diff options
Diffstat (limited to 'usr/src/man/man1m/smbadm.1m')
| -rw-r--r-- | usr/src/man/man1m/smbadm.1m | 461 |
1 files changed, 0 insertions, 461 deletions
diff --git a/usr/src/man/man1m/smbadm.1m b/usr/src/man/man1m/smbadm.1m deleted file mode 100644 index 10da14181f..0000000000 --- a/usr/src/man/man1m/smbadm.1m +++ /dev/null @@ -1,461 +0,0 @@ -.\" -.\" The contents of this file are subject to the terms of the -.\" Common Development and Distribution License (the "License"). -.\" You may not use this file except in compliance with the License. -.\" -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -.\" or http://www.opensolaris.org/os/licensing. -.\" See the License for the specific language governing permissions -.\" and limitations under the License. -.\" -.\" When distributing Covered Code, include this CDDL HEADER in each -.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE. -.\" If applicable, add the following below this CDDL HEADER, with the -.\" fields enclosed by brackets "[]" replaced with your own identifying -.\" information: Portions Copyright [yyyy] [name of copyright owner] -.\" -.\" -.\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved. -.\" Copyright 2019 Nexenta by DDN, Inc. All rights reserved. -.\" -.Dd June 6, 2019 -.Dt SMBADM 1M -.Os -.Sh NAME -.Nm smbadm -.Nd configure and manage SMB local groups and users, and manage domain -membership -.Sh SYNOPSIS -.Nm -.Cm create -.Op Fl d Ar description -.Ar group -.Nm -.Cm delete -.Ar group -.Nm -.Cm rename -.Ar group new-group -.Nm -.Cm show -.Op Fl mp -.Op Ar group -.Nm -.Cm get -.Oo Fl p Ar property Oc Ns ... -.Ar group -.Nm -.Cm set -.Fl p Ar property Ns = Ns Ar value -.Oo Fl p Ar property Ns = Ns Ar value Oc Ns ... -.Ar group -.Nm -.Cm add-member -.Fl m Ar member Oo Fl m Ar member Oc Ns ... -.Ar group -.Nm -.Cm remove-member -.Fl m Ar member Oo Fl m Ar member Oc Ns ... -.Ar group -.Nm -.Cm delete-user -.Ar username -.Nm -.Cm disable-user -.Ar username -.Nm -.Cm enable-user -.Ar username -.Nm -.Cm join -.Op Fl y -.Fl u Ar username -.Ar domain -.Nm -.Cm join -.Op Fl y -.Fl w Ar workgroup -.Nm -.Cm list -.Nm -.Cm lookup -.Ar account-name Oo Ar account-name Oc Ns ... -.Sh DESCRIPTION -The -.Nm -command is used to configure SMB local groups and users, and to manage domain -membership. -You can also use the -.Nm -command to enable or disable SMB password generation for individual local users. -.Pp -SMB local groups can be used when Windows accounts must be members of some local -groups and when Windows style privileges must be granted. -System local groups cannot provide these functions. -.Pp -There are two types of local groups: user defined and built-in. -Built-in local groups are predefined local groups to support common -administration tasks. -.Pp -In order to provide proper identity mapping between SMB local groups and -system groups, a SMB local group must have a corresponding system group. -This requirement has two consequences: first, the group name must conform to the -intersection of the Windows and system group name rules. -Thus, a SMB local group name can be up to eight (8) characters long and contain -only lowercase characters and numbers. -Second, a system local group has to be created before a SMB local group can -be created. -.Pp -Built-in groups are standard Windows groups and are predefined by the SMB -service. -The built-in groups cannot be added, removed, or renamed, and these groups do -not follow the SMB local group naming conventions. -.Pp -When the SMB server is started, the following built-in groups are available: -.Bl -tag -width "Backup Operators" -.It Sy Administrators -Group members can administer the system. -.It Sy Backup Operators -Group members can bypass file access controls to back up and restore files. -.It Sy Power Users -Group members can share directories. -.El -.Pp -System local users must have an SMB password for authentication and to gain -access to SMB resources. -This password is created by using the -.Xr passwd 1 -command when the -.Sy pam_smb_password -module is added to the system's PAM configuration. -See the -.Xr pam_smb_passwd 5 -man page. -.Pp -The -.Cm disable-user -and -.Cm enable-user -subcommands control SMB password-generation for a specified local user. -When disabled, the user is prevented from connecting to the SMB service. -By default, SMB password-generation is enabled for all local users. -.Pp -To reenable a disabled user, you must use the -.Cm enable-user -subcommand and then reset the user's password by using the -.Nm passwd -command. -The -.Pa pam_smb_passwd.so.1 -module must be added to the system's PAM configuration to generate an SMB -password. -.Ss Escaping Backslash Character -For the -.Cm add-member , -.Cm remove-member , -and -.Cm join -.Po with -.Fl u -.Pc -subcommands, the backslash character -.Pq Qq \e -is a valid separator between member or user names and domain names. -The backslash character is a shell special character and must be quoted. -For example, you might escape the backslash character with another backslash -character: -.Ar domain Ns \e\e Ns Ar username . -For more information about handling shell special characters, see the man page -for your shell. -.Sh OPERANDS -The -.Nm -command uses the following operands: -.Bl -tag -width "username" -.It Ar domain -Specifies the name of an existing Windows domain to join. -.It Ar group -Specifies the name of the SMB local group. -.It Ar username -Specifies the name of a system local user. -.El -.Sh SUBCOMMANDS -The -.Nm -command includes these subcommands: -.Bl -tag -width Ds -.It Xo -.Cm create -.Op Fl d Ar description -.Ar group -.Xc -Creates a SMB local group with the specified name. -You can optionally specify a description of the group by using the -.Fl d -option. -.It Xo -.Cm delete -.Ar group -.Xc -Deletes the specified SMB local group. -The built-in groups cannot be deleted. -.It Xo -.Cm rename -.Ar group new-group -.Xc -Renames the specified SMB local group. -The group must already exist. -The built-in groups cannot be renamed. -.It Xo -.Cm show -.Op Fl mp -.Op Ar group -.Xc -Shows information about the specified SMB local group or groups. -If no group is specified, information is shown for all groups. -If the -.Fl m -option is specified, the group members are also shown. -If the -.Fl p -option is specified, the group privileges are also shown. -.It Xo -.Cm get -.Oo Fl p Ar property Ns = Ns Ar value Oc Ns ... -.Ar group -.Xc -Retrieves property values for the specified group. -If no property is specified, all property values are shown. -.It Xo -.Cm set -.Fl p Ar property Ns = Ns Ar value -.Oo Fl p Ar property Ns = Ns Ar value Oc Ns ... -.Ar group -.Xc -Sets configuration properties for a SMB local group. -The description and the privileges for the built-in groups cannot be changed. -.Pp -The -.Fl p Ar property Ns = Ns Ar value -option specifies the list of properties to be set on the specified group. -.Pp -The group-related properties are as follows: -.Bl -tag -width Ds -.It Cm backup Ns = Ns Cm on Ns | Ns Cm off -Specifies whether members of the SMB local group can bypass file access controls -to back up file system objects. -.It Cm description Ns = Ns Ar description-text -Specifies a text description for the SMB local group. -.It Cm restore Ns = Ns Cm on Ns | Ns Cm off -Specifies whether members of the SMB local group can bypass file access controls -to restore file system objects. -.It Cm take-ownership Ns = Ns Cm on Ns | Ns Cm off -Specifies whether members of the SMB local group can take ownership of file -system objects. -.It Cm bypass-read Ns = Ns Cm on Ns | Ns Cm off -Specifies whether members of the SMB local group can always bypass Read access controls. -.It Cm bypass-write Ns = Ns Cm on Ns | Ns Cm off -Specifies whether members of the SMB local group can always bypass Write and Delete access controls. -.El -.It Xo -.Cm add-member -.Fl m Ar member Oo Fl m Ar member Oc Ns ... -.Ar group -.Xc -Adds the specified member to the specified SMB local group. -The -.Fl m Ar member -option specifies the name of a SMB local group member. -The member name must include an existing user name and an optional domain name. -.Pp -Specify the member name in either of the following formats: -.Bd -literal -offset indent -[domain\e]username -[domain/]username -.Ed -.Pp -For example, a valid member name might be -.Sy sales\eterry -or -.Sy sales/terry , -where -.Sy sales -is the Windows domain name and -.Sy terry -is the name of a user in the -.Sy sales -domain. -.It Xo -.Cm remove-member -.Fl m Ar member Oo Fl m Ar member Oc Ns ... -.Ar group -.Xc -Removes the specified member from the specified SMB local group. -The -.Fl m Ar member -option specifies the name of a SMB local group member. -The member name must include an existing user name and an optional domain name. -.Pp -Specify the member name in either of the following formats: -.Bd -literal -offset indent -[domain\e]username -[domain/]username -.Ed -.Pp -For example, a valid member name might be -.Sy sales\eterry -or -.Sy sales/terry , -where -.Sy sales -is the Windows domain name and -.Sy terry -is the name of a user in the -.Sy sales -domain. -.It Xo -.Cm delete-user -.Ar username -.Xc -Deletes SMB password for the specified local user effectively preventing the -access by means of the SMB service. -Use -.Nm passwd -command to create the SMB password and re-enable access. -.It Xo -.Cm disable-user -.Ar username -.Xc -Disables SMB password-generation capabilities for the specified local user -effectively preventing access by means of the SMB service. -When a local user account is disabled, you cannot use the -.Nm passwd -command to modify the user's SMB password until the user account is re-enabled. -.It Xo -.Cm enable-user -.Ar username -.Xc -Enables SMB password-generation capabilities for the specified local user and -re-enables access. -After the password-generation capabilities are re-enabled, use the -.Nm passwd -command to generate the SMB password for the local user. -.Pp -The -.Nm passwd -command manages both the system password and SMB password for this user if the -.Pa pam_smb_passwd -module has been added to the system's PAM configuration. -.It Xo -.Cm join -.Op Fl y -.Fl u Ar username -.Ar domain -.Xc -Joins a Windows domain. -.Pp -An authenticated user account is required to join a domain, so you must specify -the Windows administrative user name with the -.Fl u -option. -If the password is not specified on the command line, the user is prompted for -it. -This user should be the domain administrator or any user who has administrative -privileges for the target domain. -.Pp -.Ar username -and -.Ar domain -can be entered in any of the following formats: -.Bd -literal -offset indent -username[+password] domain -domain\eusername[+password] -domain/username[+password] -username@domain -.Ed -.Pp -\&...where -.Ar domain -can be the NetBIOS or DNS domain name. -.Pp -If a machine trust account for the system already exists on a domain controller, -any authenticated user account can be used when joining the domain. -However, if the machine trust account does -.Em not -already exist, an account that has administrative privileges on the domain is -required to join the domain. -Specifying -.Fl y -will bypass the SMB service restart prompt. -.It Xo -.Cm join -.Op Fl y -.Fl w Ar workgroup -.Xc -Joins a Windows workgroup. -.Pp -The default mode for the SMB service is workgroup mode, which uses the default -workgroup name, -.Qq WORKGROUP . -.Pp -The -.Fl w Ar workgroup -option specifies the name of the workgroup to join when using the -.Cm join -subcommand. -Specifying -.Fl y -will bypass the SMB service restart prompt. -.It Cm list -Shows information about the current workgroup or domain. -The information typically includes the workgroup name or the primary domain -name. -When in domain mode, the information includes domain controller names and -trusted domain names. -.Pp -Each entry in the output is identified by one of the following tags: -.Bl -tag -width "[*]" -.It Sy [*] -Primary domain -.It Sy [.] -Local domain -.It Sy [-] -Other domains -.It Sy [+] -Selected domain controller -.El -.It Xo -.Cm lookup -.Ar account-name Oo Ar account-name Oc Ns ... -.Xc -Lookup the SID for the given -.Ar account-name , -or lookup the -.Ar account-name -for the given SID. -This subcommand is primarily for diagnostic use, to confirm whether the server -can lookup domain accounts and/or SIDs. -.El -.Sh EXIT STATUS -.Ex -std -.Sh INTERFACE STABILITY -Utility name and options are -.Sy Uncommitted . -Utility output format is -.Sy Not-An-Interface . -.Sh SEE ALSO -.Xr passwd 1 , -.Xr groupadd 1M , -.Xr idmap 1M , -.Xr idmapd 1M , -.Xr kclient 1M , -.Xr share 1M , -.Xr sharectl 1M , -.Xr sharemgr 1M , -.Xr smbd 1M , -.Xr smbstat 1M , -.Xr smb 4 , -.Xr smbautohome 4 , -.Xr attributes 5 , -.Xr pam_smb_passwd 5 , -.Xr smf 5 |