diff options
Diffstat (limited to 'docs/docbook/manpages/smbgroupedit.8.sgml')
-rw-r--r-- | docs/docbook/manpages/smbgroupedit.8.sgml | 243 |
1 files changed, 217 insertions, 26 deletions
diff --git a/docs/docbook/manpages/smbgroupedit.8.sgml b/docs/docbook/manpages/smbgroupedit.8.sgml index f1b5f30ddc..b9607312ff 100644 --- a/docs/docbook/manpages/smbgroupedit.8.sgml +++ b/docs/docbook/manpages/smbgroupedit.8.sgml @@ -7,21 +7,42 @@ </refmeta> +<!-- **************************************************** +** Name and Options ** +**************************************************** --> <refnamediv> <refname>smbgroupedit</refname> - <refpurpose>Tool for mapping UNIX groups to Windows groups</refpurpose> + <refpurpose>Query/set/change UNIX - Windows NT group mapping</refpurpose> </refnamediv> <refsynopsisdiv> <cmdsynopsis> <command>smbroupedit</command> - <arg choice="opt">-v</arg> + <arg choice="opt">-v [l|s]</arg> + <arg choice="opt">-a UNIX-groupname [-d NT-groupname|-p prividge|</arg> </cmdsynopsis> </refsynopsisdiv> + + +<!-- **************************************************** +** Description ** +**************************************************** --> <refsect1> - <title>DESCRIPTION</title> - <para>This program is part of the Samba suite.</para> + +<title>DESCRIPTION</title> + +<para> +This program is part of the <ulink url="samba.7.html">Samba</ulink> +suite. +</para> + +<para> +The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc. +</para> </refsect1> @@ -30,47 +51,217 @@ <variablelist> <varlistentry> - <term>-v</term> - <listitem><para>Print the current set of UNIX to Windows - group mappings. - </para></listitem> + <term>-v[l|s]</term> + <listitem><para>This option will list all groups available + in the Windows NT domain in which samba is operating. + </para> + + <variablelist> + <varlistentry> + <term>-l</term> + <listitem><para>give a long listing, of the format:</para> + +<para><programlisting> +"NT Group Name" + SID : + Unix group : + Group type : + Comment : + Privilege : +</programlisting></para> + +<para>For examples,</para> +<para><programlisting> +Users + SID : S-1-5-32-545 + Unix group: -1 + Group type: Local group + Comment : + Privilege : No privilege +</programlisting></para> + + </listitem> + </varlistentry> + + <varlistentry> + <term>-s</term> + <listitem><para>display a short listing of the format:</para> + +<para><programlisting> +NTGroupName(SID) -> UnixGroupName +</programlisting></para> + +<para>For example,</para> + +<para><programlisting> +Users (S-1-5-32-545) -> -1 +</programlisting></para> + + </listitem> + </varlistentry> + </variablelist> + + </listitem> </varlistentry> </variablelist> </refsect1> + + +<!-- **************************************************** +**************************************************** --> <refsect1> - <title>FILES</title> +<title>FILES</title> - <para></para> +<para></para> </refsect1> + + +<!-- **************************************************** +**************************************************** --> <refsect1> - <title>VERSION</title> - <para>This man page is incomplete for version 3.0 of - the Samba suite.</para> +<title>EXIT STATUS</title> + +<para> +<command>smbgroupedit</command> returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure. +</para> + </refsect1> + + + +<!-- **************************************************** +**************************************************** --> <refsect1> - <title>SEE ALSO</title> - <para> - <ulink url="samba.7.html">samba(7)</ulink> + +<title>EXAMPLES</title> + + +<para> +To make a subset of your samba PDC users members of +the 'Domain Admins' Global group: +</para> + +<orderedlist> + + <listitem><para>create a unix group (usually in + <filename>/etc/group</filename>), let's call it <constant>domadm</constant>. + </para></listitem> + + <listitem><para>add to this group the users that you want to be + domain administrators. For example if you want joe, john and mary, + your entry in <filename>/etc/group</filename> will look like: </para> + + <para>domadm:x:502:joe,john,mary</para> + </listitem> + + <listitem><para>map this domadm group to the 'domain admins' group: + </para> + <orderedlist> + <listitem><para>Get the SID for the Windows NT "Domain Admins" + group:</para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit -vs | grep "Domain Admins"</command> +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 +</programlisting></para> +</listitem> + + <listitem><para>map the unix domadm group to the Windows NT + "Domain Admins" group, by running the command: + </para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit \ +-c S-1-5-21-1108995562-3116817432-1375597819-512 \ +-u domadm</command> +</programlisting></para> + + <para> + <emphasis>warning:</emphasis> don't copy and paste this sample, the + Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. + </para> + </listitem> + </orderedlist> + </listitem> +</orderedlist> + +<para> +To verify that you mapping has taken effect: +</para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit -vs|grep "Domain Admins"</command> +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm +</programlisting></para> + +<para> +To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group: +</para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit -a unixgroup -td</command> +</programlisting></para> + + + </refsect1> + + + +<!-- **************************************************** +**************************************************** --> +<refsect1> + +<title>VERSION</title> + +<para> +This man page is correct for the 3.0alpha releases of +the Samba suite. +</para> +</refsect1> + +<!-- **************************************************** +**************************************************** --> + +<refsect1> +<title>SEE ALSO</title> + +<para> +<ulink url="smb.conf.5.html">smb.conf(5)</ulink> +</para> + +</refsect1> + + +<!-- **************************************************** +**************************************************** --> + <refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The original Samba man pages were written by Karl Auer. - The current set of manpages and documentation is maintained - by the Samba Team in the same fashion as the Samba source code.</para> +<title>AUTHOR</title> + +<para> +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +</para> + +<para> +<command>smbgroupedit</command> was written by Jean Francois Micouleau. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code.</para> </refsect1> </refentry> |