Initial import

[samba] / docs / manpages / pdbedit.8

.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "PDBEDIT" 8 "" "" ""
.SH NAME
pdbedit \- manage the SAM database (Database of Samba Users)
.SH "SYNOPSIS"
.ad l
.hy 0
.HP 8
\fBpdbedit\fR [\-L] [\-v] [\-w] [\-u\ username] [\-f\ fullname] [\-h\ homedir] [\-D\ drive] [\-S\ script] [\-p\ profile] [\-a] [\-m] [\-r] [\-x] [\-i\ passdb\-backend] [\-e\ passdb\-backend] [\-b\ passdb\-backend] [\-g] [\-d\ debuglevel] [\-s\ configfile] [\-P\ account\-policy] [\-C\ value] [\-c\ account\-control]
.ad
.hy

.SH "DESCRIPTION"

.PP
This tool is part of the \fBsamba\fR(7) suite\&.

.PP
The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.

.PP
The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.

.PP
There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.

.SH "OPTIONS"

.TP
\-L
This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&.

Example: \fBpdbedit \-L\fR


.nf

sorce:500:Simo Sorce
samba:45:Test User
.fi


.TP
\-v
This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.

Example: \fBpdbedit \-L \-v\fR


.nf

\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
username:       sorce
user ID/Group:  500/500
user RID/GRID:  2000/2001
Full Name:      Simo Sorce
Home Directory: \\\\BERSERKER\\sorce
HomeDir Drive:  H:
Logon Script:   \\\\BERSERKER\\netlogon\\sorce\&.bat
Profile Path:   \\\\BERSERKER\\profile
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
username:       samba
user ID/Group:  45/45
user RID/GRID:  1090/1091
Full Name:      Test User
Home Directory: \\\\BERSERKER\\samba
HomeDir Drive:  
Logon Script:   
Profile Path:   \\\\BERSERKER\\profile
.fi


.TP
\-w
This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the\fIsmbpasswd\fR file format\&. (see the\fBsmbpasswd\fR(5) for details)

Example: \fBpdbedit \-L \-w\fR
.nf

sorce:500:508818B733CE64BEAAD3B435B51404EE:
          D2A2418EFC466A8A0F6B1DBB5C3DB80C:
          [UX         ]:LCT\-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
          BC281CE3F53B6A5146629CD4751D3490:
          [UX         ]:LCT\-3BFA1E8D:
.fi

.TP
\-u username
This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations\&.

.TP
\-f fullname
This option can be used while adding or modifing a user account\&. It will specify the user's full name\&.

Example: \fB\-f "Simo Sorce"\fR

.TP
\-h homedir
This option can be used while adding or modifing a user account\&. It will specify the user's home directory network path\&.

Example: \fB\-h "\\\\\\\\BERSERKER\\\\sorce"\fR 

.TP
\-D drive
This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.

Example: \fB\-d "H:"\fR 

.TP
\-S script
This option can be used while adding or modifing a user account\&. It will specify the user's logon script path\&.

Example: \fB\-S "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce\&.bat"\fR 

.TP
\-p profile
This option can be used while adding or modifing a user account\&. It will specify the user's profile directory\&.

Example: \fB\-p "\\\\\\\\BERSERKER\\\\netlogon"\fR 

.TP
\-G SID|rid
This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&.

Example: \fB\-G S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-1201\fR

.TP
\-U SID|rid
This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&.

Example: \fB\-U S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-5004\fR

.TP
\-c account\-control
This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags are listed below\&.



.RS
.TP 3
\(bu
N: No password required
.TP
\(bu
D: Account disabled
.TP
\(bu
H: Home directory required
.TP
\(bu
T: Temporary duplicate of other account
.TP
\(bu
U: Regular user account
.TP
\(bu
M: MNS logon user account
.TP
\(bu
W: Workstation Trust Account
.TP
\(bu
S: Server Trust Account
.TP
\(bu
L: Automatic Locking
.TP
\(bu
X: Password does not expire
.TP
\(bu
I: Domain Trust Account
.LP
.RE
.IP
 

Example: \fB\-c "[X ]"\fR

.TP
\-a
This option is used to add a user into the database\&. This command needs a user name specified with the \-u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.

Example: \fBpdbedit \-a \-u sorce\fR  
.nf
new password:
retype new password
.fi
 

.RS
.Sh "Note"
pdbedit does not call the unix password syncronisation script if unix password sync has been set\&. It only updates the data in the Samba user database\&.

If you wish to add a user and synchronise the password that immediately, use \fBsmbpasswd\fR's \fB\-a\fR option\&.

.RE

.TP
\-r
This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.

.TP
\-m
This option may only be used in conjunction with the \fI\-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (\-u username will provide the machine name)\&.

Example: \fBpdbedit \-a \-m \-u w2k\-wks\fR 

.TP
\-x
This option causes pdbedit to delete an account from the database\&. It needs a username specified with the \-u switch\&.

Example: \fBpdbedit \-x \-u bob\fR

.TP
\-i passdb\-backend
Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.

This option will ease migration from one passdb backend to another\&.

Example: \fBpdbedit \-i smbpasswd:/etc/smbpasswd\&.old \fR

.TP
\-e passdb\-backend
Exports all currently available users to the specified password database backend\&.

This option will ease migration from one passdb backend to another and will ease backing up\&.

Example: \fBpdbedit \-e smbpasswd:/root/samba\-users\&.backup\fR

.TP
\-g
If you specify \fI\-g\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the group mapping instead of the user database\&.

This option will ease migration from one passdb backend to another and will ease backing up\&.

.TP
\-b passdb\-backend
Use a different default passdb backend\&.

Example: \fBpdbedit \-b xml:/root/pdb\-backup\&.xml \-l\fR

.TP
\-P account\-policy
Display an account policy

Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.

Example: \fBpdbedit \-P "bad lockout attempt"\fR


.nf

account policy value for bad lockout attempt is 0
.fi


.TP
\-C account\-policy\-value
Sets an account policy to a specified value\&. This option may only be used in conjunction with the \fI\-P\fR option\&.

Example: \fBpdbedit \-P "bad lockout attempt" \-C 3\fR


.nf

account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
.fi


.TP
\-h|\-\-help
Print a summary of command line options\&.

.TP
\-V
Prints the program version number\&.

.TP
\-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.

.TP
\-d|\-\-debuglevel=level
\fIlevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.

The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.

Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.

Note that specifying this parameter here will override the  parameter in the \fIsmb\&.conf\fR file\&.

.TP
\-l|\-\-logfile=logdirectory
Base directory name for log/debug files\&. The extension \fB"\&.progname"\fR will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.

.SH "NOTES"

.PP
This command may be used only by root\&.

.SH "VERSION"

.PP
This man page is correct for version 3\&.0 of the Samba suite\&.

.SH "SEE ALSO"

.PP
\fBsmbpasswd\fR(5), \fBsamba\fR(7)

.SH "AUTHOR"

.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

.PP
The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij\&.