summaryrefslogtreecommitdiff
path: root/docs/htmldocs/smbpasswd.8.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/smbpasswd.8.html')
-rw-r--r--docs/htmldocs/smbpasswd.8.html917
1 files changed, 636 insertions, 281 deletions
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html
index a0f4577b08..8fb2c580e7 100644
--- a/docs/htmldocs/smbpasswd.8.html
+++ b/docs/htmldocs/smbpasswd.8.html
@@ -1,281 +1,636 @@
-
-
-
-
-
-
-<html><head><title>smbpasswd (8)</title>
-
-<link rev="made" href="mailto:samba@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>smbpasswd (8)</h1>
-<h2>Samba</h2>
-<h2>23 Oct 1998</h2>
-
-
-
-<p><a name="NAME"></a>
-<h2>NAME</h2>
- smbpasswd - change a users SMB password
-<p><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-
-<p><strong>smbpasswd</strong> [<a href="smbpasswd.8.html#minusa">-a</a>] [<a href="smbpasswd.8.html#minusx">-x</a>] [<a href="smbpasswd.8.html#minusd">-d</a>] [<a href="smbpasswd.8.html#minuse">-e</a>] [<a href="smbpasswd.8.html#minusD">-D debug level</a>] [<a href="smbpasswd.8.html#minusn">-n</a>] [<a href="smbpasswd.8.html#minusr">-r remote_machine</a>] [<a href="smbpasswd.8.html#minusR">-R name resolve order</a>] [<a href="smbpasswd.8.html#minusm">-m</a>] [<a href="smbpasswd.8.html#minusj">-j DOMAIN</a>] [<a href="smbpasswd.8.html#minusU">-U username</a>] [<a href="smbpasswd.8.html#minush">-h</a>] [<a href="smbpasswd.8.html#minuss">-s</a>] <a href="smbpasswd.8.html#username">username</a>
-<p><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-
-<p>This program is part of the <strong>Samba</strong> suite.
-<p>The <strong>smbpasswd</strong> program has several different functions, depending
-on whether it is run by the <em>root</em> user or not. When run as a normal
-user it allows the user to change the password used for their SMB
-sessions on any machines that store SMB passwords.
-<p>By default (when run with no arguments) it will attempt to change the
-current users SMB password on the local machine. This is similar to
-the way the <strong>passwd (1)</strong> program works. <strong>smbpasswd</strong> differs from how
-the <strong>passwd</strong> program works however in that it is not <em>setuid root</em>
-but works in a client-server mode and communicates with a locally
-running <a href="smbd.8.html"><strong>smbd</strong></a>. As a consequence in order for this
-to succeed the <a href="smbd.8.html"><strong>smbd</strong></a> daemon must be running on
-the local machine. On a UNIX machine the encrypted SMB passwords are
-usually stored in the <a href="smbpasswd.5.html"><strong>smbpasswd (5)</strong></a> file.
-<p>When run by an ordinary user with no options. <strong>smbpasswd</strong> will
-prompt them for their old smb password and then ask them for their new
-password twice, to ensure that the new password was typed
-correctly. No passwords will be echoed on the screen whilst being
-typed. If you have a blank smb password (specified by the string "NO
-PASSWORD" in the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file) then just
-press the &lt;Enter&gt; key when asked for your old password.
-<p><strong>smbpasswd</strong> can also be used by a normal user to change their SMB
-password on remote machines, such as Windows NT Primary Domain
-Controllers. See the <a href="smbpasswd.8.html#minusr">(<strong>-r</strong>)</a> and
-<a href="smbpasswd.8.html#minusU"><strong>-U</strong></a> options below.
-<p>When run by root, <strong>smbpasswd</strong> allows new users to be added and
-deleted in the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file, as well as
-allows changes to the attributes of the user in this file to be made. When
-run by root, <strong>smbpasswd</strong> accesses the local
-<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file directly, thus enabling
-changes to be made even if <a href="smbd.8.html"><strong>smbd</strong></a> is not running.
