summaryrefslogtreecommitdiff
path: root/docs/docbook/manpages/smbpasswd.8.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/manpages/smbpasswd.8.sgml')
-rw-r--r--docs/docbook/manpages/smbpasswd.8.sgml165
1 files changed, 165 insertions, 0 deletions
diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml
new file mode 100644
index 0000000000..15cb6ffff1
--- /dev/null
+++ b/docs/docbook/manpages/smbpasswd.8.sgml
@@ -0,0 +1,165 @@
+
+Namesmbpasswd - change a users SMB password
+Synopsis
+smbpasswd [-a] [-x] [-d]
+[-e] [-D debug level] [-n] [-r remote_machine] [-R name resolve order] [-m] [-j
+DOMAIN] [-U username] [-h] [-s] username
+Description
+This program is part of
+the Samba suite.
+The smbpasswd program has several different functions,
+depending on whether it is run by the root user or not. When run as a normal
+user it allows the user to change the password used for their SMB sessions
+on any machines that store SMB passwords.
+By default (when run with no arguments)
+it will attempt to change the current users SMB password on the local machine.
+This is similar to the way the passwd (1) program works. smbpasswd differs
+from how the passwd program works however in that it is not setuid root
+but works in a client-server mode and communicates with a locally running
+smbd. As a consequence in order for this to succeed the smbd daemon must
+be running on the local machine. On a UNIX machine the encrypted SMB passwords
+are usually stored in the smbpasswd (5) file.
+When run by an ordinary user
+with no options. smbpasswd will prompt them for their old smb password and
+then ask them for their new password twice, to ensure that the new password
+was typed correctly. No passwords will be echoed on the screen whilst being
+typed. If you have a blank smb password (specified by the string "NO PASSWORD"
+in the smbpasswd file) then just press the <Enter> key when asked for your
+old password.
+smbpasswd can also be used by a normal user to change their
+SMB password on remote machines, such as Windows NT Primary Domain Controllers.
+See the (-r) and -U options below.
+When run by root, smbpasswd allows new
+users to be added and deleted in the smbpasswd file, as well as allows
+changes to the attributes of the user in this file to be made. When run
+by root, smbpasswd accesses the local smbpasswd file directly, thus enabling
+changes to be made even if smbd is not running.
+Options
+-aThis option specifies
+that the username following should be added to the local smbpasswd file,
+with the new password typed (type <Enter> for the old password). This option
+is ignored if the username following already exists in the smbpasswd file
+and it is treated like a regular change password command. Note that the
+user to be added must already exist in the system password file (usually
+/etc/passwd) else the request to add the user will fail. This option is
+only available when running smbpasswd as root. -xThis option specifies that
+the username following should be deleted from the local smbpasswd file.
+This option is only available when running smbpasswd as root. -dThis option
+specifies that the username following should be disabled in the local smbpasswd
+file. This is done by writing a 'D' flag into the account control space in
+the smbpasswd file. Once this is done all attempts to authenticate via SMB
+using this username will fail. If the smbpasswd file is in the 'old' format
+(pre-Samba 2.0 format) there is no space in the users password entry to write
+this information and so the user is disabled by writing 'X' characters into
+the password space in the smbpasswd file. See smbpasswd (5) for details
+on the 'old' and new password file formats. This option is only available
+when running smbpasswd as root. -eThis option specifies that the username
+following should be enabled in the local smbpasswd file, if the account
+was previously disabled. If the account was not disabled this option has
+no effect. Once the account is enabled then the user will be able to authenticate
+via SMB once again. If the smbpasswd file is in the 'old' format then smbpasswd
+will prompt for a new password for this user, otherwise the account will
+be enabled by removing the 'D' flag from account control space in the smbpasswd
+file. See smbpasswd (5) for details on the 'old' and new password file formats.
+This option is only available when running smbpasswd as root. -D debugleveldebuglevel
+is an integer from 0 to 10. The default value if this parameter is not
+specified is zero. The higher this value, the more detail will be logged
+to the log files about the activities of smbpasswd. At level 0, only critical
+errors and serious warnings will be logged. Levels above 1 will generate
+considerable amounts of log data, and should only be used when investigating
+a problem. Levels above 3 are designed for use only by developers and generate
+HUGE amounts of log data, most of which is extremely cryptic. -nThis option
+specifies that the username following should have their password set to
+null (i.e. a blank password) in the local smbpasswd file. This is done by
+writing the string "NO PASSWORD" as the first part of the first password
+stored in the smbpasswd file. Note that to allow users to logon to a Samba
+server once the password has been set to "NO PASSWORD" in the smbpasswd
+file the administrator must set the following parameter in the [global]
+section of the smb.conf file : null passwords = true This option is only
+available when running smbpasswd as root. -r remote machine nameThis option
+allows a user to specify what machine they wish to change their password
+on. Without this parameter smbpasswd defaults to the local host. The "remote
+machine name" is the NetBIOS name of the SMB/CIFS server to contact to
+attempt the password change. This name is resolved into an IP address using
+the standard name resolution mechanism in all programs of the Samba suite.
+See the -R name resolve order parameter for details on changing this resolving
+mechanism. The username whose password is changed is that of the current
+UNIX logged on user. See the -U username parameter for details on changing
+the password for a different username. Note that if changing a Windows NT
+Domain password the remote machine specified must be the Primary Domain
+Controller for the domain (Backup Domain Controllers only have a read-only
+copy of the user account database and will not allow the password change).
+Note that Windows 95/98 do not have a real password database so it is not
+possible to change passwords specifying a Win95/98 machine as remote machine
+target. -R name resolve orderThis option allows the user of smbclient to
+determine what name resolution services to use when looking up the NetBIOS
+name of the host being connected to. The options are :"lmhosts", "host",
+"wins" and "bcast". They cause names to be resolved as follows : olmhosts
+: Lookup an IP address in the Samba lmhosts file. ohost : Do a standard
+host name to IP address resolution, using the system /etc/hosts, NIS, or
+DNS lookups. This method of name resolution is operating system dependent.
+For instance on IRIX or Solaris, this may be controlled by the /etc/nsswitch.conf
+file). owins : Query a name with the IP address listed in the wins server
+parameter in the smb.conf file. If no WINS server has been specified this
+method will be ignored. obcast : Do a broadcast on each of the known local
+interfaces listed in the interfaces parameter in the smb.conf file. This
+is the least reliable of the name resolution methods as it depends on the
+target host being on a locally connected subnet. If this parameter is not
+set then the name resolve order defined in the smb.conf file parameter
+name resolve order will be used. The default order is lmhosts, host, wins,
+bcast and without this parameter or any entry in the smb.conf file the
+name resolution methods will be attempted in this order. -mThis option tells
+smbpasswd that the account being changed is a MACHINE account. Currently
+this is used when Samba is being used as an NT Primary Domain Controller.
+PDC support is not a supported feature in Samba2.0 but will become supported
+in a later release. If you wish to know more about using Samba as an NT
+PDC then please subscribe to the mailing list samba-ntdom@samba.org. This
+option is only available when running smbpasswd as root. -j DOMAINThis option
+is used to add a Samba server into a Windows NT Domain, as a Domain member
+capable of authenticating user accounts to any Domain Controller in the
+same way as a Windows NT Server. See the security=domain option in the smb.conf
+(5) man page. In order to be used in this way, the Administrator for the
+Windows NT Domain must have used the program "Server Manager for Domains"
+to add the primary NetBIOS name of the Samba server as a member of the
+Domain. After this has been done, to join the Domain invoke smbpasswd with
+this parameter. smbpasswd will then look up the Primary Domain Controller
+for the Domain (found in the smb.conf file in the parameter password server
+and change the machine account password used to create the secure Domain
+communication. This password is then stored by smbpasswd in a file, read
+only by root, called CW<Domain>.<Machine>.mac where CW<Domain> is the name of the
+Domain we are joining and CW<Machine> is the primary NetBIOS name of the
+machine we are running on. Once this operation has been performed the smb.conf
+file may be updated to set the security=domain option and all future logins
+to the Samba server will be authenticated to the Windows NT PDC. Note that
+even though the authentication is being done to the PDC all users accessing
+the Samba server must still have a valid UNIX account on that machine. This
+option is only available when running smbpasswd as root. -U usernameThis
+option may only be used in conjunction with the -r option. When changing
+a password on a remote machine it allows the user to specify the user name
+on that machine whose password will be changed. It is present to allow users
+who have different user names on different systems to change these passwords.
+-hThis option prints the help string for smbpasswd, selecting the correct
+one for running as root or as an ordinary user. -sThis option causes smbpasswd
+to be silent (i.e. not issue prompts) and to read it's old and new passwords
+from standard input, rather than from CW/dev/tty (like the passwd (1)
+program does). This option is to aid people writing scripts to drive smbpasswd
+usernameThis specifies the username for all of the root only options to
+operate on. Only root can specify this parameter as only root has the permission
+needed to modify attributes directly in the local smbpasswd file. NotesSince
+smbpasswd works in client-server mode communicating with a local smbd for
+a non-root user then the smbd daemon must be running for this to work. A
+common problem is to add a restriction to the hosts that may access the
+smbd running on the local machine by specifying a "allow hosts" or "deny
+hosts" entry in the smb.conf file and neglecting to allow "localhost" access
+to the smbd. In addition, the smbpasswd command is only useful if Samba
+has been set up to use encrypted passwords. See the file ENCRYPTION.txt in
+the docs directory for details on how to do this. VersionThis man page is
+correct for version 2.0 of the Samba suite. AuthorThe original Samba software
+and related utilities were created by Andrew Tridgell samba@samba.org. Samba
+is now developed by the Samba Team as an Open Source project similar to
+the way the Linux kernel is developed. The original Samba man pages were
+written by Karl Auer. The man page sources were converted to YODL format
+(another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/)
+and updated for the Samba2.0 release by Jeremy Allison. samba@samba.org. See
+samba (7) to find out how to get a full list of contributors and details
+on how to submit bug reports, comments etc. \ No newline at end of file
generated by cgit (git 2.34.1) at 2024-08-01 02:44:09 +0000