syncing up docs, examples, & packaging from 3.0

[bbaumbach/samba-autobuild/.git] / docs / manpages / net.8

.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "NET" 8 "" "" ""
.SH NAME
net \- Tool for administration of Samba and remote CIFS servers.
.SH "SYNOPSIS"

.nf
\fBnet\fR {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address]
    [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-D debuglevel]
   
.fi

.SH "DESCRIPTION"

.PP
This tool is part of the \fBSamba\fR(7) suite\&.

.PP
The samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.

.SH "OPTIONS"

.TP
-h|--help
Print a summary of command line options\&.


.TP
-w target-workgroup
Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&.


.TP
-W workgroup
Sets client workgroup or domain


.TP
-U user
User name to use


.TP
-I ip-address
IP address of target server to use\&. You have to specify either this option or a target workgroup or a target server\&.


.TP
-p port
Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&.


.TP
-n <primary NetBIOS name>
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&.


.TP
-s <configuration file>
The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.


.TP
-S server
Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&.


.TP
-l
When listing data, give more information on each item\&.


.TP
-P
Make queries to the external server using the machine account of the local server\&.


.TP
-d|--debug=debuglevel
\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.


The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out\&.


Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.


Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&.


.SH "COMMANDS"

.SS "CHANGESECRETPW"

.PP
This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory\&. DO NOT USE this command unless you know exactly what you are doing\&. The use of this command requires that the force flag (-f) be used also\&. There will be NO command prompt\&. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password\&. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning\&. YOU HAVE BEEN WARNED\&.

.SS "TIME"

.PP
The \fBNET TIME\fR command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server\&.

.PP
Without any options, the \fBNET TIME\fR command displays the time on the remote server\&.

.PP
Displays the time on the remote server in a format ready for \fB/bin/date\fR

.PP
Tries to set the date and time of the local server to that on the remote server using \fB/bin/date\fR\&.

.PP
Displays the timezone in hours from GMT on the remote computer\&.

.SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]"

.PP
Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&.

.PP
[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain\&.

.SS "[RPC] OLDJOIN [options]"

.PP
Join a domain\&. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust account in server manager first\&.

.SS "[RPC|ADS] USER"

.PP
Delete specified user

.PP
List all users

.PP
List the domain groups of a the specified user\&.

.PP
Add specified user\&.

.SS "[RPC|ADS] GROUP"

.PP
List user groups\&.

.PP
Delete specified group\&.

.PP
Create specified group\&.

.SS "[RAP|RPC] SHARE"

.PP
Enumerates all exported resources (network shares) on target server\&.

.PP
Adds a share from a server (makes the export active)\&. Maxusers specifies the number of users that can be connected to the share simultaneously\&.

.PP
Delete specified share\&.

.SS "[RPC|RAP] FILE"

.PP
List all open files on remote server\&.

.PP
Close file with specified \fIfileid\fR on remote server\&.

.PP
Print information on specified \fIfileid\fR\&. Currently listed are: file-id, username, locks, path, permissions\&.

.RS
.Sh "Note"

.PP
Currently NOT implemented\&.

.RE

.SS "SESSION"

.PP
Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server\&.

.PP
Close the specified sessions\&.

.PP
Give a list with all the open files in specified session\&.

.SS "RAP SERVER DOMAIN"

.PP
List all servers in specified domain or workgroup\&. Defaults to local domain\&.

.SS "RAP DOMAIN"

.PP
Lists all domains and workgroups visible on the current network\&.

.SS "RAP PRINTQ"

.PP
Lists the specified print queue and print jobs on the server\&. If the \fIQUEUE_NAME\fR is omitted, all queues are listed\&.

.PP
Delete job with specified id\&.

.SS "RAP VALIDATE user [password]"

.PP
Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&.

.RS
.Sh "Note"

.PP
Currently NOT implemented\&.

.RE

.SS "RAP GROUPMEMBER"

.PP
List all members of the specified group\&.

.PP
Delete member from group\&.

.PP
Add member to group\&.

.SS "RAP ADMIN command"

.PP
Execute the specified \fIcommand\fR on the remote server\&. Only works with OS/2 servers\&.

.RS
.Sh "Note"

.PP
Currently NOT implemented\&.

.RE

.SS "RAP SERVICE"

.PP
Start the specified service on the remote server\&. Not implemented yet\&.

.RS
.Sh "Note"

.PP
Currently NOT implemented\&.

.RE

.PP
Stop the specified service on the remote server\&.

.RS
.Sh "Note"

.PP
Currently NOT implemented\&.

.RE

.SS "RAP PASSWORD USER OLDPASS NEWPASS"

.PP
Change password of \fIUSER\fR from \fIOLDPASS\fR to \fINEWPASS\fR\&.

.SS "LOOKUP"

.PP
Lookup the IP address of the given host with the specified type (netbios suffix)\&. The type defaults to 0x20 (workstation)\&.

.PP
Give IP address of LDAP server of specified \fIDOMAIN\fR\&. Defaults to local domain\&.

.PP
Give IP address of KDC for the specified \fIREALM\fR\&. Defaults to local realm\&.

.PP
Give IP's of Domain Controllers for specified \fI DOMAIN\fR\&. Defaults to local domain\&.

.PP
Give IP of master browser for specified \fIDOMAIN\fR or workgroup\&. Defaults to local domain\&.

.SS "CACHE"

.PP
Samba uses a general caching interface called 'gencache'\&. It can be controlled using 'NET CACHE'\&.

.PP
All the timeout parameters support the suffixes: s - Secondsm - Minutesh - Hoursd - Daysw - Weeks 

.PP
Add specified key+data to the cache with the given timeout\&.

.PP
Delete key from the cache\&.

.PP
Update data of existing cache entry\&.

.PP
Search for the specified pattern in the cache data\&.

.PP
List all current items in the cache\&.

.PP
Remove all the current items from the cache\&.

.SS "GETLOCALSID [DOMAIN]"

.PP
Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in\&.

.SS "SETLOCALSID S-1-5-21-x-y-z"

.PP
Sets domain sid for the local server to the specified SID\&.

.SS "GROUPMAP"

.PP
Manage the mappings between Windows group SIDs and UNIX groups\&. Parameters take the for "parameter=value"\&. Common options include:

.TP 3
\(bu
unixgroup - Name of the UNIX group

.TP
\(bu
ntgroup - Name of the Windows NT group (must be resolvable to a SID

.TP
\(bu
rid - Unsigned 32-bit integer

.TP
\(bu
sid - Full SID in the form of "S-1-\&.\&.\&."

.TP
\(bu
type - Type of the group; either 'domain', 'local', or 'builtin'

.TP
\(bu
comment - Freeform text description of the group

.LP

.PP
Add a new group mapping entry

.PP
net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string]

.PP
Delete a group mapping entry

.PP
net groupmap delete {ntgroup=string|sid=SID}

.PP
Update en existing group entry

.PP
net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}

.PP
List existing group mapping entries

.PP
net groupmap list [verbose] [ntgroup=string] [sid=SID]

.SS "MAXRID"

.PP
Prints out the highest RID currently in use on the local server (by the active 'passdb backend')\&.

.SS "RPC INFO"

.PP
Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups\&.

.SS "[RPC|ADS] TESTJOIN"

.PP
Check whether participation in a domain is still valid\&.

.SS "[RPC|ADS] CHANGETRUSTPW"

.PP
Force change of domain trust password\&.

.SS "RPC TRUSTDOM"

.PP
Add a interdomain trust account for \fIDOMAIN\fR to the remote server\&.

.PP
Remove interdomain trust account for \fIDOMAIN\fR from the remote server\&.

.RS
.Sh "Note"

.PP
Currently NOT implemented\&.

.RE

.PP
Establish a trust relationship to a trusting domain\&. Interdomain account must already be created on the remote PDC\&.

.PP
Abandon relationship to trusted domain

.PP
List all current interdomain trust relationships\&.

.SS "RPC ABORTSHUTDOWN"

.PP
Abort the shutdown of a remote server\&.

.SS "SHUTDOWN [-t timeout] [-r] [-f] [-C message]"

.PP
Shut down the remote server\&.

.TP
-r
Reboot after shutdown\&.


.TP
-f
Force shutting down all applications\&.


.TP
-t timeout
Timeout before system will be shut down\&. An interactive user of the system can use this time to cancel the shutdown\&.


.TP
-C message
Display the specified message on the screen to announce the shutdown\&.


.SS "SAMDUMP"

.PP
Print out sam database of remote server\&. You need to run this on either a BDC\&.

.SS "VAMPIRE"

.PP
Export users, aliases and groups from remote server to local server\&. Can only be run an a BDC\&.

.SS "GETSID"

.PP
Fetch domain SID and store it in the local \fIsecrets\&.tdb\fR\&.

.SS "ADS LEAVE"

.PP
Make the remote host leave the domain it is part of\&.

.SS "ADS STATUS"

.PP
Print out status of machine account of the local machine in ADS\&. Prints out quite some debug info\&. Aimed at developers, regular users should use \fBNET ADS TESTJOIN\fR\&.

.SS "ADS PRINTER"

.PP
Lookup info for \fIPRINTER\fR on \fISERVER\fR\&. The printer name defaults to "*", the server name defaults to the local host\&.

.PP
Publish specified printer using ADS\&.

.PP
Remove specified printer from ADS directory\&.

.SS "ADS SEARCH EXPRESSION ATTRIBUTES..."

.PP
Perform a raw LDAP search on a ADS server and dump the results\&. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results\&.

.PP
Example: \fBnet ads search '(objectCategory=group)' sAMAccountName\fR 

.SS "ADS DN DN (attributes)"

.PP
Perform a raw LDAP search on a ADS server and dump the results\&. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result\&.

.PP
Example: \fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR

.SS "WORKGROUP"

.PP
Print out workgroup name for specified kerberos realm\&.

.SS "HELP [COMMAND]"

.PP
Gives usage information for the specified command\&.

.SH "VERSION"

.PP
This man page is complete for version 3\&.0 of the Samba suite\&.

.SH "AUTHOR"

.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

.PP
The net manpage was written by Jelmer Vernooij\&.