source: trunk/samba-3.0.25pre1/docs/manpages/pdbedit.8@ 4

Last change on this file since 4 was 1, checked in by Paul Smedley, 18 years ago

Initial code import
File size: 10.5 KB
Line 
1.\"Generated by db2man.xsl. Don't modify this, modify the source.
2.de Sh \" Subsection
3.br
4.if t .Sp
5.ne 5
6.PP
7\fB\\$1\fR
8.PP
9..
10.de Sp \" Vertical space (when we can't use .PP)
11.if t .sp .5v
12.if n .sp
13..
14.de Ip \" List item
15.br
16.ie \\n(.$>=3 .ne \\$3
17.el .ne 3
18.IP "\\$1" \\$2
19..
20.TH "PDBEDIT" 8 "" "" ""
21.SH NAME
22pdbedit \- manage the SAM database (Database of Samba Users)
23.SH "SYNOPSIS"
24.ad l
25.hy 0
26.HP 8
27\fBpdbedit\fR [\-L] [\-v] [\-w] [\-u\ username] [\-f\ fullname] [\-h\ homedir] [\-D\ drive] [\-S\ script] [\-p\ profile] [\-a] [\-t,\ \-\-password\-from\-stdin] [\-m] [\-r] [\-x] [\-i\ passdb\-backend] [\-e\ passdb\-backend] [\-b\ passdb\-backend] [\-g] [\-d\ debuglevel] [\-s\ configfile] [\-P\ account\-policy] [\-C\ value] [\-c\ account\-control] [\-y]
28.ad
29.hy
30
31.SH "DESCRIPTION"
32
33.PP
34This tool is part of the \fBsamba\fR(7) suite\&.
35
36.PP
37The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.
38
39.PP
40The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.
41
42.PP
43There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.
44
45.SH "OPTIONS"
46
47.TP
48\-L
49This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&.
50
51Example: \fBpdbedit \-L\fR
52
53
54
55.nf
56
57sorce:500:Simo Sorce
58samba:45:Test User
59
60.fi
61
62
63.TP
64\-v
65This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
66
67Example: \fBpdbedit \-L \-v\fR
68
69
70
71.nf
72
73\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
74username: sorce
75user ID/Group: 500/500
76user RID/GRID: 2000/2001
77Full Name: Simo Sorce
78Home Directory: \\\\BERSERKER\\sorce
79HomeDir Drive: H:
80Logon Script: \\\\BERSERKER\\netlogon\\sorce\&.bat
81Profile Path: \\\\BERSERKER\\profile
82\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
83username: samba
84user ID/Group: 45/45
85user RID/GRID: 1090/1091
86Full Name: Test User
87Home Directory: \\\\BERSERKER\\samba
88HomeDir Drive:
89Logon Script:
90Profile Path: \\\\BERSERKER\\profile
91
92.fi
93
94
95.TP
96\-w
97This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the\fIsmbpasswd\fR file format\&. (see the\fBsmbpasswd\fR(5) for details)
98
99Example: \fBpdbedit \-L \-w\fR
100
101.nf
102
103sorce:500:508818B733CE64BEAAD3B435B51404EE:
104 D2A2418EFC466A8A0F6B1DBB5C3DB80C:
105 [UX ]:LCT\-00000000:
106samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
107 BC281CE3F53B6A5146629CD4751D3490:
108 [UX ]:LCT\-3BFA1E8D:
109
110.fi
111
112.TP
113\-u username
114This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations\&.
115
116.TP
117\-f fullname
118This option can be used while adding or modifing a user account\&. It will specify the user's full name\&.
119
120Example: \fB\-f "Simo Sorce"\fR
121
122.TP
123\-h homedir
124This option can be used while adding or modifing a user account\&. It will specify the user's home directory network path\&.
125
126Example: \fB\-h "\\\\\\\\BERSERKER\\\\sorce"\fR
127
128.TP
129\-D drive
130This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.
131
132Example: \fB\-D "H:"\fR
133
134.TP
135\-S script
136This option can be used while adding or modifing a user account\&. It will specify the user's logon script path\&.
137
138Example: \fB\-S "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce\&.bat"\fR
139
140.TP
141\-p profile
142This option can be used while adding or modifing a user account\&. It will specify the user's profile directory\&.
143
144Example: \fB\-p "\\\\\\\\BERSERKER\\\\netlogon"\fR
145
146.TP
147\-G SID|rid
148This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&.
149
150Example: \fB\-G S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-1201\fR
151
152.TP
153\-U SID|rid
154This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&.
155
156Example: \fB\-U S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-5004\fR
157
158.TP
159\-c account\-control
160This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags are listed below\&.
161
162
163
164.RS
165.TP 3
166\(bu
167N: No password required
168.TP
169\(bu
170D: Account disabled
171.TP
172\(bu
173H: Home directory required
174.TP
175\(bu
176T: Temporary duplicate of other account
177.TP
178\(bu
179U: Regular user account
180.TP
181\(bu
182M: MNS logon user account
183.TP
184\(bu
185W: Workstation Trust Account
186.TP
187\(bu
188S: Server Trust Account
189.TP
190\(bu
191L: Automatic Locking
192.TP
193\(bu
194X: Password does not expire
195.TP
196\(bu
197I: Domain Trust Account
198.LP
199.RE
200.IP
201
202
203Example: \fB\-c "[X ]"\fR
204
205.TP
206\-a
207This option is used to add a user into the database\&. This command needs a user name specified with the \-u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.
208
209Example: \fBpdbedit \-a \-u sorce\fR
210
211.nf
212new password:
213retype new password
214
215.fi
216
217
218.RS
219.Sh "Note"
220pdbedit does not call the unix password syncronisation script if unix password sync has been set\&. It only updates the data in the Samba user database\&.
221
222If you wish to add a user and synchronise the password that immediately, use \fBsmbpasswd\fR's \fB\-a\fR option\&.
223
224.RE
225
226.TP
227\-t, \-\-password\-from\-stdin
228This option causes pdbedit to read the password from standard input, rather than from /dev/tty (like the\fBpasswd(1)\fR program does)\&. The password has to be submitted twice and terminated by a newline each\&.
229
230.TP
231\-r
232This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.
233
234.TP
235\-m
236This option may only be used in conjunction with the \fI\-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (\-u username will provide the machine name)\&.
237
238Example: \fBpdbedit \-a \-m \-u w2k\-wks\fR
239
240.TP
241\-x
242This option causes pdbedit to delete an account from the database\&. It needs a username specified with the \-u switch\&.
243
244Example: \fBpdbedit \-x \-u bob\fR
245
246.TP
247\-i passdb\-backend
248Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.
249
250This option will ease migration from one passdb backend to another\&.
251
252Example: \fBpdbedit \-i smbpasswd:/etc/smbpasswd\&.old \fR
253
254.TP
255\-e passdb\-backend
256Exports all currently available users to the specified password database backend\&.
257
258This option will ease migration from one passdb backend to another and will ease backing up\&.
259
260Example: \fBpdbedit \-e smbpasswd:/root/samba\-users\&.backup\fR
261
262.TP
263\-g
264If you specify \fI\-g\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the group mapping instead of the user database\&.
265
266This option will ease migration from one passdb backend to another and will ease backing up\&.
267
268.TP
269\-b passdb\-backend
270Use a different default passdb backend\&.
271
272Example: \fBpdbedit \-b xml:/root/pdb\-backup\&.xml \-l\fR
273
274.TP
275\-P account\-policy
276Display an account policy
277
278Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.
279
280Example: \fBpdbedit \-P "bad lockout attempt"\fR
281
282
283
284.nf
285
286account policy value for bad lockout attempt is 0
287
288.fi
289
290
291.TP
292\-C account\-policy\-value
293Sets an account policy to a specified value\&. This option may only be used in conjunction with the \fI\-P\fR option\&.
294
295Example: \fBpdbedit \-P "bad lockout attempt" \-C 3\fR
296
297
298
299.nf
300
301account policy value for bad lockout attempt was 0
302account policy value for bad lockout attempt is now 3
303
304.fi
305
306
307.TP
308\-y
309If you specify \fI\-y\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the account policies instead of the user database\&.
310
311This option will allow to migrate account policies from their default tdb\-store into a passdb backend, e\&.g\&. an LDAP directory server\&.
312
313Example: \fBpdbedit \-y \-i tdbsam: \-e ldapsam:ldap://my\&.ldap\&.host\fR
314
315.TP
316\-h|\-\-help
317Print a summary of command line options\&.
318
319.TP
320\-V
321Prints the program version number\&.
322
323.TP
324\-s <configuration file>
325The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.
326
327.TP
328\-d|\-\-debuglevel=level
329\fIlevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
330
331The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
332
333Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
334
335Note that specifying this parameter here will override the parameter in the \fIsmb\&.conf\fR file\&.
336
337.TP
338\-l|\-\-logfile=logdirectory
339Base directory name for log/debug files\&. The extension \fB"\&.progname"\fR will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
340
341.SH "NOTES"
342
343.PP
344This command may be used only by root\&.
345
346.SH "VERSION"
347
348.PP
349This man page is correct for version 3\&.0 of the Samba suite\&.
350
351.SH "SEE ALSO"
352
353.PP
354\fBsmbpasswd\fR(5), \fBsamba\fR(7)
355
356.SH "AUTHOR"
357
358.PP
359The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
360
361.PP
362The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij\&.
363
Note: See TracBrowser for help on using the repository browser.