diff options
Diffstat (limited to 'docs/htmldocs/manpages/net.8.html')
| -rw-r--r-- | docs/htmldocs/manpages/net.8.html | 416 |
1 files changed, 416 insertions, 0 deletions
diff --git a/docs/htmldocs/manpages/net.8.html b/docs/htmldocs/manpages/net.8.html new file mode 100644 index 0000000000..76fbae251b --- /dev/null +++ b/docs/htmldocs/manpages/net.8.html @@ -0,0 +1,416 @@ +<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>net</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.72.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="net.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>net — Tool for administration of Samba and remote + CIFS servers. + </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">net</code> {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-d debuglevel] [-V]</p></div></div><div class="refsect1" lang="en"><a name="id267094"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The Samba net utility is meant to work just like the net utility + available for windows and DOS. The first argument should be used + to specify the protocol to use when executing a certain command. + ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) + clients and RPC can be used for NT4 and Windows 2000. If this + argument is omitted, net will try to determine it automatically. + Not all commands are available on all protocols. + </p></div><div class="refsect1" lang="en"><a name="id299215"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options. +</p></dd><dt><span class="term">-w target-workgroup</span></dt><dd><p> + Sets target workgroup or domain. You have to specify + either this option or the IP address or the name of a server. + </p></dd><dt><span class="term">-W workgroup</span></dt><dd><p> + Sets client workgroup or domain + </p></dd><dt><span class="term">-U user</span></dt><dd><p> + User name to use + </p></dd><dt><span class="term">-I ip-address</span></dt><dd><p> + IP address of target server to use. You have to + specify either this option or a target workgroup or + a target server. + </p></dd><dt><span class="term">-p port</span></dt><dd><p> + Port on the target server to connect to (usually 139 or 445). + Defaults to trying 445 first, then 139. + </p></dd><dt><span class="term">-n <primary NetBIOS name></span></dt><dd><p>This option allows you to override +the NetBIOS name that Samba uses for itself. This is identical +to setting the <a class="indexterm" name="id266742"></a> parameter in the <code class="filename">smb.conf</code> file. +However, a command +line setting will take precedence over settings in +<code class="filename">smb.conf</code>.</p></dd><dt><span class="term">-s <configuration file></span></dt><dd><p>The file specified contains the +configuration details required by the server. The +information in this file includes server-specific +information such as what printcap file to use, as well +as descriptions of all the services that the server is +to provide. See <code class="filename">smb.conf</code> for more information. +The default configuration file name is determined at +compile time.</p></dd><dt><span class="term">-S server</span></dt><dd><p> + Name of target server. You should specify either + this option or a target workgroup or a target IP address. + </p></dd><dt><span class="term">-l</span></dt><dd><p> + When listing data, give more information on each item. + </p></dd><dt><span class="term">-P</span></dt><dd><p> + Make queries to the external server using the machine account of the local server. + </p></dd><dt><span class="term">-d|--debuglevel=level</span></dt><dd><p><em class="replaceable"><code>level</code></em> is an integer +from 0 to 10. The default value if this parameter is +not specified is 0.</p><p>The higher this value, the more detail will be +logged to the log files about the activities of the +server. At level 0, only critical errors and serious +warnings will be logged. Level 1 is a reasonable level for +day-to-day running - it generates a small amount of +information about operations carried out.</p><p>Levels above 1 will generate considerable +amounts of log data, and should only be used when +investigating a problem. Levels above 3 are designed for +use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will +override the <a class="indexterm" name="id266844"></a> parameter +in the <code class="filename">smb.conf</code> file.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id266861"></a><h2>COMMANDS</h2><div class="refsect2" lang="en"><a name="id266866"></a><h3>CHANGESECRETPW</h3><p>This command allows the Samba machine account password to be set from an external application +to a machine account password that has already been stored in Active Directory. DO NOT USE this command +unless you know exactly what you are doing. The use of this command requires that the force flag (-f) +be used also. There will be NO command prompt. Whatever information is piped into stdin, either by +typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use +this without care and attention as it will overwrite a legitimate machine password without warning. +YOU HAVE BEEN WARNED. +</p></div><div class="refsect2" lang="en"><a name="id266882"></a><h3>TIME</h3><p>The <code class="literal">NET TIME</code> command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server.