Context Navigation

← Previous Change
Next Change →

pdbedit.8

Timestamp:

May 27, 2007, 12:26:26 AM (18 years ago)

Author:

Paul Smedley

Message:

Upgrade source to 3.0.25a

File:

: 1 edited

trunk/samba/docs/manpages/pdbedit.8 (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/samba/docs/manpages/pdbedit.8

-              r1
+              r39
 ..
 .TH "PDBEDIT" 8 "" "" ""
 .SH NAME
 pdbedit \- manage the SAM database (Database of Samba Users)
+.SH "NAME"
+pdbedit - manage the SAM database (Database of Samba Users)
 .SH "SYNOPSIS"
-.ad l
-.hy 0
 .HP 8
+\fBpdbedit\fR [\-L] [\-v] [\-w] [\-u\ username] [\-f\ fullname] [\-h\ homedir] [\-D\ drive] [\-S\ script] [\-p\ profile] [\-a] [\-t,\ \-\-password\-from\-stdin] [\-m] [\-r] [\-x] [\-i\ passdb\-backend] [\-e\ passdb\-backend] [\-b\ passdb\-backend] [\-g] [\-d\ debuglevel] [\-s\ configfile] [\-P\ account\-policy] [\-C\ value] [\-c\ account\-control] [\-y]
+.ad
+.hy
+\fBpdbedit\fR [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-t, --password-from-stdin] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] [-c account-control] [-y]
 .SH "DESCRIPTION"
+.PP
+This tool is part of the \fBsamba\fR(7) suite\&.
+.PP
+The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.
+.PP
+The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.
+.PP
+There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.
+.PP
+This tool is part of the
+\fBsamba\fR(7)
+suite.
+.PP
+The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.
+.PP
+The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool).
+.PP
+There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts.
 .SH "OPTIONS"
+.TP
+\-L
+This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&.
+Example: \fBpdbedit \-L\fR
+.PP
+-L
+.RS 3n
+This option lists all the user accounts present in the users database. This option prints a list of user/uid pairs separated by the ':' character.
+.sp
+Example:
+\fBpdbedit -L\fR
+.sp
+.sp
 .nf
 …
 .fi
+.TP
+\-v
+This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
+Example: \fBpdbedit \-L \-v\fR
+.nf
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+.RE
+.PP
+-v
+.RS 3n
+This option enables the verbose listing format. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format.
+.sp
+Example:
+\fBpdbedit -L -v\fR
+.sp
+.sp
+.nf
+---------------
 username:       sorce
 user ID/Group:  500/500
 user RID/GRID:  2000/2001
 Full Name:      Simo Sorce
 Home Directory: \\\\BERSERKER\\sorce
+Home Directory: \\BERSERKER\sorce
 HomeDir Drive:  H:
 Logon Script:   \\\\BERSERKER\\netlogon\\sorce\&.bat
 Profile Path:   \\\\BERSERKER\\profile
 \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+Logon Script:   \\BERSERKER\netlogon\sorce.bat
+Profile Path:   \\BERSERKER\profile
+---------------
 username:       samba
 user ID/Group:  45/45
 user RID/GRID:  1090/1091
 Full Name:      Test User
 Home Directory: \\\\BERSERKER\\samba
+Home Directory: \\BERSERKER\samba
 HomeDir Drive:
 Logon Script:
+Profile Path:   \\\\BERSERKER\\profile
+.fi
+.TP
+\-w
+This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the\fIsmbpasswd\fR file format\&. (see the\fBsmbpasswd\fR(5) for details)
+Example: \fBpdbedit \-L \-w\fR
+Profile Path:   \\BERSERKER\profile
+.fi
+.RE
+.PP
+-w
+.RS 3n
+This option sets the "smbpasswd" listing format. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the
+\fIsmbpasswd\fR
+file format. (see the
+\fBsmbpasswd\fR(5)
+for details)
+.sp
+Example:
+\fBpdbedit -L -w\fR
 .nf
 …
 sorce:500:508818B733CE64BEAAD3B435B51404EE:
           D2A2418EFC466A8A0F6B1DBB5C3DB80C:
           [UX         ]:LCT\-00000000:
+          [UX         ]:LCT-00000000:
 samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
           BC281CE3F53B6A5146629CD4751D3490:
+          [UX         ]:LCT\-3BFA1E8D:
+.fi
+.TP
+\-u username
+This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations\&.
+.TP
+\-f fullname
+This option can be used while adding or modifing a user account\&. It will specify the user's full name\&.
+Example: \fB\-f "Simo Sorce"\fR
+.TP
+\-h homedir
+This option can be used while adding or modifing a user account\&. It will specify the user's home directory network path\&.
+Example: \fB\-h "\\\\\\\\BERSERKER\\\\sorce"\fR
+.TP
+\-D drive
+This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.
+Example: \fB\-D "H:"\fR
+.TP
+\-S script
+This option can be used while adding or modifing a user account\&. It will specify the user's logon script path\&.
+Example: \fB\-S "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce\&.bat"\fR
+.TP
+\-p profile
+This option can be used while adding or modifing a user account\&. It will specify the user's profile directory\&.
+Example: \fB\-p "\\\\\\\\BERSERKER\\\\netlogon"\fR
+.TP
+\-G SID|rid
+This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&.
+Example: \fB\-G S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-1201\fR
+.TP
+\-U SID|rid
+This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&.
+Example: \fB\-U S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-5004\fR
+.TP
+\-c account\-control
+This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags are listed below\&.
+.RS
+.TP 3
+\(bu
+          [UX         ]:LCT-3BFA1E8D:
+.fi
+.RE
+.PP
+-u username
+.RS 3n
+This option specifies the username to be used for the operation requested (listing, adding, removing). It is
+\fBrequired\fR
+in add, remove and modify operations and
+\fBoptional\fR
+in list operations.
+.RE
+.PP
+-f fullname
+.RS 3n
+This option can be used while adding or modifing a user account. It will specify the user's full name.
+.sp
+Example:
+\fB-f "Simo Sorce"\fR
+.RE
+.PP
+-h homedir
+.RS 3n
+This option can be used while adding or modifing a user account. It will specify the user's home directory network path.
+.sp
+Example:
+\fB-h "\\\\BERSERKER\\sorce"\fR
+.RE
+.PP
+-D drive
+.RS 3n
+This option can be used while adding or modifing a user account. It will specify the windows drive letter to be used to map the home directory.
+.sp
+Example:
+\fB-D "H:"\fR
+.RE
+.PP
+-S script
+.RS 3n
+This option can be used while adding or modifing a user account. It will specify the user's logon script path.
+.sp
+Example:
+\fB-S "\\\\BERSERKER\\netlogon\\sorce.bat"\fR
+.RE
+.PP
+-p profile
+.RS 3n
+This option can be used while adding or modifing a user account. It will specify the user's profile directory.
+.sp
+Example:
+\fB-p "\\\\BERSERKER\\netlogon"\fR
+.RE
+.PP
+-G SID|rid
+.RS 3n
+This option can be used while adding or modifying a user account. It will specify the users' new primary group SID (Security Identifier) or rid.
+.sp
+Example:
+\fB-G S-1-5-21-2447931902-1787058256-3961074038-1201\fR
+.RE
+.PP
+-U SID|rid
+.RS 3n
+This option can be used while adding or modifying a user account. It will specify the users' new SID (Security Identifier) or rid.
+.sp
+Example:
+\fB-U S-1-5-21-2447931902-1787058256-3961074038-5004\fR
+.RE
+.PP
+-c account-control
+.RS 3n
+This option can be used while adding or modifying a user account. It will specify the users' account control property. Possible flags are listed below.
+.sp
+.RS 3n
+.TP 3n
+&#8226;
 N: No password required
 .TP
+\(bu
+.TP 3n
+&#8226;
 D: Account disabled
 .TP
+\(bu
+.TP 3n
+&#8226;
 H: Home directory required
 .TP
+\(bu
+.TP 3n
+&#8226;
 T: Temporary duplicate of other account
 .TP
+\(bu
+.TP 3n
+&#8226;
 U: Regular user account
 .TP
+\(bu
+.TP 3n
+&#8226;
 M: MNS logon user account
 .TP
+\(bu
+.TP 3n
+&#8226;
 W: Workstation Trust Account
 .TP
+\(bu
+.TP 3n
+&#8226;
 S: Server Trust Account
 .TP
+\(bu
+.TP 3n
+&#8226;
 L: Automatic Locking
 .TP
+\(bu
+.TP 3n
+&#8226;
 X: Password does not expire
 .TP
+\(bu
+.TP 3n
+&#8226;
 I: Domain Trust Account
+.LP
+.RE
+.IP
+Example: \fB\-c "[X ]"\fR
+.TP
+\-a
+This option is used to add a user into the database\&. This command needs a user name specified with the \-u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.
+Example: \fBpdbedit \-a \-u sorce\fR
+.RE
+.IP "" 3n
+.sp
+Example:
+\fB-c "[X ]"\fR
+.RE
+.PP
+-a
+.RS 3n
+This option is used to add a user into the database. This command needs a user name specified with the -u switch. When adding a new user, pdbedit will also ask for the password to be used.
+.sp
+Example:
+\fBpdbedit -a -u sorce\fR
+.sp
 .nf
 …
 .fi
+.RS
+.Sh "Note"
+pdbedit does not call the unix password syncronisation script if unix password sync has been set\&. It only updates the data in the Samba user database\&.
+If you wish to add a user and synchronise the password that immediately, use \fBsmbpasswd\fR's \fB\-a\fR option\&.
+.RE
+.TP
+\-t, \-\-password\-from\-stdin
+This option causes pdbedit to read the password from standard input, rather than from /dev/tty (like the\fBpasswd(1)\fR program does)\&. The password has to be submitted twice and terminated by a newline each\&.
+.TP
+\-r
+This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.
+.TP
+\-m
+This option may only be used in conjunction with the \fI\-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (\-u username will provide the machine name)\&.
+Example: \fBpdbedit \-a \-m \-u w2k\-wks\fR
+.TP
+\-x
+This option causes pdbedit to delete an account from the database\&. It needs a username specified with the \-u switch\&.
+Example: \fBpdbedit \-x \-u bob\fR
+.TP
+\-i passdb\-backend
+Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.
+This option will ease migration from one passdb backend to another\&.
+Example: \fBpdbedit \-i smbpasswd:/etc/smbpasswd\&.old \fR
+.TP
+\-e passdb\-backend
+Exports all currently available users to the specified password database backend\&.
+This option will ease migration from one passdb backend to another and will ease backing up\&.
+Example: \fBpdbedit \-e smbpasswd:/root/samba\-users\&.backup\fR
+.TP
+\-g
+If you specify \fI\-g\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the group mapping instead of the user database\&.
+This option will ease migration from one passdb backend to another and will ease backing up\&.
+.TP
+\-b passdb\-backend
+Use a different default passdb backend\&.
+Example: \fBpdbedit \-b xml:/root/pdb\-backup\&.xml \-l\fR
+.TP
+\-P account\-policy
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+\fBNote\fR
+pdbedit does not call the unix password syncronisation script if
+unix password sync has been set. It only updates the data in the Samba user database.
+.sp
+If you wish to add a user and synchronise the password that immediately, use
+\fBsmbpasswd\fR's
+\fB-a\fR
+option.
+.RE
+.PP
+-t, --password-from-stdin
+.RS 3n
+This option causes pdbedit to read the password from standard input, rather than from /dev/tty (like the
+\fBpasswd(1)\fR
+program does). The password has to be submitted twice and terminated by a newline each.
+.RE
+.PP
+-r
+.RS 3n
+This option is used to modify an existing user in the database. This command needs a user name specified with the -u switch. Other options can be specified to modify the properties of the specified user. This flag is kept for backwards compatibility, but it is no longer necessary to specify it.
+.RE
+.PP
+-m
+.RS 3n
+This option may only be used in conjunction with the
+\fI-a\fR
+option. It will make pdbedit to add a machine trust account instead of a user account (-u username will provide the machine name).
+.sp
+Example:
+\fBpdbedit -a -m -u w2k-wks\fR
+.RE
+.PP
+-x
+.RS 3n
+This option causes pdbedit to delete an account from the database. It needs a username specified with the -u switch.
+.sp
+Example:
+\fBpdbedit -x -u bob\fR
+.RE
+.PP
+-i passdb-backend
+.RS 3n
+Use a different passdb backend to retrieve users than the one specified in smb.conf. Can be used to import data into your local user database.
+.sp
+This option will ease migration from one passdb backend to another.
+.sp
+Example:
+\fBpdbedit -i smbpasswd:/etc/smbpasswd.old \fR
+.RE
+.PP
+-e passdb-backend
+.RS 3n
+Exports all currently available users to the specified password database backend.
+.sp
+This option will ease migration from one passdb backend to another and will ease backing up.
+.sp
+Example:
+\fBpdbedit -e smbpasswd:/root/samba-users.backup\fR
+.RE
+.PP
+-g
+.RS 3n
+If you specify
+\fI-g\fR, then
+\fI-i in-backend -e out-backend\fR
+applies to the group mapping instead of the user database.
+.sp
+This option will ease migration from one passdb backend to another and will ease backing up.
+.RE
+.PP
+-b passdb-backend
+.RS 3n
+Use a different default passdb backend.
+.sp
+Example:
+\fBpdbedit -b xml:/root/pdb-backup.xml -l\fR
+.RE
+.PP
+-P account-policy
+.RS 3n
 Display an account policy
+Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.
+Example: \fBpdbedit \-P "bad lockout attempt"\fR
+.sp
+Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt.
+.sp
+Example:
+\fBpdbedit -P "bad lockout attempt"\fR
+.sp
+.sp
 .nf
 …
 .fi
+.TP
+\-C account\-policy\-value
+Sets an account policy to a specified value\&. This option may only be used in conjunction with the \fI\-P\fR option\&.
+Example: \fBpdbedit \-P "bad lockout attempt" \-C 3\fR
+.RE
+.PP
+-C account-policy-value
+.RS 3n
+Sets an account policy to a specified value. This option may only be used in conjunction with the
+\fI-P\fR
+option.
+.sp
+Example:
+\fBpdbedit -P "bad lockout attempt" -C 3\fR
+.sp
+.sp
 .nf
 …
 .fi
+.TP
+\-y
+If you specify \fI\-y\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the account policies instead of the user database\&.
+This option will allow to migrate account policies from their default tdb\-store into a passdb backend, e\&.g\&. an LDAP directory server\&.
+Example: \fBpdbedit \-y \-i tdbsam: \-e ldapsam:ldap://my\&.ldap\&.host\fR
+.TP
+\-h|\-\-help
+Print a summary of command line options\&.
+.TP
+\-V
+Prints the program version number\&.
+.TP
+\-s <configuration file>
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.
+.TP
+\-d|\-\-debuglevel=level
+\fIlevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+Note that specifying this parameter here will override the  parameter in the \fIsmb\&.conf\fR file\&.
+.TP
+\-l|\-\-logfile=logdirectory
+Base directory name for log/debug files\&. The extension \fB"\&.progname"\fR will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+-y
+.RS 3n
+If you specify
+\fI-y\fR, then
+\fI-i in-backend -e out-backend\fR
+applies to the account policies instead of the user database.
+.sp
+This option will allow to migrate account policies from their default tdb-store into a passdb backend, e.g. an LDAP directory server.
+.sp
+Example:
+\fBpdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host\fR
+.RE
+.PP
+-h|--help
+.RS 3n
+Print a summary of command line options.
+.RE
+.PP
+-V
+.RS 3n
+Prints the program version number.
+.RE
+.PP
+-s <configuration file>
+.RS 3n
+The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See
+\fIsmb.conf\fR
+for more information. The default configuration file name is determined at compile time.
+.RE
+.PP
+-d|--debuglevel=level
+.RS 3n
+\fIlevel\fR
+is an integer from 0 to 10. The default value if this parameter is not specified is zero.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
+.sp
+Note that specifying this parameter here will override the
+parameter in the
+\fIsmb.conf\fR
+file.
+.RE
+.PP
+-l|--logfile=logdirectory
+.RS 3n
+Base directory name for log/debug files. The extension
+\fB".progname"\fR
+will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.
+.RE
 .SH "NOTES"
+.PP
+This command may be used only by root\&.
+.PP
+This command may be used only by root.
 .SH "VERSION"
+.PP
+This man page is correct for version 3\&.0 of the Samba suite\&.
+.PP
+This man page is correct for version 3.0 of the Samba suite.
 .SH "SEE ALSO"
+.PP
+\fBsmbpasswd\fR(5), \fBsamba\fR(7)
+.PP
+\fBsmbpasswd\fR(5),
+\fBsamba\fR(7)
 .SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
+.PP
+The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij\&.
+.PP
+The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
+.PP
+The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 39 for trunk/samba/docs/manpages/pdbedit.8

Legend:

trunk/samba/docs/manpages/pdbedit.8

Download in other formats: