<!ENTITY email.jelmer 'jelmer@samba.org'>
<!ENTITY email.jht 'jht@samba.org'>
<!ENTITY email.ghenry 'ghenry@suretecsystems.com'>
+<!ENTITY email.asn 'asn@samba.org'>
<!-- Author entities -->
+<!ENTITY person.asn '
+<firstname>Andreas</firstname><surname>Schneider</surname>
+<affiliation>
+ <orgname>The Samba Team</orgname>
+ <address><email>asn@samba.org</email></address>
+</affiliation>'>
+
+<!ENTITY author.asn '<author>&person.asn;</author>'>
+
<!ENTITY person.jelmer '
<firstname>Jelmer</firstname><othername>R.</othername><surname>Vernooij</surname><othername>R.</othername>
<affiliation>
</affiliation>
</author>'>
+<!ENTITY cmdline.common.debug.client '
+<varlistentry>
+ <term>-d|--debuglevel=DEBUGLEVEL</term>
+ <listitem>
+ <para>
+ <replaceable>level</replaceable> is an integer from 0
+ to 10. The default value if this parameter is not
+ specified is 1 for client applications.
+ </para>
+
+ <para>
+ The higher this value, the more detail will be logged
+ to the log files about the activities of the server. At
+ level 0, only critical errors and serious warnings will
+ be logged. Level 1 is a reasonable level for day-to-day
+ running - it generates a small amount of information
+ about operations carried out.
+ </para>
+
+ <para>
+ Levels above 1 will generate considerable amounts of
+ log data, and should only be used when investigating a
+ problem. Levels above 3 are designed for use only by
+ developers and generate HUGE amounts of log data, most
+ of which is extremely cryptic.
+ </para>
+
+ <para>
+ Note that specifying this parameter here will override
+ the <smbconfoption name="log level" /> parameter in the
+ &smb.conf; file.
+ </para>
+ </listitem>
+</varlistentry>
+
+<varlistentry>
+ <term>--debug-stdout</term>
+ <listitem>
+ <para>
+ This will redirect debug output to STDOUT. By default
+ all clients are logging to STDERR.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.debug.server '
+<varlistentry>
+ <term>-d|--debuglevel=DEBUGLEVEL</term>
+
+ <listitem>
+ <para>
+ <replaceable>level</replaceable> is an integer from 0
+ to 10. The default value if this parameter is not
+ specified is 0.
+ </para>
+
+ <para>
+ The higher this value, the more detail will be logged
+ to the log files about the activities of the server. At
+ level 0, only critical errors and serious warnings will
+ be logged. Level 1 is a reasonable level for day-to-day
+ running - it generates a small amount of information
+ about operations carried out.
+ </para>
+
+ <para>
+ Levels above 1 will generate considerable amounts of
+ log data, and should only be used when investigating a
+ problem. Levels above 3 are designed for use only by
+ developers and generate HUGE amounts of log data, most
+ of which is extremely cryptic.
+ </para>
+
+ <para>
+ Note that specifying this parameter here will override
+ the <smbconfoption name="log level" /> parameter in the
+ &smb.conf; file.
+ </para>
+ </listitem>
+
+ <term>--debug-stdout</term>
+ <listitem>
+ <para>
+ This will redirect debug output to STDOUT. By default
+ server daemons are logging to a log file.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.option '
+<varlistentry>
+ <term>--option=<name>=<value></term>
+ <listitem>
+ <para>
+ Set the
+ <citerefentry><refentrytitle>smb.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> option
+ "<name>" to value "<value>" from the
+ command line. This overrides compiled-in defaults and
+ options read from the configuration file. If a name or
+ a value includes a space, wrap whole
+ --option=name=value into quotes.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.config.client '
+<varlistentry>
+ <term>--configfile=<configuration file></term>
+ <listitem>
+ <para>
+ The file specified contains the configuration details
+ required by the client. The information in this file
+ can be general for client and server or only provide
+ client specific like options such as
+ <smbconfoption name="client smb encrypt" />. See
+ &smb.conf; for more information. The default
+ configuration file name is determined at compile time.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.config.server '
+<varlistentry>
+ <term>--configfile=CONFIGFILE</term>
+ <listitem>
+ <para>
+ The file specified contains the configuration details
+ required by the server. The information in this file
+ includes server-specific information such as what
+ printcap file to use, as well as descriptions of all
+ the services that the server is to provide. See
+ &smb.conf; for more information. The default
+ configuration file name is determined at compile
+ time.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.version '
+<varlistentry>
+ <term>-V|--version</term>
+ <listitem>
+ <para>
+ Prints the program version number.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.samba.logbasename '
+<varlistentry>
+ <term>-l|--log-basename=logdirectory</term>
+ <listitem>
+ <para>
+ Base directory name for log/debug files. The extension
+ <constant>".progname"</constant> will be appended (e.g.
+ log.smbclient, log.smbd, etc...). The log file is never
+ removed by the client.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.samba.leakreport '
+<varlistentry>
+ <term>--leak-report</term>
+ <listitem>
+ <para>
+ Enable talloc leak reporting on exit.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.samba.leakreportfull '
+<varlistentry>
+ <term>--leak-report-full</term>
+ <listitem>
+ <para>
+ Enable full talloc leak reporting on exit.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.samba.client '
+&cmdline.common.debug.client;
+&cmdline.common.config.client;
+&cmdline.common.option;
+&cmdline.common.samba.logbasename;
+&cmdline.common.samba.leakreport;
+&cmdline.common.samba.leakreportfull;
+&cmdline.version;
+'>
+
+<!ENTITY cmdline.common.samba.server '
+&cmdline.common.debug.server;
+&cmdline.common.config.server;
+&cmdline.common.option;
+&cmdline.common.samba.logbasename;
+&cmdline.common.samba.leakreport;
+&cmdline.common.samba.leakreportfull;
+&cmdline.version;
+'>
+
+<!ENTITY cmdline.common.connection.nameresolve '
+<varlistentry>
+ <term>-R|--name-resolve=NAME-RESOLVE-ORDER</term>
+ <listitem>
+ <para>
+ This option is used to determine what naming services
+ and in what order to resolve host names to IP
+ addresses. The option takes a space-separated string of
+ different name resolution options. The best ist to wrap
+ the whole --name-resolve=NAME-RESOLVE-ORDER into
+ quotes.
+ </para>
+
+ <para>
+ The options are: "lmhosts", "host", "wins" and "bcast".
+ They cause names to be resolved as follows:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ <constant>lmhosts</constant>: Lookup an
+ IP address in the Samba lmhosts file.
+ If the line in lmhosts has no name type
+ attached to the NetBIOS name (see the
+ <citerefentry><refentrytitle>lmhosts</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry>
+ for details) then any name type matches
+ for lookup.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <constant>host</constant>: Do a
+ standard host name to IP address
+ resolution, using the system
+ <filename>/etc/hosts</filename>, NIS,
+ or DNS lookups. This method of name
+ resolution is operating system
+ dependent, for instance on IRIX or
+ Solaris this may be controlled by the
+ <filename>/etc/nsswitch.conf
+ </filename> file). Note that this
+ method is only used if the NetBIOS name
+ type being queried is the 0x20 (server)
+ name type, otherwise it is ignored.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <constant>wins</constant>: Query a name
+ with the IP address listed in the
+ <parameter>wins server</parameter>
+ parameter. If no WINS server has been
+ specified this method will be ignored.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <constant>bcast</constant>: Do a
+ broadcast on each of the known local
+ interfaces listed in the
+ <parameter>interfaces</parameter>
+ parameter. This is the least reliable
+ of the name resolution methods as it
+ depends on the target host being on a
+ locally connected subnet.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ If this parameter is not set then the name resolve
+ order defined in the &smb.conf; file parameter
+ (<smbconfoption name="name resolve order" />) will be
+ used.
+ </para>
+
+ <para>
+ The default order is lmhosts, host, wins, bcast.
+ Without this parameter or any entry in the
+ <smbconfoption name="name resolve order" /> parameter
+ of the &smb.conf; file, the name resolution methods
+ will be attempted in this order.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.connection.socketoptions '
+<varlistentry>
+ <term>-O|--socket-options=SOCKETOPTIONS</term>
+ <listitem>
+ <para>
+ TCP socket options to set on the client socket. See the
+ socket options parameter in the &smb.conf; manual page
+ for the list of valid options.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.connection.netbiosname '
+<varlistentry>
+ <term>-n|--netbiosname=NETBIOSNAME</term>
+ <listitem>
+ <para>
+ This option allows you to override the NetBIOS name
+ that Samba uses for itself. This is identical to
+ setting the <smbconfoption name="netbios name" />
+ parameter in the &smb.conf; file. However, a command
+ line setting will take precedence over settings in
+ &smb.conf;.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.connection.workgroup '
+<varlistentry>
+ <term>-W|--workgroup=WORKGROUP</term>
+ <listitem>
+ <para>
+ Set the SMB domain of the username. This overrides
+ the default domain which is the domain defined in
+ smb.conf. If the domain specified is the same as the
+ servers NetBIOS name, it causes the client to log on
+ using the servers local SAM (as opposed to the Domain
+ SAM).
+ </para>
+
+ <para>
+ Note that specifying this parameter here will override
+ the <smbconfoption name="workgroup" /> parameter in the
+ &smb.conf; file.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.connection.realm '
+<varlistentry>
+ <term>-r|--realm=REALM</term>
+ <listitem>
+ <para>
+ Set the realm for the domain.
+ </para>
+
+ <para>
+ Note that specifying this parameter here will override
+ the <smbconfoption name="realm" /> parameter in the
+ &smb.conf; file.
+ </para>
+ </listitem>
+</varlistentry>'>
+
+<!ENTITY cmdline.common.connection.netbiosscope '
+<varlistentry>
+ <term>--netbios-scope=SCOPE</term>
+ <listitem>
+ <para>
+ This specifies a NetBIOS scope that
+ <command>nmblookup</command> will use to communicate
+ with when generating NetBIOS names. For details on the
+ use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt.
+ NetBIOS scopes are <emphasis>very</emphasis> rarely
+ used, only set this parameter if you are the system
+ administrator in charge of all the NetBIOS systems you
+ communicate with.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.connection.maxprotocol '
+<varlistentry>
+ <term>-m|--maxprotocol=MAXPROTOCOL</term>
+ <listitem>
+ <para>
+ The value of the parameter (a string) is the highest
+ protocol level that will be supported by the client.
+ </para>
+
+ <para>
+ Note that specifying this parameter here will override
+ the <smbconfoption name="client max protocol" />
+ parameter in the &smb.conf; file.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.connection '
+&cmdline.common.connection.nameresolve;
+&cmdline.common.connection.socketoptions;
+&cmdline.common.connection.maxprotocol;
+&cmdline.common.connection.netbiosname;
+&cmdline.common.connection.netbiosscope;
+&cmdline.common.connection.workgroup;
+&cmdline.common.connection.realm;
+'>
+
+<!ENTITY cmdline.common.credentials.user '
+<varlistentry>
+ <term>-U|--user=[DOMAIN\]USERNAME[&pct;PASSWORD]</term>
+ <listitem>
+ <para>
+ Sets the SMB username or username and password.
+ </para>
+
+ <para>
+ If &pct;password is not specified, the user will be
+ prompted. The client will first check the
+ <envar>USER</envar> environment variable, then the
+ <envar>LOGNAME</envar> variable and if either exists,
+ the string is uppercased. If these environmental
+ variables are not found, the username
+ <constant>GUEST</constant> is used.
+ </para>
+
+ <para>
+ A third option is to use a credentials file which
+ contains the plaintext of the username and password.
+ This option is mainly provided for scripts where the
+ admin does not wish to pass the credentials on the
+ command line or via environment variables. If this
+ method is used, make certain that the permissions on
+ the file restrict access from unwanted users. See the
+ <parameter>-A</parameter> for more details.
+ </para>
+
+ <para>
+ Be cautious about including passwords in scripts. For
+ security it is better to let the client ask for the
+ password if needed.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.nopass '
+<varlistentry>
+ <term>-N|--no-pass</term>
+ <listitem>
+ <para>
+ If specified, this parameter suppresses the normal
+ password prompt from the client to the user. This is
+ useful when accessing a service that does not require a
+ password.
+ </para>
+
+ <para>
+ Unless a password is specified on the command line or
+ this parameter is specified, the client will request a
+ password.
