1 .\"Generated by db2man.xsl. Don't modify this, modify the source.
10 .de Sp \" Vertical space (when we can't use .PP)
16 .ie \\n(.$>=3 .ne \\$3
22 net \- Tool for administration of Samba and remote CIFS servers.
26 \fBnet\fR {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address]
27 [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-D debuglevel]
34 This tool is part of the \fBSamba\fR(7) suite\&.
37 The samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.
43 Print a summary of command line options\&.
48 Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&.
53 Sets client workgroup or domain
63 IP address of target server to use\&. You have to specify either this option or a target workgroup or a target server\&.
68 Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&.
72 -n <primary NetBIOS name>
73 This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&.
77 -s <configuration file>
78 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.
83 Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&.
88 When listing data, give more information on each item\&.
93 Make queries to the external server using the machine account of the local server\&.
98 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
101 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out\&.
104 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
107 Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&.
115 This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory\&. DO NOT USE this command unless you know exactly what you are doing\&. The use of this command requires that the force flag (-f) be used also\&. There will be NO command prompt\&. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password\&. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning\&. YOU HAVE BEEN WARNED\&.
120 The \fBNET TIME\fR command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server\&.
123 Without any options, the \fBNET TIME\fR command displays the time on the remote server\&.
126 Displays the time on the remote server in a format ready for \fB/bin/date\fR
129 Tries to set the date and time of the local server to that on the remote server using \fB/bin/date\fR\&.
132 Displays the timezone in hours from GMT on the remote computer\&.
134 .SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]"
137 Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&.
140 [TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain\&.
142 .SS "[RPC] OLDJOIN [options]"
145 Join a domain\&. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust account in server manager first\&.
150 Delete specified user
156 List the domain groups of a the specified user\&.
159 Add specified user\&.
161 .SS "[RPC|ADS] GROUP"
167 Delete specified group\&.
170 Create specified group\&.
172 .SS "[RAP|RPC] SHARE"
175 Enumerates all exported resources (network shares) on target server\&.
178 Adds a share from a server (makes the export active)\&. Maxusers specifies the number of users that can be connected to the share simultaneously\&.
181 Delete specified share\&.
186 List all open files on remote server\&.
189 Close file with specified \fIfileid\fR on remote server\&.
192 Print information on specified \fIfileid\fR\&. Currently listed are: file-id, username, locks, path, permissions\&.
198 Currently NOT implemented\&.
205 Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server\&.
208 Close the specified sessions\&.
211 Give a list with all the open files in specified session\&.
213 .SS "RAP SERVER DOMAIN"
216 List all servers in specified domain or workgroup\&. Defaults to local domain\&.
221 Lists all domains and workgroups visible on the current network\&.
226 Lists the specified print queue and print jobs on the server\&. If the \fIQUEUE_NAME\fR is omitted, all queues are listed\&.
229 Delete job with specified id\&.
231 .SS "RAP VALIDATE user [password]"
234 Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&.
240 Currently NOT implemented\&.
244 .SS "RAP GROUPMEMBER"
247 List all members of the specified group\&.
250 Delete member from group\&.
253 Add member to group\&.
255 .SS "RAP ADMIN command"
258 Execute the specified \fIcommand\fR on the remote server\&. Only works with OS/2 servers\&.
264 Currently NOT implemented\&.
271 Start the specified service on the remote server\&. Not implemented yet\&.
277 Currently NOT implemented\&.
282 Stop the specified service on the remote server\&.
288 Currently NOT implemented\&.
292 .SS "RAP PASSWORD USER OLDPASS NEWPASS"
295 Change password of \fIUSER\fR from \fIOLDPASS\fR to \fINEWPASS\fR\&.
300 Lookup the IP address of the given host with the specified type (netbios suffix)\&. The type defaults to 0x20 (workstation)\&.
303 Give IP address of LDAP server of specified \fIDOMAIN\fR\&. Defaults to local domain\&.
306 Give IP address of KDC for the specified \fIREALM\fR\&. Defaults to local realm\&.
309 Give IP's of Domain Controllers for specified \fI DOMAIN\fR\&. Defaults to local domain\&.
312 Give IP of master browser for specified \fIDOMAIN\fR or workgroup\&. Defaults to local domain\&.
317 Samba uses a general caching interface called 'gencache'\&. It can be controlled using 'NET CACHE'\&.
320 All the timeout parameters support the suffixes: s - Secondsm - Minutesh - Hoursd - Daysw - Weeks
323 Add specified key+data to the cache with the given timeout\&.
326 Delete key from the cache\&.
329 Update data of existing cache entry\&.
332 Search for the specified pattern in the cache data\&.
335 List all current items in the cache\&.
338 Remove all the current items from the cache\&.
340 .SS "GETLOCALSID [DOMAIN]"
343 Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in\&.
345 .SS "SETLOCALSID S-1-5-21-x-y-z"
348 Sets domain sid for the local server to the specified SID\&.
353 Manage the mappings between Windows group SIDs and UNIX groups\&. Parameters take the for "parameter=value"\&. Common options include:
357 unixgroup - Name of the UNIX group
361 ntgroup - Name of the Windows NT group (must be resolvable to a SID
365 rid - Unsigned 32-bit integer
369 sid - Full SID in the form of "S-1-\&.\&.\&."
373 type - Type of the group; either 'domain', 'local', or 'builtin'
377 comment - Freeform text description of the group
382 Add a new group mapping entry
385 net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string]
388 Delete a group mapping entry
391 net groupmap delete {ntgroup=string|sid=SID}
394 Update en existing group entry
397 net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}
400 List existing group mapping entries
403 net groupmap list [verbose] [ntgroup=string] [sid=SID]
408 Prints out the highest RID currently in use on the local server (by the active 'passdb backend')\&.
413 Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups\&.
415 .SS "[RPC|ADS] TESTJOIN"
418 Check whether participation in a domain is still valid\&.
420 .SS "[RPC|ADS] CHANGETRUSTPW"
423 Force change of domain trust password\&.
428 Add a interdomain trust account for \fIDOMAIN\fR to the remote server\&.
431 Remove interdomain trust account for \fIDOMAIN\fR from the remote server\&.
437 Currently NOT implemented\&.
442 Establish a trust relationship to a trusting domain\&. Interdomain account must already be created on the remote PDC\&.
445 Abandon relationship to trusted domain
448 List all current interdomain trust relationships\&.
450 .SS "RPC ABORTSHUTDOWN"
453 Abort the shutdown of a remote server\&.
455 .SS "SHUTDOWN [-t timeout] [-r] [-f] [-C message]"
458 Shut down the remote server\&.
462 Reboot after shutdown\&.
467 Force shutting down all applications\&.
472 Timeout before system will be shut down\&. An interactive user of the system can use this time to cancel the shutdown\&.
477 Display the specified message on the screen to announce the shutdown\&.
483 Print out sam database of remote server\&. You need to run this on either a BDC\&.
488 Export users, aliases and groups from remote server to local server\&. Can only be run an a BDC\&.
493 Fetch domain SID and store it in the local \fIsecrets\&.tdb\fR\&.
498 Make the remote host leave the domain it is part of\&.
503 Print out status of machine account of the local machine in ADS\&. Prints out quite some debug info\&. Aimed at developers, regular users should use \fBNET ADS TESTJOIN\fR\&.
508 Lookup info for \fIPRINTER\fR on \fISERVER\fR\&. The printer name defaults to "*", the server name defaults to the local host\&.
511 Publish specified printer using ADS\&.
514 Remove specified printer from ADS directory\&.
516 .SS "ADS SEARCH EXPRESSION ATTRIBUTES..."
519 Perform a raw LDAP search on a ADS server and dump the results\&. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results\&.
522 Example: \fBnet ads search '(objectCategory=group)' sAMAccountName\fR
524 .SS "ADS DN DN (attributes)"
527 Perform a raw LDAP search on a ADS server and dump the results\&. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result\&.
530 Example: \fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR
535 Print out workgroup name for specified kerberos realm\&.
540 Gives usage information for the specified command\&.
545 This man page is complete for version 3\&.0 of the Samba suite\&.
550 The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
553 The net manpage was written by Jelmer Vernooij\&.