smbclient,用于访问Server上的资源的像ftp一样的客户端。
命令行语法格式(SYNOPSIS)
smbclient [-b <buffer size>] [-d debuglevel] [-e] [-L <netbios name>] [-U username] [-I destinationIP]
[-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-C] [-g] [-i scope] [-O <socket options>] [-p port]
[-R <name resolve order>] [-s <smb config file>] [-t <per-operation timeout in seconds>] [-k] [-P]
[-c <command>]
smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] [-e] [-D Directory] [-U username]
[-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-C] [-g] [-l log-basename]
[-I destinationIP] [-E] [-c <command string>] [-i scope] [-O <socket options>] [-p port]
[-R <name resolve order>] [-s <smb config file>] [-t <per-operation timeout in seconds>] [-T<c|x>IXFqgbNan]
[-k]
命令简述(DESCRIPTION)
该命令是samba(7)套件的一部分。
smbclient用于与SMB/CIFS Server进行“交流”。它提供了类似于终端下的ftp(1)程序的界面。支持的操作包括从服务器获取文件到本地机器,将文件从本地机器上传到服务器,从服务器检索目录信息等等。
命令支持的选项及含义(OPTIONS)
servicename
servicename是要在server上使用的service的描述。servicename采用//server/service的形式:其中server是提供所需服务的SMB/CIFS Server的NetBIOS Name;service是所提供服务的名称;
因此,要连接到名为“smbserver”的SMB/CIFS Server上的“printer”服务,servicename的格式为://smbserver/printer
注意,所需的server不一定是服务器的IP(DNS)主机名!所需的名称是Server的NetBIOS Name,NetBIOS Name可能与计算机的IP主机名相同,也可能不相同。
根据「smbclient的-R指定的参数」或「smb.conf(5)文件中的name resolve order指定的参数」来进行查找server名称,允许管理员更改查找server名称的顺序和方法。
password
The password required to access the specified service on the specified server. If this parameter is
supplied, the -N option (suppress password prompt) is assumed.
There is no default password. If no password is supplied on the command line (either by using this
parameter or adding a password to the -U option (see below)) and the -N option is not specified, the
client will prompt for a password, even if the desired service does not require one. (If no password is
required, simply press ENTER to provide a null password.)
Note: Some servers (including OS/2 and Windows for Workgroups) insist on an uppercase password. Lowercase
or mixed case passwords may be rejected by these servers.
Be cautious about including passwords in scripts.
-R|–name-resolve <name resolve order>
在Samba套件中的程序,使用此选项来确定「哪些命名服务」以及「以什么顺序」将NetBIOS Name解析为IP地址。该选项采用不同名称解析选项的空格分隔的字符串。
<name resolve order>的格式为空格分隔的多个选项。
支持的选项:”lmhosts”, “host”, “wins”, “bcast”。这些选项使NetBIOS Name按如下进行所述进行解析:
- lmhosts: 在Samba的lmhosts文件中查找IP地址。如果lmhosts中的行没有绑定到NetBIOS Name的名称类型(参阅lmhosts(5)),然后查找任何名称类型。
- host: 使用系统/etc/hosts、NIS、DNS查找来执行主机名到IP地址解析。这种名称解析方法是依赖于操作系统的,例如在IRIX或Solaris上,这可以由/etc/nsswitch.conf文件控制)。注意,仅当正在查询的NetBIOS Name类型为0x20(server)的名字类型时,才使用此方法,否则将被忽略。
- wins: 使用wins server参数中列出的IP地址来查询名称。如果没有指定WINS服务器,则此方法将被忽略。
- bcast:在interfaces参数中列出的每个已知的本地接口上进行广播。这是名称解析方法中最不可靠的,因为它取决于目标主机在本地连接的子网上。
如果未设置此参数,则将使用smb.conf(5)文件中参数(name resolve order)中定义的名称解析顺序。
默认的顺序是lmhosts,host,wins,bcast。如果没有使用-R并且没有在smb.conf(5)文件的的name resolve order参数指定任何条目,将按此顺序尝试名称解析方法。
-M|–message NetBIOS name
This options allows you to send messages, using the “WinPopup” protocol, to another computer. Once a
connection is established you then type your message, pressing ^D (control-D) to end.
If the receiving computer is running WinPopup the user will receive the message and probably a beep. If
they are not running WinPopup the message will be lost, and no error message will occur.
The message is also automatically truncated if the message is over 1600 bytes, as this is the limit of
the protocol.
One useful trick is to pipe the message through smbclient. For example: smbclient -M FRED < mymessage.txt
will send the message in the file mymessage.txt to the machine FRED.
You may also find the -U and -I options useful, as they allow you to control the FROM and TO parts of the
message.
See the message command parameter in the smb.conf(5) for a description of how to handle incoming WinPopup
messages in Samba.
Note: Copy WinPopup into the startup group on your WfWg PCs if you want them to always be able to receive
messages.
-p|–port port
This number is the TCP port number that will be used when making connections to the server. The standard
(well-known) TCP port number for an SMB/CIFS server is 139, which is the default.
-g|–grepable
This parameter provides combined with -L easy parseable output that allows processing with utilities such
as grep and cut.
-m|–max-protocol protocol
This allows the user to select the highest SMB protocol level that smbclient will use to connect to the
server. By default this is set to NT1, which is the highest available SMB1 protocol. To connect using
SMB2 or SMB3 protocol, use the strings SMB2 or SMB3 respectively. Note that to connect to a Windows 2012
server with encrypted transport selecting a max-protocol of SMB3 is required.
-P|–machine-pass
Make queries to the external server using the machine account of the local server.
-I|–ip-address IP-address
IP address is the address of the server to connect to. It should be specified in standard “a.b.c.d”
notation.
Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name
resolution mechanism described above in the name resolve order parameter above. Using this parameter will
force the client to assume that the server is on the machine with the specified IP address and the
NetBIOS name component of the resource being connected to will be ignored.
There is no default for this parameter. If not supplied, it will be determined automatically by the
client as described above.
-E|–stderr
This parameter causes the client to write messages to the standard error stream (stderr) rather than to
the standard output stream.
By default, the client writes messages to standard output – typically the user’s tty.
-L|–list
This option allows you to look at what services are available on a server. You use it as smbclient -L
host and a list should appear. The -I option may be useful if your NetBIOS names don’t match your TCP/IP
DNS host names or if you are trying to reach a host on another network.
-b|–send-buffer buffersize
When sending or receiving files, smbclient uses an internal buffer sized by the maximum number of allowed
requests to the connected server. This command allows this size to be set to any range between 0 (which
means use the default server controlled size) bytes and 16776960 (0xFFFF00) bytes. Using the server
controlled size is the most efficient as smbclient will pipeline as many simultaneous reads or writes
needed to keep the server as busy as possible. Setting this to any other size will slow down the
transfer. This can also be set using the iosize command inside smbclient.
-B|–browse
Browse SMB servers using DNS.
-d|–debuglevel=level
level is an integer from 0 to 10. The default value if this parameter is not specified is 1.
The higher this value, the more detail will be logged to the log files about the activities of the
server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable
level for day-to-day running – it generates a small amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating
a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data,
most of which is extremely cryptic.
Note that specifying this parameter here will override the log level parameter in the smb.conf file.
-V|–version
Prints the program version number.
-s|–configfile=<configuration file>
The file specified contains the configuration details required by the server. The information in this
file includes server-specific information such as what printcap file to use, as well as descriptions of
all the services that the server is to provide. See smb.conf for more information. The default
configuration file name is determined at compile time.
-l|–log-basename=logdirectory
Base directory name for log/debug files. The extension “.progname” will be appended (e.g. log.smbclient,
log.smbd, etc…). The log file is never removed by the client.
–option=<name>=<value>
Set the smb.conf(5) option “<name>” to value “<value>” from the command line. This overrides compiled-in
defaults and options read from the configuration file.
-N|–no-pass
If specified, this parameter suppresses the normal password prompt from the client to the user. This is
useful when accessing a service that does not require a password.
Unless a password is specified on the command line or this parameter is specified, the client will
request a password.
If a password is specified on the command line and this option is also defined the password on the
command line will be silently ingnored and no password will be used.
-k|–kerberos
Try to authenticate with kerberos. Only useful in an Active Directory environment.
-C|–use-ccache
Try to use the credentials cached by winbind.
-A|–authentication-file=filename
This option allows you to specify a file from which to read the username and password used in the
connection. The format of the file is
password = <value>
domain = <value>
Make certain that the permissions on the file restrict access from unwanted users.
-U|–user=username[%password]
Sets the SMB username or username and password.
If %password is not specified, the user will be prompted. The client will first check the USER
environment variable, then the LOGNAME variable and if either exists, the string is uppercased. If these
environmental variables are not found, the username GUEST is used.
A third option is to use a credentials file which contains the plaintext of the username and password.
This option is mainly provided for scripts where the admin does not wish to pass the credentials on the
command line or via environment variables. If this method is used, make certain that the permissions on
the file restrict access from unwanted users. See the -A for more details.
Be cautious about including passwords in scripts. Also, on many systems the command line of a running
process may be seen via the ps command. To be safe always allow rpcclient to prompt for a password and
type it in directly.
-S|–signing on|off|required
Set the client signing state.
-P|–machine-pass
Use stored machine account password.
-e|–encrypt
This command line parameter requires the remote server support the UNIX extensions or that the SMB3
protocol has been selected. Requests that the connection be encrypted. Negotiates SMB encryption using
either SMB3 or POSIX extensions via GSSAPI. Uses the given credentials for the encryption negotiation
(either kerberos or NTLMv1/v2 if given domain/username/password triple. Fails the connection if
encryption cannot be negotiated.
–pw-nt-hash
The supplied password is the NT hash.
-n|–netbiosname <primary NetBIOS name>
This option allows you to override the NetBIOS name that Samba uses for itself. This is identical to
setting the netbios name parameter in the smb.conf file. However, a command line setting will take
precedence over settings in smb.conf.
-i|–scope <scope>
This specifies a NetBIOS scope that nmblookup will use to communicate with when generating NetBIOS names.
For details on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are very rarely
used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems
you communicate with.
-W|–workgroup=domain
Set the SMB domain of the username. This overrides the default domain which is the domain defined in
smb.conf. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on
using the servers local SAM (as opposed to the Domain SAM).
-O|–socket-options socket options
TCP socket options to set on the client socket. See the socket options parameter in the smb.conf manual
page for the list of valid options.
-?|–help
Print a summary of command line options.
–usage
Display brief usage message.
-t|–timeout <timeout-seconds>
This allows the user to tune the default timeout used for each SMB request. The default setting is 20
seconds. Increase it if requests to the server sometimes time out. This can happen when SMB3 encryption
is selected and smbclient is overwhelming the server with requests. This can also be set using the
timeout command inside smbclient.
-T|–tar tar options
smbclient may be used to create tar(1) compatible backups of all the files on an SMB/CIFS share. The
secondary tar flags that can be given to this option are:
· c – Create a tar backup archive on the local system. Must be followed by the name of a tar file, tape
value -d0 to avoid corrupting your tar file. This flag is mutually exclusive with the x flag.
· x – Extract (restore) a local tar file back to a share. Unless the -D option is given, the tar files
device or “-” for standard input. Mutually exclusive with the c flag. Restored files have their
creation times (mtime) set to the date saved in the tar file. Directories currently do not get their
creation dates restored properly.
· I – Include files and directories. Is the default behavior when filenames are specified above. Causes
example below. Filename globbing works in one of two ways. See r below.
· X – Exclude files and directories. Causes files to be excluded from an extract or create. See example
· F – File containing a list of files and directories. The F causes the name following the tarfile to
extract or create (and therefore everything else to be excluded). See example below. Filename
globbing works in one of two ways. See r below.
· b – Blocksize. Must be followed by a valid (greater than zero) blocksize. Causes tar file to be
· g – Incremental. Only back up files that have the archive bit set. Useful only with the c flag.
· q – Quiet. Keeps tar from printing diagnostics as it works. This is the same as tarmode quiet.
· r – Use wildcard matching to include or exclude. Deprecated.
· N – Newer than. Must be followed by the name of a file whose date is compared against files found on
Useful only with the c flag.
· a – Set archive bit. Causes the archive bit to be reset when a file is backed up. Useful with the g
of the file must be less than 1024 bytes. Also, when a tar archive is created, smbclient’s tar option places
all files in the archive with relative names, not absolute names.
(with ‘/’ as the component separator).
连接共享后,在「smb: \>」中可执行的命令及含义(OPERATIONS)
working directory is changed.
single word, optionally followed by parameters specific to that command. Command and parameters are
space-delimited unless these notes specifically state otherwise. All commands are case-insensitive.
Parameters to commands may or may not be case sensitive, depending on the command.
long file name”.
suitable defaults. Parameters shown in angle brackets (e.g., “<parameter>”) are required.
Thus the behavior may vary from server to server, depending on how the server was implemented.
command. If no command is specified, a list of available commands will be displayed.
command. If no command is specified, a local shell will be run.
streams).
directory.
files with this bit set, 2 means only operate on files with this bit set and reset it after operation, 3
means operate on all files and reset it after operation. The default is 0.
the “backup intent” flag is true, the server will try and bypass some file system checks if the user has
been granted SE_BACKUP or SE_RESTORE privileges. This state is useful when performing a backup or restore
operation.
blocksize*TBLOCK (normally 512 byte) units.
ids.
sensitive. Set to OFF by default (tells file server to treat filenames as case insensitive). Only
currently affects Samba 3.0.5 and above file servers with the case sensitive parameter set to auto in the
smb.conf.
directory specified. This operation will fail if for any reason the specified directory is inaccessible.
not. The client requests that the server change the UNIX permissions to the given octal mode, in standard
UNIX format.
not. The client requests that the server change the UNIX user and group ownership to the given decimal
values. Note there is currently no way to remotely look up the UNIX uid and gid values for a given name.
This may be addressed in future versions of the CIFS UNIX extensions.
working directory on the server.
the server and displayed.
name the local copy local file name. Note that all transfers in smbclient are binary. See also the
lowercase command.
requests to the connected server. This command allows this size to be set to any range between 0 (which
means use the default server controlled size) bytes and 16776960 (0xFFFF00) bytes. Using the server
controlled size is the most efficient as smbclient will pipeline as many simultaneous reads or writes
needed to keep the server as busy as possible. Setting this to any other size will slow down the
transfer.
directory specified. This operation will fail if for any reason the specified directory is inaccessible.
reported.
not. The client requests that the server create a hard link between the linkname and target files. The
linkname file must not exist.
not. Tries to set a POSIX fcntl lock of the given type on the given range. Used for internal Samba
testing purposes.
new vuid. Used for internal Samba testing purposes.
commands. This is often useful when copying (say) MSDOS files from a server, because lowercase filenames
are the norm on UNIX systems.
and mput commands.
recursion is toggled ON.
example, if the mask specified in an mget command is “source*” and the mask specified with the mask
command is “*.c” and recursion is toggled ON, the mget command will retrieve all files matching “*.c” in
all directories below and including all directories matching “source*” in the current working directory.
is used to change it. It retains the most recently specified value indefinitely. To avoid unexpected
results it would be wise to change the value of mask back to “*” after using the mget or mput commands.
to the recurse and mask commands for more information. Note that all transfers in smbclient are binary.
See also the lowercase command.
directory on the server.
to the recurse and mask commands for more information. Note that all transfers in smbclient are binary.
possible changes. As changes come in will print one line per change. See
https://msdn.microsoft.com/en-us/library/dn392331.aspx for a description of the action numbers that this
command prints.
capabilities supported. If so, turn on POSIX pathname processing and large file read/writes (if
available),.
not. Attempt to negotiate SMB encryption on this connection. If smbclient connected with kerberos
credentials (-k) the arguments to this command are ignored and the kerberos credentials are used to
negotiate GSSAPI signing and sealing instead. See also the -e option to smbclient to force encryption on
initial connection. This command is new with Samba 3.2.
not. Opens a remote file using the CIFS UNIX extensions and prints a fileid. Used for internal Samba
testing purposes.
not. Creates a remote directory using the CIFS UNIX extensions with the given mode.
not. Deletes a remote directory using the CIFS UNIX extensions.
not. Deletes a remote file using the CIFS UNIX extensions.
guest status, user, group, group list and sid list that the remote server is using on behalf of the
logged on user.
When toggled OFF, all specified files will be transferred without prompting.
name the remote copy remote file name. Note that all transfers in smbclient are binary. See also the
lowercase command.
not. Print the value of the symlink “symlinkname”.
they are copying from ) and will recurse into any that match the mask specified to the command. Only
files that match the mask specified using the mask command will be retrieved. See also the mask command.
match the mask specified to the mget or mput commands will be copied, and any mask specified using the
mask command will be ignored.
read then write if server doesn’t support server-side copy.
not. The client requests the UNIX basic info level and prints out the same info that the Linux stat
command would about the file. This includes the size, blocks used on disk, file type, permissions, inode
number, number of links and finally the three timestamps (access, modify and change). If the file is a
special file (symlink, character or block device, fifo or socket) then extra information may also be
printed.
not. The client requests that the server create a symbolic hard link between the target and linkname
files. The linkname file must not exist. Note that the server will not create a link to any path that
lies outside the currently connected share. This is enforced by the Samba server.
command (see below). Using g (incremental) and N (newer) will affect tarmode settings. Note that using
the “-” option with tar x may not work – use the command line option instead.
in blocksize*TBLOCK (512 byte) blocks.
archive bit setting. When on (using inc), tar will only back up files with the archive bit set.
(implies read/write share). Use noreset to turn off.
seconds. Increase it if requests to the server sometimes time out. This can happen when SMB3 encryption
is selected and smbclient is overwhelming the server with requests.
not. Tries to unlock a POSIX fcntl lock on the given range. Used for internal Samba testing purposes.
out the current vuid being used. Used for internal Samba testing purposes.
tid (tree id). Used for internal Samba testing purposes.
prints out the tid currently used. Used for internal Samba testing purposes.
注意事项(NOTES)
machine names. If you fail to connect try giving all parameters in uppercase.
LanManager insists on a valid NetBIOS name being used, so you need to supply a valid name that would be known
to the server.
相关环境变量(ENVIRONMENT VARIABLES)
the protocol level is high enough to support session-level passwords.
the protocol level is high enough to support session-level passwords.
instead of connecting to a server. This functionality is primarily intended as a development aid, and works
best when using a LMHOSTS file
安装(INSTALLATION)
suggestions only.
directory, this directory readable by all, writeable only by root. The client program itself should be
executable by all. The client should NOT be setuid or setgid!
smbd(8) as an ordinary user – running that server as a daemon on a user-accessible port (typically any port
number over 1024) would provide a suitable test server.
问题诊断(DIAGNOSTICS)
Client发出的大多数诊断都记录在指定的日志文件中。日志文件名是在编译时指定,但可能在命令行上进行覆盖。
诊断可用的数量和性质取决于Client使用的调试级别。如果有问题,请将调试级别设置为3,并仔细阅读日志文件。
文档版本(VERSION)
原文 “
”
该文档对于3.2版本的Samba套件是正确的。我使用的Samba的版本是4.6.5,从发行版的源中直接安装的,似乎发行版的文档并没有更新。
后来,我又去官网找了一通:
https://www.samba.org/samba/docs/man/manpages/smbclient.1.html
https://www.samba.org/samba/docs/man/manpages-3/smbclient.1.html
似乎也都是这个样子,所以可能smbclient没有什么更新吧。
参考文献
- man 1 smbclient, version Version 4.6.5-Debian