+ </para>
+
+ <para>
+ If a password is specified on the command line and this
+ option is also defined the password on the command line
+ will be silently ignored and no password will be
+ used.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.password '
+<varlistentry>
+ <term>--password</term>
+ <listitem>
+ <para>
+ Specify the password on the commandline.
+ </para>
+
+ <para>
+ Be cautious about including passwords in scripts. For
+ security it is better to let the client ask for the
+ password if needed.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.pwnthash '
+<varlistentry>
+ <term>--pw-nt-hash</term>
+ <listitem>
+ <para>
+ The supplied password is the NT hash.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.authenticationfile '
+<varlistentry>
+ <term>-A|--authentication-file=filename</term>
+ <listitem>
+ <para>
+ This option allows you to specify a file from which to
+ read the username and password used in the connection.
+ The format of the file is:
+ </para>
+
+ <para>
+ <programlisting>
+ username = <value>
+ password = <value>
+ domain = <value>
+ </programlisting>
+ </para>
+
+ <para>
+ Make certain that the permissions on the file restrict
+ access from unwanted users!
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.machinepass '
+<varlistentry>
+ <term>-P|--machine-pass</term>
+ <listitem>
+ <para>
+ Use stored machine account password.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.simplebinddn '
+<varlistentry>
+ <term>--simple-bind-dn=DN</term>
+ <listitem>
+ <para>
+ DN to use for a simple bind.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.usekerberos '
+<varlistentry>
+ <term>--use-kerberos=desired|required|off</term>
+ <listitem>
+ <para>
+ This parameter determines whether Samba client tools
+ will try to authenticate using Kerberos. For Kerberos
+ authentication you need to use dns names instead of IP
+ addresses when connnecting to a service.
+ </para>
+
+ <para>
+ Note that specifying this parameter here will override
+ the <smbconfoption name="client use kerberos" />
+ parameter in the &smb.conf; file.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.usekrb5ccache '
+<varlistentry>
+ <term>--use-krb5-ccache=CCACHE</term>
+ <listitem>
+ <para>
+ Specifies the credential cache location for Kerberos
+ authentication.
+ </para>
+
+ <para>
+ This will set --use-kerberos=required too.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.usewinbindccache '
+<varlistentry>
+ <term>--use-winbind-ccache</term>
+ <listitem>
+ <para>
+ Try to use the credential cache by winbind.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials.clientprotection '
+<varlistentry>
+ <term>--client-protection=sign|encrypt|off</term>
+ <listitem>
+ <para>
+ Sets the connection protection the client tool should
+ use.
+ </para>
+
+ <para>
+ Note that specifying this parameter here will override
+ the <smbconfoption name="client protection" />
+ parameter in the &smb.conf; file.
+ </para>
+
+ <para>
+ In case you need more fine grained control you can use:
+ <command>--option=clientsmbencrypt=OPTION</command>,
+ <command>--option=clientipcsigning=OPTION</command>,
+ <command>--option=clientsigning=OPTION</command>.
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.common.credentials '
+&cmdline.common.credentials.user;
+&cmdline.common.credentials.nopass;
+&cmdline.common.credentials.password;
+&cmdline.common.credentials.pwnthash;
+&cmdline.common.credentials.authenticationfile;
+&cmdline.common.credentials.machinepass;
+&cmdline.common.credentials.simplebinddn;
+&cmdline.common.credentials.usekerberos;
+&cmdline.common.credentials.usekrb5ccache;
+&cmdline.common.credentials.usewinbindccache;
+&cmdline.common.credentials.clientprotection;
+'>
+
+<!ENTITY cmdline.legacy.kerberos.s3 '
+<varlistentry>
+ <term>-k|--kerberos</term>
+ <listitem>
+ <para>
+ Use kerberos authentication. This option is deprecated.
+ Migrate to --use-kerberos!
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+<!ENTITY cmdline.legacy.kerberos.s4 '
+<varlistentry>
+ <term>-k|--kerberos=yes|no</term>
+ <listitem>
+ <para>
+ Wether to use kerberos authentication. This option is
+ deprecated. Migrate to --use-kerberos!
+ </para>
+ </listitem>
+</varlistentry>
+'>
+
+
+
+
<!ENTITY stdarg.server.debug '
<varlistentry>
<term>-d|--debuglevel=level</term>
projects / thirdparty / samba.git / commitdiff
