summaryrefslogtreecommitdiffstats
path: root/packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8
diff options
context:
space:
mode:
Diffstat (limited to 'packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8')
-rwxr-xr-xpackaging/Caldera/OpenServer/man/cat.8/smbpasswd.8462
1 files changed, 462 insertions, 0 deletions
diff --git a/packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8 b/packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8
new file mode 100755
index 00000000000..5b86144432c
--- /dev/null
+++ b/packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8
@@ -0,0 +1,462 @@
+
+
+
+ SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888))))
+
+
+
+ NNNNAAAAMMMMEEEE
+ smbpasswd - change a user's SMB password
+
+ SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
+ When run by root:
+
+ ssssmmmmbbbbppppaaaasssssssswwwwdddd [ ooooppppttttiiiioooonnnnssss ] [ uuuusssseeeerrrrnnnnaaaammmmeeee ] [ ppppaaaasssssssswwwwoooorrrrdddd ]
+
+ otherwise:
+
+ ssssmmmmbbbbppppaaaasssssssswwwwdddd [ ooooppppttttiiiioooonnnnssss ] [ ppppaaaasssssssswwwwoooorrrrdddd ]
+
+ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
+ This tool is part of the Samba suite.
+
+ The smbpasswd program has several different functions,
+ depending on whether it is run by the rrrrooooooootttt user or not. When
+ run as a normal user it allows the user to change the
+ password used for their SMB sessions on any machines that
+ store SMB passwords.
+
+ By default (when run with no arguments) it will attempt to
+ change the current user's SMB password on the local machine.
+ This is similar to the way the ppppaaaasssssssswwwwdddd((((1111)))) program works.
+ ssssmmmmbbbbppppaaaasssssssswwwwdddd differs from how the passwd program works however
+ in that it is not sssseeeettttuuuuiiiidddd rrrrooooooootttt but works in a client-server
+ mode and communicates with a locally running ssssmmmmbbbbdddd((((8888)))). As a
+ consequence in order for this to succeed the smbd daemon
+ must be running on the local machine. On a UNIX machine the
+ encrypted SMB passwords are usually stored in the
+ _s_m_b_p_a_s_s_w_d(_5) file.
+
+ When run by an ordinary user with no options. smbpasswd will
+ prompt them for their old SMB password and then ask them for
+ their new password twice, to ensure that the new password
+ was typed correctly. No passwords will be echoed on the
+ screen whilst being typed. If you have a blank SMB password
+ (specified by the string "NO PASSWORD" in the smbpasswd
+ file) then just press the <Enter> key when asked for your
+ old password.
+
+ smbpasswd can also be used by a normal user to change their
+ SMB password on remote machines, such as Windows NT Primary
+ Domain Controllers. See the (-r) and -U options below.
+
+ When run by root, smbpasswd allows new users to be added and
+ deleted in the smbpasswd file, as well as allows changes to
+ the attributes of the user in this file to be made. When run
+ by root, ssssmmmmbbbbppppaaaasssssssswwwwdddd accesses the local smbpasswd file
+ directly, thus enabling changes to be made even if smbd is
+ not running.
+
+
+
+
+ Page 1 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888))))
+
+
+
+ OOOOPPPPTTTTIIIIOOOONNNNSSSS
+ ----LLLL Run the smbpasswd command in local mode. This allows a
+ non-root user to specify the root-only options. This is
+ used mostly in test environments where a non-root user
+ needs to make changes to the local _s_m_b_p_a_s_s_w_d file. The
+ _s_m_b_p_a_s_s_w_d file must have read/write permissions for the
+ user running the command.
+
+ ----hhhh This option prints the help string for ssssmmmmbbbbppppaaaasssssssswwwwdddd.
+
+ ----cccc ssssmmmmbbbb....ccccoooonnnnffff ffffiiiilllleeee
+ This option specifies that the configuration file
+ specified should be used instead of the default value
+ specified at compile time.
+
+ ----DDDD ddddeeeebbbbuuuugggglllleeeevvvveeeellll
+ _d_e_b_u_g_l_e_v_e_l is an integer from 0 to 10. The default
+ value if this parameter is not specified is zero.
+
+ The higher this value, the more detail will be logged
+ to the log files about the activities of smbpasswd. At
+ level 0, only critical errors and serious warnings will
+ be logged.
+
+ Levels above 1 will generate considerable amounts of
+ log data, and should only be used when investigating a
+ problem. Levels above 3 are designed for use only by
+ developers and generate HUGE amounts of log data, most
+ of which is extremely cryptic.
