1 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
2 <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
4 <refentry id="rpcclient">
7 <refentrytitle>rpcclient</refentrytitle>
8 <manvolnum>1</manvolnum>
13 <refname>rpcclient</refname>
14 <refpurpose>tool for executing client side
15 MS-RPC functions</refpurpose>
20 <command>rpcclient</command>
21 <arg choice="opt">-A authfile</arg>
22 <arg choice="opt">-c <command string></arg>
23 <arg choice="opt">-d debuglevel</arg>
24 <arg choice="opt">-h</arg>
25 <arg choice="opt">-l logfile</arg>
26 <arg choice="opt">-N</arg>
27 <arg choice="opt">-s <smb config file></arg>
28 <arg choice="opt">-U username[%password]</arg>
29 <arg choice="opt">-W workgroup</arg>
30 <arg choice="opt">-N</arg>
31 <arg choice="opt">-I destinationIP</arg>
32 <arg choice="req">server</arg>
37 <title>DESCRIPTION</title>
39 <para>This tool is part of the <ulink url="samba.7.html">
40 Samba</ulink> suite.</para>
42 <para><command>rpcclient</command> is a utility initially developed
43 to test MS-RPC functionality in Samba itself. It has undergone
44 several stages of development and stability. Many system administrators
45 have now written scripts around it to manage Windows NT clients from
46 their UNIX workstation. </para>
51 <title>OPTIONS</title>
56 <listitem><para>NetBIOS name of Server to which to connect.
57 The server can be any SMB/CIFS server. The name is
58 resolved using the <ulink url="smb.conf.5.html#NAMERESOLVEORDER">
59 <parameter>name resolve order</parameter></ulink> line from
60 <filename>smb.conf(5)</filename>.</para></listitem>
65 <term>-A|--authfile=filename</term>
66 <listitem><para>This option allows
67 you to specify a file from which to read the username and
68 password used in the connection. The format of the file is
71 <para><programlisting>
72 username = <value>
73 password = <value>
74 domain = <value>
75 </programlisting></para>
77 <para>Make certain that the permissions on the file restrict
78 access from unwanted users. </para></listitem>
84 <term>-c|--command='command string'</term>
85 <listitem><para>execute semicolon separated commands (listed
86 below)) </para></listitem>
96 <term>-I IP-address</term>
97 <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
98 It should be specified in standard "a.b.c.d" notation. </para>
100 <para>Normally the client would attempt to locate a named
101 SMB/CIFS server by looking it up via the NetBIOS name resolution
102 mechanism described above in the <parameter>name resolve order</parameter>
103 parameter above. Using this parameter will force the client
104 to assume that the server is on the machine with the specified IP
105 address and the NetBIOS name component of the resource being
106 connected to will be ignored. </para>
108 <para>There is no default for this parameter. If not supplied,
109 it will be determined automatically by the client as described
110 above. </para></listitem>
115 <term>-l|--logfile=logbasename</term>
116 <listitem><para>File name for log/debug files. The extension
117 <constant>'.client'</constant> will be appended. The log file is
118 never removed by the client.
125 <term>-N|--nopass</term>
126 <listitem><para>instruct <command>rpcclient</command> not to ask
127 for a password. By default, <command>rpcclient</command> will
128 prompt for a password. See also the <parameter>-U</parameter>
129 option.</para></listitem>
134 <term>-s|--conf=smb.conf</term>
135 <listitem><para>Specifies the location of the all-important
136 <filename>smb.conf</filename> file. </para></listitem>
142 <term>-U|--user=username[%password]</term>
143 <listitem><para>Sets the SMB username or username and password. </para>
145 <para>If %password is not specified, the user will be prompted. The
146 client will first check the <envar>USER</envar> environment variable, then the
147 <envar>LOGNAME</envar> variable and if either exists, the
148 string is uppercased. If these environmental variables are not
149 found, the username <constant>GUEST</constant> is used. </para>
151 <para>A third option is to use a credentials file which
152 contains the plaintext of the username and password. This
153 option is mainly provided for scripts where the admin does not
154 wish to pass the credentials on the command line or via environment
155 variables. If this method is used, make certain that the permissions
156 on the file restrict access from unwanted users. See the
157 <parameter>-A</parameter> for more details. </para>
159 <para>Be cautious about including passwords in scripts. Also, on
160 many systems the command line of a running process may be seen
161 via the <command>ps</command> command. To be safe always allow
162 <command>rpcclient</command> to prompt for a password and type
163 it in directly. </para></listitem>
170 <term>-W|--workgroup=domain</term>
171 <listitem><para>Set the SMB domain of the username. This
172 overrides the default domain which is the domain defined in
173 smb.conf. If the domain specified is the same as the server's NetBIOS name,
174 it causes the client to log on using the server's local SAM (as
175 opposed to the Domain SAM). </para></listitem>
184 <title>COMMANDS</title>
186 <para><emphasis>LSARPC</emphasis></para>
188 <listitem><para><command>lsaquery</command></para></listitem>
190 <listitem><para><command>lookupsids</command> - Resolve a list
191 of SIDs to usernames.
