diff options
Diffstat (limited to '')
-rw-r--r-- | docs-xml/manpages/pdbedit.8.xml | 567 |
1 files changed, 567 insertions, 0 deletions
diff --git a/docs-xml/manpages/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml new file mode 100644 index 0000000..5849498 --- /dev/null +++ b/docs-xml/manpages/pdbedit.8.xml @@ -0,0 +1,567 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="pdbedit.8"> + +<refmeta> + <refentrytitle>pdbedit</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">&doc.version;</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>pdbedit</refname> + <refpurpose>manage the SAM database (Database of Samba Users)</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>pdbedit</command> + <arg choice="opt">-L|--list</arg> + <arg choice="opt">-v|--verbose</arg> + <arg choice="opt">-w|--smbpasswd-style</arg> + <arg choice="opt">-u|--user=USER</arg> + <arg choice="opt">-N|--account-desc=STRING</arg> + <arg choice="opt">-f|--fullname=STRING</arg> + <arg choice="opt">-h|--homedir=STRING</arg> + <arg choice="opt">-D|--drive=STRING</arg> + <arg choice="opt">-S|--script=STRING</arg> + <arg choice="opt">-p|--profile=STRING</arg> + <arg choice="opt">-I|--domain=STRING</arg> + <arg choice="opt">-U|--user SID=STRING</arg> + <arg choice="opt">-M|--machine SID=STRING</arg> + <arg choice="opt">-a|--create</arg> + <arg choice="opt">-r|--modify</arg> + <arg choice="opt">-m|--machine</arg> + <arg choice="opt">-x|--delete</arg> + <arg choice="opt">-b|--backend=STRING</arg> + <arg choice="opt">-i|--import=STRING</arg> + <arg choice="opt">-e|--export=STRING</arg> + <arg choice="opt">-g|--group</arg> + <arg choice="opt">-y|--policies</arg> + <arg choice="opt">--policies-reset</arg> + <arg choice="opt">-P|--account-policy=STRING</arg> + <arg choice="opt">-C|--value=LONG</arg> + <arg choice="opt">-c|--account-control=STRING</arg> + <arg choice="opt">--force-initialized-passwords</arg> + <arg choice="opt">-z|--bad-password-count-reset</arg> + <arg choice="opt">-Z|--logon-hours-reset</arg> + <arg choice="opt">--time-format=STRING</arg> + <arg choice="opt">-t|--password-from-stdin</arg> + <arg choice="opt">-K|--kickoff-time=STRING</arg> + <arg choice="opt">--set-nt-hash=STRING</arg> + <arg choice="opt">-?|--help</arg> + <arg choice="opt">--usage</arg> + <arg choice="opt">-d|--debuglevel=DEBUGLEVEL</arg> + <arg choice="opt">--debug-stdout</arg> + <arg choice="opt">--configfile=CONFIGFILE</arg> + <arg choice="opt">--option=name=value</arg> + <arg choice="opt">-l|--log-basename=LOGFILEBASE</arg> + <arg choice="opt">--leak-report</arg> + <arg choice="opt">--leak-report-full</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The pdbedit program is used to manage the users accounts + stored in the sam database and can only be run by root.</para> + + <para>The pdbedit tool uses the passdb modular interface and is + independent from the kind of users database used (currently there + are smbpasswd, ldap, nis+ and tdb based and more can be added + without changing the tool).</para> + + <para>There are five main ways to use pdbedit: adding a user account, + removing a user account, modifying a user account, listing user + accounts, importing users accounts.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term>-L|--list</term> + <listitem><para>This option lists all the user accounts + present in the users database. + This option prints a list of user/uid pairs separated by + the ':' character.</para> + <para>Example: <command>pdbedit -L</command></para> + <para><programlisting> +sorce:500:Simo Sorce +samba:45:Test User +</programlisting></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-v|--verbose</term> + <listitem><para>This option enables the verbose listing format. + It causes pdbedit to list the users in the database, printing + out the account fields in a descriptive format. Used together + with -w also shows passwords hashes.</para> + + <para>Example: <command>pdbedit -L -v</command></para> + <para><programlisting> +--------------- +username: sorce +user ID/Group: 500/500 +user RID/GRID: 2000/2001 +Full Name: Simo Sorce +Home Directory: \\BERSERKER\sorce +HomeDir Drive: H: +Logon Script: \\BERSERKER\netlogon\sorce.bat +Profile Path: \\BERSERKER\profile +--------------- +username: samba +user ID/Group: 45/45 +user RID/GRID: 1090/1091 +Full Name: Test User +Home Directory: \\BERSERKER\samba +HomeDir Drive: +Logon Script: +Profile Path: \\BERSERKER\profile +</programlisting></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-w|--smbpasswd-style</term> + <listitem><para>This option sets the "smbpasswd" listing format. + It will make pdbedit list the users in the database, printing + out the account fields in a format compatible with the + <filename>smbpasswd</filename> file format. (see the + <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details). + Instead used together with (-v) displays the passwords + hashes in verbose output.</para> + + <para>Example: <command>pdbedit -L -w</command></para> + <programlisting> +sorce:500:508818B733CE64BEAAD3B435B51404EE: + D2A2418EFC466A8A0F6B1DBB5C3DB80C: + [UX ]:LCT-00000000: +samba:45:0F2B255F7B67A7A9AAD3B435B51404EE: + BC281CE3F53B6A5146629CD4751D3490: + [UX ]:LCT-3BFA1E8D: +</programlisting> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-u|--user username</term> + <listitem><para>This option specifies the username to be + used for the operation requested (listing, adding, removing). + It is <emphasis>required</emphasis> in add, remove and modify + operations and <emphasis>optional</emphasis> in list + operations.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-f|--fullname fullname</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will specify the user's full + name. </para> + + <para>Example: <command>-f "Simo Sorce"</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-h|--homedir homedir</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will specify the user's home + directory network path.</para> + + <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-D|--drive drive</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will specify the windows drive + letter to be used to map the home directory.</para> + + <para>Example: <command>-D "H:"</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-S|--script script</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will specify the user's logon + script path.</para> + + <para>Example: <command>-S "\\\\BERSERKER\\netlogon\\sorce.bat"</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>--set-nt-hash</term> + <listitem><para>This option can be used while modifying + a user account. It will set the user's password using + the nt-hash value given as hexadecimal string. + Useful to synchronize passwords.</para> + + <para>Example: <command>--set-nt-hash 8846F7EAEE8FB117AD06BDD830B7586C</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-p|--profile profile</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will specify the user's profile + directory.</para> + + <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-M|'--machine SID' SID|rid</term> + <listitem><para> + This option can be used while adding or modifying a machine account. It + will specify the machines' new primary group SID (Security Identifier) or + rid. </para> + + <para>Example: <command>-M S-1-5-21-2447931902-1787058256-3961074038-1201</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-U|'--user SID' SID|rid</term> + <listitem><para> + This option can be used while adding or modifying a user account. It + will specify the users' new SID (Security Identifier) or + rid. </para> + + <para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para> + <para>Example: <command>'--user SID' S-1-5-21-2447931902-1787058256-3961074038-5004</command></para> + <para>Example: <command>-U 5004</command></para> + <para>Example: <command>'--user SID' 5004</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-c|--account-control account-control</term> + <listitem><para>This option can be used while adding or modifying a user + account. It will specify the users' account control property. Possible flags are listed below. + </para> + + <para> + <itemizedlist> + <listitem><para>N: No password required</para></listitem> + <listitem><para>D: Account disabled</para></listitem> + <listitem><para>H: Home directory required</para></listitem> + <listitem><para>T: Temporary duplicate of other account</para></listitem> + <listitem><para>U: Regular user account</para></listitem> + <listitem><para>M: MNS logon user account</para></listitem> + <listitem><para>W: Workstation Trust Account</para></listitem> + <listitem><para>S: Server Trust Account</para></listitem> + <listitem><para>L: Automatic Locking</para></listitem> + <listitem><para>X: Password does not expire</para></listitem> + <listitem><para>I: Domain Trust Account</para></listitem> + </itemizedlist> + </para> + + <para>Example: <command>-c "[X ]"</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-K|--kickoff-time</term> + <listitem><para>This option is used to modify the kickoff + time for a certain user. Use "never" as argument to set the + kickoff time to unlimited. + </para> + <para>Example: <command>pdbedit -K never user</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-a|--create</term> + <listitem><para>This option is used to add a user into the + database. This command needs a user name specified with + the -u switch. When adding a new user, pdbedit will also + ask for the password to be used.</para> + + <para>Example: <command>pdbedit -a -u sorce</command> +<programlisting>new password: +retype new password +</programlisting> +</para> + + <note><para>pdbedit does not call the unix password synchronization + script if <smbconfoption name="unix password sync"/> + has been set. It only updates the data in the Samba + user database. + </para> + + <para>If you wish to add a user and synchronise the password + that immediately, use <command>smbpasswd</command>'s <option>-a</option> option. + </para> + </note> + </listitem> + </varlistentry> + + <varlistentry> + <term>-t|--password-from-stdin</term> + <listitem><para>This option causes pdbedit to read the password + from standard input, rather than from /dev/tty (like the + <command>passwd(1)</command> program does). The password has + to be submitted twice and terminated by a newline each.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-r|--modify</term> + <listitem><para>This option is used to modify an existing user + in the database. This command needs a user name specified with the -u + switch. Other options can be specified to modify the properties of + the specified user. This flag is kept for backwards compatibility, but + it is no longer necessary to specify it. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-m|--machine</term> + <listitem><para>This option may only be used in conjunction + with the <parameter>-a</parameter> option. It will make + pdbedit to add a machine trust account instead of a user + account (-u username will provide the machine name).</para> + + <para>Example: <command>pdbedit -a -m -u w2k-wks</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-x|--delete</term> + <listitem><para>This option causes pdbedit to delete an account + from the database. It needs a username specified with the + -u switch.</para> + + <para>Example: <command>pdbedit -x -u bob</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-i|--import passdb-backend</term> + <listitem><para>Use a different passdb backend to retrieve users + than the one specified in smb.conf. Can be used to import data into + your local user database.</para> + + <para>This option will ease migration from one passdb backend to + another.</para> + + <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old + </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-e|--export passdb-backend</term> + <listitem><para>Exports all currently available users to the + specified password database backend.</para> + + <para>This option will ease migration from one passdb backend to + another and will ease backing up.</para> + + <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-g|--group</term> + <listitem><para>If you specify <parameter>-g</parameter>, + then <parameter>-i in-backend -e out-backend</parameter> + applies to the group mapping instead of the user database.</para> + + <para>This option will ease migration from one passdb backend to + another and will ease backing up.</para> + + </listitem> + </varlistentry> + + <varlistentry> + <term>-b|--backend passdb-backend</term> + <listitem><para>Use a different default passdb backend. </para> + + <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-P|--account-policy account-policy</term> + <listitem><para>Display an account policy</para> + <para>Valid policies are: minimum password age, reset count minutes, disconnect time, + user must logon to change password, password history, lockout duration, min password length, + maximum password age and bad lockout attempt.</para> + + <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para> +<para><programlisting> +account policy value for bad lockout attempt is 0 +</programlisting></para> + + </listitem> + </varlistentry> + + + <varlistentry> + <term>-C|--value account-policy-value</term> + <listitem><para>Sets an account policy to a specified value. + This option may only be used in conjunction + with the <parameter>-P</parameter> option. + </para> + + <para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para> +<para><programlisting> +account policy value for bad lockout attempt was 0 +account policy value for bad lockout attempt is now 3 +</programlisting></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-y|--policies</term> + <listitem><para>If you specify <parameter>-y</parameter>, + then <parameter>-i in-backend -e out-backend</parameter> + applies to the account policies instead of the user database.</para> + + <para>This option will allow one to migrate account policies from their default + tdb-store into a passdb backend, e.g. an LDAP directory server.</para> + + <para>Example: <command>pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host</command></para> + + </listitem> + </varlistentry> + + <varlistentry> + <term>--force-initialized-passwords</term> + <listitem><para>This option forces all users to change their + password upon next login. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-N|--account-desc description</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will specify the user's description + field.</para> + + <para>Example: <command>-N "test description"</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-Z|--logon-hours-reset</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will reset the user's allowed logon + hours. A user may login at any time afterwards.</para> + + <para>Example: <command>-Z</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-z|--bad-password-count-reset</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will reset the stored bad login + counter from a specified user.</para> + + <para>Example: <command>-z</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>--policies-reset</term> + <listitem><para>This option can be used to reset the general + password policies stored for a domain to their + default values.</para> + <para>Example: <command>--policies-reset</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-I|--domain</term> + <listitem><para>This option can be used while adding or + modifying a user account. It will specify the user's domain field.</para> + + <para>Example: <command>-I "MYDOMAIN"</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>--time-format</term> + <listitem><para>This option is currently not being used.</para> + </listitem> + </varlistentry> + + &popt.autohelp; + &cmdline.common.samba.client; + </variablelist> +</refsect1> + + +<refsect1> + <title>NOTES</title> + + <para>This command may be used only by root.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is part of version &doc.version; of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.</para> + +</refsect1> + +</refentry> |