diff options
Diffstat (limited to 'packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8')
-rwxr-xr-x | packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8 | 462 |
1 files changed, 462 insertions, 0 deletions
diff --git a/packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8 b/packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8 new file mode 100755 index 00000000000..5b86144432c --- /dev/null +++ b/packaging/Caldera/OpenServer/man/cat.8/smbpasswd.8 @@ -0,0 +1,462 @@ + + + + SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) + + + + NNNNAAAAMMMMEEEE + smbpasswd - change a user's SMB password + + SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS + When run by root: + + ssssmmmmbbbbppppaaaasssssssswwwwdddd [ ooooppppttttiiiioooonnnnssss ] [ uuuusssseeeerrrrnnnnaaaammmmeeee ] [ ppppaaaasssssssswwwwoooorrrrdddd ] + + otherwise: + + ssssmmmmbbbbppppaaaasssssssswwwwdddd [ ooooppppttttiiiioooonnnnssss ] [ ppppaaaasssssssswwwwoooorrrrdddd ] + + DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN + This tool is part of the Samba suite. + + The smbpasswd program has several different functions, + depending on whether it is run by the rrrrooooooootttt user or not. When + run as a normal user it allows the user to change the + password used for their SMB sessions on any machines that + store SMB passwords. + + By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. + This is similar to the way the ppppaaaasssssssswwwwdddd((((1111)))) program works. + ssssmmmmbbbbppppaaaasssssssswwwwdddd differs from how the passwd program works however + in that it is not sssseeeettttuuuuiiiidddd rrrrooooooootttt but works in a client-server + mode and communicates with a locally running ssssmmmmbbbbdddd((((8888)))). As a + consequence in order for this to succeed the smbd daemon + must be running on the local machine. On a UNIX machine the + encrypted SMB passwords are usually stored in the + _s_m_b_p_a_s_s_w_d(_5) file. + + When run by an ordinary user with no options. smbpasswd will + prompt them for their old SMB password and then ask them for + their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the + screen whilst being typed. If you have a blank SMB password + (specified by the string "NO PASSWORD" in the smbpasswd + file) then just press the <Enter> key when asked for your + old password. + + smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary + Domain Controllers. See the (-r) and -U options below. + + When run by root, smbpasswd allows new users to be added and + deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run + by root, ssssmmmmbbbbppppaaaasssssssswwwwdddd accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is + not running. + + + + + Page 1 (printed 1/7/103) + + + + + + + SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) + + + + OOOOPPPPTTTTIIIIOOOONNNNSSSS + ----LLLL Run the smbpasswd command in local mode. This allows a + non-root user to specify the root-only options. This is + used mostly in test environments where a non-root user + needs to make changes to the local _s_m_b_p_a_s_s_w_d file. The + _s_m_b_p_a_s_s_w_d file must have read/write permissions for the + user running the command. + + ----hhhh This option prints the help string for ssssmmmmbbbbppppaaaasssssssswwwwdddd. + + ----cccc ssssmmmmbbbb....ccccoooonnnnffff ffffiiiilllleeee + This option specifies that the configuration file + specified should be used instead of the default value + specified at compile time. + + ----DDDD ddddeeeebbbbuuuugggglllleeeevvvveeeellll + _d_e_b_u_g_l_e_v_e_l is an integer from 0 to 10. The default + value if this parameter is not specified is zero. + + The higher this value, the more detail will be logged + to the log files about the activities of smbpasswd. At + level 0, only critical errors and serious warnings will + be logged. + + Levels above 1 will generate considerable amounts of + log data, and should only be used when investigating a + problem. Levels above 3 are designed for use only by + developers and generate HUGE amounts of log data, most + of which is extremely cryptic. + + ----rrrr rrrreeeemmmmooootttteeee mmmmaaaacccchhhhiiiinnnneeee nnnnaaaammmmeeee + This option allows a user to specify what machine they + wish to change their password on. Without this + parameter smbpasswd defaults to the local host. The + _r_e_m_o_t_e _m_a_c_h_i_n_e _n_a_m_e is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This + name is resolved into an IP address using the standard + name resolution mechanism in all programs of the Samba + suite. See the -_R _n_a_m_e _r_e_s_o_l_v_e _o_r_d_e_r parameter for + details on changing this resolving mechanism. + + The username whose password is changed is that of the + current UNIX logged on user. See the -_U _u_s_e_r_n_a_m_e + parameter for details on changing the password for a + different username. + + Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain + Controller for the domain (Backup Domain Controllers + only have a read-only copy of the user account database + and will not allow the password change). + + + + + Page 2 (printed 1/7/103) + + + + + + + SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) + + + + NNNNooootttteeee that Windows 95/98 do not have a real password + database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target. + + ----ssss This option causes smbpasswd to be silent (i.e. not + issue prompts) and to read its old and new passwords + from standard input, rather than from /_d_e_v/_t_t_y (like + the ppppaaaasssssssswwwwdddd((((1111)))) program does). This option is to aid + people writing scripts to drive smbpasswd + + ----SSSS This option causes ssssmmmmbbbbppppaaaasssssssswwwwdddd to query a domain + controller of the domain specified by the workgroup + parameter in _s_m_b._c_o_n_f and store the domain SID in the + _s_e_c_r_e_t_s._t_d_b file as its own machine SID. This is only + useful when configuring a Samba PDC and Samba BDC, or + when migrating from a Windows PDC to a Samba PDC. + + The -_r options can be used as well to indicate a + specific domain controller which should be contacted. + In this case, the domain SID obtained is the one for + the domain to which the remote machine belongs. + + ----tttt This option is used to force smbpasswd to change the + current password assigned to the machine trust account + when operating in domain security mode. This is really + meant to be used on systems that only run wwwwiiiinnnnbbbbiiiinnnndddddddd + Under server installations, ssssmmmmbbbbdddd handle the password + updates automatically. + + ----UUUU uuuusssseeeerrrrnnnnaaaammmmeeee[[[[%%%%ppppaaaassssssss]]]] + This option may only be used in conjunction with the -_r + option. When changing a password on a remote machine it + allows the user to specify the user name on that + machine whose password will be changed. It is present + to allow users who have different user names on + different systems to change these passwords. The + optional %pass may be used to specify to old password. + + In particular, this parameter specifies the username + used to create the machine account when invoked with -j + + NNNNOOOOTTTTEEEE:::: + TTTThhhheeee ffffoooolllllllloooowwwwiiiinnnngggg ooooppppttttiiiioooonnnnssss aaaarrrreeee aaaavvvvaaaaiiiillllaaaabbbblllleeee oooonnnnllllyyyy wwwwhhhheeeennnn tttthhhheeee + ssssmmmmbbbbppppaaaasssssssswwwwdddd ccccoooommmmmmmmaaaannnndddd iiiissss rrrruuuunnnn aaaassss rrrrooooooootttt oooorrrr iiiinnnn llllooooccccaaaallll mmmmooooddddeeee.... + + ----aaaa This option specifies that the username following + should be added to the local smbpasswd file, with the + new password typed. This option is ignored if the + username specified already exists in the smbpasswd file + and it is treated like a regular change password + command. Note that the user to be added must already + exist in the system password file (usually /_e_t_c/_p_a_s_s_w_d) + + + + Page 3 (printed 1/7/103) + + + + + + + SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) + + + + else the request to add the user will fail. + + ----dddd This option specifies that the username following + should be disabled in the local smbpasswd file. This is + done by writing a 'D' flag into the account control + space in the smbpasswd file. Once this is done all + attempts to authenticate via SMB using this username + will fail. + + If the smbpasswd file is in the 'old' format (pre-Samba + 2.0 format) there is no space in the user's password + entry to write this information and so the user is + disabled by writing 'X' characters into the password + space in the smbpasswd file. See ssssmmmmbbbbppppaaaasssssssswwwwdddd((((5555)))) for + details on the 'old' and new password file formats. + + ----eeee This option specifies that the username following + should be enabled in the local smbpasswd file, if the + account was previously disabled. If the account was not + disabled this option has no effect. Once the account is + enabled then the user will be able to authenticate via + SMB once again. + + If the smbpasswd file is in the 'old' format, then + ssssmmmmbbbbppppaaaasssssssswwwwdddd will prompt for a new password for this user, + otherwise the account will be enabled by removing the + 'D' flag from account control space in the _s_m_b_p_a_s_s_w_d + file. See ssssmmmmbbbbppppaaaasssssssswwwwdddd ((((5555)))) for details on the 'old' and + new password file formats. + + ----mmmm This option tells smbpasswd that the account being + changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain + Controller. + + ----nnnn This option specifies that the username following + should have their password set to null (i.e. a blank + password) in the local smbpasswd file. This is done by + writing the string "NO PASSWORD" as the first part of + the first password stored in the smbpasswd file. + + Note that to allow users to logon to a Samba server + once the password has been set to "NO PASSWORD" in the + smbpasswd file the administrator must set the following + parameter in the [global] section of the _s_m_b._c_o_n_f file + : + + nnnnuuuullllllll ppppaaaasssssssswwwwoooorrrrddddssss ==== yyyyeeeessss + + ----wwww ppppaaaasssssssswwwwoooorrrrdddd + This parameter is only available is Samba has been + configured to use the experimental --------wwwwiiiitttthhhh----llllddddaaaappppssssaaaammmm + + + + Page 4 (printed 1/7/103) + + + + + + + SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) + + + + option. The -_w switch is used to specify the password + to be used with the _l_d_a_p _a_d_m_i_n _d_n Note that the + password is stored in the _p_r_i_v_a_t_e/_s_e_c_r_e_t_s._t_d_b and is + keyed off of the admin's DN. This means that if the + value of _l_d_a_p _a_d_m_i_n _d_n ever changes, the password will + need to be manually updated as well. + + ----xxxx This option specifies that the username following + should be deleted from the local smbpasswd file. + + ----jjjj DDDDOOOOMMMMAAAAIIIINNNN + This option is used to add a Samba server into a + Windows NT Domain, as a Domain member capable of + authenticating user accounts to any Domain Controller + in the same way as a Windows NT Server. See the + sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn option in the _s_m_b._c_o_n_f(_5) man page. + + This command can work both with and without the -U + parameter. + + When invoked with -U, that username (and optional + password) are used to contact the PDC (which must be + specified with -r) to both create a machine account, + and to set a password on it. + + Alternately, if -U is omitted, Samba will contact its + PDC and attempt to change the password on a pre- + existing account. + + In order to be used in this way, the Administrator for + the Windows NT Domain must have used the program + "Server Manager for Domains" to add the primary NetBIOS + name of the Samba server as a member of the Domain. + + After this has been done, to join the Domain invoke + ssssmmmmbbbbppppaaaasssssssswwwwdddd with this parameter. smbpasswd will then look + up the Primary Domain Controller for the Domain (found + in the _s_m_b._c_o_n_f file in the parameter _p_a_s_s_w_o_r_d _s_e_r_v_e_r + and change the machine account password used to create + the secure Domain communication. + + Either way, this password is then stored by smbpasswd + in a TDB, writeable only by root, called _s_e_c_r_e_t_s._t_d_b + + Once this operation has been performed the _s_m_b._c_o_n_f + file may be updated to set the sssseeeeccccuuuurrrriiiittttyyyy ==== ddddoooommmmaaaaiiiinnnn + option