summaryrefslogtreecommitdiffstats
path: root/docs-xml/manpages/pdbedit.8.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs-xml/manpages/pdbedit.8.xml567
1 files changed, 567 insertions, 0 deletions
diff --git a/docs-xml/manpages/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml
new file mode 100644
index 0000000..5849498
--- /dev/null
+++ b/docs-xml/manpages/pdbedit.8.xml
@@ -0,0 +1,567 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="pdbedit.8">
+
+<refmeta>
+ <refentrytitle>pdbedit</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>pdbedit</refname>
+ <refpurpose>manage the SAM database (Database of Samba Users)</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>pdbedit</command>
+ <arg choice="opt">-L|--list</arg>
+ <arg choice="opt">-v|--verbose</arg>
+ <arg choice="opt">-w|--smbpasswd-style</arg>
+ <arg choice="opt">-u|--user=USER</arg>
+ <arg choice="opt">-N|--account-desc=STRING</arg>
+ <arg choice="opt">-f|--fullname=STRING</arg>
+ <arg choice="opt">-h|--homedir=STRING</arg>
+ <arg choice="opt">-D|--drive=STRING</arg>
+ <arg choice="opt">-S|--script=STRING</arg>
+ <arg choice="opt">-p|--profile=STRING</arg>
+ <arg choice="opt">-I|--domain=STRING</arg>
+ <arg choice="opt">-U|--user SID=STRING</arg>
+ <arg choice="opt">-M|--machine SID=STRING</arg>
+ <arg choice="opt">-a|--create</arg>
+ <arg choice="opt">-r|--modify</arg>
+ <arg choice="opt">-m|--machine</arg>
+ <arg choice="opt">-x|--delete</arg>
+ <arg choice="opt">-b|--backend=STRING</arg>
+ <arg choice="opt">-i|--import=STRING</arg>
+ <arg choice="opt">-e|--export=STRING</arg>
+ <arg choice="opt">-g|--group</arg>
+ <arg choice="opt">-y|--policies</arg>
+ <arg choice="opt">--policies-reset</arg>
+ <arg choice="opt">-P|--account-policy=STRING</arg>
+ <arg choice="opt">-C|--value=LONG</arg>
+ <arg choice="opt">-c|--account-control=STRING</arg>
+ <arg choice="opt">--force-initialized-passwords</arg>
+ <arg choice="opt">-z|--bad-password-count-reset</arg>
+ <arg choice="opt">-Z|--logon-hours-reset</arg>
+ <arg choice="opt">--time-format=STRING</arg>
+ <arg choice="opt">-t|--password-from-stdin</arg>
+ <arg choice="opt">-K|--kickoff-time=STRING</arg>
+ <arg choice="opt">--set-nt-hash=STRING</arg>
+ <arg choice="opt">-?|--help</arg>
+ <arg choice="opt">--usage</arg>
+ <arg choice="opt">-d|--debuglevel=DEBUGLEVEL</arg>
+ <arg choice="opt">--debug-stdout</arg>
+ <arg choice="opt">--configfile=CONFIGFILE</arg>
+ <arg choice="opt">--option=name=value</arg>
+ <arg choice="opt">-l|--log-basename=LOGFILEBASE</arg>
+ <arg choice="opt">--leak-report</arg>
+ <arg choice="opt">--leak-report-full</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The pdbedit program is used to manage the users accounts
+ stored in the sam database and can only be run by root.</para>
+
+ <para>The pdbedit tool uses the passdb modular interface and is
+ independent from the kind of users database used (currently there
+ are smbpasswd, ldap, nis+ and tdb based and more can be added
+ without changing the tool).</para>
+
+ <para>There are five main ways to use pdbedit: adding a user account,
+ removing a user account, modifying a user account, listing user
+ accounts, importing users accounts.</para>
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>-L|--list</term>
+ <listitem><para>This option lists all the user accounts
+ present in the users database.
+ This option prints a list of user/uid pairs separated by
+ the ':' character.</para>
+ <para>Example: <command>pdbedit -L</command></para>
+ <para><programlisting>
+sorce:500:Simo Sorce
+samba:45:Test User
+</programlisting></para>
+ </listitem>
+ </varlistentry>
+
+
+
+ <varlistentry>
+ <term>-v|--verbose</term>
+ <listitem><para>This option enables the verbose listing format.
+ It causes pdbedit to list the users in the database, printing
+ out the account fields in a descriptive format. Used together
+ with -w also shows passwords hashes.</para>
+
+ <para>Example: <command>pdbedit -L -v</command></para>
+ <para><programlisting>
+---------------
+username: sorce
+user ID/Group: 500/500
+user RID/GRID: 2000/2001
+Full Name: Simo Sorce
+Home Directory: \\BERSERKER\sorce
+HomeDir Drive: H:
+Logon Script: \\BERSERKER\netlogon\sorce.bat
+Profile Path: \\BERSERKER\profile
+---------------
+username: samba
+user ID/Group: 45/45
+user RID/GRID: 1090/1091
+Full Name: Test User
+Home Directory: \\BERSERKER\samba
+HomeDir Drive:
+Logon Script:
+Profile Path: \\BERSERKER\profile
+</programlisting></para>
+ </listitem>
+ </varlistentry>
+
+
+
+ <varlistentry>
+ <term>-w|--smbpasswd-style</term>
+ <listitem><para>This option sets the "smbpasswd" listing format.
+ It will make pdbedit list the users in the database, printing
+ out the account fields in a format compatible with the
+ <filename>smbpasswd</filename> file format. (see the
+ <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> for details).
+ Instead used together with (-v) displays the passwords
+ hashes in verbose output.</para>
+
+ <para>Example: <command>pdbedit -L -w</command></para>
+ <programlisting>
+sorce:500:508818B733CE64BEAAD3B435B51404EE:
+ D2A2418EFC466A8A0F6B1DBB5C3DB80C:
+ [UX ]:LCT-00000000:
+samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
+ BC281CE3F53B6A5146629CD4751D3490:
+ [UX ]:LCT-3BFA1E8D:
+</programlisting>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-u|--user username</term>
+ <listitem><para>This option specifies the username to be
+ used for the operation requested (listing, adding, removing).
+ It is <emphasis>required</emphasis> in add, remove and modify
+ operations and <emphasis>optional</emphasis> in list
+ operations.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f|--fullname fullname</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will specify the user's full
+ name. </para>
+
+ <para>Example: <command>-f "Simo Sorce"</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h|--homedir homedir</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will specify the user's home
+ directory network path.</para>
+
+ <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-D|--drive drive</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will specify the windows drive
+ letter to be used to map the home directory.</para>
+
+ <para>Example: <command>-D "H:"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-S|--script script</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will specify the user's logon
+ script path.</para>
+
+ <para>Example: <command>-S "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>--set-nt-hash</term>
+ <listitem><para>This option can be used while modifying
+ a user account. It will set the user's password using
+ the nt-hash value given as hexadecimal string.
+ Useful to synchronize passwords.</para>
+
+ <para>Example: <command>--set-nt-hash 8846F7EAEE8FB117AD06BDD830B7586C</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p|--profile profile</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will specify the user's profile
+ directory.</para>
+
+ <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-M|'--machine SID' SID|rid</term>
+ <listitem><para>
+ This option can be used while adding or modifying a machine account. It
+ will specify the machines' new primary group SID (Security Identifier) or
+ rid. </para>
+
+ <para>Example: <command>-M S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-U|'--user SID' SID|rid</term>
+ <listitem><para>
+ This option can be used while adding or modifying a user account. It
+ will specify the users' new SID (Security Identifier) or
+ rid. </para>
+
+ <para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
+ <para>Example: <command>'--user SID' S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
+ <para>Example: <command>-U 5004</command></para>
+ <para>Example: <command>'--user SID' 5004</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c|--account-control account-control</term>
+ <listitem><para>This option can be used while adding or modifying a user
+ account. It will specify the users' account control property. Possible flags are listed below.
+ </para>
+
+ <para>
+ <itemizedlist>
+ <listitem><para>N: No password required</para></listitem>
+ <listitem><para>D: Account disabled</para></listitem>
+ <listitem><para>H: Home directory required</para></listitem>
+ <listitem><para>T: Temporary duplicate of other account</para></listitem>
+ <listitem><para>U: Regular user account</para></listitem>
+ <listitem><para>M: MNS logon user account</para></listitem>
+ <listitem><para>W: Workstation Trust Account</para></listitem>
+ <listitem><para>S: Server Trust Account</para></listitem>
+ <listitem><para>L: Automatic Locking</para></listitem>
+ <listitem><para>X: Password does not expire</para></listitem>
+ <listitem><para>I: Domain Trust Account</para></listitem>
+ </itemizedlist>
+ </para>
+
+ <para>Example: <command>-c "[X ]"</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-K|--kickoff-time</term>
+ <listitem><para>This option is used to modify the kickoff
+ time for a certain user. Use "never" as argument to set the
+ kickoff time to unlimited.
+ </para>
+ <para>Example: <command>pdbedit -K never user</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-a|--create</term>
+ <listitem><para>This option is used to add a user into the
+ database. This command needs a user name specified with
+ the -u switch. When adding a new user, pdbedit will also
+ ask for the password to be used.</para>
+
+ <para>Example: <command>pdbedit -a -u sorce</command>
+<programlisting>new password:
+retype new password
+</programlisting>
+</para>
+
+ <note><para>pdbedit does not call the unix password synchronization
+ script if <smbconfoption name="unix password sync"/>
+ has been set. It only updates the data in the Samba
+ user database.
+ </para>
+
+ <para>If you wish to add a user and synchronise the password
+ that immediately, use <command>smbpasswd</command>'s <option>-a</option> option.
+ </para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t|--password-from-stdin</term>
+ <listitem><para>This option causes pdbedit to read the password
+ from standard input, rather than from /dev/tty (like the
+ <command>passwd(1)</command> program does). The password has
+ to be submitted twice and terminated by a newline each.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r|--modify</term>
+ <listitem><para>This option is used to modify an existing user
+ in the database. This command needs a user name specified with the -u
+ switch. Other options can be specified to modify the properties of
+ the specified user. This flag is kept for backwards compatibility, but
+ it is no longer necessary to specify it.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m|--machine</term>
+ <listitem><para>This option may only be used in conjunction
+ with the <parameter>-a</parameter> option. It will make
+ pdbedit to add a machine trust account instead of a user
+ account (-u username will provide the machine name).</para>
+
+ <para>Example: <command>pdbedit -a -m -u w2k-wks</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-x|--delete</term>
+ <listitem><para>This option causes pdbedit to delete an account
+ from the database. It needs a username specified with the
+ -u switch.</para>
+
+ <para>Example: <command>pdbedit -x -u bob</command></para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-i|--import passdb-backend</term>
+ <listitem><para>Use a different passdb backend to retrieve users
+ than the one specified in smb.conf. Can be used to import data into
+ your local user database.</para>
+
+ <para>This option will ease migration from one passdb backend to
+ another.</para>
+
+ <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
+ </command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-e|--export passdb-backend</term>
+ <listitem><para>Exports all currently available users to the
+ specified password database backend.</para>
+
+ <para>This option will ease migration from one passdb backend to
+ another and will ease backing up.</para>
+
+ <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-g|--group</term>
+ <listitem><para>If you specify <parameter>-g</parameter>,
+ then <parameter>-i in-backend -e out-backend</parameter>
+ applies to the group mapping instead of the user database.</para>
+
+ <para>This option will ease migration from one passdb backend to
+ another and will ease backing up.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-b|--backend passdb-backend</term>
+ <listitem><para>Use a different default passdb backend. </para>
+
+ <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-P|--account-policy account-policy</term>
+ <listitem><para>Display an account policy</para>
+ <para>Valid policies are: minimum password age, reset count minutes, disconnect time,
+ user must logon to change password, password history, lockout duration, min password length,
+ maximum password age and bad lockout attempt.</para>
+
+ <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
+<para><programlisting>
+account policy value for bad lockout attempt is 0
+</programlisting></para>
+
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-C|--value account-policy-value</term>
+ <listitem><para>Sets an account policy to a specified value.
+ This option may only be used in conjunction
+ with the <parameter>-P</parameter> option.
+ </para>
+
+ <para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para>
+<para><programlisting>
+account policy value for bad lockout attempt was 0
+account policy value for bad lockout attempt is now 3
+</programlisting></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-y|--policies</term>
+ <listitem><para>If you specify <parameter>-y</parameter>,
+ then <parameter>-i in-backend -e out-backend</parameter>
+ applies to the account policies instead of the user database.</para>
+
+ <para>This option will allow one to migrate account policies from their default
+ tdb-store into a passdb backend, e.g. an LDAP directory server.</para>
+
+ <para>Example: <command>pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host</command></para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--force-initialized-passwords</term>
+ <listitem><para>This option forces all users to change their
+ password upon next login.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-N|--account-desc description</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will specify the user's description
+ field.</para>
+
+ <para>Example: <command>-N "test description"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-Z|--logon-hours-reset</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will reset the user's allowed logon
+ hours. A user may login at any time afterwards.</para>
+
+ <para>Example: <command>-Z</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-z|--bad-password-count-reset</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will reset the stored bad login
+ counter from a specified user.</para>
+
+ <para>Example: <command>-z</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--policies-reset</term>
+ <listitem><para>This option can be used to reset the general
+ password policies stored for a domain to their
+ default values.</para>
+ <para>Example: <command>--policies-reset</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-I|--domain</term>
+ <listitem><para>This option can be used while adding or
+ modifying a user account. It will specify the user's domain field.</para>
+
+ <para>Example: <command>-I "MYDOMAIN"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--time-format</term>
+ <listitem><para>This option is currently not being used.</para>
+ </listitem>
+ </varlistentry>
+
+ &popt.autohelp;
+ &cmdline.common.samba.client;
+ </variablelist>
+</refsect1>
+
+
+<refsect1>
+ <title>NOTES</title>
+
+ <para>This command may be used only by root.</para>
+</refsect1>
+
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is part of version &doc.version; of
+ the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry></para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+ <para>The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.</para>
+
+</refsect1>
+
+</refentry>