source: branches/samba-3.0/docs/manpages/pdbedit.8@ 516

Last change on this file since 516 was 336, checked in by Herwig Bauernfeind, 16 years ago

Update 3.0 to 3.0.37 (unsupported security update)

File size: 17.1 KB
Line 
1.\" Title: pdbedit
2.\" Author: [see the "AUTHOR" section]
3.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
4.\" Date: 09/30/2009
5.\" Manual: System Administration tools
6.\" Source: Samba 3.0
7.\" Language: English
8.\"
9.TH "PDBEDIT" "8" "09/30/2009" "Samba 3\&.0" "System Administration tools"
10.\" -----------------------------------------------------------------
11.\" * (re)Define some macros
12.\" -----------------------------------------------------------------
13.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14.\" toupper - uppercase a string (locale-aware)
15.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
16.de toupper
17.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
18\\$*
19.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
20..
21.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22.\" SH-xref - format a cross-reference to an SH section
23.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
24.de SH-xref
25.ie n \{\
26.\}
27.toupper \\$*
28.el \{\
29\\$*
30.\}
31..
32.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33.\" SH - level-one heading that works better for non-TTY output
34.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
35.de1 SH
36.\" put an extra blank line of space above the head in non-TTY output
37.if t \{\
38.sp 1
39.\}
40.sp \\n[PD]u
41.nr an-level 1
42.set-an-margin
43.nr an-prevailing-indent \\n[IN]
44.fi
45.in \\n[an-margin]u
46.ti 0
47.HTML-TAG ".NH \\n[an-level]"
48.it 1 an-trap
49.nr an-no-space-flag 1
50.nr an-break-flag 1
51\." make the size of the head bigger
52.ps +3
53.ft B
54.ne (2v + 1u)
55.ie n \{\
56.\" if n (TTY output), use uppercase
57.toupper \\$*
58.\}
59.el \{\
60.nr an-break-flag 0
61.\" if not n (not TTY), use normal case (not uppercase)
62\\$1
63.in \\n[an-margin]u
64.ti 0
65.\" if not n (not TTY), put a border/line under subheading
66.sp -.6
67\l'\n(.lu'
68.\}
69..
70.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71.\" SS - level-two heading that works better for non-TTY output
72.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
73.de1 SS
74.sp \\n[PD]u
75.nr an-level 1
76.set-an-margin
77.nr an-prevailing-indent \\n[IN]
78.fi
79.in \\n[IN]u
80.ti \\n[SN]u
81.it 1 an-trap
82.nr an-no-space-flag 1
83.nr an-break-flag 1
84.ps \\n[PS-SS]u
85\." make the size of the head bigger
86.ps +2
87.ft B
88.ne (2v + 1u)
89.if \\n[.$] \&\\$*
90..
91.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92.\" BB/BE - put background/screen (filled box) around block of text
93.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
94.de BB
95.if t \{\
96.sp -.5
97.br
98.in +2n
99.ll -2n
100.gcolor red
101.di BX
102.\}
103..
104.de EB
105.if t \{\
106.if "\\$2"adjust-for-leading-newline" \{\
107.sp -1
108.\}
109.br
110.di
111.in
112.ll
113.gcolor
114.nr BW \\n(.lu-\\n(.i
115.nr BH \\n(dn+.5v
116.ne \\n(BHu+.5v
117.ie "\\$2"adjust-for-leading-newline" \{\
118\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
119.\}
120.el \{\
121\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
122.\}
123.in 0
124.sp -.5v
125.nf
126.BX
127.in
128.sp .5v
129.fi
130.\}
131..
132.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133.\" BM/EM - put colored marker in margin next to block of text
134.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135.de BM
136.if t \{\
137.br
138.ll -2n
139.gcolor red
140.di BX
141.\}
142..
143.de EM
144.if t \{\
145.br
146.di
147.ll
148.gcolor
149.nr BH \\n(dn
150.ne \\n(BHu
151\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
152.in 0
153.nf
154.BX
155.in
156.fi
157.\}
158..
