1 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
2 <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
4 <refentry id="pdbedit.8">
7 <refentrytitle>pdbedit</refentrytitle>
8 <manvolnum>8</manvolnum>
13 <refname>pdbedit</refname>
14 <refpurpose>manage the SAM database</refpurpose>
19 <command>pdbedit</command>
20 <arg choice="opt">-l</arg>
21 <arg choice="opt">-v</arg>
22 <arg choice="opt">-w</arg>
23 <arg choice="opt">-u username</arg>
24 <arg choice="opt">-f fullname</arg>
25 <arg choice="opt">-h homedir</arg>
26 <arg choice="opt">-D drive</arg>
27 <arg choice="opt">-S script</arg>
28 <arg choice="opt">-p profile</arg>
29 <arg choice="opt">-a</arg>
30 <arg choice="opt">-m</arg>
31 <arg choice="opt">-x</arg>
32 <arg choice="opt">-i passdb-backend</arg>
33 <arg choice="opt">-e passdb-backend</arg>
34 <arg choice="opt">-g</arg>
35 <arg choice="opt">-b passdb-backend</arg>
36 <arg choice="opt">-g</arg>
37 <arg choice="opt">-d debuglevel</arg>
38 <arg choice="opt">-s configfile</arg>
39 <arg choice="opt">-P account-policy</arg>
40 <arg choice="opt">-C value</arg>
45 <title>DESCRIPTION</title>
47 <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
48 <manvolnum>7</manvolnum></citerefentry> suite.</para>
50 <para>The pdbedit program is used to manage the users accounts
51 stored in the sam database and can only be run by root.</para>
53 <para>The pdbedit tool uses the passdb modular interface and is
54 independent from the kind of users database used (currently there
55 are smbpasswd, ldap, nis+ and tdb based and more can be added
56 without changing the tool).</para>
58 <para>There are five main ways to use pdbedit: adding a user account,
59 removing a user account, modifing a user account, listing user
60 accounts, importing users accounts.</para>
64 <title>OPTIONS</title>
68 <listitem><para>This option lists all the user accounts
69 present in the users database.
70 This option prints a list of user/uid pairs separated by
71 the ':' character.</para>
72 <para>Example: <command>pdbedit -l</command></para>
84 <listitem><para>This option enables the verbose listing format.
85 It causes pdbedit to list the users in the database, printing
86 out the account fields in a descriptive format.</para>
88 <para>Example: <command>pdbedit -l -v</command></para>
92 user ID/Group: 500/500
93 user RID/GRID: 2000/2001
95 Home Directory: \\BERSERKER\sorce
97 Logon Script: \\BERSERKER\netlogon\sorce.bat
98 Profile Path: \\BERSERKER\profile
102 user RID/GRID: 1090/1091
104 Home Directory: \\BERSERKER\samba
107 Profile Path: \\BERSERKER\profile
116 <listitem><para>This option sets the "smbpasswd" listing format.
117 It will make pdbedit list the users in the database, printing
118 out the account fields in a format compatible with the
119 <filename>smbpasswd</filename> file format. (see the
120 <citerefentry><refentrytitle>smbpasswd</refentrytitle>
121 <manvolnum>5</manvolnum></citerefentry> for details)</para>
123 <para>Example: <command>pdbedit -l -w</command></para>
125 sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
126 samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
133 <term>-u username</term>
134 <listitem><para>This option specifies the username to be
135 used for the operation requested (listing, adding, removing).
136 It is <emphasis>required</emphasis> in add, remove and modify
137 operations and <emphasis>optional</emphasis> in list
143 <term>-f fullname</term>
144 <listitem><para>This option can be used while adding or
145 modifing a user account. It will specify the user's full
148 <para>Example: <command>-f "Simo Sorce"</command></para>
155 <term>-h homedir</term>
156 <listitem><para>This option can be used while adding or
157 modifing a user account. It will specify the user's home
158 directory network path.</para>
160 <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
166 <term>-D drive</term>
167 <listitem><para>This option can be used while adding or
168 modifing a user account. It will specify the windows drive
169 letter to be used to map the home directory.</para>
171 <para>Example: <command>-d "H:"</command>
178 <term>-S script</term>
179 <listitem><para>This option can be used while adding or
180 modifing a user account. It will specify the user's logon
183 <para>Example: <command>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
190 <term>-p profile</term>
191 <listitem><para>This option can be used while adding or
192 modifing a user account. It will specify the user's profile
195 <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
203 <listitem><para>This option is used to add a user into the
204 database. This command needs a user name specified with
205 the -u switch. When adding a new user, pdbedit will also
206 ask for the password to be used.</para>
208 <para>Example: <command>pdbedit -a -u sorce</command>
209 <programlisting>new password:
220 <listitem><para>This option may only be used in conjunction
221 with the <parameter>-a</parameter> option. It will make
222 pdbedit to add a machine trust account instead of a user
223 account (-u username will provide the machine name).</para>
225 <para>Example: <command>pdbedit -a -m -u w2k-wks</command>
233 <listitem><para>This option causes pdbedit to delete an account
234 from the database. It needs a username specified with the
237 <para>Example: <command>pdbedit -x -u bob</command></para>
243 <term>-i passdb-backend</term>
244 <listitem><para>Use a different passdb backend to retrieve users
245 than the one specified in smb.conf. Can be used to import data into
246 your local user database.</para>
248 <para>This option will ease migration from one passdb backend to
251 <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
257 <term>-e passdb-backend</term>
258 <listitem><para>Exports all currently available users to the
259 specified password database backend.</para>
261 <para>This option will ease migration from one passdb backend to
262 another and will ease backing up.</para>
264 <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
270 <listitem><para>If you specify <parameter>-g</parameter>,
271 then <parameter>-i in-backend -e out-backend</parameter>
272 applies to the group mapping instead of the user database.
274 <para>This option will ease migration from one passdb backend to
275 another and will ease backing up.</para>
282 <listitem><para>If you specify <parameter>-g</parameter>,
283 then <parameter>-i in-backend -e out-backend</parameter>
284 applies to the group mapping instead of the user database.
286 <para>This option will ease migration from one passdb backend to
287 another and will ease backing up.</para>
293 <term>-b passdb-backend</term>
294 <listitem><para>Use a different default passdb backend. </para>
296 <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
301 <term>-P account-policy</term>
302 <listitem><para>Display an account policy</para>
303 <para>Valid policies are: minimum password age, reset count minutes, disconnect time,
304 user must logon to change password, password history, lockout duration, min password length,
305 maximum password age and bad lockout attempt.</para>
307 <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
308 <para><programlisting>
309 account policy value for bad lockout attempt is 0
310 </programlisting></para>
316 <term>-C account-policy-value</term>
317 <listitem><para>Sets an account policy to a specified value.
318 This option may only be used in conjunction
319 with the <parameter>-P</parameter> option.
322 <para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para>
323 <para><programlisting>
324 account policy value for bad lockout attempt was 0
325 account policy value for bad lockout attempt is now 3
326 </programlisting></para>
340 <para>This command may be used only by root.</para>
345 <title>VERSION</title>
347 <para>This man page is correct for version 2.2 of
348 the Samba suite.</para>
352 <title>SEE ALSO</title>
353 <para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
354 <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle>
355 <manvolnum>7</manvolnum></citerefentry></para>
359 <title>AUTHOR</title>
361 <para>The original Samba software and related utilities
362 were created by Andrew Tridgell. Samba is now developed
363 by the Samba Team as an Open Source project similar
364 to the way the Linux kernel is developed.</para>
366 <para>The original Samba man pages were written by Karl Auer.
367 The man page sources were converted to YODL format (another
368 excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
369 ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
370 release by Jeremy Allison. The conversion to DocBook for
371 Samba 2.2 was done by Gerald Carter. The conversion to DocBook
372 XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>