Print this page
10057 Man page misspellings ouput particuliar overriden
Reviewed by: Gergő Mihály Doma <domag02@gmail.com>
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/man/man1m/smbadm.1m.man.txt
+++ new/usr/src/man/man1m/smbadm.1m.man.txt
1 1 SMBADM(1M) Maintenance Commands SMBADM(1M)
2 2
3 3
4 4
5 5 NAME
6 6 smbadm - configure and manage CIFS local groups and users, and manage
7 7 domain membership
8 8
9 9 SYNOPSIS
10 10 smbadm add-member -m member [[-m member] ...] group
11 11
12 12
13 13 smbadm create [-d description] group
14 14
15 15
16 16 smbadm delete group
17 17
18 18
19 19 smbadm disable-user username
20 20
21 21
22 22 smbadm enable-user username
23 23
24 24
25 25 smbadm get [[-p property] ...] group
26 26
27 27
28 28 smbadm join [-y] -u username domain
29 29
30 30
31 31 smbadm join [-y] -w workgroup
32 32
33 33
34 34 smbadm list
35 35
36 36
37 37 smbadm lookup account-name [account-name [...]]
38 38
39 39
40 40 smbadm remove-member -m member [[-m member] ...] group
41 41
42 42
43 43 smbadm rename group new-group
44 44
45 45
46 46 smbadm set -p property=value [[-p property=value] ...] group
47 47
48 48
49 49 smbadm show [-m] [-p] [group]
50 50
51 51
52 52 DESCRIPTION
53 53 The smbadm command is used to configure CIFS local groups and to manage
54 54 domain membership. You can also use the smbadm command to enable or
55 55 disable SMB password generation for individual local users.
56 56
57 57
58 58 CIFS local groups can be used when Windows accounts must be members of
59 59 some local groups and when Windows style privileges must be granted.
60 60 Solaris local groups cannot provide these functions.
61 61
62 62
63 63 There are two types of local groups: user defined and built-in. Built-
64 64 in local groups are predefined local groups to support common
65 65 administration tasks.
66 66
67 67
68 68 In order to provide proper identity mapping between CIFS local groups
69 69 and Solaris groups, a CIFS local group must have a corresponding
70 70 Solaris group. This requirement has two consequences: first, the group
71 71 name must conform to the intersection of the Windows and Solaris group
72 72 name rules. Thus, a CIFS local group name can be up to eight (8)
73 73 characters long and contain only lowercase characters and numbers.
74 74 Second, a Solaris local group has to be created before a CIFS local
75 75 group can be created.
76 76
77 77
78 78 Built-in groups are standard Windows groups and are predefined by the
79 79 CIFS service. The built-in groups cannot be added, removed, or renamed,
80 80 and these groups do not follow the CIFS local group naming conventions.
81 81
82 82
83 83 When the CIFS server is started, the following built-in groups are
84 84 available:
85 85
86 86 Administrators
87 87
88 88 Group members can administer the system.
89 89
90 90
91 91 Backup Operators
92 92
93 93 Group members can bypass file access controls to back up and
94 94 restore files.
95 95
96 96
97 97 Power Users
98 98
99 99 Group members can share directories.
100 100
101 101
102 102
103 103 Solaris local users must have an SMB password for authentication and to
104 104 gain access to CIFS resources. This password is created by using the
105 105 passwd(1) command when the pam_smb_password module is added to the
106 106 system's PAM configuration. See the pam_smb_passwd(5) man page.
107 107
108 108
109 109 The disable-user and enable-user subcommands control SMB password-
110 110 generation for a specified local user. When disabled, the user is
111 111 prevented from connecting to the Solaris CIFS service. By default, SMB
112 112 password-generation is enabled for all local users.
113 113
114 114
115 115 To reenable a disabled user, you must use the enable-user subcommand
116 116 and then reset the user's password by using the passwd command. The
117 117 pam_smb_passwd.so.1 module must be added to the system's PAM
118 118 configuration to generate an SMB password.
119 119
120 120 Escaping Backslash Character
121 121 For the add-member, remove-member, and join (with -u) subcommands, the
122 122 backslash character (\) is a valid separator between member or user
123 123 names and domain names. The backslash character is a shell special
124 124 character and must be quoted. For example, you might escape the
125 125 backslash character with another backslash character: domain\\username.
126 126 For more information about handling shell special characters, see the
127 127 man page for your shell.
128 128
129 129 OPERANDS
130 130 The smbadm command uses the following operands:
131 131
132 132 domain
133 133
134 134 Specifies the name of an existing Windows domain to join.
135 135
136 136
137 137 group
138 138
139 139 Specifies the name of the CIFS local group.
140 140
141 141
142 142 username
143 143
144 144 Specifies the name of a Solaris local user.
145 145
146 146
147 147 SUBCOMMANDS
148 148 The smbadm command includes these subcommands:
149 149
150 150 add-member -m member [[-m member] ...] group
151 151
152 152 Adds the specified member to the specified CIFS local group. The -m
153 153 member option specifies the name of a CIFS local group member. The
154 154 member name must include an existing user name and an optional
155 155 domain name.
156 156
157 157 Specify the member name in either of the following formats:
158 158
159 159 [domain\]username
160 160 [domain/]username
161 161
162 162
163 163 For example, a valid member name might be sales\terry or
164 164 sales/terry, where sales is the Windows domain name and terry is
165 165 the name of a user in the sales domain.
166 166
167 167
168 168 create [-d description] group
169 169
170 170 Creates a CIFS local group with the specified name. You can
171 171 optionally specify a description of the group by using the -d
172 172 option.
173 173
174 174
175 175 delete group
176 176
177 177 Deletes the specified CIFS local group. The built-in groups cannot
178 178 be deleted.
179 179
180 180
181 181 disable username
182 182
183 183 Disables SMB password-generation capabilities for the specified
184 184 local user. A disabled local user is prevented from accessing the
185 185 system by means of the CIFS service. When a local user account is
186 186 disabled, you cannot use the passwd command to modify the user's
187 187 SMB password until the user account is reenabled.
188 188
189 189
190 190 enable username
191 191
192 192 Enables SMB password-generation capabilities for the specified
193 193 local user. After the password-generation capabilities are
194 194 reenabled, you must use the passwd command to generate the SMB
195 195 password for the local user before he can connect to the CIFS
196 196 service.
197 197
198 198 The passwd command manages both the Solaris password and SMB
199 199 password for this user if the pam_smb_passwd module has been added
200 200 to the system's PAM configuration.
201 201
202 202
203 203 get [[-p property=value] ...] group
204 204
205 205 Retrieves property values for the specified group. If no property
206 206 is specified, all property values are shown.
207 207
208 208
209 209 join [-y] -u username domain
210 210
211 211 Joins a Windows domain or a workgroup.
212 212
213 213 The default mode for the CIFS service is workgroup mode, which uses
214 214 the default workgroup name, WORKGROUP.
215 215
216 216 An authenticated user account is required to join a domain, so you
217 217 must specify the Windows administrative user name with the -u
218 218 option. If the password is not specified on the command line, the
219 219 user is prompted for it. This user should be the domain
220 220 administrator or any user who has administrative privileges for the
221 221 target domain.
222 222
223 223 username and domain can be entered in any of the following formats:
224 224
225 225 username[+password] domain
226 226 domain\username[+password]
227 227 domain/username[+password]
228 228 username@domain
229 229
230 230
231 231 ...where domain can be the NetBIOS or DNS domain name.
232 232
233 233 If a machine trust account for the system already exists on a
234 234 domain controller, any authenticated user account can be used when
235 235 joining the domain. However, if the machine trust account does not
236 236 already exist, an account that has administrative privileges on the
237 237 domain is required to join the domain. Specifying -y will bypass
238 238 the smb service restart prompt.
239 239
240 240
241 241 join [-y] -w workgroup
242 242
243 243 Joins a Windows domain or a workgroup.
244 244
245 245 The -w workgroup option specifies the name of the workgroup to join
246 246 when using the join subcommand. Specifying -y will bypass the smb
↓ open down ↓ |
246 lines elided |
↑ open up ↑ |
247 247 service restart prompt.
248 248
249 249
250 250 list
251 251
252 252 Shows information about the current workgroup or domain. The
253 253 information typically includes the workgroup name or the primary
254 254 domain name. When in domain mode, the information includes domain
255 255 controller names and trusted domain names.
256 256
257 - Each entry in the ouput is identified by one of the following tags:
257 + Each entry in the output is identified by one of the following
258 + tags:
258 259
259 260 - [*] -
260 261 Primary domain
261 262
262 263
263 264 - [.] -
264 265 Local domain
265 266
266 267
267 268 - [-] -
268 269 Other domains
269 270
270 271
271 272 - [+] -
272 273 Selected domain controller
273 274
274 275
275 276
276 277 lookup account-name [account-name [...]]
277 278
278 279
279 280 Lookup the SID for the given account-name, or lookup the account-
280 281 name for the given SID. This subcommand is primarily for
281 282 diagnostic use, to confirm whether the server can lookup domain
282 283 accounts and/or SIDs.
283 284
284 285
285 286 remove-member -m member [[-m member] ...] group
286 287
287 288 Removes the specified member from the specified CIFS local group.
288 289 The -m member option specifies the name of a CIFS local group
289 290 member. The member name must include an existing user name and an
290 291 optional domain name.
291 292
292 293 Specify the member name in either of the following formats:
293 294
294 295 [domain\]username
295 296 [domain/]username
296 297
297 298
298 299 For example, a valid member name might be sales\terry or
299 300 sales/terry, where sales is the Windows domain name and terry is
300 301 the name of a user in the sales domain.
301 302
302 303
303 304 rename group new-group
304 305
305 306 Renames the specified CIFS local group. The group must already
306 307 exist. The built-in groups cannot be renamed.
307 308
308 309
309 310 set -p property=value [[-p property=value] ...] group
310 311
311 312 Sets configuration properties for a CIFS local group. The
312 313 description and the privileges for the built-in groups cannot be
313 314 changed.
314 315
315 316 The -p property=value option specifies the list of properties to be
316 317 set on the specified group.
317 318
318 319 The group-related properties are as follows:
319 320
320 321 backup=[on|off]
321 322
322 323 Specifies whether members of the CIFS local group can bypass
323 324 file access controls to back up file system objects.
324 325
325 326
326 327 description=description-text
327 328
328 329 Specifies a text description for the CIFS local group.
329 330
330 331
331 332 restore=[on|off]
332 333
333 334 Specifies whether members of the CIFS local group can bypass
334 335 file access controls to restore file system objects.
335 336
336 337
337 338 take-ownership=[on|off]
338 339
339 340 Specifies whether members of the CIFS local group can take
340 341 ownership of file system objects.
341 342
342 343
343 344
344 345 show [-m] [-p] [group]
345 346
346 347 Shows information about the specified CIFS local group or groups.
347 348 If no group is specified, information is shown for all groups. If
348 349 the -m option is specified, the group members are also shown. If
349 350 the -p option is specified, the group privileges are also shown.
350 351
351 352
352 353 EXIT STATUS
353 354 The following exit values are returned:
354 355
355 356 0
356 357 Successful completion.
357 358
358 359
359 360 >0
360 361 An error occurred.
361 362
362 363
363 364 ATTRIBUTES
364 365 See the attributes(5) man page for descriptions of the following
365 366 attributes:
366 367
367 368
368 369
369 370
370 371 +-------------------------+------------------+
371 372 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
372 373 +-------------------------+------------------+
373 374 |Utility Name and Options | Uncommitted |
374 375 +-------------------------+------------------+
375 376 |Utility Output Format | Not-An-Interface |
376 377 +-------------------------+------------------+
377 378 |smbadm join | Obsolete |
378 379 +-------------------------+------------------+
379 380
380 381 SEE ALSO
381 382 passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
382 383 sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4),
383 384 smbautohome(4), attributes(5), pam_smb_passwd(5), smf(5)
384 385
385 386
386 387
387 388 April 9, 2016 SMBADM(1M)
↓ open down ↓ |
120 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX