1 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
2 <refentry id="rpcclient">
5 <refentrytitle>rpcclient</refentrytitle>
6 <manvolnum>1</manvolnum>
11 <refname>rpcclient</refname>
12 <refpurpose>tool for executing client side
13 MS-RPC functions</refpurpose>
18 <command>rpcclient</command>
19 <arg choice="opt">-A authfile</arg>
20 <arg choice="opt">-c <command string></arg>
21 <arg choice="opt">-d debuglevel</arg>
22 <arg choice="opt">-h</arg>
23 <arg choice="opt">-l logfile</arg>
24 <arg choice="opt">-N</arg>
25 <arg choice="opt">-s <smb config file></arg>
26 <arg choice="opt">-U username[%password]</arg>
27 <arg choice="opt">-W workgroup</arg>
28 <arg choice="opt">-N</arg>
29 <arg choice="opt">-I destinationIP</arg>
30 <arg choice="req">server</arg>
35 <title>DESCRIPTION</title>
37 <para>This tool is part of the <ulink url="samba.7.html">
38 Samba</ulink> suite.</para>
40 <para><command>rpcclient</command> is a utility initially developed
41 to test MS-RPC functionality in Samba itself. It has undergone
42 several stages of development and stability. Many system administrators
43 have now written scripts around it to manage Windows NT clients from
44 their UNIX workstation. </para>
49 <title>OPTIONS</title>
54 <listitem><para>NetBIOS name of Server to which to connect.
55 The server can be any SMB/CIFS server. The name is
56 resolved using the <ulink url="smb.conf.5.html#NAMERESOLVEORDER">
57 <parameter>name resolve order</parameter></ulink> line from
58 <filename>smb.conf(5)</filename>.</para></listitem>
63 <term>-A|--authfile=filename</term>
64 <listitem><para>This option allows
65 you to specify a file from which to read the username and
66 password used in the connection. The format of the file is
69 <para><programlisting>
70 username = <value>
71 password = <value>
72 domain = <value>
73 </programlisting></para>
75 <para>Make certain that the permissions on the file restrict
76 access from unwanted users. </para></listitem>
82 <term>-c|--command='command string'</term>
83 <listitem><para>execute semicolon separated commands (listed
84 below)) </para></listitem>
91 <term>-d|--debug=debuglevel</term>
92 <listitem><para>set the debuglevel. Debug level 0 is the lowest
93 and 100 being the highest. This should be set to 100 if you are
94 planning on submitting a bug report to the Samba team (see <filename>BUGS.txt</filename>).
102 <term>-h|--help</term>
103 <listitem><para>Print a summary of command line options.
109 <term>-I IP-address</term>
110 <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
111 It should be specified in standard "a.b.c.d" notation. </para>
113 <para>Normally the client would attempt to locate a named
114 SMB/CIFS server by looking it up via the NetBIOS name resolution
115 mechanism described above in the <parameter>name resolve order</parameter>
116 parameter above. Using this parameter will force the client
117 to assume that the server is on the machine with the specified IP
118 address and the NetBIOS name component of the resource being
119 connected to will be ignored. </para>
121 <para>There is no default for this parameter. If not supplied,
122 it will be determined automatically by the client as described
123 above. </para></listitem>
128 <term>-l|--logfile=logbasename</term>
129 <listitem><para>File name for log/debug files. The extension
130 <constant>'.client'</constant> will be appended. The log file is never removed
138 <term>-N|--nopass</term>
139 <listitem><para>instruct <command>rpcclient</command> not to ask
140 for a password. By default, <command>rpcclient</command> will prompt
141 for a password. See also the <parameter>-U</parameter> option.</para></listitem>
146 <term>-s|--conf=smb.conf</term>
147 <listitem><para>Specifies the location of the all important
148 <filename>smb.conf</filename> file. </para></listitem>
154 <term>-U|--user=username[%password]</term>
155 <listitem><para>Sets the SMB username or username and password. </para>
157 <para>If %password is not specified, the user will be prompted. The
158 client will first check the <envar>USER</envar> environment variable, then the
159 <envar>LOGNAME</envar> variable and if either exists, the
160 string is uppercased. If these environmental variables are not
161 found, the username <constant>GUEST</constant> is used. </para>
163 <para>A third option is to use a credentials file which
164 contains the plaintext of the username and password. This
165 option is mainly provided for scripts where the admin doesn't
166 desire to pass the credentials on the command line or via environment
167 variables. If this method is used, make certain that the permissions
168 on the file restrict access from unwanted users. See the
169 <parameter>-A</parameter> for more details. </para>
171 <para>Be cautious about including passwords in scripts. Also, on
172 many systems the command line of a running process may be seen
173 via the <command>ps</command> command. To be safe always allow
174 <command>rpcclient</command> to prompt for a password and type
175 it in directly. </para></listitem>
182 <term>-W|--workgroup=domain</term>
183 <listitem><para>Set the SMB domain of the username. This
184 overrides the default domain which is the domain defined in
185 smb.conf. If the domain specified is the same as the server's NetBIOS name,
186 it causes the client to log on using the server's local SAM (as
187 opposed to the Domain SAM). </para></listitem>
196 <title>COMMANDS</title>
198 <para><emphasis>LSARPC</emphasis></para>
200 <listitem><para><command>lsaquery</command></para></listitem>
202 <listitem><para><command>lookupsids</command> - Resolve a list
203 of SIDs to usernames.
206 <listitem><para><command>lookupnames</command> - Resolve s list
207 of usernames to SIDs.
210 <listitem><para><command>enumtrusts</command></para></listitem>
216 <para><emphasis>SAMR</emphasis></para>
218 <listitem><para><command>queryuser</command></para></listitem>
219 <listitem><para><command>querygroup</command></para></listitem>
220 <listitem><para><command>queryusergroups</command></para></listitem>
221 <listitem><para><command>querygroupmem</command></para></listitem>
222 <listitem><para><command>queryaliasmem</command></para></listitem>
223 <listitem><para><command>querydispinfo</command></para></listitem>
224 <listitem><para><command>querydominfo</command></para></listitem>
225 <listitem><para><command>enumdomgroups</command></para></listitem>
231 <para><emphasis>SPOOLSS</emphasis></para>
234 <listitem><para><command>adddriver <arch> <config></command>
235 - Execute an AddPrinterDriver() RPC to install the printer driver
236 information on the server. Note that the driver files should
237 already exist in the directory returned by
238 <command>getdriverdir</command>. Possible values for
239 <parameter>arch</parameter> are the same as those for
240 the <command>getdriverdir</command> command.
241 The <parameter>config</parameter> parameter is defined as
244 <para><programlisting>
250 Language Monitor Name:\
252 Comma Separated list of Files
253 </programlisting></para>
255 <para>Any empty fields should be enter as the string "NULL". </para>
257 <para>Samba does not need to support the concept of Print Monitors
258 since these only apply to local printers whose driver can make
259 use of a bi-directional link for communication. This field should
260 be "NULL". On a remote NT print server, the Print Monitor for a
261 driver must already be installed prior to adding the driver or
262 else the RPC will fail. </para></listitem>
267 <listitem><para><command>addprinter <printername>
268 <sharename> <drivername> <port></command>
269 - Add a printer on the remote server. This printer
270 will be automatically shared. Be aware that the printer driver
271 must already be installed on the server (see <command>adddriver</command>)
272 and the <parameter>port</parameter>must be a valid port name (see
273 <command>enumports</command>.</para>
277 <listitem><para><command>deldriver</command> - Delete the
278 specified printer driver for all architectures. This
279 does not delete the actual driver files from the server,
280 only the entry from the server's list of drivers.
283 <listitem><para><command>enumdata</command> - Enumerate all
284 printer setting data stored on the server. On Windows NT clients,
285 these values are stored in the registry, while Samba servers
286 store them in the printers TDB. This command corresponds
287 to the MS Platform SDK GetPrinterData() function (* This
288 command is currently unimplemented).</para></listitem>
292 <listitem><para><command>enumjobs <printer></command>
293 - List the jobs and status of a given printer.
294 This command corresponds to the MS Platform SDK EnumJobs()
295 function (* This command is currently unimplemented).</para></listitem>
300 <listitem><para><command>enumports [level]</command>
301 - Executes an EnumPorts() call using the specified
302 info level. Currently only info levels 1 and 2 are supported.
307 <listitem><para><command>enumdrivers [level]</command>
308 - Execute an EnumPrinterDrivers() call. This lists the various installed
309 printer drivers for all architectures. Refer to the MS Platform SDK
310 documentation for more details of the various flags and calling
311 options. Currently supported info levels are 1, 2, and 3.</para></listitem>
315 <listitem><para><command>enumprinters [level]</command>
316 - Execute an EnumPrinters() call. This lists the various installed
317 and share printers. Refer to the MS Platform SDK documentation for
318 more details of the various flags and calling options. Currently
319 supported info levels are 0, 1, and 2.</para></listitem>
324 <listitem><para><command>getdata <printername></command>
325 - Retrieve the data for a given printer setting. See
326 the <command>enumdata</command> command for more information.
327 This command corresponds to the GetPrinterData() MS Platform
328 SDK function (* This command is currently unimplemented). </para></listitem>
332 <listitem><para><command>getdriver <printername></command>
333 - Retrieve the printer driver information (such as driver file,
334 config file, dependent files, etc...) for
335 the given printer. This command corresponds to the GetPrinterDriver()
336 MS Platform SDK function. Currently info level 1, 2, and 3 are supported.
340 <listitem><para><command>getdriverdir <arch></command>
341 - Execute a GetPrinterDriverDirectory()
342 RPC to retreive the SMB share name and subdirectory for
343 storing printer driver files for a given architecture. Possible
344 values for <parameter>arch</parameter> are "Windows 4.0"
345 (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
346 Alpha_AXP", and "Windows NT R4000". </para></listitem>
350 <listitem><para><command>getprinter <printername></command>
351 - Retrieve the current printer information. This command
352 corresponds to the GetPrinter() MS Platform SDK function.
357 <listitem><para><command>openprinter <printername></command>
358 - Execute an OpenPrinterEx() and ClosePrinter() RPC
359 against a given printer. </para></listitem>
362 <listitem><para><command>setdriver <printername> <drivername></command>
363 - Execute a SetPrinter() command to update the printer driver associated
364 with an installed printer. The printer driver must already be correctly
365 installed on the print server. </para>
367 <para>See also the <command>enumprinters</command> and
368 <command>enumdrivers</command> commands for obtaining a list of
369 of installed printers and drivers.</para></listitem>
374 <para><emphasis>GENERAL OPTIONS</emphasis></para>
377 <listitem><para><command>debuglevel</command> - Set the current debug level
378 used to log information.</para></listitem>
380 <listitem><para><command>help (?)</command> - Print a listing of all
381 known commands or extended help on a particular command.
384 <listitem><para><command>quit (exit)</command> - Exit <command>rpcclient
385 </command>.</para></listitem>
394 <para><command>rpcclient</command> is designed as a developer testing tool
395 and may not be robust in certain areas (such as command line parsing).
396 It has been known to generate a core dump upon failures when invalid
397 parameters where passed to the interpreter. </para>
399 <para>From Luke Leighton's original rpcclient man page:</para>
401 <para><emphasis>"WARNING!</emphasis> The MSRPC over SMB code has
402 been developed from examining Network traces. No documentation is
403 available from the original creators (Microsoft) on how MSRPC over
404 SMB works, or how the individual MSRPC services work. Microsoft's
405 implementation of these services has been demonstrated (and reported)
406 to be... a bit flaky in places. </para>
408 <para>The development of Samba's implementation is also a bit rough,
409 and as more of the services are understood, it can even result in
410 versions of <command>smbd(8)</command> and <command>rpcclient(1)</command>
411 that are incompatible for some commands or services. Additionally,
412 the developers are sending reports to Microsoft, and problems found
413 or reported to Microsoft are fixed in Service Packs, which may
414 result in incompatibilities." </para>
419 <title>VERSION</title>
421 <para>This man page is correct for version 3.0 of the Samba
426 <title>AUTHOR</title>
428 <para>The original Samba software and related utilities
429 were created by Andrew Tridgell. Samba is now developed
430 by the Samba Team as an Open Source project similar
431 to the way the Linux kernel is developed.</para>
433 <para>The original rpcclient man page was written by Matthew
434 Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.
435 The conversion to DocBook for Samba 2.2 was done by Gerald