6 <html><head><title>rpcclient (1)</title>
8 <link rev="made" href="mailto:samba-bugs@samba.org">
14 <h1>rpcclient (1)</h1>
21 <p><br><a name="NAME"></a>
23 rpcclient - utility to manage MSRPC resources on servers
24 <p><br><a name="SYNOPSIS"></a>
27 <p><br><strong>rpcclient</strong>
28 [<a href="rpcclient.1.html#password">password</a>]
29 <a href="rpcclient.1.html#servername">-S servername</a>
30 [<a href="rpcclient.1.html#minusU">-U [username][%][password]</a>]
31 [<a href="rpcclient.1.html#minusW">-W domain</a>]
32 [<a href="rpcclient.1.html#minusl">-l log basename</a>]
33 [<a href="rpcclient.1.html#minusd">-d debuglevel</a>]
34 [<a href="rpcclient.1.html#minusO">-O socket options</a>]
35 [<a href="rpcclient.1.html#minusi">-i scope</a>]
36 [<a href="rpcclient.1.html#minusN">-N</a>]
37 [<a href="rpcclient.1.html#minusn">-n NetBIOS name</a>]
38 [<a href="rpcclient.1.html#minush">-h</a>]
39 [<a href="rpcclient.1.html#minusI">-I dest IP</a>]
40 [<a href="rpcclient.1.html#minusE">-E</a>]
41 [<a href="rpcclient.1.html#minust">-t terminal code</a>]
42 [<a href="rpcclient.1.html#minusc">-c command string</a>]
43 [<a href="rpcclient.1.html#minusB">-B IP addr</a>]
44 [<a href="rpcclient.1.html#minuss">-s smb.conf</a>]
45 [<a href="rpcclient.1.html#minusm">-m max protocol</a>]
46 <p><br><a name="DESCRIPTION"></a>
49 <p><br>This program is part of the <strong>Samba</strong> suite.
50 <p><br><strong>rpcclient</strong> is a client that can 'talk' to an SMB/CIFS MSRPC server.
51 Operations include things like managing a SAM Database (users, groups
52 and aliases) in the same way as the Windows NT programs
53 <strong>User Manager for Domains</strong> and <strong>Server Manager for Domains</strong>;
54 managing a remote registry in the same way as the Windows NT programs
55 <strong>REGEDT32.EXE</strong> and <strong>REGEDIT.EXE</strong>; viewing a remote event log (same
56 as <strong>EVENTVWR.EXE</strong>) etc.
57 <p><br>Typical usage is like this: <br>
58 <code>rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log</code>
60 <p><br><a name="OPTIONS"></a>
64 <p><br><a name="servername"></a>
65 <li><strong><strong>servername</strong></strong> servername is the name of the server you want
66 to use on the server. This should be the NetBIOS name of the SMB/CIFS
67 server, which can be <strong>*SMBSERVER</strong> on Windows NT 4.0 or Samba Servers.
68 <p><br>Note that the server name required is NOT necessarily the IP (DNS)
69 host name of the server! The name required is a NetBIOS server name,
70 which may or may not be the same as the IP hostname of the machine
71 running the server. Also, remember that having a period in a NetBIOS
72 name (such as an IP hostname) may cause connectivity problems on your
73 network: NT tends to strip NetBIOS names from the leading period
75 <p><br>The server name is looked up according to either the
76 <a href="rpcclient.1.html#minusR"><strong>-R</strong></a> parameter to <strong>rpcclient</strong> or using the
77 <a href="smb.conf.5.html#nameresolveorder"><strong>name resolve order</strong></a>
78 parameter in the smb.conf file, allowing an administrator to change
79 the order and methods by which server names are looked up.
80 <p><br><a name="password"></a>
81 <li><strong><strong>password</strong></strong> password is the password required to access the
82 specified service on the specified server. If this parameter is
83 supplied, the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option (suppress password prompt) is assumed.
84 <p><br>There is no default password. If no password is supplied on the
85 command line (either by using this parameter or adding a password to
86 the <a href="rpcclient.1.html#minusU"><strong>-U</strong></a> option (see below)) and the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option is not specified,
87 the client will prompt for a password, even if the desired service
88 does not require one. (If no password is required, simply press ENTER
89 to provide a null password.)
90 <p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist
91 on an uppercase password. Lowercase or mixed case passwords may be
92 rejected by these servers.