-<p><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-
-<p><dl>
-<p><a name="minusa"></a>
-<p></p><dt><strong><strong>-a</strong></strong><dd> This option specifies that the username following should
-be added to the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file, with
-the new password typed (type &lt;Enter&gt; for the old password). This
-option is ignored if the username following already exists in the
-<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file and it is treated like a
-regular change password command. Note that the user to be added
-<strong>must</strong> already exist in the system password file (usually /etc/passwd)
-else the request to add the user will fail.
-<p>This option is only available when running <strong>smbpasswd</strong> as
-root.
-<p><a name="minusx"></a>
-<p></p><dt><strong><strong>-x</strong></strong><dd> This option specifies that the username following should
-be deleted from the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file.
-<p>This option is only available when running <strong>smbpasswd</strong> as
-root.
-<p><a name="minusd"></a>
-<p></p><dt><strong><strong>-d</strong></strong><dd> This option specifies that the username following should be
-<em>disabled</em> in the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file.
-This is done by writing a <em>'D'</em> flag into the account control space
-in the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. Once this is done
-all attempts to authenticate via SMB using this username will fail.
-<p>If the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file is in the 'old'
-format (pre-Samba 2.0 format) there is no space in the users password
-entry to write this information and so the user is disabled by writing
-'X' characters into the password space in the
-<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. See <a href="smbpasswd.5.html"><strong>smbpasswd
-(5)</strong></a> for details on the 'old' and new password file
-formats.
-<p>This option is only available when running <strong>smbpasswd</strong> as root.
-<p><a name="minuse"></a>
-<p></p><dt><strong><strong>-e</strong></strong><dd> This option specifies that the username following should be
-<em>enabled</em> in the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file,
-if the account was previously disabled. If the account was not
-disabled this option has no effect. Once the account is enabled
-then the user will be able to authenticate via SMB once again.
-<p>If the smbpasswd file is in the 'old' format then <strong>smbpasswd</strong> will
-prompt for a new password for this user, otherwise the account will be
-enabled by removing the <em>'D'</em> flag from account control space in the
-<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. See <a href="smbpasswd.5.html"><strong>smbpasswd
-(5)</strong></a> for details on the 'old' and new password file
-formats.
-<p>This option is only available when running <strong>smbpasswd</strong> as root.
-<p><a name="minusD"></a>
-<p></p><dt><strong><strong>-D debuglevel</strong></strong><dd> debuglevel is an integer from 0
-to 10. The default value if this parameter is not specified is zero.
-<p>The higher this value, the more detail will be logged to the log files
-about the activities of smbpasswd. At level 0, only critical errors
-and serious warnings will be logged.
-<p>Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic.
-<p><a name="minusn"></a>
-<p></p><dt><strong><strong>-n</strong></strong><dd> This option specifies that the username following should
-have their password set to null (i.e. a blank password) in the local
-<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file. This is done by writing the
-string "NO PASSWORD" as the first part of the first password stored in
-the <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file.
-<p>Note that to allow users to logon to a Samba server once the password
-has been set to "NO PASSWORD" in the
-<a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file the administrator must set
-the following parameter in the [global] section of the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file :
-<p><a href="smb.conf.5.html#nullpasswords">null passwords = true</a>
-<p>This option is only available when running <strong>smbpasswd</strong> as root.
-<p><a name="minusr"></a>
-<p></p><dt><strong><strong>-r remote machine name</strong></strong><dd> This option allows a
-user to specify what machine they wish to change their password
-on. Without this parameter <strong>smbpasswd</strong> defaults to the local
-host. The <em>"remote machine name"</em> is the NetBIOS name of the
-SMB/CIFS server to contact to attempt the password change. This name
-is resolved into an IP address using the standard name resolution
-mechanism in all programs of the <a href="samba.7.html"><strong>Samba</strong></a>
-suite. See the <a href="smbpasswd.8.html#minusR"><strong>-R name resolve order</strong></a> parameter for details on changing this resolving
-mechanism.
-<p>The username whose password is changed is that of the current UNIX
-logged on user. See the <a href="smbpasswd.8.html#minusU"><strong>-U username</strong></a>
-parameter for details on changing the password for a different
-username.
-<p>Note that if changing a Windows NT Domain password the remote machine
-specified must be the Primary Domain Controller for the domain (Backup
-Domain Controllers only have a read-only copy of the user account
-database and will not allow the password change).
-<p><em>Note</em> that Windows 95/98 do not have a real password database
-so it is not possible to change passwords specifying a Win95/98
-machine as remote machine target.
-<p><a name="minusR"></a>
-<p></p><dt><strong><strong>-R name resolve order</strong></strong><dd> This option allows the user of
-smbclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to.
-<p>The options are :<a href="smbpasswd.8.html#lmhosts">"lmhosts"</a>, <a href="smbpasswd.8.html#host">"host"</a>,
-<a href="smbpasswd.8.html#wins">"wins"</a> and <a href="smbpasswd.8.html#bcast">"bcast"</a>. They cause names to be
-resolved as follows :
-<p><dl>
-<p><a name="lmhosts"></a>
-<li > <strong>lmhosts</strong> : Lookup an IP address in the Samba lmhosts file.
-<p><a name="host"></a>
-<li > <strong>host</strong> : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system dependent. For instance on IRIX or
-Solaris, this may be controlled by the <em>/etc/nsswitch.conf</em> file).
-<p><a name="wins"></a>
-<li > <strong>wins</strong> : Query a name with the IP address listed in the
-<a href="smb.conf.5.html#winsserver"><strong>wins server</strong></a> parameter in the
-<a href="smb.conf.5.html"><strong>smb.conf file</strong></a>. If
-no WINS server has been specified this method will be ignored.
-<p><a name="bcast"></a>
-<li > <strong>bcast</strong> : Do a broadcast on each of the known local interfaces
-listed in the <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter
-in the smb.conf file. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet.
-<p></dl>
-<p>If this parameter is not set then the name resolve order defined
-in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file parameter
-<a href="smb.conf.5.html#nameresolveorder"><strong>name resolve order</strong></a>
-will be used.
-<p>The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a>
-file the name resolution methods will be attempted in this order.
-<p><a name="minusm"></a>
-<p></p><dt><strong><strong>-m</strong></strong><dd> This option tells <strong>smbpasswd</strong> that the account being
-changed is a <em>MACHINE</em> account. Currently this is used when Samba is
-being used as an NT Primary Domain Controller. PDC support is not a
-supported feature in Samba2.0 but will become supported in a later
-release. If you wish to know more about using Samba as an NT PDC then
-please subscribe to the mailing list
-<a href="mailto:samba-ntdom@samba.org"><em>samba-ntdom@samba.org</em></a>.
-<p>This option is only available when running <strong>smbpasswd</strong> as root.
-<p><a name="minusj"></a>
-<p></p><dt><strong><strong>-j DOMAIN</strong></strong><dd> This option is used to add a Samba server into a
-Windows NT Domain, as a Domain member capable of authenticating user
-accounts to any Domain Controller in the same way as a Windows NT
-Server. See the <a href="smb.conf.5.html#security"><strong>security=domain</strong></a>
-option in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> man page.
-<p>In order to be used in this way, the Administrator for the Windows
-NT Domain must have used the program <em>"Server Manager for Domains"</em>
-to add the <a href="smb.conf.5.html#netbiosname">primary NetBIOS name</a> of
-the Samba server as a member of the Domain.
-<p>After this has been done, to join the Domain invoke <strong>smbpasswd</strong> with
-this parameter. <strong>smbpasswd</strong> will then look up the Primary Domain
-Controller for the Domain (found in the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file in the parameter
-<a href="smb.conf.5.html#passwordserver"><strong>password server</strong></a> and change
-the machine account password used to create the secure Domain
-communication. This password is then stored by <strong>smbpasswd</strong> in a
-file, read only by root, called <code>&lt;Domain&gt;.&lt;Machine&gt;.mac</code> where
-<code>&lt;Domain&gt;</code> is the name of the Domain we are joining and <code>&lt;Machine&gt;</code>
-is the primary NetBIOS name of the machine we are running on.
-<p>Once this operation has been performed the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file may be updated to set the
-<a href="smb.conf.5.html#security"><strong>security=domain</strong></a> option and all
-future logins to the Samba server will be authenticated to the Windows
-NT PDC.
-<p>Note that even though the authentication is being done to the PDC all
-users accessing the Samba server must still have a valid UNIX account
-on that machine.
-<p>This option is only available when running <strong>smbpasswd</strong> as root.
-<p><a name="minusU"></a>
-<p></p><dt><strong><strong>-U username</strong></strong><dd> This option may only be used in
-conjunction with the <a href="smbpasswd.8.html#minusr"><strong>-r</strong></a>
-option. When changing a password on a remote machine it allows the
-user to specify the user name on that machine whose password will be
-changed. It is present to allow users who have different user names on
-different systems to change these passwords.
-<p><a name="minush"></a>
-<p></p><dt><strong><strong>-h</strong></strong><dd> This option prints the help string for <strong>smbpasswd</strong>,
-selecting the correct one for running as root or as an ordinary user.
-<p><a name="minuss"></a>
-<p></p><dt><strong><strong>-s</strong></strong><dd> This option causes <strong>smbpasswd</strong> to be silent (i.e. not
-issue prompts) and to read it's old and new passwords from standard
-input, rather than from <code>/dev/tty</code> (like the <strong>passwd (1)</strong> program
-does). This option is to aid people writing scripts to drive <strong>smbpasswd</strong>
-<p><a name="username"></a>
-<p></p><dt><strong><strong>username</strong></strong><dd> This specifies the username for all of the <em>root
-only</em> options to operate on. Only root can specify this parameter as
-only root has the permission needed to modify attributes directly
-in the local <a href="smbpasswd.5.html"><strong>smbpasswd</strong></a> file.
-<p><a name="NOTES"></a>
-<h2>NOTES</h2>
-
-<p>Since <strong>smbpasswd</strong> works in client-server mode communicating with a
-local <a href="smbd.8.html"><strong>smbd</strong></a> for a non-root user then the <strong>smbd</strong>
-daemon must be running for this to work. A common problem is to add a
-restriction to the hosts that may access the <strong>smbd</strong> running on the
-local machine by specifying a <a href="smb.conf.5.html#allowhosts"><strong>"allow
-hosts"</strong></a> or <a href="smb.conf.5.html#denyhosts"><strong>"deny
-hosts"</strong></a> entry in the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file and neglecting to allow
-<em>"localhost"</em> access to the <strong>smbd</strong>.
-<p>In addition, the <strong>smbpasswd</strong> command is only useful if <strong>Samba</strong> has
-been set up to use encrypted passwords. See the file <strong>ENCRYPTION.txt</strong>
-in the docs directory for details on how to do this.
-<p><a name="VERSION"></a>
-<h2>VERSION</h2>
-
-<p>This man page is correct for version 2.0 of the Samba suite.
-<p><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-
-<p>The original Samba software and related utilities were created by
-Andrew Tridgell <a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-<p>The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
-and updated for the Samba2.0 release by Jeremy Allison.
-<a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>.
-<p>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-</body>
-</html>
+<HTML
+><HEAD
+><TITLE
+>smbpasswd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBPASSWD"
+>smbpasswd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbpasswd&nbsp;--&nbsp;change a users SMB password</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &lt;remote machine&gt;] [-R &lt;name resolve order&gt;] [-m] [-j DOMAIN] [-U username] [-h] [-s] [username]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN25"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+> Samba</A
+> suite.</P
+><P
+>The smbpasswd program has several different
+ functions, depending on whether it is run by the <I
+CLASS="EMPHASIS"
+>root</I
+>
+ user or not. When run as a normal user it allows the user to change
+ the password used for their SMB sessions on any machines that store
+ SMB passwords. </P
+><P
+>By default (when run with no arguments) it will attempt to
+ change the current users SMB password on the local machine. This is
+ similar to the way the <B
+CLASS="COMMAND"
+>passwd(1)</B
+> program works.
