docs-xml/manpages/samba-tool.8.xml

   1 <?xml version="1.0" encoding="iso-8859-1"?>
   2 <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
   3 <refentry id="samba-tool.8">
   4
   5 <refmeta>
   6         <refentrytitle>samba-tool</refentrytitle>
   7         <manvolnum>8</manvolnum>
   8         <refmiscinfo class="source">Samba</refmiscinfo>
   9         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
  10         <refmiscinfo class="version">4.1</refmiscinfo>
  11 </refmeta>
  12
  13
  14 <refnamediv>
  15         <refname>samba-tool</refname>
  16         <refpurpose>Main Samba administration tool.
  17         </refpurpose>
  18 </refnamediv>
  19
  20 <refsynopsisdiv>
  21         <cmdsynopsis>
  22                 <command>samba-tool</command>
  23                 <arg choice="opt">-h</arg>
  24                 <arg choice="opt">-W myworkgroup</arg>
  25                 <arg choice="opt">-U user</arg>
  26                 <arg choice="opt">-d debuglevel</arg>
  27                 <arg choice="opt">--v</arg>
  28         </cmdsynopsis>
  29 </refsynopsisdiv>
  30
  31 <refsect1>
  32         <title>DESCRIPTION</title>
  33         <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
  34         <manvolnum>7</manvolnum></citerefentry> suite.</para>
  35 </refsect1>
  36
  37 <refsect1>
  38         <title>OPTIONS</title>
  39
  40         <variablelist>
  41
  42         <varlistentry>
  43         <term>-h|--help</term>
  44         <listitem><para>
  45         Show this help message and exit
  46         </para></listitem>
  47         </varlistentry>
  48
  49         <varlistentry>
  50         <term>--realm=REALM</term>
  51         <listitem><para>
  52         Set the realm name
  53         </para></listitem>
  54         </varlistentry>
  55
  56         <varlistentry>
  57         <term>--simple-bind-dn=DN</term>
  58         <listitem><para>
  59         DN to use for a simple bind
  60         </para></listitem>
  61         </varlistentry>
  62
  63         <varlistentry>
  64         <term>--password=PASSWORD</term>
  65         <listitem><para>
  66         Password
  67         </para></listitem>
  68         </varlistentry>
  69
  70         <varlistentry>
  71         <term>-U USERNAME|--username=USERNAME</term>
  72         <listitem><para>
  73         Username
  74         </para></listitem>
  75         </varlistentry>
  76
  77         <varlistentry>
  78         <term>-W WORKGROUP|--workgroup=WORKGROUP</term>
  79         <listitem><para>
  80         Workgroup
  81         </para></listitem>
  82         </varlistentry>
  83
  84         <varlistentry>
  85         <term>-N|--no-pass</term>
  86         <listitem><para>
  87         Don't ask for a password
  88         </para></listitem>
  89         </varlistentry>
  90
  91         <varlistentry>
  92         <term>-k KERBEROS|--kerberos=KERBEROS</term>
  93         <listitem><para>
  94         Use Kerberos
  95         </para></listitem>
  96         </varlistentry>
  97
  98         <varlistentry>
  99         <term>--ipaddress=IPADDRESS</term>
 100         <listitem><para>
 101         IP address of the server
 102         </para></listitem>
 103         </varlistentry>
 104
 105         &popt.common.samba.client;
 106
 107         </variablelist>
 108 </refsect1>
 109
 110 <refsect1>
 111 <title>COMMANDS</title>
 112
 113 <refsect2>
 114         <title>dbcheck</title>
 115         <para>Check the local AD database for errors.</para>
 116 </refsect2>
 117
 118 <refsect2>
 119         <title>delegation</title>
 120         <para>Manage Delegations.</para>
 121 </refsect2>
 122
 123 <refsect3>
 124         <title>delegation add-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
 125         <para>Add a service principal as msDS-AllowedToDelegateTo.</para>
 126 </refsect3>
 127
 128 <refsect3>
 129         <title>delegation del-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
 130         <para>Delete a service principal as msDS-AllowedToDelegateTo.</para>
 131 </refsect3>
 132
 133 <refsect3>
 134         <title>delegation for-any-protocol <replaceable>accountname</replaceable> [(on|off)] [options]</title>
 135         <para>Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy)
 136         for an account.</para>
 137 </refsect3>
 138
 139 <refsect3>
 140         <title>delegation for-any-service <replaceable>accountname</replaceable> [(on|off)] [options]</title>
 141         <para>Set/unset UF_TRUSTED_FOR_DELEGATION for an account.</para>
 142 </refsect3>
 143
 144 <refsect3>
 145         <title>delegation show <replaceable>accountname</replaceable> [options] </title>
 146         <para>Show the delegation setting of an account.</para>
 147 </refsect3>
 148
 149 <refsect2>
 150         <title>dns</title>
 151         <para>Manage Domain Name Service (DNS).</para>
 152 </refsect2>
 153
 154 <refsect3>
 155         <title>dns add <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
 156         <para>Add a DNS record.</para>
 157 </refsect3>
 158
 159 <refsect3>
 160         <title>dns delete <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
 161         <para>Delete a DNS record.</para>
 162 </refsect3>
 163
 164 <refsect3>
 165         <title>dns query <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL</replaceable> [options] <replaceable>data</replaceable></title>
 166         <para>Query a name.</para>
 167 </refsect3>
 168
 169 <refsect3>
 170         <title>dns roothints <replaceable>server</replaceable> [<replaceable>name</replaceable>] [options]</title>
 171         <para>Query root hints.</para>
 172 </refsect3>
 173
 174 <refsect3>
 175         <title>dns serverinfo <replaceable>server</replaceable> [options]</title>
 176         <para>Query server information.</para>
 177 </refsect3>
 178
 179 <refsect3>
 180         <title>dns update <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>olddata</replaceable> <replaceable>newdata</replaceable></title>
 181         <para>Update a DNS record.</para>
 182 </refsect3>
 183
 184 <refsect3>
 185         <title>dns zonecreate <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 186         <para>Create a zone.</para>
 187 </refsect3>
 188
 189 <refsect3>
 190         <title>dns zonedelete <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 191         <para>Delete a zone.</para>
 192 </refsect3>
 193
 194 <refsect3>
 195         <title>dns zoneinfo <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 196         <para>Query zone information.</para>
 197 </refsect3>
 198
 199 <refsect3>
 200         <title>dns zonelist <replaceable>server</replaceable> [options]</title>
 201         <para>List zones.</para>
 202 </refsect3>
 203
 204 <refsect2>
 205         <title>domain</title>
 206         <para>Manage Domain.</para>
 207 </refsect2>
 208
 209 <refsect3>
 210         <title>domain classicupgrade [options] <replaceable>classic_smb_conf</replaceable></title>
 211         <para>Upgrade from Samba classic (NT4-like) database to Samba AD DC
 212         database.</para>
 213 </refsect3>
 214
 215 <refsect3>
 216         <title>domain dcpromo <replaceable>dnsdomain</replaceable> [DC|RODC] [options]</title>
 217         <para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
 218 </refsect3>
 219
 220 <refsect3>
 221         <title>domain demote</title>
 222         <para>Demote ourselves from the role of domain controller.</para>
 223 </refsect3>
 224
 225 <refsect3>
 226         <title>domain exportkeytab <replaceable>keytab</replaceable> [options]</title>
 227         <para>Dumps Kerberos keys of the domain into a keytab.</para>
 228 </refsect3>
 229
 230 <refsect3>
 231         <title>domain info <replaceable>ip_address</replaceable> [options]</title>
 232         <para>Print basic info about a domain and the specified DC.
 233 </para>
 234 </refsect3>
 235
 236 <refsect3>
 237         <title>domain join <replaceable>dnsdomain</replaceable> [DC|RODC|MEMBER|SUBDOMAIN] [options]</title>
 238         <para>Join a domain as either member or backup domain controller.</para>
 239 </refsect3>
 240
 241 <refsect3>
 242         <title>domain level <replaceable>show|raise</replaceable> <replaceable>options</replaceable> [options]</title>
 243         <para>Show/raise domain and forest function levels.</para>
 244 </refsect3>
 245
 246 <refsect3>
 247         <title>domain passwordsettings <replaceable>show|set</replaceable> <replaceable>options</replaceable> [options]</title>
 248         <para>Show/set password settings.</para>
 249 </refsect3>
 250
 251 <refsect3>
 252         <title>domain provision</title>
 253         <para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
 254 </refsect3>
 255
 256 <refsect2>
 257         <title>drs</title>
 258         <para>Manage Directory Replication Services (DRS).</para>
 259 </refsect2>
 260
 261 <refsect3>
 262         <title>drs bind</title>
 263         <para>Show DRS capabilities of a server.</para>
 264 </refsect3>
 265
 266 <refsect3>
 267         <title>drs kcc</title>
 268         <para>Trigger knowledge consistency center run.</para>
 269 </refsect3>
 270
 271 <refsect3>
 272         <title>drs options</title>
 273         <para>Query or change <replaceable>options</replaceable> for NTDS Settings
 274         object of a domain controller.</para>
 275 </refsect3>
 276
 277 <refsect3>
 278         <title>drs replicate <replaceable>destination_DC</replaceable> <replaceable>source_DC</replaceable> <replaceable>NC</replaceable> [options]</title>
 279         <para>Replicate a naming context between two DCs.</para>
 280 </refsect3>
 281
 282 <refsect3>
 283         <title>drs showrepl</title>
 284         <para>Show replication status.</para>
 285 </refsect3>
 286
 287 <refsect2>
 288         <title>dsacl</title>
 289         <para>Administer DS ACLs</para>
 290 </refsect2>
 291
 292 <refsect3>
 293         <title>dsacl set</title>
 294         <para>Modify access list on a directory object.</para>
 295 </refsect3>
 296
 297 <refsect2>
 298         <title>fsmo</title>
 299         <para>Manage Flexible Single Master Operations (FSMO).</para>
 300 </refsect2>
 301
 302 <refsect3>
 303         <title>fsmo seize [options]</title>
 304         <para>Seize the role.</para>
 305 </refsect3>
 306
 307 <refsect3>
 308         <title>fsmo show</title>
 309         <para>Show the roles.</para>
 310 </refsect3>
 311
 312 <refsect3>
 313         <title>fsmo transfer [options]</title>
 314         <para>Transfer the role.</para>
 315 </refsect3>
 316
 317 <refsect2>
 318         <title>gpo</title>
 319         <para>Manage Group Policy Objects (GPO).</para>
 320 </refsect2>
 321
 322 <refsect3>
 323         <title>gpo create <replaceable>displayname</replaceable> [options]</title>
 324         <para>Create an empty GPO.</para>
 325 </refsect3>
 326
 327 <refsect3>
 328         <title>gpo del <replaceable>gpo</replaceable> [options]</title>
 329         <para>Delete GPO.</para>
 330 </refsect3>
 331
 332 <refsect3>
 333         <title>gpo dellink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
 334         <para>Delete GPO link from a container.</para>
 335 </refsect3>
 336
 337 <refsect3>
 338         <title>gpo fetch <replaceable>gpo</replaceable> [options]</title>
 339         <para>Download a GPO.</para>
 340 </refsect3>
 341
 342 <refsect3>
 343         <title>gpo getinheritance <replaceable>container_dn</replaceable> [options]</title>
 344         <para>Get inheritance flag for a container.</para>
 345 </refsect3>
 346
 347 <refsect3>
 348         <title>gpo getlink <replaceable>container_dn</replaceable> [options]</title>
 349         <para>List GPO Links for a container.</para>
 350 </refsect3>
 351
 352 <refsect3>
 353         <title>gpo list <replaceable>username</replaceable> [options]</title>
 354         <para>List GPOs for an account.</para>
 355 </refsect3>
 356
 357 <refsect3>
 358         <title>gpo listall</title>
 359         <para>List all GPOs.</para>
 360 </refsect3>
 361
 362 <refsect3>
 363         <title>gpo listcontainers <replaceable>gpo</replaceable> [options]</title>
 364         <para>List all linked containers for a GPO.</para>
 365 </refsect3>
 366
 367 <refsect3>
 368         <title>gpo setinheritance <replaceable>container_dn</replaceable> <replaceable>block|inherit</replaceable> [options]</title>
 369         <para>Set inheritance flag on a container.</para>
 370 </refsect3>
 371
 372 <refsect3>
 373         <title>gpo setlink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
 374         <para>Add or Update a GPO link to a container.</para>
 375 </refsect3>
 376
 377 <refsect3>
 378         <title>gpo show <replaceable>gpo</replaceable> [options]</title>
 379         <para>Show information for a GPO.</para>
 380 </refsect3>
 381
 382 <refsect2>
 383         <title>group</title>
 384         <para>Manage groups.</para>
 385 </refsect2>
 386
 387 <refsect3>
 388         <title>group add <replaceable>groupname</replaceable> [options]</title>
 389         <para>Create a new AD group.</para>
 390 </refsect3>
 391
 392 <refsect3>
 393         <title>group addmembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
 394         <para>Add members to an AD group.</para>
 395 </refsect3>
 396
 397 <refsect3>
 398         <title>group delete <replaceable>groupname</replaceable> [options]</title>
 399         <para>Delete an AD group.</para>
 400 </refsect3>
 401
 402 <refsect3>
 403         <title>group list</title>
 404         <para>List all groups.</para>
 405 </refsect3>
 406
 407 <refsect3>
 408         <title>group listmembers <replaceable>groupname</replaceable> [options]</title>
 409         <para>List all members of the specified AD group.</para>
 410 </refsect3>
 411
 412 <refsect3>
 413         <title>group removemembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
 414         <para>Remove members from the specified AD group.</para>
 415 </refsect3>
 416
 417 <refsect2>
 418         <title>ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] </title>
 419         <para>Compare two LDAP databases.</para>
 420 </refsect2>
 421
 422 <refsect2>
 423         <title>ntacl</title>
 424         <para>Manage NT ACLs.</para>
 425 </refsect2>
 426
 427 <refsect3>
 428         <title>ntacl get <replaceable>file</replaceable> [options]</title>
 429         <para>Get ACLs on a file.</para>
 430 </refsect3>
 431
 432 <refsect3>
 433         <title>ntacl set <replaceable>acl</replaceable> <replaceable>file</replaceable> [options]</title>
 434         <para>Set ACLs on a file.</para>
 435 </refsect3>
 436
 437 <refsect3>
 438         <title>ntacl sysvolcheck</title>
 439         <para>Check sysvol ACLs match defaults (including correct ACLs on GPOs).</para>
 440 </refsect3>
 441
 442 <refsect3>
 443         <title>ntacl sysvolreset</title>
 444         <para>Reset sysvol ACLs to defaults (including correct ACLs on GPOs).</para>
 445 </refsect3>
 446
 447 <refsect2>
 448         <title>rodc</title>
 449         <para>Manage Read-Only Domain Controller (RODC).</para>
 450 </refsect2>
 451
 452 <refsect3>
 453         <title>rodc preload <replaceable>SID</replaceable>|<replaceable>DN</replaceable>|<replaceable>accountname</replaceable> [options]</title>
 454         <para>Preload one account for an RODC.</para>
 455 </refsect3>
 456
 457 <refsect2>
 458         <title>sites</title>
 459         <para>Manage sites.</para>
 460 </refsect2>
 461
 462 <refsect3>
 463         <title>sites create <replaceable>site</replaceable> [options]</title>
 464         <para>Create a new site.</para>
 465 </refsect3>
 466
 467 <refsect3>
 468         <title>sites remove <replaceable>site</replaceable> [options]</title>
 469         <para>Delete an esxisting site.</para>
 470 </refsect3>
