source: branches/samba-3.3.x/docs-xml/manpages-3/pdbedit.8.xml

Last change on this file was 217, checked in by Herwig Bauernfeind, 16 years ago

Import Samba 3.3 branch at 3.3.0 level docs-xml (psmedley's port)
File size: 13.8 KB
RevLine 
[217]1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
3<refentry id="pdbedit.8">
4
5<refmeta>
6 <refentrytitle>pdbedit</refentrytitle>
7 <manvolnum>8</manvolnum>
8 <refmiscinfo class="source">Samba</refmiscinfo>
9 <refmiscinfo class="manual">System Administration tools</refmiscinfo>
10 <refmiscinfo class="version">3.3</refmiscinfo>
11</refmeta>
12
13
14<refnamediv>
15 <refname>pdbedit</refname>
16 <refpurpose>manage the SAM database (Database of Samba Users)</refpurpose>
17</refnamediv>
18
19<refsynopsisdiv>
20 <cmdsynopsis>
21 <command>pdbedit</command>
22 <arg choice="opt">-L</arg>
23 <arg choice="opt">-v</arg>
24 <arg choice="opt">-w</arg>
25 <arg choice="opt">-u username</arg>
26 <arg choice="opt">-f fullname</arg>
27 <arg choice="opt">-h homedir</arg>
28 <arg choice="opt">-D drive</arg>
29 <arg choice="opt">-S script</arg>
30 <arg choice="opt">-p profile</arg>
31 <arg choice="opt">-a</arg>
32 <arg choice="opt">-t, --password-from-stdin</arg>
33 <arg choice="opt">-m</arg>
34 <arg choice="opt">-r</arg>
35 <arg choice="opt">-x</arg>
36 <arg choice="opt">-i passdb-backend</arg>
37 <arg choice="opt">-e passdb-backend</arg>
38 <arg choice="opt">-b passdb-backend</arg>
39 <arg choice="opt">-g</arg>
40 <arg choice="opt">-d debuglevel</arg>
41 <arg choice="opt">-s configfile</arg>
42 <arg choice="opt">-P account-policy</arg>
43 <arg choice="opt">-C value</arg>
44 <arg choice="opt">-c account-control</arg>
45 <arg choice="opt">-y</arg>
46 </cmdsynopsis>
47</refsynopsisdiv>
48
49<refsect1>
50 <title>DESCRIPTION</title>
51
52 <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
53 <manvolnum>7</manvolnum></citerefentry> suite.</para>
54
55 <para>The pdbedit program is used to manage the users accounts
56 stored in the sam database and can only be run by root.</para>
57
58 <para>The pdbedit tool uses the passdb modular interface and is
59 independent from the kind of users database used (currently there
60 are smbpasswd, ldap, nis+ and tdb based and more can be added
61 without changing the tool).</para>
62
63 <para>There are five main ways to use pdbedit: adding a user account,
64 removing a user account, modifing a user account, listing user
65 accounts, importing users accounts.</para>
66</refsect1>
67
68<refsect1>
69 <title>OPTIONS</title>
70 <variablelist>
71 <varlistentry>
72 <term>-L</term>
73 <listitem><para>This option lists all the user accounts
74 present in the users database.
75 This option prints a list of user/uid pairs separated by
76 the ':' character.</para>
77 <para>Example: <command>pdbedit -L</command></para>
78 <para><programlisting>
79sorce:500:Simo Sorce
80samba:45:Test User
81</programlisting></para>
82 </listitem>
83 </varlistentry>
84
85
86
87 <varlistentry>
88 <term>-v</term>
89 <listitem><para>This option enables the verbose listing format.
90 It causes pdbedit to list the users in the database, printing
91 out the account fields in a descriptive format.</para>
92
93 <para>Example: <command>pdbedit -L -v</command></para>
94 <para><programlisting>
95---------------
96username: sorce
97user ID/Group: 500/500
98user RID/GRID: 2000/2001
99Full Name: Simo Sorce
100Home Directory: \\BERSERKER\sorce
101HomeDir Drive: H:
102Logon Script: \\BERSERKER\netlogon\sorce.bat
103Profile Path: \\BERSERKER\profile
104---------------
105username: samba
106user ID/Group: 45/45
107user RID/GRID: 1090/1091
108Full Name: Test User
109Home Directory: \\BERSERKER\samba
110HomeDir Drive:
111Logon Script:
112Profile Path: \\BERSERKER\profile
113</programlisting></para>
114 </listitem>
115 </varlistentry>
116
117
118
119 <varlistentry>
120 <term>-w</term>
121 <listitem><para>This option sets the "smbpasswd" listing format.
122 It will make pdbedit list the users in the database, printing
123 out the account fields in a format compatible with the
124 <filename>smbpasswd</filename> file format. (see the
125 <citerefentry><refentrytitle>smbpasswd</refentrytitle>
126 <manvolnum>5</manvolnum></citerefentry> for details)</para>
127
128 <para>Example: <command>pdbedit -L -w</command></para>
129 <programlisting>
130sorce:500:508818B733CE64BEAAD3B435B51404EE:
131 D2A2418EFC466A8A0F6B1DBB5C3DB80C:
132 [UX ]:LCT-00000000:
133samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
134 BC281CE3F53B6A5146629CD4751D3490:
135 [UX ]:LCT-3BFA1E8D:
136</programlisting>
137 </listitem>
138 </varlistentry>
139
140
141 <varlistentry>
142 <term>-u username</term>
143 <listitem><para>This option specifies the username to be
144 used for the operation requested (listing, adding, removing).
145 It is <emphasis>required</emphasis> in add, remove and modify
146 operations and <emphasis>optional</emphasis> in list
147 operations.</para>
148 </listitem>
149 </varlistentry>
150
151 <varlistentry>
152 <term>-f fullname</term>
153 <listitem><para>This option can be used while adding or
154 modifing a user account. It will specify the user's full
155 name. </para>
156
157 <para>Example: <command>-f "Simo Sorce"</command></para>
158 </listitem>
159 </varlistentry>
160
161 <varlistentry>
162 <term>-h homedir</term>
163 <listitem><para>This option can be used while adding or
164 modifing a user account. It will specify the user's home
165 directory network path.</para>
166
167 <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
168 </para>
169 </listitem>
170 </varlistentry>
171
172 <varlistentry>
173 <term>-D drive</term>
174 <listitem><para>This option can be used while adding or
175 modifing a user account. It will specify the windows drive
176 letter to be used to map the home directory.</para>
177
178 <para>Example: <command>-D "H:"</command>
179 </para>
180 </listitem>
181 </varlistentry>
182
183
184 <varlistentry>
185 <term>-S script</term>
186 <listitem><para>This option can be used while adding or
187 modifing a user account. It will specify the user's logon
188 script path.</para>
189
190 <para>Example: <command>-S "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
191 </para>
192 </listitem>
193 </varlistentry>
194
195
196 <varlistentry>
197 <term>-p profile</term>
198 <listitem><para>This option can be used while adding or
199 modifing a user account. It will specify the user's profile
200 directory.</para>
201
202 <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
203 </para>
204 </listitem>
205 </varlistentry>
206
207 <varlistentry>
208 <term>-G SID|rid</term>
209 <listitem><para>
210 This option can be used while adding or modifying a user account. It
211 will specify the users' new primary group SID (Security Identifier) or
212 rid. </para>
213
214 <para>Example: <command>-G S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
215 </listitem>
216 </varlistentry>
217
218 <varlistentry>
219 <term>-U SID|rid</term>
220 <listitem><para>
221 This option can be used while adding or modifying a user account. It
222 will specify the users' new SID (Security Identifier) or
223 rid. </para>
224
225 <para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
226 </listitem>
227 </varlistentry>
228
229 <varlistentry>
230 <term>-c account-control</term>
231 <listitem><para>This option can be used while adding or modifying a user
232 account. It will specify the users' account control property. Possible flags are listed below.
233 </para>
234
235 <para>
236 <itemizedlist>
237 <listitem><para>N: No password required</para></listitem>
238 <listitem><para>D: Account disabled</para></listitem>
239 <listitem><para>H: Home directory required</para></listitem>
240 <listitem><para>T: Temporary duplicate of other account</para></listitem>
241 <listitem><para>U: Regular user account</para></listitem>
242 <listitem><para>M: MNS logon user account</para></listitem>
243 <listitem><para>W: Workstation Trust Account</para></listitem>
244 <listitem><para>S: Server Trust Account</para></listitem>
245 <listitem><para>L: Automatic Locking</para></listitem>
246 <listitem><para>X: Password does not expire</para></listitem>
247 <listitem><para>I: Domain Trust Account</para></listitem>
248 </itemizedlist>
249 </para>
250
251 <para>Example: <command>-c "[X ]"</command></para>
252 </listitem>
253 </varlistentry>
254
255 <varlistentry>
256 <term>-a</term>
257 <listitem><para>This option is used to add a user into the
258 database. This command needs a user name specified with
259 the -u switch. When adding a new user, pdbedit will also
260 ask for the password to be used.</para>
261
262 <para>Example: <command>pdbedit -a -u sorce</command>
263<programlisting>new password:
264retype new password
265</programlisting>
266</para>
267
268 <note><para>pdbedit does not call the unix password syncronisation
269 script if <smbconfoption name="unix password sync"/>
270 has been set. It only updates the data in the Samba
271 user database.
272 </para>
273
274 <para>If you wish to add a user and synchronise the password
275 that immediately, use <command>smbpasswd</command>'s <option>-a</option> option.
276 </para>
277 </note>
278 </listitem>
279 </varlistentry>
280
281 <varlistentry>
282 <term>-t, --password-from-stdin</term>
283 <listitem><para>This option causes pdbedit to read the password
284 from standard input, rather than from /dev/tty (like the
285 <command>passwd(1)</command> program does). The password has
286 to be submitted twice and terminated by a newline each.</para>
287 </listitem>
288 </varlistentry>
289
290 <varlistentry>
291 <term>-r</term>
292 <listitem><para>This option is used to modify an existing user
293 in the database. This command needs a user name specified with the -u
294 switch. Other options can be specified to modify the properties of
295 the specified user. This flag is kept for backwards compatibility, but
296 it is no longer necessary to specify it.
297 </para></listitem>
298 </varlistentry>
299
300 <varlistentry>
301 <term>-m</term>
302 <listitem><para>This option may only be used in conjunction
303 with the <parameter>-a</parameter> option. It will make
304 pdbedit to add a machine trust account instead of a user
305 account (-u username will provide the machine name).</para>
306
307 <para>Example: <command>pdbedit -a -m -u w2k-wks</command>
308 </para>
309 </listitem>
310 </varlistentry>
311
312
313 <varlistentry>
314 <term>-x</term>
315 <listitem><para>This option causes pdbedit to delete an account
316 from the database. It needs a username specified with the
317 -u switch.</para>
318
319 <para>Example: <command>pdbedit -x -u bob</command></para>
320 </listitem>
321 </varlistentry>
322
323
324 <varlistentry>
325 <term>-i passdb-backend</term>
326 <listitem><para>Use a different passdb backend to retrieve users
327 than the one specified in smb.conf. Can be used to import data into
328 your local user database.</para>
329
330 <para>This option will ease migration from one passdb backend to
331 another.</para>
332
333 <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
334 </command></para>
335 </listitem>
336 </varlistentry>
337
338 <varlistentry>
339 <term>-e passdb-backend</term>
340 <listitem><para>Exports all currently available users to the
341 specified password database backend.</para>
342
343 <para>This option will ease migration from one passdb backend to
344 another and will ease backing up.</para>
345
346 <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
347 </listitem>
348 </varlistentry>
349
350 <varlistentry>
351 <term>-g</term>
352 <listitem><para>If you specify <parameter>-g</parameter>,
353 then <parameter>-i in-backend -e out-backend</parameter>
354 applies to the group mapping instead of the user database.</para>
355
356 <para>This option will ease migration from one passdb backend to
357 another and will ease backing up.</para>
358
359 </listitem>
360 </varlistentry>
361
362 <varlistentry>
363 <term>-b passdb-backend</term>
364 <listitem><para>Use a different default passdb backend. </para>
365
366 <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
367 </listitem>
368 </varlistentry>
369
370 <varlistentry>
371 <term>-P account-policy</term>
372 <listitem><para>Display an account policy</para>
373 <para>Valid policies are: minimum password age, reset count minutes, disconnect time,
374 user must logon to change password, password history, lockout duration, min password length,
375 maximum password age and bad lockout attempt.</para>
376
377 <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
378<para><programlisting>
379account policy value for bad lockout attempt is 0
380</programlisting></para>
381
382 </listitem>
383 </varlistentry>
384
385
386 <varlistentry>
387 <term>-C account-policy-value</term>
388 <listitem><para>Sets an account policy to a specified value.
389 This option may only be used in conjunction
390 with the <parameter>-P</parameter> option.
391 </para>
392
393 <para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para>
394<para><programlisting>
395account policy value for bad lockout attempt was 0
396account policy value for bad lockout attempt is now 3
397</programlisting></para>
398 </listitem>
399 </varlistentry>
400
401 <varlistentry>
402 <term>-y</term>
403 <listitem><para>If you specify <parameter>-y</parameter>,
404 then <parameter>-i in-backend -e out-backend</parameter>
405 applies to the account policies instead of the user database.</para>
406
407 <para>This option will allow to migrate account policies from their default
408 tdb-store into a passdb backend, e.g. an LDAP directory server.</para>
409
410 <para>Example: <command>pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host</command></para>
411
412 </listitem>
413 </varlistentry>
414
415 &stdarg.help;
416 &stdarg.server.debug;
417 &popt.common.samba;
418
419 </variablelist>
420</refsect1>
421
422
423<refsect1>
424 <title>NOTES</title>
425
426 <para>This command may be used only by root.</para>
427</refsect1>
428
429
430<refsect1>
431 <title>VERSION</title>
432
433 <para>This man page is correct for version 3 of
434 the Samba suite.</para>
435</refsect1>
436
437<refsect1>
438 <title>SEE ALSO</title>
439 <para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
440 <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle>
441 <manvolnum>7</manvolnum></citerefentry></para>
442</refsect1>
443
444<refsect1>
445 <title>AUTHOR</title>
446
447 <para>The original Samba software and related utilities
448 were created by Andrew Tridgell. Samba is now developed
449 by the Samba Team as an Open Source project similar
450 to the way the Linux kernel is developed.</para>
451
452 <para>The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.</para>
453
454</refsect1>
455
456</refentry>
Note: See TracBrowser for help on using the repository browser.