Print this page
10057 Man page misspellings ouput particuliar overriden
Reviewed by: Gergő Mihály Doma <domag02@gmail.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/smbadm.1m
+++ new/usr/src/man/man1m/smbadm.1m
1 1 '\" te
2 2 .\" Copyright 2014 Nexenta Systems, Inc. All rights reserved.
3 3 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
4 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 7 .TH SMBADM 1M "April 9, 2016"
8 8 .SH NAME
9 9 smbadm \- configure and manage CIFS local groups and users, and manage domain
10 10 membership
11 11 .SH SYNOPSIS
12 12 .LP
13 13 .nf
14 14 \fBsmbadm add-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.] \fIgroup\fR
15 15 .fi
16 16
17 17 .LP
18 18 .nf
19 19 \fBsmbadm create\fR [-d \fIdescription\fR] \fIgroup\fR
20 20 .fi
21 21
22 22 .LP
23 23 .nf
24 24 \fBsmbadm delete\fR \fIgroup\fR
25 25 .fi
26 26
27 27 .LP
28 28 .nf
29 29 \fBsmbadm disable-user\fR \fIusername\fR
30 30 .fi
31 31
32 32 .LP
33 33 .nf
34 34 \fBsmbadm enable-user\fR \fIusername\fR
35 35 .fi
36 36
37 37 .LP
38 38 .nf
39 39 \fBsmbadm get\fR [[-p \fIproperty\fR] \&.\|.\|.] \fIgroup\fR
40 40 .fi
41 41
42 42 .LP
43 43 .nf
44 44 \fBsmbadm join\fR [-y] -u \fIusername\fR \fIdomain\fR
45 45 .fi
46 46
47 47 .LP
48 48 .nf
49 49 \fBsmbadm join\fR [-y] -w \fIworkgroup\fR
50 50 .fi
51 51
52 52 .LP
53 53 .nf
54 54 \fBsmbadm list\fR
55 55 .fi
56 56
57 57 .LP
58 58 .nf
59 59 \fBsmbadm lookup\fR \fIaccount-name\fR [\fIaccount-name\fR [\&.\|.\|.]]
60 60 .fi
61 61
62 62 .LP
63 63 .nf
64 64 \fBsmbadm remove-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.] \fIgroup\fR
65 65 .fi
66 66
67 67 .LP
68 68 .nf
69 69 \fBsmbadm rename\fR \fIgroup\fR \fInew-group\fR
70 70 .fi
71 71
72 72 .LP
73 73 .nf
74 74 \fBsmbadm set\fR -p \fIproperty\fR=\fIvalue\fR [[-p \fIproperty\fR=\fIvalue\fR] \&.\|.\|.] \fIgroup\fR
75 75 .fi
76 76
77 77 .LP
78 78 .nf
79 79 \fBsmbadm show\fR [-m] [-p] [\fIgroup\fR]
80 80 .fi
81 81
82 82 .SH DESCRIPTION
83 83 .LP
84 84 The \fBsmbadm\fR command is used to configure \fBCIFS\fR local groups and to
85 85 manage domain membership. You can also use the \fBsmbadm\fR command to enable
86 86 or disable SMB password generation for individual local users.
87 87 .sp
88 88 .LP
89 89 \fBCIFS\fR local groups can be used when Windows accounts must be members of
90 90 some local groups and when Windows style privileges must be granted. Solaris
91 91 local groups cannot provide these functions.
92 92 .sp
93 93 .LP
94 94 There are two types of local groups: user defined and built-in. Built-in local
95 95 groups are predefined local groups to support common administration tasks.
96 96 .sp
97 97 .LP
98 98 In order to provide proper identity mapping between \fBCIFS\fR local groups and
99 99 Solaris groups, a \fBCIFS\fR local group must have a corresponding Solaris
100 100 group. This requirement has two consequences: first, the group name must
101 101 conform to the intersection of the Windows and Solaris group name rules. Thus,
102 102 a \fBCIFS\fR local group name can be up to eight (8) characters long and
103 103 contain only lowercase characters and numbers. Second, a Solaris local group
104 104 has to be created before a \fBCIFS\fR local group can be created.
105 105 .sp
106 106 .LP
107 107 Built-in groups are standard Windows groups and are predefined by the
108 108 \fBCIFS\fR service. The built-in groups cannot be added, removed, or renamed,
109 109 and these groups do not follow the \fBCIFS\fR local group naming conventions.
110 110 .sp
111 111 .LP
112 112 When the \fBCIFS\fR server is started, the following built-in groups are
113 113 available:
114 114 .sp
115 115 .ne 2
116 116 .na
117 117 \fBAdministrators\fR
118 118 .ad
119 119 .sp .6
120 120 .RS 4n
121 121 Group members can administer the system.
122 122 .RE
123 123
124 124 .sp
125 125 .ne 2
126 126 .na
127 127 \fBBackup Operators\fR
128 128 .ad
129 129 .sp .6
130 130 .RS 4n
131 131 Group members can bypass file access controls to back up and restore files.
132 132 .RE
133 133
134 134 .sp
135 135 .ne 2
136 136 .na
137 137 \fBPower Users\fR
138 138 .ad
139 139 .sp .6
140 140 .RS 4n
141 141 Group members can share directories.
142 142 .RE
143 143
144 144 .sp
145 145 .LP
146 146 Solaris local users must have an SMB password for authentication and to gain
147 147 access to CIFS resources. This password is created by using the \fBpasswd\fR(1)
148 148 command when the \fBpam_smb_password\fR module is added to the system's PAM
149 149 configuration. See the \fBpam_smb_passwd\fR(5) man page.
150 150 .sp
151 151 .LP
152 152 The \fBdisable-user\fR and \fBenable-user\fR subcommands control SMB
153 153 password-generation for a specified local user. When disabled, the user is
154 154 prevented from connecting to the Solaris CIFS service. By default, SMB
155 155 password-generation is enabled for all local users.
156 156 .sp
157 157 .LP
158 158 To reenable a disabled user, you must use the \fBenable-user\fR subcommand and
159 159 then reset the user's password by using the \fBpasswd\fR command. The
160 160 \fBpam_smb_passwd.so.1\fR module must be added to the system's PAM
161 161 configuration to generate an SMB password.
162 162 .SS "Escaping Backslash Character"
163 163 .LP
164 164 For the \fBadd-member\fR, \fBremove-member\fR, and \fBjoin\fR (with \fB-u\fR)
165 165 subcommands, the backslash character (\fB\e\fR) is a valid separator between
166 166 member or user names and domain names. The backslash character is a shell
167 167 special character and must be quoted. For example, you might escape the
168 168 backslash character with another backslash character:
169 169 \fIdomain\fR\fB\e\e\fR\fIusername\fR. For more information about handling shell
170 170 special characters, see the man page for your shell.
171 171 .SH OPERANDS
172 172 .LP
173 173 The \fBsmbadm\fR command uses the following operands:
174 174 .sp
175 175 .ne 2
176 176 .na
177 177 \fB\fIdomain\fR\fR
178 178 .ad
179 179 .sp .6
180 180 .RS 4n
181 181 Specifies the name of an existing Windows domain to join.
182 182 .RE
183 183
184 184 .sp
185 185 .ne 2
186 186 .na
187 187 \fB\fIgroup\fR\fR
188 188 .ad
189 189 .sp .6
190 190 .RS 4n
191 191 Specifies the name of the \fBCIFS\fR local group.
192 192 .RE
193 193
194 194 .sp
195 195 .ne 2
196 196 .na
197 197 \fB\fIusername\fR\fR
198 198 .ad
199 199 .sp .6
200 200 .RS 4n
201 201 Specifies the name of a Solaris local user.
202 202 .RE
203 203
204 204 .SH SUBCOMMANDS
205 205 .LP
206 206 The \fBsmbadm\fR command includes these subcommands:
207 207 .sp
208 208 .ne 2
209 209 .na
210 210 \fB\fBadd-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.]
211 211 \fIgroup\fR\fR
212 212 .ad
213 213 .sp .6
214 214 .RS 4n
215 215 Adds the specified member to the specified \fBCIFS\fR local group. The \fB-m\fR
216 216 \fImember\fR option specifies the name of a \fBCIFS\fR local group member. The
217 217 member name must include an existing user name and an optional domain name.
218 218 .sp
219 219 Specify the member name in either of the following formats:
220 220 .sp
221 221 .in +2
222 222 .nf
223 223 [\fIdomain\fR\e]\fIusername\fR
224 224 [\fIdomain\fR/]\fIusername\fR
225 225 .fi
226 226 .in -2
227 227 .sp
228 228
229 229 For example, a valid member name might be \fBsales\eterry\fR or
230 230 \fBsales/terry\fR, where \fBsales\fR is the Windows domain name and \fBterry\fR
231 231 is the name of a user in the \fBsales\fR domain.
232 232 .RE
233 233
234 234 .sp
235 235 .ne 2
236 236 .na
237 237 \fB\fBcreate\fR [\fB-d\fR \fIdescription\fR] \fIgroup\fR\fR
238 238 .ad
239 239 .sp .6
240 240 .RS 4n
241 241 Creates a \fBCIFS\fR local group with the specified name. You can optionally
242 242 specify a description of the group by using the \fB-d\fR option.
243 243 .RE
244 244
245 245 .sp
246 246 .ne 2
247 247 .na
248 248 \fB\fBdelete\fR \fIgroup\fR\fR
249 249 .ad
250 250 .sp .6
251 251 .RS 4n
252 252 Deletes the specified \fBCIFS\fR local group. The built-in groups cannot be
253 253 deleted.
254 254 .RE
255 255
256 256 .sp
257 257 .ne 2
258 258 .na
259 259 \fB\fBdisable\fR \fIusername\fR\fR
260 260 .ad
261 261 .sp .6
262 262 .RS 4n
263 263 Disables SMB password-generation capabilities for the specified local user. A
264 264 disabled local user is prevented from accessing the system by means of the CIFS
265 265 service. When a local user account is disabled, you cannot use the \fBpasswd\fR
266 266 command to modify the user's SMB password until the user account is reenabled.
267 267 .RE
268 268
269 269 .sp
270 270 .ne 2
271 271 .na
272 272 \fB\fBenable\fR \fIusername\fR\fR
273 273 .ad
274 274 .sp .6
275 275 .RS 4n
276 276 Enables SMB password-generation capabilities for the specified local user.
277 277 After the password-generation capabilities are reenabled, you must use the
278 278 \fBpasswd\fR command to generate the SMB password for the local user before he
279 279 can connect to the CIFS service.
280 280 .sp
281 281 The \fBpasswd\fR command manages both the Solaris password and SMB password for
282 282 this user if the \fBpam_smb_passwd\fR module has been added to the system's PAM
283 283 configuration.
284 284 .RE
285 285
286 286 .sp
287 287 .ne 2
288 288 .na
289 289 \fB\fBget\fR [[\fB-p\fR \fIproperty\fR=\fIvalue\fR] \&.\|.\|.] \fIgroup\fR\fR
290 290 .ad
291 291 .sp .6
292 292 .RS 4n
293 293 Retrieves property values for the specified group. If no property is specified,
294 294 all property values are shown.
295 295 .RE
296 296
297 297 .sp
298 298 .ne 2
299 299 .na
300 300 \fB\fBjoin\fR \fB[-y] -u\fR \fIusername\fR \fIdomain\fR\fR
301 301 .ad
302 302 .sp .6
303 303 .RS 4n
304 304 Joins a Windows domain or a workgroup.
305 305 .sp
306 306 The default mode for the \fBCIFS\fR service is workgroup mode, which uses the
307 307 default workgroup name, \fBWORKGROUP\fR.
308 308 .sp
309 309 An authenticated user account is required to join a domain, so you must specify
310 310 the Windows administrative user name with the \fB-u\fR option. If the password
311 311 is not specified on the command line, the user is prompted for it. This user
312 312 should be the domain administrator or any user who has administrative
313 313 privileges for the target domain.
314 314 .sp
315 315 \fIusername\fR and \fIdomain\fR can be entered in any of the following formats:
316 316 .sp
317 317 .in +2
318 318 .nf
319 319 \fIusername\fR[+\fIpassword\fR] \fIdomain\fR
320 320 \fIdomain\fR\e\fIusername\fR[+\fIpassword\fR]
321 321 \fIdomain\fR/\fIusername\fR[+\fIpassword\fR]
322 322 \fIusername\fR@\fIdomain\fR
323 323 .fi
324 324 .in -2
325 325 .sp
326 326
327 327 \&...where \fIdomain\fR can be the NetBIOS or DNS domain name.
328 328 .sp
329 329 If a machine trust account for the system already exists on a domain
330 330 controller, any authenticated user account can be used when joining the domain.
331 331 However, if the machine trust account does \fBnot\fR already exist, an account
332 332 that has administrative privileges on the domain is required to join the
333 333 domain.
334 334 Specifying \fB-y\fR will bypass the smb service restart prompt.
335 335 .RE
336 336
337 337 .sp
338 338 .ne 2
339 339 .na
340 340 \fB\fBjoin\fR \fB[-y] -w\fR \fIworkgroup\fR\fR
341 341 .ad
342 342 .sp .6
343 343 .RS 4n
344 344 Joins a Windows domain or a workgroup.
345 345 .sp
346 346 The \fB-w\fR \fIworkgroup\fR option specifies the name of the workgroup to join
347 347 when using the \fBjoin\fR subcommand.
348 348 Specifying \fB-y\fR will bypass the smb service restart prompt.
349 349 .RE
350 350
351 351 .sp
352 352 .ne 2
|
↓ open down ↓ |
352 lines elided |
↑ open up ↑ |
353 353 .na
354 354 \fB\fBlist\fR\fR
355 355 .ad
356 356 .sp .6
357 357 .RS 4n
358 358 Shows information about the current workgroup or domain. The information
359 359 typically includes the workgroup name or the primary domain name. When in
360 360 domain mode, the information includes domain controller names and trusted
361 361 domain names.
362 362 .sp
363 -Each entry in the ouput is identified by one of the following tags:
363 +Each entry in the output is identified by one of the following tags:
364 364 .sp
365 365 .ne 2
366 366 .na
367 367 \fB\fB- [*] -\fR\fR
368 368 .ad
369 369 .RS 11n
370 370 Primary domain
371 371 .RE
372 372
373 373 .sp
374 374 .ne 2
375 375 .na
376 376 \fB\fB- [.] -\fR\fR
377 377 .ad
378 378 .RS 11n
379 379 Local domain
380 380 .RE
381 381
382 382 .sp
383 383 .ne 2
384 384 .na
385 385 \fB\fB- [-] -\fR\fR
386 386 .ad
387 387 .RS 11n
388 388 Other domains
389 389 .RE
390 390
391 391 .sp
392 392 .ne 2
393 393 .na
394 394 \fB\fB- [+] -\fR\fR
395 395 .ad
396 396 .RS 11n
397 397 Selected domain controller
398 398 .RE
399 399
400 400 .RE
401 401
402 402 .sp
403 403 .ne 2
404 404 .na
405 405 \fB\fBlookup\fR\fR \fIaccount-name\fR [\fIaccount-name\fR [\&.\|.\|.]]
406 406
407 407 .ad
408 408 .sp .6
409 409 .RS 4n
410 410 Lookup the SID for the given \fIaccount-name\fR, or lookup the
411 411 \fIaccount-name\fR for the given SID. This subcommand is
412 412 primarily for diagnostic use, to confirm whether the server
413 413 can lookup domain accounts and/or SIDs.
414 414 .RE
415 415
416 416 .sp
417 417 .ne 2
418 418 .na
419 419 \fB\fBremove-member\fR -m \fImember\fR [[-m \fImember\fR] \&.\|.\|.]
420 420 \fIgroup\fR\fR
421 421 .ad
422 422 .sp .6
423 423 .RS 4n
424 424 Removes the specified member from the specified \fBCIFS\fR local group. The
425 425 \fB-m\fR \fImember\fR option specifies the name of a \fBCIFS\fR local group
426 426 member. The member name must include an existing user name and an optional
427 427 domain name.
428 428 .sp
429 429 Specify the member name in either of the following formats:
430 430 .sp
431 431 .in +2
432 432 .nf
433 433 [\fIdomain\fR\e]\fIusername\fR
434 434 [\fIdomain\fR/]\fIusername\fR
435 435 .fi
436 436 .in -2
437 437 .sp
438 438
439 439 For example, a valid member name might be \fBsales\eterry\fR or
440 440 \fBsales/terry\fR, where \fBsales\fR is the Windows domain name and \fBterry\fR
441 441 is the name of a user in the \fBsales\fR domain.
442 442 .RE
443 443
444 444 .sp
445 445 .ne 2
446 446 .na
447 447 \fB\fBrename\fR \fIgroup\fR \fInew-group\fR\fR
448 448 .ad
449 449 .sp .6
450 450 .RS 4n
451 451 Renames the specified \fBCIFS\fR local group. The group must already exist. The
452 452 built-in groups cannot be renamed.
453 453 .RE
454 454
455 455 .sp
456 456 .ne 2
457 457 .na
458 458 \fB\fBset\fR \fB-p\fR \fIproperty\fR=\fIvalue\fR [[\fB-p\fR
459 459 \fIproperty\fR=\fIvalue\fR] \&.\|.\|.] \fIgroup\fR\fR
460 460 .ad
461 461 .sp .6
462 462 .RS 4n
463 463 Sets configuration properties for a \fBCIFS\fR local group. The description and
464 464 the privileges for the built-in groups cannot be changed.
465 465 .sp
466 466 The \fB-p\fR \fIproperty\fR\fB=\fR\fIvalue\fR option specifies the list of
467 467 properties to be set on the specified group.
468 468 .sp
469 469 The group-related properties are as follows:
470 470 .sp
471 471 .ne 2
472 472 .na
473 473 \fB\fBbackup=[on|off]\fR\fR
474 474 .ad
475 475 .sp .6
476 476 .RS 4n
477 477 Specifies whether members of the \fBCIFS\fR local group can bypass file access
478 478 controls to back up file system objects.
479 479 .RE
480 480
481 481 .sp
482 482 .ne 2
483 483 .na
484 484 \fB\fBdescription=\fR\fIdescription-text\fR\fR
485 485 .ad
486 486 .sp .6
487 487 .RS 4n
488 488 Specifies a text description for the \fBCIFS\fR local group.
489 489 .RE
490 490
491 491 .sp
492 492 .ne 2
493 493 .na
494 494 \fB\fBrestore=[on|off]\fR\fR
495 495 .ad
496 496 .sp .6
497 497 .RS 4n
498 498 Specifies whether members of the \fBCIFS\fR local group can bypass file access
499 499 controls to restore file system objects.
500 500 .RE
501 501
502 502 .sp
503 503 .ne 2
504 504 .na
505 505 \fB\fBtake-ownership=[on|off]\fR\fR
506 506 .ad
507 507 .sp .6
508 508 .RS 4n
509 509 Specifies whether members of the \fBCIFS\fR local group can take ownership of
510 510 file system objects.
511 511 .RE
512 512
513 513 .RE
514 514
515 515 .sp
516 516 .ne 2
517 517 .na
518 518 \fB\fBshow\fR [\fB-m\fR] [\fB-p\fR] [\fIgroup\fR]\fR
519 519 .ad
520 520 .sp .6
521 521 .RS 4n
522 522 Shows information about the specified \fBCIFS\fR local group or groups. If no
523 523 group is specified, information is shown for all groups. If the \fB-m\fR option
524 524 is specified, the group members are also shown. If the \fB-p\fR option is
525 525 specified, the group privileges are also shown.
526 526 .RE
527 527
528 528 .SH EXIT STATUS
529 529 .LP
530 530 The following exit values are returned:
531 531 .sp
532 532 .ne 2
533 533 .na
534 534 \fB0\fR
535 535 .ad
536 536 .RS 13n
537 537 Successful completion.
538 538 .RE
539 539
540 540 .sp
541 541 .ne 2
542 542 .na
543 543 \fB>0\fR
544 544 .ad
545 545 .RS 13n
546 546 An error occurred.
547 547 .RE
548 548
549 549 .SH ATTRIBUTES
550 550 .LP
551 551 See the \fBattributes\fR(5) man page for descriptions of the following
552 552 attributes:
553 553 .sp
554 554
555 555 .sp
556 556 .TS
557 557 box;
558 558 c | c
559 559 l | l .
560 560 ATTRIBUTE TYPE ATTRIBUTE VALUE
561 561 _
562 562 Utility Name and Options Uncommitted
563 563 _
564 564 Utility Output Format Not-An-Interface
565 565 _
566 566 \fBsmbadm join\fR Obsolete
567 567 .TE
568 568
569 569 .SH SEE ALSO
570 570 .LP
571 571 \fBpasswd\fR(1), \fBgroupadd\fR(1M), \fBidmap\fR(1M), \fBidmapd\fR(1M),
572 572 \fBkclient\fR(1M), \fBshare\fR(1M), \fBsharectl\fR(1M), \fBsharemgr\fR(1M),
573 573 \fBsmbd\fR(1M), \fBsmbstat\fR(1M), \fBsmb\fR(4), \fBsmbautohome\fR(4),
574 574 \fBattributes\fR(5), \fBpam_smb_passwd\fR(5), \fBsmf\fR(5)
|
↓ open down ↓ |
201 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX