This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.

[kai/samba.git] / docs / htmldocs / smbgroupedit.8.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbgroupedit</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBGROUPEDIT"
></A
>smbgroupedit</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbgroupedit&nbsp;--&nbsp;Query/set/change UNIX - Windows NT group mapping</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbroupedit</B
>  [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p privilege|]]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN13"
></A
><H2
>DESCRIPTION</H2
><P
>This program is part of the <A
HREF="samba.7.html"
TARGET="_top"
>Samba</A
>
suite.</P
><P
>The  smbgroupedit  command  allows for mapping unix groups
to NT Builtin, Domain, or Local groups.  Also
allows setting privileges for that group, such as saAddUser,
etc.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN18"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-v[l|s]</DT
><DD
><P
>This option will list all groups available
                in the Windows NT domain in which samba is operating.
                </P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-l</DT
><DD
><P
>give a long listing, of the format:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>"NT Group Name"
    SID            :
    Unix group     :
    Group type     :
    Comment        :
    Privilege      :</PRE
></P
><P
>For examples,</P
><P
><PRE
CLASS="PROGRAMLISTING"
>Users
    SID       : S-1-5-32-545
    Unix group: -1
    Group type: Local group
    Comment   :
    Privilege : No privilege</PRE
></P
></DD
><DT
>-s</DT
><DD
><P
>display a short listing of the format:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>NTGroupName(SID) -&#62; UnixGroupName</PRE
></P
><P
>For example,</P
><P
><PRE
CLASS="PROGRAMLISTING"
>Users (S-1-5-32-545) -&#62; -1</PRE
></P
></DD
></DL
></DIV
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN44"
></A
><H2
>FILES</H2
><P
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN47"
></A
><H2
>EXIT STATUS</H2
><P
><B
CLASS="COMMAND"
>smbgroupedit</B
> returns a status of 0 if the
operation completed successfully, and a value of 1 in the event
of a failure.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN51"
></A
><H2
>EXAMPLES</H2
><P
>To make a subset of your samba PDC users members of
the 'Domain Admins'  Global group:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>create a unix group (usually in
        <TT
CLASS="FILENAME"
>/etc/group</TT
>), let's call it <TT
CLASS="CONSTANT"
>domadm</TT
>.
        </P
></LI
><LI
><P
>add to this group the users that you want to be
        domain administrators. For example if you want joe, john and mary,
        your entry in <TT
CLASS="FILENAME"
>/etc/group</TT
> will look like:
        </P
><P
>domadm:x:502:joe,john,mary</P
></LI
><LI
><P
>map this domadm group to the 'domain admins' group:
        </P
><P
></P
><OL
TYPE="a"
><LI
><P
>Get the SID for the Windows NT "Domain Admins"
                group:</P
><P
><PRE
CLASS="PROGRAMLISTING"
><TT
CLASS="PROMPT"
>root# </TT
><B
CLASS="COMMAND"
>smbgroupedit -vs | grep "Domain Admins"</B
>
Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; -1</PRE
></P
></LI
><LI
><P
>map the unix domadm group to the Windows NT
                "Domain Admins" group, by running the command:
                </P
><P
><PRE
CLASS="PROGRAMLISTING"
><TT
CLASS="PROMPT"
>root# </TT
><B
CLASS="COMMAND"
>smbgroupedit \
-c S-1-5-21-1108995562-3116817432-1375597819-512 \
-u domadm</B
></PRE
></P
><P
>               <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>warning:</I
></SPAN
> don't copy and paste this sample, the
                Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
                </P
></LI
></OL
></LI
></OL
><P
>To verify that your mapping has taken effect:</P
><P
><PRE
CLASS="PROGRAMLISTING"
><TT
CLASS="PROMPT"
>root# </TT
><B
CLASS="COMMAND"
>smbgroupedit -vs|grep "Domain Admins"</B
>
Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; domadm</PRE
></P
><P
>To give access to a certain directory on a domain member machine (an
NT/W2K or a samba server running winbind) to some users who are member
of a group on your samba PDC, flag that group as a domain group:</P
><P
><PRE
CLASS="PROGRAMLISTING"
><TT
CLASS="PROMPT"
>root# </TT
><B
CLASS="COMMAND"
>smbgroupedit -a unixgroup -td</B
></PRE
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN90"
></A
><H2
>VERSION</H2
><P
>This man page is correct for the 3.0alpha releases of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN93"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN97"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
><B
CLASS="COMMAND"
>smbgroupedit</B
> was written by Jean Francois Micouleau.
The current set of manpages and documentation is maintained
by the Samba Team in the same fashion as the Samba source code.</P
></DIV
></BODY
></HTML
>