 471
 472 <refsect2>
 473         <title>spn</title>
 474         <para>Manage Service Principal Names (SPN).</para>
 475 </refsect2>
 476
 477 <refsect3>
 478         <title>spn add <replaceable>name</replaceable> <replaceable>user</replaceable> [options]</title>
 479         <para>Create a new SPN.</para>
 480 </refsect3>
 481
 482 <refsect3>
 483         <title>spn delete <replaceable>name</replaceable> [<replaceable>user</replaceable>] [options]</title>
 484         <para>Delete an existing SPN.</para>
 485 </refsect3>
 486
 487 <refsect3>
 488         <title>spn list <replaceable>user</replaceable> [options]</title>
 489         <para>List SPNs of a given user.</para>
 490 </refsect3>
 491
 492 <refsect2>
 493         <title>testparm</title>
 494         <para>Check the syntax of the configuration file.</para>
 495 </refsect2>
 496
 497 <refsect2>
 498         <title>time</title>
 499         <para>Retrieve the time on a server.</para>
 500 </refsect2>
 501
 502 <refsect2>
 503         <title>user</title>
 504         <para>Manage users.</para>
 505 </refsect2>
 506
 507 <refsect3>
 508         <title>user add <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
 509         <para>Create a new user. Please note that this subcommand is deprecated
 510         and available for compatibility reasons only. Please use
 511         <command>samba-tool user create</command> instead.</para>
 512 </refsect3>
 513
 514 <refsect3>
 515         <title>user create <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
 516         <para>Create a new user in the Active Directory Domain.</para>
 517 </refsect3>
 518
 519 <refsect3>
 520         <title>user delete <replaceable>username</replaceable> [options]</title>
 521         <para>Delete an existing user account.</para>
 522 </refsect3>
 523
 524 <refsect3>
 525         <title>user disable <replaceable>username</replaceable></title>
 526         <para>Disable an user account.</para>
 527 </refsect3>
 528
 529 <refsect3>
 530         <title>user enable <replaceable>username</replaceable></title>
 531         <para>Enable an user account.</para>
 532 </refsect3>
 533
 534 <refsect3>
 535         <title>user list</title>
 536         <para>List all users.</para>
 537 </refsect3>
 538
 539 <refsect3>
 540         <title>user password [options]</title>
 541         <para>Change password for an user account (the one provided in
 542         authentication).</para>
 543 </refsect3>
 544
 545 <refsect3>
 546         <title>user setexpiry <replaceable>username</replaceable> [options]</title>
 547         <para>Set the expiration of an user account.</para>
 548 </refsect3>
 549
 550 <refsect3>
 551         <title>user setpassword <replaceable>username</replaceable> [options]</title>
 552         <para>Sets or resets the password of an user account.</para>
 553 </refsect3>
 554
 555 <refsect2>
 556         <title>vampire [options] <replaceable>domain</replaceable></title>
 557         <para>Join and synchronise a remote AD domain to the local server.
 558         Please note that <command>samba-tool vampire</command> is deprecated,
 559         please use <command>samba-tool domain join</command> instead.</para>
 560 </refsect2>
 561
 562 <refsect2>
 563 <title>help</title>
 564 <para>Gives usage information.</para>
 565 </refsect2>
 566
 567 </refsect1>
 568
 569 <refsect1>
 570         <title>VERSION</title>
 571
 572         <para>This man page is complete for version 4 of the Samba
 573         suite.</para>
 574 </refsect1>
 575
 576 <refsect1>
 577         <title>AUTHOR</title>
 578
 579         <para>The original Samba software and related utilities
 580         were created by Andrew Tridgell. Samba is now developed
 581         by the Samba Team as an Open Source project similar
 582         to the way the Linux kernel is developed.</para>
 583
 584         <para>The samba-tool manpage was written by Karolin Seeger.</para>
 585 </refsect1>
 586
 587 </refentry>