</p><div class="refsect3" lang="en"><a name="id266898"></a><h4>TIME</h4><p>Without any options, the <code class="literal">NET TIME</code> command +displays the time on the remote server. +</p></div><div class="refsect3" lang="en"><a name="id266914"></a><h4>TIME SYSTEM</h4><p>Displays the time on the remote server in a format ready for <code class="literal">/bin/date</code>.</p></div><div class="refsect3" lang="en"><a name="id307883"></a><h4>TIME SET</h4><p>Tries to set the date and time of the local server to that on +the remote server using <code class="literal">/bin/date</code>. </p></div><div class="refsect3" lang="en"><a name="id307898"></a><h4>TIME ZONE</h4><p>Displays the timezone in hours from GMT on the remote computer.</p></div></div><div class="refsect2" lang="en"><a name="id307909"></a><h3>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</h3><p> +Join a domain. If the account already exists on the server, and +[TYPE] is MEMBER, the machine will attempt to join automatically. +(Assuming that the machine has been created in server manager) +Otherwise, a password will be prompted for, and a new account may +be created.</p><p> +[TYPE] may be PDC, BDC or MEMBER to specify the type of server +joining the domain. +</p><p> +[UPN] (ADS only) set the principalname attribute during the join. The default +format is host/netbiosname@REALM. +</p><p> +[OU] (ADS only) Precreate the computer account in a specific OU. The +OU string reads from top to bottom without RDNs, and is delimited by +a '/'. Please note that '\' is used for escape by both the shell +and ldap, so it may need to be doubled or quadrupled to pass through, +and it is not used as a delimiter. +</p></div><div class="refsect2" lang="en"><a name="id307939"></a><h3>[RPC] OLDJOIN [options]</h3><p>Join a domain. Use the OLDJOIN option to join the domain +using the old style of domain joining - you need to create a trust +account in server manager first.</p></div><div class="refsect2" lang="en"><a name="id307950"></a><h3>[RPC|ADS] USER</h3><div class="refsect3" lang="en"><a name="id307956"></a><h4>[RPC|ADS] USER</h4><p>List all users</p></div><div class="refsect3" lang="en"><a name="id307966"></a><h4>[RPC|ADS] USER DELETE <em class="replaceable"><code>target</code></em></h4><p>Delete specified user</p></div><div class="refsect3" lang="en"><a name="id307978"></a><h4>[RPC|ADS] USER INFO <em class="replaceable"><code>target</code></em></h4><p>List the domain groups of the specified user.</p></div><div class="refsect3" lang="en"><a name="id307991"></a><h4>[RPC|ADS] USER RENAME <em class="replaceable"><code>oldname</code></em> <em class="replaceable"><code>newname</code></em></h4><p>Rename specified user.</p></div><div class="refsect3" lang="en"><a name="id308007"></a><h4>[RPC|ADS] USER ADD <em class="replaceable"><code>name</code></em> [password] [-F user flags] [-C comment]</h4><p>Add specified user.</p></div></div><div class="refsect2" lang="en"><a name="id308022"></a><h3>[RPC|ADS] GROUP</h3><div class="refsect3" lang="en"><a name="id308028"></a><h4>[RPC|ADS] GROUP [misc options] [targets]</h4><p>List user groups.</p></div><div class="refsect3" lang="en"><a name="id308038"></a><h4>[RPC|ADS] GROUP DELETE <em class="replaceable"><code>name</code></em> [misc. options]</h4><p>Delete specified group.</p></div><div class="refsect3" lang="en"><a name="id308052"></a><h4>[RPC|ADS] GROUP ADD <em class="replaceable"><code>name</code></em> [-C comment]</h4><p>Create specified group.</p></div></div><div class="refsect2" lang="en"><a name="id308067"></a><h3>[RAP|RPC] SHARE</h3><div class="refsect3" lang="en"><a name="id308073"></a><h4>[RAP|RPC] SHARE [misc. options] [targets]</h4><p>Enumerates all exported resources (network shares) on target server.</p></div><div class="refsect3" lang="en"><a name="id308084"></a><h4>[RAP|RPC] SHARE ADD <em class="replaceable"><code>name=serverpath</code></em> [-C comment] [-M maxusers] [targets]</h4><p>Adds a share from a server (makes the export active). Maxusers +specifies the number of users that can be connected to the +share simultaneously.</p></div><div class="refsect3" lang="en"><a name="id308099"></a><h4>SHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p>Delete specified share.</p></div></div><div class="refsect2" lang="en"><a name="id308112"></a><h3>[RPC|RAP] FILE</h3><div class="refsect3" lang="en"><a name="id308118"></a><h4>[RPC|RAP] FILE</h4><p>List all open files on remote server.</p></div><div class="refsect3" lang="en"><a name="id308128"></a><h4>[RPC|RAP] FILE CLOSE <em class="replaceable"><code>fileid</code></em></h4><p>Close file with specified <em class="replaceable"><code>fileid</code></em> on +remote server.</p></div><div class="refsect3" lang="en"><a name="id308145"></a><h4>[RPC|RAP] FILE INFO <em class="replaceable"><code>fileid</code></em></h4><p> +Print information on specified <em class="replaceable"><code>fileid</code></em>. +Currently listed are: file-id, username, locks, path, permissions. +</p></div><div class="refsect3" lang="en"><a name="id308161"></a><h4>[RAP|RPC] FILE USER <em class="replaceable"><code>user</code></em></h4><p> +List files opened by specified <em class="replaceable"><code>user</code></em>. +Please note that <code class="literal">net rap file user</code> does not work +against Samba servers. +</p></div></div><div class="refsect2" lang="en"><a name="id308185"></a><h3>SESSION</h3><div class="refsect3" lang="en"><a name="id308191"></a><h4>RAP SESSION</h4><p>Without any other options, SESSION enumerates all active SMB/CIFS +sessions on the target server.