93 <p><br>Be cautious about including passwords in scripts.
94 <p><br><a name="minuss"></a>
95 <li><strong><strong>-s smb.conf</strong></strong> This parameter specifies the pathname to the
96 Samba configuration file, smb.conf. This file controls all aspects of
97 the Samba setup on the machine and rpcclient also needs to read this
99 <p><br><a name="minusB"></a>
100 <li><strong><strong>-B IP addr</strong></strong> The IP address to use when sending a broadcast packet.
101 <p><br><a name="minusO"></a>
102 <li><strong><strong>-O socket options</strong></strong> TCP socket options to set on the client
103 socket. See the <a href="smb.conf.5.html#socketoptions">socket options</a>
104 parameter in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> manpage for
105 the list of valid options.
106 <p><br><a name="minusR"></a>
107 <li><strong><strong>-R name resolve order</strong></strong> This option allows the user of
108 rpcclient to determine what name resolution services to use when
109 looking up the NetBIOS name of the host being connected to.
110 <p><br>The options are :"lmhosts", "host", "wins" and "bcast". They cause
111 names to be resolved as follows :
113 <p><br><li > <strong>lmhosts</strong> : Lookup an IP address in the Samba lmhosts file.
114 The lmhosts file is stored in the same directory as the
115 <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file.
116 <p><br><li > <strong>host</strong> : Do a standard host name to IP address resolution,
117 using the system /etc/hosts, NIS, or DNS lookups. This method of name
118 resolution is operating system depended for instance on IRIX or
119 Solaris this may be controlled by the <em>/etc/nsswitch.conf</em> file).
120 <p><br><li > <strong>wins</strong> : Query a name with the IP address listed in the <a href="smb.conf.5.html#winsserver"><strong>wins
121 server</strong></a> parameter in the smb.conf file. If
122 no WINS server has been specified this method will be ignored.
123 <p><br><li > <strong>bcast</strong> : Do a broadcast on each of the known local interfaces
124 listed in the <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter
125 in the smb.conf file. This is the least reliable of the name resolution
126 methods as it depends on the target host being on a locally connected
127 subnet. To specify a particular broadcast address the <a href="rpcclient.1.html#minusB"><strong>-B</strong></a> option
130 <p><br>If this parameter is not set then the name resolve order defined
131 in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file parameter
132 <a href="smb.conf.5.html#nameresolveorder">(<strong>name resolve order</strong>)</a>
134 <p><br>The default order is lmhosts, host, wins, bcast and without this
135 parameter or any entry in the <a href="smb.conf.5.html#nameresolveorder"><strong>"name resolve
136 order"</strong></a> parameter of the
137 <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file the name resolution methods
138 will be attempted in this order.
139 <p><br><a name="minusi"></a>
140 <li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that rpcclient will use
141 to communicate with when generating NetBIOS names. For details on the
142 use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
143 are <em>very</em> rarely used, only set this parameter if you are the
144 system administrator in charge of all the NetBIOS systems you
146 <p><br><a name="minusN"></a>
147 <li><strong><strong>-N</strong></strong> If specified, this parameter suppresses the normal
148 password prompt from the client to the user. This is useful when
149 accessing a service that does not require a password.
150 <p><br>Unless a password is specified on the command line or this parameter
151 is specified, the client will request a password.
152 <p><br><a name="minusn"></a>
153 <li><strong><strong>-n NetBIOS name</strong></strong> By default, the client will use the local
154 machine's hostname (in uppercase) as its NetBIOS name. This parameter
155 allows you to override the host name and use whatever NetBIOS name you
157 <p><br><a name="minusd"></a>
158 <li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10, or the
160 <p><br>The default value if this parameter is not specified is zero.
161 <p><br>The higher this value, the more detail will be logged to the log files
162 about the activities of the client. At level 0, only critical errors
163 and serious warnings will be logged. Level 1 is a reasonable level for
164 day to day running - it generates a small amount of information about
165 operations carried out.
166 <p><br>Levels above 1 will generate considerable amounts of log data, and
167 should only be used when investigating a problem. Levels above 3 are
168 designed for use only by developers and generate HUGE amounts of log
169 data, most of which is extremely cryptic. If debuglevel is set to the
170 letter 'A', then <em>all</em> debug messages will be printed. This setting
171 is for developers only (and people who <em>really</em> want to know how the
172 code works internally).