194 <listitem><para><command>lookupnames</command> - Resolve a list
195 of usernames to SIDs.
198 <listitem><para><command>enumtrusts</command></para></listitem>
204 <para><emphasis>SAMR</emphasis></para>
206 <listitem><para><command>queryuser</command></para></listitem>
207 <listitem><para><command>querygroup</command></para></listitem>
208 <listitem><para><command>queryusergroups</command></para></listitem>
209 <listitem><para><command>querygroupmem</command></para></listitem>
210 <listitem><para><command>queryaliasmem</command></para></listitem>
211 <listitem><para><command>querydispinfo</command></para></listitem>
212 <listitem><para><command>querydominfo</command></para></listitem>
213 <listitem><para><command>enumdomgroups</command></para></listitem>
219 <para><emphasis>SPOOLSS</emphasis></para>
222 <listitem><para><command>adddriver <arch> <config></command>
223 - Execute an AddPrinterDriver() RPC to install the printer driver
224 information on the server. Note that the driver files should
225 already exist in the directory returned by
226 <command>getdriverdir</command>. Possible values for
227 <parameter>arch</parameter> are the same as those for
228 the <command>getdriverdir</command> command.
229 The <parameter>config</parameter> parameter is defined as
232 <para><programlisting>
238 Language Monitor Name:\
240 Comma Separated list of Files
241 </programlisting></para>
243 <para>Any empty fields should be enter as the string "NULL". </para>
245 <para>Samba does not need to support the concept of Print Monitors
246 since these only apply to local printers whose driver can make
247 use of a bi-directional link for communication. This field should
248 be "NULL". On a remote NT print server, the Print Monitor for a
249 driver must already be installed prior to adding the driver or
250 else the RPC will fail. </para></listitem>
255 <listitem><para><command>addprinter <printername>
256 <sharename> <drivername> <port></command>
257 - Add a printer on the remote server. This printer
258 will be automatically shared. Be aware that the printer driver
259 must already be installed on the server (see <command>adddriver</command>)
260 and the <parameter>port</parameter>must be a valid port name (see
261 <command>enumports</command>.</para>
265 <listitem><para><command>deldriver</command> - Delete the
266 specified printer driver for all architectures. This
267 does not delete the actual driver files from the server,
268 only the entry from the server's list of drivers.
271 <listitem><para><command>enumdata</command> - Enumerate all
272 printer setting data stored on the server. On Windows NT clients,
273 these values are stored in the registry, while Samba servers
274 store them in the printers TDB. This command corresponds
275 to the MS Platform SDK GetPrinterData() function (* This
276 command is currently unimplemented).</para></listitem>
280 <listitem><para><command>enumjobs <printer></command>
281 - List the jobs and status of a given printer.
282 This command corresponds to the MS Platform SDK EnumJobs()
283 function (* This command is currently unimplemented).</para></listitem>
288 <listitem><para><command>enumports [level]</command>
289 - Executes an EnumPorts() call using the specified
290 info level. Currently only info levels 1 and 2 are supported.
295 <listitem><para><command>enumdrivers [level]</command>
296 - Execute an EnumPrinterDrivers() call. This lists the various installed
297 printer drivers for all architectures. Refer to the MS Platform SDK
298 documentation for more details of the various flags and calling
299 options. Currently supported info levels are 1, 2, and 3.</para></listitem>
303 <listitem><para><command>enumprinters [level]</command>
304 - Execute an EnumPrinters() call. This lists the various installed
305 and share printers. Refer to the MS Platform SDK documentation for
306 more details of the various flags and calling options. Currently
307 supported info levels are 0, 1, and 2.</para></listitem>
312 <listitem><para><command>getdata <printername></command>
313 - Retrieve the data for a given printer setting. See
314 the <command>enumdata</command> command for more information.
315 This command corresponds to the GetPrinterData() MS Platform
316 SDK function (* This command is currently unimplemented). </para></listitem>
320 <listitem><para><command>getdriver <printername></command>
321 - Retrieve the printer driver information (such as driver file,
322 config file, dependent files, etc...) for
323 the given printer. This command corresponds to the GetPrinterDriver()
324 MS Platform SDK function. Currently info level 1, 2, and 3 are supported.
328 <listitem><para><command>getdriverdir <arch></command>
329 - Execute a GetPrinterDriverDirectory()
330 RPC to retrieve the SMB share name and subdirectory for
331 storing printer driver files for a given architecture. Possible
332 values for <parameter>arch</parameter> are "Windows 4.0"
333 (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
334 Alpha_AXP", and "Windows NT R4000". </para></listitem>
338 <listitem><para><command>getprinter <printername></command>
339 - Retrieve the current printer information. This command
340 corresponds to the GetPrinter() MS Platform SDK function.
345 <listitem><para><command>openprinter <printername></command>
346 - Execute an OpenPrinterEx() and ClosePrinter() RPC
347 against a given printer. </para></listitem>
350 <listitem><para><command>setdriver <printername>
351 <drivername></command>
352 - Execute a SetPrinter() command to update the printer driver
353 associated with an installed printer. The printer driver must
354 already be correctly installed on the print server. </para>
356 <para>See also the <command>enumprinters</command> and
357 <command>enumdrivers</command> commands for obtaining a list of
358 of installed printers and drivers.</para></listitem>
363 <para><emphasis>GENERAL OPTIONS</emphasis></para>
366 <listitem><para><command>debuglevel</command> - Set the current
367 debug level used to log information.</para></listitem>
369 <listitem><para><command>help (?)</command> - Print a listing of all
370 known commands or extended help on a particular command.
373 <listitem><para><command>quit (exit)</command> - Exit <command>rpcclient
374 </command>.</para></listitem>
383 <para><command>rpcclient</command> is designed as a developer testing tool
384 and may not be robust in certain areas (such as command line parsing).
385 It has been known to generate a core dump upon failures when invalid
386 parameters where passed to the interpreter. </para>
388 <para>From Luke Leighton's original rpcclient man page:</para>
390 <para><emphasis>"WARNING!</emphasis> The MSRPC over SMB code has
391 been developed from examining Network traces. No documentation is
392 available from the original creators (Microsoft) on how MSRPC over
393 SMB works, or how the individual MSRPC services work. Microsoft's
394 implementation of these services has been demonstrated (and reported)
395 to be... a bit flaky in places. </para>
397 <para>The development of Samba's implementation is also a bit rough,
398 and as more of the services are understood, it can even result in
399 versions of <command>smbd(8)</command> and <command>rpcclient(1)</command>
400 that are incompatible for some commands or services. Additionally,
401 the developers are sending reports to Microsoft, and problems found
402 or reported to Microsoft are fixed in Service Packs, which may
403 result in incompatibilities." </para>
408 <title>VERSION</title>
410 <para>This man page is correct for version 3.0 of the Samba
415 <title>AUTHOR</title>
417 <para>The original Samba software and related utilities
418 were created by Andrew Tridgell. Samba is now developed
419 by the Samba Team as an Open Source project similar
420 to the way the Linux kernel is developed.</para>
422 <para>The original rpcclient man page was written by Matthew
423 Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.
424 The conversion to DocBook for Samba 2.2 was done by Gerald