</p></div><div class="refsect3" lang="en"><a name="id308201"></a><h4>RAP SESSION DELETE|CLOSE <em class="replaceable"><code>CLIENT_NAME</code></em></h4><p>Close the specified sessions.</p></div><div class="refsect3" lang="en"><a name="id308214"></a><h4>RAP SESSION INFO <em class="replaceable"><code>CLIENT_NAME</code></em></h4><p>Give a list with all the open files in specified session.</p></div></div><div class="refsect2" lang="en"><a name="id308228"></a><h3>RAP SERVER <em class="replaceable"><code>DOMAIN</code></em></h3><p>List all servers in specified domain or workgroup. Defaults +to local domain.</p></div><div class="refsect2" lang="en"><a name="id308241"></a><h3>RAP DOMAIN</h3><p>Lists all domains and workgroups visible on the +current network.</p></div><div class="refsect2" lang="en"><a name="id308252"></a><h3>RAP PRINTQ</h3><div class="refsect3" lang="en"><a name="id308257"></a><h4>RAP PRINTQ LIST <em class="replaceable"><code>QUEUE_NAME</code></em></h4><p>Lists the specified print queue and print jobs on the server. +If the <em class="replaceable"><code>QUEUE_NAME</code></em> is omitted, all +queues are listed.</p></div><div class="refsect3" lang="en"><a name="id308274"></a><h4>RAP PRINTQ DELETE <em class="replaceable"><code>JOBID</code></em></h4><p>Delete job with specified id.</p></div></div><div class="refsect2" lang="en"><a name="id308288"></a><h3>RAP VALIDATE <em class="replaceable"><code>user</code></em> [<em class="replaceable"><code>password</code></em>]</h3><p> +Validate whether the specified user can log in to the +remote server. If the password is not specified on the commandline, it +will be prompted. +</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" lang="en"><a name="id308311"></a><h3>RAP GROUPMEMBER</h3><div class="refsect3" lang="en"><a name="id308316"></a><h4>RAP GROUPMEMBER LIST <em class="replaceable"><code>GROUP</code></em></h4><p>List all members of the specified group.</p></div><div class="refsect3" lang="en"><a name="id308329"></a><h4>RAP GROUPMEMBER DELETE <em class="replaceable"><code>GROUP</code></em> <em class="replaceable"><code>USER</code></em></h4><p>Delete member from group.</p></div><div class="refsect3" lang="en"><a name="id308345"></a><h4>RAP GROUPMEMBER ADD <em class="replaceable"><code>GROUP</code></em> <em class="replaceable"><code>USER</code></em></h4><p>Add member to group.</p></div></div><div class="refsect2" lang="en"><a name="id308362"></a><h3>RAP ADMIN <em class="replaceable"><code>command</code></em></h3><p>Execute the specified <em class="replaceable"><code>command</code></em> on +the remote server. Only works with OS/2 servers. +</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" lang="en"><a name="id308384"></a><h3>RAP SERVICE</h3><div class="refsect3" lang="en"><a name="id308389"></a><h4>RAP SERVICE START <em class="replaceable"><code>NAME</code></em> [arguments...]</h4><p>Start the specified service on the remote server. Not implemented yet.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect3" lang="en"><a name="id308408"></a><h4>RAP SERVICE STOP</h4><p>Stop the specified service on the remote server.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div></div><div class="refsect2" lang="en"><a name="id308424"></a><h3>RAP PASSWORD <em class="replaceable"><code>USER</code></em> <em class="replaceable"><code>OLDPASS</code></em> <em class="replaceable"><code>NEWPASS</code></em></h3><p> +Change password of <em class="replaceable"><code>USER</code></em> from <em class="replaceable"><code>OLDPASS</code></em> to <em class="replaceable"><code>NEWPASS</code></em>. +</p></div><div class="refsect2" lang="en"><a name="id308455"></a><h3>LOOKUP</h3><div class="refsect3" lang="en"><a name="id308460"></a><h4>LOOKUP HOST <em class="replaceable"><code>HOSTNAME</code></em> [<em class="replaceable"><code>TYPE</code></em>]</h4><p> +Lookup the IP address of the given host with the specified type (netbios suffix). +The type defaults to 0x20 (workstation). +</p></div><div class="refsect3" lang="en"><a name="id308478"></a><h4>LOOKUP LDAP [<em class="replaceable"><code>DOMAIN</code></em>]</h4><p>Give IP address of LDAP server of specified <em class="replaceable"><code>DOMAIN</code></em>. Defaults to local domain.</p></div><div class="refsect3" lang="en"><a name="id308496"></a><h4>LOOKUP KDC [<em class="replaceable"><code>REALM</code></em>]</h4><p>Give IP address of KDC for the specified <em class="replaceable"><code>REALM</code></em>. +Defaults to local realm.</p></div><div class="refsect3" lang="en"><a name="id308514"></a><h4>LOOKUP DC [<em class="replaceable"><code>DOMAIN</code></em>]</h4><p>Give IP's of Domain Controllers for specified <em class="replaceable"><code> +DOMAIN</code></em>. Defaults to local domain.</p></div><div class="refsect3" lang="en"><a name="id308531"></a><h4>LOOKUP MASTER <em class="replaceable"><code>DOMAIN</code></em></h4><p>Give IP of master browser for specified <em class="replaceable"><code>DOMAIN</code></em> +or workgroup. Defaults to local domain.</p></div></div><div class="refsect2" lang="en"><a name="id308549"></a><h3>CACHE</h3><p>Samba uses a general caching interface called 'gencache'. It +can be controlled using 'NET CACHE'.