This section lists the command-line options and subcommands provided by each of the executables in the Samba distribution.
nmblookup is a client program that exercises
the NetBIOS-over-UDP/IP name service for resolving NBT machine names
into IP addresses. The program works by broadcasting its queries on
the local subnet until a machine with the specified name responds.
You can think of it as a Windows nslookup(1) or
dig(1). This is useful for
looking up normal NetBIOS names as well as the odd ones, like
_ _MSBROWSE_ _
, that the Windows name services
use to provide directory-like services. If you wish to query for a
particular type of NetBIOS name, add the NetBIOS
<type>
to the end of the name.
The command line is:
nmblookup [options
]name
The options supported are:
-A
Interprets name
as an IP address and does
a node-status query on this address.
-B
broadcast_address
Sends the query to the given broadcast address. The default is to send the query to the broadcast address of the primary network interface.
-d
debug_level
Sets the debug (sometimes called logging) level. The level can range from to 10. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow the program considerably.
-h
Prints command-line usage information for the program.
-i
scope
Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.
-M
Searches for a local master browser. This is done through a broadcast
searching for a machine that will respond to the special name
_ _MSBROWSE_ _
, and then asking that machine for
information, instead of broadcasting the query itself.
-R
Sets the recursion desired bit in the packet. This will cause the machine that responds to try doing a WINS lookup and to return the address and any other information the WINS server has saved.
-r
Uses the root port of 137 for Windows 95 machines.
-S
Performs a node-status query once the name query has returned an IP address. This returns all the resource types that the machine knows about, with their numeric attributes. For example:
% nmblookup -d 4 -S elsbeth
received 6 names
ELSBETH <00> - <GROUP> B <ACTIVE>
ELSBETH <03> - B <ACTIVE>
ELSBETH <1d> - B <ACTIVE>
ELSBETH <1e> - <GROUP> B <ACTIVE>
ELSBETH <20> - B <ACTIVE>
.._ _MSBROWSE_ _.. <01> - <GROUP> B <ACTIVE>
-s
configuration_ file
Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it here on the command line. Normally used for debugging.
-T
Translates IP addresses into resolved names.
-U
unicast_address
Performs a unicast query to the specified address. Used with
-R
to query WINS servers.
Note that there is no workgroup option for nmblookup
; you can get around this by putting
workgroup
=
workgroup_name
in a file and passing it to
nmblookup with the -s
configuration_ file
option.
This is a new client that exercises the remote procedure call (RPC) interfaces of an SMB server. Like smbclient, rpcclient started its life as a test program for Samba developers and will likely stay that way for a while. Its command line is:
rpcclient //server
/share
The command-line options are the same as those for the Samba 2.0 smbclient, and the operations you can try are listed in Table 1-3.
Command |
Description |
lookupsids |
Resolve names from SIDs |
lsaquery |
Query info policy (domain member or server) |
ntlogin
|
Test NT domain login |
ntpass |
Change NT SAM password |
regcreatekey |
Create registry key |
regcreateval |
Create registry value |
regdeletekey |
Delete registry key |
regdeleteval |
Delete registry value |
regenum |
Enumerate registry (keys, values) |
reggetsec |
Check registry key security |
regquerykey |
Query registry key |
regtestsec |
Test registry key security |
srvconnections |
List connections on a server |
srvfiles |
List files on a server |
srvinfo |
Query server info |
srvsessions |
List sessions on a server |
srvshares |
List shares on a server |
wksinfo |
Query workstation info |
The smbclient program is the maid-of-all-work of the Samba suite. Initially intended as a testing tool, it has become a full command-line Unix client, with an FTP-like interactive client. Some of its options are still used for testing and tuning, and it is a simple tool for ensuring that Samba is running on a server.
It’s convenient to look at smbclient as a suite of programs:
An FTP-like interactive file transfer program
An interactive printing program
An interactive tar program
A command-line message program
A command-line tar program (but see smbtar later)
A “What services do you have?” query program
A command-line debugging program
The smbclient program has the usual set of smbd-like options, which apply to all the interactive and command-line use. The command-line syntax is:
smbclient //server_name
/share_name
[password
] [options
]
The command-line options are:
-d
debug_level
Sets the debug (logging) level, from to 10, with A for all. Overrides the value in smb.conf. Debug level logs only the most important messages; level 1 is normal; and debug levels 3 and above are for debugging and slow smbclient considerably.
-h
Prints the command-line help information (usage) for smbclient.
-n
NetBIOS_name
Allows you to override the NetBIOS name by which the program will advertise itself. |
Running smbclient
//
server_name
/
share
will cause the program to prompt you for a username and password. If
the login is successful, it will connect to the share and give you a
prompt much like an FTP prompt (the backslash in the prompt will be
replaced by the current directory within the share as you move around
the filesystem):
smb:>
From this command line, you can use several FTP-like commands, as listed in Table 1-4.
Command |
Description |
? |
Provides a list of commands or help on a specified command. |
help [ |
Provides a list of commands or help on a specified command. |
! [ |
If a command is specified, runs it in a local shell. If not, places it into a local shell on the client. |
dir [ |
Displays any files matching |
ls [ |
Displays any files matching |
cd [ |
If |
lcd [ |
If |
get
|
Copies the file |
put |
Copies |
mget |
Gets all files matching |
mput |
Places all local files matching |
prompt |
Toggles interactive prompting on and off for mget and mput. |
lowercase ON (or OFF ) |
If lowercase is ON, smbclient converts filenames to lowercase during an mget or get (but not an mput or put). |
del |
Deletes a file on the remote machine. |
md |
Creates a directory on the remote machine. |
mkdir |
Creates a directory on the remote machine. |
rd |
Removes the specified directory on the remote machine. |
rmdir |
Removes the specified directory on the remote machine. |
setmode |
Sets DOS filesystem attribute bits, using Unix-like modes. r is read-only, s is system, h is hidden, and a is archive. |
exit |
Exits smbclient. |
quit |
Exits smbclient. |
There are also mask and recursive commands for large copies; see the
smbclient man page for details on how to use
these. With the exception of mask, recursive, and the lack of an
ASCII transfer mode, smbclient works exactly the
same as FTP. Note that because it does binary transfers, Windows
files copied to Unix will have lines ending in carriage-return and
linefeed (
), not Unix’s linefeed
(
).
The smbclient program can also be used for access to a printer by connecting to a print share. Once connected, the commands shown in Table 1-5 can be used to print.
Command |
Description |
print |
Prints the file by copying it from the local machine to the remote one and then submitting it as a print job there. |
printmode |
Instructs the server that the following files will be plain text (ASCII) or the binary graphics format that the printer requires. It’s up to the user to ensure that the file is indeed the right kind. |
queue |
Displays the queue for the print share you’re connected to, showing job ID, name, size, and status. |
Finally, to print from the smbclient, use the
-c
option:
catprintfile
| smbclient //server
/printer_name
-c "print -"
smbclient can tar up files from a file share. This is normally done from the command line using the smbtar command, but the commands shown in Table 1-6 are also available interactively.
Command |
Description |
tar c|x[IXbgNa] |
Performs a creation or extraction tar similar to the command-line program. |
blocksize |
Sets the block size to be used by tar, in 512-byte blocks. |
tarmode full|inc|reset|noreset |
Makes tar pay attention to the DOS archive bit for all following commands. In full mode (the default), tar will back up everything. In inc (incremental) mode, tar will back up only those files with the archive bit set. In reset mode, tar will reset the archive bit on all files it backs up (this requires the share to be writable). In noreset mode, the archive bit will not be reset even after the file has been backed up. |
-M
NetBIOS_machine_name
Allows you to send immediate messages to another computer using the WinPopup protocol. Once a connection is established, you can type your message, pressing Ctrl-D to end. If WinPopup is not running on the receiving machine, the program returns an error.
-U
user
Allows you to control the FROM part of the message indirectly.
The -c
(command), -D
(starting
directory), and -T
(tar)
options are used together to tar up files
interactively. This is better done with smbtar,
which we will discuss shortly. We don’t recommend using
smbclient directly as a tar
program. Here is a list of the options and their properties:
-c
command_string
Passes a command string to the smbclient command
interpreter, which treats it as a semicolon-separated list of
commands to be executed. This is handy for entering things such as
tarmode
inc
, which forces
smbclient
-T
to back up only
files with the archive bit set.
-D
initial_directory
Changes to initial directory before starting.
-T
command filename
Runs the tar driver, which is gtar compatible. The two main commands are c (create) and x (extract), which may be followed by any of these:
a
Resets archive bits once files are saved.
b
size
Sets the block size in 512-byte units.
g
Backs up only files with the archive bit set.
I
file
Includes files and directories (this is the default). Does not do pattern-matching.
N
filename
Backs up only those files newer than
filename
.
q
Suppresses diagnostics.
X
file
Excludes files.
If smbclient is run as:
smbclient -L server_name
it will list the shares and other services the indicated machine provides. This is handy if you don’t have smbwrappers. It can also be helpful as a testing program in its own right.
You can use any of the various modes of operation of smbclient with the debugging and testing command-line options:
-B
IP_addr
Sets the broadcast address.
-d
debug_level
Sets the debug (sometimes called logging) level. The level can range from to 10. In addition, you can specify A for all debugging options. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow operations considerably.
-E
Sends all messages to stderr instead of stdout.
-I
IP_address
Sets the IP address of the server to which the client connects.
-i
scope
Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.
-l
log_ file
Sends the log messages to the specified file.
-N
Suppresses the password prompt. Unless a password is specified on the command line or this parameter is specified, the client will prompt for a password.
-n
NetBIOS_name
Allows you to override the NetBIOS name by which the daemon will advertise itself.
-O
socket_options
Sets the TCP/IP socket options using the same parameters as the
socket
options
configuration
option. Often used for performance tuning and testing.
-p
port_number
Sets the port number from which the client will accept requests.
-R
resolve_order
Sets the resolve order of the nameservers. This option is similar to
the resolve
order
configuration
option, and can take any of the four parameters, lmhosts, host, wins,
and bcast, in any order.
-s
configuration_ file
Specifies the location of the Samba configuration file. Used for debugging.
-t
terminal_code
Sets the terminal code for Asian languages.
-U
username
Sets the username and, optionally, the password (e.g.,
-U
fred%secret
).
-W
workgroup
Specifies the workgroup as which you would like the client to connect.
If you want to test a particular name service, run
smbclient with -R
and specify
the name service. This will force smbclient to
use only the service you indicated.
The smbpasswd program has two distinct sets of functions, depending on who runs it. When run by ordinary users, it changes their encrypted passwords. If an ordinary user runs it with no options, smbpasswd connects to the primary domain controller (PDC) and changes that user’s Windows password. When run by root, smbpasswd updates the encrypted password file.
The program will fail if smbd is not operating,
if the hosts
allow
or
hosts
deny
configuration
options will not permit connections from localhost (IP address
127.0.0.1), or if the encrypted
passwords
option is set to NO.
Here is a list of regular user options:
-D
debug_level
Sets the debug (also called logging) level. The level can range from to 10. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow the program considerably.
-h
Prints command-line usage information for the program.
-R
resolve_order
Sets the resolve order of the nameservers. This option is similar to
the resolve
order
configuration
option, and can take any of the four parameters, lmhosts, host, wins,
and bcast, in any order.
-r
remote_machine_name
Specifies on which machine the password should change. The remote machine must be a PDC.
-U
username
Modifies a username that is spelled differently on the remote
machine. Used only with -r
.
Here is a list of root-only options:
-a
username
Adds a user to the encrypted password file.
-d
username
Disables a user in the encrypted password file.
-e
username
Enables a disabled user in the encrypted password file.
-j
domain_name
Adds a Samba server to a Windows NT domain.
-m
machine_name
Changes a machine account’s password. The machine accounts are used to authenticate machines when they connect to primary or backup domain controllers.
-n
Sets no password for the user.
-s
username
Causes smbpasswd to be silent and to read its old and new passwords from standard input rather than from /dev/tty. This is useful for writing scripts.
The smbsh program lets you use a remote Windows
share on your Samba server as if the share were a regular Unix
directory. When you run smbsh, it provides an
extra directory tree under /smb. Subdirectories
of /smb are servers, and subdirectories of the
servers are their individual disk and printer shares. Commands run by
smbsh treat the /smb
filesystem as if it were local to Unix. This means that you
don’t need smbmount in your kernel to
mount Windows filesystems, as you do with NFS filesystems. However,
you do need to configure Samba with the
--with-smbwrappers
option to enable
smbsh.
-d
debug_level
Sets the debug (sometimes called logging) level. The level can range from 0, the default, to 10. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow smbsh considerably.
-l
logfile
Sets the name of the logfile to use.
-P
prefix
Sets the root directory on which to mount the SMB filesystem. The default is /smb.
-R
resolve order
Sets the resolve order of the nameservers. This option is similar to
the resolve
order
configuration
option, and can take any of the four parameters, lmhosts, host, wins,
and bcast, in any order.
-U
user
Supports user%password
.
-W
workgroup
Sets the NetBIOS workgroup to which the client will connect.
The smbstatus program lists the current connections on a Samba server. There are three separate sections. The first section lists various shares that are in use by specific users. The second section lists the locked files that Samba currently has on all of its shares. The third section lists the amount of memory usage for each of the shares.
In the following example, lines are wrapped to fit the printed page:
# smbstatus
Samba Version 2.0.3
Service uid gid pid machine
----------------------------------------------
network davecb davecb 7470 phoenix (192.168.220.101) Sun May 16
network davecb davecb 7589 chimaera (192.168.220.102) Sun May 16
Locked files:
Pid DenyMode R/W Oplock Name
--------------------------------------------------
7589 DENY_NONE RDONLY EXCLUSIVE+BATCH /home/
samba/quicken/inet/common/system/help.bmp Sun May 16
21:23:40 1999
7470 DENY_WRITE RDONLY NONE /home/
samba/word/office/findfast.exe Sun May 16 20:51:08
1999
7589 DENY_WRITE RDONLY EXCLUSIVE+BATCH /home/
samba/quicken/lfbmp70n.dll Sun May 16 21:23:39 1999
7589 DENY_WRITE RDWR EXCLUSIVE+BATCH /home/
samba/quicken/inet/qdata/runtime.dat Sun May 16
21:23:41 1999
7470 DENY_WRITE RDONLY EXCLUSIVE+BATCH /home/
samba/word/office/osa.exe Sun May 16 20:51:09 1999
7589 DENY_WRITE RDONLY NONE /home/
samba/quicken/qversion.dll Sun May 16 21:20:33 1999
7470 DENY_WRITE RDONLY NONE /home/
samba/quicken/qversion.dll Sun May 16 20:51:11 1999
Share mode memory usage (bytes):
1043432(99%) free + 4312(0%) used + 832(0%) overhead
= 1048576(100%) total
smbstatus can take the following options:
-b
Forces smbstatus to produce brief output. This includes the version of Samba and auditing information about the users that have logged into the server.
-d
Gives verbose output, including each of the three reporting sections listed in the previous example. This is the default.
-L
Forces smbstatus to print only its current file locks. This corresponds to the second section in a verbose output.
-p
Prints only a list of smbd process IDs. This is often used for scripts.
-S
Prints only a list of shares and their connections. This corresponds to the first section in a verbose output.
-s
configuration_ file
Sets the Samba configuration file to use when processing this command.
-u
username
Limits the smbstatus report to the activity of a single user.
The smbtar program is a shell script on top of smbclient that gives the program more intelligible options when doing tar operations. Functionally, it is equivalent to the Unix tar program.
smbtar can take the following options:
-a
Resets the archive bit mode.
-b
blocksize
Sets block size. Defaults to 20.
-d
directory
Changes to the initial directory before restoring or backing up files.
-i
Specifies incremental mode; tar files are backed up only if they have the DOS archive bit set. The archive bit is reset after each file is read.
-l
log_level
Sets the logging level.
-N
filename
Backs up only the files newer than the last modification date of
filename
. For incremental backups.
-p
password
Specifies the password to use to access a share.
-r
Restores files to the share from the tar file.
-s
server
Specifies the SMB/CIFS server in which the share resides.
-t
tape
Specifies the tape device or file. The default is the value of the
environment variable $TAPE
, or
tar.out if $TAPE
isn’t
set.
-u
user
Specifies the user as which to connect to the share. You can specify
the password as well, in the format
username
%
password
.
-v
Specifies the use of verbose mode.
-X
file
Tells smbtar to exclude the specified file from the tar create or restore.
-x
share
States the share name on the server to which to connect. The default
is backup
, which is a common share name with which
to perform backups.
For example, a trivial backup command to archive the data for user
sue
is:
smbtar -s pc_name -x sue -u sue -p secret -t sue.tar
The tcpdump
utility, a classic system
administration tool, dumps all the packet headers it sees on an
interface that matches an expression. The version included in the
Samba distribution is enhanced to understand the SMB protocol. The
expression is a logical expression with
“and,” “or,” and “not,” although
sometimes it’s very simple. For example,
host
escrime
would select every
packet going to or from escrime
. The expression is
normally one or more of:
host
name
ne
t network_number
port
number
src
name
dst
name
The most common options are src
(source),
dst
(destination), and port
.
For example, look at the following command:
tcpdump port not telnet
This command dumps all the packets except telnet. In this command, you are logged in via telnet and want to see only the SMB packets.
Another tcpdump example selects traffic between
server
and either sue
or
joe
:
tcpdump host server and ( sue or joe )
We recommend using the -s
1500
option so as to capture all of the SMB messages sent, instead of just
the header information.
You can use many options, and many other kinds of expressions, with tcpdump. See Samba’s man page for details on the advanced options. The most common options are as follows:
-c
count
Forces the program to exit after receiving the specified number of packets
-F
file
Reads the expression from the specified file and ignores expressions on the command line
-i
interface
Forces the program to listen on the specified interface
-r
file
Reads packets from the specified file (captured with
-w
)
-s
length
Saves the specified number of bytes of data from each packet (rather than 68 bytes)
-w
file
The testparm program checks an smb.conf file for obvious errors and self-consistency. Its command line is:
testparm [options
]configfile_name
[hostname IP_addr
]
If the configuration file is not specified, the file at <samba_dir>/lib/smb.conf is checked by default. If you specify a hostname and an IP address, an extra check will be made to ensure that the specified machine would be allowed to connect to Samba. If a hostname is specified, an IP address should be present as well.
testparm can take the following options:
-h
Prints command-line information for the program.
-L
server_name
Resets the %L
configuration variable to the
specified server name.
-s
Prevents the testparm program from prompting the user to press the Enter key before printing a list of the configuration options for the server.
The testprns program checks a specified printer name against the system printer capabilities (printcap) file. Its command line is:
testprnsprintername
[printcapname
]
If printcapname
isn’t specified,
Samba attempts to use one located in the
smb.conf file. If one isn’t specified
there, Samba will try /etc/printcap. If that
fails, the program will report an error.