1 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
2 <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
4 <refentry id="pdbedit">
7 <refentrytitle>pdbedit</refentrytitle>
8 <manvolnum>8</manvolnum>
13 <refname>pdbedit</refname>
14 <refpurpose>manage the SAM database</refpurpose>
19 <command>pdbedit</command>
20 <arg choice="opt">-l</arg>
21 <arg choice="opt">-v</arg>
22 <arg choice="opt">-w</arg>
23 <arg choice="opt">-u username</arg>
24 <arg choice="opt">-f fullname</arg>
25 <arg choice="opt">-h homedir</arg>
26 <arg choice="opt">-D drive</arg>
27 <arg choice="opt">-S script</arg>
28 <arg choice="opt">-p profile</arg>
29 <arg choice="opt">-a</arg>
30 <arg choice="opt">-m</arg>
31 <arg choice="opt">-x</arg>
32 <arg choice="opt">-i passdb-backend</arg>
33 <arg choice="opt">-e passdb-backend</arg>
34 <arg choice="opt">-b passdb-backend</arg>
35 <arg choice="opt">-d debuglevel</arg>
36 <arg choice="opt">-s configfile</arg>
37 <arg choice="opt">-P account-policy</arg>
38 <arg choice="opt">-V value</arg>
43 <title>DESCRIPTION</title>
45 <para>This tool is part of the <ulink url="samba.7.html">
46 Samba</ulink> suite.</para>
48 <para>The pdbedit program is used to manage the users accounts
49 stored in the sam database and can only be run by root.</para>
51 <para>The pdbedit tool uses the passdb modular interface and is
52 independent from the kind of users database used (currently there
53 are smbpasswd, ldap, nis+ and tdb based and more can be added
54 without changing the tool).</para>
56 <para>There are five main ways to use pdbedit: adding a user account,
57 removing a user account, modifing a user account, listing user
58 accounts, importing users accounts.</para>
62 <title>OPTIONS</title>
66 <listitem><para>This option lists all the user accounts
67 present in the users database.
68 This option prints a list of user/uid pairs separated by
69 the ':' character.</para>
71 <para>Example: <command>pdbedit -l</command></para>
72 <para><programlisting>
75 </programlisting></para>
83 <listitem><para>This option enables the verbose listing format.
84 It causes pdbedit to list the users in the database, printing
85 out the account fields in a descriptive format.</para>
87 <para>Example: <command>pdbedit -l -v</command></para>
88 <para><programlisting>
91 user ID/Group: 500/500
92 user RID/GRID: 2000/2001
94 Home Directory: \\BERSERKER\sorce
96 Logon Script: \\BERSERKER\netlogon\sorce.bat
97 Profile Path: \\BERSERKER\profile
101 user RID/GRID: 1090/1091
103 Home Directory: \\BERSERKER\samba
106 Profile Path: \\BERSERKER\profile
107 </programlisting></para>
115 <listitem><para>This option sets the "smbpasswd" listing format.
116 It will make pdbedit list the users in the database, printing
117 out the account fields in a format compatible with the
118 <filename>smbpasswd</filename> file format. (see the <ulink
119 url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink> for details)</para>
121 <para>Example: <command>pdbedit -l -w</command></para>
122 <para><programlisting>
123 sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
124 samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
125 </programlisting></para>
131 <term>-u username</term>
132 <listitem><para>This option specifies the username to be
133 used for the operation requested (listing, adding, removing).
134 It is <emphasis>required</emphasis> in add, remove and modify
135 operations and <emphasis>optional</emphasis> in list
143 <term>-f fullname</term>
144 <listitem><para>This option can be used while adding or
145 modifing a user account. It will specify the user's full
148 <para>Example: <command>-f "Simo Sorce"</command></para>
155 <term>-h homedir</term>
156 <listitem><para>This option can be used while adding or
157 modifing a user account. It will specify the user's home
158 directory network path.</para>
160 <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
167 <term>-D drive</term>
168 <listitem><para>This option can be used while adding or
169 modifing a user account. It will specify the windows drive
170 letter to be used to map the home directory.</para>
172 <para>Example: <command>-d "H:"</command>
179 <term>-S script</term>
180 <listitem><para>This option can be used while adding or
181 modifing a user account. It will specify the user's logon
184 <para>Example: <command>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
191 <term>-p profile</term>
192 <listitem><para>This option can be used while adding or
193 modifing a user account. It will specify the user's profile
196 <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
204 <listitem><para>This option is used to add a user into the
205 database. This command needs a user name specified with
206 the -u switch. When adding a new user, pdbedit will also
207 ask for the password to be used.</para>
209 <para>Example: <command>pdbedit -a -u sorce</command>
210 <programlisting>new password:
211 retype new password</programlisting>
220 <listitem><para>This option may only be used in conjunction
221 with the <parameter>-a</parameter> option. It will make
222 pdbedit to add a machine trust account instead of a user
223 account (-u username will provide the machine name).</para>
225 <para>Example: <command>pdbedit -a -m -u w2k-wks</command>
233 <listitem><para>This option causes pdbedit to delete an account
234 from the database. It needs a username specified with the
237 <para>Example: <command>pdbedit -x -u bob</command></para>
243 <term>-i passdb-backend</term>
244 <listitem><para>Use a different passdb backend to retrieve users
245 than the one specified in smb.conf. Can be used to import data into
246 your local user database.</para>
248 <para>This option will ease migration from one passdb backend to
251 <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
257 <term>-e passdb-backend</term>
258 <listitem><para>Exports all currently available users to the
259 specified password database backend.</para>
261 <para>This option will ease migration from one passdb backend to
262 another and will ease backing up.</para>
264 <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
269 <term>-b passdb-backend</term>
270 <listitem><para>Use a different default passdb backend. </para>
272 <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
277 <term>-P account-policy</term>
278 <listitem><para>Display an account policy</para>
279 <para>Valid policies are: minimum password age, reset count minutes, disconnect time,
280 user must logon to change password, password history, lockout duration, min password length,
281 maximum password age and bad lockout attempt.</para>
283 <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
284 <para><programlisting>
285 account policy value for bad lockout attempt is 0
286 </programlisting></para>
292 <term>-V account-policy-value</term>
293 <listitem><para>Sets an account policy to a specified value.
294 This option may only be used in conjunction
295 with the <parameter>-P</parameter> option.
298 <para>Example: <command>pdbedit -P "bad lockout attempt" -V 3</command></para>
299 <para><programlisting>
300 account policy value for bad lockout attempt was 0
301 account policy value for bad lockout attempt is now 3
302 </programlisting></para>
317 <para>This command may be used only by root.</para>
322 <title>VERSION</title>
324 <para>This man page is correct for version 2.2 of
325 the Samba suite.</para>
329 <title>SEE ALSO</title>
330 <para><ulink url="smbpasswd.8.html">smbpasswd(8)</ulink>,
331 <ulink url="samba.7.html">samba(7)</ulink>
336 <title>AUTHOR</title>
338 <para>The original Samba software and related utilities
339 were created by Andrew Tridgell. Samba is now developed
340 by the Samba Team as an Open Source project similar
341 to the way the Linux kernel is developed.</para>
343 <para>The original Samba man pages were written by Karl Auer.
344 The man page sources were converted to YODL format (another
345 excellent piece of Open Source software, available at
346 <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
347 ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
348 release by Jeremy Allison. The conversion to DocBook for
349 Samba 2.2 was done by Gerald Carter</para>