From d04b55f2186fb8af998cf61c576771a5f72f4892 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Apr 2002 13:28:41 +0000 Subject: Start of merge to 2_2_RELEASE branch for release. Jeremy. --- docs/htmldocs/Samba-BDC-HOWTO.html | 4 +- docs/htmldocs/Samba-HOWTO-Collection.html | 596 +++++++++++++++--------------- docs/htmldocs/Samba-LDAP-HOWTO.html | 2 +- docs/htmldocs/nmbd.8.html | 24 +- docs/htmldocs/printer_driver2.html | 6 +- docs/htmldocs/rpcclient.1.html | 2 +- docs/htmldocs/smb.conf.5.html | 302 +++++++++++---- docs/htmldocs/smbcontrol.1.html | 36 +- docs/htmldocs/smbd.8.html | 27 +- docs/htmldocs/smbpasswd.8.html | 533 +++++++++++++------------- 10 files changed, 880 insertions(+), 652 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/Samba-BDC-HOWTO.html b/docs/htmldocs/Samba-BDC-HOWTO.html index 0847335fe66..fd83c4e09a3 100644 --- a/docs/htmldocs/Samba-BDC-HOWTO.html +++ b/docs/htmldocs/Samba-BDC-HOWTO.html @@ -1,7 +1,7 @@ How to a Purely Samba Controlled DomainHow to Act as a Backup Domain Controller in a Purely Samba Controlled DomainHow to a Purely Samba Controlled DomainHow to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

Last Update : Tue Jul 31 15:58:03 CDT 2001

: Mon Apr 1 08:47:26 CST 2002

This book is a collection of HOWTOs added to Samba documentation over the years. I try to ensure that all are current, but sometimes the is a larger job @@ -56,6 +56,14 @@ TARGET="_top" >jerry@samba.org.

This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at http://www.fsf.org/licenses/gpl.txt

Cheers, jerry

1.1. Step 0: Read the man pages
1.2. Step 1: Building the Binaries
1.3. Step 2: The all important step
1.4. Step 3: Create the smb configuration file.
1.5. Step 4: Test your config file with
1.6. Step 5: Starting the smbd and nmbd
1.6.1. Step 5a: Starting from inetd.conf
1.6.2. Step 5b. Alternative: starting it as a daemon
1.7. Step 6: Try listing the shares available on your server
1.8. Step 7: Try connecting with the unix client
1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client
1.10. What If Things Don't Work?
1.10.1. Diagnosing Problems
1.10.2. Scope IDs
1.10.3. Choosing the Protocol Level
1.10.4. Printing from UNIX to a Client PC
1.10.5. Locking
1.10.6. Mapping Usernames
1.10.7. Other Character Sets
2.1. Agenda
2.2. Name Resolution in a pure Unix/Linux world
2.2.1. /etc/hosts
2.2.2. /etc/resolv.conf
2.2.3. /etc/host.conf
2.2.4. /etc/nsswitch.conf
2.3. Name resolution as used within MS Windows networking
2.3.1. The NetBIOS Name Cache
2.3.2. The LMHOSTS file
2.3.3. HOSTS file
2.3.4. DNS Lookup
2.3.5. WINS Lookup
2.4. How browsing functions and how to deploy stable and dependable browsing using Samba
2.5. MS Windows security options and how to configure Samba for seemless integration
2.5.1. Use MS Windows NT as an authentication server
2.5.2. Make Samba a member of an MS Windows NT security domain
2.5.3. Configure Samba as an authentication server
2.5.3.1. Users
2.5.3.2. MS Windows NT Machine Accounts
2.6. Conclusions
3.1. Samba and PAM
3.2. Distributed Authentication
3.3. PAM Configuration in smb.conf
4.1. Instructions
4.1.1. Notes
5.1. Viewing and changing UNIX permissions using the NT security dialogs
5.2. How to view file security on a Samba share
5.3. Viewing file ownership
5.4. Viewing file or directory permissions
5.4.1. File Permissions
5.4.2. Directory Permissions
5.5. Modifying file or directory permissions
5.6. Interaction with the standard Samba create mask parameters
5.7. Interaction with the standard Samba file attribute mapping
6.1. Introduction
6.2. Configuration
6.2.1. Creating [print$]
6.2.2. Setting Drivers for Existing Printers
6.2.3. Support a large number of printers
6.2.4. Adding New Printers via the Windows NT APW
6.2.5. Samba and Printer Ports
6.3. The Imprints Toolset
6.3.1. What is Imprints?
6.3.2. Creating Printer Driver Packages
6.3.3. The Imprints server
6.3.4. The Installation Client
6.4.
7.1. Joining an NT Domain with Samba 2.2
7.2. Samba and Windows 2000 Domains
7.3. Why is this better than security = server?
8.1. Prerequisite Reading
8.2. Background
8.3. Configuring the Samba Domain Controller
8.4. Creating Machine Trust Accounts and Joining Clients to the Domain
8.4.1. Manual Creation of Machine Trust Accounts
8.4.2. "On-the-Fly" Creation of Machine Trust Accounts
8.4.3. Joining the Client to the Domain
8.5. Common Problems and Errors
8.6. System Policies and Profiles
8.7. What other help can I get?
8.8. Domain Control for Windows 9x/ME
8.8.1. Configuration Instructions: Network Logons
8.8.2. Configuration Instructions: Setting up Roaming User Profiles
8.8.2.1. Windows NT Configuration
8.8.2.2. Windows 9X Configuration
8.8.2.3. Win9X and WinNT Configuration
8.8.2.4. Windows 9X Profile Setup
8.8.2.5. Windows NT Workstation 4.0
8.8.2.6. Windows NT Server
8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0
8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
9. How to a Purely Samba Controlled DomainHow to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
9.1. Prerequisite Reading
9.2. Background
9.3. What qualifies a Domain Controller on the network?
9.3.1. How does a Workstation find its domain controller?
9.3.2. When is the PDC needed?
9.4. Can Samba be a Backup Domain Controller?
9.5. How do I set up a Samba BDC?
9.5.1. How do I replicate the smbpasswd file?
10.1. Purpose
10.2. Introduction
10.3. Supported LDAP Servers
10.4. Schema and Relationship to the RFC 2307 posixAccount
10.5. Configuring Samba with LDAP
10.5.1. OpenLDAP configuration
10.5.2. Configuring Samba
10.6. Accounts and Groups management
10.7. Security and sambaAccount
10.8. LDAP specials attributes for sambaAccounts
10.9. Example LDIF Entries for a sambaAccount
10.10. Comments
11.1. Abstract
11.2. Introduction
11.3. What Winbind Provides
11.3.1. Target Uses
11.4. How Winbind Works
11.4.1. Microsoft Remote Procedure Calls
11.4.2. Name Service Switch
11.4.3. Pluggable Authentication Modules
11.4.4. User and Group ID Allocation
11.4.5. Result Caching
11.5. Installation and Configuration
11.5.1. Introduction
11.5.2. Requirements
11.5.3. Testing Things Out
11.5.3.1. Configure and compile SAMBA
11.5.3.2. Configure nsswitch.conf
11.5.3.3. Configure smb.conf
11.5.3.4. Join the SAMBA server to the PDC domain
11.5.3.5. Start up the winbindd daemon and test it!
11.5.3.6. Fix the /etc/rc.d/init.d/smb
11.5.3.7. Configure Winbind and PAM
11.6. Limitations
11.7. Conclusion
12.1. FAQs
12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
12.1.3. Are there any other issues when OS/2 (any version) is used as a client?
12.1.4. How do I get printer driver download working for OS/2 clients?
13.1. Introduction
13.2. CVS Access to samba.org
13.2.1. Access via CVSweb
13.2.2. Access via cvs
Index

1.1. Step 0: Read the man pages

1.2. Step 1: Building the Binaries

1.3. Step 2: The all important step

1.4. Step 3: Create the smb configuration file.

1.5. Step 4: Test your config file with

1.6. Step 5: Starting the smbd and nmbd

1.6.1. Step 5a: Starting from inetd.conf

1.6.2. Step 5b. Alternative: starting it as a daemon

1.7. Step 6: Try listing the shares available on your server

1.8. Step 7: Try connecting with the unix client

1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client

1.10. What If Things Don't Work?

1.10.1. Diagnosing Problems

1.10.2. Scope IDs

1.10.3. Choosing the Protocol Level

1.10.4. Printing from UNIX to a Client PC

1.10.5. Locking

1.10.6. Mapping Usernames

1.10.7. Other Character Sets

2.1. Agenda

2.2. Name Resolution in a pure Unix/Linux world

2.2.1. /etc/hosts

2.2.2. /etc/resolv.conf

2.2.3. /etc/host.conf

2.2.4. /etc/nsswitch.conf

2.3. Name resolution as used within MS Windows networking

2.3.1. The NetBIOS Name Cache

2.3.2. The LMHOSTS file

2.3.3. HOSTS file

2.3.4. DNS Lookup

2.3.5. WINS Lookup

2.4. How browsing functions and how to deploy stable and dependable browsing using Samba

2.5. MS Windows security options and how to configure Samba for seemless integration

2.5.1. Use MS Windows NT as an authentication server

2.5.2. Make Samba a member of an MS Windows NT security domain

2.5.3. Configure Samba as an authentication server

2.5.3.1. Users

2.5.3.2. MS Windows NT Machine Accounts

2.6. Conclusions

3.1. Samba and PAM

3.2. Distributed Authentication

3.3. PAM Configuration in smb.conf

4.1. Instructions

4.1.1. Notes

5.1. Viewing and changing UNIX permissions using the NT security dialogs

5.2. How to view file security on a Samba share

5.3. Viewing file ownership

5.4. Viewing file or directory permissions

5.4.1. File Permissions

5.4.2. Directory Permissions

5.5. Modifying file or directory permissions

5.6. Interaction with the standard Samba create mask parameters

5.7. Interaction with the standard Samba file attribute mapping

6.1. Introduction

6.2. Configuration

6.2.1. Creating [print$]

printer admin) account -from a Windows NT 4.0 client. Navigate to the "Printers" folder -on the Samba server. You should see an initial listing of printers +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers that matches the printer shares defined on your Samba host.

6.2.2. Setting Drivers for Existing Printers

6.2.3. Support a large number of printers

6.2.4. Adding New Printers via the Windows NT APW

6.2.5. Samba and Printer Ports

6.3. The Imprints Toolset

6.3.1. What is Imprints?

6.3.2. Creating Printer Driver Packages

6.3.3. The Imprints server

6.3.4. The Installation Client

6.4.

7.1. Joining an NT Domain with Samba 2.2

7.2. Samba and Windows 2000 Domains

7.3. Why is this better than security = server?

8.1. Prerequisite Reading

8.2. Background

8.3. Configuring the Samba Domain Controller

8.4. Creating Machine Trust Accounts and Joining Clients to the Domain

8.4.1. Manual Creation of Machine Trust Accounts

8.4.2. "On-the-Fly" Creation of Machine Trust Accounts

8.4.3. Joining the Client to the Domain

8.5. Common Problems and Errors

8.6. System Policies and Profiles

8.7. What other help can I get?

8.8. Domain Control for Windows 9x/ME

8.8.1. Configuration Instructions: Network Logons

8.8.2. Configuration Instructions: Setting up Roaming User Profiles

8.8.2.1. Windows NT Configuration

8.8.2.2. Windows 9X Configuration

8.8.2.3. Win9X and WinNT Configuration

8.8.2.4. Windows 9X Profile Setup

8.8.2.5. Windows NT Workstation 4.0

8.8.2.6. Windows NT Server

8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

Chapter 9. How to a Purely Samba Controlled DomainChapter 9. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

9.1. Prerequisite Reading

9.2. Background

9.3. What qualifies a Domain Controller on the network?

9.3.1. How does a Workstation find its domain controller?

9.3.2. When is the PDC needed?

9.4. Can Samba be a Backup Domain Controller?

9.5. How do I set up a Samba BDC?

9.5.1. How do I replicate the smbpasswd file?

10.1. Purpose

10.2. Introduction

10.3. Supported LDAP Servers

10.4. Schema and Relationship to the RFC 2307 posixAccount

10.5. Configuring Samba with LDAP

10.5.1. OpenLDAP configuration

inetorgperson.schema -file. Bother of these must be included before the samba.schema file.

10.5.2. Configuring Samba

10.6. Accounts and Groups management

10.7. Security and sambaAccount

10.8. LDAP specials attributes for sambaAccounts

10.9. Example LDIF Entries for a sambaAccount

10.10. Comments

11.1. Abstract

11.2. Introduction

11.3. What Winbind Provides

11.3.1. Target Uses

11.4. How Winbind Works

11.4.1. Microsoft Remote Procedure Calls

11.4.2. Name Service Switch

11.4.3. Pluggable Authentication Modules

11.4.4. User and Group ID Allocation

11.4.5. Result Caching

11.5. Installation and Configuration

11.5.1. Introduction

11.5.2. Requirements

11.5.3. Testing Things Out

11.5.3.1. Configure and compile SAMBA

11.5.3.2. Configure nsswitch.conf

11.5.3.3. Configure smb.conf

11.5.3.4. Join the SAMBA server to the PDC domain

11.5.3.5. Start up the winbindd daemon and test it!

11.5.3.6. Fix the /etc/rc.d/init.d/smb

11.5.3.7. Configure Winbind and PAM

11.6. Limitations

11.7. Conclusion

12.1. FAQs

12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

12.1.3. Are there any other issues when OS/2 (any version) is used as a client?

12.1.4. How do I get printer driver download working for OS/2 clients?

13.1. Introduction

13.2. CVS Access to samba.org

13.2.1. Access via CVSweb

13.2.2. Access via cvs

Index

Primary Domain Controller, Background
inetorgperson.schema -file. Bother of these must be included before the samba.schema file.

nmbd server.

The default log directory is compiled into Samba +> server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb/var/log/log.nmb.

. Beware: + If the directory specified does not exist, nmbd + will log to the default debug log location defined at compile time. +

-n <primary NetBIOS name>

FILES

SIGNALS

VERSION

SEE ALSO

AUTHOR

printer admin) account -from a Windows NT 4.0 client. Navigate to the "Printers" folder -on the Samba server. You should see an initial listing of printers +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers that matches the printer shares defined on your Samba host.

rpcclient {server} [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N]

[-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N] {server}

Section and parameter names are not case sensitive.

Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. + Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -140,7 +140,7 @@ NAME="AEN28" >

Sections may be designated guest services, +> services, in which case no password is required to access them. A specified UNIX guest account%d

The process id of the current server +>The process id of the current server process.

short preserve case = yes/no

controls if new files which conform to 8.3 syntax, +>controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -1605,6 +1605,18 @@ CLASS="PARAMETER" >

  • pid directory

  • nt status support

  • COMPLETE LIST OF SERVICE PARAMETERS

  • csc policy

  • share modes

  • EXPLANATION OF EACH PARAMETER

    smbd - must be set to security = server or NOT be set to security = domainsecurity = share and + and add user script
    • csc policy (S)

    This stands for client-side caching + policy, and specifies how clients capable of offline + caching will cache the files in the share. The valid values + are: manual, documents, programs, disable.

    These values correspond to those used on Windows + servers.

    For example, shares containing roaming profiles can have + offline caching disabled using csc policy = disable + .

    Default: csc policy = manual

    Example: csc policy = programs

    deadtime (G)
    security = domain and delete - user script must be set to a full pathname for a script - that will delete a UNIX user given one argument of %u - , which expands into the UNIX user name to delete. - NOTE that this is different to the add user script - which will work with the or security = serversecurity = + user option - as well as and security = domaindelete user script. The reason for this - is only when Samba is a domain member does it get the information - on an attempted user logon that a user no longer exists. In the - + must be set to a full pathname for a script + that will delete a UNIX user given one argument of security = server%u mode a missing user - is treated the same as an invalid password logon attempt. Deleting - the user in this circumstance would not be a good idea.

    , + which expands into the UNIX user name to delete.

    When the Windows user attempts to access the Samba server, at smbd(8) will negotiate NT specific SMB - support with Windows NT clients. Although this is a developer - debugging option and should be left alone, benchmarking has discovered - that Windows NT clients give faster performance with this option +> will negotiate NT specific SMB + support with Windows NT/2k/XP clients. Although this is a developer + debugging option and should be left alone, benchmarking has discovered + that Windows NT clients give faster performance with this option set to no. This is still being investigated. +>. This is still being investigated. If this option is set to no then Samba offers - exactly the same SMB calls that versions prior to Samba 2.0 offered. - This information may be of use if any users are having problems +> then Samba offers + exactly the same SMB calls that versions prior to Samba 2.0 offered. + This information may be of use if any users are having problems with NT SMB support.

    You should not need to ever disable this parameter.

    nt status support (G)

    This boolean parameter controls whether smbd(8) will negotiate NT specific status + support with Windows NT/2k/XP clients. This is a developer + debugging option and should be left alone. + If this option is set to no then Samba offers + exactly the same DOS error codes that versions prior to Samba 2.2.3 + reported.

    You should not need to ever disable this parameter.

    Default: nt status support = yes

    null passwords (G)
    pid directory (G)

    This option specifies the directory where pid + files will be placed.

    Default: pid directory = ${prefix}/var/locks

    Example: pid directory = /var/run/ +

    posix locking (S)
    section above for reasons why you might want to do this.

    To use the CUPS printing interface set printcap name = cups + .

    On System V systems that use lpstat

    share modes (S)

    This enables or disables the honoring of + the share modes during a file open. These + modes are used by clients to gain exclusive read or write access + to a file.

    These open modes are not directly supported by UNIX, so + they are simulated using shared memory, or lock files if your + UNIX doesn't support shared memory (almost all do).

    The share modes that are enabled by this option are + DENY_DOS, DENY_ALL, + DENY_READ, DENY_WRITE, + DENY_NONE and DENY_FCB. +

    This option gives full share compatibility and enabled + by default.

    You should NEVER turn this parameter + off as many Windows applications will break if you do so.

    Default: share modes = yes

    short preserve case (S)
    modules for UNIX services.

    Please note that setting this parameter to + causes problems + with group membership at least on glibc systems, as the character + + is used as a special character for NIS in /etc/group.

    Example: winbind separator = \winbind separator = \\

    Example: winbind separator = +winbind separator = /

    WARNINGS

    VERSION

    SEE ALSO

    AUTHOR

    Name

    smbcontrol -- send messages to smbd or nmbd processes
    smbcontrol -- send messages to smbd, nmbd or winbindd processes
    smbd(8) or +>, an nmbd(8) daemon running on the - system.

    + or a winbindd(8) + daemon running on the system.

    OPTIONS

    smbd

    The message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any of the destinations.

    The smbd.

    The close-share message-type sends a - message to smbd which forces smbd to close the share that was - specified as an argument. This may be useful if you made changes - to the access controls on the share.

    parameters

    VERSION

    SEE ALSO

    AUTHOR

    smb.conf(5)     file. +> file. Beware: + If the directory specified does not exist, smbd + will log to the default debug log location defined at compile time.

    The default log directory is specified at @@ -347,7 +354,7 @@ CLASS="FILENAME" >

    FILES

    LIMITATIONS

    ENVIRONMENT VARIABLES

    PAM INTERACTION

    VERSION

    DIAGNOSTICS

    SIGNALS

    SEE ALSO

    AUTHOR

    Synopsis

    When run by root:

    smbpasswd [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-j DOMAIN] [-U username[%password]] [-h] [-s] [-w pass] [username]

    [options] [username] [password]

    otherwise:

    smbpasswd [options] [password]

    DESCRIPTION

    OPTIONS

    -L

    Run the smbpasswd command in local mode. This + allows a non-root user to specify the root-only options. This + is used mostly in test environments where a non-root user needs + to make changes to the local smbpasswd file. + The smbpasswd file must have read/write + permissions for the user running the command.

    -h

    This option prints the help string for + smbpasswd.

    -s

    This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from /dev/tty + (like the passwd(1) program does). This option + is to aid people writing scripts to drive smbpasswd

    -c smb.conf file

    This option specifies that the configuration + file specified should be used instead of the default value + specified at compile time.

    -D debuglevel

    debuglevel is an integer + from 0 to 10. The default value if this parameter is not specified + is zero.

    The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged.

    Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. +

    -r remote machine name

    This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The remote + machine name is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the -R + name resolve order parameter for details on changing + this resolving mechanism.

    The username whose password is changed is that of the + current UNIX logged on user. See the -U username + parameter for details on changing the password for a different + username.

    Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change).

    Note that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target.

    -U username[%pass]

    This option may only be used in conjunction + with the -r option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords. The optional + %pass may be used to specify to old password.

    In particular, this parameter specifies the username + used to create the machine account when invoked with -j

    NOTE:

    The following options are available only when the smbpasswd command is +run as root or in local mode.

    -a

    This option specifies that the username following should be added to the local smbpasswd file, with the - new password typed (type <Enter> for the old password). This - option is ignored if the username following already exists in + new password typed. This + option is ignored if the username specified already exists in the smbpasswd file and it is treated like a regular change password command. Note that the user to be added must already exist in the system password file (usually /etc/passwd) else the request to add the user will fail.

    This option is only available when running smbpasswd - as root.

    -x

    This option specifies that the username - following should be deleted from the local smbpasswd file. -

    This option is only available when running smbpasswd as - root.

    -d
    for details on the 'old' and new password file formats.

    This option is only available when running smbpasswd as - root.

    -e
    smbpasswd (5) for details on the 'old' and new password file formats.

    This option is only available when running smbpasswd as root. -

    -D debuglevel
    -m

    debuglevel is an integer - from 0 to 10. The default value if this parameter is not specified - is zero.

    The higher this value, the more detail will be logged to the - log files about the activities of smbpasswd. At level 0, only - critical errors and serious warnings will be logged.

    Levels above 1 will generate considerable amounts of log - data, and should only be used when investigating a problem. Levels - above 3 are designed for use only by developers and generate - HUGE amounts of log data, most of which is extremely cryptic. -

    This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller.

    -n
    null passwords = yes

    This option is only available when running smbpasswd as - root.

    -r remote machine name
    -w password

    This option allows a user to specify what machine - they wish to change their password on. Without this parameter - smbpasswd defaults to the local host. The remote - machine name is the NetBIOS name of the SMB/CIFS - server to contact to attempt the password change. This name is - resolved into an IP address using the standard name resolution - mechanism in all programs of the Samba suite. See the -R - name resolve order parameter for details on changing - this resolving mechanism.

    The username whose password is changed is that of the - current UNIX logged on user. See the This parameter is only available is Samba + has been configured to use the experimental + --with-ldapsam option. The -U username-w - parameter for details on changing the password for a different - username.

    Note that if changing a Windows NT Domain password the - remote machine specified must be the Primary Domain Controller for - the domain (Backup Domain Controllers only have a read-only - copy of the user account database and will not allow the password - change).

    Note that Windows 95/98 do not have - a real password database so it is not possible to change passwords - specifying a Win95/98 machine as remote machine target.

    -R name resolve order

    This option allows the user of smbpasswd to determine - what name resolution services to use when looking up the NetBIOS - name of the host being connected to.

    The options are :"lmhosts", "host", "wins" and "bcast". They cause - names to be resolved as follows :

    • lmhosts : Lookup an IP - address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the lmhosts(5) for details) then - any name type matches for lookup.

    • host : Do a standard host - name to IP address resolution, using the system /etc/hosts - , NIS, or DNS lookups. This method of name resolution - is operating system depended for instance on IRIX or Solaris this - may be controlled by the /etc/nsswitch.conf - file). Note that this method is only used if the NetBIOS name - type being queried is the 0x20 (server) name type, otherwise - it is ignored.

    • wins : Query a name with - the IP address listed in the wins serverldap admin + dn - parameter. If no WINS server has been specified this method - will be ignored.

    • bcast : Do a broadcast on - each of the known local interfaces listed in the - . Note that the password is stored in + the private/secrets.tdb and is keyed off + of the admin's DN. This means that if the value of interfacesldap + admin dn parameter. This is the least - reliable of the name resolution methods as it depends on the - target host being on a locally connected subnet.

    The default order is lmhosts, host, wins, bcast - and without this parameter or any entry in the - smb.conf file the name resolution methods will - be attempted in this order.

    ever changes, the password will beed to be + manually updated as well. +

    -m
    -x

    This option tells smbpasswd that the account - being changed is a MACHINE account. Currently this is used - when Samba is being used as an NT Primary Domain Controller.

    This option is only available when running smbpasswd as root. +>This option specifies that the username + following should be deleted from the local smbpasswd file.

    winbindd(8) daemon can be used to create UNIX accounts for NT users.

    This option is only available when running smbpasswd as root. -

    -U username
    -R name resolve order

    This option may only be used in conjunction - with the -r option. When changing - a password on a remote machine it allows the user to specify - the user name on that machine whose password will be changed. It - is present to allow users who have different user names on - different systems to change these passwords.

    This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to.

    In particular, this parameter specifies the username - used to create the machine account when invoked with -j

    -h
    The options are :"lmhosts", "host", "wins" and "bcast". They cause + names to be resolved as follows :

    This option prints the help string for smbpasswd, selecting the correct one for running as root - or as an ordinary user.

    -s

    • This option causes smbpasswd to be silent (i.e. - not issue prompts) and to read its old and new passwords from - standard input, rather than from lmhosts : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + any name type matches for lookup.

    • host : Do a standard host + name to IP address resolution, using the system /dev/tty/etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system dependent. For instance, on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf - (like the passwd(1) program does). This option - is to aid people writing scripts to drive smbpasswd

    -w password

  • This parameter is only available is Samba - has been configured to use the experimental - --with-ldapsam option. The wins : Query a name with + the IP address listed in the -wwins server - switch is used to specify the password to be used with the -

  • bcast : Do a broadcast on + each of the known local interfaces listed in the + ldap admin - dninterfaces. Note that the password is stored in - the parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet.

    • The default order is lmhosts, host, wins, bcast + and without this parameter or any entry in the + private/secrets.tdb and is keyed off - of the admin's DN. This means that if the value of ldap - admin dn ever changes, the password will beed to be - manually updated as well. -

    smb.conf file the name resolution methods will + be attempted in this order.

    username
    password

    This specifies the new password. If this parameter + is specified you will not be prompted for the new password. +

    NOTES

    VERSION

    SEE ALSO

    AUTHOR