+ <B
+CLASS="COMMAND"
+>smbpasswd</B
+> differs from how the passwd program works
+ however in that it is not <I
+CLASS="EMPHASIS"
+>setuid root</I
+> but works in
+ a client-server mode and communicates with a locally running
+ <B
+CLASS="COMMAND"
+>smbd(8)</B
+>. As a consequence in order for this to
+ succeed the smbd daemon must be running on the local machine. On a
+ UNIX machine the encrypted SMB passwords are usually stored in
+ the <TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+> file. </P
+><P
+>When run by an ordinary user with no options. smbpasswd
+ will prompt them for their old smb password and then ask them
+ for their new password twice, to ensure that the new password
+ was typed correctly. No passwords will be echoed on the screen
+ whilst being typed. If you have a blank smb password (specified by
+ the string "NO PASSWORD" in the smbpasswd file) then just press
+ the &lt;Enter&gt; key when asked for your old password. </P
+><P
+>smbpasswd can also be used by a normal user to change their
+ SMB password on remote machines, such as Windows NT Primary Domain
+ Controllers. See the (-r) and -U options below. </P
+><P
+>When run by root, smbpasswd allows new users to be added
+ and deleted in the smbpasswd file, as well as allows changes to
+ the attributes of the user in this file to be made. When run by root,
+ <B
+CLASS="COMMAND"
+>smbpasswd</B
+> accesses the local smbpasswd file
+ directly, thus enabling changes to be made even if smbd is not
+ running. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN41"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-a</DT
+><DD
+><P
+>This option specifies that the username
+ following should be added to the local smbpasswd file, with the
+ new password typed (type &lt;Enter&gt; for the old password). This
+ option is ignored if the username following already exists in
+ the smbpasswd file and it is treated like a regular change
+ password command. Note that the user to be added must already exist
+ in the system password file (usually <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>)
+ else the request to add the user will fail. </P
+><P
+>This option is only available when running smbpasswd
+ as root. </P
+></DD
+><DT
+>-x</DT
+><DD
+><P
+>This option specifies that the username
+ following should be deleted from the local smbpasswd file.
+ </P
+><P
+>This option is only available when running smbpasswd as
+ root.</P
+></DD
+><DT
+>-d</DT
+><DD
+><P
+>This option specifies that the username following
+ should be <TT
+CLASS="CONSTANT"
+>disabled</TT
+> in the local smbpasswd
+ file. This is done by writing a <TT
+CLASS="CONSTANT"
+>'D'</TT
+> flag
+ into the account control space in the smbpasswd file. Once this
+ is done all attempts to authenticate via SMB using this username
+ will fail. </P
+><P
+>If the smbpasswd file is in the 'old' format (pre-Samba 2.0
+ format) there is no space in the users password entry to write
+ this information and so the user is disabled by writing 'X' characters
+ into the password space in the smbpasswd file. See <B
+CLASS="COMMAND"
+>smbpasswd(5)
+ </B
+> for details on the 'old' and new password file formats.
+ </P
+><P
+>This option is only available when running smbpasswd as
+ root.</P
+></DD
+><DT
+>-e</DT
+><DD
+><P
+>This option specifies that the username following
+ should be <TT
+CLASS="CONSTANT"
+>enabled</TT
+> in the local smbpasswd file,
+ if the account was previously disabled. If the account was not
+ disabled this option has no effect. Once the account is enabled then
+ the user will be able to authenticate via SMB once again. </P
+><P
+>If the smbpasswd file is in the 'old' format, then <B
+CLASS="COMMAND"
+> smbpasswd</B
+> will prompt for a new password for this user,
+ otherwise the account will be enabled by removing the <TT
+CLASS="CONSTANT"
+>'D'
+ </TT
+> flag from account control space in the <TT
+CLASS="FILENAME"
+> smbpasswd</TT
+> file. See <B
+CLASS="COMMAND"
+>smbpasswd (5)</B
+> for
+ details on the 'old' and new password file formats. </P
+><P
+>This option is only available when running smbpasswd as root.
+ </P
+></DD
+><DT
+>-D debuglevel</DT
+><DD
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>debuglevel</I
+></TT
+> is an integer
+ from 0 to 10. The default value if this parameter is not specified
+ is zero. </P
+><P
+>The higher this value, the more detail will be logged to the
+ log files about the activities of smbpasswd. At level 0, only
+ critical errors and serious warnings will be logged. </P
+><P
+>Levels above 1 will generate considerable amounts of log
+ data, and should only be used when investigating a problem. Levels
+ above 3 are designed for use only by developers and generate
+ HUGE amounts of log data, most of which is extremely cryptic.
+ </P
+></DD
+><DT
+>-n</DT
+><DD
+><P
+>This option specifies that the username following
+ should have their password set to null (i.e. a blank password) in
+ the local smbpasswd file. This is done by writing the string "NO
+ PASSWORD" as the first part of the first password stored in the
+ smbpasswd file. </P
+><P
+>Note that to allow users to logon to a Samba server once
+ the password has been set to "NO PASSWORD" in the smbpasswd
+ file the administrator must set the following parameter in the [global]
+ section of the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file : </P
+><P
+><B
+CLASS="COMMAND"
+>null passwords = yes</B
+></P
+><P
+>This option is only available when running smbpasswd as
+ root.</P
+></DD
+><DT
+>-r remote machine name</DT
+><DD
+><P
+>This option allows a user to specify what machine
+ they wish to change their password on. Without this parameter
+ smbpasswd defaults to the local host. The <TT
+CLASS="REPLACEABLE"
+><I
+>remote
+ machine name</I
+></TT
+> is the NetBIOS name of the SMB/CIFS
+ server to contact to attempt the password change. This name is
+ resolved into an IP address using the standard name resolution
+ mechanism in all programs of the Samba suite. See the <TT
+CLASS="PARAMETER"
+><I
+>-R
+ name resolve order</I
+></TT
+> parameter for details on changing
+ this resolving mechanism. </P
+><P
+>The username whose password is changed is that of the
+ current UNIX logged on user. See the <TT
+CLASS="PARAMETER"
+><I
+>-U username</I
+></TT
+>
+ parameter for details on changing the password for a different
+ username. </P
+><P
+>Note that if changing a Windows NT Domain password the
+ remote machine specified must be the Primary Domain Controller for
+ the domain (Backup Domain Controllers only have a read-only
+ copy of the user account database and will not allow the password
+ change).</P
+><P
+><I
+CLASS="EMPHASIS"
+>Note</I
+> that Windows 95/98 do not have
+ a real password database so it is not possible to change passwords
+ specifying a Win95/98 machine as remote machine target. </P
+></DD
+><DT
+>-R name resolve order</DT
+><DD
+><P
+>This option allows the user of smbclient to determine
+ what name resolution services to use when looking up the NetBIOS
+ name of the host being connected to. </P
+><P
+>The options are :"lmhosts", "host", "wins" and "bcast". They cause
+ names to be resolved as follows : </P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmhosts</TT
+> : Lookup an IP
+ address in the Samba lmhosts file. If the line in lmhosts has
+ no name type attached to the NetBIOS name (see the <A
+HREF="lmhosts.5.html"
+TARGET="_top"
+>lmhosts(5)</A
+> for details) then
+ any name type matches for lookup.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>host</TT
+> : Do a standard host
+ name to IP address resolution, using the system <TT
+CLASS="FILENAME"
+>/etc/hosts
+ </TT
+>, NIS, or DNS lookups. This method of name resolution
+ is operating system depended for instance on IRIX or Solaris this
+ may be controlled by the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+>
+ file). Note that this method is only used if the NetBIOS name
+ type being queried is the 0x20 (server) name type, otherwise
+ it is ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>wins</TT
+> : Query a name with
+ the IP address listed in the <TT
+CLASS="PARAMETER"
+><I
+>wins server</I
+></TT
+>
+ parameter. If no WINS server has been specified this method
+ will be ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>bcast</TT
+> : Do a broadcast on
+ each of the known local interfaces listed in the
+ <TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+> parameter. This is the least
+ reliable of the name resolution methods as it depends on the
+ target host being on a locally connected subnet.</P
+></LI
+></UL
+><P
+>The default order is <B
+CLASS="COMMAND"
+>lmhosts, host, wins, bcast</B
+>
+ and without this parameter or any entry in the
+ <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file the name resolution methods will
+ be attempted in this order. </P
+></DD
+><DT
+>-m</DT
+><DD
+><P
+>This option tells smbpasswd that the account
+ being changed is a MACHINE account. Currently this is used
+ when Samba is being used as an NT Primary Domain Controller.</P
+><P
+>This option is only available when running smbpasswd as root.
+ </P
+></DD
+><DT
+>-j DOMAIN</DT
+><DD
+><P
+>This option is used to add a Samba server
+ into a Windows NT Domain, as a Domain member capable of authenticating
+ user accounts to any Domain Controller in the same way as a Windows
+ NT Server. See the <B
+CLASS="COMMAND"
+>security = domain</B
+> option in
+ the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> man page. </P
+><P
+>In order to be used in this way, the Administrator for
+ the Windows NT Domain must have used the program "Server Manager
+ for Domains" to add the primary NetBIOS name of the Samba server
+ as a member of the Domain. </P
+><P
+>After this has been done, to join the Domain invoke <B
+CLASS="COMMAND"
+> smbpasswd</B
+> with this parameter. smbpasswd will then
+ look up the Primary Domain Controller for the Domain (found in
+ the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file in the parameter
+ <TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+> and change the machine account
+ password used to create the secure Domain communication. This
+ password is then stored by smbpasswd in a TDB, writeable only by root,
+ called <TT
+CLASS="FILENAME"
+>secrets.tdb</TT
+> </P
+><P
+>Once this operation has been performed the <TT
+CLASS="FILENAME"
+> smb.conf</TT
+> file may be updated to set the <B
+CLASS="COMMAND"
+> security = domain</B
+> option and all future logins
+ to the Samba server will be authenticated to the Windows NT
+ PDC. </P
+><P
+>Note that even though the authentication is being
+ done to the PDC all users accessing the Samba server must still
+ have a valid UNIX account on that machine. </P
+><P
+>This option is only available when running smbpasswd as root.
+ </P
+></DD
+><DT
+>-U username</DT
+><DD
+><P
+>This option may only be used in conjunction
+ with the <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+> option. When changing
+ a password on a remote machine it allows the user to specify
+ the user name on that machine whose password will be changed. It
+ is present to allow users who have different user names on
+ different systems to change these passwords. </P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>This option prints the help string for <B
+CLASS="COMMAND"
+> smbpasswd</B
+>, selecting the correct one for running as root
+ or as an ordinary user. </P
+></DD
+><DT
+>-s</DT
+><DD
+><P
+>This option causes smbpasswd to be silent (i.e.
+ not issue prompts) and to read it's old and new passwords from
+ standard input, rather than from <TT
+CLASS="FILENAME"
+>/dev/tty</TT
+>
+ (like the <B
+CLASS="COMMAND"
+>passwd(1)</B
+> program does). This option
+ is to aid people writing scripts to drive smbpasswd</P
+></DD
+><DT
+>username</DT
+><DD
+><P
+>This specifies the username for all of the
+ <I
+CLASS="EMPHASIS"
+>root only</I
+> options to operate on. Only root
+ can specify this parameter as only root has the permission needed
+ to modify attributes directly in the local smbpasswd file.
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN171"
+></A
+><H2
+>NOTES</H2
+><P
+>Since <B
+CLASS="COMMAND"
+>smbpasswd</B
+> works in client-server
+ mode communicating with a local smbd for a non-root user then
+ the smbd daemon must be running for this to work. A common problem
+ is to add a restriction to the hosts that may access the <B
+CLASS="COMMAND"
+> smbd</B
+> running on the local machine by specifying a
+ <TT
+CLASS="PARAMETER"
+><I
+>allow hosts</I
+></TT
+> or <TT
+CLASS="PARAMETER"
+><I
+>deny hosts</I
+></TT
+>
+ entry in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file and neglecting to
+ allow "localhost" access to the smbd. </P
+><P
+>In addition, the smbpasswd command is only useful if Samba
+ has been set up to use encrypted passwords. See the file
+ <TT
+CLASS="FILENAME"
+>ENCRYPTION.txt</TT
+> in the docs directory for details
+ on how to do this. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN181"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of
+ the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN184"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbpasswd.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+></A
+>,
+ <A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN190"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer.
+ The man page sources were converted to YODL format (another
+ excellent piece of Open Source software, available at
+ <A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+> ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0
+ release by Jeremy Allison. The conversion to DocBook for
+ Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file