1 .\"Generated by db2man.xsl. Don't modify this, modify the source.
10 .de Sp \" Vertical space (when we can't use .PP)
16 .ie \\n(.$>=3 .ne \\$3
20 .TH "PDBEDIT" 8 "" "" ""
22 pdbedit \- manage the SAM database (Database of Samba Users)
27 \fBpdbedit\fR [\-L] [\-v] [\-w] [\-u\ username] [\-f\ fullname] [\-h\ homedir] [\-D\ drive] [\-S\ script] [\-p\ profile] [\-a] [\-m] [\-r] [\-x] [\-i\ passdb\-backend] [\-e\ passdb\-backend] [\-b\ passdb\-backend] [\-g] [\-d\ debuglevel] [\-s\ configfile] [\-P\ account\-policy] [\-C\ value] [\-c\ account\-control]
34 This tool is part of the \fBsamba\fR(7) suite\&.
37 The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.
40 The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.
43 There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.
49 This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&.
51 Example: \fBpdbedit \-L\fR
63 This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
65 Example: \fBpdbedit \-L \-v\fR
70 \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
72 user ID/Group: 500/500
73 user RID/GRID: 2000/2001
75 Home Directory: \\\\BERSERKER\\sorce
77 Logon Script: \\\\BERSERKER\\netlogon\\sorce\&.bat
78 Profile Path: \\\\BERSERKER\\profile
79 \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
82 user RID/GRID: 1090/1091
84 Home Directory: \\\\BERSERKER\\samba
87 Profile Path: \\\\BERSERKER\\profile
93 This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the\fIsmbpasswd\fR file format\&. (see the\fBsmbpasswd\fR(5) for details)
95 Example: \fBpdbedit \-L \-w\fR
98 sorce:500:508818B733CE64BEAAD3B435B51404EE:
99 D2A2418EFC466A8A0F6B1DBB5C3DB80C:
101 samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
102 BC281CE3F53B6A5146629CD4751D3490:
108 This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations\&.
112 This option can be used while adding or modifing a user account\&. It will specify the user's full name\&.
114 Example: \fB\-f "Simo Sorce"\fR
118 This option can be used while adding or modifing a user account\&. It will specify the user's home directory network path\&.
120 Example: \fB\-h "\\\\\\\\BERSERKER\\\\sorce"\fR
124 This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.
126 Example: \fB\-d "H:"\fR
130 This option can be used while adding or modifing a user account\&. It will specify the user's logon script path\&.
132 Example: \fB\-S "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce\&.bat"\fR
136 This option can be used while adding or modifing a user account\&. It will specify the user's profile directory\&.
138 Example: \fB\-p "\\\\\\\\BERSERKER\\\\netlogon"\fR
142 This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&.
144 Example: \fB\-G S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-1201\fR
148 This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&.
150 Example: \fB\-U S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-5004\fR
154 This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags are listed below\&.
161 N: No password required
167 H: Home directory required
170 T: Temporary duplicate of other account
173 U: Regular user account
176 M: MNS logon user account
179 W: Workstation Trust Account
182 S: Server Trust Account
188 X: Password does not expire
191 I: Domain Trust Account
197 Example: \fB\-c "[X ]"\fR
201 This option is used to add a user into the database\&. This command needs a user name specified with the \-u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.
203 Example: \fBpdbedit \-a \-u sorce\fR
212 pdbedit does not call the unix password syncronisation script if unix password sync has been set\&. It only updates the data in the Samba user database\&.
214 If you wish to add a user and synchronise the password that immediately, use \fBsmbpasswd\fR's \fB\-a\fR option\&.
220 This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.
224 This option may only be used in conjunction with the \fI\-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (\-u username will provide the machine name)\&.
226 Example: \fBpdbedit \-a \-m \-u w2k\-wks\fR
230 This option causes pdbedit to delete an account from the database\&. It needs a username specified with the \-u switch\&.
232 Example: \fBpdbedit \-x \-u bob\fR
236 Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.
238 This option will ease migration from one passdb backend to another\&.
240 Example: \fBpdbedit \-i smbpasswd:/etc/smbpasswd\&.old \fR
244 Exports all currently available users to the specified password database backend\&.
246 This option will ease migration from one passdb backend to another and will ease backing up\&.
248 Example: \fBpdbedit \-e smbpasswd:/root/samba\-users\&.backup\fR
252 If you specify \fI\-g\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the group mapping instead of the user database\&.
254 This option will ease migration from one passdb backend to another and will ease backing up\&.
258 Use a different default passdb backend\&.
260 Example: \fBpdbedit \-b xml:/root/pdb\-backup\&.xml \-l\fR
264 Display an account policy
266 Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.
268 Example: \fBpdbedit \-P "bad lockout attempt"\fR
273 account policy value for bad lockout attempt is 0
278 \-C account\-policy\-value
279 Sets an account policy to a specified value\&. This option may only be used in conjunction with the \fI\-P\fR option\&.
281 Example: \fBpdbedit \-P "bad lockout attempt" \-C 3\fR
286 account policy value for bad lockout attempt was 0
287 account policy value for bad lockout attempt is now 3
293 Print a summary of command line options\&.
297 Prints the program version number\&.
300 \-s <configuration file>
301 The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.
304 \-d|\-\-debuglevel=level
305 \fIlevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
307 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
309 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
311 Note that specifying this parameter here will override the parameter in the \fIsmb\&.conf\fR file\&.
314 \-l|\-\-logfile=logdirectory
315 Base directory name for log/debug files\&. The extension \fB"\&.progname"\fR will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
320 This command may be used only by root\&.
325 This man page is correct for version 3\&.0 of the Samba suite\&.
330 \fBsmbpasswd\fR(5), \fBsamba\fR(7)
335 The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
338 The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij\&.