source: trunk/samba/docs/htmldocs/manpages/pdbedit.8.html @ 26

Last change on this file since 26 was 1, checked in by Paul Smedley, 14 years ago

Initial code import

File size: 14.4 KB
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>pdbedit</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="pdbedit.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pdbedit &#8212; manage the SAM database (Database of Samba Users)</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pdbedit</code>  [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-t, --password-from-stdin] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] [-c account-control] [-y]</p></div></div><div class="refsect1" lang="en"><a name="id231471"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The pdbedit program is used to manage the users accounts
2        stored in the sam database and can only be run by root.</p><p>The pdbedit tool uses the passdb modular interface and is
3        independent from the kind of users database used (currently there
4        are smbpasswd, ldap, nis+ and tdb based and more can be added
5        without changing the tool).</p><p>There are five main ways to use pdbedit: adding a user account,
6        removing a user account, modifing a user account, listing user
7        accounts, importing users accounts.</p></div><div class="refsect1" lang="en"><a name="id231503"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-L</span></dt><dd><p>This option lists all the user accounts
8                present in the users database.
9                This option prints a list of user/uid pairs separated by
10                the ':' character.</p><p>Example: <span><strong class="command">pdbedit -L</strong></span></p><pre class="programlisting">
11sorce:500:Simo Sorce
12samba:45:Test User
13</pre></dd><dt><span class="term">-v</span></dt><dd><p>This option enables the verbose listing format.
14                It causes pdbedit to list the users in the database, printing
15                out the account fields in a descriptive format.</p><p>Example: <span><strong class="command">pdbedit -L -v</strong></span></p><pre class="programlisting">
17username:       sorce
18user ID/Group:  500/500
19user RID/GRID:  2000/2001
20Full Name:      Simo Sorce
21Home Directory: \\BERSERKER\sorce
22HomeDir Drive:  H:
23Logon Script:   \\BERSERKER\netlogon\sorce.bat
24Profile Path:   \\BERSERKER\profile
26username:       samba
27user ID/Group:  45/45
28user RID/GRID:  1090/1091
29Full Name:      Test User
30Home Directory: \\BERSERKER\samba
31HomeDir Drive: 
32Logon Script:   
33Profile Path:   \\BERSERKER\profile
34</pre></dd><dt><span class="term">-w</span></dt><dd><p>This option sets the "smbpasswd" listing format.
35                It will make pdbedit list the users in the database, printing
36                out the account fields in a format compatible with the
37                <code class="filename">smbpasswd</code> file format. (see the
38                <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for details)</p><p>Example: <span><strong class="command">pdbedit -L -w</strong></span></p><pre class="programlisting">
40          D2A2418EFC466A8A0F6B1DBB5C3DB80C:
41          [UX         ]:LCT-00000000:
43          BC281CE3F53B6A5146629CD4751D3490:
44          [UX         ]:LCT-3BFA1E8D:
45</pre></dd><dt><span class="term">-u username</span></dt><dd><p>This option specifies the username to be
46                used for the operation requested (listing, adding, removing).
47                It is <span class="emphasis"><em>required</em></span> in add, remove and modify
48                operations and <span class="emphasis"><em>optional</em></span> in list
49                operations.</p></dd><dt><span class="term">-f fullname</span></dt><dd><p>This option can be used while adding or
50                modifing a user account. It will specify the user's full
51                name. </p><p>Example: <span><strong class="command">-f "Simo Sorce"</strong></span></p></dd><dt><span class="term">-h homedir</span></dt><dd><p>This option can be used while adding or
52                modifing a user account. It will specify the user's home
53                directory network path.</p><p>Example: <span><strong class="command">-h "\\\\BERSERKER\\sorce"</strong></span>
54                </p></dd><dt><span class="term">-D drive</span></dt><dd><p>This option can be used while adding or
55                modifing a user account. It will specify the windows drive
56                letter to be used to map the home directory.</p><p>Example: <span><strong class="command">-D "H:"</strong></span>
57                </p></dd><dt><span class="term">-S script</span></dt><dd><p>This option can be used while adding or
58                modifing a user account. It will specify the user's logon
59                script path.</p><p>Example: <span><strong class="command">-S "\\\\BERSERKER\\netlogon\\sorce.bat"</strong></span>
60                </p></dd><dt><span class="term">-p profile</span></dt><dd><p>This option can be used while adding or
61                modifing a user account. It will specify the user's profile
62                directory.</p><p>Example: <span><strong class="command">-p "\\\\BERSERKER\\netlogon"</strong></span>
63                </p></dd><dt><span class="term">-G SID|rid</span></dt><dd><p>
64                This option can be used while adding or modifying a user account. It
65                will specify the users' new primary group SID (Security Identifier) or
66                rid. </p><p>Example: <span><strong class="command">-G S-1-5-21-2447931902-1787058256-3961074038-1201</strong></span></p></dd><dt><span class="term">-U SID|rid</span></dt><dd><p>
67                This option can be used while adding or modifying a user account. It
68                will specify the users' new SID (Security Identifier) or
69                rid. </p><p>Example: <span><strong class="command">-U S-1-5-21-2447931902-1787058256-3961074038-5004</strong></span></p></dd><dt><span class="term">-c account-control</span></dt><dd><p>This option can be used while adding or modifying a user
70                                account. It will specify the users' account control property. Possible flags are listed below.
71        </p><p>
72                </p><div class="itemizedlist"><ul type="disc"><li><p>N: No password required</p></li><li><p>D: Account disabled</p></li><li><p>H: Home directory required</p></li><li><p>T: Temporary duplicate of other account</p></li><li><p>U: Regular user account</p></li><li><p>M: MNS logon user account</p></li><li><p>W: Workstation Trust Account</p></li><li><p>S: Server Trust Account</p></li><li><p>L: Automatic Locking</p></li><li><p>X: Password does not expire</p></li><li><p>I: Domain Trust Account</p></li></ul></div><p>
73        </p><p>Example: <span><strong class="command">-c "[X          ]"</strong></span></p></dd><dt><span class="term">-a</span></dt><dd><p>This option is used to add a user into the
74                database. This command needs a user name specified with
75                the -u switch. When adding a new user, pdbedit will also
76                ask for the password to be used.</p><p>Example: <span><strong class="command">pdbedit -a -u sorce</strong></span>
77</p><pre class="programlisting">new password:
78retype new password
80</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>pdbedit does not call the unix password syncronisation
81                                script if <a class="indexterm" name="id271940"></a>unix password sync
82                                has been set. It only updates the data in the Samba
83                                user database.
84                        </p><p>If you wish to add a user and synchronise the password
85                                that immediately, use <span><strong class="command">smbpasswd</strong></span>'s <code class="option">-a</code> option.
86                        </p></div></dd><dt><span class="term">-t, --password-from-stdin</span></dt><dd><p>This option causes pdbedit to read the password
87                from standard input, rather than from /dev/tty (like the
88                <span><strong class="command">passwd(1)</strong></span> program does).  The password has
89                to be submitted twice and terminated by a newline each.</p></dd><dt><span class="term">-r</span></dt><dd><p>This option is used to modify an existing user
90                in the database. This command needs a user name specified with the -u
91                switch. Other options can be specified to modify the properties of
92                the specified user. This flag is kept for backwards compatibility, but
93                it is no longer necessary to specify it.
94                </p></dd><dt><span class="term">-m</span></dt><dd><p>This option may only be used in conjunction
95                with the <em class="parameter"><code>-a</code></em> option. It will make
96                pdbedit to add a machine trust account instead of a user
97                account (-u username will provide the machine name).</p><p>Example: <span><strong class="command">pdbedit -a -m -u w2k-wks</strong></span>
98                </p></dd><dt><span class="term">-x</span></dt><dd><p>This option causes pdbedit to delete an account
99                from the database. It needs a username specified with the
100                -u switch.</p><p>Example: <span><strong class="command">pdbedit -x -u bob</strong></span></p></dd><dt><span class="term">-i passdb-backend</span></dt><dd><p>Use a different passdb backend to retrieve users
101                than the one specified in smb.conf. Can be used to import data into
102                your local user database.</p><p>This option will ease migration from one passdb backend to
103                another.</p><p>Example: <span><strong class="command">pdbedit -i smbpasswd:/etc/smbpasswd.old
104                </strong></span></p></dd><dt><span class="term">-e passdb-backend</span></dt><dd><p>Exports all currently available users to the
105                specified password database backend.</p><p>This option will ease migration from one passdb backend to
106                another and will ease backing up.</p><p>Example: <span><strong class="command">pdbedit -e smbpasswd:/root/samba-users.backup</strong></span></p></dd><dt><span class="term">-g</span></dt><dd><p>If you specify <em class="parameter"><code>-g</code></em>,
107                then <em class="parameter"><code>-i in-backend -e out-backend</code></em>
108                applies to the group mapping instead of the user database.</p><p>This option will ease migration from one passdb backend to
109                another and will ease backing up.</p></dd><dt><span class="term">-b passdb-backend</span></dt><dd><p>Use a different default passdb backend. </p><p>Example: <span><strong class="command">pdbedit -b xml:/root/pdb-backup.xml -l</strong></span></p></dd><dt><span class="term">-P account-policy</span></dt><dd><p>Display an account policy</p><p>Valid policies are: minimum password age, reset count minutes, disconnect time,
110                user must logon to change password, password history, lockout duration, min password length,
111                maximum password age and bad lockout attempt.</p><p>Example: <span><strong class="command">pdbedit -P "bad lockout attempt"</strong></span></p><pre class="programlisting">
112account policy value for bad lockout attempt is 0
113</pre></dd><dt><span class="term">-C account-policy-value</span></dt><dd><p>Sets an account policy to a specified value.
114                This option may only be used in conjunction
115                with the <em class="parameter"><code>-P</code></em> option.
116                </p><p>Example: <span><strong class="command">pdbedit -P "bad lockout attempt" -C 3</strong></span></p><pre class="programlisting">
117account policy value for bad lockout attempt was 0
118account policy value for bad lockout attempt is now 3
119</pre></dd><dt><span class="term">-y</span></dt><dd><p>If you specify <em class="parameter"><code>-y</code></em>,
120                then <em class="parameter"><code>-i in-backend -e out-backend</code></em>
121                applies to the account policies instead of the user database.</p><p>This option will allow to migrate account policies from their default
122                tdb-store into a passdb backend, e.g. an LDAP directory server.</p><p>Example: <span><strong class="command">pdbedit -y -i tdbsam: -e ldapsam:ldap://</strong></span></p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
123</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the program version number.
124</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the
125configuration details required by the server.  The
126information in this file includes server-specific
127information such as what printcap file to use, as well
128as descriptions of all the services that the server is
129to provide. See <code class="filename">smb.conf</code> for more information.
130The default configuration file name is determined at
131compile time.</p></dd><dt><span class="term">-d|--debuglevel=level</span></dt><dd><p><em class="replaceable"><code>level</code></em> is an integer
132from 0 to 10.  The default value if this parameter is
133not specified is zero.</p><p>The higher this value, the more detail will be
134logged to the log files about the activities of the
135server. At level 0, only critical errors and serious
136warnings will be logged. Level 1 is a reasonable level for
137day-to-day running - it generates a small amount of
138information about operations carried out.</p><p>Levels above 1 will generate considerable
139amounts of log data, and should only be used when
140investigating a problem. Levels above 3 are designed for
141use only by developers and generate HUGE amounts of log
142data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
143override the <a class="indexterm" name="id272324"></a> parameter
144in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-l|--logfile=logdirectory</span></dt><dd><p>Base directory name for log/debug files. The extension
145<code class="constant">".progname"</code> will be appended (e.g. log.smbclient,
146log.smbd, etc...). The log file is never removed by the client.
147</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id272358"></a><h2>NOTES</h2><p>This command may be used only by root.</p></div><div class="refsect1" lang="en"><a name="id272368"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of
148        the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id272379"></a><h2>SEE ALSO</h2><p><a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a></p></div><div class="refsect1" lang="en"><a name="id272402"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
149        were created by Andrew Tridgell. Samba is now developed
150        by the Samba Team as an Open Source project similar
151        to the way the Linux kernel is developed.</p><p>The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.</p></div></div></body></html>
Note: See TracBrowser for help on using the repository browser.