Print this page
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
SMB-106 Add '-y' flag to 'smbadm join' command
*** 1,387 ****
SMBADM(1M) Maintenance Commands SMBADM(1M)
-
-
NAME
! smbadm - configure and manage CIFS local groups and users, and manage
domain membership
SYNOPSIS
- smbadm add-member -m member [[-m member] ...] group
-
-
smbadm create [-d description] group
-
-
smbadm delete group
!
!
smbadm disable-user username
-
-
smbadm enable-user username
-
-
- smbadm get [[-p property] ...] group
-
-
smbadm join [-y] -u username domain
-
-
smbadm join [-y] -w workgroup
-
-
smbadm list
-
- smbadm lookup account-name [account-name [...]]
-
-
- smbadm remove-member -m member [[-m member] ...] group
-
-
- smbadm rename group new-group
-
-
- smbadm set -p property=value [[-p property=value] ...] group
-
-
- smbadm show [-m] [-p] [group]
-
-
DESCRIPTION
! The smbadm command is used to configure CIFS local groups and to manage
! domain membership. You can also use the smbadm command to enable or
! disable SMB password generation for individual local users.
!
! CIFS local groups can be used when Windows accounts must be members of
some local groups and when Windows style privileges must be granted.
! Solaris local groups cannot provide these functions.
! There are two types of local groups: user defined and built-in. Built-
! in local groups are predefined local groups to support common
! administration tasks.
! In order to provide proper identity mapping between CIFS local groups
! and Solaris groups, a CIFS local group must have a corresponding
! Solaris group. This requirement has two consequences: first, the group
! name must conform to the intersection of the Windows and Solaris group
! name rules. Thus, a CIFS local group name can be up to eight (8)
! characters long and contain only lowercase characters and numbers.
! Second, a Solaris local group has to be created before a CIFS local
! group can be created.
!
!
! Built-in groups are standard Windows groups and are predefined by the
! CIFS service. The built-in groups cannot be added, removed, or renamed,
! and these groups do not follow the CIFS local group naming conventions.
!
!
! When the CIFS server is started, the following built-in groups are
available:
! Administrators
! Group members can administer the system.
! Backup Operators
!
! Group members can bypass file access controls to back up and
! restore files.
!
!
! Power Users
!
! Group members can share directories.
!
!
!
! Solaris local users must have an SMB password for authentication and to
! gain access to CIFS resources. This password is created by using the
passwd(1) command when the pam_smb_password module is added to the
system's PAM configuration. See the pam_smb_passwd(5) man page.
-
The disable-user and enable-user subcommands control SMB password-
generation for a specified local user. When disabled, the user is
! prevented from connecting to the Solaris CIFS service. By default, SMB
! password-generation is enabled for all local users.
!
! To reenable a disabled user, you must use the enable-user subcommand
! and then reset the user's password by using the passwd command. The
pam_smb_passwd.so.1 module must be added to the system's PAM
configuration to generate an SMB password.
Escaping Backslash Character
For the add-member, remove-member, and join (with -u) subcommands, the
! backslash character (\) is a valid separator between member or user
names and domain names. The backslash character is a shell special
character and must be quoted. For example, you might escape the
backslash character with another backslash character: domain\\username.
! For more information about handling shell special characters, see the
! man page for your shell.
OPERANDS
The smbadm command uses the following operands:
! domain
! Specifies the name of an existing Windows domain to join.
! group
! Specifies the name of the CIFS local group.
! username
! Specifies the name of a Solaris local user.
! SUBCOMMANDS
! The smbadm command includes these subcommands:
! add-member -m member [[-m member] ...] group
! Adds the specified member to the specified CIFS local group. The -m
! member option specifies the name of a CIFS local group member. The
! member name must include an existing user name and an optional
! domain name.
Specify the member name in either of the following formats:
[domain\]username
[domain/]username
-
For example, a valid member name might be sales\terry or
sales/terry, where sales is the Windows domain name and terry is
the name of a user in the sales domain.
! create [-d description] group
! Creates a CIFS local group with the specified name. You can
! optionally specify a description of the group by using the -d
! option.
! delete group
! Deletes the specified CIFS local group. The built-in groups cannot
! be deleted.
!
!
! disable username
!
Disables SMB password-generation capabilities for the specified
! local user. A disabled local user is prevented from accessing the
! system by means of the CIFS service. When a local user account is
! disabled, you cannot use the passwd command to modify the user's
! SMB password until the user account is reenabled.
!
! enable username
!
Enables SMB password-generation capabilities for the specified
! local user. After the password-generation capabilities are
! reenabled, you must use the passwd command to generate the SMB
! password for the local user before he can connect to the CIFS
! service.
! The passwd command manages both the Solaris password and SMB
! password for this user if the pam_smb_passwd module has been added
! to the system's PAM configuration.
-
- get [[-p property=value] ...] group
-
- Retrieves property values for the specified group. If no property
- is specified, all property values are shown.
-
-
join [-y] -u username domain
! Joins a Windows domain or a workgroup.
! The default mode for the CIFS service is workgroup mode, which uses
! the default workgroup name, WORKGROUP.
- An authenticated user account is required to join a domain, so you
- must specify the Windows administrative user name with the -u
- option. If the password is not specified on the command line, the
- user is prompted for it. This user should be the domain
- administrator or any user who has administrative privileges for the
- target domain.
-
- username and domain can be entered in any of the following formats:
-
username[+password] domain
domain\username[+password]
domain/username[+password]
username@domain
-
...where domain can be the NetBIOS or DNS domain name.
If a machine trust account for the system already exists on a
! domain controller, any authenticated user account can be used when
! joining the domain. However, if the machine trust account does not
! already exist, an account that has administrative privileges on the
! domain is required to join the domain. Specifying -y will bypass
! the smb service restart prompt.
-
join [-y] -w workgroup
! Joins a Windows domain or a workgroup.
! The -w workgroup option specifies the name of the workgroup to join
! when using the join subcommand. Specifying -y will bypass the smb
! service restart prompt.
!
! list
!
! Shows information about the current workgroup or domain. The
information typically includes the workgroup name or the primary
! domain name. When in domain mode, the information includes domain
! controller names and trusted domain names.
! Each entry in the ouput is identified by one of the following tags:
! - [*] -
! Primary domain
! - [.] -
! Local domain
! - [-] -
! Other domains
!
!
! - [+] -
! Selected domain controller
!
!
!
! lookup account-name [account-name [...]]
!
!
! Lookup the SID for the given account-name, or lookup the account-
! name for the given SID. This subcommand is primarily for
diagnostic use, to confirm whether the server can lookup domain
accounts and/or SIDs.
-
- remove-member -m member [[-m member] ...] group
-
- Removes the specified member from the specified CIFS local group.
- The -m member option specifies the name of a CIFS local group
- member. The member name must include an existing user name and an
- optional domain name.
-
- Specify the member name in either of the following formats:
-
- [domain\]username
- [domain/]username
-
-
- For example, a valid member name might be sales\terry or
- sales/terry, where sales is the Windows domain name and terry is
- the name of a user in the sales domain.
-
-
- rename group new-group
-
- Renames the specified CIFS local group. The group must already
- exist. The built-in groups cannot be renamed.
-
-
- set -p property=value [[-p property=value] ...] group
-
- Sets configuration properties for a CIFS local group. The
- description and the privileges for the built-in groups cannot be
- changed.
-
- The -p property=value option specifies the list of properties to be
- set on the specified group.
-
- The group-related properties are as follows:
-
- backup=[on|off]
-
- Specifies whether members of the CIFS local group can bypass
- file access controls to back up file system objects.
-
-
- description=description-text
-
- Specifies a text description for the CIFS local group.
-
-
- restore=[on|off]
-
- Specifies whether members of the CIFS local group can bypass
- file access controls to restore file system objects.
-
-
- take-ownership=[on|off]
-
- Specifies whether members of the CIFS local group can take
- ownership of file system objects.
-
-
-
- show [-m] [-p] [group]
-
- Shows information about the specified CIFS local group or groups.
- If no group is specified, information is shown for all groups. If
- the -m option is specified, the group members are also shown. If
- the -p option is specified, the group privileges are also shown.
-
-
EXIT STATUS
! The following exit values are returned:
! 0
! Successful completion.
-
- >0
- An error occurred.
-
-
- ATTRIBUTES
- See the attributes(5) man page for descriptions of the following
- attributes:
-
-
-
-
- +-------------------------+------------------+
- | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-------------------------+------------------+
- |Utility Name and Options | Uncommitted |
- +-------------------------+------------------+
- |Utility Output Format | Not-An-Interface |
- +-------------------------+------------------+
- |smbadm join | Obsolete |
- +-------------------------+------------------+
-
SEE ALSO
passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4),
smbautohome(4), attributes(5), pam_smb_passwd(5), smf(5)
!
!
! April 9, 2016 SMBADM(1M)
--- 1,269 ----
SMBADM(1M) Maintenance Commands SMBADM(1M)
NAME
! smbadm - configure and manage SMB local groups and users, and manage
domain membership
SYNOPSIS
smbadm create [-d description] group
smbadm delete group
! smbadm rename group new-group
! smbadm show [-mp] [group]
! smbadm get [-p property]... group
! smbadm set -p property=value [-p property=value]... group
! smbadm add-member -m member [-m member]... group
! smbadm remove-member -m member [-m member]... group
! smbadm delete-user username
smbadm disable-user username
smbadm enable-user username
smbadm join [-y] -u username domain
smbadm join [-y] -w workgroup
smbadm list
+ smbadm lookup account-name [account-name]...
DESCRIPTION
! The smbadm command is used to configure SMB local groups and users, and
! to manage domain membership. You can also use the smbadm command to
! enable or disable SMB password generation for individual local users.
! SMB local groups can be used when Windows accounts must be members of
some local groups and when Windows style privileges must be granted.
! System local groups cannot provide these functions.
+ There are two types of local groups: user defined and built-in. Built-in
+ local groups are predefined local groups to support common administration
+ tasks.
! In order to provide proper identity mapping between SMB local groups and
! system groups, a SMB local group must have a corresponding system group.
! This requirement has two consequences: first, the group name must conform
! to the intersection of the Windows and system group name rules. Thus, a
! SMB local group name can be up to eight (8) characters long and contain
! only lowercase characters and numbers. Second, a system local group has
! to be created before a SMB local group can be created.
+ Built-in groups are standard Windows groups and are predefined by the SMB
+ service. The built-in groups cannot be added, removed, or renamed, and
+ these groups do not follow the SMB local group naming conventions.
! When the SMB server is started, the following built-in groups are
available:
! Administrators Group members can administer the system.
! Backup Operators Group members can bypass file access controls to back
! up and restore files.
+ Power Users Group members can share directories.
! System local users must have an SMB password for authentication and to
! gain access to SMB resources. This password is created by using the
passwd(1) command when the pam_smb_password module is added to the
system's PAM configuration. See the pam_smb_passwd(5) man page.
The disable-user and enable-user subcommands control SMB password-
generation for a specified local user. When disabled, the user is
! prevented from connecting to the SMB service. By default, SMB password-
! generation is enabled for all local users.
! To reenable a disabled user, you must use the enable-user subcommand and
! then reset the user's password by using the passwd command. The
pam_smb_passwd.so.1 module must be added to the system's PAM
configuration to generate an SMB password.
Escaping Backslash Character
For the add-member, remove-member, and join (with -u) subcommands, the
! backslash character ("\") is a valid separator between member or user
names and domain names. The backslash character is a shell special
character and must be quoted. For example, you might escape the
backslash character with another backslash character: domain\\username.
! For more information about handling shell special characters, see the man
! page for your shell.
OPERANDS
The smbadm command uses the following operands:
! domain Specifies the name of an existing Windows domain to join.
! group Specifies the name of the SMB local group.
+ username Specifies the name of a system local user.
! SUBCOMMANDS
! The smbadm command includes these subcommands:
! create [-d description] group
! Creates a SMB local group with the specified name. You can
! optionally specify a description of the group by using the -d
! option.
+ delete group
+ Deletes the specified SMB local group. The built-in groups
+ cannot be deleted.
! rename group new-group
! Renames the specified SMB local group. The group must already
! exist. The built-in groups cannot be renamed.
! show [-mp] [group]
! Shows information about the specified SMB local group or groups.
! If no group is specified, information is shown for all groups.
! If the -m option is specified, the group members are also shown.
! If the -p option is specified, the group privileges are also
! shown.
+ get [-p property=value]... group
+ Retrieves property values for the specified group. If no
+ property is specified, all property values are shown.
! set -p property=value [-p property=value]... group
! Sets configuration properties for a SMB local group. The
! description and the privileges for the built-in groups cannot be
! changed.
! The -p property=value option specifies the list of properties to
! be set on the specified group.
! The group-related properties are as follows:
+ backup=on|off
+ Specifies whether members of the SMB local group can
+ bypass file access controls to back up file system
+ objects.
+
+ description=description-text
+ Specifies a text description for the SMB local group.
+
+ restore=on|off
+ Specifies whether members of the SMB local group can
+ bypass file access controls to restore file system
+ objects.
+
+ take-ownership=on|off
+ Specifies whether members of the SMB local group can take
+ ownership of file system objects.
+
+ add-member -m member [-m member]... group
+ Adds the specified member to the specified SMB local group. The
+ -m member option specifies the name of a SMB local group member.
+ The member name must include an existing user name and an
+ optional domain name.
+
Specify the member name in either of the following formats:
[domain\]username
[domain/]username
For example, a valid member name might be sales\terry or
sales/terry, where sales is the Windows domain name and terry is
the name of a user in the sales domain.
+ remove-member -m member [-m member]... group
+ Removes the specified member from the specified SMB local group.
+ The -m member option specifies the name of a SMB local group
+ member. The member name must include an existing user name and
+ an optional domain name.
! Specify the member name in either of the following formats:
! [domain\]username
! [domain/]username
+ For example, a valid member name might be sales\terry or
+ sales/terry, where sales is the Windows domain name and terry is
+ the name of a user in the sales domain.
! delete-user username
! Deletes SMB password for the specified local user effectively
! preventing the access by means of the SMB service. Use passwd
! command to create the SMB password and re-enable access.
! disable-user username
Disables SMB password-generation capabilities for the specified
! local user effectively preventing access by means of the SMB
! service. When a local user account is disabled, you cannot use
! the passwd command to modify the user's SMB password until the
! user account is re-enabled.
! enable-user username
Enables SMB password-generation capabilities for the specified
! local user and re-enables access. After the password-generation
! capabilities are re-enabled, use the passwd command to generate
! the SMB password for the local user.
! The passwd command manages both the system password and SMB
! password for this user if the pam_smb_passwd module has been
! added to the system's PAM configuration.
join [-y] -u username domain
+ Joins a Windows domain.
! An authenticated user account is required to join a domain, so
! you must specify the Windows administrative user name with the -u
! option. If the password is not specified on the command line,
! the user is prompted for it. This user should be the domain
! administrator or any user who has administrative privileges for
! the target domain.
! username and domain can be entered in any of the following
! formats:
username[+password] domain
domain\username[+password]
domain/username[+password]
username@domain
...where domain can be the NetBIOS or DNS domain name.
If a machine trust account for the system already exists on a
! domain controller, any authenticated user account can be used
! when joining the domain. However, if the machine trust account
! does not already exist, an account that has administrative
! privileges on the domain is required to join the domain.
! Specifying -y will bypass the SMB service restart prompt.
join [-y] -w workgroup
+ Joins a Windows workgroup.
! The default mode for the SMB service is workgroup mode, which
! uses the default workgroup name, "WORKGROUP".
! The -w workgroup option specifies the name of the workgroup to
! join when using the join subcommand. Specifying -y will bypass
! the SMB service restart prompt.
! list Shows information about the current workgroup or domain. The
information typically includes the workgroup name or the primary
! domain name. When in domain mode, the information includes
! domain controller names and trusted domain names.
! Each entry in the ouput is identified by one of the following
! tags:
! [*] Primary domain
+ [.] Local domain
! [-] Other domains
+ [+] Selected domain controller
! lookup account-name [account-name]...
! Lookup the SID for the given account-name, or lookup the
! account-name for the given SID. This subcommand is primarily for
diagnostic use, to confirm whether the server can lookup domain
accounts and/or SIDs.
EXIT STATUS
! The smbadm utility exits 0 on success, and >0 if an error occurs.
! INTERFACE STABILITY
! Utility name and options are Uncommitted. Utility output format is
! Not-An-Interface.
SEE ALSO
passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4),
smbautohome(4), attributes(5), pam_smb_passwd(5), smf(5)
! illumos November 18, 2017 illumos