowable database types are smbpasswd, smbpasswd nua, tdbsam, tdbsam nua, ldapsam, ldapsam_nua, and plugin.

-f full_name

Sets the full name of the user specified with the -u option.

-h unc

Sets the home directory path (as a UNC) for the user specified with the -u option.

-i pwdb_backend

Specifies a password database backend from which to retrieve account information, overriding the one specified by the passdb backend parameter in the Samba configuration file. This, along with the -e option, is useful for migrating user accounts from one type of account database to another. See the -e option regarding how to specify the pwdb_backend argument.

-l

Lists the user accounts in the database. See also the -v option.

-m

Indicates that the account is a computer account rather than a user account. Used only with the -a option when creating the account. In this case, the -u option specifies the computer name rather than a username.

-p unc

Sets the directory in which the user's profile is kept. The directory is specified as a UNC.

-s unc

Specifies the UNC of the user's logon script.

-u username

Specifies the username of the account to add (with the -a option), delete (with the -x option), or modify.

-v

Selects verbose mode when listing accounts with the -l option. The account fields will be printed.

-w

Selects the smbpasswd listing mode, for use with the -l option, which prints information in the same format as it would appear in an smbpasswd file.

-x

Deletes the user (specified with the -u option) from the account database.

rpcclient

This is a program for issuing administrative commands that are implemented using Microsoft RPCs. It provides access to the RPCs that Windows administrative GUIs use for system management. The rpcclient command is mainly for use by advanced users who understand the RPCs. More information on these can be found in Microsoft's Platform Software Development Kit (SDK), available for download from the Microsoft web site at http://www.microsoft.com.

You can run a single rpcclient command by using the -c command string option, or interactively with rpcclient prompting for commands.

Command Synopsis

rpcclient server [options]

Options

-A filename

Specifies a file from which to read the authentication values used in the connection. The format of the file is as follows:

username = value
password = value
domain   = value

This option is used to avoid password prompts or to have the password appear in plain text inside scripts. The permissions on the file should be very restrictive (0600, for example) to prevent access from unwanted users.

-c command_string

Executes a sequence of semicolon-separated commands. Commands are listed in the following section.

-d debuglevel

Sets the debug (sometimes called logging) level. The level can range from 0 to 10. Specifying the value on the command line overrides the value specified in the smb.conf file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow the program considerably.

-h

Prints a summary of options.

-l logbasename

Sets the filename for log/debug files. The extension .client is appended to the filename.

-N

Does not prompt for a password. This is used when Samba is configured for share-mode security and a service with no password is being accessed.

-s filename

Specifies the location of the Samba configuration file, which by default is usually /usr/local/samba/lib/smb.conf.

-U username[%password]

Sets the SMB username or username and password to use. Be careful when specifying the password with %password; this is a major security risk. If %password is not specified, the user will be prompted for the password, which will not be echoed. Normally the user is set from the USER or LOGNAME environment variable. The -U option by itself means to use the guest account. See also -A.

-W domain

Sets the domain, overriding the workgroup parameter in the Samba configuration file. If the domain is the server's NetBIOS name, it causes the client to log on using the server's local SAM database rather than the SAM of the domain.

rpcclient commands

Aside from a few miscellaneous commands, the rpclient commands fall into three groups: LSARPC, SAMR, and SPOOLSS. The function names mentioned in some of the commands are those documented in the Microsoft Platform SDK.

General commands

debuglevel level

Sets the debugging level to level. With no argument, the current debugging level is printed.

help

Prints help on the commands.

quit

Exits rpcclient. A synonym is exit.

Local Security Authority Remote Procedure Calls (LSARPC) commands

enumprivs

Lists the types of privileges known to this domain.

enumtrust

Lists the domains trusted by this domain.

getdispname priv_name

Prints information on the privilege named priv_name.

lookupsids name

Finds a name that corresponds to a security identifier (SID).

lookupnames sid

Finds the SID for one or more names.

lsaquery

Queries the LSA object.

lsaenumsid

Lists SIDs for the local LSA.

lsaquerysecobj

Prints information on security objects for the LSA.

Security Access Manager RPC (SAMR) commands

createdomuser username

Adds a new user in the domain.

deletedomuser username

Removes a user from the domain.

enumalsgroups type

Lists alias groups in the domain, along with their group RIDs. The type argument can be either builtin, to list Windows built-in groups such as Administrators and Power Users, or domain, to list groups in the domain. See also the queryuseraliases command.

enumdomgroups

Lists the groups in the do