173 <p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log
174 level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf
175 (5)</strong></a> file.
176 <p><br><a name="minusp"></a>
177 <li><strong><strong>-p port</strong></strong> This number is the TCP port number that will be used
178 when making connections to the server. The standard (well-known) TCP
179 port number for an SMB/CIFS server is 139, which is the default.
180 <p><br><a name="minusl"></a>
181 <li><strong><strong>-l logfilename</strong></strong> If specified, logfilename specifies a base
182 filename into which operational data from the running client will be
184 <p><br>The default base name is specified at compile time.
185 <p><br>The base name is used to generate actual log file names. For example,
186 if the name specified was "log", the debug file would be
187 <code>log.client</code>.
188 <p><br>The log file generated is never removed by the client.
189 <p><br><a name="minush"></a>
190 <li><strong><strong>-h</strong></strong> Print the usage message for the client.
191 <p><br><a name="minusI"></a>
192 <li><strong><strong>-I IP address</strong></strong> IP address is the address of the server to
193 connect to. It should be specified in standard "a.b.c.d" notation.
194 <p><br>Normally the client would attempt to locate a named SMB/CIFS server by
195 looking it up via the NetBIOS name resolution mechanism described
196 above in the <a href="rpcclient.1.html#minusR"><strong>name resolve order</strong></a> parameter
197 above. Using this parameter will force the client to assume that the
198 server is on the machine with the specified IP address and the NetBIOS
199 name component of the resource being connected to will be ignored.
200 <p><br>There is no default for this parameter. If not supplied, it will be
201 determined automatically by the client as described above.
202 <p><br><a name="minusE"></a>
203 <li><strong><strong>-E</strong></strong> This parameter causes the client to write messages to the
204 standard error stream (stderr) rather than to the standard output
206 <p><br>By default, the client writes messages to standard output - typically
208 <p><br>Note that by default, debug information is always sent to stderr.
209 Debug information can instead be sent to a file, using the
210 <a href="rpcclient.1.html#minusl">-l log basename</a> option.
211 <p><br><a name="minusU"></a>
212 <li><strong><strong>-U username</strong></strong> This specifies the user name that will be used by
213 the client to make a connection, assuming your server is not a downlevel
214 server that is running a protocol level that uses passwords on shares,
216 <p><br>Some servers are fussy about the case of this name, and some insist
217 that it must be a valid NetBIOS name.
218 <p><br>If no username is supplied, it will default to an uppercase version of
219 the environment variable <code>USER</code> or <code>LOGNAME</code> in that order. If no
220 username is supplied and neither environment variable exists the
221 username "GUEST" will be used.
222 <p><br>If the <code>USER</code> environment variable contains a '%' character,
223 everything after that will be treated as a password. This allows you
224 to set the environment variable to be <code>USER=username%password</code> so
225 that a password is not passed on the command line (where it may be
226 seen by the ps command).
227 <p><br>If the service you are connecting to requires a password, it can be
228 supplied using the <a href="rpcclient.1.html#minusU"><strong>-U</strong></a> option, by appending a percent symbol ("%")
229 then the password to username. For example, to attach to a service as
230 user <code>"fred"</code> with password <code>"secret"</code>, you would specify. <br>
231 <p><br><code>-U fred%secret</code> <br>
232 <p><br>on the command line. Note that there are no spaces around the percent
234 <p><br>If you specify the password as part of username then the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option
235 (suppress password prompt) is assumed.
236 <p><br>If you specify the password as a parameter <em>AND</em> as part of username
237 then the password as part of username will take precedence. Putting
238 nothing before or nothing after the percent symbol will cause an empty
239 username or an empty password to be used, respectively.
240 <p><br>The password may also be specified by setting up an environment
241 variable called <code>PASSWORD</code> that contains the users password. Note
242 that this may be very insecure on some systems but on others allows
243 users to script rpcclient commands without having a password appear in
244 the command line of a process listing.
245 <p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist
246 on an uppercase password. Lowercase or mixed case passwords may be
247 rejected by these servers.
248 <p><br>Be cautious about including passwords in scripts or in the
249 <code>PASSWORD</code> environment variable. Also, on many systems the command
250 line of a running process may be seen via the <code>ps</code> command to be
251 safe always allow rpcclient to prompt for a password and type it in
253 <p><br><a name="minust"></a>
254 <li><strong><strong>-t terminal code</strong></strong> This option tells rpcclient how to interpret
255 filenames coming from the remote server. Usually Asian language
256 multibyte UNIX implementations use different character sets than
257 SMB/CIFS servers (<em>EUC</em> instead of <em>SJIS</em> for example). Setting
258 this parameter will let rpcclient convert between the UNIX filenames
259 and the SMB filenames correctly. This option has not been seriously
260 tested and may have some problems.
261 <p><br>The terminal codes include <code>sjis</code>, <code>euc</code>, <code>jis7</code>, <code>jis8</code>,
262 <code>junet</code>, <code>hex</code>, <code>cap</code>. This is not a complete list, check the
263 Samba source code for the complete list.
264 <p><br><a name="minusm"></a>
265 <li><strong><strong>-m max protocol level</strong></strong> With the new code in Samba2.0,
266 <strong>rpcclient</strong> always attempts to connect at the maximum
267 protocols level the server supports. This parameter is
268 preserved for backwards compatibility, but any string
269 following the <strong>-m</strong> will be ignored.
270 <p><br><a name="minusW"></a>
271 <li><strong><strong>-W Domain</strong></strong> Override the default Domain, which is the remote server's
272 Domain. This option may be needed to connect to some servers. It is also
273 possible to specify the remote server name as the Domain, which will
274 force the username and password to be authenticated against the remote
275 server's local SAM instead of the Domain SAM.
276 <p><br><a name="minusc"></a>
277 <li><strong><strong>-c command string</strong></strong> command string is a semicolon separated
278 list of commands to be executed instead of prompting from stdin.
279 <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> is implied by <strong>-c</strong>.
280 <p><br>This is particularly useful in scripts, e.g. <code>-c 'lsaquery; enumusers -u'</code>.
282 <p><br><a name="OPERATIONS"></a>
285 <p><br>Once the client is running, the user is presented with a prompt :
286 <p><br><code>smb:\></code>
287 <p><br>The prompt indicates that the client is ready and waiting to carry out
288 a user command. Each command is a single word, optionally followed by
289 parameters specific to that command. Command and parameters are
290 space-delimited unless these notes specifically state otherwise. All
291 commands are case-insensitive. Parameters to commands may or may not
292 be case sensitive, depending on the command.
293 <p><br>You can specify names (e.g registry keys; user or group names;
294 service names) which have spaces in them by quoting the
295 name with double quotes, for example "dRMON SmartAgent".
296 <p><br>Parameters shown in square brackets (e.g., "[parameter]") are
297 optional. If not given, the command will use suitable
298 defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
300 <p><br>Note that all commands operating on the server are actually performed
301 by issuing a request to the server. Thus the behavior may vary from
302 server to server, depending on how the server was implemented.
303 <p><br>The commands available are listed in groups relating to different services:
305 <p><br><li><strong>Misccellaneous</strong>
307 <p><br><a name="questionmark"></a> <li><strong><strong>? [command]</strong></strong> If "command" is specified,
308 the <strong>?</strong> command will display a brief informative message about the
309 specified command. If no command is specified, a list of available
310 commands will be displayed.
311 <p><br><a name="exclaimationmark"></a> <li><strong><strong>! [shell command]</strong></strong> If "shell command"
312 is specified, the <strong>!</strong> command will execute a shell locally and run
313 the specified shell command. If no command is specified, a local shell
315 <p><br><a name="exit"></a> <li><strong><strong>exit</strong></strong> Terminate the connection with the server and
316 exit from the program.
317 <p><br><a name="help"></a> <li><strong><strong>help [command]</strong></strong> See the <a href="rpcclient.1.html#questionmark"><strong>?</strong></a>
319 <p><br><a name="quit"></a> <li><strong><strong>quit</strong></strong> See the <a href="rpcclient.1.html#exit"><strong>exit</strong></a> command.
321 <p><br><li><strong>Event Log</strong>
323 <p><br><a name="eventlog"></a> <li><strong><strong>eventlog</strong></strong>
326 <p><br><li><strong>Service Control</strong>
327 <p><br>These commands provide functionality similar to the Windows
328 NT Service Control Manager.
329 <p><br>It is possible to use command-line completion (if you have
330 the GNU readline library) for Service names, by pressing the
333 <p><br><a name="svcenum"></a> <li><strong><strong>svcenum</strong></strong>
335 <p><br><a name="svcinfo"></a> <li><strong><strong>svcinfo</strong></strong>
336 <service> Service Information
337 <p><br><a name="svcstart"></a> <li><strong><strong>svcstart</strong></strong>
338 <service> [arg 0] [arg 1] ... Start Service
339 <p><br><a name="svcstop"></a> <li><strong><strong>svcstop</strong></strong>
340 <service> Stop Service
342 <p><br><li><strong>Scheduler</strong>
344 <p><br><a name="at"></a> <li><strong><strong>at</strong></strong>
345 Scheduler control (at /? for syntax)
347 <p><br><li><strong>Registry</strong>
348 <p><br>It is possible to use command-line completion (if you have
349 the GNU readline library) for registry key and value names,
350 by pressing the tab key.
352 <p><br><a name="regenum"></a> <li><strong><strong>regenum</strong></strong>
353 <keyname> Registry Enumeration (keys, values)
354 <p><br><a name="regdeletekey"></a> <li><strong><strong>regdeletekey</strong></strong>
355 <keyname> Registry Key Delete
356 <p><br><a name="regcreatekey"></a> <li><strong><strong>regcreatekey</strong></strong>
357 <keyname> [keyclass] Registry Key Create
358 <p><br><a name="shutdown"></a> <li><strong><strong>shutdown</strong></strong>
359 [-m message] [-t timeout] [-r or --reboot] Server Shutdown
360 <p><br><a name="regqueryval"></a> <li><strong><strong>regqueryval</strong></strong>
361 <valname> Registry Value Query
362 <p><br><a name="regquerykey"></a> <li><strong><strong>regquerykey</strong></strong>
363 <keyname> Registry Key Query
364 <p><br><a name="regdeleteval"></a> <li><strong><strong>regdeleteval</strong></strong>
365 <valname> Registry Value Delete
366 <p><br><a name="regcreateval"></a> <li><strong><strong>regcreateval</strong></strong>
367 <valname> <valtype> <value> Registry Key Create
368 <p><br><a name="reggetsec"></a> <li><strong><strong>reggetsec</strong></strong>
369 <keyname> Registry Key Security
370 <p><br><a name="regtestsec"></a> <li><strong><strong>regtestsec</strong></strong>
371 <keyname> Test Registry Key Security
373 <p><br><li><strong>Printing</strong>
374 <p><br>It is possible to use command-line completion (if you have
375 the GNU readline library) for Printer and job names, by
376 pressing the tab key.
378 <p><br><a name="spoolenum"></a> <li><strong><strong>spoolenum</strong></strong>
379 Enumerate Printers. This experimental command lists
380 all printers available on a remote spooler service.
381 <p><br><a name="spooljobs"></a> <li><strong><strong>spooljobs</strong></strong>
382 <printer name> Enumerate Printer Jobs. This
383 experimental command lists all jobs, and their
384 status, currently queued on a remote spooler
386 <p><br><a name="spoolopen"></a> <li><strong><strong>spoolopen</strong></strong>
387 <printer name> Spool Printer Open Test. Experimental.
389 <p><br><li><strong>Server</strong>
391 <p><br><a name="time"></a> <li><strong><strong>time</strong></strong>
393 <p><br><a name="brsinfo"></a> <li><strong><strong>brsinfo</strong></strong>
395 <p><br><a name="wksinfo"></a> <li><strong><strong>wksinfo</strong></strong>
396 Workstation Query Info
397 <p><br><a name="srvinfo"></a> <li><strong><strong>srvinfo</strong></strong>
399 <p><br><a name="srvsessions"></a> <li><strong><strong>srvsessions</strong></strong>
400 List sessions on a server
401 <p><br><a name="srvshares"></a> <li><strong><strong>srvshares</strong></strong>
402 List shares on a server
403 <p><br><a name="srvtransports"></a> <li><strong><strong>srvtransports</strong></strong>
404 List transports on a server
405 <p><br><a name="srvconnections"></a> <li><strong><strong>srvconnections</strong></strong>
406 List connections on a server
407 <p><br><a name="srvfiles"></a> <li><strong><strong>srvfiles</strong></strong>
408 List files on a server
410 <p><br><li><strong>Local Security Authority</strong>
412 <p><br><a name="lsaquery"></a> <li><strong><strong>lsaquery</strong></strong>
413 Query Info Policy (domain member or server). Obtains
414 the SID and name of the SAM database that a server
415 is responsible for (i.e a workstation's local SAM
416 database or the PDC SAM database). Also obtains the
417 SID and name of the SAM database that a server is
419 <p><br><a name="lsaenumdomains"></a> <li><strong><strong>lsaenumdomains</strong></strong>
420 Enumerate Trusted Domains. Lists all Trusted and
421 Trusting Domains with which the remote PDC has
422 trust relationships established.
423 <p><br><a name="lookupsids"></a> <li><strong><strong>lookupsids</strong></strong>
424 <rid1 or sid1> <rid1 or sid2> ... Resolve names from SIDs.
425 Mostly to be used by developers or for troubleshooting,
426 this command can take either Security Identifiers or Relative
427 Identifiers, and look them up in the local SAM database
428 (or look them up in a remote Trusting or Trusted PDC's SAM
429 database if there is an appropriate Trust Relationship
430 established). The result is a list of names, of the
432 <code>[TRUST_DOMAIN\]name</code>. <br>
433 the <a href="rpcclient.1.html#lsaquery"><strong>lsaquery</strong></a> command must have been
434 issued first if you wish to use lookupsids to resolve
435 RIDs. The only RIDs that will be resolved will be those
436 in the SAM database of the server to which you are connected.
437 <p><br><a name="lookupnames"></a> <li><strong><strong>lookupnames</strong></strong>
438 <name1> <name2> ... Resolve SIDs from names.
439 Mostly to be used by developers or for troubleshooting,
440 this command can take names of the following format: <br>
441 <code>[DOMAIN_NAME\]name</code>. <br>
442 The names, which can be user, group or alias names, will
443 either be looked up in the local SAM database or in a remote
444 Trusting or Trusted PDC's SAM database, if there is an
445 appropriate Trust Relationship established. The optional
446 Domain name component is the name of a SAM database, which
447 can include a workstation's local SAM database or a Trusted
450 <code>lookupnames WKSTANAME\Administrator "Domain Guests"</code> <br>
451 <p><br><a name="querysecret"></a> <li><strong><strong>querysecret</strong></strong>
452 LSA Query Secret (developer use). This command only appears
453 to work against NT4 SP3 and below. Due to its potential
454 for misuse, it looks like Microsoft modified their
455 implementation of the LsaRetrievePrivateData call to
456 always return NT_STATUS_ACCESS_DENIED.
458 <p><br><li><strong>NETLOGON</strong>
460 <p><br><a name="ntlogin"></a> <li><strong><strong>ntlogin</strong></strong>
461 [username] [password] NT Domain login test. Demonstrates
462 how NT-style logins work. Mainly for developer usage,
463 it can also be used to verify that a user can log in
464 from a workstation. If you cannot ever get pam_ntdom
465 to work, try this command first.
466 <p><br><a name="domtrust"></a> <li><strong><strong>domtrust</strong></strong>
467 <domain> NT Inter-Domain test. Demonstrates how NT-style
468 Inter-Domain Trust relationships work. Mainly for
469 developer usage, it can also be used to verify that a
470 Trust Relationship is correctly established with a
472 <p><br><a name="samsync"></a> <li><strong><strong>samsync</strong></strong>
473 SAM Synchronisation Test (experimental). This command
474 is used to manually synchronise a SAM database from a
475 remote PDC, when Samba is set up as a Backup Domain
478 <p><br><li><strong>SAM Database</strong>
479 <p><br>It is possible to use command-line completion (if you have
480 the GNU readline library) for user, group, alias and domain
481 names, by pressing the tab key.
483 <p><br><a name="lookupdomain"></a> <li><strong><strong>lookupdomain</strong></strong>
484 Obtain SID for a local domain
485 <p><br><a name="enumusers"></a> <li><strong><strong>enumusers</strong></strong>
486 SAM User Database Query (experimental!)
487 <p><br><a name="addgroupmem"></a> <li><strong><strong>addgroupmem</strong></strong>
488 <group rid> [user] [user] ... SAM Add Domain Group Member
489 <p><br><a name="addaliasmem"></a> <li><strong><strong>addaliasmem</strong></strong>
490 <alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member
491 <p><br><a name="delgroupmem"></a> <li><strong><strong>delgroupmem</strong></strong>
492 <group rid> [user] [user] ... SAM Delete Domain Group Member
493 <p><br><a name="delaliasmem"></a> <li><strong><strong>delaliasmem</strong></strong>
494 <alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member
495 <p><br><a name="creategroup"></a> <li><strong><strong>creategroup</strong></strong>
496 SAM Create Domain Group
497 <p><br><a name="createalias"></a> <li><strong><strong>createalias</strong></strong>
498 SAM Create Domain Alias
499 <p><br><a name="createuser"></a> <li><strong><strong>createuser</strong></strong>
500 <username> SAM Create Domain User
501 <p><br><a name="delgroup"></a> <li><strong><strong>delgroup</strong></strong>
502 SAM Delete Domain Group
503 <p><br><a name="delalias"></a> <li><strong><strong>delalias</strong></strong>
504 SAM Delete Domain Alias
505 <p><br><a name="ntpass"></a> <li><strong><strong>ntpass</strong></strong>
506 NT SAM Password Change
507 <p><br><a name="samuserset2"></a> <li><strong><strong>samuserset2</strong></strong>
508 <username> [-s acb_bits] SAM User Set Info 2 (experimental!)
509 <p><br><a name="samuserset"></a> <li><strong><strong>samuserset</strong></strong>
510 <username> [-p password] SAM User Set Info (experimental!)
511 <p><br><a name="samuser"></a> <li><strong><strong>samuser</strong></strong>
512 <username> SAM User Query (experimental!)
513 <p><br><a name="samgroup"></a> <li><strong><strong>samgroup</strong></strong>
514 <groupname> SAM Group Query (experimental!)
515 <p><br><a name="samalias"></a> <li><strong><strong>samalias</strong></strong>
516 <aliasname> SAM Alias Query
517 <p><br><a name="samaliasmem"></a> <li><strong><strong>samaliasmem</strong></strong>
518 <aliasname> SAM Alias Members
519 <p><br><a name="samgroupmem"></a> <li><strong><strong>samgroupmem</strong></strong>
521 <p><br><a name="samtest"></a> <li><strong><strong>samtest</strong></strong>
522 SAM User Encrypted RPC test (experimental!)
523 <p><br><a name="enumaliases"></a> <li><strong><strong>enumaliases</strong></strong>
524 SAM Aliases Database Query (experimental!)
525 <p><br><a name="enumdomains"></a> <li><strong><strong>enumdomains</strong></strong>
526 SAM Domains Database Query (experimental!)
527 <p><br><a name="enumgroups"></a> <li><strong><strong>enumgroups</strong></strong>
528 SAM Group Database Query (experimental!)
529 <p><br><a name="dominfo"></a> <li><strong><strong>dominfo</strong></strong>
530 SAM Query Domain Info
531 <p><br><a name="dispinfo"></a> <li><strong><strong>dispinfo</strong></strong>
532 SAM Query Display Info
535 <p><br><a name="NOTES"></a>
538 <p><br>Some servers are fussy about the case of supplied usernames,
539 passwords, share names (AKA service names) and machine names. If you
540 fail to connect try giving all parameters in uppercase.
541 <p><br>It is often necessary to use the <a href="rpcclient.1.html#minusn"><strong>-n</strong></a> option when connecting
542 to some types of servers. For example OS/2 LanManager insists on a valid
543 NetBIOS name being used, so you need to supply a valid name that would
544 be known to the server.
545 <p><br>rpcclient only works on servers that support MSRPC over SMB. This includes
546 all versions of Windows NT, including the ports to Unix such as AS/U and
547 AFPS. Support for MSRPC over SMB in other servers is currently rare and
548 patchy, for example Samba 2.0 only supports a limited set of MSRPC commands,
549 and some of those are not supported very well.
550 <p><br><a name="ENVIRONMENTVARIABLES"></a>
551 <h2>ENVIRONMENT VARIABLES</h2>
553 <p><br>The variable <strong>USER</strong> may contain the username of the person using the
554 client. This information is used only if the protocol level is high
555 enough to support session-level passwords.
556 <p><br>The variable <strong>PASSWORD</strong> may contain the password of the person using
557 the client. This information is used only if the protocol level is
558 high enough to support session-level passwords.
559 <p><br><a name="INSTALLATION"></a>
560 <h2>INSTALLATION</h2>
562 <p><br>The location of the client program is a matter for individual system
563 administrators. The following are thus suggestions only.
564 <p><br>It is recommended that the rpcclient software be installed in the
565 /usr/local/samba/bin or /usr/samba/bin directory, this directory
566 readable by all, writeable only by root. The client program itself
567 should be executable by all. The client should <em>NOT</em> be setuid or
569 <p><br>The client log files should be put in a directory readable and
570 writeable only by the user.
571 <p><br>To test the client, you will need to know the name of a running
572 SMB/CIFS server. It is possible to run <a href="smbd.8.html"><strong>smbd (8)</strong></a>
573 an ordinary user - running that server as a daemon on a
574 user-accessible port (typically any port number over 1024) would
575 provide a suitable test server.
576 <p><br><a name="DIAGNOSTICS"></a>
579 <p><br>Most diagnostics issued by the client are logged in a specified log
580 file. The log file name is specified at compile time, but may be
581 overridden on the command line.
582 <p><br>The number and nature of diagnostics available depends on the debug
583 level used by the client. If you have problems, set the debug level to
584 3 and peruse the log files.
585 <p><br><a name="VERSION"></a>
588 <p><br>This man page is correct for version 2.0 of the Samba suite.
589 <p><br><a name="BUGS"></a>
593 <li><strong>WARNING!</strong>
594 The MSPRC over SMB code has been developed from examining Network traces.
595 No documentation is available from the original creators (Microsoft) on
596 how MSRPC over SMB works, or how the individual MSRPC services work.
597 Microsoft's implementation of these services has been demonstrated (and
598 reported) to be... a bit flakey in places.
599 <p><br>The development of Samba's implementation of these services is <em>also</em>
600 a bit rough, and as more of the services are understood, it can even result
601 in versions of <a href="smbd.8.html"><strong>smbd (8)</strong></a> and rpcclient that are
602 incompatible for some commands or services. Additionally, the developers
603 are sending reports to Microsoft, and problems found by or reported to
604 Microsoft are fixed in Service Packs, which may also result in
606 <p><br>It is therefore not guaranteed that the execution of an rpcclient command will
607 work. It is also not guaranteed that the target server will continue to
608 operate, i.e the execution of an MSRPC command may cause a remote service to
609 fail, or even cause the remote server to fail. Usual rules apply, of course:
610 the developers bear absolutely no responsibility for the use, misuse, or
611 lack of use of rpcclient, by any person or persons, whether legal,
612 illegal, accidental, deliberate, intentional, malicious, curious, etc.
613 <p><br><li><strong>Command Completion</strong>
614 Command-completion (available if you have the GNU readline library) used on
615 certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but
616 you will have to go back and put quotes round it, yourself.
617 <p><br><li><strong>SAM Database command-completion</strong>
618 Command-completion (available if you have the GNU readline library) of user,
619 group and alias names does not work on remote Domains, which would normally
620 be specified like this: <br>
621 <code>DOMAIN_name\user_name</code>. <br>
622 The only names that can be completed in this fashion are the local names
623 in the SAM database of the target server.
624 <p><br><li><strong><a href="rpcclient.1.html#spoolenum"><strong>spoolenum</strong></a></strong>
625 Due to current limitations in the rpcclient MSRPC / SMB code, and due to
626 the extremely poor MSRPC implementation (by Microsoft) of the spooler
627 service, if there are a large number of printers (or the names / comment
628 fields associated with the printers), this command will fail. The
629 limitations require further research to be carried out; we're stuck with
630 the poor \PIPE\spoolss design.
632 <p><br><a name="AUTHOR"></a>
635 <p><br>The original Samba software and related utilities were created by
636 Andrew Tridgell <a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>. Samba is now developed
637 by the Samba Team as an Open Source project similar to the way the
638 Linux kernel is developed.
639 <p><br>The original Samba man pages were written by Karl Auer. The man page
640 sources were converted to YODL format (another excellent piece of Open
641 Source software, available at
642 <a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
643 and updated for the Samba2.0 release by Jeremy Allison. This man page
644 was developed cut-and-paste style from the smbclient man page, by
645 Luke Kenneth Casson Leighton.
646 <a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>.
647 <p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
648 list of contributors and details on how to submit bug reports,