159.\" -----------------------------------------------------------------
160.\" * set default formatting
161.\" -----------------------------------------------------------------
162.\" disable hyphenation
163.nh
164.\" disable justification (adjust text to left margin only)
165.ad l
166.\" -----------------------------------------------------------------
167.\" * MAIN CONTENT STARTS HERE *
168.\" -----------------------------------------------------------------
169.SH "Name"
170pdbedit \- manage the SAM database (Database of Samba Users)
171.SH "Synopsis"
172.fam C
173.HP \w'\ 'u
174\FCpdbedit\F[] [\-L] [\-v] [\-w] [\-u\ username] [\-f\ fullname] [\-h\ homedir] [\-D\ drive] [\-S\ script] [\-p\ profile] [\-a] [\-t,\ \-\-password\-from\-stdin] [\-m] [\-r] [\-x] [\-i\ passdb\-backend] [\-e\ passdb\-backend] [\-b\ passdb\-backend] [\-g] [\-d\ debuglevel] [\-s\ configfile] [\-P\ account\-policy] [\-C\ value] [\-c\ account\-control] [\-y]
175.fam
176.SH "DESCRIPTION"
177.PP
178This tool is part of the
179\fBsamba\fR(7)
180suite\&.
181.PP
182The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.
183.PP
184The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.
185.PP
186There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.
187.SH "OPTIONS"
188.PP
189\-L
190.RS 4
191This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the \':\' character\&.
192.sp
193Example:
194\FCpdbedit \-L\F[]
195.sp
196.if n \{\
197.RS 4
198.\}
199.fam C
200.ps -1
201.nf
202.if t \{\
203.sp -1
204.\}
205.BB lightgray adjust-for-leading-newline
206.sp -1
207
208sorce:500:Simo Sorce
209samba:45:Test User
210.EB lightgray adjust-for-leading-newline
211.if t \{\
212.sp 1
213.\}
214.fi
215.fam
216.ps +1
217.if n \{\
218.RE
219.\}
220.RE
221.PP
222\-v
223.RS 4
224This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
225.sp
226Example:
227\FCpdbedit \-L \-v\F[]
228.sp
229.if n \{\
230.RS 4
231.\}
232.fam C
233.ps -1
234.nf
235.if t \{\
236.sp -1
237.\}
238.BB lightgray adjust-for-leading-newline
239.sp -1
240
241\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
242username: sorce
243user ID/Group: 500/500
244user RID/GRID: 2000/2001
245Full Name: Simo Sorce
246Home Directory: \e\eBERSERKER\esorce
247HomeDir Drive: H:
248Logon Script: \e\eBERSERKER\enetlogon\esorce\&.bat
249Profile Path: \e\eBERSERKER\eprofile
250\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
251username: samba
252user ID/Group: 45/45
253user RID/GRID: 1090/1091
254Full Name: Test User
255Home Directory: \e\eBERSERKER\esamba
256HomeDir Drive:
257Logon Script:
258Profile Path: \e\eBERSERKER\eprofile
259.EB lightgray adjust-for-leading-newline
260.if t \{\
261.sp 1
262.\}
263.fi
264.fam
265.ps +1
266.if n \{\
267.RE
268.\}
269.RE
270.PP
271\-w
272.RS 4
273This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the
274\FCsmbpasswd\F[]
275file format\&. (see the
276\fBsmbpasswd\fR(5)
277for details)
278.sp
279Example:
280\FCpdbedit \-L \-w\F[]
281.sp
282.if n \{\
283.RS 4
284.\}
285.fam C
286.ps -1
287.nf
288.if t \{\
289.sp -1
290.\}
291.BB lightgray adjust-for-leading-newline
292.sp -1
293
294sorce:500:508818B733CE64BEAAD3B435B51404EE:
295 D2A2418EFC466A8A0F6B1DBB5C3DB80C:
296 [UX ]:LCT\-00000000:
297samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
298 BC281CE3F53B6A5146629CD4751D3490:
299 [UX ]:LCT\-3BFA1E8D:
300.EB lightgray adjust-for-leading-newline
301.if t \{\
302.sp 1
303.\}
304.fi
305.fam
306.ps +1
307.if n \{\
308.RE
309.\}
310.RE
311.PP
312\-u username
313.RS 4
314This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is
315\fIrequired\fR
316in add, remove and modify operations and
317\fIoptional\fR
318in list operations\&.
319.RE
320.PP
321\-f fullname
322.RS 4
323This option can be used while adding or modifing a user account\&. It will specify the user\'s full name\&.
324.sp
325Example:
326\FC\-f "Simo Sorce"\F[]
327.RE
328.PP
329\-h homedir
330.RS 4
331This option can be used while adding or modifing a user account\&. It will specify the user\'s home directory network path\&.
332.sp
333Example:
334\FC\-h "\e\e\e\eBERSERKER\e\esorce"\F[]
335.RE
336.PP
337\-D drive
338.RS 4
339This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.
340.sp
341Example:
342\FC\-D "H:"\F[]
343.RE
344.PP
345\-S script
346.RS 4
347This option can be used while adding or modifing a user account\&. It will specify the user\'s logon script path\&.
348.sp
349Example:
350\FC\-S "\e\e\e\eBERSERKER\e\enetlogon\e\esorce\&.bat"\F[]
351.RE
352.PP
353\-p profile
354.RS 4
355This option can be used while adding or modifing a user account\&. It will specify the user\'s profile directory\&.
356.sp
357Example:
358\FC\-p "\e\e\e\eBERSERKER\e\enetlogon"\F[]
359.RE
360.PP
361\-G SID|rid
362.RS 4
363This option can be used while adding or modifying a user account\&. It will specify the users\' new primary group SID (Security Identifier) or rid\&.
364.sp
365Example:
366\FC\-G S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-1201\F[]
367.RE
368.PP
369\-U SID|rid
370.RS 4
371This option can be used while adding or modifying a user account\&. It will specify the users\' new SID (Security Identifier) or rid\&.
372.sp
373Example:
374\FC\-U S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-5004\F[]
375.RE
376.PP
377\-c account\-control
378.RS 4
379This option can be used while adding or modifying a user account\&. It will specify the users\' account control property\&. Possible flags are listed below\&.
380.sp
381
382.sp
383.RS 4
384.ie n \{\
385\h'-04'\(bu\h'+03'\c
386.\}
387.el \{\
388.sp -1
389.IP \(bu 2.3
390.\}
391N: No password required
392.RE
393.sp
394.RS 4
395.ie n \{\
396\h'-04'\(bu\h'+03'\c
397.\}
398.el \{\
399.sp -1
400.IP \(bu 2.3
401.\}
402D: Account disabled
403.RE
404.sp
405.RS 4
406.ie n \{\
407\h'-04'\(bu\h'+03'\c
408.\}
409.el \{\
410.sp -1
411.IP \(bu 2.3
412.\}
413H: Home directory required
414.RE
415.sp
416.RS 4
417.ie n \{\
418\h'-04'\(bu\h'+03'\c
419.\}
420.el \{\
421.sp -1
422.IP \(bu 2.3
423.\}
424T: Temporary duplicate of other account
425.RE
426.sp
427.RS 4
428.ie n \{\
429\h'-04'\(bu\h'+03'\c
430.\}
431.el \{\
432.sp -1
433.IP \(bu 2.3
434.\}
435U: Regular user account
436.RE
437.sp
438.RS 4
439.ie n \{\
440\h'-04'\(bu\h'+03'\c
441.\}
442.el \{\
443.sp -1
444.IP \(bu 2.3
445.\}
446M: MNS logon user account
447.RE
448.sp
449.RS 4
450.ie n \{\
451\h'-04'\(bu\h'+03'\c
452.\}
453.el \{\
454.sp -1
455.IP \(bu 2.3
456.\}
457W: Workstation Trust Account
458.RE
459.sp
460.RS 4
461.ie n \{\
462\h'-04'\(bu\h'+03'\c
463.\}
464.el \{\
465.sp -1
466.IP \(bu 2.3
467.\}
468S: Server Trust Account
469.RE
470.sp
471.RS 4
472.ie n \{\
473\h'-04'\(bu\h'+03'\c
474.\}
475.el \{\
476.sp -1
477.IP \(bu 2.3
478.\}
479L: Automatic Locking
480.RE
481.sp
482.RS 4
483.ie n \{\
484\h'-04'\(bu\h'+03'\c
485.\}
486.el \{\
487.sp -1
488.IP \(bu 2.3
489.\}
490X: Password does not expire
491.RE
492.sp
493.RS 4
494.ie n \{\
495\h'-04'\(bu\h'+03'\c
496.\}
497.el \{\
498.sp -1
499.IP \(bu 2.3
500.\}
501I: Domain Trust Account
502.sp
503.RE
504.sp
505Example:
506\FC\-c "[X ]"\F[]
507.RE
508.PP
509\-a
510.RS 4
511This option is used to add a user into the database\&. This command needs a user name specified with the \-u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.
512.sp
513Example:
514\FCpdbedit \-a \-u sorce\F[]
515.sp
516.if n \{\
517.RS 4
518.\}
519.fam C
520.ps -1
521.nf
522.BB lightgray
523new password:
524retype new password
525.EB lightgray
526.fi
527.fam
528.ps +1
529.if n \{\
530.RE
531.\}
532.sp
533.if n \{\
534.sp
535.\}
536.RS 4
537.BM yellow
538.it 1 an-trap
539.nr an-no-space-flag 1
540.nr an-break-flag 1
541.br
542.ps +1
543\fBNote\fR
544.ps -1
545.br
546pdbedit does not call the unix password syncronisation script if
547\m[blue]\fBunix password sync\fR\m[]
548has been set\&. It only updates the data in the Samba user database\&.
549.sp
550If you wish to add a user and synchronise the password that immediately, use
551\FCsmbpasswd\F[]\'s
552\fB\-a\fR
553option\&.
554.sp .5v
555.EM yellow
556.RE
557.RE
558.PP
559\-t, \-\-password\-from\-stdin
560.RS 4
561This option causes pdbedit to read the password from standard input, rather than from /dev/tty (like the
562\FCpasswd(1)\F[]
563program does)\&. The password has to be submitted twice and terminated by a newline each\&.
564.RE
565.PP
566\-r
567.RS 4
568This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.
569.RE
570.PP
571\-m
572.RS 4
573This option may only be used in conjunction with the
574\fI\-a\fR
575option\&. It will make pdbedit to add a machine trust account instead of a user account (\-u username will provide the machine name)\&.
576.sp
577Example:
578\FCpdbedit \-a \-m \-u w2k\-wks\F[]
579.RE
580.PP
581\-x
582.RS 4
583This option causes pdbedit to delete an account from the database\&. It needs a username specified with the \-u switch\&.
584.sp
585Example:
586\FCpdbedit \-x \-u bob\F[]
587.RE
588.PP
589\-i passdb\-backend
590.RS 4
591Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.
592.sp
593This option will ease migration from one passdb backend to another\&.
594.sp
595Example:
596\FCpdbedit \-i smbpasswd:/etc/smbpasswd\&.old \F[]
597.RE
598.PP
599\-e passdb\-backend
600.RS 4
601Exports all currently available users to the specified password database backend\&.
602.sp
603This option will ease migration from one passdb backend to another and will ease backing up\&.
604.sp
605Example:
606\FCpdbedit \-e smbpasswd:/root/samba\-users\&.backup\F[]
607.RE
608.PP
609\-g
610.RS 4
611If you specify
612\fI\-g\fR, then
613\fI\-i in\-backend \-e out\-backend\fR
614applies to the group mapping instead of the user database\&.
615.sp
616This option will ease migration from one passdb backend to another and will ease backing up\&.
617.RE
618.PP
619\-b passdb\-backend
620.RS 4
621Use a different default passdb backend\&.
622.sp
623Example:
624\FCpdbedit \-b xml:/root/pdb\-backup\&.xml \-l\F[]
625.RE
626.PP
627\-P account\-policy
628.RS 4
629Display an account policy
630.sp
631Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.
632.sp
633Example:
634\FCpdbedit \-P "bad lockout attempt"\F[]
635.sp
636.if n \{\
637.RS 4
638.\}
639.fam C
640.ps -1
641.nf
642.if t \{\
643.sp -1
644.\}
645.BB lightgray adjust-for-leading-newline
646.sp -1
647
648account policy value for bad lockout attempt is 0
649.EB lightgray adjust-for-leading-newline
650.if t \{\
651.sp 1
652.\}
653.fi
654.fam
655.ps +1
656.if n \{\
657.RE
658.\}
659.RE
660.PP
661\-C account\-policy\-value
662.RS 4
663Sets an account policy to a specified value\&. This option may only be used in conjunction with the
664\fI\-P\fR
665option\&.
666.sp
667Example:
668\FCpdbedit \-P "bad lockout attempt" \-C 3\F[]
669.sp
670.if n \{\
671.RS 4
672.\}
673.fam C
674.ps -1
675.nf
676.if t \{\
677.sp -1
678.\}
679.BB lightgray adjust-for-leading-newline
680.sp -1
681
682account policy value for bad lockout attempt was 0
683account policy value for bad lockout attempt is now 3
684.EB lightgray adjust-for-leading-newline
685.if t \{\
686.sp 1
687.\}
688.fi
689.fam
690.ps +1
691.if n \{\
692.RE
693.\}
694.RE
695.PP
696\-y
697.RS 4
698If you specify
699\fI\-y\fR, then
700\fI\-i in\-backend \-e out\-backend\fR
701applies to the account policies instead of the user database\&.
702.sp
703This option will allow to migrate account policies from their default tdb\-store into a passdb backend, e\&.g\&. an LDAP directory server\&.
704.sp
705Example:
706\FCpdbedit \-y \-i tdbsam: \-e ldapsam:ldap://my\&.ldap\&.host\F[]
707.RE
708.PP
709\-h|\-\-help
710.RS 4
711Print a summary of command line options\&.
712.RE
713.PP
714\-d|\-\-debuglevel=level
715.RS 4
716\fIlevel\fR
717is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
718.sp
719The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
720.sp
721Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
722.sp
723Note that specifying this parameter here will override the
724\m[blue]\fBlog level\fR\m[]
725parameter in the
726\FCsmb\&.conf\F[]
727file\&.
728.RE
729.PP
730\-V
731.RS 4
732Prints the program version number\&.
733.RE
734.PP
735\-s <configuration file>
736.RS 4
737The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
738\FCsmb\&.conf\F[]
739for more information\&. The default configuration file name is determined at compile time\&.
740.RE
741.PP
742\-l|\-\-log\-basename=logdirectory
743.RS 4
744Base directory name for log/debug files\&. The extension
745\fB"\&.progname"\fR
746will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
747.RE
748.SH "NOTES"
749.PP
750This command may be used only by root\&.
751.SH "VERSION"
752.PP
753This man page is correct for version 3\&.0 of the Samba suite\&.
754.SH "SEE ALSO"
755.PP
756\fBsmbpasswd\fR(5),
757\fBsamba\fR(7)
758.SH "AUTHOR"
759.PP
760The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
761.PP
762The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij\&.
Note: See TracBrowser for help on using the repository browser.