Print this page
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
SMB-106 Add '-y' flag to 'smbadm join' command
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/smbadm.1m.man.txt
+++ new/usr/src/man/man1m/smbadm.1m.man.txt
1 1 SMBADM(1M) Maintenance Commands SMBADM(1M)
2 2
3 -
4 -
5 3 NAME
6 - smbadm - configure and manage CIFS local groups and users, and manage
7 - domain membership
4 + smbadm - configure and manage SMB local groups and users, and manage
5 + domain membership
8 6
9 7 SYNOPSIS
10 - smbadm add-member -m member [[-m member] ...] group
8 + smbadm create [-d description] group
9 + smbadm delete group
10 + smbadm rename group new-group
11 + smbadm show [-mp] [group]
12 + smbadm get [-p property]... group
13 + smbadm set -p property=value [-p property=value]... group
14 + smbadm add-member -m member [-m member]... group
15 + smbadm remove-member -m member [-m member]... group
16 + smbadm delete-user username
17 + smbadm disable-user username
18 + smbadm enable-user username
19 + smbadm join [-y] -u username domain
20 + smbadm join [-y] -w workgroup
21 + smbadm list
22 + smbadm lookup account-name [account-name]...
11 23
12 -
13 - smbadm create [-d description] group
14 -
15 -
16 - smbadm delete group
17 -
18 -
19 - smbadm disable-user username
20 -
21 -
22 - smbadm enable-user username
23 -
24 -
25 - smbadm get [[-p property] ...] group
26 -
27 -
28 - smbadm join [-y] -u username domain
29 -
30 -
31 - smbadm join [-y] -w workgroup
32 -
33 -
34 - smbadm list
35 -
36 -
37 - smbadm lookup account-name [account-name [...]]
38 -
39 -
40 - smbadm remove-member -m member [[-m member] ...] group
41 -
42 -
43 - smbadm rename group new-group
44 -
45 -
46 - smbadm set -p property=value [[-p property=value] ...] group
47 -
48 -
49 - smbadm show [-m] [-p] [group]
50 -
51 -
52 24 DESCRIPTION
53 - The smbadm command is used to configure CIFS local groups and to manage
54 - domain membership. You can also use the smbadm command to enable or
55 - disable SMB password generation for individual local users.
25 + The smbadm command is used to configure SMB local groups and users, and
26 + to manage domain membership. You can also use the smbadm command to
27 + enable or disable SMB password generation for individual local users.
56 28
29 + SMB local groups can be used when Windows accounts must be members of
30 + some local groups and when Windows style privileges must be granted.
31 + System local groups cannot provide these functions.
57 32
58 - CIFS local groups can be used when Windows accounts must be members of
59 - some local groups and when Windows style privileges must be granted.
60 - Solaris local groups cannot provide these functions.
33 + There are two types of local groups: user defined and built-in. Built-in
34 + local groups are predefined local groups to support common administration
35 + tasks.
61 36
37 + In order to provide proper identity mapping between SMB local groups and
38 + system groups, a SMB local group must have a corresponding system group.
39 + This requirement has two consequences: first, the group name must conform
40 + to the intersection of the Windows and system group name rules. Thus, a
41 + SMB local group name can be up to eight (8) characters long and contain
42 + only lowercase characters and numbers. Second, a system local group has
43 + to be created before a SMB local group can be created.
62 44
63 - There are two types of local groups: user defined and built-in. Built-
64 - in local groups are predefined local groups to support common
65 - administration tasks.
45 + Built-in groups are standard Windows groups and are predefined by the SMB
46 + service. The built-in groups cannot be added, removed, or renamed, and
47 + these groups do not follow the SMB local group naming conventions.
66 48
49 + When the SMB server is started, the following built-in groups are
50 + available:
67 51
68 - In order to provide proper identity mapping between CIFS local groups
69 - and Solaris groups, a CIFS local group must have a corresponding
70 - Solaris group. This requirement has two consequences: first, the group
71 - name must conform to the intersection of the Windows and Solaris group
72 - name rules. Thus, a CIFS local group name can be up to eight (8)
73 - characters long and contain only lowercase characters and numbers.
74 - Second, a Solaris local group has to be created before a CIFS local
75 - group can be created.
52 + Administrators Group members can administer the system.
76 53
54 + Backup Operators Group members can bypass file access controls to back
55 + up and restore files.
77 56
78 - Built-in groups are standard Windows groups and are predefined by the
79 - CIFS service. The built-in groups cannot be added, removed, or renamed,
80 - and these groups do not follow the CIFS local group naming conventions.
57 + Power Users Group members can share directories.
81 58
59 + System local users must have an SMB password for authentication and to
60 + gain access to SMB resources. This password is created by using the
61 + passwd(1) command when the pam_smb_password module is added to the
62 + system's PAM configuration. See the pam_smb_passwd(5) man page.
82 63
83 - When the CIFS server is started, the following built-in groups are
84 - available:
64 + The disable-user and enable-user subcommands control SMB password-
65 + generation for a specified local user. When disabled, the user is
66 + prevented from connecting to the SMB service. By default, SMB password-
67 + generation is enabled for all local users.
85 68
86 - Administrators
69 + To reenable a disabled user, you must use the enable-user subcommand and
70 + then reset the user's password by using the passwd command. The
71 + pam_smb_passwd.so.1 module must be added to the system's PAM
72 + configuration to generate an SMB password.
87 73
88 - Group members can administer the system.
89 -
90 -
91 - Backup Operators
92 -
93 - Group members can bypass file access controls to back up and
94 - restore files.
95 -
96 -
97 - Power Users
98 -
99 - Group members can share directories.
100 -
101 -
102 -
103 - Solaris local users must have an SMB password for authentication and to
104 - gain access to CIFS resources. This password is created by using the
105 - passwd(1) command when the pam_smb_password module is added to the
106 - system's PAM configuration. See the pam_smb_passwd(5) man page.
107 -
108 -
109 - The disable-user and enable-user subcommands control SMB password-
110 - generation for a specified local user. When disabled, the user is
111 - prevented from connecting to the Solaris CIFS service. By default, SMB
112 - password-generation is enabled for all local users.
113 -
114 -
115 - To reenable a disabled user, you must use the enable-user subcommand
116 - and then reset the user's password by using the passwd command. The
117 - pam_smb_passwd.so.1 module must be added to the system's PAM
118 - configuration to generate an SMB password.
119 -
120 74 Escaping Backslash Character
121 - For the add-member, remove-member, and join (with -u) subcommands, the
122 - backslash character (\) is a valid separator between member or user
123 - names and domain names. The backslash character is a shell special
124 - character and must be quoted. For example, you might escape the
125 - backslash character with another backslash character: domain\\username.
126 - For more information about handling shell special characters, see the
127 - man page for your shell.
75 + For the add-member, remove-member, and join (with -u) subcommands, the
76 + backslash character ("\") is a valid separator between member or user
77 + names and domain names. The backslash character is a shell special
78 + character and must be quoted. For example, you might escape the
79 + backslash character with another backslash character: domain\\username.
80 + For more information about handling shell special characters, see the man
81 + page for your shell.
128 82
129 83 OPERANDS
130 - The smbadm command uses the following operands:
84 + The smbadm command uses the following operands:
131 85
132 - domain
86 + domain Specifies the name of an existing Windows domain to join.
133 87
134 - Specifies the name of an existing Windows domain to join.
88 + group Specifies the name of the SMB local group.
135 89
90 + username Specifies the name of a system local user.
136 91
137 - group
138 -
139 - Specifies the name of the CIFS local group.
140 -
141 -
142 - username
143 -
144 - Specifies the name of a Solaris local user.
145 -
146 -
147 92 SUBCOMMANDS
148 - The smbadm command includes these subcommands:
93 + The smbadm command includes these subcommands:
149 94
150 - add-member -m member [[-m member] ...] group
95 + create [-d description] group
96 + Creates a SMB local group with the specified name. You can
97 + optionally specify a description of the group by using the -d
98 + option.
151 99
152 - Adds the specified member to the specified CIFS local group. The -m
153 - member option specifies the name of a CIFS local group member. The
154 - member name must include an existing user name and an optional
155 - domain name.
100 + delete group
101 + Deletes the specified SMB local group. The built-in groups
102 + cannot be deleted.
156 103
157 - Specify the member name in either of the following formats:
104 + rename group new-group
105 + Renames the specified SMB local group. The group must already
106 + exist. The built-in groups cannot be renamed.
158 107
159 - [domain\]username
160 - [domain/]username
108 + show [-mp] [group]
109 + Shows information about the specified SMB local group or groups.
110 + If no group is specified, information is shown for all groups.
111 + If the -m option is specified, the group members are also shown.
112 + If the -p option is specified, the group privileges are also
113 + shown.
161 114
115 + get [-p property=value]... group
116 + Retrieves property values for the specified group. If no
117 + property is specified, all property values are shown.
162 118
163 - For example, a valid member name might be sales\terry or
164 - sales/terry, where sales is the Windows domain name and terry is
165 - the name of a user in the sales domain.
119 + set -p property=value [-p property=value]... group
120 + Sets configuration properties for a SMB local group. The
121 + description and the privileges for the built-in groups cannot be
122 + changed.
166 123
124 + The -p property=value option specifies the list of properties to
125 + be set on the specified group.
167 126
168 - create [-d description] group
127 + The group-related properties are as follows:
169 128
170 - Creates a CIFS local group with the specified name. You can
171 - optionally specify a description of the group by using the -d
172 - option.
129 + backup=on|off
130 + Specifies whether members of the SMB local group can
131 + bypass file access controls to back up file system
132 + objects.
173 133
134 + description=description-text
135 + Specifies a text description for the SMB local group.
174 136
175 - delete group
137 + restore=on|off
138 + Specifies whether members of the SMB local group can
139 + bypass file access controls to restore file system
140 + objects.
176 141
177 - Deletes the specified CIFS local group. The built-in groups cannot
178 - be deleted.
142 + take-ownership=on|off
143 + Specifies whether members of the SMB local group can take
144 + ownership of file system objects.
179 145
146 + add-member -m member [-m member]... group
147 + Adds the specified member to the specified SMB local group. The
148 + -m member option specifies the name of a SMB local group member.
149 + The member name must include an existing user name and an
150 + optional domain name.
180 151
181 - disable username
152 + Specify the member name in either of the following formats:
182 153
183 - Disables SMB password-generation capabilities for the specified
184 - local user. A disabled local user is prevented from accessing the
185 - system by means of the CIFS service. When a local user account is
186 - disabled, you cannot use the passwd command to modify the user's
187 - SMB password until the user account is reenabled.
154 + [domain\]username
155 + [domain/]username
188 156
157 + For example, a valid member name might be sales\terry or
158 + sales/terry, where sales is the Windows domain name and terry is
159 + the name of a user in the sales domain.
189 160
190 - enable username
161 + remove-member -m member [-m member]... group
162 + Removes the specified member from the specified SMB local group.
163 + The -m member option specifies the name of a SMB local group
164 + member. The member name must include an existing user name and
165 + an optional domain name.
191 166
192 - Enables SMB password-generation capabilities for the specified
193 - local user. After the password-generation capabilities are
194 - reenabled, you must use the passwd command to generate the SMB
195 - password for the local user before he can connect to the CIFS
196 - service.
167 + Specify the member name in either of the following formats:
197 168
198 - The passwd command manages both the Solaris password and SMB
199 - password for this user if the pam_smb_passwd module has been added
200 - to the system's PAM configuration.
169 + [domain\]username
170 + [domain/]username
201 171
172 + For example, a valid member name might be sales\terry or
173 + sales/terry, where sales is the Windows domain name and terry is
174 + the name of a user in the sales domain.
202 175
203 - get [[-p property=value] ...] group
176 + delete-user username
177 + Deletes SMB password for the specified local user effectively
178 + preventing the access by means of the SMB service. Use passwd
179 + command to create the SMB password and re-enable access.
204 180
205 - Retrieves property values for the specified group. If no property
206 - is specified, all property values are shown.
181 + disable-user username
182 + Disables SMB password-generation capabilities for the specified
183 + local user effectively preventing access by means of the SMB
184 + service. When a local user account is disabled, you cannot use
185 + the passwd command to modify the user's SMB password until the
186 + user account is re-enabled.
207 187
188 + enable-user username
189 + Enables SMB password-generation capabilities for the specified
190 + local user and re-enables access. After the password-generation
191 + capabilities are re-enabled, use the passwd command to generate
192 + the SMB password for the local user.
208 193
209 - join [-y] -u username domain
194 + The passwd command manages both the system password and SMB
195 + password for this user if the pam_smb_passwd module has been
196 + added to the system's PAM configuration.
210 197
211 - Joins a Windows domain or a workgroup.
198 + join [-y] -u username domain
199 + Joins a Windows domain.
212 200
213 - The default mode for the CIFS service is workgroup mode, which uses
214 - the default workgroup name, WORKGROUP.
201 + An authenticated user account is required to join a domain, so
202 + you must specify the Windows administrative user name with the -u
203 + option. If the password is not specified on the command line,
204 + the user is prompted for it. This user should be the domain
205 + administrator or any user who has administrative privileges for
206 + the target domain.
215 207
216 - An authenticated user account is required to join a domain, so you
217 - must specify the Windows administrative user name with the -u
218 - option. If the password is not specified on the command line, the
219 - user is prompted for it. This user should be the domain
220 - administrator or any user who has administrative privileges for the
221 - target domain.
208 + username and domain can be entered in any of the following
209 + formats:
222 210
223 - username and domain can be entered in any of the following formats:
211 + username[+password] domain
212 + domain\username[+password]
213 + domain/username[+password]
214 + username@domain
224 215
225 - username[+password] domain
226 - domain\username[+password]
227 - domain/username[+password]
228 - username@domain
216 + ...where domain can be the NetBIOS or DNS domain name.
229 217
218 + If a machine trust account for the system already exists on a
219 + domain controller, any authenticated user account can be used
220 + when joining the domain. However, if the machine trust account
221 + does not already exist, an account that has administrative
222 + privileges on the domain is required to join the domain.
223 + Specifying -y will bypass the SMB service restart prompt.
230 224
231 - ...where domain can be the NetBIOS or DNS domain name.
225 + join [-y] -w workgroup
226 + Joins a Windows workgroup.
232 227
233 - If a machine trust account for the system already exists on a
234 - domain controller, any authenticated user account can be used when
235 - joining the domain. However, if the machine trust account does not
236 - already exist, an account that has administrative privileges on the
237 - domain is required to join the domain. Specifying -y will bypass
238 - the smb service restart prompt.
228 + The default mode for the SMB service is workgroup mode, which
229 + uses the default workgroup name, "WORKGROUP".
239 230
231 + The -w workgroup option specifies the name of the workgroup to
232 + join when using the join subcommand. Specifying -y will bypass
233 + the SMB service restart prompt.
240 234
241 - join [-y] -w workgroup
235 + list Shows information about the current workgroup or domain. The
236 + information typically includes the workgroup name or the primary
237 + domain name. When in domain mode, the information includes
238 + domain controller names and trusted domain names.
242 239
243 - Joins a Windows domain or a workgroup.
240 + Each entry in the ouput is identified by one of the following
241 + tags:
244 242
245 - The -w workgroup option specifies the name of the workgroup to join
246 - when using the join subcommand. Specifying -y will bypass the smb
247 - service restart prompt.
243 + [*] Primary domain
248 244
245 + [.] Local domain
249 246
250 - list
247 + [-] Other domains
251 248
252 - Shows information about the current workgroup or domain. The
253 - information typically includes the workgroup name or the primary
254 - domain name. When in domain mode, the information includes domain
255 - controller names and trusted domain names.
249 + [+] Selected domain controller
256 250
257 - Each entry in the ouput is identified by one of the following tags:
251 + lookup account-name [account-name]...
252 + Lookup the SID for the given account-name, or lookup the
253 + account-name for the given SID. This subcommand is primarily for
254 + diagnostic use, to confirm whether the server can lookup domain
255 + accounts and/or SIDs.
258 256
259 - - [*] -
260 - Primary domain
261 -
262 -
263 - - [.] -
264 - Local domain
265 -
266 -
267 - - [-] -
268 - Other domains
269 -
270 -
271 - - [+] -
272 - Selected domain controller
273 -
274 -
275 -
276 - lookup account-name [account-name [...]]
277 -
278 -
279 - Lookup the SID for the given account-name, or lookup the account-
280 - name for the given SID. This subcommand is primarily for
281 - diagnostic use, to confirm whether the server can lookup domain
282 - accounts and/or SIDs.
283 -
284 -
285 - remove-member -m member [[-m member] ...] group
286 -
287 - Removes the specified member from the specified CIFS local group.
288 - The -m member option specifies the name of a CIFS local group
289 - member. The member name must include an existing user name and an
290 - optional domain name.
291 -
292 - Specify the member name in either of the following formats:
293 -
294 - [domain\]username
295 - [domain/]username
296 -
297 -
298 - For example, a valid member name might be sales\terry or
299 - sales/terry, where sales is the Windows domain name and terry is
300 - the name of a user in the sales domain.
301 -
302 -
303 - rename group new-group
304 -
305 - Renames the specified CIFS local group. The group must already
306 - exist. The built-in groups cannot be renamed.
307 -
308 -
309 - set -p property=value [[-p property=value] ...] group
310 -
311 - Sets configuration properties for a CIFS local group. The
312 - description and the privileges for the built-in groups cannot be
313 - changed.
314 -
315 - The -p property=value option specifies the list of properties to be
316 - set on the specified group.
317 -
318 - The group-related properties are as follows:
319 -
320 - backup=[on|off]
321 -
322 - Specifies whether members of the CIFS local group can bypass
323 - file access controls to back up file system objects.
324 -
325 -
326 - description=description-text
327 -
328 - Specifies a text description for the CIFS local group.
329 -
330 -
331 - restore=[on|off]
332 -
333 - Specifies whether members of the CIFS local group can bypass
334 - file access controls to restore file system objects.
335 -
336 -
337 - take-ownership=[on|off]
338 -
339 - Specifies whether members of the CIFS local group can take
340 - ownership of file system objects.
341 -
342 -
343 -
344 - show [-m] [-p] [group]
345 -
346 - Shows information about the specified CIFS local group or groups.
347 - If no group is specified, information is shown for all groups. If
348 - the -m option is specified, the group members are also shown. If
349 - the -p option is specified, the group privileges are also shown.
350 -
351 -
352 257 EXIT STATUS
353 - The following exit values are returned:
258 + The smbadm utility exits 0 on success, and >0 if an error occurs.
354 259
355 - 0
356 - Successful completion.
260 +INTERFACE STABILITY
261 + Utility name and options are Uncommitted. Utility output format is
262 + Not-An-Interface.
357 263
358 -
359 - >0
360 - An error occurred.
361 -
362 -
363 -ATTRIBUTES
364 - See the attributes(5) man page for descriptions of the following
365 - attributes:
366 -
367 -
368 -
369 -
370 - +-------------------------+------------------+
371 - | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
372 - +-------------------------+------------------+
373 - |Utility Name and Options | Uncommitted |
374 - +-------------------------+------------------+
375 - |Utility Output Format | Not-An-Interface |
376 - +-------------------------+------------------+
377 - |smbadm join | Obsolete |
378 - +-------------------------+------------------+
379 -
380 264 SEE ALSO
381 - passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
382 - sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4),
383 - smbautohome(4), attributes(5), pam_smb_passwd(5), smf(5)
265 + passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
266 + sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4),
267 + smbautohome(4), attributes(5), pam_smb_passwd(5), smf(5)
384 268
385 -
386 -
387 - April 9, 2016 SMBADM(1M)
269 +illumos November 18, 2017 illumos
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX