<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.5</refmiscinfo>
+ <refmiscinfo class="version">3.6</refmiscinfo>
</refmeta>
<para>Add a interdomain trust account for <replaceable>DOMAIN</replaceable>.
This is in fact a Samba account named <replaceable>DOMAIN$</replaceable>
with the account flag <constant>'I'</constant> (interdomain trust account).
+This is required for incoming trusts to work. It makes Samba be a
+trusted domain of the foreign (trusting) domain.
+Users of the Samba domain will be made available in the foreign domain.
If the command is used against localhost it has the same effect as
<command>smbpasswd -a -i DOMAIN</command>. Please note that both commands
expect a appropriate UNIX account.
<title>RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable></title>
<para>
-Establish a trust relationship to a trusting domain.
+Establish a trust relationship to a trusted domain.
Interdomain account must already be created on the remote PDC.
+This is required for outgoing trusts to work. It makes Samba be a
+trusting domain of a foreign (trusted) domain.
+Users of the foreign domain will be made available in our domain.
+You'll need winbind and a working idmap config to make them
+appear in your system.
</para>
</refsect3>
<refsect3>
<title>RPC TRUSTDOM LIST</title>
-<para>List all current interdomain trust relationships.</para>
+<para>List all interdomain trust relationships.</para>
</refsect3>
Timeout before system will be shut down. An interactive
user of the system can use this time to cancel the shutdown.
</para></listitem>
-</varlistentry>'>
+</varlistentry>
<varlistentry>
<term>-C message</term>
</refsect2>
+<refsect2>
+<title>SAM RIGHTS LIST</title>
+
+<para>
+List all available privileges.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>SAM RIGHTS GRANT <NAME> <PRIVILEGE></title>
+
+<para>
+Grant one or more privileges to a user.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>SAM RIGHTS REVOKE <NAME> <PRIVILEGE></title>
+
+<para>
+Revoke one or more privileges from a user.
+</para>
+
+</refsect2>
+
<refsect2>
<title>SAM SHOW <NAME></title>
</refsect2>
<refsect2>
-<title>IDMAP SECRET <DOMAIN>|ALLOC <secret></title>
+<title>IDMAP SECRET <DOMAIN> <secret></title>
<para>
Store a secret for the specified domain, used primarily for domains
<para>The usershare commands are:
<simplelist>
-<member>net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.</member>
+<member>net usershare add sharename path [comment [acl] [guest_ok=[y|n]]] - to add or change a user defined share.</member>
<member>net usershare delete sharename - to delete a user defined share.</member>
<member>net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.</member>
<member>net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.</member>
<simplelist>
<member>net dom join - Join a remote computer into a domain.</member>
<member>net dom unjoin - Unjoin a remote computer from a domain.</member>
+<member>net dom renamecomputer - Renames a remote computer joined to a domain.</member>
</simplelist>
</para>
<para>
Joins a computer into a domain. This command supports the following additional parameters:
+</para>
<itemizedlist>
-<listitem><replaceable>DOMAIN</replaceable> can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The <replaceable>DOMAIN</replaceable> parameter cannot be NULL.</listitem>
+<listitem><para><replaceable>DOMAIN</replaceable> can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The <replaceable>DOMAIN</replaceable> parameter cannot be NULL.</para></listitem>
-<listitem><replaceable>OU</replaceable> can be set to a RFC 1779 LDAP DN, like <emphasis>ou=mymachines,cn=Users,dc=example,dc=com</emphasis> in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.</listitem>
+<listitem><para><replaceable>OU</replaceable> can be set to a RFC 1779 LDAP DN, like <emphasis>ou=mymachines,cn=Users,dc=example,dc=com</emphasis> in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.</para></listitem>
-<listitem><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.</listitem>
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.</para></listitem>
-<listitem><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</listitem>
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
-<listitem><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful join to the domain.</listitem>
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful join to the domain.</para></listitem>
</itemizedlist>
-</para>
<para>
-Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user.
+Note that you also need to use standard net parameters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user.
</para>
<para>
Example:
<para>
Unjoins a computer from a domain. This command supports the following additional parameters:
+</para>
<itemizedlist>
-<listitem><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines.</listitem>
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines.</para></listitem>
-<listitem><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</listitem>
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
-<listitem><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain.</listitem>
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain.</para></listitem>
</itemizedlist>
-</para>
<para>
-Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to unjoin. These additional parameters include: -S computer and -U user.
+Note that you also need to use standard net parameters to connect and authenticate to the remote machine that you want to unjoin. These additional parameters include: -S computer and -U user.
</para>
<para>
Example:
</refsect3>
+<refsect3>
+<title>DOM RENAMECOMPUTER <replaceable>newname=NEWNAME</replaceable> <replaceable>account=ACCOUNT</replaceable> <replaceable>password=PASSWORD</replaceable> <replaceable>reboot</replaceable></title>
+
+<para>
+Renames a computer that is joined to a domain. This command supports the following additional parameters:
+</para>
+
+<itemizedlist>
+
+<listitem><para><replaceable>NEWNAME</replaceable> defines the new name of the machine in the domain.</para></listitem>
+
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to rename the machine in the domain. This domain account needs to have sufficient privileges to rename machines.</para></listitem>
+
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
+
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful rename in the domain.</para></listitem>
+
+</itemizedlist>
+
+<para>
+Note that you also need to use standard net parameters to connect and authenticate to the remote machine that you want to rename in the domain. These additional parameters include: -S computer and -U user.
+</para>
+<para>
+ Example:
+ net dom renamecomputer -S xp -U XP\\administrator%secret newname=XPNEW account=MYDOM\\administrator password=topsecret reboot.
+</para>
+<para>
+This example would connect to a computer named XP as the local administrator using password secret, and rename the joined computer to XPNEW using the MYDOM domain administrator account and password topsecret. After successful rename, the computer would reboot.
+</para>
+
+</refsect3>
+
+</refsect2>
+
+<refsect2>
+<title>G_LOCK</title>
+
+<para>Manage global locks.</para>
+
+<refsect3>
+<title>G_LOCK DO <replaceable>lockname</replaceable> <replaceable>timeout</replaceable> <replaceable>command</replaceable></title>
+
+<para>
+Execute a shell command under a global lock. This might be useful to define the
+order in which several shell commands will be executed. The locking information
+is stored in a file called <filename>g_lock.tdb</filename>. In setups with CTDB
+running, the locking information will be available on all cluster nodes.
+</para>
+
+<itemizedlist>
+<listitem><para><replaceable>LOCKNAME</replaceable> defines the name of the global lock.</para></listitem>
+<listitem><para><replaceable>TIMEOUT</replaceable> defines the timeout.</para></listitem>
+<listitem><para><replaceable>COMMAND</replaceable> defines the shell command to execute.</para></listitem>
+</itemizedlist>
+</refsect3>
+
+<refsect3>
+<title>G_LOCK LOCKS</title>
+
+<para>
+Print a list of all currently existing locknames.
+</para>
+</refsect3>
+
+<refsect3>
+<title>G_LOCK DUMP <replaceable>lockname</replaceable></title>
+
+<para>
+Dump the locking table of a certain global lock.
+</para>
+</refsect3>
+
</refsect2>
<refsect2>
git.samba.org / amitay / samba.git / blobdiff