10057 Man page misspellings ouput particuliar overriden
Reviewed by: Gergő Mihály Doma <domag02@gmail.com>
1 SMBADM(1M) Maintenance Commands SMBADM(1M)
2
3
4
5 NAME
6 smbadm - configure and manage CIFS local groups and users, and manage
7 domain membership
8
9 SYNOPSIS
10 smbadm add-member -m member [[-m member] ...] group
11
12
13 smbadm create [-d description] group
14
15
16 smbadm delete group
17
18
19 smbadm disable-user username
20
21
22 smbadm enable-user username
23
24
25 smbadm get [[-p property] ...] group
26
27
28 smbadm join [-y] -u username domain
29
30
31 smbadm join [-y] -w workgroup
32
33
34 smbadm list
35
36
37 smbadm lookup account-name [account-name [...]]
38
39
40 smbadm remove-member -m member [[-m member] ...] group
41
42
43 smbadm rename group new-group
44
45
46 smbadm set -p property=value [[-p property=value] ...] group
47
48
49 smbadm show [-m] [-p] [group]
50
51
52 DESCRIPTION
53 The smbadm command is used to configure CIFS local groups and to manage
54 domain membership. You can also use the smbadm command to enable or
55 disable SMB password generation for individual local users.
56
57
58 CIFS local groups can be used when Windows accounts must be members of
59 some local groups and when Windows style privileges must be granted.
60 Solaris local groups cannot provide these functions.
61
62
63 There are two types of local groups: user defined and built-in. Built-
64 in local groups are predefined local groups to support common
65 administration tasks.
66
67
68 In order to provide proper identity mapping between CIFS local groups
69 and Solaris groups, a CIFS local group must have a corresponding
70 Solaris group. This requirement has two consequences: first, the group
71 name must conform to the intersection of the Windows and Solaris group
72 name rules. Thus, a CIFS local group name can be up to eight (8)
73 characters long and contain only lowercase characters and numbers.
74 Second, a Solaris local group has to be created before a CIFS local
75 group can be created.
76
77
78 Built-in groups are standard Windows groups and are predefined by the
79 CIFS service. The built-in groups cannot be added, removed, or renamed,
80 and these groups do not follow the CIFS local group naming conventions.
81
82
83 When the CIFS server is started, the following built-in groups are
84 available:
85
86 Administrators
87
88 Group members can administer the system.
89
90
91 Backup Operators
92
93 Group members can bypass file access controls to back up and
94 restore files.
95
96
97 Power Users
98
99 Group members can share directories.
100
101
102
103 Solaris local users must have an SMB password for authentication and to
104 gain access to CIFS resources. This password is created by using the
105 passwd(1) command when the pam_smb_password module is added to the
106 system's PAM configuration. See the pam_smb_passwd(5) man page.
107
108
109 The disable-user and enable-user subcommands control SMB password-
110 generation for a specified local user. When disabled, the user is
111 prevented from connecting to the Solaris CIFS service. By default, SMB
112 password-generation is enabled for all local users.
113
114
115 To reenable a disabled user, you must use the enable-user subcommand
116 and then reset the user's password by using the passwd command. The
117 pam_smb_passwd.so.1 module must be added to the system's PAM
118 configuration to generate an SMB password.
119
120 Escaping Backslash Character
121 For the add-member, remove-member, and join (with -u) subcommands, the
122 backslash character (\) is a valid separator between member or user
123 names and domain names. The backslash character is a shell special
124 character and must be quoted. For example, you might escape the
125 backslash character with another backslash character: domain\\username.
126 For more information about handling shell special characters, see the
127 man page for your shell.
128
129 OPERANDS
130 The smbadm command uses the following operands:
131
132 domain
133
134 Specifies the name of an existing Windows domain to join.
135
136
137 group
138
139 Specifies the name of the CIFS local group.
140
141
142 username
143
144 Specifies the name of a Solaris local user.
145
146
147 SUBCOMMANDS
148 The smbadm command includes these subcommands:
149
150 add-member -m member [[-m member] ...] group
151
152 Adds the specified member to the specified CIFS local group. The -m
153 member option specifies the name of a CIFS local group member. The
154 member name must include an existing user name and an optional
155 domain name.
156
157 Specify the member name in either of the following formats:
158
159 [domain\]username
160 [domain/]username
161
162
163 For example, a valid member name might be sales\terry or
164 sales/terry, where sales is the Windows domain name and terry is
165 the name of a user in the sales domain.
166
167
168 create [-d description] group
169
170 Creates a CIFS local group with the specified name. You can
171 optionally specify a description of the group by using the -d
172 option.
173
174
175 delete group
176
177 Deletes the specified CIFS local group. The built-in groups cannot
178 be deleted.
179
180
181 disable username
182
183 Disables SMB password-generation capabilities for the specified
184 local user. A disabled local user is prevented from accessing the
185 system by means of the CIFS service. When a local user account is
186 disabled, you cannot use the passwd command to modify the user's
187 SMB password until the user account is reenabled.
188
189
190 enable username
191
192 Enables SMB password-generation capabilities for the specified
193 local user. After the password-generation capabilities are
194 reenabled, you must use the passwd command to generate the SMB
195 password for the local user before he can connect to the CIFS
196 service.
197
198 The passwd command manages both the Solaris password and SMB
199 password for this user if the pam_smb_passwd module has been added
200 to the system's PAM configuration.
201
202
203 get [[-p property=value] ...] group
204
205 Retrieves property values for the specified group. If no property
206 is specified, all property values are shown.
207
208
209 join [-y] -u username domain
210
211 Joins a Windows domain or a workgroup.
212
213 The default mode for the CIFS service is workgroup mode, which uses
214 the default workgroup name, WORKGROUP.
215
216 An authenticated user account is required to join a domain, so you
217 must specify the Windows administrative user name with the -u
218 option. If the password is not specified on the command line, the
219 user is prompted for it. This user should be the domain
220 administrator or any user who has administrative privileges for the
221 target domain.
222
223 username and domain can be entered in any of the following formats:
224
225 username[+password] domain
226 domain\username[+password]
227 domain/username[+password]
228 username@domain
229
230
231 ...where domain can be the NetBIOS or DNS domain name.
232
233 If a machine trust account for the system already exists on a
234 domain controller, any authenticated user account can be used when
235 joining the domain. However, if the machine trust account does not
236 already exist, an account that has administrative privileges on the
237 domain is required to join the domain. Specifying -y will bypass
238 the smb service restart prompt.
239
240
241 join [-y] -w workgroup
242
243 Joins a Windows domain or a workgroup.
244
245 The -w workgroup option specifies the name of the workgroup to join
246 when using the join subcommand. Specifying -y will bypass the smb
247 service restart prompt.
248
249
250 list
251
252 Shows information about the current workgroup or domain. The
253 information typically includes the workgroup name or the primary
254 domain name. When in domain mode, the information includes domain
255 controller names and trusted domain names.
256
257 Each entry in the ouput is identified by one of the following tags:
258
259 - [*] -
260 Primary domain
261
262
263 - [.] -
264 Local domain
265
266
267 - [-] -
268 Other domains
269
270
271 - [+] -
272 Selected domain controller
273
274
275
276 lookup account-name [account-name [...]]
277
278
279 Lookup the SID for the given account-name, or lookup the account-
280 name for the given SID. This subcommand is primarily for
281 diagnostic use, to confirm whether the server can lookup domain
282 accounts and/or SIDs.
283
284
285 remove-member -m member [[-m member] ...] group
286
287 Removes the specified member from the specified CIFS local group.
288 The -m member option specifies the name of a CIFS local group
289 member. The member name must include an existing user name and an
290 optional domain name.
291
292 Specify the member name in either of the following formats:
293
294 [domain\]username
295 [domain/]username
296
297
298 For example, a valid member name might be sales\terry or
299 sales/terry, where sales is the Windows domain name and terry is
300 the name of a user in the sales domain.
301
302
303 rename group new-group
304
305 Renames the specified CIFS local group. The group must already
306 exist. The built-in groups cannot be renamed.
307
308
309 set -p property=value [[-p property=value] ...] group
310
311 Sets configuration properties for a CIFS local group. The
312 description and the privileges for the built-in groups cannot be
313 changed.
314
315 The -p property=value option specifies the list of properties to be
316 set on the specified group.
317
318 The group-related properties are as follows:
319
320 backup=[on|off]
321
322 Specifies whether members of the CIFS local group can bypass
323 file access controls to back up file system objects.
324
325
326 description=description-text
327
328 Specifies a text description for the CIFS local group.
329
330
331 restore=[on|off]
332
333 Specifies whether members of the CIFS local group can bypass
334 file access controls to restore file system objects.
335
336
337 take-ownership=[on|off]
338
339 Specifies whether members of the CIFS local group can take
340 ownership of file system objects.
341
342
343
344 show [-m] [-p] [group]
345
346 Shows information about the specified CIFS local group or groups.
347 If no group is specified, information is shown for all groups. If
348 the -m option is specified, the group members are also shown. If
349 the -p option is specified, the group privileges are also shown.
350
351
352 EXIT STATUS
353 The following exit values are returned:
354
355 0
356 Successful completion.
357
358
359 >0
360 An error occurred.
361
362
363 ATTRIBUTES
364 See the attributes(5) man page for descriptions of the following
365 attributes:
366
367
368
369
370 +-------------------------+------------------+
371 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
372 +-------------------------+------------------+
373 |Utility Name and Options | Uncommitted |
374 +-------------------------+------------------+
375 |Utility Output Format | Not-An-Interface |
376 +-------------------------+------------------+
377 |smbadm join | Obsolete |
378 +-------------------------+------------------+
379
380 SEE ALSO
381 passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
382 sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4),
383 smbautohome(4), attributes(5), pam_smb_passwd(5), smf(5)
384
385
386
387 April 9, 2016 SMBADM(1M)
--- EOF ---