Samba Distribution Programs

This section lists the command-line options and subcommands provided by each of the executables in the Samba distribution.

nmblookup

nmblookup is a client program that exercises the NetBIOS-over-UDP/IP name service for resolving NBT machine names into IP addresses. The program works by broadcasting its queries on the local subnet until a machine with the specified name responds. You can think of it as a Windows nslookup(1) or dig(1). This is useful for looking up normal NetBIOS names as well as the odd ones, like _ _MSBROWSE_ _, that the Windows name services use to provide directory-like services. If you wish to query for a particular type of NetBIOS name, add the NetBIOS <type> to the end of the name.

The command line is:

nmblookup [options] name

The options supported are:

-A

Interprets name as an IP address and does a node-status query on this address.

-B broadcast_address

Sends the query to the given broadcast address. The default is to send the query to the broadcast address of the primary network interface.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from to 10. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow the program considerably.

-h

Prints command-line usage information for the program.

-i scope

Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.

-M

Searches for a local master browser. This is done through a broadcast searching for a machine that will respond to the special name _ _MSBROWSE_ _, and then asking that machine for information, instead of broadcasting the query itself.

-R

Sets the recursion desired bit in the packet. This will cause the machine that responds to try doing a WINS lookup and to return the address and any other information the WINS server has saved.

-r

Uses the root port of 137 for Windows 95 machines.

-S

Performs a node-status query once the name query has returned an IP address. This returns all the resource types that the machine knows about, with their numeric attributes. For example: 

% nmblookup -d 4 -S elsbeth
received 6 names
      ELSBETH                <00> - <GROUP> B <ACTIVE>
      ELSBETH                <03> -         B <ACTIVE>
      ELSBETH                <1d> -         B <ACTIVE>
      ELSBETH                <1e> - <GROUP> B <ACTIVE>
      ELSBETH                <20> -         B <ACTIVE>
      .._ _MSBROWSE_   _..     <01> - <GROUP> B <ACTIVE>
-s configuration_ file

Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it here on the command line. Normally used for debugging.

-T

Translates IP addresses into resolved names.

-U unicast_address

Performs a unicast query to the specified address. Used with -R to query WINS servers.

Note that there is no workgroup option for nmblookup ; you can get around this by putting workgroup = workgroup_name in a file and passing it to nmblookup with the -s configuration_ file option.

rpcclient

This is a new client that exercises the remote procedure call (RPC) interfaces of an SMB server. Like smbclient, rpcclient started its life as a test program for Samba developers and will likely stay that way for a while. Its command line is: 

rpcclient //server/share

The command-line options are the same as those for the Samba 2.0 smbclient, and the operations you can try are listed in Table 1-3.

Table 1-3. rpcclient Commands

Command

Description

lookupsids

Resolve names from SIDs

lsaquery

Query info policy (domain member or server)

ntlogin [username] [password ]

Test NT domain login

ntpass

Change NT SAM password

regcreatekeykeyname [keyvalue]

Create registry key

regcreatevalvalname valtype value

Create registry value

regdeletekeykeyname

Delete registry key

regdeletevalvalname

Delete registry value

regenumkeyname

Enumerate registry (keys, values)

reggetseckeyname

Check registry key security

regquerykeykeyname

Query registry key

regtestseckeyname

Test registry key security

srvconnections

List connections on a server

srvfiles

List files on a server

srvinfo

Query server info

srvsessions

List sessions on a server

srvshares

List shares on a server

wksinfo

Query workstation info

smbclient

The smbclient program is the maid-of-all-work of the Samba suite. Initially intended as a testing tool, it has become a full command-line Unix client, with an FTP-like interactive client. Some of its options are still used for testing and tuning, and it is a simple tool for ensuring that Samba is running on a server.

It’s convenient to look at smbclient as a suite of programs:

  • An FTP-like interactive file transfer program

  • An interactive printing program

  • An interactive tar program

  • A command-line message program

  • A command-line tar program (but see smbtar later)

  • A “What services do you have?” query program

  • A command-line debugging program

General command-line options

The smbclient program has the usual set of smbd-like options, which apply to all the interactive and command-line use. The command-line syntax is: 

smbclient //server_name/share_name [ password] 
[options]

The command-line options are:

-d debug_level

Sets the debug (logging) level, from to 10, with A for all. Overrides the value in smb.conf. Debug level logs only the most important messages; level 1 is normal; and debug levels 3 and above are for debugging and slow smbclient considerably.

-h

Prints the command-line help information (usage) for smbclient.

-n NetBIOS_name
Allows you to override the NetBIOS name by which the program will advertise itself.

smbclient operations

Running smbclient //server_name/share will cause the program to prompt you for a username and password. If the login is successful, it will connect to the share and give you a prompt much like an FTP prompt (the backslash in the prompt will be replaced by the current directory within the share as you move around the filesystem): 

smb:>

From this command line, you can use several FTP-like commands, as listed in Table 1-4.

Table 1-4. smbclient Commands

Command

Description

? command

Provides a list of commands or help on a specified command.

help [command]

Provides a list of commands or help on a specified command.

! [command]

If a command is specified, runs it in a local shell. If not, places it into a local shell on the client.

dir [filename]

Displays any files matching filename in the current directory on the server, or all files if filename is omitted.

ls [filename]

Displays any files matching filename in the current directory on the server, or all files if filename is omitted.

cd [directory]

If directory is specified, changes to the specified directory on the remote server. If not, reports the current directory on the remote machine.

lcd [directory]

If directory is specified, changes the current directory on the local machine. If not, reports the name of the current directory on the local machine.

get remotefile[localfile]

Copies the file remotefile to the local machine. If localfile is specified, copies the file to that name. Treats the file as binary; does not do LF to CR /LF conversions.

put localfile[remotefile]

Copies localfile to the remote machine. If remotefile is specified, uses that as the name to which to copy on the remote server. Treats the file as binary; does not do LF to CR /LF conversions.

mget pattern

Gets all files matching pattern from the remote machine.

mput pattern

Places all local files matching pattern on the remote machine.

prompt

Toggles interactive prompting on and off for mget and mput.

lowercase ON (or OFF )

If lowercase is ON, smbclient converts filenames to lowercase during an mget or get (but not an mput or put).

del filename

Deletes a file on the remote machine.

md directory

Creates a directory on the remote machine.

mkdir directory

Creates a directory on the remote machine.

rd directory

Removes the specified directory on the remote machine.

rmdir directory

Removes the specified directory on the remote machine.

setmode filename [+|-] rsha

Sets DOS filesystem attribute bits, using Unix-like modes. r is read-only, s is system, h is hidden, and a is archive.

exit

Exits smbclient.

quit

Exits smbclient.

There are also mask and recursive commands for large copies; see the smbclient man page for details on how to use these. With the exception of mask, recursive, and the lack of an ASCII transfer mode, smbclient works exactly the same as FTP. Note that because it does binary transfers, Windows files copied to Unix will have lines ending in carriage-return and linefeed ( ), not Unix’s linefeed ( ).

Printing commands

The smbclient program can also be used for access to a printer by connecting to a print share. Once connected, the commands shown in Table 1-5 can be used to print.

Table 1-5. smbclient Printing Commands

Command

Description

print filename

Prints the file by copying it from the local machine to the remote one and then submitting it as a print job there.

printmode text | graphics

Instructs the server that the following files will be plain text (ASCII) or the binary graphics format that the printer requires. It’s up to the user to ensure that the file is indeed the right kind.

queue

Displays the queue for the print share you’re connected to, showing job ID, name, size, and status.

Finally, to print from the smbclient, use the -c option: 

cat printfile | smbclient //server/printer_name 
-c "print -"

tar commands

smbclient can tar up files from a file share. This is normally done from the command line using the smbtar command, but the commands shown in Table 1-6 are also available interactively.

Table 1-6. smbclient Printing Commands

Command

Description

tar c|x[IXbgNa] operands

Performs a creation or extraction tar similar to the command-line program.

blocksize size

Sets the block size to be used by tar, in 512-byte blocks.

tarmode full|inc|reset|noreset

Makes tar pay attention to the DOS archive bit for all following commands. In full mode (the default), tar will back up everything. In inc (incremental) mode, tar will back up only those files with the archive bit set. In reset mode, tar will reset the archive bit on all files it backs up (this requires the share to be writable). In noreset mode, the archive bit will not be reset even after the file has been backed up.

Command-line message program options

-M NetBIOS_machine_name

Allows you to send immediate messages to another computer using the WinPopup protocol. Once a connection is established, you can type your message, pressing Ctrl-D to end. If WinPopup is not running on the receiving machine, the program returns an error.

-U user

Allows you to control the FROM part of the message indirectly.

Command-line tar program options

The -c (command), -D (starting directory), and -T (tar) options are used together to tar up files interactively. This is better done with smbtar, which we will discuss shortly. We don’t recommend using smbclient directly as a tar program. Here is a list of the options and their properties:

-c command_string

Passes a command string to the smbclient command interpreter, which treats it as a semicolon-separated list of commands to be executed. This is handy for entering things such as tarmode inc, which forces smbclient -T to back up only files with the archive bit set.

-D initial_directory

Changes to initial directory before starting.

-T command filename

Runs the tar driver, which is gtar compatible. The two main commands are c (create) and x (extract), which may be followed by any of these:

a

Resets archive bits once files are saved.

b size

Sets the block size in 512-byte units.

g

Backs up only files with the archive bit set.

I file

Includes files and directories (this is the default). Does not do pattern-matching.

N filename

Backs up only those files newer than filename.

q

Suppresses diagnostics.

X file

Excludes files.

Command-line query program

If smbclient is run as:

smbclient -L server_name

it will list the shares and other services the indicated machine provides. This is handy if you don’t have smbwrappers. It can also be helpful as a testing program in its own right.

Command-line debugging /diagnostic program options

You can use any of the various modes of operation of smbclient with the debugging and testing command-line options:

-B IP_addr

Sets the broadcast address.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from to 10. In addition, you can specify A for all debugging options. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow operations considerably.

-E

Sends all messages to stderr instead of stdout.

-I IP_address

Sets the IP address of the server to which the client connects.

-i scope

Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.

-l log_ file

Sends the log messages to the specified file.

-N

Suppresses the password prompt. Unless a password is specified on the command line or this parameter is specified, the client will prompt for a password.

-n NetBIOS_name

Allows you to override the NetBIOS name by which the daemon will advertise itself.

-O socket_options

Sets the TCP/IP socket options using the same parameters as the socket options configuration option. Often used for performance tuning and testing.

-p port_number

Sets the port number from which the client will accept requests.

-R resolve_order

Sets the resolve order of the nameservers. This option is similar to the resolve order configuration option, and can take any of the four parameters, lmhosts, host, wins, and bcast, in any order.

-s configuration_ file

Specifies the location of the Samba configuration file. Used for debugging.

-t terminal_code

Sets the terminal code for Asian languages.

-U username

Sets the username and, optionally, the password (e.g., -U fred%secret).

-W workgroup

Specifies the workgroup as which you would like the client to connect.

If you want to test a particular name service, run smbclient with -R and specify the name service. This will force smbclient to use only the service you indicated.

smbpasswd

The smbpasswd program has two distinct sets of functions, depending on who runs it. When run by ordinary users, it changes their encrypted passwords. If an ordinary user runs it with no options, smbpasswd connects to the primary domain controller (PDC) and changes that user’s Windows password. When run by root, smbpasswd updates the encrypted password file.

The program will fail if smbd is not operating, if the hosts allow or hosts deny configuration options will not permit connections from localhost (IP address 127.0.0.1), or if the encrypted passwords option is set to NO.

Regular user options

Here is a list of regular user options:

-D debug_level

Sets the debug (also called logging) level. The level can range from to 10. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow the program considerably.

-h

Prints command-line usage information for the program.

-R resolve_order

Sets the resolve order of the nameservers. This option is similar to the resolve order configuration option, and can take any of the four parameters, lmhosts, host, wins, and bcast, in any order.

-r remote_machine_name

Specifies on which machine the password should change. The remote machine must be a PDC.

-U username

Modifies a username that is spelled differently on the remote machine. Used only with -r.

Root-only options

Here is a list of root-only options:

-a username

Adds a user to the encrypted password file.

-d username

Disables a user in the encrypted password file.

-e username

Enables a disabled user in the encrypted password file.

-j domain_name

Adds a Samba server to a Windows NT domain.

-m machine_name

Changes a machine account’s password. The machine accounts are used to authenticate machines when they connect to primary or backup domain controllers.

-n

Sets no password for the user.

-s username

Causes smbpasswd to be silent and to read its old and new passwords from standard input rather than from /dev/tty. This is useful for writing scripts.

smbsh

The smbsh program lets you use a remote Windows share on your Samba server as if the share were a regular Unix directory. When you run smbsh, it provides an extra directory tree under /smb. Subdirectories of /smb are servers, and subdirectories of the servers are their individual disk and printer shares. Commands run by smbsh treat the /smb filesystem as if it were local to Unix. This means that you don’t need smbmount in your kernel to mount Windows filesystems, as you do with NFS filesystems. However, you do need to configure Samba with the --with-smbwrappers option to enable smbsh.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from 0, the default, to 10. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow smbsh considerably.

-l logfile

Sets the name of the logfile to use.

-P prefix

Sets the root directory on which to mount the SMB filesystem. The default is /smb.

-R resolve order

Sets the resolve order of the nameservers. This option is similar to the resolve order configuration option, and can take any of the four parameters, lmhosts, host, wins, and bcast, in any order.

-U user

Supports user%password.

-W workgroup

Sets the NetBIOS workgroup to which the client will connect.

smbstatus

The smbstatus program lists the current connections on a Samba server. There are three separate sections. The first section lists various shares that are in use by specific users. The second section lists the locked files that Samba currently has on all of its shares. The third section lists the amount of memory usage for each of the shares.

In the following example, lines are wrapped to fit the printed page:

# smbstatus
Samba Version 2.0.3
Service      uid      gid      pid     machine
----------------------------------------------
network      davecb   davecb   7470    phoenix  (192.168.220.101) Sun May 16 
network      davecb   davecb   7589    chimaera (192.168.220.102) Sun May 16 

Locked files:
Pid    DenyMode   R/W      Oplock           Name
--------------------------------------------------
7589   DENY_NONE  RDONLY   EXCLUSIVE+BATCH  /home/
samba/quicken/inet/common/system/help.bmp   Sun May 16 
21:23:40 1999
7470   DENY_WRITE RDONLY   NONE             /home/
samba/word/office/findfast.exe   Sun May 16 20:51:08 
1999
7589   DENY_WRITE RDONLY   EXCLUSIVE+BATCH  /home/
samba/quicken/lfbmp70n.dll   Sun May 16 21:23:39 1999
7589   DENY_WRITE RDWR     EXCLUSIVE+BATCH  /home/
samba/quicken/inet/qdata/runtime.dat   Sun May 16 
21:23:41 1999
7470   DENY_WRITE RDONLY   EXCLUSIVE+BATCH  /home/
samba/word/office/osa.exe   Sun May 16 20:51:09 1999
7589   DENY_WRITE RDONLY   NONE             /home/
samba/quicken/qversion.dll   Sun May 16 21:20:33 1999
7470   DENY_WRITE RDONLY   NONE             /home/
samba/quicken/qversion.dll   Sun May 16 20:51:11 1999

Share mode memory usage (bytes):
   1043432(99%) free + 4312(0%) used + 832(0%) overhead 
= 1048576(100%) total

smbstatus can take the following options:

-b

Forces smbstatus to produce brief output. This includes the version of Samba and auditing information about the users that have logged into the server.

-d

Gives verbose output, including each of the three reporting sections listed in the previous example. This is the default.

-L

Forces smbstatus to print only its current file locks. This corresponds to the second section in a verbose output.

-p

Prints only a list of smbd process IDs. This is often used for scripts.

-S

Prints only a list of shares and their connections. This corresponds to the first section in a verbose output.

-s configuration_ file

Sets the Samba configuration file to use when processing this command.

-u username

Limits the smbstatus report to the activity of a single user.

smbtar

The smbtar program is a shell script on top of smbclient that gives the program more intelligible options when doing tar operations. Functionally, it is equivalent to the Unix tar program.

smbtar can take the following options:

-a

Resets the archive bit mode.

-b blocksize

Sets block size. Defaults to 20.

-d directory

Changes to the initial directory before restoring or backing up files.

-i

Specifies incremental mode; tar files are backed up only if they have the DOS archive bit set. The archive bit is reset after each file is read.

-l log_level

Sets the logging level.

-N filename

Backs up only the files newer than the last modification date of filename. For incremental backups.

-p password

Specifies the password to use to access a share.

-r

Restores files to the share from the tar file.

-s server

Specifies the SMB/CIFS server in which the share resides.

-t tape

Specifies the tape device or file. The default is the value of the environment variable $TAPE, or tar.out if $TAPE isn’t set.

-u user

Specifies the user as which to connect to the share. You can specify the password as well, in the format username%password.

-v

Specifies the use of verbose mode.

-X file

Tells smbtar to exclude the specified file from the tar create or restore.

-x share

States the share name on the server to which to connect. The default is backup, which is a common share name with which to perform backups.

For example, a trivial backup command to archive the data for user sue is: 

smbtar -s pc_name -x sue -u sue -p secret -t sue.tar

tcpdump

The tcpdump utility, a classic system administration tool, dumps all the packet headers it sees on an interface that matches an expression. The version included in the Samba distribution is enhanced to understand the SMB protocol. The expression is a logical expression with “and,” “or,” and “not,” although sometimes it’s very simple. For example, host escrime would select every packet going to or from escrime. The expression is normally one or more of:

  • host name

  • net network_number

  • port number

  • src name

  • dst name

The most common options are src (source), dst (destination), and port. For example, look at the following command: 

tcpdump port not telnet

This command dumps all the packets except telnet. In this command, you are logged in via telnet and want to see only the SMB packets.

Another tcpdump example selects traffic between server and either sue or joe: 

tcpdump host server and ( sue or joe )

We recommend using the -s 1500 option so as to capture all of the SMB messages sent, instead of just the header information.

You can use many options, and many other kinds of expressions, with tcpdump. See Samba’s man page for details on the advanced options. The most common options are as follows:

-c count

Forces the program to exit after receiving the specified number of packets

-F file

Reads the expression from the specified file and ignores expressions on the command line

-i interface

Forces the program to listen on the specified interface

-r file

Reads packets from the specified file (captured with -w)

-s length

Saves the specified number of bytes of data from each packet (rather than 68 bytes)

-w file

Writes the packets to the specified file

testparm

The testparm program checks an smb.conf file for obvious errors and self-consistency. Its command line is: 

testparm [options] configfile_name [hostname IP_addr]

If the configuration file is not specified, the file at <samba_dir>/lib/smb.conf is checked by default. If you specify a hostname and an IP address, an extra check will be made to ensure that the specified machine would be allowed to connect to Samba. If a hostname is specified, an IP address should be present as well.

testparm can take the following options:

-h

Prints command-line information for the program.

-L server_name

Resets the %L configuration variable to the specified server name.

-s

Prevents the testparm program from prompting the user to press the Enter key before printing a list of the configuration options for the server.

testprns

The testprns program checks a specified printer name against the system printer capabilities (printcap) file. Its command line is: 

testprns printername [printcapname]

If printcapname isn’t specified, Samba attempts to use one located in the smb.conf file. If one isn’t specified there, Samba will try /etc/printcap. If that fails, the program will report an error.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset