.\"Generated by db2man.xsl. Don't modify this, modify the source. .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "PDBEDIT" 8 "" "" "" .SH NAME pdbedit \- manage the SAM database (Database of Samba Users) .SH "SYNOPSIS" .ad l .hy 0 .HP 8 \fBpdbedit\fR [\-L] [\-v] [\-w] [\-u\ username] [\-f\ fullname] [\-h\ homedir] [\-D\ drive] [\-S\ script] [\-p\ profile] [\-a] [\-t,\ \-\-password\-from\-stdin] [\-m] [\-r] [\-x] [\-i\ passdb\-backend] [\-e\ passdb\-backend] [\-b\ passdb\-backend] [\-g] [\-d\ debuglevel] [\-s\ configfile] [\-P\ account\-policy] [\-C\ value] [\-c\ account\-control] [\-y] .ad .hy .SH "DESCRIPTION" .PP This tool is part of the \fBsamba\fR(7) suite\&. .PP The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&. .PP The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&. .PP There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&. .SH "OPTIONS" .TP \-L This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&. Example: \fBpdbedit \-L\fR .nf sorce:500:Simo Sorce samba:45:Test User .fi .TP \-v This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&. Example: \fBpdbedit \-L \-v\fR .nf \-\-\-\-\-\-\-\-\-\-\-\-\-\-\- username: sorce user ID/Group: 500/500 user RID/GRID: 2000/2001 Full Name: Simo Sorce Home Directory: \\\\BERSERKER\\sorce HomeDir Drive: H: Logon Script: \\\\BERSERKER\\netlogon\\sorce\&.bat Profile Path: \\\\BERSERKER\\profile \-\-\-\-\-\-\-\-\-\-\-\-\-\-\- username: samba user ID/Group: 45/45 user RID/GRID: 1090/1091 Full Name: Test User Home Directory: \\\\BERSERKER\\samba HomeDir Drive: Logon Script: Profile Path: \\\\BERSERKER\\profile .fi .TP \-w This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the\fIsmbpasswd\fR file format\&. (see the\fBsmbpasswd\fR(5) for details) Example: \fBpdbedit \-L \-w\fR .nf sorce:500:508818B733CE64BEAAD3B435B51404EE: D2A2418EFC466A8A0F6B1DBB5C3DB80C: [UX ]:LCT\-00000000: samba:45:0F2B255F7B67A7A9AAD3B435B51404EE: BC281CE3F53B6A5146629CD4751D3490: [UX ]:LCT\-3BFA1E8D: .fi .TP \-u username This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations\&. .TP \-f fullname This option can be used while adding or modifing a user account\&. It will specify the user's full name\&. Example: \fB\-f "Simo Sorce"\fR .TP \-h homedir This option can be used while adding or modifing a user account\&. It will specify the user's home directory network path\&. Example: \fB\-h "\\\\\\\\BERSERKER\\\\sorce"\fR .TP \-D drive This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&. Example: \fB\-D "H:"\fR .TP \-S script This option can be used while adding or modifing a user account\&. It will specify the user's logon script path\&. Example: \fB\-S "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce\&.bat"\fR .TP \-p profile This option can be used while adding or modifing a user account\&. It will specify the user's profile directory\&. Example: \fB\-p "\\\\\\\\BERSERKER\\\\netlogon"\fR .TP \-G SID|rid This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&. Example: \fB\-G S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-1201\fR .TP \-U SID|rid This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&. Example: \fB\-U S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-5004\fR .TP \-c account\-control This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags are listed below\&. .RS .TP 3 \(bu N: No password required .TP \(bu D: Account disabled .TP \(bu H: Home directory required .TP \(bu T: Temporary duplicate of other account .TP \(bu U: Regular user account .TP \(bu M: MNS logon user account .TP \(bu W: Workstation Trust Account .TP \(bu S: Server Trust Account .TP \(bu L: Automatic Locking .TP \(bu X: Password does not expire .TP \(bu I: Domain Trust Account .LP .RE .IP Example: \fB\-c "[X ]"\fR .TP \-a This option is used to add a user into the database\&. This command needs a user name specified with the \-u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&. Example: \fBpdbedit \-a \-u sorce\fR .nf new password: retype new password .fi .RS .Sh "Note" pdbedit does not call the unix password syncronisation script if unix password sync has been set\&. It only updates the data in the Samba user database\&. If you wish to add a user and synchronise the password that immediately, use \fBsmbpasswd\fR's \fB\-a\fR option\&. .RE .TP \-t, \-\-password\-from\-stdin This option causes pdbedit to read the password from standard input, rather than from /dev/tty (like the\fBpasswd(1)\fR program does)\&. The password has to be submitted twice and terminated by a newline each\&. .TP \-r This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&. .TP \-m This option may only be used in conjunction with the \fI\-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (\-u username will provide the machine name)\&. Example: \fBpdbedit \-a \-m \-u w2k\-wks\fR .TP \-x This option causes pdbedit to delete an account from the database\&. It needs a username specified with the \-u switch\&. Example: \fBpdbedit \-x \-u bob\fR .TP \-i passdb\-backend Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&. This option will ease migration from one passdb backend to another\&. Example: \fBpdbedit \-i smbpasswd:/etc/smbpasswd\&.old \fR .TP \-e passdb\-backend Exports all currently available users to the specified password database backend\&. This option will ease migration from one passdb backend to another and will ease backing up\&. Example: \fBpdbedit \-e smbpasswd:/root/samba\-users\&.backup\fR .TP \-g If you specify \fI\-g\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the group mapping instead of the user database\&. This option will ease migration from one passdb backend to another and will ease backing up\&. .TP \-b passdb\-backend Use a different default passdb backend\&. Example: \fBpdbedit \-b xml:/root/pdb\-backup\&.xml \-l\fR .TP \-P account\-policy Display an account policy Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&. Example: \fBpdbedit \-P "bad lockout attempt"\fR .nf account policy value for bad lockout attempt is 0 .fi .TP \-C account\-policy\-value Sets an account policy to a specified value\&. This option may only be used in conjunction with the \fI\-P\fR option\&. Example: \fBpdbedit \-P "bad lockout attempt" \-C 3\fR .nf account policy value for bad lockout attempt was 0 account policy value for bad lockout attempt is now 3 .fi .TP \-y If you specify \fI\-y\fR, then \fI\-i in\-backend \-e out\-backend\fR applies to the account policies instead of the user database\&. This option will allow to migrate account policies from their default tdb\-store into a passdb backend, e\&.g\&. an LDAP directory server\&. Example: \fBpdbedit \-y \-i tdbsam: \-e ldapsam:ldap://my\&.ldap\&.host\fR .TP \-h|\-\-help Print a summary of command line options\&. .TP \-V Prints the program version number\&. .TP \-s The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP \-d|\-\-debuglevel=level \fIlevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&. The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. Note that specifying this parameter here will override the parameter in the \fIsmb\&.conf\fR file\&. .TP \-l|\-\-logfile=logdirectory Base directory name for log/debug files\&. The extension \fB"\&.progname"\fR will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&. .SH "NOTES" .PP This command may be used only by root\&. .SH "VERSION" .PP This man page is correct for version 3\&.0 of the Samba suite\&. .SH "SEE ALSO" .PP \fBsmbpasswd\fR(5), \fBsamba\fR(7) .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. .PP The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij\&.