Print this page
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
SMB-106 Add '-y' flag to 'smbadm join' command
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/smbadm.1m
+++ new/usr/src/man/man1m/smbadm.1m
1 -'\" te
2 -.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved.
1 +.\"
2 +.\" The contents of this file are subject to the terms of the
3 +.\" Common Development and Distribution License (the "License").
4 +.\" You may not use this file except in compliance with the License.
5 +.\"
6 +.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7 +.\" or http://www.opensolaris.org/os/licensing.
8 +.\" See the License for the specific language governing permissions
9 +.\" and limitations under the License.
10 +.\"
11 +.\" When distributing Covered Code, include this CDDL HEADER in each
12 +.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
13 +.\" If applicable, add the following below this CDDL HEADER, with the
14 +.\" fields enclosed by brackets "[]" replaced with your own identifying
15 +.\" information: Portions Copyright [yyyy] [name of copyright owner]
16 +.\"
17 +.\"
3 18 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
4 -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 -.TH SMBADM 1M "April 9, 2016"
8 -.SH NAME
9 -smbadm \- configure and manage CIFS local groups and users, and manage domain
19 +.\" Copyright 2017 Nexenta Systems, Inc.
20 +.\"
21 +.Dd November 18, 2017
22 +.Dt SMBADM 1M
23 +.Os
24 +.Sh NAME
25 +.Nm smbadm
26 +.Nd configure and manage SMB local groups and users, and manage domain
10 27 membership
11 -.SH SYNOPSIS
12 -.LP
13 -.nf
14 -\fBsmbadm add-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.] \fIgroup\fR
15 -.fi
16 -
17 -.LP
18 -.nf
19 -\fBsmbadm create\fR [-d \fIdescription\fR] \fIgroup\fR
20 -.fi
21 -
22 -.LP
23 -.nf
24 -\fBsmbadm delete\fR \fIgroup\fR
25 -.fi
26 -
27 -.LP
28 -.nf
29 -\fBsmbadm disable-user\fR \fIusername\fR
30 -.fi
31 -
32 -.LP
33 -.nf
34 -\fBsmbadm enable-user\fR \fIusername\fR
35 -.fi
36 -
37 -.LP
38 -.nf
39 -\fBsmbadm get\fR [[-p \fIproperty\fR] \&.\|.\|.] \fIgroup\fR
40 -.fi
41 -
42 -.LP
43 -.nf
44 -\fBsmbadm join\fR [-y] -u \fIusername\fR \fIdomain\fR
45 -.fi
46 -
47 -.LP
48 -.nf
49 -\fBsmbadm join\fR [-y] -w \fIworkgroup\fR
50 -.fi
51 -
52 -.LP
53 -.nf
54 -\fBsmbadm list\fR
55 -.fi
56 -
57 -.LP
58 -.nf
59 -\fBsmbadm lookup\fR \fIaccount-name\fR [\fIaccount-name\fR [\&.\|.\|.]]
60 -.fi
61 -
62 -.LP
63 -.nf
64 -\fBsmbadm remove-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.] \fIgroup\fR
65 -.fi
66 -
67 -.LP
68 -.nf
69 -\fBsmbadm rename\fR \fIgroup\fR \fInew-group\fR
70 -.fi
71 -
72 -.LP
73 -.nf
74 -\fBsmbadm set\fR -p \fIproperty\fR=\fIvalue\fR [[-p \fIproperty\fR=\fIvalue\fR] \&.\|.\|.] \fIgroup\fR
75 -.fi
76 -
77 -.LP
78 -.nf
79 -\fBsmbadm show\fR [-m] [-p] [\fIgroup\fR]
80 -.fi
81 -
82 -.SH DESCRIPTION
83 -.LP
84 -The \fBsmbadm\fR command is used to configure \fBCIFS\fR local groups and to
85 -manage domain membership. You can also use the \fBsmbadm\fR command to enable
86 -or disable SMB password generation for individual local users.
87 -.sp
88 -.LP
89 -\fBCIFS\fR local groups can be used when Windows accounts must be members of
90 -some local groups and when Windows style privileges must be granted. Solaris
91 -local groups cannot provide these functions.
92 -.sp
93 -.LP
94 -There are two types of local groups: user defined and built-in. Built-in local
95 -groups are predefined local groups to support common administration tasks.
96 -.sp
97 -.LP
98 -In order to provide proper identity mapping between \fBCIFS\fR local groups and
99 -Solaris groups, a \fBCIFS\fR local group must have a corresponding Solaris
100 -group. This requirement has two consequences: first, the group name must
101 -conform to the intersection of the Windows and Solaris group name rules. Thus,
102 -a \fBCIFS\fR local group name can be up to eight (8) characters long and
103 -contain only lowercase characters and numbers. Second, a Solaris local group
104 -has to be created before a \fBCIFS\fR local group can be created.
105 -.sp
106 -.LP
107 -Built-in groups are standard Windows groups and are predefined by the
108 -\fBCIFS\fR service. The built-in groups cannot be added, removed, or renamed,
109 -and these groups do not follow the \fBCIFS\fR local group naming conventions.
110 -.sp
111 -.LP
112 -When the \fBCIFS\fR server is started, the following built-in groups are
113 -available:
114 -.sp
115 -.ne 2
116 -.na
117 -\fBAdministrators\fR
118 -.ad
119 -.sp .6
120 -.RS 4n
28 +.Sh SYNOPSIS
29 +.Nm
30 +.Cm create
31 +.Op Fl d Ar description
32 +.Ar group
33 +.Nm
34 +.Cm delete
35 +.Ar group
36 +.Nm
37 +.Cm rename
38 +.Ar group new-group
39 +.Nm
40 +.Cm show
41 +.Op Fl mp
42 +.Op Ar group
43 +.Nm
44 +.Cm get
45 +.Oo Fl p Ar property Oc Ns ...
46 +.Ar group
47 +.Nm
48 +.Cm set
49 +.Fl p Ar property Ns = Ns Ar value
50 +.Oo Fl p Ar property Ns = Ns Ar value Oc Ns ...
51 +.Ar group
52 +.Nm
53 +.Cm add-member
54 +.Fl m Ar member Oo Fl m Ar member Oc Ns ...
55 +.Ar group
56 +.Nm
57 +.Cm remove-member
58 +.Fl m Ar member Oo Fl m Ar member Oc Ns ...
59 +.Ar group
60 +.Nm
61 +.Cm delete-user
62 +.Ar username
63 +.Nm
64 +.Cm disable-user
65 +.Ar username
66 +.Nm
67 +.Cm enable-user
68 +.Ar username
69 +.Nm
70 +.Cm join
71 +.Op Fl y
72 +.Fl u Ar username
73 +.Ar domain
74 +.Nm
75 +.Cm join
76 +.Op Fl y
77 +.Fl w Ar workgroup
78 +.Nm
79 +.Cm list
80 +.Nm
81 +.Cm lookup
82 +.Ar account-name Oo Ar account-name Oc Ns ...
83 +.Sh DESCRIPTION
84 +The
85 +.Nm
86 +command is used to configure SMB local groups and users, and to manage domain
87 +membership.
88 +You can also use the
89 +.Nm
90 +command to enable or disable SMB password generation for individual local users.
91 +.Pp
92 +SMB local groups can be used when Windows accounts must be members of some local
93 +groups and when Windows style privileges must be granted.
94 +System local groups cannot provide these functions.
95 +.Pp
96 +There are two types of local groups: user defined and built-in.
97 +Built-in local groups are predefined local groups to support common
98 +administration tasks.
99 +.Pp
100 +In order to provide proper identity mapping between SMB local groups and
101 +system groups, a SMB local group must have a corresponding system group.
102 +This requirement has two consequences: first, the group name must conform to the
103 +intersection of the Windows and system group name rules.
104 +Thus, a SMB local group name can be up to eight (8) characters long and contain
105 +only lowercase characters and numbers.
106 +Second, a system local group has to be created before a SMB local group can
107 +be created.
108 +.Pp
109 +Built-in groups are standard Windows groups and are predefined by the SMB
110 +service.
111 +The built-in groups cannot be added, removed, or renamed, and these groups do
112 +not follow the SMB local group naming conventions.
113 +.Pp
114 +When the SMB server is started, the following built-in groups are available:
115 +.Bl -tag -width "Backup Operators"
116 +.It Sy Administrators
121 117 Group members can administer the system.
122 -.RE
123 -
124 -.sp
125 -.ne 2
126 -.na
127 -\fBBackup Operators\fR
128 -.ad
129 -.sp .6
130 -.RS 4n
118 +.It Sy Backup Operators
131 119 Group members can bypass file access controls to back up and restore files.
132 -.RE
133 -
134 -.sp
135 -.ne 2
136 -.na
137 -\fBPower Users\fR
138 -.ad
139 -.sp .6
140 -.RS 4n
120 +.It Sy Power Users
141 121 Group members can share directories.
142 -.RE
143 -
144 -.sp
145 -.LP
146 -Solaris local users must have an SMB password for authentication and to gain
147 -access to CIFS resources. This password is created by using the \fBpasswd\fR(1)
148 -command when the \fBpam_smb_password\fR module is added to the system's PAM
149 -configuration. See the \fBpam_smb_passwd\fR(5) man page.
150 -.sp
151 -.LP
152 -The \fBdisable-user\fR and \fBenable-user\fR subcommands control SMB
153 -password-generation for a specified local user. When disabled, the user is
154 -prevented from connecting to the Solaris CIFS service. By default, SMB
155 -password-generation is enabled for all local users.
156 -.sp
157 -.LP
158 -To reenable a disabled user, you must use the \fBenable-user\fR subcommand and
159 -then reset the user's password by using the \fBpasswd\fR command. The
160 -\fBpam_smb_passwd.so.1\fR module must be added to the system's PAM
161 -configuration to generate an SMB password.
162 -.SS "Escaping Backslash Character"
163 -.LP
164 -For the \fBadd-member\fR, \fBremove-member\fR, and \fBjoin\fR (with \fB-u\fR)
165 -subcommands, the backslash character (\fB\e\fR) is a valid separator between
166 -member or user names and domain names. The backslash character is a shell
167 -special character and must be quoted. For example, you might escape the
168 -backslash character with another backslash character:
169 -\fIdomain\fR\fB\e\e\fR\fIusername\fR. For more information about handling shell
170 -special characters, see the man page for your shell.
171 -.SH OPERANDS
172 -.LP
173 -The \fBsmbadm\fR command uses the following operands:
174 -.sp
175 -.ne 2
176 -.na
177 -\fB\fIdomain\fR\fR
178 -.ad
179 -.sp .6
180 -.RS 4n
122 +.El
123 +.Pp
124 +System local users must have an SMB password for authentication and to gain
125 +access to SMB resources.
126 +This password is created by using the
127 +.Xr passwd 1
128 +command when the
129 +.Sy pam_smb_password
130 +module is added to the system's PAM configuration.
131 +See the
132 +.Xr pam_smb_passwd 5
133 +man page.
134 +.Pp
135 +The
136 +.Cm disable-user
137 +and
138 +.Cm enable-user
139 +subcommands control SMB password-generation for a specified local user.
140 +When disabled, the user is prevented from connecting to the SMB service.
141 +By default, SMB password-generation is enabled for all local users.
142 +.Pp
143 +To reenable a disabled user, you must use the
144 +.Cm enable-user
145 +subcommand and then reset the user's password by using the
146 +.Nm passwd
147 +command.
148 +The
149 +.Pa pam_smb_passwd.so.1
150 +module must be added to the system's PAM configuration to generate an SMB
151 +password.
152 +.Ss Escaping Backslash Character
153 +For the
154 +.Cm add-member ,
155 +.Cm remove-member ,
156 +and
157 +.Cm join
158 +.Po with
159 +.Fl u
160 +.Pc
161 +subcommands, the backslash character
162 +.Pq Qq \e
163 +is a valid separator between member or user names and domain names.
164 +The backslash character is a shell special character and must be quoted.
165 +For example, you might escape the backslash character with another backslash
166 +character:
167 +.Ar domain Ns \e\e Ns Ar username .
168 +For more information about handling shell special characters, see the man page
169 +for your shell.
170 +.Sh OPERANDS
171 +The
172 +.Nm
173 +command uses the following operands:
174 +.Bl -tag -width "username"
175 +.It Ar domain
181 176 Specifies the name of an existing Windows domain to join.
182 -.RE
183 -
184 -.sp
185 -.ne 2
186 -.na
187 -\fB\fIgroup\fR\fR
188 -.ad
189 -.sp .6
190 -.RS 4n
191 -Specifies the name of the \fBCIFS\fR local group.
192 -.RE
193 -
194 -.sp
195 -.ne 2
196 -.na
197 -\fB\fIusername\fR\fR
198 -.ad
199 -.sp .6
200 -.RS 4n
201 -Specifies the name of a Solaris local user.
202 -.RE
203 -
204 -.SH SUBCOMMANDS
205 -.LP
206 -The \fBsmbadm\fR command includes these subcommands:
207 -.sp
208 -.ne 2
209 -.na
210 -\fB\fBadd-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.]
211 -\fIgroup\fR\fR
212 -.ad
213 -.sp .6
214 -.RS 4n
215 -Adds the specified member to the specified \fBCIFS\fR local group. The \fB-m\fR
216 -\fImember\fR option specifies the name of a \fBCIFS\fR local group member. The
217 -member name must include an existing user name and an optional domain name.
218 -.sp
177 +.It Ar group
178 +Specifies the name of the SMB local group.
179 +.It Ar username
180 +Specifies the name of a system local user.
181 +.El
182 +.Sh SUBCOMMANDS
183 +The
184 +.Nm
185 +command includes these subcommands:
186 +.Bl -tag -width Ds
187 +.It Xo
188 +.Cm create
189 +.Op Fl d Ar description
190 +.Ar group
191 +.Xc
192 +Creates a SMB local group with the specified name.
193 +You can optionally specify a description of the group by using the
194 +.Fl d
195 +option.
196 +.It Xo
197 +.Cm delete
198 +.Ar group
199 +.Xc
200 +Deletes the specified SMB local group.
201 +The built-in groups cannot be deleted.
202 +.It Xo
203 +.Cm rename
204 +.Ar group new-group
205 +.Xc
206 +Renames the specified SMB local group.
207 +The group must already exist.
208 +The built-in groups cannot be renamed.
209 +.It Xo
210 +.Cm show
211 +.Op Fl mp
212 +.Op Ar group
213 +.Xc
214 +Shows information about the specified SMB local group or groups.
215 +If no group is specified, information is shown for all groups.
216 +If the
217 +.Fl m
218 +option is specified, the group members are also shown.
219 +If the
220 +.Fl p
221 +option is specified, the group privileges are also shown.
222 +.It Xo
223 +.Cm get
224 +.Oo Fl p Ar property Ns = Ns Ar value Oc Ns ...
225 +.Ar group
226 +.Xc
227 +Retrieves property values for the specified group.
228 +If no property is specified, all property values are shown.
229 +.It Xo
230 +.Cm set
231 +.Fl p Ar property Ns = Ns Ar value
232 +.Oo Fl p Ar property Ns = Ns Ar value Oc Ns ...
233 +.Ar group
234 +.Xc
235 +Sets configuration properties for a SMB local group.
236 +The description and the privileges for the built-in groups cannot be changed.
237 +.Pp
238 +The
239 +.Fl p Ar property Ns = Ns Ar value
240 +option specifies the list of properties to be set on the specified group.
241 +.Pp
242 +The group-related properties are as follows:
243 +.Bl -tag -width Ds
244 +.It Cm backup Ns = Ns Cm on Ns | Ns Cm off
245 +Specifies whether members of the SMB local group can bypass file access controls
246 +to back up file system objects.
247 +.It Cm description Ns = Ns Ar description-text
248 +Specifies a text description for the SMB local group.
249 +.It Cm restore Ns = Ns Cm on Ns | Ns Cm off
250 +Specifies whether members of the SMB local group can bypass file access controls
251 +to restore file system objects.
252 +.It Cm take-ownership Ns = Ns Cm on Ns | Ns Cm off
253 +Specifies whether members of the SMB local group can take ownership of file
254 +system objects.
255 +.El
256 +.It Xo
257 +.Cm add-member
258 +.Fl m Ar member Oo Fl m Ar member Oc Ns ...
259 +.Ar group
260 +.Xc
261 +Adds the specified member to the specified SMB local group.
262 +The
263 +.Fl m Ar member
264 +option specifies the name of a SMB local group member.
265 +The member name must include an existing user name and an optional domain name.
266 +.Pp
219 267 Specify the member name in either of the following formats:
220 -.sp
221 -.in +2
222 -.nf
223 -[\fIdomain\fR\e]\fIusername\fR
224 -[\fIdomain\fR/]\fIusername\fR
225 -.fi
226 -.in -2
227 -.sp
228 -
229 -For example, a valid member name might be \fBsales\eterry\fR or
230 -\fBsales/terry\fR, where \fBsales\fR is the Windows domain name and \fBterry\fR
231 -is the name of a user in the \fBsales\fR domain.
232 -.RE
233 -
234 -.sp
235 -.ne 2
236 -.na
237 -\fB\fBcreate\fR [\fB-d\fR \fIdescription\fR] \fIgroup\fR\fR
238 -.ad
239 -.sp .6
240 -.RS 4n
241 -Creates a \fBCIFS\fR local group with the specified name. You can optionally
242 -specify a description of the group by using the \fB-d\fR option.
243 -.RE
244 -
245 -.sp
246 -.ne 2
247 -.na
248 -\fB\fBdelete\fR \fIgroup\fR\fR
249 -.ad
250 -.sp .6
251 -.RS 4n
252 -Deletes the specified \fBCIFS\fR local group. The built-in groups cannot be
253 -deleted.
254 -.RE
255 -
256 -.sp
257 -.ne 2
258 -.na
259 -\fB\fBdisable\fR \fIusername\fR\fR
260 -.ad
261 -.sp .6
262 -.RS 4n
263 -Disables SMB password-generation capabilities for the specified local user. A
264 -disabled local user is prevented from accessing the system by means of the CIFS
265 -service. When a local user account is disabled, you cannot use the \fBpasswd\fR
266 -command to modify the user's SMB password until the user account is reenabled.
267 -.RE
268 -
269 -.sp
270 -.ne 2
271 -.na
272 -\fB\fBenable\fR \fIusername\fR\fR
273 -.ad
274 -.sp .6
275 -.RS 4n
276 -Enables SMB password-generation capabilities for the specified local user.
277 -After the password-generation capabilities are reenabled, you must use the
278 -\fBpasswd\fR command to generate the SMB password for the local user before he
279 -can connect to the CIFS service.
280 -.sp
281 -The \fBpasswd\fR command manages both the Solaris password and SMB password for
282 -this user if the \fBpam_smb_passwd\fR module has been added to the system's PAM
283 -configuration.
284 -.RE
285 -
286 -.sp
287 -.ne 2
288 -.na
289 -\fB\fBget\fR [[\fB-p\fR \fIproperty\fR=\fIvalue\fR] \&.\|.\|.] \fIgroup\fR\fR
290 -.ad
291 -.sp .6
292 -.RS 4n
293 -Retrieves property values for the specified group. If no property is specified,
294 -all property values are shown.
295 -.RE
296 -
297 -.sp
298 -.ne 2
299 -.na
300 -\fB\fBjoin\fR \fB[-y] -u\fR \fIusername\fR \fIdomain\fR\fR
301 -.ad
302 -.sp .6
303 -.RS 4n
304 -Joins a Windows domain or a workgroup.
305 -.sp
306 -The default mode for the \fBCIFS\fR service is workgroup mode, which uses the
307 -default workgroup name, \fBWORKGROUP\fR.
308 -.sp
268 +.Bd -literal -offset indent
269 +[domain\e]username
270 +[domain/]username
271 +.Ed
272 +.Pp
273 +For example, a valid member name might be
274 +.Sy sales\eterry
275 +or
276 +.Sy sales/terry ,
277 +where
278 +.Sy sales
279 +is the Windows domain name and
280 +.Sy terry
281 +is the name of a user in the
282 +.Sy sales
283 +domain.
284 +.It Xo
285 +.Cm remove-member
286 +.Fl m Ar member Oo Fl m Ar member Oc Ns ...
287 +.Ar group
288 +.Xc
289 +Removes the specified member from the specified SMB local group.
290 +The
291 +.Fl m Ar member
292 +option specifies the name of a SMB local group member.
293 +The member name must include an existing user name and an optional domain name.
294 +.Pp
295 +Specify the member name in either of the following formats:
296 +.Bd -literal -offset indent
297 +[domain\e]username
298 +[domain/]username
299 +.Ed
300 +.Pp
301 +For example, a valid member name might be
302 +.Sy sales\eterry
303 +or
304 +.Sy sales/terry ,
305 +where
306 +.Sy sales
307 +is the Windows domain name and
308 +.Sy terry
309 +is the name of a user in the
310 +.Sy sales
311 +domain.
312 +.It Xo
313 +.Cm delete-user
314 +.Ar username
315 +.Xc
316 +Deletes SMB password for the specified local user effectively preventing the
317 +access by means of the SMB service.
318 +Use
319 +.Nm passwd
320 +command to create the SMB password and re-enable access.
321 +.It Xo
322 +.Cm disable-user
323 +.Ar username
324 +.Xc
325 +Disables SMB password-generation capabilities for the specified local user
326 +effectively preventing access by means of the SMB service.
327 +When a local user account is disabled, you cannot use the
328 +.Nm passwd
329 +command to modify the user's SMB password until the user account is re-enabled.
330 +.It Xo
331 +.Cm enable-user
332 +.Ar username
333 +.Xc
334 +Enables SMB password-generation capabilities for the specified local user and
335 +re-enables access.
336 +After the password-generation capabilities are re-enabled, use the
337 +.Nm passwd
338 +command to generate the SMB password for the local user.
339 +.Pp
340 +The
341 +.Nm passwd
342 +command manages both the system password and SMB password for this user if the
343 +.Pa pam_smb_passwd
344 +module has been added to the system's PAM configuration.
345 +.It Xo
346 +.Cm join
347 +.Op Fl y
348 +.Fl u Ar username
349 +.Ar domain
350 +.Xc
351 +Joins a Windows domain.
352 +.Pp
309 353 An authenticated user account is required to join a domain, so you must specify
310 -the Windows administrative user name with the \fB-u\fR option. If the password
311 -is not specified on the command line, the user is prompted for it. This user
312 -should be the domain administrator or any user who has administrative
354 +the Windows administrative user name with the
355 +.Fl u
356 +option.
357 +If the password is not specified on the command line, the user is prompted for
358 +it.
359 +This user should be the domain administrator or any user who has administrative
313 360 privileges for the target domain.
314 -.sp
315 -\fIusername\fR and \fIdomain\fR can be entered in any of the following formats:
316 -.sp
317 -.in +2
318 -.nf
319 -\fIusername\fR[+\fIpassword\fR] \fIdomain\fR
320 -\fIdomain\fR\e\fIusername\fR[+\fIpassword\fR]
321 -\fIdomain\fR/\fIusername\fR[+\fIpassword\fR]
322 -\fIusername\fR@\fIdomain\fR
323 -.fi
324 -.in -2
325 -.sp
326 -
327 -\&...where \fIdomain\fR can be the NetBIOS or DNS domain name.
328 -.sp
329 -If a machine trust account for the system already exists on a domain
330 -controller, any authenticated user account can be used when joining the domain.
331 -However, if the machine trust account does \fBnot\fR already exist, an account
332 -that has administrative privileges on the domain is required to join the
333 -domain.
334 -Specifying \fB-y\fR will bypass the smb service restart prompt.
335 -.RE
336 -
337 -.sp
338 -.ne 2
339 -.na
340 -\fB\fBjoin\fR \fB[-y] -w\fR \fIworkgroup\fR\fR
341 -.ad
342 -.sp .6
343 -.RS 4n
344 -Joins a Windows domain or a workgroup.
345 -.sp
346 -The \fB-w\fR \fIworkgroup\fR option specifies the name of the workgroup to join
347 -when using the \fBjoin\fR subcommand.
348 -Specifying \fB-y\fR will bypass the smb service restart prompt.
349 -.RE
350 -
351 -.sp
352 -.ne 2
353 -.na
354 -\fB\fBlist\fR\fR
355 -.ad
356 -.sp .6
357 -.RS 4n
358 -Shows information about the current workgroup or domain. The information
359 -typically includes the workgroup name or the primary domain name. When in
360 -domain mode, the information includes domain controller names and trusted
361 -domain names.
362 -.sp
361 +.Pp
362 +.Ar username
363 +and
364 +.Ar domain
365 +can be entered in any of the following formats:
366 +.Bd -literal -offset indent
367 +username[+password] domain
368 +domain\eusername[+password]
369 +domain/username[+password]
370 +username@domain
371 +.Ed
372 +.Pp
373 +\&...where
374 +.Ar domain
375 +can be the NetBIOS or DNS domain name.
376 +.Pp
377 +If a machine trust account for the system already exists on a domain controller,
378 +any authenticated user account can be used when joining the domain.
379 +However, if the machine trust account does
380 +.Em not
381 +already exist, an account that has administrative privileges on the domain is
382 +required to join the domain.
383 +Specifying
384 +.Fl y
385 +will bypass the SMB service restart prompt.
386 +.It Xo
387 +.Cm join
388 +.Op Fl y
389 +.Fl w Ar workgroup
390 +.Xc
391 +Joins a Windows workgroup.
392 +.Pp
393 +The default mode for the SMB service is workgroup mode, which uses the default
394 +workgroup name,
395 +.Qq WORKGROUP .
396 +.Pp
397 +The
398 +.Fl w Ar workgroup
399 +option specifies the name of the workgroup to join when using the
400 +.Cm join
401 +subcommand.
402 +Specifying
403 +.Fl y
404 +will bypass the SMB service restart prompt.
405 +.It Cm list
406 +Shows information about the current workgroup or domain.
407 +The information typically includes the workgroup name or the primary domain
408 +name.
409 +When in domain mode, the information includes domain controller names and
410 +trusted domain names.
411 +.Pp
363 412 Each entry in the ouput is identified by one of the following tags:
364 -.sp
365 -.ne 2
366 -.na
367 -\fB\fB- [*] -\fR\fR
368 -.ad
369 -.RS 11n
413 +.Bl -tag -width "[*]"
414 +.It Sy [*]
370 415 Primary domain
371 -.RE
372 -
373 -.sp
374 -.ne 2
375 -.na
376 -\fB\fB- [.] -\fR\fR
377 -.ad
378 -.RS 11n
416 +.It Sy [.]
379 417 Local domain
380 -.RE
381 -
382 -.sp
383 -.ne 2
384 -.na
385 -\fB\fB- [-] -\fR\fR
386 -.ad
387 -.RS 11n
418 +.It Sy [-]
388 419 Other domains
389 -.RE
390 -
391 -.sp
392 -.ne 2
393 -.na
394 -\fB\fB- [+] -\fR\fR
395 -.ad
396 -.RS 11n
420 +.It Sy [+]
397 421 Selected domain controller
398 -.RE
399 -
400 -.RE
401 -
402 -.sp
403 -.ne 2
404 -.na
405 -\fB\fBlookup\fR\fR \fIaccount-name\fR [\fIaccount-name\fR [\&.\|.\|.]]
406 -
407 -.ad
408 -.sp .6
409 -.RS 4n
410 -Lookup the SID for the given \fIaccount-name\fR, or lookup the
411 -\fIaccount-name\fR for the given SID. This subcommand is
412 -primarily for diagnostic use, to confirm whether the server
422 +.El
423 +.It Xo
424 +.Cm lookup
425 +.Ar account-name Oo Ar account-name Oc Ns ...
426 +.Xc
427 +Lookup the SID for the given
428 +.Ar account-name ,
429 +or lookup the
430 +.Ar account-name
431 +for the given SID.
432 +This subcommand is primarily for diagnostic use, to confirm whether the server
413 433 can lookup domain accounts and/or SIDs.
414 -.RE
415 -
416 -.sp
417 -.ne 2
418 -.na
419 -\fB\fBremove-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.]
420 -\fIgroup\fR\fR
421 -.ad
422 -.sp .6
423 -.RS 4n
424 -Removes the specified member from the specified \fBCIFS\fR local group. The
425 -\fB-m\fR \fImember\fR option specifies the name of a \fBCIFS\fR local group
426 -member. The member name must include an existing user name and an optional
427 -domain name.
428 -.sp
429 -Specify the member name in either of the following formats:
430 -.sp
431 -.in +2
432 -.nf
433 -[\fIdomain\fR\e]\fIusername\fR
434 -[\fIdomain\fR/]\fIusername\fR
435 -.fi
436 -.in -2
437 -.sp
438 -
439 -For example, a valid member name might be \fBsales\eterry\fR or
440 -\fBsales/terry\fR, where \fBsales\fR is the Windows domain name and \fBterry\fR
441 -is the name of a user in the \fBsales\fR domain.
442 -.RE
443 -
444 -.sp
445 -.ne 2
446 -.na
447 -\fB\fBrename\fR \fIgroup\fR \fInew-group\fR\fR
448 -.ad
449 -.sp .6
450 -.RS 4n
451 -Renames the specified \fBCIFS\fR local group. The group must already exist. The
452 -built-in groups cannot be renamed.
453 -.RE
454 -
455 -.sp
456 -.ne 2
457 -.na
458 -\fB\fBset\fR \fB-p\fR \fIproperty\fR=\fIvalue\fR [[\fB-p\fR
459 -\fIproperty\fR=\fIvalue\fR] \&.\|.\|.] \fIgroup\fR\fR
460 -.ad
461 -.sp .6
462 -.RS 4n
463 -Sets configuration properties for a \fBCIFS\fR local group. The description and
464 -the privileges for the built-in groups cannot be changed.
465 -.sp
466 -The \fB-p\fR \fIproperty\fR\fB=\fR\fIvalue\fR option specifies the list of
467 -properties to be set on the specified group.
468 -.sp
469 -The group-related properties are as follows:
470 -.sp
471 -.ne 2
472 -.na
473 -\fB\fBbackup=[on|off]\fR\fR
474 -.ad
475 -.sp .6
476 -.RS 4n
477 -Specifies whether members of the \fBCIFS\fR local group can bypass file access
478 -controls to back up file system objects.
479 -.RE
480 -
481 -.sp
482 -.ne 2
483 -.na
484 -\fB\fBdescription=\fR\fIdescription-text\fR\fR
485 -.ad
486 -.sp .6
487 -.RS 4n
488 -Specifies a text description for the \fBCIFS\fR local group.
489 -.RE
490 -
491 -.sp
492 -.ne 2
493 -.na
494 -\fB\fBrestore=[on|off]\fR\fR
495 -.ad
496 -.sp .6
497 -.RS 4n
498 -Specifies whether members of the \fBCIFS\fR local group can bypass file access
499 -controls to restore file system objects.
500 -.RE
501 -
502 -.sp
503 -.ne 2
504 -.na
505 -\fB\fBtake-ownership=[on|off]\fR\fR
506 -.ad
507 -.sp .6
508 -.RS 4n
509 -Specifies whether members of the \fBCIFS\fR local group can take ownership of
510 -file system objects.
511 -.RE
512 -
513 -.RE
514 -
515 -.sp
516 -.ne 2
517 -.na
518 -\fB\fBshow\fR [\fB-m\fR] [\fB-p\fR] [\fIgroup\fR]\fR
519 -.ad
520 -.sp .6
521 -.RS 4n
522 -Shows information about the specified \fBCIFS\fR local group or groups. If no
523 -group is specified, information is shown for all groups. If the \fB-m\fR option
524 -is specified, the group members are also shown. If the \fB-p\fR option is
525 -specified, the group privileges are also shown.
526 -.RE
527 -
528 -.SH EXIT STATUS
529 -.LP
530 -The following exit values are returned:
531 -.sp
532 -.ne 2
533 -.na
534 -\fB0\fR
535 -.ad
536 -.RS 13n
537 -Successful completion.
538 -.RE
539 -
540 -.sp
541 -.ne 2
542 -.na
543 -\fB>0\fR
544 -.ad
545 -.RS 13n
546 -An error occurred.
547 -.RE
548 -
549 -.SH ATTRIBUTES
550 -.LP
551 -See the \fBattributes\fR(5) man page for descriptions of the following
552 -attributes:
553 -.sp
554 -
555 -.sp
556 -.TS
557 -box;
558 -c | c
559 -l | l .
560 -ATTRIBUTE TYPE ATTRIBUTE VALUE
561 -_
562 -Utility Name and Options Uncommitted
563 -_
564 -Utility Output Format Not-An-Interface
565 -_
566 -\fBsmbadm join\fR Obsolete
567 -.TE
568 -
569 -.SH SEE ALSO
570 -.LP
571 -\fBpasswd\fR(1), \fBgroupadd\fR(1M), \fBidmap\fR(1M), \fBidmapd\fR(1M),
572 -\fBkclient\fR(1M), \fBshare\fR(1M), \fBsharectl\fR(1M), \fBsharemgr\fR(1M),
573 -\fBsmbd\fR(1M), \fBsmbstat\fR(1M), \fBsmb\fR(4), \fBsmbautohome\fR(4),
574 -\fBattributes\fR(5), \fBpam_smb_passwd\fR(5), \fBsmf\fR(5)
434 +.El
435 +.Sh EXIT STATUS
436 +.Ex -std
437 +.Sh INTERFACE STABILITY
438 +Utility name and options are
439 +.Sy Uncommitted .
440 +Utility output format is
441 +.Sy Not-An-Interface .
442 +.Sh SEE ALSO
443 +.Xr passwd 1 ,
444 +.Xr groupadd 1M ,
445 +.Xr idmap 1M ,
446 +.Xr idmapd 1M ,
447 +.Xr kclient 1M ,
448 +.Xr share 1M ,
449 +.Xr sharectl 1M ,
450 +.Xr sharemgr 1M ,
451 +.Xr smbd 1M ,
452 +.Xr smbstat 1M ,
453 +.Xr smb 4 ,
454 +.Xr smbautohome 4 ,
455 +.Xr attributes 5 ,
456 +.Xr pam_smb_passwd 5 ,
457 +.Xr smf 5
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX