docs/docbook/manpages/pdbedit.8.sgml

   1 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
   2 <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
   3 ]>
   4 <refentry id="pdbedit">
   5
   6 <refmeta>
   7         <refentrytitle>pdbedit</refentrytitle>
   8         <manvolnum>8</manvolnum>
   9 </refmeta>
  10
  11
  12 <refnamediv>
  13         <refname>pdbedit</refname>
  14         <refpurpose>manage the SAM database</refpurpose>
  15 </refnamediv>
  16
  17 <refsynopsisdiv>
  18         <cmdsynopsis>
  19                 <command>pdbedit</command>
  20                 <arg choice="opt">-l</arg>
  21                 <arg choice="opt">-v</arg>
  22                 <arg choice="opt">-w</arg>
  23                 <arg choice="opt">-u username</arg>
  24                 <arg choice="opt">-f fullname</arg>
  25                 <arg choice="opt">-h homedir</arg>
  26                 <arg choice="opt">-D drive</arg>
  27                 <arg choice="opt">-S script</arg>
  28                 <arg choice="opt">-p profile</arg>
  29                 <arg choice="opt">-a</arg>
  30                 <arg choice="opt">-m</arg>
  31                 <arg choice="opt">-x</arg>
  32                 <arg choice="opt">-i passdb-backend</arg>
  33                 <arg choice="opt">-e passdb-backend</arg>
  34                 <arg choice="opt">-b passdb-backend</arg>
  35                 <arg choice="opt">-d debuglevel</arg>
  36                 <arg choice="opt">-s configfile</arg>
  37                 <arg choice="opt">-P account-policy</arg>
  38                 <arg choice="opt">-V value</arg>
  39         </cmdsynopsis>
  40 </refsynopsisdiv>
  41
  42 <refsect1>
  43         <title>DESCRIPTION</title>
  44
  45         <para>This tool is part of the <ulink url="samba.7.html">
  46         Samba</ulink> suite.</para>
  47
  48         <para>The pdbedit program is used to manage the users accounts
  49         stored in the sam database and can only be run by root.</para>
  50
  51         <para>The pdbedit tool uses the passdb modular interface and is
  52         independent from the kind of users database used (currently there
  53         are smbpasswd, ldap, nis+ and tdb based and more can be added
  54         without changing the tool).</para>
  55
  56         <para>There are five main ways to use pdbedit: adding a user account,
  57         removing a user account, modifing a user account, listing user
  58         accounts, importing users accounts.</para>
  59 </refsect1>
  60
  61 <refsect1>
  62         <title>OPTIONS</title>
  63         <variablelist>
  64                 <varlistentry>
  65                 <term>-l</term>
  66                 <listitem><para>This option lists all the user accounts
  67                 present in the users database.
  68                 This option prints a list of user/uid pairs separated by
  69                 the ':' character.</para>
  70
  71                 <para>Example: <command>pdbedit -l</command></para>
  72                 <para><programlisting>
  73                 sorce:500:Simo Sorce
  74                 samba:45:Test User
  75                 </programlisting></para>
  76                 </listitem>
  77                 </varlistentry>
  78
  79
  80
  81                 <varlistentry>
  82                 <term>-v</term>
  83                 <listitem><para>This option enables the verbose listing format.
  84                 It causes pdbedit to list the users in the database, printing
  85                 out the account fields in a descriptive format.</para>
  86
  87                 <para>Example: <command>pdbedit -l -v</command></para>
  88                 <para><programlisting>
  89                 ---------------
  90                 username:       sorce
  91                 user ID/Group:  500/500
  92                 user RID/GRID:  2000/2001
  93                 Full Name:      Simo Sorce
  94                 Home Directory: \\BERSERKER\sorce
  95                 HomeDir Drive:  H:
  96                 Logon Script:   \\BERSERKER\netlogon\sorce.bat
  97                 Profile Path:   \\BERSERKER\profile
  98                 ---------------
  99                 username:       samba
 100                 user ID/Group:  45/45
 101                 user RID/GRID:  1090/1091
 102                 Full Name:      Test User
 103                 Home Directory: \\BERSERKER\samba
 104                 HomeDir Drive:
 105                 Logon Script:
 106                 Profile Path:   \\BERSERKER\profile
 107                 </programlisting></para>
 108                 </listitem>
 109                 </varlistentry>
 110
 111
 112
 113                 <varlistentry>
 114                 <term>-w</term>
 115                 <listitem><para>This option sets the "smbpasswd" listing format.
 116                 It will make pdbedit list the users in the database, printing
 117                 out the account fields in a format compatible with the
 118                 <filename>smbpasswd</filename> file format. (see the <ulink
 119                 url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink> for details)</para>
 120
 121                 <para>Example: <command>pdbedit -l -w</command></para>
 122                 <para><programlisting>
 123                 sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
 124                 samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
 125                 </programlisting></para>
 126                 </listitem>
 127                 </varlistentry>
 128
 129
 130                 <varlistentry>
 131                 <term>-u username</term>
 132                 <listitem><para>This option specifies the username to be
 133                 used for the operation requested (listing, adding, removing).
 134                 It is <emphasis>required</emphasis> in add, remove and modify
 135                 operations and <emphasis>optional</emphasis> in list
 136                 operations.</para>
 137                 </listitem>
 138                 </varlistentry>
 139
 140
 141
 142                 <varlistentry>
 143                 <term>-f fullname</term>
 144                 <listitem><para>This option can be used while adding or
 145                 modifing a user account. It will specify the user's full
 146                 name. </para>
 147
 148                 <para>Example: <command>-f "Simo Sorce"</command></para>
 149                 </listitem>
 150                 </varlistentry>
 151
 152
 153
 154                 <varlistentry>
 155                 <term>-h homedir</term>
 156                 <listitem><para>This option can be used while adding or
 157                 modifing a user account. It will specify the user's home
 158                 directory network path.</para>
 159
 160                 <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
 161                 </para>
 162                 </listitem>
 163                 </varlistentry>
 164
 165
 166                 <varlistentry>
 167                 <term>-D drive</term>
 168                 <listitem><para>This option can be used while adding or
 169                 modifing a user account. It will specify the windows drive
 170                 letter to be used to map the home directory.</para>
 171
 172                 <para>Example: <command>-d "H:"</command>
 173                 </para>
 174                 </listitem>
 175                 </varlistentry>
 176
 177
 178                 <varlistentry>
 179                 <term>-S script</term>
 180                 <listitem><para>This option can be used while adding or
 181                 modifing a user account. It will specify the user's logon
 182                 script path.</para>
 183
 184                 <para>Example: <command>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
 185                 </para>
 186                 </listitem>
 187                 </varlistentry>
 188
 189
 190                 <varlistentry>
 191                 <term>-p profile</term>
 192                 <listitem><para>This option can be used while adding or
 193                 modifing a user account. It will specify the user's profile
 194                 directory.</para>
 195
 196                 <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
 197                 </para>
 198                 </listitem>
 199                 </varlistentry>
 200
 201
 202                 <varlistentry>
 203                 <term>-a</term>
 204                 <listitem><para>This option is used to add a user into the
 205                 database. This command needs a user name specified with
 206                 the -u switch. When adding a new user, pdbedit will also
 207                 ask for the password to be used.</para>
 208
 209                 <para>Example: <command>pdbedit -a -u sorce</command>
 210                 <programlisting>new password:
 211                 retype new password</programlisting>
 212                 </para>
 213                 </listitem>
 214                 </varlistentry>
 215
 216
 217
 218                 <varlistentry>
 219                 <term>-m</term>
 220                 <listitem><para>This option may only be used in conjunction
 221                 with the <parameter>-a</parameter> option. It will make
 222                 pdbedit to add a machine trust account instead of a user
 223                 account (-u username will provide the machine name).</para>
 224
 225                 <para>Example: <command>pdbedit -a -m -u w2k-wks</command>
 226                 </para>
 227                 </listitem>
 228                 </varlistentry>
 229
 230
 231                 <varlistentry>
 232                 <term>-x</term>
 233                 <listitem><para>This option causes pdbedit to delete an account
 234                 from the database. It needs a username specified with the
 235                 -u switch.</para>
 236
 237                 <para>Example: <command>pdbedit -x -u bob</command></para>
 238                 </listitem>
 239                 </varlistentry>
 240
 241
 242                 <varlistentry>
 243                 <term>-i passdb-backend</term>
 244                 <listitem><para>Use a different passdb backend to retrieve users
 245                 than the one specified in smb.conf. Can be used to import data into
 246                 your local user database.</para>
 247
 248                 <para>This option will ease migration from one passdb backend to
 249                 another.</para>
 250
 251                 <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
 252                 </command></para>
 253                 </listitem>
 254                 </varlistentry>
 255
 256                 <varlistentry>
 257                 <term>-e passdb-backend</term>
 258                 <listitem><para>Exports all currently available users to the
 259                 specified password database backend.</para>
 260
 261                 <para>This option will ease migration from one passdb backend to
 262                 another and will ease backing up.</para>
 263
 264                 <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
 265                 </listitem>
 266                 </varlistentry>
 267
 268                 <varlistentry>
 269                 <term>-b passdb-backend</term>
 270                 <listitem><para>Use a different default passdb backend. </para>
 271
 272                 <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
 273                 </listitem>
 274                 </varlistentry>
 275
 276                 <varlistentry>
 277                 <term>-P account-policy</term>
 278                 <listitem><para>Display an account policy</para>
 279                 <para>Valid policies are: minimum password age, reset count minutes, disconnect time,
 280                 user must logon to change password, password history, lockout duration, min password length,
 281                 maximum password age and bad lockout attempt.</para>
 282
 283                 <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
 284                 <para><programlisting>
 285                 account policy value for bad lockout attempt is 0
 286                 </programlisting></para>
 287
 288                 </listitem>
 289                 </varlistentry>
 290
 291                 <varlistentry>
 292                 <term>-V account-policy-value</term>
 293                 <listitem><para>Sets an account policy to a specified value.
 294                 This option may only be used in conjunction
 295                 with the <parameter>-P</parameter> option.
 296                 </para>
 297
 298                 <para>Example: <command>pdbedit -P "bad lockout attempt" -V 3</command></para>
 299                 <para><programlisting>
 300                 account policy value for bad lockout attempt was 0
 301                 account policy value for bad lockout attempt is now 3
 302                 </programlisting></para>
 303                 </listitem>
 304                 </varlistentry>
 305
 306                 &stdarg.debuglevel;
 307                 &stdarg.help;
 308                 &stdarg.configfile;
 309
 310         </variablelist>
 311 </refsect1>
 312
 313
 314 <refsect1>
 315         <title>NOTES</title>
 316
 317         <para>This command may be used only by root.</para>
 318 </refsect1>
 319
 320
 321 <refsect1>
 322         <title>VERSION</title>
 323
 324         <para>This man page is correct for version 2.2 of
 325         the Samba suite.</para>
 326 </refsect1>
 327
 328 <refsect1>
 329         <title>SEE ALSO</title>
 330         <para><ulink url="smbpasswd.8.html">smbpasswd(8)</ulink>,
 331         <ulink url="samba.7.html">samba(7)</ulink>
 332         </para>
 333 </refsect1>
 334
 335 <refsect1>
 336         <title>AUTHOR</title>
 337
 338         <para>The original Samba software and related utilities
 339         were created by Andrew Tridgell. Samba is now developed
 340         by the Samba Team as an Open Source project similar
 341         to the way the Linux kernel is developed.</para>
 342
 343         <para>The original Samba man pages were written by Karl Auer.
 344         The man page sources were converted to YODL format (another
 345         excellent piece of Open Source software, available at
 346         <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
 347         ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
 348         release by Jeremy Allison.  The conversion to DocBook for
 349         Samba 2.2 was done by Gerald Carter</para>
 350 </refsect1>
 351
 352 </refentry>