and all future logins to the Samba server will + be authenticated to the Windows NT PDC. + + Note that even though the authentication is being done + to the PDC all users accessing the Samba server must + still have a valid UNIX account on that machine. The + + + + Page 5 (printed 1/7/103) + + + + + + + SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) + + + + wwwwiiiinnnnbbbbiiiinnnndddddddd((((8888)))) daemon can be used to create UNIX accounts + for NT users. + + ----RRRR nnnnaaaammmmeeee rrrreeeessssoooollllvvvveeee oooorrrrddddeeeerrrr + This option allows the user of smbpasswd to determine + what name resolution services to use when looking up + the NetBIOS name of the host being connected to. + + The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows : + + o+ lmhosts : Lookup an IP address in the Samba lmhosts + file. If the line in lmhosts has no name type + attached to the NetBIOS name (see the lmhosts(5) for + details) then any name type matches for lookup. + + o+ host : Do a standard host name to IP address + resolution, using the system /_e_t_c/_h_o_s_t_s , NIS, or DNS + lookups. This method of name resolution is operating + system dependent. For instance, on IRIX or Solaris + this may be controlled by the /_e_t_c/_n_s_s_w_i_t_c_h._c_o_n_f + file). Note that this method is only used if the + NetBIOS name type being queried is the 0x20 (server) + name type, otherwise it is ignored. + + o+ wins : Query a name with the IP address listed in the + _w_i_n_s _s_e_r_v_e_r parameter. If no WINS server has been + specified this method will be ignored. + + o+ bcast : Do a broadcast on each of the known local + interfaces listed in the _i_n_t_e_r_f_a_c_e_s parameter. This + is the least reliable of the name resolution methods + as it depends on the target host being on a locally + connected subnet. + + The default order is llllmmmmhhhhoooossssttttssss,,,, hhhhoooosssstttt,,,, wwwwiiiinnnnssss,,,, bbbbccccaaaasssstttt and without + this parameter or any entry in the _s_m_b._c_o_n_f file the name + resolution methods will be attempted in this order. + + uuuusssseeeerrrrnnnnaaaammmmeeee + This specifies the username for all of the rrrrooooooootttt oooonnnnllllyyyy + options to operate on. Only root can specify this + parameter as only root has the permission needed to + modify attributes directly in the local smbpasswd file. + + ppppaaaasssssssswwwwoooorrrrdddd + This specifies the new password. If this parameter is + specified you will not be prompted for the new + password. + + NNNNOOOOTTTTEEEESSSS + Since ssssmmmmbbbbppppaaaasssssssswwwwdddd works in client-server mode communicating + + + + Page 6 (printed 1/7/103) + + + + + + + SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) UUUUNNNNIIIIXXXX SSSSyyyysssstttteeeemmmm VVVV ((((00003333 SSSSeeeepppptttteeeemmmmbbbbeeeerrrr 2222000000002222)))) SSSSMMMMBBBBPPPPAAAASSSSSSSSWWWWDDDD((((8888)))) + + + + with a local smbd for a non-root user then the smbd daemon + must be running for this to work. A common problem is to add + a restriction to the hosts that may access the ssssmmmmbbbbdddd running + on the local machine by specifying a _a_l_l_o_w _h_o_s_t_s or _d_e_n_y + _h_o_s_t_s entry in the _s_m_b._c_o_n_f file and neglecting to allow + "localhost" access to the smbd. + + In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. See the file + _E_N_C_R_Y_P_T_I_O_N._t_x_t in the docs directory for details on how to + do this. + + VVVVEEEERRRRSSSSIIIIOOOONNNN + This man page is correct for version 2.2 of the Samba suite. + + SSSSEEEEEEEE AAAALLLLSSSSOOOO + _s_m_b_p_a_s_s_w_d(_5) samba(7) + + AAAAUUUUTTTTHHHHOOOORRRR + The original Samba software and related utilities were + created by Andrew Tridgell. Samba is now developed by the + Samba Team as an Open Source project similar to the way the + Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. The + man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/ + <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the + Samba 2.0 release by Jeremy Allison. The conversion to + DocBook for Samba 2.2 was done by Gerald Carter + + + + + + + + + + + + + + + + + + + + + + + + + Page 7 (printed 1/7/103) + + + |