summaryrefslogtreecommitdiff
path: root/docs/manpages
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2002-01-11 00:41:27 +0000
committerGerald Carter <jerry@samba.org>2002-01-11 00:41:27 +0000
commit3469866334d06d089cc334e0d610577a001e33de (patch)
tree3c4562ae2717134cbf7ae7b6b9be8b813773c216 /docs/manpages
parent3fb5e2867c947de65d0c75a2ea1b9be46bbc5346 (diff)
downloadsamba-3469866334d06d089cc334e0d610577a001e33de.tar.gz
samba-3469866334d06d089cc334e0d610577a001e33de.tar.bz2
samba-3469866334d06d089cc334e0d610577a001e33de.zip
commit some changes for ab, and keep working on the smbgroupedit
manpage. (This used to be commit a10cdbfbed4e04609f511cbbf976df4b4d391729)
Diffstat (limited to 'docs/manpages')
-rw-r--r--docs/manpages/smbgroupedit.8145
-rw-r--r--docs/manpages/wbinfo.112
2 files changed, 143 insertions, 14 deletions
diff --git a/docs/manpages/smbgroupedit.8 b/docs/manpages/smbgroupedit.8
index aff157ca6d..05dc9f9ed4 100644
--- a/docs/manpages/smbgroupedit.8
+++ b/docs/manpages/smbgroupedit.8
@@ -3,36 +3,157 @@
.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBGROUPEDIT" "8" "08 January 2002" "" ""
+.TH "SMBGROUPEDIT" "8" "10 January 2002" "" ""
.SH NAME
-smbgroupedit \- Tool for mapping UNIX groups to Windows groups
+smbgroupedit \- Query/set/change UNIX - Windows NT group mapping
.SH SYNOPSIS
.sp
-\fBsmbroupedit\fR [ \fB-v\fR ]
+\fBsmbroupedit\fR [ \fB-v [l|s]\fR ] [ \fB-a UNIX-groupname [-d NT-groupname|-p prividge|\fR ]
.SH "DESCRIPTION"
.PP
-This program is part of the Samba suite.
+This program is part of the Samba
+suite.
+.PP
+The smbgroupedit command allows for mapping unix groups
+to NT Builtin, Domain, or Local groups. Also
+allows setting privileges for that group, such as saAddUser,
+etc.
.SH "OPTIONS"
.TP
-\fB-v\fR
-Print the current set of UNIX to Windows
-group mappings.
+\fB-v[l|s]\fR
+This option will list all groups available
+in the Windows NT domain in which samba is operating.
+.RS
+.TP
+\fB-l\fR
+give a long listing, of the format:
+
+.sp
+.nf
+"NT Group Name"
+ SID :
+ Unix group :
+ Group type :
+ Comment :
+ Privilege :
+.sp
+.fi
+
+For examples,
+
+.sp
+.nf
+Users
+ SID : S-1-5-32-545
+ Unix group: -1
+ Group type: Local group
+ Comment :
+ Privilege : No privilege
+.sp
+.fi
+.TP
+\fB-s\fR
+display a short listing of the format:
+
+.sp
+.nf
+NTGroupName(SID) -> UnixGroupName
+.sp
+.fi
+
+For example,
+
+.sp
+.nf
+Users (S-1-5-32-545) -> -1
+.sp
+.fi
+.RE
.SH "FILES"
.PP
+.SH "EXIT STATUS"
+.PP
+\fBsmbgroupedit\fR returns a status of 0 if the
+operation completed successfully, and a value of 1 in the event
+of a failure.
+.SH "EXAMPLES"
+.PP
+To make a subset of your samba PDC users members of
+the 'Domain Admins' Global group:
+.IP 1.
+create a unix group (usually in
+\fI/etc/group\fR), let's call it domadm.
+.IP 2.
+add to this group the users that you want to be
+domain administrators. For example if you want joe, john and mary,
+your entry in \fI/etc/group\fR will look like:
+
+domadm:x:502:joe,john,mary
+.IP 3.
+map this domadm group to the 'domain admins' group:
+.RS
+.IP 1.
+Get the SID for the Windows NT "Domain Admins"
+group:
+
+.sp
+.nf
+root# \fBsmbgroupedit -vs | grep "Domain Admins"\fR
+Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1
+.sp
+.fi
+.IP 2.
+map the unix domadm group to the Windows NT
+"Domain Admins" group, by running the command:
+
+.sp
+.nf
+root# \fBsmbgroupedit \\
+-c S-1-5-21-1108995562-3116817432-1375597819-512 \\
+-u domadm\fR
+.sp
+.fi
+
+\fBwarning:\fR don't copy and paste this sample, the
+Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
+.RE
+.PP
+To verify that you mapping has taken effect:
+.PP
+.PP
+.sp
+.nf
+root# \fBsmbgroupedit -vs|grep "Domain Admins"\fR
+Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm
+.sp
+.fi
+.PP
+.PP
+To give access to a certain directory on a domain member machine (an
+NT/W2K or a samba server running winbind) to some users who are member
+of a group on your samba PDC, flag that group as a domain group:
+.PP
+.PP
+.sp
+.nf
+root# \fBsmbgroupedit -a unixgroup -td\fR
+.sp
+.fi
+.PP
.SH "VERSION"
.PP
-This man page is incomplete for version 3.0 of
+This man page is correct for the 3.0alpha releases of
the Samba suite.
.SH "SEE ALSO"
.PP
-samba(7)
+smb.conf(5)
.SH "AUTHOR"
.PP
-The original Samba software and related utilities
+The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar
+by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
-The original Samba man pages were written by Karl Auer.
+\fBsmbgroupedit\fR was written by Jean Francois Micouleau.
The current set of manpages and documentation is maintained
by the Samba Team in the same fashion as the Samba source code.
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index a42a9ca31e..08353b8fd7 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -3,12 +3,12 @@
.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WBINFO" "1" "04 January 2002" "" ""
+.TH "WBINFO" "1" "10 January 2002" "" ""
.SH NAME
wbinfo \- Query information from winbind daemon
.SH SYNOPSIS
.sp
-\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ]
+\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-a user%password\fR ] [ \fB-p\fR ]
.SH "DESCRIPTION"
.PP
This tool is part of the Sambasuite.
@@ -82,6 +82,14 @@ Produce a list of domains trusted by the
Windows NT server \fBwinbindd(8)\fR contacts
when resolving names. This list does not include the Windows
NT domain the server is a Primary Domain Controller for.
+.TP
+\fB-a username%password\fR
+Attempt to authenticate a user via winbindd.
+This checks both authenticaion methods and reports its results.
+.TP
+\fB-p\fR
+Attempt a simple 'ping' check that the winbindd
+is indeed alive.
.SH "EXIT STATUS"
.PP
The wbinfo program returns 0 if the operation