1MDSEARCH(1) User Commands MDSEARCH(1)
2
3
4
6 mdsearch - Run Spotlight searches against an SMB server
7
9 mdfine {server} {sharename} {query} [-p, --path=STRING] [-L, --live]
10 [-?|--help] [--usage] [-d|--debuglevel=DEBUGLEVEL] [--debug-stdout]
11 [--configfile=CONFIGFILE] [--option=name=value]
12 [-l|--log-basename=LOGFILEBASE] [--leak-report] [--leak-report-full]
13 [-R|--name-resolve=NAME-RESOLVE-ORDER]
14 [-O|--socket-options=SOCKETOPTIONS] [-m|--max-protocol=MAXPROTOCOL]
15 [-n|--netbiosname=NETBIOSNAME] [--netbios-scope=SCOPE]
16 [-W|--workgroup=WORKGROUP] [--realm=REALM]
17 [-U|--user=[DOMAIN/]USERNAME[%PASSWORD]] [-N|--no-pass]
18 [--password=STRING] [--pw-nt-hash] [-A|--authentication-file=FILE]
19 [-P|--machine-pass] [--simple-bind-dn=DN]
20 [--use-kerberos=desired|required|off] [--use-krb5-ccache=CCACHE]
21 [--use-winbind-ccache] [--client-protection=sign|encrypt|off]
22 [-V|--version]
23
25 This tool is part of the samba(1) suite.
26
27 mdsearch is a simple utility to run Spotlight searches against an SMB
28 server that runs the Spotlight mdssvc RPC service.
29
31 server
32 The SMB server name or IP address to connect to.
33
34 sharename
35 The name of a share on the server.
36
37 query
38 The query expression syntax is a simplified form of filename
39 globbing familiar to shell users. Queries have the following
40 format:
41
42 attribute=="value"
43
44 For queries against a Samba server with Spotlight enabled using the
45 Elasticsearch backend, the list of supported metadata attributes is
46 given by the JSON attribute mapping file, typically installed at
47 /usr/share/samba/mdssvc/elasticsearch_mappings.json
48
49 -p PATH, --path=PATH
50 Server side path to search, defaults to "/"
51
52 -L, --live
53 Query remains running.
54
55 -?|--help
56 Print a summary of command line options.
57
58 --usage
59 Display brief usage message.
60
61 -d|--debuglevel=DEBUGLEVEL
62 level is an integer from 0 to 10. The default value if this
63 parameter is not specified is 1 for client applications.
64
65 The higher this value, the more detail will be logged to the log
66 files about the activities of the server. At level 0, only critical
67 errors and serious warnings will be logged. Level 1 is a reasonable
68 level for day-to-day running - it generates a small amount of
69 information about operations carried out.
70
71 Levels above 1 will generate considerable amounts of log data, and
72 should only be used when investigating a problem. Levels above 3
73 are designed for use only by developers and generate HUGE amounts
74 of log data, most of which is extremely cryptic.
75
76 Note that specifying this parameter here will override the log
77 level parameter in the /etc/samba/smb.conf file.
78
79 --debug-stdout
80 This will redirect debug output to STDOUT. By default all clients
81 are logging to STDERR.
82
83 --configfile=<configuration file>
84 The file specified contains the configuration details required by
85 the client. The information in this file can be general for client
86 and server or only provide client specific like options such as
87 client smb encrypt. See /etc/samba/smb.conf for more information.
88 The default configuration file name is determined at compile time.
89
90 --option=<name>=<value>
91 Set the smb.conf(5) option "<name>" to value "<value>" from the
92 command line. This overrides compiled-in defaults and options read
93 from the configuration file. If a name or a value includes a space,
94 wrap whole --option=name=value into quotes.
95
96 -l|--log-basename=logdirectory
97 Base directory name for log/debug files. The extension ".progname"
98 will be appended (e.g. log.smbclient, log.smbd, etc...). The log
99 file is never removed by the client.
100
101 --leak-report
102 Enable talloc leak reporting on exit.
103
104 --leak-report-full
105 Enable full talloc leak reporting on exit.
106
107 -V|--version
108 Prints the program version number.
109
110 -U|--user=[DOMAIN\]USERNAME[%PASSWORD]
111 Sets the SMB username or username and password.
112
113 If %PASSWORD is not specified, the user will be prompted. The
114 client will first check the USER environment variable (which is
115 also permitted to also contain the password separated by a %), then
116 the LOGNAME variable (which is not permitted to contain a password)
117 and if either exists, the value is used. If these environmental
118 variables are not found, the username found in a Kerberos
119 Credentials cache may be used.
120
121 A third option is to use a credentials file which contains the
122 plaintext of the username and password. This option is mainly
123 provided for scripts where the admin does not wish to pass the
124 credentials on the command line or via environment variables. If
125 this method is used, make certain that the permissions on the file
126 restrict access from unwanted users. See the -A for more details.
127
128 Be cautious about including passwords in scripts or passing
129 user-supplied values onto the command line. For security it is
130 better to let the Samba client tool ask for the password if needed,
131 or obtain the password once with kinit.
132
133 While Samba will attempt to scrub the password from the process
134 title (as seen in ps), this is after startup and so is subject to a
135 race.
136
137 -N|--no-pass
138 If specified, this parameter suppresses the normal password prompt
139 from the client to the user. This is useful when accessing a
140 service that does not require a password.
141
142 Unless a password is specified on the command line or this
143 parameter is specified, the client will request a password.
144
145 If a password is specified on the command line and this option is
146 also defined the password on the command line will be silently
147 ignored and no password will be used.
148
149 --password
150 Specify the password on the commandline.
151
152 Be cautious about including passwords in scripts or passing
153 user-supplied values onto the command line. For security it is
154 better to let the Samba client tool ask for the password if needed,
155 or obtain the password once with kinit.
156
157 If --password is not specified, the tool will check the PASSWD
158 environment variable, followed by PASSWD_FD which is expected to
159 contain an open file descriptor (FD) number.
160
161 Finally it will check PASSWD_FILE (containing a file path to be
162 opened). The file should only contain the password. Make certain
163 that the permissions on the file restrict access from unwanted
164 users!
165
166 While Samba will attempt to scrub the password from the process
167 title (as seen in ps), this is after startup and so is subject to a
168 race.
169
170 --pw-nt-hash
171 The supplied password is the NT hash.
172
173 -A|--authentication-file=filename
174 This option allows you to specify a file from which to read the
175 username and password used in the connection. The format of the
176 file is:
177
178 username = <value>
179 password = <value>
180 domain = <value>
181
182
183 Make certain that the permissions on the file restrict access from
184 unwanted users!
185
186 -P|--machine-pass
187 Use stored machine account password.
188
189 --simple-bind-dn=DN
190 DN to use for a simple bind.
191
192 --use-kerberos=desired|required|off
193 This parameter determines whether Samba client tools will try to
194 authenticate using Kerberos. For Kerberos authentication you need
195 to use dns names instead of IP addresses when connecting to a
196 service.
197
198 Note that specifying this parameter here will override the client
199 use kerberos parameter in the /etc/samba/smb.conf file.
200
201 --use-krb5-ccache=CCACHE
202 Specifies the credential cache location for Kerberos
203 authentication.
204
205 This will set --use-kerberos=required too.
206
207 --use-winbind-ccache
208 Try to use the credential cache by winbind.
209
210 --client-protection=sign|encrypt|off
211 Sets the connection protection the client tool should use.
212
213 Note that specifying this parameter here will override the client
214 protection parameter in the /etc/samba/smb.conf file.
215
216 In case you need more fine grained control you can use:
217 --option=clientsmbencrypt=OPTION, --option=clientipcsigning=OPTION,
218 --option=clientsigning=OPTION.
219
221 Search all indexed metadata attributes, exact match:
222
223 '*=="Samba"'
224
225
226 Search all indexed metadata attributes, prefix match:
227
228 '*=="Samba*"'
229
230
231 Search by filename:
232
233 'kMDItemFSName=="Samba*"'
234
235
236 Search by date:
237
238 'kMDItemFSContentChangeDate<$time.iso(2018-10-01T10:00:00Z)'
239
240
241 Search files's content:
242
243 'kMDItemTextContent=="Samba*"'
244
245
246 Expressions:
247
248 kMDItemFSName=="Samba*"||kMDItemTextContent=="Tango*"'
249
250
252 File Metadata Search Programming Guide
253 https://developer.apple.com/library/archive/documentation/Carbon/Conceptual/SpotlightQuery/Concepts/Introduction.html
254
256 This man page is part of version 4.17.5 of the Samba suite.
257
259 The original Samba software and related utilities were created by
260 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
261 Source project similar to the way the Linux kernel is developed.
262
263 The mdsearch manpage was written by Ralph Boehme.
264
265
266
267Samba 4.17.5 01/26/2023 MDSEARCH(1)