+
+ ----rrrr rrrreeeemmmmooootttteeee mmmmaaaacccchhhhiiiinnnneeee nnnnaaaammmmeeee
+ This option allows a user to specify what machine they
+ wish to change their password on. Without this
+ parameter smbpasswd defaults to the local host. The
+ _r_e_m_o_t_e _m_a_c_h_i_n_e _n_a_m_e is the NetBIOS name of the SMB/CIFS
+ server to contact to attempt the password change. This
+ name is resolved into an IP address using the standard
+ name resolution mechanism in all programs of the Samba
+ suite. See the -_R _n_a_m_e _r_e_s_o_l_v_e _o_r_d_e_r parameter for
+ details on changing this resolving mechanism.
+
+ The username whose password is changed is that of the
+ current UNIX logged on user. See the -_U _u_s_e_r_n_a_m_e
+ parameter for details on changing the password for a
+ different username.
+
+ Note that if changing a Windows NT Domain password the
+ remote machine specified must be the Primary Domain
+ Controller for the domain (Backup Domain Controllers
+ only have a read-only copy of the user account database
+ and will not allow the password change).
+
+
+
+
+ Page 2 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888))))
+
+
+
+ NNNNooootttteeee that Windows 95/98 do not have a real password
+ database so it is not possible to change passwords
+ specifying a Win95/98 machine as remote machine target.
+
+ ----ssss This option causes smbpasswd to be silent (i.e. not
+ issue prompts) and to read its old and new passwords
+ from standard input, rather than from /_d_e_v/_t_t_y (like
+ the ppppaaaasssssssswwwwdddd((((1111)))) program does). This option is to aid
+ people writing scripts to drive smbpasswd
+
+ ----SSSS This option causes ssssmmmmbbbbppppaaaasssssssswwwwdddd to query a domain
+ controller of the domain specified by the workgroup
+ parameter in _s_m_b._c_o_n_f and store the domain SID in the
+ _s_e_c_r_e_t_s._t_d_b file as its own machine SID. This is only
+ useful when configuring a Samba PDC and Samba BDC, or
+ when migrating from a Windows PDC to a Samba PDC.
+
+ The -_r options can be used as well to indicate a
+ specific domain controller which should be contacted.
+ In this case, the domain SID obtained is the one for
+ the domain to which the remote machine belongs.
+
+ ----tttt This option is used to force smbpasswd to change the
+ current password assigned to the machine trust account
+ when operating in domain security mode. This is really
+ meant to be used on systems that only run wwwwiiiinnnnbbbbiiiinnnndddddddd
+ Under server installations, ssssmmmmbbbbdddd handle the password
+ updates automatically.
+
+ ----UUUU uuuusssseeeerrrrnnnnaaaammmmeeee[[[[%%%%ppppaaaassssssss]]]]
+ This option may only be used in conjunction with the -_r
+ option. When changing a password on a remote machine it
+ allows the user to specify the user name on that
+ machine whose password will be changed. It is present
+ to allow users who have different user names on
+ different systems to change these passwords. The
+ optional %pass may be used to specify to old password.
+
+ In particular, this parameter specifies the username
+ used to create the machine account when invoked with -j
+
+ NNNNOOOOTTTTEEEE::::
+ TTTThhhheeee ffffoooolllllllloooowwwwiiiinnnngggg ooooppppttttiiiioooonnnnssss aaaarrrreeee aaaavvvvaaaaiiiillllaaaabbbblllleeee oooonnnnllllyyyy wwwwhhhheeeennnn tttthhhheeee
+ ssssmmmmbbbbppppaaaasssssssswwwwdddd ccccoooommmmmmmmaaaannnndddd iiiissss rrrruuuunnnn aaaassss rrrrooooooootttt oooorrrr iiiinnnn llllooooccccaaaallll mmmmooooddddeeee....
+
+ ----aaaa This option specifies that the username following
+ should be added to the local smbpasswd file, with the
+ new password typed. This option is ignored if the
+ username specified already exists in the smbpasswd file
+ and it is treated like a regular change password
+ command. Note that the user to be added must already
+ exist in the system password file (usually /_e_t_c/_p_a_s_s_w_d)
+
+
+
+ Page 3 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888))))
+
+
+
+ else the request to add the user will fail.
+
+ ----dddd This option specifies that the username following
+ should be disabled in the local smbpasswd file. This is
+ done by writing a 'D' flag into the account control
+ space in the smbpasswd file. Once this is done all
+ attempts to authenticate via SMB using this username
+ will fail.
+
+ If the smbpasswd file is in the 'old' format (pre-Samba
+ 2.0 format) there is no space in the user's password
+ entry to write this information and so the user is
+ disabled by writing 'X' characters into the password
+ space in the smbpasswd file. See ssssmmmmbbbbppppaaaasssssssswwwwdddd((((5555)))) for
+ details on the 'old' and new password file formats.
+
+ ----eeee This option specifies that the username following
+ should be enabled in the local smbpasswd file, if the
+ account was previously disabled. If the account was not
+ disabled this option has no effect. Once the account is
+ enabled then the user will be able to authenticate via
+ SMB once again.
+
+ If the smbpasswd file is in the 'old' format, then
+ ssssmmmmbbbbppppaaaasssssssswwwwdddd will prompt for a new password for this user,
+ otherwise the account will be enabled by removing the
+ 'D' flag from account control space in the _s_m_b_p_a_s_s_w_d
+ file. See ssssmmmmbbbbppppaaaasssssssswwwwdddd ((((5555)))) for details on the 'old' and
+ new password file formats.
+
+ ----mmmm This option tells smbpasswd that the account being
+ changed is a MACHINE account. Currently this is used
+ when Samba is being used as an NT Primary Domain
+ Controller.
+
+ ----nnnn This option specifies that the username following
+ should have their password set to null (i.e. a blank
+ password) in the local smbpasswd file. This is done by
+ writing the string "NO PASSWORD" as the first part of
+ the first password stored in the smbpasswd file.
+
+ Note that to allow users to logon to a Samba server
+ once the password has been set to "NO PASSWORD" in the
+ smbpasswd file the administrator must set the following
+ parameter in the [global] section of the _s_m_b._c_o_n_f file
+ :
+
+ nnnnuuuullllllll ppppaaaasssssssswwwwoooorrrrddddssss ==== yyyyeeeessss
+
+ ----wwww ppppaaaasssssssswwwwoooorrrrdddd
+ This parameter is only available is Samba has been
+ configured to use the experimental --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm
+
+
+
+ Page 4 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888))))
+
+
+
+ option. The -_w switch is used to specify the password
+ to be used with the _l_d_a_p _a_d_m_i_n _d_n Note that the
+ password is stored in the _p_r_i_v_a_t_e/_s_e_c_r_e_t_s._t_d_b and is
+ keyed off of the admin's DN. This means that if the
+ value of _l_d_a_p _a_d_m_i_n _d_n ever changes, the password will
+ need to be manually updated as well.
+
+ ----xxxx This option specifies that the username following
+ should be deleted from the local smbpasswd file.
+
+ ----jjjj DDDDOOOOMMMMAAAAIIIINNNN
+ This option is used to add a Samba server into a
+ Windows NT Domain, as a Domain member capable of
+ authenticating user accounts to any Domain Controller
+ in the same way as a Windows NT Server. See the
+ sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn option in the _s_m_b._c_o_n_f(_5) man page.
+
+ This command can work both with and without the -U
+ parameter.
+
+ When invoked with -U, that username (and optional
+ password) are used to contact the PDC (which must be
+ specified with -r) to both create a machine account,
+ and to set a password on it.
+
+ Alternately, if -U is omitted, Samba will contact its
+ PDC and attempt to change the password on a pre-
+ existing account.
+
+ In order to be used in this way, the Administrator for
+ the Windows NT Domain must have used the program
+ "Server Manager for Domains" to add the primary NetBIOS
+ name of the Samba server as a member of the Domain.
+
+ After this has been done, to join the Domain invoke
+ ssssmmmmbbbbppppaaaasssssssswwwwdddd with this parameter. smbpasswd will then look
+ up the Primary Domain Controller for the Domain (found
+ in the _s_m_b._c_o_n_f file in the parameter _p_a_s_s_w_o_r_d _s_e_r_v_e_r
+ and change the machine account password used to create
+ the secure Domain communication.
+
+ Either way, this password is then stored by smbpasswd
+ in a TDB, writeable only by root, called _s_e_c_r_e_t_s._t_d_b
+
+ Once this operation has been performed the _s_m_b._c_o_n_f
+ file may be updated to set the sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn
+ option and all future logins to the Samba server will
+ be authenticated to the Windows NT PDC.
+
+ Note that even though the authentication is being done
+ to the PDC all users accessing the Samba server must
+ still have a valid UNIX account on that machine. The
+
+
+
+ Page 5 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888))))
+
+
+
+ wwwwiiiinnnnbbbbiiiinnnndddddddd((((8888)))) daemon can be used to create UNIX accounts
+ for NT users.
+
+ ----RRRR nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr
+ This option allows the user of smbpasswd to determine
+ what name resolution services to use when looking up
+ the NetBIOS name of the host being connected to.
+
+ The options are :"lmhosts", "host", "wins" and "bcast".
+ They cause names to be resolved as follows :
+
+ o+ lmhosts : Lookup an IP address in the Samba lmhosts
+ file. If the line in lmhosts has no name type
+ attached to the NetBIOS name (see the lmhosts(5) for
+ details) then any name type matches for lookup.
+
+ o+ host : Do a standard host name to IP address
+ resolution, using the system /_e_t_c/_h_o_s_t_s , NIS, or DNS
+ lookups. This method of name resolution is operating
+ system dependent. For instance, on IRIX or Solaris
+ this may be controlled by the /_e_t_c/_n_s_s_w_i_t_c_h._c_o_n_f
+ file). Note that this method is only used if the
+ NetBIOS name type being queried is the 0x20 (server)
+ name type, otherwise it is ignored.
+
+ o+ wins : Query a name with the IP address listed in the
+ _w_i_n_s _s_e_r_v_e_r parameter. If no WINS server has been
+ specified this method will be ignored.
+
+ o+ bcast : Do a broadcast on each of the known local
+ interfaces listed in the _i_n_t_e_r_f_a_c_e_s parameter. This
+ is the least reliable of the name resolution methods
+ as it depends on the target host being on a locally
+ connected subnet.
+
+ The default order is llllmmmmhhhhoooossssttttssss,,,, hhhhoooosssstttt,,,, wwwwiiiinnnnssss,,,, bbbbccccaaaasssstttt and without
+ this parameter or any entry in the _s_m_b._c_o_n_f file the name
+ resolution methods will be attempted in this order.
+
+ uuuusssseeeerrrrnnnnaaaammmmeeee
+ This specifies the username for all of the rrrrooooooootttt oooonnnnllllyyyy
+ options to operate on. Only root can specify this
+ parameter as only root has the permission needed to
+ modify attributes directly in the local smbpasswd file.
+
+ ppppaaaasssssssswwwwoooorrrrdddd
+ This specifies the new password. If this parameter is
+ specified you will not be prompted for the new
+ password.
+
+ NNNNOOOOTTTTEEEESSSS
+ Since ssssmmmmbbbbppppaaaasssssssswwwwdddd works in client-server mode communicating
+
+
+
+ Page 6 (printed 1/7/103)
+
+
+
+
+
+
+ SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888))))
+
+
+
+ with a local smbd for a non-root user then the smbd daemon
+ must be running for this to work. A common problem is to add
+ a restriction to the hosts that may access the ssssmmmmbbbbdddd running
+ on the local machine by specifying a _a_l_l_o_w _h_o_s_t_s or _d_e_n_y
+ _h_o_s_t_s entry in the _s_m_b._c_o_n_f file and neglecting to allow
+ "localhost" access to the smbd.
+
+ In addition, the smbpasswd command is only useful if Samba
+ has been set up to use encrypted passwords. See the file
+ _E_N_C_R_Y_P_T_I_O_N._t_x_t in the docs directory for details on how to
+ do this.
+
+ VVVVEEEERRRRSSSSIIIIOOOONNNN
+ This man page is correct for version 2.2 of the Samba suite.
+
+ SSSSEEEEEEEE AAAALLLLSSSSOOOO
+ _s_m_b_p_a_s_s_w_d(_5) samba(7)
+
+ AAAAUUUUTTTTHHHHOOOORRRR
+ The original Samba software and related utilities were
+ created by Andrew Tridgell. Samba is now developed by the
+ Samba Team as an Open Source project similar to the way the
+ Linux kernel is developed.
+
+ The original Samba man pages were written by Karl Auer. The
+ man page sources were converted to YODL format (another
+ excellent piece of Open Source software, available at
+ ftp://ftp.icce.rug.nl/pub/unix/
+ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the
+ Samba 2.0 release by Jeremy Allison. The conversion to
+ DocBook for Samba 2.2 was done by Gerald Carter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Page 7 (printed 1/7/103)
+
+
+
generated by cgit (git 2.34.1) at 2024-07-02 03:53:52 +0000