</p><p>All the timeout parameters support the suffixes: + +</p><table class="simplelist" border="0" summary="Simple list"><tr><td>s - Seconds</td></tr><tr><td>m - Minutes</td></tr><tr><td>h - Hours</td></tr><tr><td>d - Days</td></tr><tr><td>w - Weeks</td></tr></table><p> + +</p><div class="refsect3" lang="en"><a name="id308586"></a><h4>CACHE ADD <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>data</code></em> <em class="replaceable"><code>time-out</code></em></h4><p>Add specified key+data to the cache with the given timeout.</p></div><div class="refsect3" lang="en"><a name="id308605"></a><h4>CACHE DEL <em class="replaceable"><code>key</code></em></h4><p>Delete key from the cache.</p></div><div class="refsect3" lang="en"><a name="id308618"></a><h4>CACHE SET <em class="replaceable"><code>key</code></em> <em class="replaceable"><code>data</code></em> <em class="replaceable"><code>time-out</code></em></h4><p>Update data of existing cache entry.</p></div><div class="refsect3" lang="en"><a name="id308637"></a><h4>CACHE SEARCH <em class="replaceable"><code>PATTERN</code></em></h4><p>Search for the specified pattern in the cache data.</p></div><div class="refsect3" lang="en"><a name="id308650"></a><h4>CACHE LIST</h4><p> +List all current items in the cache. +</p></div><div class="refsect3" lang="en"><a name="id308660"></a><h4>CACHE FLUSH</h4><p>Remove all the current items from the cache.</p></div></div><div class="refsect2" lang="en"><a name="id308671"></a><h3>GETLOCALSID [DOMAIN]</h3><p>Prints the SID of the specified domain, or if the parameter is +omitted, the SID of the local server.</p></div><div class="refsect2" lang="en"><a name="id308682"></a><h3>SETLOCALSID S-1-5-21-x-y-z</h3><p>Sets SID for the local server to the specified SID.</p></div><div class="refsect2" lang="en"><a name="id308693"></a><h3>GETDOMAINSID</h3><p>Prints the local machine SID and the SID of the current +domain.</p></div><div class="refsect2" lang="en"><a name="id308703"></a><h3>SETDOMAINSID</h3><p>Sets the SID of the current domain.</p></div><div class="refsect2" lang="en"><a name="id308714"></a><h3>GROUPMAP</h3><p>Manage the mappings between Windows group SIDs and UNIX groups. +Common options include:</p><div class="itemizedlist"><ul type="disc"><li><p>unixgroup - Name of the UNIX group</p></li><li><p>ntgroup - Name of the Windows NT group (must be + resolvable to a SID</p></li><li><p>rid - Unsigned 32-bit integer</p></li><li><p>sid - Full SID in the form of "S-1-..."</p></li><li><p>type - Type of the group; either 'domain', 'local', + or 'builtin'</p></li><li><p>comment - Freeform text description of the group</p></li></ul></div><div class="refsect3" lang="en"><a name="id308755"></a><h4>GROUPMAP ADD</h4><p> +Add a new group mapping entry: +</p><pre class="programlisting"> +net groupmap add {rid=int|sid=string} unixgroup=string \ + [type={domain|local}] [ntgroup=string] [comment=string] +</pre><p> +</p></div><div class="refsect3" lang="en"><a name="id308772"></a><h4>GROUPMAP DELETE</h4><p>Delete a group mapping entry. If more than one group name matches, the first entry found is deleted.</p><p>net groupmap delete {ntgroup=string|sid=SID}</p></div><div class="refsect3" lang="en"><a name="id308786"></a><h4>GROUPMAP MODIFY</h4><p>Update en existing group entry.</p><p> +</p><pre class="programlisting"> +net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \ + [comment=string] [type={domain|local}] +</pre><p> +</p></div><div class="refsect3" lang="en"><a name="id308806"></a><h4>GROUPMAP LIST</h4><p>List existing group mapping entries.</p><p>net groupmap list [verbose] [ntgroup=string] [sid=SID]</p></div></div><div class="refsect2" lang="en"><a name="id308821"></a><h3>MAXRID</h3><p>Prints out the highest RID currently in use on the local +server (by the active 'passdb backend'). +</p></div><div class="refsect2" lang="en"><a name="id308832"></a><h3>RPC INFO</h3><p>Print information about the domain of the remote server, +such as domain name, domain sid and number of users and groups. +</p></div><div class="refsect2" lang="en"><a name="id308843"></a><h3>[RPC|ADS] TESTJOIN</h3><p>Check whether participation in a domain is still valid.</p></div><div class="refsect2" lang="en"><a name="id308854"></a><h3>[RPC|ADS] CHANGETRUSTPW</h3><p>Force change of domain trust password.</p></div><div class="refsect2" lang="en"><a name="id308864"></a><h3>RPC TRUSTDOM</h3><div class="refsect3" lang="en"><a name="id308870"></a><h4>RPC TRUSTDOM ADD <em class="replaceable"><code>DOMAIN</code></em></h4><p>Add a interdomain trust account for <em class="replaceable"><code>DOMAIN</code></em>. +This is in fact a Samba account named <em class="replaceable"><code>DOMAIN$</code></em> +with the account flag <code class="constant">'I'</code> (interdomain trust account). +If the command is used against localhost it has the same effect as +<code class="literal">smbpasswd -a -i DOMAIN</code>. Please note that both commands +expect a appropriate UNIX account. +</p></div><div class="refsect3" lang="en"><a name="id308901"></a><h4>RPC TRUSTDOM DEL <em class="replaceable"><code>DOMAIN</code></em></h4><p>Remove interdomain trust account for +<em class="replaceable"><code>DOMAIN</code></em>. If it is used against localhost +it has the same effect as <code class="literal">smbpasswd -x DOMAIN$</code>. +</p></div><div class="refsect3" lang="en"><a name="id308923"></a><h4>RPC TRUSTDOM ESTABLISH <em class="replaceable"><code>DOMAIN</code></em></h4><p> +Establish a trust relationship to a trusting domain. +Interdomain account must already be created on the remote PDC. +</p></div><div class="refsect3" lang="en"><a name="id308936"></a><h4>RPC TRUSTDOM REVOKE <em class="replaceable"><code>DOMAIN</code></em></h4><p>Abandon relationship to trusted domain</p></div><div class="refsect3" lang="en"><a name="id308949"></a><h4>RPC TRUSTDOM LIST</h4><p>List all current interdomain trust relationships.</p></div><div class="refsect3" lang="en"><a name="id308960"></a><h4>RPC RIGHTS</h4><p>This subcommand is used to view and manage Samba's rights assignments (also +referred to as privileges). There are three options currently available: +<em class="parameter"><code>list</code></em>, <em class="parameter"><code>grant</code></em>, and +<em class="parameter"><code>revoke</code></em>. More details on Samba's privilege model and its use +can be found in the Samba-HOWTO-Collection.</p></div></div><div class="refsect2" lang="en"><a name="id308991"></a><h3>RPC ABORTSHUTDOWN</h3><p>Abort the shutdown of a remote server.</p></div><div class="refsect2" lang="en"><a name="id309001"></a><h3>RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]</h3><p>Shut down the remote server.</p><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p> +Reboot after shutdown. +</p></dd><dt><span class="term">-f</span></dt><dd><p> +Force shutting down all applications. +</p></dd><dt><span class="term">-t timeout</span></dt><dd><p> +Timeout before system will be shut down. An interactive +user of the system can use this time to cancel the shutdown. +</p></dd><dt><span class="term">-C message</span></dt><dd><p>Display the specified message on the screen to +announce the shutdown.</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id309061"></a><h3>RPC SAMDUMP</h3><p>Print out sam database of remote server. You need +to run this against the PDC, from a Samba machine joined as a BDC. </p></div><div class="refsect2" lang="en"><a name="id309072"></a><h3>RPC VAMPIRE</h3><p>Export users, aliases and groups from remote server to +local server. You need to run this against the PDC, from a Samba machine joined as a BDC. +</p></div><div class="refsect2" lang="en"><a name="id309083"></a><h3>RPC GETSID</h3><p>Fetch domain SID and store it in the local <code class="filename">secrets.tdb</code>. </p></div><div class="refsect2" lang="en"><a name="id309099"></a><h3>ADS LEAVE</h3><p>Make the remote host leave the domain it is part of. </p></div><div class="refsect2" lang="en"><a name="id309109"></a><h3>ADS STATUS</h3><p>Print out status of machine account of the local machine in ADS. +Prints out quite some debug info. Aimed at developers, regular +users should use <code class="literal">NET ADS TESTJOIN</code>.</p></div><div class="refsect2" lang="en"><a name="id309126"></a><h3>ADS PRINTER</h3><div class="refsect3" lang="en"><a name="id309132"></a><h4>ADS PRINTER INFO [<em class="replaceable"><code>PRINTER</code></em>] [<em class="replaceable"><code>SERVER</code></em>]</h4><p> +Lookup info for <em class="replaceable"><code>PRINTER</code></em> on <em class="replaceable"><code>SERVER</code></em>. The printer name defaults to "*", the +server name defaults to the local host.</p></div><div class="refsect3" lang="en"><a name="id309157"></a><h4>ADS PRINTER PUBLISH <em class="replaceable"><code>PRINTER</code></em></h4><p>Publish specified printer using ADS.</p></div><div class="refsect3" lang="en"><a name="id309170"></a><h4>ADS PRINTER REMOVE <em class="replaceable"><code>PRINTER</code></em></h4><p>Remove specified printer from ADS directory.</p></div></div><div class="refsect2" lang="en"><a name="id309183"></a><h3>ADS SEARCH <em class="replaceable"><code>EXPRESSION</code></em> <em class="replaceable"><code>ATTRIBUTES...</code></em></h3><p>Perform a raw LDAP search on a ADS server and dump the results. The +expression is a standard LDAP search expression, and the +attributes are a list of LDAP fields to show in the results.</p><p>Example: <strong class="userinput"><code>net ads search '(objectCategory=group)' sAMAccountName</code></strong> +</p></div><div class="refsect2" lang="en"><a name="id309210"></a><h3>ADS DN <em class="replaceable"><code>DN</code></em> <em class="replaceable"><code>(attributes)</code></em></h3><p> +Perform a raw LDAP search on a ADS server and dump the results. The +DN standard LDAP DN, and the attributes are a list of LDAP fields +to show in the result. +</p><p>Example: <strong class="userinput"><code>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</code></strong></p></div><div class="refsect2" lang="en"><a name="id309236"></a><h3>ADS WORKGROUP</h3><p>Print out workgroup name for specified kerberos realm.</p></div><div class="refsect2" lang="en"><a name="id309246"></a><h3>SAM CREATEBUILTINGROUP <NAME></h3><p> +(Re)Create a BUILTIN group. +Only a wellknown set of BUILTIN groups can be created with this command. +This is the list of currently recognized group names: Administrators, +Users, Guests, Power Users, Account Operators, Server Operators, Print +Operators, Backup Operators, Replicator, RAS Servers, Pre-Windows 2000 +compatible Access. + +This command requires a running Winbindd with idmap allocation properly +configured. The group gid will be allocated out of the winbindd range. +</p></div><div class="refsect2" lang="en"><a name="id309260"></a><h3>SAM CREATELOCALGROUP <NAME></h3><p> +Create a LOCAL group (also known as Alias). + +This command requires a running Winbindd with idmap allocation properly +configured. The group gid will be allocated out of the winbindd range. +</p></div><div class="refsect2" lang="en"><a name="id309272"></a><h3>SAM DELETELOCALGROUP <NAME></h3><p> +Delete an existing LOCAL group (also known as Alias). + +</p></div><div class="refsect2" lang="en"><a name="id309283"></a><h3>SAM MAPUNIXGROUP <NAME></h3><p> +Map an existing Unix group and make it a Domain Group, the domain group +will have the same name. +</p></div><div class="refsect2" lang="en"><a name="id309294"></a><h3>SAM UNMAPUNIXGROUP <NAME></h3><p> +Remove an existing group mapping entry. +</p></div><div class="refsect2" lang="en"><a name="id309305"></a><h3>SAM ADDMEM <GROUP> <MEMBER></h3><p> +Add a member to a Local group. The group can be specified only by name, +the member can be specified by name or SID. +</p></div><div class="refsect2" lang="en"><a name="id309316"></a><h3>SAM DELMEM <GROUP> <MEMBER></h3><p> +Remove a member from a Local group. The group and the member must be +specified by name. +</p></div><div class="refsect2" lang="en"><a name="id309327"></a><h3>SAM LISTMEM <GROUP></h3><p> +List Local group members. The group must be specified by name. +</p></div><div class="refsect2" lang="en"><a name="id309338"></a><h3>SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]</h3><p> +List the specified set of accounts by name. If verbose is specified, +the rid and description is also provided for each account. +</p></div><div class="refsect2" lang="en"><a name="id309350"></a><h3>SAM SHOW <NAME></h3><p> +Show the full DOMAIN\\NAME the SID and the type for the corresponding +account. +</p></div><div class="refsect2" lang="en"><a name="id309361"></a><h3>SAM SET HOMEDIR <NAME> <DIRECTORY></h3><p> +Set the home directory for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309371"></a><h3>SAM SET PROFILEPATH <NAME> <PATH></h3><p> +Set the profile path for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309382"></a><h3>SAM SET COMMENT <NAME> <COMMENT></h3><p> +Set the comment for a user or group account. +</p></div><div class="refsect2" lang="en"><a name="id309392"></a><h3>SAM SET FULLNAME <NAME> <FULL NAME></h3><p> +Set the full name for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309403"></a><h3>SAM SET LOGONSCRIPT <NAME> <SCRIPT></h3><p> +Set the logon script for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309413"></a><h3>SAM SET HOMEDRIVE <NAME> <DRIVE></h3><p> +Set the home drive for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309424"></a><h3>SAM SET WORKSTATIONS <NAME> <WORKSTATIONS></h3><p> +Set the workstations a user account is allowed to log in from. +</p></div><div class="refsect2" lang="en"><a name="id309435"></a><h3>SAM SET DISABLE <NAME></h3><p> +Set the "disabled" flag for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309445"></a><h3>SAM SET PWNOTREQ <NAME></h3><p> +Set the "password not required" flag for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309456"></a><h3>SAM SET AUTOLOCK <NAME></h3><p> +Set the "autolock" flag for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309466"></a><h3>SAM SET PWNOEXP <NAME></h3><p> +Set the "password do not expire" flag for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309477"></a><h3>SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]</h3><p> +Set or unset the "password must change" flag for a user account. +</p></div><div class="refsect2" lang="en"><a name="id309488"></a><h3>SAM POLICY LIST</h3><p> +List the available account policies. +</p></div><div class="refsect2" lang="en"><a name="id309498"></a><h3>SAM POLICY SHOW <account policy></h3><p> +Show the account policy value. +</p></div><div class="refsect2" lang="en"><a name="id309509"></a><h3>SAM POLICY SET <account policy> <value></h3><p> +Set a value for the account policy. +Valid values can be: "forever", "never", "off", or a number. +</p></div><div class="refsect2" lang="en"><a name="id309520"></a><h3>SAM PROVISION</h3><p> +Only available if ldapsam:editposix is set and winbindd is running. +Properly populates the ldap tree with the basic accounts (Administrator) +and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree. +</p></div><div class="refsect2" lang="en"><a name="id309532"></a><h3>IDMAP DUMP <local tdb file name></h3><p> +Dumps the mappings contained in the local tdb file specified. +This command is useful to dump only the mappings produced by the idmap_tdb backend. +</p></div><div class="refsect2" lang="en"><a name="id309544"></a><h3>IDMAP RESTORE [input file]</h3><p> +Restore the mappings from the specified file or stdin. +</p></div><div class="refsect2" lang="en"><a name="id309554"></a><h3>IDMAP SECRET <DOMAIN>|ALLOC <secret></h3><p> +Store a secret for the specified domain, used primarily for domains +that use idmap_ldap as a backend. In this case the secret is used +as the password for the user DN used to bind to the ldap server. +</p></div><div class="refsect2" lang="en"><a name="id309566"></a><h3>USERSHARE</h3><p>Starting with version 3.0.23, a Samba server now supports the ability for +non-root users to add user defined shares to be exported using the "net usershare" +commands. +</p><p> +To set this up, first set up your smb.conf by adding to the [global] section: + +usershare path = /usr/local/samba/lib/usershares + +Next create the directory /usr/local/samba/lib/usershares, change the owner to root and +set the group owner to the UNIX group who should have the ability to create usershares, +for example a group called "serverops". + +Set the permissions on /usr/local/samba/lib/usershares to 01770. + +(Owner and group all access, no access for others, plus the sticky bit, +which means that a file in that directory can be renamed or deleted only +by the owner of the file). + +Finally, tell smbd how many usershares you will allow by adding to the [global] +section of smb.conf a line such as : + +usershare max shares = 100. + +To allow 100 usershare definitions. Now, members of the UNIX group "serverops" +can create user defined shares on demand using the commands below. +</p><p>The usershare commands are: + +</p><table class="simplelist" border="0" summary="Simple list"><tr><td>net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.</td></tr><tr><td>net usershare delete sharename - to delete a user defined share.</td></tr><tr><td>net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.</td></tr><tr><td>net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.</td></tr></table><p> + +</p><div class="refsect3" lang="en"><a name="id309613"></a><h4>USERSHARE ADD <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> <em class="replaceable"><code>[comment]</code></em> <em class="replaceable"><code>[acl]</code></em> <em class="replaceable"><code>[guest_ok=[y|n]]</code></em></h4><p> +Add or replace a new user defined share, with name "sharename". +</p><p> +"path" specifies the absolute pathname on the system to be exported. +Restrictions may be put on this, see the global smb.conf parameters: +"usershare owner only", "usershare prefix allow list", and +"usershare prefix deny list". +</p><p> +The optional "comment" parameter is the comment that will appear +on the share when browsed to by a client. +</p><p>The optional "acl" field +specifies which users have read and write access to the entire share. +Note that guest connections are not allowed unless the smb.conf parameter +"usershare allow guests" has been set. The definition of a user +defined share acl is: "user:permission", where user is a valid +username on the system and permission can be "F", "R", or "D". +"F" stands for "full permissions", ie. read and write permissions. +"D" stands for "deny" for a user, ie. prevent this user from accessing +this share. +"R" stands for "read only", ie. only allow read access to this +share (no creation of new files or directories or writing to files). +</p><p> +The default if no "acl" is given is "Everyone:R", which means any +authenticated user has read-only access. +</p><p> +The optional "guest_ok" has the same effect as the parameter of the +same name in smb.conf, in that it allows guest access to this user +defined share. This parameter is only allowed if the global parameter +"usershare allow guests" has been set to true in the smb.conf. +</p> + +There is no separate command to modify an existing user defined share, +just use the "net usershare add [sharename]" command using the same +sharename as the one you wish to modify and specify the new options +you wish. The Samba smbd daemon notices user defined share modifications +at connect time so will see the change immediately, there is no need +to restart smbd on adding, deleting or changing a user defined share. +</div><div class="refsect3" lang="en"><a name="id309671"></a><h4>USERSHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p> +Deletes the user defined share by name. The Samba smbd daemon +immediately notices this change, although it will not disconnect +any users currently connected to the deleted share. +</p></div><div class="refsect3" lang="en"><a name="id309685"></a><h4>USERSHARE INFO <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>[wildcard sharename]</code></em></h4><p> +Get info on user defined shares owned by the current user matching the given pattern, or all users. +</p><p> +net usershare info on its own dumps out info on the user defined shares that were +created by the current user, or restricts them to share names that match the given +wildcard pattern ('*' matches one or more characters, '?' matches only one character). +If the '-l' or '--long' option is also given, it prints out info on user defined +shares created by other users. +</p><p> +The information given about a share looks like: + +[foobar] +path=/home/jeremy +comment=testme +usershare_acl=Everyone:F +guest_ok=n + +And is a list of the current settings of the user defined share that can be +modified by the "net usershare add" command. +</p></div><div class="refsect3" lang="en"><a name="id309714"></a><h4>USERSHARE LIST <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>wildcard sharename</code></em></h4><p> +List all the user defined shares owned by the current user matching the given pattern, or all users. +</p><p> +net usershare list on its own list out the names of the user defined shares that were +created by the current user, or restricts the list to share names that match the given +wildcard pattern ('*' matches one or more characters, '?' matches only one character). +If the '-l' or '--long' option is also given, it includes the names of user defined +shares created by other users. +</p></div></div><div class="refsect2" lang="en"><a name="id309738"></a><h3>CONF</h3><p>Starting with version 3.2.0, a Samba server can be configured by data +stored in registry. This configuration data can be edited with the new "net +conf" commands. +</p><p> +The deployment of this configuration data can be activated in two levels from the +<span class="emphasis"><em>smb.conf</em></span> file: Share definitions from registry are +activated by setting <em class="parameter"><code>registry shares</code></em> to +“<span class="quote">yes</span>” in the [global] section and global configuration options are +activated by setting <a class="indexterm" name="id309765"></a>include = registry in +the [global] section. +See the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manpage for details. +</p><p>The conf commands are: +</p><table class="simplelist" border="0" summary="Simple list"><tr><td>net conf list - Dump the complete configuration in smb.conf like +format.</td></tr><tr><td>net conf import - Import configuration from file in smb.conf +format.</td></tr><tr><td>net conf listshares - List the registry shares.</td></tr><tr><td>net conf drop - Delete the complete configuration from +registry.</td></tr><tr><td>net conf showshare - Show the definition of a registry share.</td></tr><tr><td>net conf addshare - Create a new registry share.</td></tr><tr><td>net conf delshare - Delete a registry share.</td></tr><tr><td>net conf setparm - Store a parameter.</td></tr><tr><td>net conf getparm - Retrieve the value of a parameter.</td></tr><tr><td>net conf delparm - Delete a parameter.</td></tr></table><p> +</p><div class="refsect3" lang="en"><a name="id309828"></a><h4>CONF LIST</h4><p> +Print the configuration data stored in the registry in a smb.conf-like format to +standard output. +</p></div><div class="refsect3" lang="en"><a name="id309839"></a><h4>CONF IMPORT <em class="replaceable"><code>[--test|-T]</code></em> <em class="replaceable"><code>filename</code></em> <em class="replaceable"><code>[section]</code></em></h4><p> +This command imports configuration from a file in smb.conf format. +If a section encountered in the input file is present in registry, +its contents is replaced. Sections of registry configuration that have +no counterpart in the input file are not affected. If you want to delete these, +you will have to use the "net conf drop" or "net conf delshare" commands. +Optionally, a section may be specified to restrict the effect of the +import command to that specific section. A test mode is enabled by specifying +the parameter "-T" on the commandline. In test mode, no changes are made to the +registry, and the resulting configuration is printed to standard output instead. +</p></div><div class="refsect3" lang="en"><a name="id309864"></a><h4>CONF LISTSHARES</h4><p> +List the names of the shares defined in registry. +</p></div><div class="refsect3" lang="en"><a name="id309875"></a><h4>CONF DROP</h4><p> +Delete the complete configuration data from registry. +</p></div><div class="refsect3" lang="en"><a name="id309885"></a><h4>CONF SHOWSHARE <em class="replaceable"><code>sharename</code></em></h4><p> +Show the definition of the share or section specified. It is valid to specify +"global" as sharename to retrieve the global configuration options from +registry. +</p></div><div class="refsect3" lang="en"><a name="id309899"></a><h4>CONF ADDSHARE <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> [<em class="replaceable"><code>writeable={y|N}</code></em> [<em class="replaceable"><code>guest_ok={y|N}</code></em> [<em class="replaceable"><code>comment</code></em>]]] </h4><p>Create a new share definition in registry. +The sharename and path have to be given. The share name may +<span class="emphasis"><em>not</em></span> be "global". Optionally, values for the very +common options "writeable", "guest ok" and a "comment" may be specified. +The same result may be obtained by a sequence of "net conf setparm" +commands. +</p></div><div class="refsect3" lang="en"><a name="id309932"></a><h4>CONF DELSHARE <em class="replaceable"><code>sharename</code></em></h4><p> +Delete a share definition from registry. +</p></div><div class="refsect3" lang="en"><a name="id309945"></a><h4>CONF SETPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em> <em class="replaceable"><code>value</code></em></h4><p> +Store a parameter in registry. The section may be global or a sharename. +The section is created if it does not exist yet. +</p></div><div class="refsect3" lang="en"><a name="id309965"></a><h4>CONF GETPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em></h4><p> +Show a parameter stored in registry. +</p></div><div class="refsect3" lang="en"><a name="id309981"></a><h4>CONF DELPARM <em class="replaceable"><code>section</code></em> <em class="replaceable"><code>parameter</code></em></h4><p> +Delete a parameter stored in registry. +</p></div><div class="refsect3" lang="en"><a name="id309998"></a><h4></h4><p> +</p></div></div><div class="refsect2" lang="en"><a name="id310007"></a><h3>HELP [COMMAND]</h3><p>Gives usage information for the specified command.</p></div></div><div class="refsect1" lang="en"><a name="id310019"></a><h2>VERSION</h2><p>This man page is complete for version 3.0 of the Samba + suite.</p></div><div class="refsect1" lang="en"><a name="id310029"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</p><p>The net manpage was written by Jelmer Vernooij.</p></div></div></body></html> |