summaryrefslogtreecommitdiffstats
path: root/docs/yodldocs
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-11-20 17:57:28 +0000
committerLuke Leighton <lkcl@samba.org>1999-11-20 17:57:28 +0000
commit476828342bd6552eb20f717595b5f4cb7397f33e (patch)
tree242a3afca6e3d606c10fcae94d20f62b2ece9b0e /docs/yodldocs
parent8702a73d679ebc09a9b31be597e6746518a7dd29 (diff)
downloadsamba-476828342bd6552eb20f717595b5f4cb7397f33e.tar.gz
samba-476828342bd6552eb20f717595b5f4cb7397f33e.tar.xz
samba-476828342bd6552eb20f717595b5f4cb7397f33e.zip
adding bits about SAM database security, and what the SAM commands are
actually for. (This used to be commit f973195b5cf9631bdb0206bf0fd16e23d5e70e4e)
Diffstat (limited to 'docs/yodldocs')
-rw-r--r--docs/yodldocs/rpcclient.1.yo35
1 files changed, 30 insertions, 5 deletions
diff --git a/docs/yodldocs/rpcclient.1.yo b/docs/yodldocs/rpcclient.1.yo
index 22cd3d20720..88b21047422 100644
--- a/docs/yodldocs/rpcclient.1.yo
+++ b/docs/yodldocs/rpcclient.1.yo
@@ -611,6 +611,26 @@ dit(NETLOGON)
dit(SAM Database)
+ The SAM Database holds user, group and alias information.
+ The commands listed below allow operations such as adding
+ user accounts and changing their password; listing known
+ Domains; listing user, group and alias accounts; listing the
+ members of groups and aliases; adding or removing members
+ from groups and aliases.
+
+ The commands that make changes are protected by Access Control
+ permissions on the remote server. You will therefore need to
+ be in the right NT group in order to perform certain operations.
+ If you find that a command fails with an NT_STATUS_ACCESS_DENIED
+ error and you think you should be able to perform that command,
+ talk to your Administrator: your username is probably not in the
+ correct NT alias or group (e.g Account Operators; Domain Admin).
+
+ The commands that view information usually require less
+ user privileges. However, a particular remote server may be
+ configured with better security settings, so a command that
+ succeeds on one server may not succeed on another.
+
It is possible to use command-line completion (if you have
the GNU readline library) for user, group, alias and domain
names, by pressing the tab key.
@@ -777,19 +797,24 @@ reported) to be... a bit flakey in places.
The development of Samba's implementation of these services is em(also)
a bit rough, and as more of the services are understood, it can even result
in versions of url(bf(smbd (8)))(smbd.8.html) and rpcclient that are
-incompatible for some commands or services. Additionally, the developers
-are sending reports to Microsoft, and problems found by or reported to
-Microsoft are fixed in Service Packs, which may also result in
+backwards-incompatible for some commands or services. Additionally, the
+developers are sending reports to Microsoft, and problems found by or
+reported to Microsoft are fixed in Service Packs, which may also result in
incompatibilities.
It is therefore not guaranteed that the execution of an rpcclient command will
work. It is also not guaranteed that the target server will continue to
operate, i.e the execution of an MSRPC command may cause a remote service to
fail, or even cause the remote server to fail. Usual rules apply, of course:
-the developers bear absolutely no responsibility for the use, misuse, or
-lack of use of rpcclient, by any person or persons, whether legal,
+the developers bear absolutely no responsibility or liability for the use,
+misuse, or lack of use of rpcclient, by any person or persons, whether legal,
illegal, accidental, deliberate, intentional, malicious, curious, etc.
+This em(particularly) applies to the registry and SAM database commands.
+As you are using a command-line tool not a mouse-clicky tool, you have
+already proven yourself to be savvy, however if you don't know what you're
+doing, then em(don't do it!).
+
dit(Command Completion)
Command-completion (available if you have the GNU readline library) used on
certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but